Nerd's Corner

[Szwagier]

ok i tried discover where is mission objective
when i copied first mission from DP  xhum01 and saved as xhum02 i could kill alleria and turyalon, i couldnt kill danath
if i copied first mission human1 from TD and saved as xhum01 i got lose after 5 sec. SO mission objective are not in map
but
when i moved first mission human1 and played in scenario i wont win when i kill enemy units i will win when i made 4 farms and 1 rax so this is in map 

[Delete mine too]

ok i tried discover where is mission objective
when i copied first mission from DP  xhum01 and saved as xhum02 i could kill alleria and turyalon, i couldnt kill danath
if i copied first mission human1 from TD and saved as xhum01 i got lose after 5 sec. SO mission objective are not in map
but
when i moved first mission human1 and played in scenario i wont win when i kill enemy units i will win when i made 4 farms and 1 rax so this is in map 

It's hardcoded in the exe I made a thread about this over a year ago. For people to have different missions or objectives they would need to run a program or everyone downloads a patched war2.exe...

[Szwagier]

ok i tried discover where is mission objective
when i copied first mission from DP  xhum01 and saved as xhum02 i could kill alleria and turyalon, i couldnt kill danath
if i copied first mission human1 from TD and saved as xhum01 i got lose after 5 sec. SO mission objective are not in map
but
when i moved first mission human1 and played in scenario i wont win when i kill enemy units i will win when i made 4 farms and 1 rax so this is in map 

It's hardcoded in the exe I made a thread about this over a year ago. For people to have different missions or objectives they would need to run a program or everyone downloads a patched war2.exe...

Yes i remember but question is why mission 1 is working in scenario also

[shesycompany]

it would be great if we could find them....destroy the dark portal ends game, would make it for a fun custom.

[Lambchops]

when i moved first mission human1 and played in scenario i wont win when i kill enemy units i will win when i made 4 farms and 1 rax so this is in map

Interesting.

How are you playing it "in scenario"? You are converting it to a .PUD file? or a game save? ...or?

[Szwagier]

All Maps from camping are Saved as pus

Pud file as normalnie map Saved human01. Pud like gardenofwar. Pud


OK now i know what happen i made farm rescue(passive) , if i wont acctive it, it means its opponent, if I destroy it with range (archers,cata etc) without touch it i will win


http://forum.war2.ru/index.php/topic,1956.0.html

It is possible to change? for example make 6 farms not 4?
anyway i tried with cheat enigne and i could change only res

[shesycompany]

im sure it is,ill try also

[Szwagier]

if it will work make also  tutorial how to do it ^^ I know only that if u need go to circle of power you can do it with every units(footman knight etc even if there is mission objective  is  archer)

[Delete mine too]

All Maps from camping are Saved as pus

Pud file as normalnie map Saved human01. Pud like gardenofwar. Pud


OK now i know what happen i made farm rescue(passive) , if i wont acctive it, it means its opponent, if I destroy it with range (archers,cata etc) without touch it i will win


http://forum.war2.ru/index.php/topic,1956.0.html

It is possible to change? for example make 6 farms not 4?
anyway i tried with cheat enigne and i could change only res

Yes, you could do that but I think it would be a pain IN the ass to locate that offset. Look for a map that has more objectives in common, like build 1 shipyard, etc... the more you can change the better you can search.

[shesycompany]

oh well i mis read ..i thought you was talking about farm food value

[Lambchops]

It is possible to change? for example make 6 farms not 4?
anyway i tried with cheat enigne and i could change only res

Yes, you could do that but I think it would be a pain IN the ass to locate that offset. Look for a map that has more objectives in common, like build 1 shipyard, etc... the more you can change the better you can search.

As an exe mod, yes. I dont think this is part of  the PUD file though, althought perhaps there is a single value somewhere in the PUD that designates one of the pre-defined sets of victory conditions. I don't think so, but that would be nice.

[Szwagier]

Yes its in exe, but how do that cause u need Save exe with New value, i tired to do it but w2 didnt turn on

[Lambchops]

Yes its in exe, but how do that cause u need Save exe with New value, i tired to do it but w2 didnt turn on

Ahh. Well it depends.

