1. Updated Resource Submission Rules: All model & skin resource submissions must now include an in-game screenshot. This is to help speed up the moderation process and to show how the model and/or texture looks like from the in-game camera.
    Dismiss Notice
  2. DID YOU KNOW - That you can unlock new rank icons by posting on the forums or winning contests? Click here to customize your rank or read our User Rank Policy to see a list of ranks that you can unlock. Have you won a contest and still havn't received your rank award? Then please contact the administration.
    Dismiss Notice
  3. The poll for Hive's 12th Concept Art Contest is up! Go cast your vote for your favourite genie!
    Dismiss Notice
  4. Travel to distant realms and encounter scenes unknown to the common folk. The Greatest of Adventures is upon us with the 8th Cinematic Contest. Join in on a fun ride.
    Dismiss Notice
  5. The 18th Icon Contest is ON! Choose any ingame unit and give him/her Hero abilities. Good luck to all.
    Dismiss Notice
  6. Contestants are to create a scene set in the Stone Age. Come and see what you can come up with. We wish you the best of luck!
    Dismiss Notice
  7. Colour outside the lines! Techtree Contest #13 is a go. The contest is optionally paired.
    Dismiss Notice
  8. Greetings cerebrates, our Swarm needs new spawners that will have numerous children. Join the HIVE's 31st Modeling Contest - Spawners and Spawned! The contest is optionally paired.
    Dismiss Notice
  9. Check out the Staff job openings thread.
    Dismiss Notice
Dismiss Notice
60,000 passwords have been reset on July 8, 2019. If you cannot login, read this.

Reading memory via JASS?

Discussion in 'World Editor Help Zone' started by sethmachine, Jul 24, 2014.

  1. sethmachine

    sethmachine

    Joined:
    Aug 7, 2013
    Messages:
    1,318
    Resources:
    0
    Resources:
    0
    Hi,

    Is there anyway to read WC3's memory via JASS?

    e.g. suppose you would like to access the duration field of a particular spell. This information has to be in the map / held somewhere in WC3's current memory while playing the map, even if there is no native that reads it.

    In Blizzard's Starcraft Broodwar (Starcraft I, not Starcraft II), adept programmers found ways to read SC's memory or even write to it by using memory overflows. This allowed triggering which SC didn't support and was otherwise impossible to do.

    For context here is an example of using "extended" units / players (player values above the canonical ones, which apparently always crash WC3 but not SC): http://www.staredit.net/topic/15356/

    In other cases, SC's custom editor has its own special memory condition that takes advantage of the fact that the death table (the data structure holding information about the number of deaths of each unit) is also next to other data structures, and so attempting to read in absurdly high values in the death table (e.g. player X suffered -1745653 deaths of unit X) actually reads memory in other places.

    So is there anyway to read memory via JASS?
     
  2. PurgeandFire

    PurgeandFire

    Code Moderator

    Joined:
    Nov 11, 2006
    Messages:
    7,427
    Resources:
    18
    Icons:
    1
    Spells:
    4
    Tutorials:
    9
    JASS:
    4
    Resources:
    18
    One or two of the ConvertXXX() abilities read memory out of their bounds, but I think most of them perform bound checks. See:
    http://www.hiveworkshop.com/forums/triggers-scripts-269/hidden-attack_type-world-editor-227993/

    Memory reading would be rather useless for reading object editor data. Databasing is simpler and faster. Just store the data you would need to read in a hashtable (based on the object editor). You can either do it manually or you can write a script to generate the code based on the object editor data in the map.
     
  3. Aisha Mizuki

    Aisha Mizuki

    Joined:
    Jul 15, 2014
    Messages:
    37
    Resources:
    0
    Resources:
    0
    Actually what JASS stand for and what for? for make W3 WorldEditor goes faster? hmmm
     
  4. Bannar

    Bannar

    Joined:
    Mar 19, 2008
    Messages:
    3,087
    Resources:
    20
    Spells:
    5
    Tutorials:
    1
    JASS:
    14
    Resources:
    20
    Jass is a scripting language created by Blizzard which is used throughout their games. It's designed to be used as trigger related/event-driven language, thus common scripts follows order: Event (action) -> Expression (reaction).

