[Help] Exploiting dev function

This is a discussion on [Help] Exploiting dev function within the Starcraft 2 Custom Maps board part of the Starcraft 2 forum category; Hello, Looking through the code of Zerg Hex (Yet again...) I found some dev functions that seem to require an ...

Results 1 to 6 of 6
  1. #1
    MegaMech is offline Wannabe Member
    Array
    Join Date
    Sep 2016
    Posts
    18
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    4
    Reputation
    8

    [Help] Exploiting dev function

    Hello,

    Looking through the code of Zerg Hex (Yet again...) I found some dev functions that seem to require an extra section in the bank file to activate. I've tried this and nothing different happens in-game. I'll work you through the code below. Perhaps you can spot something that I missed. It looks like an extra GUI should pop up.

    Link to full code:
    https://pastebin.com/gzdXuFKG
    Code:
    bool gt_RequestIdentification_Func (bool testConds, bool runActions) {
    
        BankValueSetFromString(gv_banks[EventPlayer()], gv_bank_section_name, gv_bank_key_name, "id");
        BankSave(gv_banks[EventPlayer()]);
        return true;
    }
    
    //--------------------------------------------------------------------------------------------------
    void gt_RequestIdentification_Init () {
        gt_RequestIdentification = TriggerCreate("gt_RequestIdentification_Func");
        TriggerAddEventChatMessage(gt_RequestIdentification, c_playerAny, "-request id", true);
    }
    Typing "-request id" adds the following lines to your bank file. (Kinda unnecessary)
    Code:
        <Section name="player">
            <Key name="identifier">
                <Value string="id"/>
            </Key>
        </Section>
    According to the code, if I change "id" to "daddy2" I should get access to the developer functions.
    When I enter the game I see nothing. I went so far as to compiling some of this code in a new map. It ran with minor changes and my conclusion was that I should be added to "gv_developer_players". (It's also possible that the developer functions never worked, or were disabled, but as far as I can tell it looks like it should work.)

    "void gf_CreateDeveloperTools ();" is outside of any function under // Global Function Declarations. This should run the createdevelopertools function right? Or does this just tell C++ the method exists but does not actually run it? No other code calls this function.
    Code:
    void InitGlobals () {
        gv_developer_players = PlayerGroupEmpty();
        gv_bank_section_name = "player";
        gv_bank_key_name = "identifier";
        gv_bank_value = "daddy2";
        gv_dev_dialog = c_invalidDialogId;
        gv_dev_dialogitem_checkbox_vision = c_invalidDialogControlId;
    }
    
    void gf_FindDeveloperPlayers () {
        // Automatic Variable Declarations
        playergroup auto68E6110D_g;
        int auto68E6110D_var;
    
        // Implementation
        auto68E6110D_g = PlayerGroupActive();
        auto68E6110D_var = -1;
        while (true) {
            auto68E6110D_var = PlayerGroupNextPlayer(auto68E6110D_g, auto68E6110D_var);
            if (auto68E6110D_var < 0) { break; }
            if ((BankValueGetAsString(gv_banks[auto68E6110D_var], gv_bank_section_name, gv_bank_key_name) == gv_bank_value)) {
                PlayerGroupAdd(gv_developer_players, auto68E6110D_var);
            }
    
        }
    }
    
    void gf_CreateDeveloperTools () {
        // Variable Declarations
        int lv_player;
    
        // Automatic Variable Declarations
        // Variable Initialization
    
        // Implementation
        gf_FindDeveloperPlayers();
        DialogCreate(300, 200, c_anchorTopLeft, 0, 0, true);
        DialogSetVisible(DialogLastCreated(), PlayerGroupAll(), false);
        DialogSetVisible(DialogLastCreated(), gv_developer_players, true);
        DialogSetImageVisible(DialogLastCreated(), false);
        gv_dev_dialog = DialogLastCreated();
        libNtve_gf_CreateDialogItemLabel(DialogLastCreated(), 200, 50, c_anchorTopLeft, 20, 30, StringExternal("Param/Value/AEA338C3"), ColorWithAlpha(0,0,0,0), false, 2.0);
        libNtve_gf_CreateDialogItemCheckBox(DialogLastCreated(), 50, 50, c_anchorTopLeft, 125, 15, StringToText(""), false);
        gv_dev_dialogitem_checkbox_vision = DialogControlLastCreated();
    }
    full bank
    Code:
    <?xml version="1.0" encoding="utf-8"?>
    <Bank version="1">
        <Section name="player">
            <Key name="identifier">
                <Value string="daddy2"/>
            </Key>
        </Section>
        <Section name="signatures">
            <Key name="signature1">
                <Value string="placeholder"/>
            </Key>
        </Section>
        <Section name="stats_player">
            <Key name="wins_zerg">
                <Value int="0"/>
            </Key>
            <Key name="games_zerg">
                <Value int="0"/>
            </Key>
            <Key name="games_terran">
                <Value int="0"/>
            </Key>
            <Key name="wins_terran">
                <Value int="0"/>
            </Key>
        </Section>
    </Bank>
    Thanks for your help in advance
    Last edited by MegaMech; 05-14-2019 at 11:39 AM.

  2. The Following User Says Thank You to MegaMech For This Useful Post:


  3. #2
    andychan2007 is offline Newbie
    Array
    Join Date
    Apr 2019
    Posts
    3
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    1
    Reputation
    2
    C/C++ developer here.