You can mod the process once the exe has been loaded.... or you can mod the exe file... BUT you can only mod the exe file if the value is in an initialized section. Virtual sections (uninitialised data) do not exist in the exe file so can only be modded in memory.

The offests in the exe file can be calculated from the values in the PE header. i.e. mem address - (ImageBase+VirtualAddress) + PointerToRawData = file address (IIRC something like that lol).

ImageBase is in the IMAGE_OPTIONAL_HEADER, and PointerToRawData, VirtualAddress are in the IMAGE_SECTION_HEADER for the relevant section. You will have to check the Characteristics to make sure the section isn't flagged as UNINITIALIZED.

[Lambchops]

00 00 00 00 00 00 00 00 90 24 44 00 F0 25 44 00 00 00 00 00 A0 26 44 00 D0 28 44 00 80 29 44 00 E0 29 44 00 90 2A 44 00 20 2B 44 00 E0 2B 44 00 60 2C 44 00 F0 2C 44 00 80 2D 44 00 90 2E 44 00 C0 32 44 00 30 33 44 00 E0 33 44 00 80 34 44 00  u see them mem address the exe tells you swithc them up

well for example the first one 0x00442490
its an address in the .text section = code (instructions)

heres a dump of the WC2 PE header info:

Spoiler

Code: [Select]

Warcraft II BNE.exe - PE Image Information                              Lambchops  2002-2017

----------------------------------------


IMAGE_DOS_HEADER - SIZE: 62
  e_magic                          0x5A4D
  e_cblp                           0x0090
  e_cp                             0x0003
  e_crlc                           0x0000
  e_cparhdr                        0x0004
  e_minalloc                       0x0000
  e_maxalloc                       0xFFFF
  e_ss                             0x0000
  e_sp                             0x00B8
  e_csum                           0x0000
  e_ip                             0x0000
  e_cs                             0x0000
  e_lfarlc                         0x0040
  e_ovno                           0x0000
  e_res_1                          0x0000
  e_res_2                          0x0000
  e_res_3                          0x0000
  e_res_4                          0x0000
  e_oemid                          0x0000
  e_oeminfo                        0x0000
  e_res2_1                         0x0000
  e_res2_2                         0x0000
  e_res2_3                         0x0000
  e_res2_4                         0x0000
  e_res2_5                         0x0000
  e_res2_6                         0x0000
  e_res2_7                         0x0000
  e_res2_8                         0x0000
  e_res2_9                         0x0000
  e_res2_A                         0x0000
  e_lfanew                         0x00E8

----------------------------------------


IMAGE_SIGNATURE - SIZE: 4
  Signature                        0x00004550

----------------------------------------


IMAGE_FILE_HEADER - SIZE: 20
  Machine                          0x014C
  NumberOfSections                 0x0004
  TimeDateStamp                    0x3B01973F
  PointerToSymbolTable             0x00000000
  NumberOfSymbols                  0x00000000
  SizeOfOptionalHeader             0x00E0
  Characteristics                  0x010F

----------------------------------------


IMAGE_OPTIONAL_HEADER - SIZE: 96
  Magic                            0x010B
  MajorLinkerVersion               0x06
  MinorLinkerVersion               0x00
  SizeOfCode                       0x0008F000
  SizeOfInitializedData            0x0004B000
  SizeOfUninitializedData          0x00000000
  AddressOfEntryPoint              0x0007DC88
  BaseOfCode                       0x00001000
  BaseOfData                       0x00090000
  ImageBase                        0x00400000
  SectionAlignment                 0x00001000
  FileAlignment                    0x00001000
  MajorOperatingSystemVersion      0x0004
  MinorOperatingSystemVersion      0x0000
  MajorImageVersion                0x0000
  MinorImageVersion                0x0000
  MajorSubsystemVersion            0x0004
  MinorSubsystemVersion            0x0000
  Reserved1                        0x00000000
  SizeOfImage                      0x000DB000
  SizeOfHeaders                    0x00001000
  CheckSum                         0x00000000
  Subsystem                        0x0002
  DllCharacteristics               0x0000
  SizeOfStackReserve               0x00100000
  SizeOfStackCommit                0x00001000
  SizeOfHeapReserve                0x00100000
  SizeOfHeapCommit                 0x00001000
  LoaderFlags                      0x00000000
  NumberOfRvaAndSizes              0x00000010

