Quake3World

Hey there everyone, I have a quick question here.
I am working with a Game called MOHAA "Medal of Honor Allied Assault" Its a modified engine of fakk2 & quake 3. What I am trying to do is actually mod this game and fix alot of the glitches in it. My plan is to create a custom version for the game. With this if the client tries to join my server it will prompt them to download my patch to join my server. I plan on doing this through a gamex86 wrapper, so everything is handled serverside and that it can't be altered\modified\spoofed.

My question is how can I go about doing something like this? I have modified some things in the game and changed the version number, and I come get this screen: http://x-null.net/Other/patch.jpg

It shows that it works, as it should, however when I run the same modified file on the clients pc, it still displays the error message saying that the server & client version is 1.12 but the client still needs to download the latest patch. I looked at the debugged exe and here is an image of where its handled: http://x-null.net/112.jpg

I see that it compares the following:
cmp ebx,8 and I changed it to 9, thats when it displays the error message above, however when I change the value back to 8, it no longer works as it should. In other words the client is able to join the 1.12 server with the old version 1.11

I looked at a sample code here: http://svn.icculus.org/*checkout*/teu/t ... in.c?rev=2
I guess what I am asking is.. would this code work properly for a modified gamex86 wrapper? I am told it wouldn't because the code is not inside a module, it belongs to the "main" server code. Any help would be much appreciated. Thanks in advance!

I'd like MOHAA better if the SP game could be run without the disc. My disc drive is all messed up so I haven't played the game in quite a while. It is a pretty fun game though. Nathan Silvers was one of the mappers on it.

haha it can be. There are no cd "patches" if I may call it that, that allows the user to play the game without the cd. I appreciate the reply v1|3. You see, I've been a hacker for the MOH community for 7+ years, I'm not very fond of it now that I look back at it, but I did learn alot about how the game works. So now my intention is to patch up the game. For those of you that are familiar with patching and fixing things in game, theres a limit as far as how much can be done serverside. The reason I'm pushing changing the games version, is so that it forces the client to use my patch. After that I will have some control of what the client is doing. I can easily check the file integrity of the client, I can see if certain commands are hexed, or if the user has an aimbot etc etc. Things like this cant be stopped serverside as far as I am aware. I can disable an aimbot serverside, however I need stufftext to be able to do it. Clients typically hex stufftext to something else, or they modify the address in memory, which basically makes the command useless and the admin cant do things with it. With this version check, I'm 1 step closer to forcing somewhat of a "anticheat" if I may call it that. My intent isn't so much to ban users for hacking, its simply to disable the hacks. Unlike q3, MOHAA has a bunch of broken things in game. It doesn't have PURE, it doesn't have a built in AC like most games do these days, it doesn't have the ability to download "sv\cl_allowdownload" which makes this game extremely easy to hack. Also as far as cd keys are concerned... there isn't a check to see if its a valid key or if multiple users with the same key are playing the game in mp mode. Most AC's have the ability to ban a cd key if a user is found hacking, but once again MOHAA doesn't have ANY support for a clean game play. This is where I would like to come into play and do something about it.

I'm not familiar with MOHAA but with Q3, the gamex86 is only used by the server. When a client connects, the local version of gamex86 isn't used at all. A bit odd though that your client still says the version is 1.12 (you wouldn't happen to have a screenshot of that, do you?).

If you want to alert clients that don't have your mod installed, you could do it like this:

1. have the client side of your mod announce itself through a client command in the first x seconds after connecting. Q3 has trap_SendClientCommand("your announce command here"), I assume MOHAA has something similar.

2. have the server drop the client with a message / redirect if the announcement from 1. isn't received within x seconds.

By all means, correct me if I've misunderstood your problem.

your absolutely correct. The gamex86.dll is loaded ONLY for the server and instead, when the client joins the server the cgamex86.dll file is loaded. So far, everything I have done, I changed directly through memory editting. Simply changing bytes. If you look at the screenshot above of the debugging I am doing in ollydbg you will see everything there.
clearly on address 00472836 you see the ascii "1.12" this is obviously what I changed from version 1.11.

