Questions about distances to selected units

Discussion in 'Mod Support' started by coldboot, April 30, 2015.

  1. coldboot

    coldboot Active Member

    Messages:
    447
    Likes Received:
    112
    Can the UI tell you the distance between your each of your select units and these things:
    1. The cursor's current position on the 2D UI plane
    2. The middle of 2d UI plane
    3. Distances to other units on the 2D UI plane and the 3D world

    Thanks.
  2. wondible

    wondible Post Master General

    Messages:
    3,299
    Likes Received:
    2,089
    It's possible to get the cursor's current position. Attach a mousemove handler if the game doesn't have one. I know of no way to get the 2d position of a unit, except you can say that the unit under the cursor is somewhere around the current pointer position. It might be possible get a rough location by walking a selection box (assuming camera was stable), but that would have to be an active command rather than a passive display.

    The center of the main window would be easy to calculate. Units as above.

    2D as above. We generally have no insight into the 3d world, except for alerts (which include pings) Cola has been experimenting with memory hacking, but it will be fragile, and not as simple as installing a mod.
  3. cola_colin

    cola_colin Moderator Alumni

    Messages:
    12,074
    Likes Received:
    16,221
    For the interested:
    https://github.com/pamods/Minimap/tree/navigator/zoom_navigator_memory_access

    assumes a Windows x64 system and can find all units you can currently see and a bunch of information on them.
    I'll probably release something that uses it "soon".
  4. coldboot

    coldboot Active Member

    Messages:
    447
    Likes Received:
    112
  5. cola_colin

    cola_colin Moderator Alumni

    Messages:
    12,074
    Likes Received:
    16,221
    I don't think it will happen from their side any time soon :S
  6. exterminans

    exterminans Post Master General

    Messages:
    1,881
    Likes Received:
    986
    Nice job!

    Even though I'm surprised that it took so long, for someone to finally go that route. (Respectively to make it public.)

    But as I know Uber by now, the response will probably be to enable ASLR on the PA executable, rather than finally expanding the API.

    With ASLR, that cheat engine table will unfortunately break, and you will have to use memory pattern scanning to find the offset of a known structure in memory, from which on you now can treat all other addresses as relative.


    Nonetheless: Welcome to the dark side ;)

    PS: I didn't bother to check for it recently, but are radar blips still full units?
    Last edited: May 22, 2015
  7. cola_colin

    cola_colin Moderator Alumni

    Messages:
    12,074
    Likes Received:
    16,221
    With ASLR I could probably also offer a program that patches the executable beforehand to make it leak the one single static address I need somehow. Everything after that is dynamically allocated and accessed by relative offsets anyway.
    But I have reasons to believe Uber won't do anything drastic as enabling ASLR, so no need. I am more worried at how patches will make me require to fix it again and again, though by now I have a decent understanding of how the structures look like and where to find them.
  8. exterminans

    exterminans Post Master General

    Messages:
    1,881
    Likes Received:
    986
    But we do have now reached a point I would have hoped we would NEVER reach.

    And that is the need to run a 3rd party executable with elevated permissions on the client, in order to make certain mods work. Not just not outside the JS sandbox, but even outside UAC protection.

    You will eventually end up distributing that not only in source, but also in compiled form (as it does require JDK to compile), and it will be forked, and eventually someone will use that distribution process to include vulnerabilities or even straight away by choice.

    Which means the **** is about to hit the fan, not even to mention the witch hunt this will cause as there is simply stuff which isn't possible without it.

    I don't think Uber is really aware of this, or they would have interfered already. Or they just don't care, which would be even worse, and makes them responsible for the damage both to individuals and the community as a whole this will cause.
  9. cola_colin

    cola_colin Moderator Alumni

    Messages:
    12,074
    Likes Received:
    16,221
    It does not need elevated rights to read memory data running it as the same user as PA appears to be enough.
    To be precise my user account is admin with UAC on the default settings. Never had troubles. Cheat engine asks for more elevations, my reader does not.

    Though to make it easy on the user I am trying to detect the PA version by reading the version.txt which will need elevated rights if PA is installed on C and has no modifications to it's file rights. Even then it only just fails though, it never asks for elevations.

    Also I do distribute the compiled jar already: https://forums.uberent.com/threads/rel-the-ubermap.68808/
    It's still a little buggy and hidden in the modding forums I guess.

    I don't think there is any real issue with this kind of modding, apart from that fact that it isn't as stable and reliable as modding through official APIs and it isnt multiplatform as easily.


    EDIT:
    About cheating in PA by accessing the memory: From all I found PA is a pretty good example how to implement client-server separation to fight this kind of cheating. I found a single issue and my report was promptly addressed. Uber cares about correctly enforcing client-server.
  10. exterminans

    exterminans Post Master General

    Messages:
    1,881
    Likes Received:
    986
    Just had a look into the Win API docs, and you are right. Reading the memory of another process which runs at the same integrity level actually does not require any additional permissions.

    Which means if PA is started with default permissions, and java is launched with default permissions, they are allowed to read from each other in any way they want.

    Only writing requires elevated permissions, that's why CheatEngine triggers UAC.

    But that's still several levels above what the sandbox was supposed to allow you. You are already asking users to trust you quite a lot already.

    It's a similar issue with PAMM actually, but at least they aren't reading PAs memory yet, so they have no access to whatever credentials and alike the client keeps in memory.

    And that one will require PROCESS_VM_WRITE in addition to PROCESS_VM_READ, and therefore elevated permissions. At least if you wish to inject into the holodeck by modifying the unit list.

    Yes, the architecture is solid.

    But that's not what I meant by cheating this time. You witnessed the past discussions on that topic. Especially among the competitive 1vs1 players, there are quite a lot who consider any type of automation or even just improved UI as an unfair advantage.

    Now guess how they will react to client side mods which are no longer even using the API. Especially when "trust" comes into play.

    I know, technically it isn't cheating as you are not accessing any information you couldn't have, nor are you injecting any commands you shouldn't be able to issue, both since the server wouldn't allow you too. But you are on the edge of what most users will consider cheating, especially when it requires 3rd party software.
  11. cola_colin

    cola_colin Moderator Alumni

    Messages:
    12,074
    Likes Received:
    16,221
    I am not planning to write anything to PA memory if I can circumvent it. With that sentence I only talked about the icons I am rendering myself.
    Though with writing a few bytes I could indeed make units visible at the last known location. Half transparency however ... I have no idea how I could do that.
    I don't plan it either way.

    I guess that is true, but that is how it is.

Share This Page