----------------------------------------



IDD# 2  [ IMPORT ]
IMAGE_DATA_DIRECTORY - SIZE: 8
  VirtualAddress                   0x0009208C
  Size                             0x000000B4

IDD# 3  [ RESOURCE ]
IMAGE_DATA_DIRECTORY - SIZE: 8
  VirtualAddress                   0x000D9000
  Size                             0x00001210

IDD# 13  [ IMPORT ADDRESS ]
IMAGE_DATA_DIRECTORY - SIZE: 8
  VirtualAddress                   0x00090000
  Size                             0x000004E8

----------------------------------------


IMAGE_SECTION_HEADER - SIZE: 40
  Name                             .text
  VirtualSize                      0x0008E2EE
  VirtualAddress                   0x00001000
  SizeOfRawData                    0x0008F000
  PointerToRawData                 0x00001000
  PointerToRelocations             0x00000000
  PointerToLinenumbers             0x00000000
  NumberOfRelocations              0x0000
  NumberOfLinenumbers              0x0000
  Characteristics                  0x60000020
  - CNT_CODE
  - MEM_EXECUTE
  - MEM_READ

----------------------------------------


IMAGE_SECTION_HEADER - SIZE: 40
  Name                             .rdata
  VirtualSize                      0x00003420
  VirtualAddress                   0x00090000
  SizeOfRawData                    0x00004000
  PointerToRawData                 0x00090000
  PointerToRelocations             0x00000000
  PointerToLinenumbers             0x00000000
  NumberOfRelocations              0x0000
  NumberOfLinenumbers              0x0000
  Characteristics                  0x40000040
  - CNT_INITIALIZED_DATA
  - MEM_READ

----------------------------------------


IMAGE_SECTION_HEADER - SIZE: 40
  Name                             .data
  VirtualSize                      0x000445B0
  VirtualAddress                   0x00094000
  SizeOfRawData                    0x00018000
  PointerToRawData                 0x00094000
  PointerToRelocations             0x00000000
  PointerToLinenumbers             0x00000000
  NumberOfRelocations              0x0000
  NumberOfLinenumbers              0x0000
  Characteristics                  0xC0000040
  - CNT_INITIALIZED_DATA
  - MEM_READ
  - MEM_WRITE

----------------------------------------


IMAGE_SECTION_HEADER - SIZE: 40
  Name                             .rsrc
  VirtualSize                      0x00001210
  VirtualAddress                   0x000D9000
  SizeOfRawData                    0x00002000
  PointerToRawData                 0x000AC000
  PointerToRelocations             0x00000000
  PointerToLinenumbers             0x00000000
  NumberOfRelocations              0x0000
  NumberOfLinenumbers              0x0000
  Characteristics                  0x40000040
  - CNT_INITIALIZED_DATA
  - MEM_READ

----------------------------------------


IMAGE_IMPORT_DESCRIPTOR - SIZE: 20
  Characteristics                  0x0009235C
  TimeDateStamp                    0x00000000
  ForwarderChain                   0x00000000
  Name                             0x00092628
  FirstThunk                       0x0009021C