    There is no "GUI" - it is just graphic interface wrapped around Jass api, when you convert your "trigger" into custom script, you will see what is really going on.

    And yes, coding scripts by your own, without usage of GUI allows you to bypass some limits (due to lack of relatives of some stuff for GUI) and write code in a bit more efficient way.
     
  5. Aisha Mizuki

    Aisha Mizuki

    Joined:
    Jul 15, 2014
    Messages:
    37
    Resources:
    0
    Resources:
    0
    Owh.. if you said that Jass is scrpting language, then i understand.

    And JASS are more complicated than GUI right? and JASS exceed some limits that some GUI can't do♪(* ̄ー ̄)v
     
  6. Xonok

    Xonok

    Joined:
    Mar 27, 2012
    Messages:
    3,042
    Resources:
    8
    Spells:
    3
    Tutorials:
    5
    Resources:
    8
    GUI is JASS and thus, it can do just as much if you extend it(doable).
     
  7. Bannar

    Bannar

    Joined:
    Mar 19, 2008
    Messages:
    3,087
    Resources:
    20
    Spells:
    5
    Tutorials:
    1
    JASS:
    14
    Resources:
    20
    You probably didnt get excactly what I meant. I suggest you should visit GUI/Triggers and Jass tutorial sections for an additional info in regard to basic WE knowledge, required when working with Trigger Editor.
     
  8. chobibo

    chobibo

    Joined:
    Sep 24, 2005
    Messages:
    2,692
    Resources:
    0
    Resources:
    0
    Just Another Scripting Syntax [source]
     
  9. Ezekiel12

    Ezekiel12

    Joined:
    Mar 13, 2012
    Messages:
    1,053
    Resources:
    0
    Resources:
    0
    Okay, to return to the original topic:

    In the past there was an exploit which enabled full memory reading (by Toadcop and others), it got patched though.
    In the current version there are several natives which can read out of their bounds but its all quite of limited use.

    Go play around with the ConvertXXX natives and such, if youre able to retrieve mouse coordinates or somehow even set new values at runtime in a save way, you will be the new hero.
     
  10. sethmachine

    sethmachine

    Joined:
    Aug 7, 2013
    Messages:
    1,318
    Resources:
    0
    Resources:
    0
    Thanks Puregeandfire and Ezekiel12 for referring me to the ConvertXXX thread. Very interesting.

    Just curious, though, why didn't Blizzard simply implement a condition to read memory? Reading is never dangerous AFAIK, unlike writing. Using Local Files Enabled would allow doing this, and also executing arbitrary code as well?
     
  11. PurgeandFire

    PurgeandFire

    Code Moderator

    Joined:
    Nov 11, 2006
    Messages:
    7,427
    Resources:
    18
    Icons:
    1
    Spells:
    4
    Tutorials:
    9
    JASS:
    4
    Resources:
    18
    Blizzard probably doesn't want to allow people to know what memory is stored where. That is essentially the basis behind cheat engines.
     
  12. edo494

    edo494

    Joined:
    Apr 16, 2012
    Messages:
    3,855
    Resources:
    5
    Spells:
    1
    JASS:
    4
    Resources:
    5
    yea, its always safe to read everything

    image

    [​IMG]
     

    Attached Files:

  13. sethmachine

    sethmachine

    Joined:
    Aug 7, 2013
    Messages:
    1,318
    Resources:
    0
    Resources:
    0
    That's the OS throwing an error, though. AFAIK, unless we are dealing with quantum physics (where "reading" / "observing" a value causes a change), there shouldn't be any danger in reading an arbitrary memory address, unless this is fundamentally wrong.
     
