Archived

This topic is now archived and is closed to further replies.

RoTTer

How to make 2 programs interact?

Recommended Posts

Hello! Im trying to make a program that changes some data on a second program. Er, something like this : Someone runs my program and then my program launches the "X" game. And then my program draws some stuff on X''s window, changes it''s title, etc. Well what I want to do is something like UO Assist, UO Extreme and UO Plugin (programs that interact with Ultima Online), if you have used any of those. I want, also, to be able to modify the packets that are being received by X and also the packets being sent to X. I would guess this is a very hard thing to do, and I have little/none Winsock programming experience, but a bit on Windows programming (and DX). Any help would be very helpful (errm ). Thanks a lot for your time. Cya, -RoTTer

Share this post


Link to post
Share on other sites
Actually all but the interupting packets is quite easy. You can use API calls to find windows (I think it''s called FindWindow) And you can use API calls like SetWindowCaption, SetWindowColor, etc... to change properties of that window. Now getting all the packets to go through you is tricky, I''ve heard of people creating their own Winsock DLL''s with identical procedures as the normal Winsock, however that''s loads of work. Not sure what else, I''m no winsock expert either, but maybe there''s a buffer you can check before it''s sent or something...
Hope that helped!
See ya,
Ben

Share this post


Link to post
Share on other sites
Being someone who likes to crack multiplayer games and annoy people online I have a lot of experience in this.

There are many ways to communicate with other programs, but you don''t want to hear about any of the conventional ways since they require that the other program want to communicate.

To reroot input use hooks (I think something like SetHookEx). To resend them use mouse_event and keybd_event. If you want to modify memory use WriteProcessMemory and ReadProcessMemory.

Modifing packets is a little harder. Especially since a lot of games encrypt them, or have a checksum byte. I have a winsock replacement dll, but I lost the source code. I also have a program that I wrote that helps me write a proxy dll for any dll (works on cinderella programs too). I''ll see if I can find the source code for it.

Share this post


Link to post
Share on other sites
Guest Anonymous Poster
Yay

I was curious to know how these things could be done...
Though I still have a few doubts on how to do some things...

Per chance, would any of you know where I can find further information about this? An online tutorial would be great...

Thanks a lot!

Share this post


Link to post
Share on other sites
I don''t think there is anything like that. You''re starting to get into the poorly documented API functions, the ones microsoft doesn''t want you to use. There are a lot of them. There''s a way to disable ctrl-alt-delete. There''s one to eject a cd from the cd drive. Using hooks I''ve made a program to rearrange the keys on the keyboard. I''ve made a program to make the mouse drunk, and there are ways to get programs to run on start up. Oh good times.

For a good time hit Alt-F4! Go ahead try it, all the cool people are doing it.

Share this post


Link to post
Share on other sites
Well, if you write both programs, why don''t you check out the IPC (InterProcess Communications) topics in the Platform SDK docs? That''s why it exists, to make 2 programs able to communicate.


Regards,
Laarz

Share this post


Link to post
Share on other sites
The idea was to gain control over a 3rd party software. Unfortunately they didn''t include any feature that could make our work easier...

Well... if we have only 2 way outs (ReadProcessMemory or using Winsock) I guess we will have work for some months here... EEEK.

The packets are strongly encrypted...

I beg you! Please, isn''t there an easier way? hehehe

Share this post


Link to post
Share on other sites
Hey!

Tons of answers, nice! =]

Thanks a lot for every one who took their time to read and/or reply to my message.

What exactly I plan to do is something like this :
Attach a menu to the X-game window (which is a game made by someone else, not me, answering to one of the questions), and then read the WM_CMD''s received by that program. Is this possible (I mean, read which messages are the program receiving) ?? If not, what I want to do is simply draw some stuff (Like an info box) and maybe change the text in X-game title bar (And leave the attached menu to my own program).

About modifying packets, I think this would be very important to get the program running, but it seems that it will be not that easy to do this =/, so I might just forget this for a while (while I learn about Winsock programming ).

nes8bit (or blue-lightning) : What is a DDE server? =] Im sorry about my ignorance heh.

Thanks a lot! Cya,
-RoTTer

Share this post


Link to post
Share on other sites
Hey again!

I was reading a bit about the FindWindow and it seems to do some of the things I want (to do).
It seems to return a HWND to the window that matches my search params (window/class name), and with this I can draw whatever I want, even attach the menu, right?
The only (BIG) problem is that I wont be able to read the msgs coming when the user clicks the menu items (, right?).