----------------------------------------

Imported from Storm.dll
  Hint  Function
-----------------------
  Ord0077
  Ord006D
  Ord0082
  Ord0073
  Ord008A
  Ord006A
  Ord0075
  Ord0078
  Ord007B
  Ord0066
  Ord007A
  Ord0079
  Ord0080
  Ord007F
  Ord01CE
  Ord01EB
  Ord0086
  Ord01F6
  Ord0193
  Ord01FC
  Ord0070
  Ord006B
  Ord0182
  Ord0185
  Ord0189
  Ord0186
  Ord0181
  Ord017F
  Ord013A
  Ord008B
  Ord01A9
  Ord00CE
  Ord00D3
  Ord00D8
  Ord01AF
  Ord00DD
  Ord01B2
  Ord01BD
  Ord007D
  Ord0071
  Ord00DE
  Ord0165
  Ord015A
  Ord00D0
  Ord0143
  Ord0145
  Ord010D
  Ord0109
  Ord01CF
  Ord0112
  Ord0117
  Ord01A5
  Ord01A8
  Ord01AC
  Ord01EE
  Ord0110
  Ord01D1
  Ord010B
  Ord0108
  Ord0113
  Ord0114
  Ord008C
  Ord0100
  Ord023B
  Ord00FF
  Ord0102
  Ord0164
  Ord0139
  Ord0162
  Ord015E
  Ord01AA
  Ord015F
  Ord01D4
  Ord0191
  Ord01F5
  Ord01FA
  Ord01F7
  Ord01FD
  Ord023C
  Ord0072
  Ord00FC
  Ord010A
  Ord00FD
  Ord010C
  Ord01A6
  Ord0089
  Ord01CA
  Ord01C9
  Ord01C6
  Ord01A7
  Ord0101
  Ord0105
  Ord01C5
  Ord0104
  Ord01C3

----------------------------------------



----------------------------------------


IMAGE_IMPORT_DESCRIPTOR - SIZE: 20
  Characteristics                  0x00092198
  TimeDateStamp                    0x00000000
  ForwarderChain                   0x00000000
  Name                             0x00092D96
  FirstThunk                       0x00090058

----------------------------------------

Imported from KERNEL32.dll
  Hint  Function
-----------------------
  0109: GetCurrentProcess
  0298: SetHandleCount
  0168: GetStdHandle
  01E5: LocalAlloc
  018E: GetVersion
  0230: RaiseException
  0125: GetFileSize
  00DE: GetComputerNameA
  0030: CreateDirectoryA
  0293: SetFileAttributesA
  028D: SetEnvironmentVariableA
  0025: CompareStringW
  0024: CompareStringA
  028C: SetEndOfFile
  00B9: FlushFileBuffers
  02A8: SetStdHandle
  02EE: VirtualAlloc
  0295: SetFilePointer
  016C: GetStringTypeW
  0169: GetStringTypeA
  02F1: VirtualFree
  01B6: HeapCreate
  01B8: HeapDestroy
  018F: GetVersionExA
  011C: GetEnvironmentVariableA
  0128: GetFileType
  011B: GetEnvironmentStringsW
  0119: GetEnvironmentStrings
  00C2: FreeEnvironmentStringsW
  00C1: FreeEnvironmentStringsA
  0257: RtlUnwind
  01BE: HeapSize
  01BD: HeapReAlloc
  0146: GetOEMCP
  00C9: GetACP
  00CF: GetCPInfo
  02CB: TerminateProcess
  01B4: HeapAlloc
  02DB: UnhandledExceptionFilter
  02D2: TlsGetValue
  029C: SetLastError
  02D0: TlsAlloc
  01BA: HeapFree
  01DD: LCMapStringW
  01DC: LCMapStringA
  0202: MultiByteToWideChar
  0301: WideCharToMultiByte
  008C: ExitProcess
  01CB: InterlockedIncrement
  0166: GetStartupInfoA
  008D: ExitThread
  02D3: TlsSetValue
  010C: GetCurrentThreadId
  004D: CreateThread
  026C: SetConsoleCtrlHandler
  012F: GetLocalTime
  0186: GetTickCount
  0138: GetModuleFileNameA
  005C: DeleteFileA
  009F: FindClose
  00AC: FindNextFileA
  00A3: FindFirstFileA
  012D: GetLastError
  00DA: GetCommandLineA
  0117: GetDriveTypeA
  0132: GetLogicalDriveStringsA
  001E: CloseHandle
  0037: CreateFileA
  02C3: Sleep
  01C5: InitializeCriticalSection
  005A: DeleteCriticalSection
  0153: GetProcAddress
  01DF: LoadLibraryA
  0290: SetEvent
  01DE: LeaveCriticalSection
  006F: EnterCriticalSection
  0252: ResetEvent
  02FD: WaitForSingleObject
  0034: CreateEventA
  02FB: WaitForMultipleObjects
  023D: ReadFile
  0263: SetCommState
  00D8: GetCommState
  0264: SetCommTimeouts
  01E9: LocalFree
  0174: GetSystemTime
  00C3: FreeLibrary
  0147: GetOverlappedResult
  030E: WriteFile
  01D0: IsBadReadPtr
  013A: GetModuleHandleA
  02F6: VirtualQuery
  0332: lstrcpynA
  01D3: IsBadWritePtr
  00BE: FormatMessageA
  02B8: SetUnhandledExceptionFilter
  01A8: GlobalMemoryStatus
  0113: GetDiskFreeSpaceA
  0172: GetSystemInfo
  0189: GetTimeZoneInformation
  0201: MulDiv
  0187: GetTimeFormatA
  010D: GetDateFormatA
  0099: FileTimeToSystemTime
  0098: FileTimeToLocalFileTime
  0120: GetFileAttributesA
  01C8: InterlockedDecrement