  14. Xonok

    Xonok

    Joined:
    Mar 27, 2012
    Messages:
    3,042
    Resources:
    8
    Spells:
    3
    Tutorials:
    5
    Resources:
    8
    He showed you what exactly can happen for reading the wrong memory(fatal error).
     
  15. sethmachine

    sethmachine

    Joined:
    Aug 7, 2013
    Messages:
    1,318
    Resources:
    0
    Resources:
    0
    But isn't that the OS throwing the error to enforce compartamentalization (a program shouldn't read memory that doesn't belong to it)? Theoretically what is wrong with reading any memory address?
     
  16. Xonok

    Xonok

    Joined:
    Mar 27, 2012
    Messages:
    3,042
    Resources:
    8
    Spells:
    3
    Tutorials:
    5
    Resources:
    8
    Cheat engine and other similar programs read memory, so technically it shouldn't be a problem.
    However, as purge said, blizzard might not want you to know the exact memory addresses of everything.
     
  17. Dr Super Good

    Dr Super Good

    Spell Reviewer

    Joined:
    Jan 18, 2005
    Messages:
    25,476
    Resources:
    3
    Maps:
    1
    Spells:
    2
    Resources:
    3
    There should not be any such way as this would be a major security risk. If there is I would advise avoiding it as Blizzard could eventually patch it (not likely but still possible).

    Exact memory locations outside of constants are likely to not be deterministic so would require synchronization before they can be used in multiplayer.
     
  18. edo494

    edo494

    Joined:
    Apr 16, 2012
    Messages:
    3,855
    Resources:
    5
    Spells:
    1
    JASS:
    4
    Resources:
    5
    still nothing

    [​IMG]


    warcraft 3

    [​IMG]


    as you see, you cant read just any memory. You can only read memory that is assigned to your process. This is because several reasons. First is that every modern computer uses Virtual addressing, and if the value is not mapped to some physical address, what you do?

    Also even reading can be dangerous. You dont need to write to get some SSH encryption keys out of someone's computer.

    Also as mentioned, if it was possible to read the memory, you could write pretty much undetectable fog-vision, because afaik the game has all information it needs, it knows where the enemy army is even if it is fogged. If you even read that value, and is in consistant place, you will basically allow people to see in the fog(Professional programming)
     

    Attached Files:

  19. Rui

    Rui

    Joined:
    Jan 7, 2005
    Messages:
    8,438
    Resources:
    8
    Maps:
    8
    Resources:
    8
    Supposedly inter-process boundaries are already implemented by the operative system, so addressing memory of other processes shouldn't be a problem? In those cases it should definitely throw a fatal error.

    If you look at it this way, there are many natives that read memory, just not all of it. Although, if you find any way to read more, be sure to tell us =P because Blizzard really failed by, for example, not allowing us to read every and all Object Editor fields. Major bummer, I know where you're coming from.

    EDIT: About Mag's finding with player colors, I find it very awkward that the effects are different every time. Certainly it must be some kind of game instance value and SetUnitColor() is going to run a chuck of code with the address of that value.
     
    Last edited: Jul 25, 2014
  20. Dr Super Good

    Dr Super Good

    Spell Reviewer

    Joined:
    Jan 18, 2005
    Messages:
    25,476
    Resources:
    3
    Maps:
    1
    Spells:
    2
    Resources:
    3
    It is not possible to address memory from one process in another process directly. A process can only access other process memory space by using I/O OS calls (if any) or mapping part of the other process memory space into itself (pages of memory can be shared between multiple processes at different virtual addresses).

    Unless specifically given permission (run as an administrator with elevated permission), the OS will usually throw a security exception back at the process (not allow it). This will usually produce a process level fatal error as either the exception is left unhandled (propagates to main) or the process handles it but might as well shut down since it cannot perform its desired purpose.

    Where stuff is allocated in memory is not deterministic. The closest are the game code and constants which are usually loaded into memory in a certain order but even then the OS could load other things depending on version of required libraries or how the Anti-Virus operates.