Eek!
Im reading some stuff about that hook thing blue-lightning was saying, and it seems to exactly do this (read the msgs from another program, among other things)! Wa! This is nice! Lemme paste a bit of it here so you can say if thats right or Im the one whos very confused (very likely) :

quote:


GetMsgProc
----------

The GetMsgProc function is an application-defined or library-defined callback function used with the SetWindowsHookEx function. The system calls this function whenever the GetMessage or PeekMessage function has retrieved a message from an application message queue. Before returning the retrieved message to the caller, the system passes the message to the hook procedure.





Is that really what Im thinking it is? heh

Again, thanks a lot, cya,
-RoTTer

Share this post


Link to post
Share on other sites
Check out the Spy (or Spy++) program in the Platform SDK (or Visual Studio Tools). It does exactly what you''re asking for, intercepts window messages (which means it''s perfectly possible). Maybe there is source code available, but I don''t know.


Regards,
Laarz

Share this post


Link to post
Share on other sites
For the hooks look at WH_KEYBOARD and WH_MOUSE. They are a lot simplier.

A DDE server is complicated (just like all the rest of this stuff), and it won''t help you.

ReadProcessMemory and WriteProcessMemory will work, but I don''t know how much they''ll help you.

Spy++ might help you get started, but it want let you write a program to interface with it. Anyway it uses the functions were talking about.

For the winsock stuff I found those files and made a webpage for them. Go to http://arkia.tripod.com/proxydll/. Try the wsock32 replacement first to see if the packets are encrypted. If they are you''ll either need to find someone else who cracked the encryption or you''ll need to disassemble the program.

For drawing a menu on the screen, if the game uses direct x or most are common methods it''s difficult to draw on top. You can do it, but it will just get erased at the next frame. I don''t know of any easy way to know when it redraws either.

For a good time hit Alt-F4! Go ahead try it, all the cool people are doing it.

Share this post


Link to post
Share on other sites
At my web page Useless Code I have a tutorial and an example program that both demonstrate the use of a message hook. I don''t really remember writting the tutorial, nor do I remember how cleanly I coded the example program; however, they will help you.

You can easily modify the other programs menu with the windows API and a message hook will definately be benificial. If you have any questions about anything you find on my web page just email me.

Share this post


Link to post
Share on other sites
Hmm... I was looking through ReadProcessMemory and WriteProcessMemory. But I can''t seem to find the function to get the base address of the process''s memory. Anyone?

-------------------------
-Now Working on Pokemon like Engine!

Share this post


Link to post
Share on other sites
Hey again!

First of all, thanks a lot for all the help in this subject .


Laarz - Ya! Spy++ is very cool, I had never seen it running before. Its exactly what I want to do . And I liked messing with it in the other programs... eheh. Really kewl program, thanks for the hint =].

blue-lightning -
For what Im starting to understand about hooks you can not only steal the other program messages coming to WinProc, but also steal the packets (socket) ? At least this is what a program which does almost the same thing (in the same program/game) that I want to do does (if you want I could send the code to ya, not sure if you''re interested).
The encryption key is public domain in this game (UO), as there are emulation servers, every time the encryption changes in 2-3 days the key is publicily (sp?) released (by crackers, of course, not by the company eheh), but as I have no big experience on this I dont even know what to do to decrypt (but as Im so far from starting to try to decrypt it in my prog Im not even worried yet).
Hey, thats a very nice page you created! I loved that Winsock packet reader, I was playing with it for a while (so bad packets are encrypted eheh, but theres a prog released last week that makes the packets come and go unencrypted to the non-official servers, so I will be able to use your dll and see the packets totally "clean"), its really really cool. It will help me a lot after I set up the game-packet stealing thing up (I still didnt get how the program which I have the source do that, even after reading the source a few times, it seems to use hooks but Im not sure heeh).
About drawing on the screen, it seemed to work very well the menu (it will only make the screen go down about 20 pixels and I lose the 20 bottom pixels when not in game (when in game I can resize window)), but Im not sure why when my program starts running it slows down A LOT the game''s speed =/. The frame rate drops drastically. And I have even commented out the menu attachment code and etc, my prog basically does nothing now except creating a Window and peek for incoming messages, and it still slows down the other program!
Any reasonable explanation (besides that I suck at programming, of course)?
Anyway, thanks a lot for your help, blue-lightning, I really appreciate =].