----------------------------------------



----------------------------------------


IMAGE_IMPORT_DESCRIPTOR - SIZE: 20
  Characteristics                  0x000924DC
  TimeDateStamp                    0x00000000
  ForwarderChain                   0x00000000
  Name                             0x000931DC
  FirstThunk                       0x0009039C

----------------------------------------

Imported from USER32.dll
  Hint  Function
-----------------------
  01F6: RegisterClassA
  00DF: GetActiveWindow
  0196: IsWindowVisible
  026F: ShowWindow
  0105: GetDlgItem
  010A: GetFocus
  0138: GetParent
  0213: SendDlgItemMessageA
  00B9: EnableWindow
  01D7: OffsetRect
  015A: GetWindowLongA
  017E: InvalidateRect
  00B1: DrawTextA
  01A2: LoadIconA
  0095: DialogBoxParamA
  0160: GetWindowRect
  022A: SetCursor
  0263: SetWindowTextA
  01EE: PtInRect
  0220: SetActiveWindow
  0234: SetForegroundWindow
  00D2: EnumWindows
  0166: GetWindowThreadProcessId
  0190: IsIconic
  019A: LoadAcceleratorsA
  0287: TranslateMessage
  0149: GetSystemMetrics
  005A: CreateWindowExA
  0296: UpdateWindow
  0284: TranslateAcceleratorA
  022C: SetCursorPos
  00D7: FindWindowA
  0233: SetFocus
  0276: SystemParametersInfoA
  000C: BeginPaint
  00BD: EndPaint
  0218: SendMessageA
  0221: SetCapture
  0206: ReleaseCapture
  0086: DefWindowProcA
  00FF: GetCursorPos
  020E: ScreenToClient
  0102: GetDesktopWindow
  00BB: EndDialog
  026B: ShowCursor
  00F3: GetClientRect
  0146: GetSysColor
  019E: LoadCursorA
  01CF: MsgWaitForMultipleObjects
  0097: DispatchMessageA
  0199: KillTimer
  0257: SetTimer
  02B3: wsprintfA
  0260: SetWindowPos
  0100: GetDC
  0207: ReleaseDC
  01E3: PostMessageA
  0230: SetDlgItemTextA
  010B: GetForegroundWindow
  01E1: PeekMessageA
  0156: GetWindow
  00F0: GetClassNameA
  025D: SetWindowLongA
  01C3: MessageBoxA
  01AF: LoadStringA
  008B: DestroyAcceleratorTable

----------------------------------------



----------------------------------------


IMAGE_IMPORT_DESCRIPTOR - SIZE: 20
  Characteristics                  0x00092148
  TimeDateStamp                    0x00000000
  ForwarderChain                   0x00000000
  Name                             0x00093328
  FirstThunk                       0x00090008

