Agreement plug-in production
BY RIX
Currently, the external network of online games is mainly divided into auxiliary action plug-in and kernel-type protocol plug-in. The action plug-in helps players carry out some repetitive labor. There are many procedures on the Internet. The button elves are a good example. The protocol-type external mlim is a very mysterious feeling. In this regard, it is probably the ultimate online game, which is also because the legend is most popular.
Before the specific explanation, I really want to take some things, after all, the college is not my style, I prefer free one. Since we are mainly for protocol plug-in production tutorial, we will first tear online games and some of them, if you have any places, you will not be grateful. If you feel annoying, you can jump directly to where you are interested.
I played online game history, I just started to play is a magic baby, always playing at a free, the longest in a server is in Sichuan Wolong, now the server is about to be present or in parallel. Let's, my name is Bluerose. The front of my career is my career, a lot of small numbers, but the name is the same. This name is because my friend said that I am very depressed, but I always hold hope, so I use this name. Later, I played the Westward Journey II. It is a friend who is playing. Although it is going to class, but occasionally play, the name inside is tears, and it is a female player, because this name is too female. When I started to play, I think I am alone (at that time, although my college is a classmate friend, but the heart is still lonely), when the friend pulls me to play, the night is not bad, the star is not bad, the starlight makes me I remembered the feeling of tears, so it's called Soliograph, but I feel that this name is too naked, I will drop the word solitary.
Since the history of the Westward Journey II is relatively long, and the game is more familiar with the game of the Westward Journey, this tutorial uses the Westward Journey II as a goal, but the tutorial considers versatility as much as possible. However, in advance, I am not familiar with online games, so do not talk to my top priority and development of online games and the impact of online games to online games. I also know the network programming, so I avoid the code that contains the network as much as possible, and because the protocol type plug-in needs to send data, it can be performed by other methods (such as through the online game client).
Let me talk about the server and client communication. Since the server and the local client are not in the same geographic location, the data is relatively distant, so the data transmission takes a certain amount of time, which determines that the data can only be sampled in online games. Processing cannot perform real-time data processing. For example, the data processing of the local area network CS (counter-terrorism), when you move, you must inform other computer players, this data is transmitted because of the internal transmission of data, the amount is relatively small. The computer can make fast sampling and data processing to determine if it is played or moves whether violations of rules (such as Run Equity), but when playing on the network, the sampling of the data is not as fast as the local LAN. In the Westward Journey II (after the shortcomings, a few words, a few words), when moving, not to transfer each step a one to the server, but put this mobile rule into packet submission Give the server, after the client starts playing animation, after the server processes the data, the location will be transferred to the client, and the client is based on this position data as the base point, and the next movement of the characters will be made. A time to take a time, which is less than CS, which is smaller than the CS collection density. The packet is critical when the server communicates with the client. The rules of the data in the packet are one of the most important foundations of the protocol. Since network data can be intercepted, in order to prevent data from being modified, the data in the packet is encrypted, as for how to encrypt, this is performed by a server and client through a certain algorithm. Therefore, the server and client communication is probably the following look:
Client data acquisition ===> Data package ==> Data encryption ==> Send data to server ==> server data decryption ====> Server processing packet == (Processing return data) = => Recycling data package ==> Recycling data encryption ==> Data return ==> Client receive data ==> Client decryption data ==> Client data processing
The probably the process is above, I originally wanted to use the picture, because I played memory in the first two days, I accidentally broke a memory module (the granules could be broken when the memory strip is plugged), and the computer is now 128MB memory, It's not very fast to run a Word 2003, so I gave up in Photoshop, I am sorry.
Our goal is that the data packet, that is, the data between the game communication is intercept the game communication to perform corresponding modifications or to send a pseudo packet. I got a plan, but this festival couldn't finish all, I can only write a little after get off work, the time is limited, how much can I write?
Target Program: Westward Journey II client. (Is there a server on your hand? If there is a message, I also want ^ _ ^)
Target: Packet
Purpose: Packet interception, modify, pseudo-send
Programming software: This doesn't matter, but I use C Builder 6, the previous time to do CB 6-related projects, and CB is the most convenient to write the program interface, it is a bit slow and generated by compilation. Big. (Arrival: Isn't it a mobile phone project, worried about capacity?) I have used a limited procedure and develop a bad habit, there is no way.
Idea: Our program is to interfere with the operation of other procedures. The best way is to use Debug's way, but I have not intended to use Debug's way, I am not familiar with the program's Debug, and I hate it is useless. Code. I am going to adopt a thread injection method, as for thread injection, and why thread injection can intervene, this knowledge is best to see "Windows Core Programming", otherwise this tutorial is endless. When our thread is injected into the target program, it can be used for what you want. So our first purpose is to inject thread into the target program. Preparatory activities:
The easiest thread injection is the easiest way. If you don't know, it is best to go to the Internet or flip "Windows Core Programming". In order to prevent the existence of anti-hook existence and plug-in detection, I will start the target program with my own procedure. Due to the unceregate update of online games, it is best to upgrade when the program is started, at least in the program like the big call, because frequent upgrades and version detection always make me too long.