Mike - I checked your page, bookmarked it (heh ) and dloaded the tutorial, but didnt have the time to check it yet (of course, writting this 15 pages replies, as I cant just go and write a 5 lines one, not sure why hehe, I wont really have free time). But thanks a lot! Ill try to read it tomorrow or on wednesday (Ill be kinda busy tomorrow =[, but Ill still try).

Marauderz - I know you probably didnt ask that to me (hehe), but I dont know the answer also , I just wanted to say that I think Ill be able to manage to do this thing Im trying to without using this Read/WriteMemoryProcess, and only use hooks (if one thing doesnt depend on the other). So depending on what are you trying to do you may not need it.

Cya all, and thanks a lot!
-RoTTer

Share this post


Link to post
Share on other sites
RoTTer, intercepting wsock events has nothing to do with hooks. Please don''t try to use them for it.

If you can resize the game window then you probably want your menu outside of the game. Then you will have no problem with it. Drawing the menu in the game can slow it down.

If you are using my wsock32 it slows down the game a lot. Also don''t intercept all the messages with hooks. Use the WH_KEYBOARD and WH_MOUSE like I said. If you read the help files on hooks they say that they should be reserved for debugging. One of the reasons is because they are incredibly slow. But if you only intercept input messages then its not so bad.

And which code are you willing to email me?

Marauderz: You can''t, easily. The base address is stored in the header of the exe, but you don''t want to look there. Also if you did it would only give you the exe data and global variables. Try VirtualQueryEx. I must warn you that there is a lot of system memory, and they will have none of the stuff you want. Usually the very big and the very small are system. Also the ones in the very very high address ranges are memory mapped files. The usually exe base is about 0x400000 or something like that starting with a 4.



For a good time hit Alt-F4! Go ahead try it, all the cool people are doing it.

Share this post


Link to post
Share on other sites
Rotter :- But you see I want to make a cheat program which pokes through a program''s memory area, finds the proper space which the variable occupies, and locks it at a value. Something like a trainer generator or creator you might say.

Blue Lightning :- I have no clue what you just said! Anyway from an API book the examples used a SendMessage(tarWnd,WM_USER,0,0) to obtain the base address... wonder if that''ll work for me.... oh well I''ll just have to try.

-------------------------
-Now Working on Pokemon like Engine!

Share this post


Link to post
Share on other sites
Hey RoTTer... POL is going to support ignition (at least, that''s what Beosil told me). So... we don''t have to write a crypt code. Hehe *cheers*.

But that means we will have to launch the client using Ignition... what means we will only be able to launch 1 client with the GD per OS.

Anyway that''s a good news.

Share this post


Link to post
Share on other sites
I don''t know how this relates to the hooks system, but the method I use to intercept messages from a program is to use GetWindowLong and SetWindowLong to replace the windows wndproc with my own. With that I have access to every message that the program recieves. Then, I call the old wndproc of the program so that it too can process the message. I use this method mostly with winamp plugins I write, that way, My plugin can make winamp it''s bitch.

Not sure exactly how UO does it, but for winsock programming, Most programs recieve a message (Set by the program) when data has arrived. If you can figure out witch message this is you can now intercept data being sent to the app. (wParam I think) is the socket the data was recieved on, so just read it in (without removing it) and do what you please.

-Zims

Share this post


Link to post
Share on other sites
Hello again!

I was working with Ziman''s idea, but I can''t change the game''s WndProc using SetWindowLong.

I created a WndProc to replace the old one, where I send a copy of every message to the old WndProc.... then I called SetWindowLong and replaced the old WndProc with the new one... I get no error messages, and everythin looks ok, but the game behaves just like I had never changed anything!

Does any of you people have any idea about what I could be doing wrong?

I''ll give a look at the other ideas (didn''t have the time yet), I just tried Ziman''s idea first because it looked simple and versatile.

It''s great to be able to count with a place like this. This place saved my butt many times. Thank yall!

Share this post


Link to post
Share on other sites
Guest Anonymous Poster
Windows programming sucks! DOS rulez!

Share this post


Link to post
Share on other sites
Anomymous Poster: it would be easy to cheat if the game was in dos, but since this is an online game I don''t think it would be good for it to run in dos. And making a cheating program in dos for windows programs wouldn''t work well either, unless you know how to switch to ring0 and convert the addresses.

By the way does anyone know how to do a callgate without using thunk scripts? I know its possible, but too few people use callgates with thunk scripts for there to be enough information about it. I''ve been looking for it for months.

Share this post


Link to post
Share on other sites