----------------------------------------

Imported from GDI32.dll
  Hint  Function
-----------------------
  00A2: ExtTextOutA
  0037: CreateFontA
  0191: MoveToEx
  020C: TextOutA
  01F8: SetTextAlign
  01D4: SetBkColor
  01FA: SetTextColor
  0172: GetTextExtentExPointA
  012D: GetDeviceCaps
  017E: GetTextMetricsA
  0054: DeleteObject
  0157: GetObjectA
  0038: CreateFontIndirectA
  002B: CreateCompatibleDC
  01CE: SelectObject
  0176: GetTextExtentPoint32A
  0051: DeleteDC
  015C: GetPaletteEntries
  0167: GetStockObject

----------------------------------------



----------------------------------------


IMAGE_IMPORT_DESCRIPTOR - SIZE: 20
  Characteristics                  0x00092140
  TimeDateStamp                    0x00000000
  ForwarderChain                   0x00000000
  Name                             0x00093342
  FirstThunk                       0x00090000

----------------------------------------

Imported from ADVAPI32.dll
  Hint  Function
-----------------------
  00F3: GetUserNameA

----------------------------------------



----------------------------------------


IMAGE_IMPORT_DESCRIPTOR - SIZE: 20
  Characteristics                  0x00092348
  TimeDateStamp                    0x00000000
  ForwarderChain                   0x00000000
  Name                             0x000933A8
  FirstThunk                       0x00090208

----------------------------------------

Imported from SHELL32.dll
  Hint  Function
-----------------------
  0063: SHGetPathFromIDListA
  008C: ShellExecuteA
  0027: FindExecutableA
  0066: SHGetSpecialFolderLocation

----------------------------------------



----------------------------------------


IMAGE_IMPORT_DESCRIPTOR - SIZE: 20
  Characteristics                  0x000925F8
  TimeDateStamp                    0x00000000
  ForwarderChain                   0x00000000
  Name                             0x000933B4
  FirstThunk                       0x000904B8

----------------------------------------

Imported from WSOCK32.dll
  Hint  Function
-----------------------
  Ord0015
  Ord0011
  Ord0073
  Ord0017
  Ord0014
  Ord000C
  Ord0009
  Ord0002
  Ord0006
  Ord0003
  Ord0074

----------------------------------------



----------------------------------------


IMAGE_IMPORT_DESCRIPTOR - SIZE: 20
  Characteristics                  0x000925E8
  TimeDateStamp                    0x00000000
  ForwarderChain                   0x00000000
  Name                             0x00093402
  FirstThunk                       0x000904A8

----------------------------------------

Imported from VERSION.dll
  Hint  Function
-----------------------
  0001: GetFileVersionInfoSizeA
  0000: GetFileVersionInfoA
  000A: VerQueryValueA

----------------------------------------


so the first thing is the ImageBase which is in the IMAGE_OPTIONAL_HEADER (which is very non-optional BTW)

the image base is 0x00400000, which is the default  for exe file so that's easy.

so we subtract that from the address ad we get 0x00042490
This is now a virtual address (aka VA) because it is an relative to the image base.

so looking through the IMAGE_SECTION_HEADERs we can see that the .text section has:
  VirtualSize                      0x0008E2EE
  VirtualAddress                0x00001000

which means it will be 0x00401000 -> 0x0048F2EE in memory ...

but anyway we can see that  1000 < 42490 < (1000+8E2EE)  so we know it's in this section.

so then we subtract the VirtualAddress 42490-1000 = 41490
this is the offset into the .text section for our address.

So then we just have to know where the text section is in the exe file, that is PointerToRawData

In this case Pointer to raw data is also 0x1000, same as virtual address so we just add 1000 back again and we get 42490 as the exe file offset.

This example is very easy because VirtualAddress=PointerToRawData.

If we wanted an address in the .rsrc section it would be different:

e.g.  0x004DA666
we have:
    ImageBase           =0x00400000
    VirtualAddress     =0x000D9000
    PointerToRawData =0x000AC000

so:
0x004DA666 - 0x00400000 - 0x000D9000 + 0x000AC000 = 0x000AD666 (exe file offset)

----------================-------------


END RESULT.... for all those ones in your mem dump there just remove the first '4'

0x00442490 mem = 0x00042490 file

... but it's not always like that.

[shesycompany]

nice info lamb!