Re: starting and ending location in memory?
From: Corey Murtagh (emonk_at_slingshot.no.uce)
Date: 07/13/04
- Next message: Dmitry A. Kazakov: "Re: Static vs. Dynamic typing (big advantage or not)---WAS: c.programming: OOP and memory management"
- Previous message: Programmer Dude: "Re: what does "serialization" mean?"
- In reply to: Chad Cartwright: "Re: starting and ending location in memory?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 14 Jul 2004 02:31:16 +1200 To: vipergtsrz@gmail.com
Sorry 'bout the delay in responding, Chad... had a busy week.
Chad Cartwright wrote:
> Yeah, after looking into how to read memory and all that, I don't
> think reading the memory will be fun or easy if not just impossible.
>
> So, now I am left with either getting it off the network traffic, or
> hooking the program's API. Well, the game is Magic the Gathering:
> Online. It's a basic game when it comes to chatting and all that. Most
> of the code seems to go into all the rules for the cards.
Heh... and there are plenty of card rules. It's no wonder they haven't
spent much time on anything else in the client.
> So, now I think the best idea to use would be the one you gave me,
> Corey. I like the idea of just "hooking into" the APIs for what the
> game uses to draw it onto the screen. The questions I would have now
> would be....
>
> 1. How do I know what APIs the game is using
You can use a variety of tools to find out what library functions it's
linking to - tdump from the Borland tools, pedump, PEBrowse Pro, etc.
Check here for some information that may help:
http://msdn.microsoft.com/msdnmag/issues/02/02/PE/default.aspx
> 2. How the heck do I "hook" onto an API on the fly
Once you've found the API that you want to snoop, you can hook it with
the detours library from Microsoft:
http://research.microsoft.com/sn/detours/
> 3. What type of program would this be? A service? Exe? etc...
You can do it a number of ways, but an executable is all you need for
this sort of thing.
> 4. Can you explain a little more about how this whole process would
> work in general and whether you think it's the best solution
The basic program flow might be something like this:
wait for MTG:O to start
hook monitored APIs
when API called:
append date, time, API and parameters to file
when program closed, exit
You can also hook and unhook on-the-fly I believe, so you can leave
MTG:O running and try various APIs from your logging app.
You might have to do this a bit to find the specific API you're
interested in. Obviously you can avoid most of them - graphics calls
and so forth. You should be able to generate a listing of the
executable file's imports to figure out which APIs it's using, although
if it's using DirectX for graphics it's likely to use COM to do it all,
so this could make hooking the right code a little more difficult.
Try it out anyway. It's a little complex, but can yield extremely good
results once you get it up and running.
> I thought reading the network traffic would be hard because I don't
> know if I can differenciate what program is using what traffic. If I
> have MTGO open, along with MSN and AIM...how will I know what chat is
> going to what program and therefore what to log?
Using API hooks to snoop on the network stream would mean not having to
worry about that - you just hook the network APIs for the target process.
If you're using a packet capture app to snoop on the data then you can
filter by source/destination ports, etc. I've had little success with
winpcap and the like however... they don't seem to like snooping a
dial-up connection :>
> Thank you so much for all your help. I knew I could find some smart
> people on here. If you would like to e-mail me instead of continuing
> this thread, it's vipergtsrz@gmail.com. If you don't have gmail, and
> want it, I can even invite you as a "thank you" :)
There are plenty of /really/ smart folks on comp.programming - a lot of
them much smarter than I am.
And thanks for the offer, but I'm happy enough with 'normal' email :>
-- Corey Murtagh The Electric Monk "Quidquid latine dictum sit, altum viditur!"
- Next message: Dmitry A. Kazakov: "Re: Static vs. Dynamic typing (big advantage or not)---WAS: c.programming: OOP and memory management"
- Previous message: Programmer Dude: "Re: what does "serialization" mean?"
- In reply to: Chad Cartwright: "Re: starting and ending location in memory?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
