Code
Well to see where SC is being patched you'll need a debugger to see the code. It would go something like...
Original SC code:
00000001 add [ecx+2A], eax
00000002 mov edx, ecx
00000003 test edx, edx
But the maphack when injected changes the code to something like...
SC after injection:
00000001 add [ecx+2A], eax
00000002 jmp zmaphack
00000003 test edx, edx
What you could then do is test to make sure that offset 00000002 equals exactly what the bytes are when = to the command mov edx, ecx. (Which is 8BD1 hex) and if that offset = exactly that, then create a unit for that player somewhere real fast. If someone had the hack injected their offset would not be equal to 8BD1 and thus a unit would not be created for them which would then cause a desynce. I won't be surprised if that really didn't make any sense to you. You would have to know some ASM/programing for it to really make any sense. It would probably be easier for me to just create a detection trigger for it myself.
What do you mean? Like it's something like 1173EC, 2273EC, 3373EC, etc? I'm pretty sure (without looking into it myself) that a mh's offsets are going to be dynamic each time. Not including the actual patches.
Original SC code:
00000001 add [ecx+2A], eax
00000002 mov edx, ecx
00000003 test edx, edx
But the maphack when injected changes the code to something like...
SC after injection:
00000001 add [ecx+2A], eax
00000002 jmp zmaphack
00000003 test edx, edx
What you could then do is test to make sure that offset 00000002 equals exactly what the bytes are when = to the command mov edx, ecx. (Which is 8BD1 hex) and if that offset = exactly that, then create a unit for that player somewhere real fast. If someone had the hack injected their offset would not be equal to 8BD1 and thus a unit would not be created for them which would then cause a desynce. I won't be surprised if that really didn't make any sense to you. You would have to know some ASM/programing for it to really make any sense. It would probably be easier for me to just create a detection trigger for it myself.
What do you mean? Like it's something like 1173EC, 2273EC, 3373EC, etc? I'm pretty sure (without looking into it myself) that a mh's offsets are going to be dynamic each time. Not including the actual patches.
Code
I only know some basic HTML/Java/VB so yeah, that didn't.
I understand the change that occurs, but I don't know how to actual find it.
And, for the other thing.
It's like.. one time the address will be 006417710, next will be 005347710, next time 102357710 the 7710 never changed, just the other digits.
And most the time the first 3 would be the same too.
And I know this is a direct effect due to the MH, 'cause the value changes occordingly.
IE; disabled value = 0, Lite = 1 and Full = 2.
And I can take that address and put it into a EUD and it'll work until I reset SC, but next time I crash.
I understand the change that occurs, but I don't know how to actual find it.
And, for the other thing.
It's like.. one time the address will be 006417710, next will be 005347710, next time 102357710 the 7710 never changed, just the other digits.
And most the time the first 3 would be the same too.
And I know this is a direct effect due to the MH, 'cause the value changes occordingly.
IE; disabled value = 0, Lite = 1 and Full = 2.
And I can take that address and put it into a EUD and it'll work until I reset SC, but next time I crash.
Code
Yeah it's going to be dynamic. The offset locations/bytes you are looking at is often referred to as the "hex dump" where bytes are written/read to and from. There is another location that actually has the code instructions on how to perform everything that starcraft does. This dictates where bytes are written to and from. When a hack is injected these commands are changed and give starcraft new commands to follow. EUD's can detect these changes if you know exactly where it is that the changes are taking place. I referred to them as patches before, they are also called pointers.
I can't find the "patches" he is referring to and I can't get into contact with him now and I would like to get better at EUD's so I can keep updating Anti-EUD's.
Thanks
None.
