C++ Project [ Need Help ]

[vnikker]

Dear Ugbase, i have been working on a project for a while now.
And now i want to ask you for some advice.
First of all, i only have basic knowledge/experience with c++ and asm.

What iam trying to do is change the color of the font used to display player names.
So i want a list of names like in a .txt file or maybe even hardcoded into the source.
And then if those names are displayed, then color them with something. (havent decided which color yet) 



i have done some debugging with cheat engine, trying to figure out what to do.
But so far i only managed to remove the font completely or make them blurry or shady.   :facepalm:


I hope somebody can guide me along the road to make this project, in advance thanks alot 

 

[0x_]

So you told us you did "some" things?
Tell us exactly what you tried, but i'll give you valid and legit point: mid func hooks.

 

[springfield]

Which game tho?

 

[vnikker]

Its for Samp.

I didnt write any code yet, since i have no idea where to start.
What i have done so far is trying to figure out what function displays the nametag.
Just some fooling around like changing some instructions and notice what happens.

I would appreciate if you dont just give me the answer. But rather guide me along and allow
me to gain some knowledge. And not just copy pasta :imoverit:

 

[0x_]

That's why I asked.
Finding the function with only basic knowledge should be possible as the "renderer" for the nametag's is forced to access memory (captain obv. here) you could obtain the function address of rendering the nametags the following way:
- Open Cheat Engine.
- Attach to GTA:SA
- Have a player ingame in your streamed range
- Search for his name in CE (best would be if the server is clean otherwise the name may appear thousands of times)
- Take one by one and do a "access breakpoint" (Find out what accesses this address)
- Then there's probably one function "accessing" the name like a crazy bitch.

This is most likely the function rendering the nametags, as rendering happens x times a second (most likely not < 60).

That's all I can say w/o using any "SA:MP" specific knowledge, if you just can't find the function just ask.

 

[y0mike]

you can change names colors w/ this
[shcode=cpp]

void SetPlayerColor( unsigned int id, DWORD dwColor )
{
    // unsigned int __stdcall sub_AD550(unsigned int a1, int a2)
    typedef unsigned int( __stdcall* SetPlayerColorFn )( unsigned int, int );
    ( ( SetPlayerColorFn ) DWORD( m_dwSAMP + 0xAD550 ) )( id, dwColor );


    /*
    if ( id < 0xFA0 ) // this works also
    {
        (( D3DCOLOR* ) ( ( char* ) m_dwSAMP + SAMP_COLOR_OFFSET ))[ id ] = dwColor;
    }
    */
}



[/shcode]

 

[0x_]

@y0mike:

I would appreciate if you dont just give me the answer. But rather guide me along and allow
me to gain some knowledge. And not just copy pasta :Imoverit:

 

[y0mike]

@y0mike:

I would appreciate if you dont just give me the answer. But rather guide me along and allow
me to gain some knowledge. And not just copy pasta :Imoverit:

anyways this is only half of what he asked for, now he can do the rest by himself.
anyways, this is how i found it so you can learn a bit

the samp offset for colors is

#define SAMP_COLOR_OFFSET                            0x216378

go into IDA

i took that offset and xref'd, you'll see this
[img=704x164]https://i.gyazo.com/52b0dc80bbb8510bab50d308c9e0907e.png[/img]


go to the first one

.text:000AD554 000 3D A0 0F 00 00                          cmp     eax, 0FA0h      ; Compare Two Operands
.text:000AD559 000 73 0B                                   jnb     short locret_AD566 ; Jump if Not Below (CF=0)
.text:000AD55B 000 8B 4C 24 08                             mov     ecx, [esp+arg_4] ; move second argument into ecx
.text:000AD55F 000 89 0C 85 78 63 21 00                    mov     dword_216378[eax*4], ecx ; mov ecx into the color table at first arg
.text:000AD566
.text:000AD566                             locret_AD566:                           ; CODE XREF: sub_AD550+9j
.text:000AD566 000 C2 08 00                                retn    8               ; Return Near from Procedure
.text:000AD566                             sub_AD550       endp

it checks if the first argument is below 0xFA0 ( 4000 ), if it is, it sets it in the color table to the second argument which holds the color (ecx),

hope u learned something and also hope i explained it well and didnt fuck anything up, still fairly new to ASM myself

 

[vnikker]

Hello fellas, im sorry for the late response.
I would like to thank you for your help, i really appreciate it!
But sadly, i have only been using IDA pro a couple of times.
And what you tried to explain didnt really make any sense to me.
Yes iam a fucking noob.. :stoned:
We really have to slow down.. :computerguy:

I connect two accounts to a server with two computers, and fire up cheat engine attaching it to search for the name.

It gives me a couple of addreses, and one of them is a static address.
samp.dll+12C848
It seems like this will cycle through all the names inside
the streaming range.

Now when i do a access breakpoint on this, it gives me a couple of instructions. i noticed that the first instruction keeps counting even if im not looking at the player. ( but still inside stream range )

0402DE36 - 88 02  - mov [edx],al
03FD6BE6 - 8A 10  - mov dl,[eax]
03FD6C10 - 8A 01  - mov al,[ecx]
03FD6E11 - 80 3F 00 - cmp byte ptr [edi],00
03FD6E54 - 8A 08  - mov cl,[eax]
03FD6E70 - 8A 01  - mov al,[ecx]
03FDF630 - 8A 10  - mov dl,[eax]
03FDF650 - 8A 02  - mov al,[edx]
03FDF660 - 8A 01  - mov al,[ecx]


Im trying to make some sense of this, but now im kinda stuck.
I hope you can help me and give me some advice.
In advance thanks alot!