elite*gold: 0
Join Date: Apr 2009
Posts: 6
Received Thanks: 0
|
Hi leute hab grad was gefunden, da hat einer einen code geschrieben für eine dll und eine exe die MPQs iniziert und zum loaden bringt kanns leider nicht noch nicht ausprobieren aber hier mal der code:
Ihr erstellt eine dll mit dem code.
----------------------------------------------------------------------------------------
#include <iostream>
#include <string>
#include <fstream>
#include <Windows.h>
struct SFileArchive
{
int m_type;
int m_handle;
};
typedef bool (__stdcall *tSFileOpenArchive)(const char* file, int zero, int flags, SFileArchive** ppNode);
typedef int (__stdcall *tSFileSystem__AddMPQ)(SFileArchive* node, const char* prefix, int zero, int unk, SFileArchive** dest);
typedef int (__stdcall *tArray__Unk)(int unkNum);
typedef int (__stdcall *tArray__Resize)(int unkNum);
#define GetAddr(T, A) ((T)((DWORD)GetModuleHandle(NULL) + A))
extern "C"
__declspec(dllexport) unsigned long InjectFunction(LPVOID)
{
tSFileOpenArchive SFileOpenArchive = GetAddr(tSFileOpenArchive, 0x303E20);
tSFileSystem__AddMPQ SFileSystem__AddMPQ = GetAddr(tSFileSystem__AddMPQ, 0x303FA0);
tArray__Unk Array__Unk = GetAddr(tArray__Unk, 0x2BA7D0);
tArray__Resize Array__Resize = GetAddr(tArray__Resize, 0x32D0);
LPDWORD lpNumArchives = GetAddr(LPDWORD, 0x831A44);
SFileArchive*** lpArchives = GetAddr(SFileArchive***, 0x831A48);
LPDWORD lpCapacity = GetAddr(LPDWORD, 0x831A40);
LPDWORD lpGain = GetAddr(LPDWORD, 0x831A4C);
std::ifstream input("MpqFiles.txt");
if(!input.is_open())
{
std::cout << "Could not locate or open \"MpqFiles.txt\" in wow directory!" << std::endl;
ExitThread(0);
}
std::string curFile;
while(std::getline(input, curFile))
{
std::ifstream tst(curFile);
std::cout << "Loading file '" << curFile << "'..." << std::endl;
if(!tst.is_open())
{
std::cout << "file does not exist!" << std::endl;
continue;
}
tst.close();
SFileArchive* pNode = NULL;
if(!SFileOpenArchive(curFile.c_str(), 0, 0, &pNode))
{
std::cout << "SFileOpenArchive returned false!" << std::endl;
continue;
}
++(*lpNumArchives);
if(*lpNumArchives > *lpCapacity)
{
DWORD gain = *lpGain;
if(!gain)
{
DWORD v4 = *lpNumArchives;
DWORD pThis = GetAddr(DWORD, 0x831A40);
__asm
{
mov eax, v4
push eax
lea ecx, pThis
lea eax, Array__Unk
call far eax
mov gain, eax
}
}
DWORD v4 = *lpNumArchives;
if(v4 % gain)
v4 = *lpNumArchives + gain - *lpNumArchives % gain;
DWORD pThis = GetAddr(DWORD, 0x831A40);
__asm
{
mov eax, v4
push eax
mov ecx, pThis
mov eax, Array__Resize
call far eax
}
}
SFileSystem__AddMPQ(pNode, NULL, 64 + *lpNumArchives, 0, *lpArchives + *lpNumArchives);
}
ExitThread(0);
}
-------------------------------------------------------------------------------------------------
dann macht ihr eine exe mit dem code:
-----------------------------------------------------------------------------------------------
#include <iostream>
#include <cassert>
#include <windows.h>
int main()
{
HWND hWindow = FindWindow("GxWindowClass", "World of Warcraft");
assert(hWindow != NULL);
DWORD dwProcess = 0;
assert(GetWindowThreadProcessId(hWindow, &dwProcess) != FALSE);
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcess);
assert(hProcess != NULL);
CHAR szProc[MAX_PATH];
GetCurrentDirectory(MAX_PATH, szProc);
LPVOID dllAddr = VirtualAllocEx(hProcess, NULL, strlen(szProc) + 1, MEM_COMMIT, PAGE_READWRITE);
assert(dllAddr != NULL);
DWORD dwRet = WriteProcessMemory(hProcess, dllAddr, szProc, strlen(szProc) + 1, NULL);
assert(dwRet == TRUE);
HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)SetDllDirectory, dllAddr, 0, NULL);
assert(hThread != NULL);
dwRet = WaitForSingleObject(hThread, INFINITE);
assert(dwRet == WAIT_OBJECT_0);
VirtualFreeEx(hProcess, dllAddr, strlen(szProc) + 1, MEM_COMMIT);
HMODULE hDll = LoadLibrary("Mopaq.dll");
FARPROC fp = GetProcAddress(hDll, "InjectFunction");
assert(fp != NULL && (DWORD)hDll < (DWORD)fp);
DWORD dwOffset = (DWORD)fp - (DWORD)hDll;
CHAR szDllName[] = "Mopaq.dll";
dllAddr = VirtualAllocEx(hProcess, NULL, strlen(szDllName) + 1, MEM_COMMIT, PAGE_READWRITE);
assert(dllAddr != NULL);
dwRet = WriteProcessMemory(hProcess, dllAddr, szDllName, strlen(szDllName) + 1, NULL);
assert(dwRet == TRUE);
hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)LoadLibrary, dllAddr, 0, NULL);
assert(hThread != NULL);
dwRet = WaitForSingleObject(hThread, INFINITE);
assert(dwRet == WAIT_OBJECT_0);
HMODULE hRemote = NULL;
dwRet = GetExitCodeThread(hThread, (LPDWORD)&hRemote);
assert(dwRet == TRUE);
assert(hRemote != NULL);
VirtualFreeEx(hProcess, dllAddr, strlen(szDllName) + 1, MEM_COMMIT);
LPTHREAD_START_ROUTINE initProc = (LPTHREAD_START_ROUTINE)((DWORD)hRemote + dwOffset);
hThread = CreateRemoteThread(hProcess, NULL, 0, initProc, NULL, 0, NULL);
assert(hThread != NULL);
dwRet = WaitForSingleObject(hThread, INFINITE);
assert(dwRet == WAIT_OBJECT_0);
hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)FreeLibrary, (LPVOID)hRemote, 0, NULL);
WaitForSingleObject(hThread, INFINITE);
return 0;
}
-------------------------------------------------------------------------------------------------
How to
- Compile DLL-code to Mopaq.dll (dunno if it works for other compilers then M$, didnt look for portability)
- Compile Exe-code to random exe file (dunno if it works for other compilers then M$, didnt look for portability)
- Place DLL and exe into the same folder (no matter where)
- In the wow-directory (NOT data) create a file named MpqFiles.txt
- Write the path to each MPQ on one line. Paths can be relative to the WoW-Directory (e.g. Data\myPatch.MPQ) or absolute (e.g. C:\Patches\myPatch.mpq)
- Start WoW
- At login screen run exe. If something goes wrong a large box pops up and after pressing abort you see an error message in the console.
- MPQs are injected now and loaded
Hints:
- Start the exe using CMD to prevent the window from being closed to see the error messages.
...
Preview:
- Loading MPQs before WoW loads the DBC to also make changes on DBC possible. Or delayed reloading of DBCs at loading screen (not prefered )
- Compiled binaries
|