Let's make specific practices, I have made more detailed steps, if you use VC or other words, just pay attention to the core code.
Create a new project, add two buttons (TButton or other types of buttons) on the form, one change the title to start the game, and the other title is changed to start the plug. Add another TopEndialog. For the default form, the big interface is a lot of waste, so make the form small, don't scare people.
Double-point Start the game's button to write the button, the default is the onclick event. Below is the code code:
IF (FileExists (Application-> Exename) "// path.ini") == false)
{/ * I saved the path of the target program to the Path.ini file in the current program directory, but if the current program is running, there is no such file, so you can use topdndialog to open, do this Point is just for convenience, don't have to get some target programs each time * /
IF (OpenFile-> Execute ())
{
Ansistring AppPath = "Path =" ExtractFilePath (OpenFile-> FileName);
WritePrivateProfilesection ("XY2PATH", AppPath.c_STR (), (ExtractFileDir (Application-> Exename) "// path.ini"). C_str ()); // The path of the Chiang target program deposits to the path.ini file.
Else
{
Return;
}
}
// The following code starts launching the target program
Process_information pi;
Startupinfo Si;
Si.cb = sizeof (si);
si.lpreserved = null;
Si.lpdesktop = null;
Si.lptitle = NULL;
Si.cbreserved2 = 0;
Si.lpreserved2 = NULL;
Si.dwflags = startf_useposition;
Si.dwx = 0;
Si.dwy = 0;
Char Appname [300];
GetPrivateProfileString ("XY2PATH", "Path", "", AppName, 250, (Application-> Exename) "// path.ini"). C_str ()); strcat (appname, "// xy2.exe ");
/ * All over the environment settings of the target program, call CREATEPROCESS to start the target program, pay attention to fill the path to the target program, and the sixth parameter is crete_suspended is to load the program to the memory. Some modifications can be made to better match the operation of the plug-in.
IF (CreateProcess (Appname, Null, Null, Null, False, Create_Suspended, Null, ExtractFileDir (AppName) .c_str (), & Si, & Pi) == 0)
{
// Start the target program failed
ShowMessage ("Error Open EXE FILE");
Return;
}
GameHandle = pi.hprocess;
/ * In this section, it is best to comment out of this condition, I will explain this condition in the later tutorial, here is probably the function, the first Write is to skip Update, the second is to When you quit, you don't open the web. If my computer opens the webpage, the middle time can be smoked in the middle of the time, so the program is changed * /
IF (WriteProcessMemory (GameHandle, (void *) 0x0042BC13, NO_UPDATE, 1, NULL) == FALSE
|| WriteProcessMemory (GameHandle, (void *) 0x
00430A
80, NO_HTML, 2, NULL) == FALSE
)
Return;
Threadhand = pi.hthread;
GamethreadId = pi.dwthreadid;
// Restore procedure, let the program execute
ResumeThread (pi.hthread);
/ * The following code is also unwanted in this section, I have existed the information about the item to the Item.ini file in the current directory (plug-in launcher directory), but do not know the path of the plug-in startup program in the target program. So I created a name called path.ini file in the target program folder, which contains Item.ini path * /
String inipath = "pat =" extractfiledir (application-> exename) "// item.ini";
WritePrivateProfilesection ("item", inipath.c_str (), (ipenfile-> filename) "// path.ini"). C_str ());
Set the starter attribute to create_suspended attribute to take into account the versatility and stability of the program, after this function, if there is a necessary modified code in the target program, you can modify it here, or you can also Perform anti-counter-hanging treatment. In fact, the plug-in practice of debug can perform the establishment of the Debug environment, and inserting the INT 3 instruction in the target program to intercept (how is I getting more and more, I have a tutorial in writing the debugger ??).
In this section, if you are later, I can't catch the bus, and then I have to go home, God, such a cold day ~~~~ Hurry up and return home. The blog on 9CBS didn't know how to attach it, I have to consider where the attachment is placed, because some documents have no way to post it. However, Gameres can be attached to an attachment of 300K, and it is desirable to use. This article is only attached to the blog of www.9cbs.net and www.gameres.com, do not use the article for any business, if this tutorial causes other consequences, it has nothing to do with I, I only talk about technology. . If you want to post, please indicate the source, if you have questions or negotiate, please send E-mail to Zeze0556@sina.com or QQ: 23033206 message, msn: zeze0556@msn.com. In addition, please don't give me a spam. When you add your friends, you must write a good post. I have been scared by inexplicably advertising letters and rumors. It is a prawn.
