Taunt/Ai signal detect by triggers

 [MM]Gallas


Editiert 3. M�rz 2017 - 21:59 von [MM]Gallas
Original post by JustTesting1234 - [You must login to view link]

The AI Signal and AI Script Goal triggers read/write from/to some buffers in the game memory, but the game developers forgot to add a basic check to make sure the value is not < 0 or > 255 which allows a buffer overflow

so basically, you can read or write '01 00 00 00' anywhere in the game memory (must be a multiplier of 4). and using invert condition trick you can check if a value is different than '01 00 00 00'

you only need some tool or a modified aokts that allows to specify any amount < 0 or > 255

Condition 'AI Signal' (set with: set-signal) reads from 0x006B45B8
Effect 'AI Script Goal' (check with: event-detected; reset with: acknowledge-event) writes to 0x006B39A0

# examples:

1. if you want to write to address 0x0066B000: (66B000 - 6B39A0) / 4 = FFFEDD98 (-74344 in decimal) so you just need to type: AI Script Goal '-74344'

2. here is an useful example to detect if the map is being played in singleplayer or in multiplayer:
[You must login to view link]

3. detecting player 1 taunts (1 to 44):
[You must login to view link]

# known values for condition AI Signal:
- detect AI Script Goal: -774 + ID
- detect single-player game: -1034
- detect taunts: -518 + ((PLAYER - 1) * 64) + (TAUNT - 1) / 4
- detect Starting Resources - Standard: -1036

# known values for effect AI Script Goal:
- set AI Signal: 774 + ID
- set AI Shared Goal: -258 + ID


added example for detecting taunts. sadly taunts are stored in 1 byte and this reads 4 bytes, so its only possible to detect groups of 4 taunts. eg you can detect if sent any taunt betwen 1 - 4, but not exactly 1, 2, 3 or 4. also once the taunt is typed, it wont get reset (condition will always be met)

you can detect up to 256 taunts per player that are in 64 groups of 4:
GROUP 1: taunts 1 to 4
GROUP 2: taunts 5 to 8
GROUP 3: taunts 9 to 12
...
GROUP 64: taunts 253 to 256

taunts GROUP can be calculated with the formula:
GROUP = (TAUNT - 1) / 4 + 1

the base to detect taunts is -518:
VALUE = -518

so the complete formula is:
AI Signal = VALUE + ([PLAYER - 1] * 64) + GROUP - 1

eg, to detect if player 4 type some taunt betwen 13 and 16 (GROUP 4):
AI Signal = -518 + ((4 - 1) * 64) + 4 - 1 = -323
Anhänge:
AI Signal Exploit Example.scx (Datei-Größe: 589 B)
Detect Taunts Example.scx (Datei-Größe: 759 B)
Link | Antworten | Zitieren
 +[MM]jason


Geschrieben 4. M�rz 2017 - 00:25
He's so smart.


Link | Antworten | Zitieren
[1]
Zeigt an 1 - 2 de 2 Beiträge
Springe zu Forum:
1 User sind betrachten gerade diesen Eintrag (on den letzten 30 Minuten)
0 Mitgleider, 1 Gäste