    That is just a definition and implementation of the function. I didn't look at the source, so just reading what you have written and drawing some assumptions here and there. But C++ is object oriented so it really depends if the class' object has been created and if its initialisation function actually uses/calls the functions.

    If what you said is correct "
    No other code calls this function" then that block of code will not be executed. So it's just leftover unused developer code that often is either commented out or disabled during compile time using IF-ENDIF and DEFINE (kind of a C-style approach I guess) but I am going off-topic.

    Basically, I just wrote a long version of "you are right" that "the code is not being executed".

  4. The Following User Says Thank You to andychan2007 For This Useful Post:


  5. #3
    Sterillium's Avatar
    Sterillium is offline Cleaner


    Array
    Join Date
    Nov 2016
    Location
    Switzerland
    Posts
    453
    Mentioned
    5 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    6
    Reputation
    653
    Code:
    BankValueSetFromString(gv_banks[EventPlayer()], gv_bank_section_name, gv_bank_key_name, "id");
    "id" has no read/write in the whole mapscript.

    Code:
    gv_bank_value = "daddy2";
    also no read/write function.

    Left over function.
    Last edited by Sterillium; 05-14-2019 at 04:05 PM.

  6. The Following User Says Thank You to Sterillium For This Useful Post:


  7. #4
    MegaMech is offline Wannabe Member
    Array
    Join Date
    Sep 2016
    Posts
    18
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    4
    Reputation
    8
    Daaaaang, the trolly side of me was so excited to see a lobby full of tearful tryhards... Oh wait, I'm the try hard... ... ...

    Quote Originally Posted by andychan2007 View Post
    C/C++ developer here.
    I am more knowledgeable in C#. I didn't realize that function wasn't running until I was trying to figure out what I did wrong.

    I just replicated that in a new map to be sure, and yup. The function definition does not run the method.

    Sterillium, unless I misunderstood you: (I left out the bank load function in my post)
    gvbanks holds all the players bank data. The line below "bankvaluesetfromstring": BankSave(gv_banks[EventPlayer()]);
    writes "id" to the bank file. It's a useless function anyway, but it works in-game. For me it's easier to manually add that section to the bank.

    gv_bank_value = "daddy2"; This does not need a read/write because it is compared against gvbanks[] in FindDeveloper()


    I don't suppose there's a way to inject a call to a function? Cause I would just get desynced? Calling an existing method seems less intrusive than literally adding code, but it's probably not that different...
    Probably no way to manipulate the "-m <amount>" command for gaining minerals, cause you need practice mode activated.

    Thanks for your input! If the developer ever comes back to Starcraft though, he may forget to take the dev method back out...
    And then I will strike! ha ha!
    Last edited by MegaMech; 05-14-2019 at 08:24 PM.

  8. The Following User Says Thank You to MegaMech For This Useful Post:


  9. #5
    andychan2007 is offline Newbie
    Array
    Join Date
    Apr 2019
    Posts
    3
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    1
    Reputation
    2
    Well, C# is OO too even if it's like a Java"Plus". I imagine you just missed that because you were really hopeful that you could do what you wanted. Because it was quite a sound approach if that function ever gets called.

    Now about the injection to call a function. Hmm...I mean, in C (so technically, C++ too) you can call function pointers/memory addresses. And in a way, it's the basis of doing in-game hacks/cheats/MHs where you execute something that you are not supposed to (like the spectator's interface as a player).

    But I really don't know how the code is compiled in the case of custom maps. Because if this was like a standard C/C++ code with a standard compiler. The code will not be included in the program at all, due to the compiler optimising the output -- and one of the optimisation that is done often is the removal of unreachable code / code that is never going to be executed.

    So in that case, can you inject your own code/hack to manipulate the executing address to point to a function that...was not compiled/is not there? Err...I don't think so?

    But things may be different with the code used in the maps, this is something I've no experience in. I mainly just abuse the bank files because I've no time to grind or AFK in many custom maps that expect you to. It just happens my day job to be a software developer but my "hacking" skill is pretty much zero / you know way more than me.

    Again, just writing a "non-concise" version of "I think you MAY have a problem as the compiler ''eaten'' the function in question".

  10. The Following User Says Thank You to andychan2007 For This Useful Post:


  11. #6
    MegaMech is offline Wannabe Member
    Array
    Join Date
    Sep 2016
    Posts
    18
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    4
    Reputation
    8
    Thanks for the advice. I understand OO. I'm just not used to the GSC format/layout, and its differences. I didn't spot it until I went looking for it.

    Ya I agree the method probably gets removed altogether. Nor do I have the time to waste to load up cheat engine and find out lol.

Similar Threads

  1. RAoV 2.0 Exploiting Saga
    By Snyth in forum WoW Bots, hacks and exploits
    Replies: 0
    Last Post: 08-27-2012, 01:40 AM
  2. Creating a hacking,boting,scaming,exploiting team
    By Dstrat33 in forum WoW Private Servers
    Replies: 3
    Last Post: 06-28-2011, 05:09 AM
  3. Bot = exploiting bot?
    By cold_metal in forum Warcraft 3 Hacks, bots and tools
    Replies: 0
    Last Post: 08-20-2010, 10:47 PM
  4. how does -AH function
    By forsakenshaman in forum Warcraft 3 forum
    Replies: 2
    Last Post: 04-10-2010, 04:49 PM
  5. Wowscape exploiting scripts
    By dinesh690 in forum WoW Private Server Exploits
    Replies: 13
    Last Post: 09-23-2009, 09:00 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •