|
|
Post by addicted2rpg on Nov 12, 2004 17:35:49 GMT
DWORD FindHookRunScript()
{
char* ptr = (char*) 0x400000;
while (ptr < (char*) 0x600000)
{
if ((ptr[24] == (char) 0x53) &&
(ptr[25] == (char) 0x55) &&
(ptr[26] == (char) 0x56) &&
(ptr[27] == (char) 0x8B) &&
(ptr[28] == (char) 0xF1) &&
(ptr[29] == (char) 0x8B) &&
(ptr[30] == (char) 0x86) &&
(ptr[35] == (char) 0x8B) &&
(ptr[36] == (char) 0xAE) &&
(ptr[41] == (char) 0x57) &&
(ptr[42] == (char) 0xC7) &&
(ptr[43] == (char) 0x06) &&
(ptr[44] == (char) 0x00)
)
return (DWORD) ptr;
else
ptr++;
}
return NULL;
}
I know what he's doing and also why he's doing it, but god.... Ingmar Stieger must of sat in a debugger for a hundred years to find that binary pattern in NWN.exe...
I don't even want to *think* about where tells come in.. yuck.
|
|
|
|
Post by Parinor on Nov 12, 2004 17:56:34 GMT
What is that code about anyways addcited? what is it showing? *looks confused n overwhelmed at it*
seems to do something with a player...
|
|
|
|
Post by addicted2rpg on Nov 13, 2004 5:41:24 GMT
In assembly on 32 bit systems an instruction is about 4 bytes. The hexes you see like 0x55 are instructions just in hex form. The starting point, 0x400000 is where the program begins to load in Window's stack frame. He scans down the frame looking for a pattern and returns the addresss 6 instructions (24/4 = 6) prior to his pattern. He extracted the pattern from the .EXE file, and that pattern represents the moment a script is fired... So we can have all our database calls from our scripts. Its open source/GNU, so there's no secrets being revealed here.
In light of allowing tells to go through between two modules, a similar hook would have to placed where a tell hits. But where the tell function is in memory and what its assembler representation is in NWN .EXE.... I have no idea... If I knew the method that Ingmar used to extract it one could try... I havn't seen him active on the bioware boards in forever so...
|
|