Second thing I changed on address 0047282E the default was CMP EBX,8 I changed the 8 to a 9. If I would have left it on the 8, the game would no longer prompt the message to download the patch. So I would HAVE to change the 8 to a 9. And thirdly I did the exact same thing on the address 00472844 by changing the CMP EBX,8 to CMP EBX,9

This is all I have modified thus far to get as far as I currently am from the ss's above.. The message I get clientside running the patch, is exactly like this"http://x-null.net/Other/patch.jpg"
except the 2nd line displays
"Server is version 1.12, you are using 1.12"

so it sees the version, but there is something I am missing in some step because apparantly the modification I did by comparing EBX to 9 is somehow not being referenced over clientside, even though the exe being run is exactly the same copy on the clients pc.

Ok, at first your method got me confused, but I think I know what your saying now. so even though the server isn't in theory running version 1.12, the client doesn't have to really know that. I can just spoof it to make it seem that way by simply seeing if a message or some kind of command "exists" and if it doesn't kick\drop the client. Very smart. I appreciate the help thank you. By any chance mind directing me to the right place to look for any samples of something similar in the q3 code?

Regarding your hacking of the asm, maybe you need to go back a step and understand whats happening in the code you're haxoring before you try to edit it.

When the client tries to connect, it sends the server the network protocol version number that it understands (PROTOCOL_VERSION in the q3 engine code). The server validates this against the version which it knows about, and if it doesnt match throws the error.

You're changing the check in the code which says "If this client is not protocol v8 then error", but you're not changing the protocol that the client is sending to the server, hence it not working.

See CL_SendConnectPacket() (cl_main.c) in the q3 code for where it sends the connection request.

There are a number of other places PROTOCOL_VERSION is used - eg in the serverbrowser, and other places. You'd want to change them all if you're going to try and set your build up to be a different protocol.

IMO unless you plan on editing lots of the engine binaries in this way, you're better off using a gamecode only solution like mis suggested.

Alright, I think I understand it now.. SO apparently there are multiple comparisons being done that I would need to patch along with what I have already done. Yes that makes complete sense, I must have overlooked that. Both of your responses are very helpful, thank you very much for all the support.

here is what I get when I try connecting the client:
http://x-null.net/error.jpg

Also, as far as doing the version forcing on server end, since I agree editting the dll in memory isn't the best way to do it, can I do it through gamex86.dll, and similarly do it in cgamex86.dll on the clients end?

PS Sorry for the double post

m0d hipp¥ wrote:Also, as far as doing the version forcing on server end, since I agree editting the dll in memory isn't the best way to do it, can I do it through gamex86.dll, and similarly do it in cgamex86.dll on the clients end?

Yep. I think the algorithm in my previous post will fit your need.

Thankyou, I have accomplished what I needed to do. Thank you for all your help everyone.

I do have another questionr elating to this patch.. I would like to make in ingame menu with mouse support. I tried looking in quake3 for any references to SetCursorPos, and GetCursorPos but I couldn't find anything useful. Any advice in that category by any chance? I could do it via pk3 I suppose, but I think doing it via code would be more efficient.

Hmm. What exactly are you trying to do? Q3 allows you to create your own in-game menus quite easily (your mileage may vary for MOHAA, obviously). Take a look the last fifty lines of cgame/cg_main.c.

Just having taken a look at cg_main.c, make that the last twenty lines.

My reasoning for a menu is to implement more & better admin options for users. There is only so much I can do via pk3.. I have done menus via ui scripting in the pk3 but like I said its pretty limited wouldn't you think?

and I'm assuming your talking about these 20 lines: I really don't see anything useful here as far as mouse movement.

I guess I expected something more out of it like this:

here is an image of a gui menu with mouse support. I know its for a hack, but this is just an idea, offcourse its for MOHAA and not css.

http://img90.exs.cx/img90/3356/egl2newgui0023bz.jpg

Q3 mods live in a sandboxed environment where the engine exposes a simple API to the game code. Those last twenty lines allow you to plug in your custom event-driven menu. Take a look at the Team Arena bits in the source (#ifdef MISSIONPACK) to see how it's done. How applicable this all is to MOHAA, is a question I don't dare answer.

thx, I will take a look into that.
Maybe I will ask one more quick question about the version\protocol again relating to my first post. I got it all working, but so far I have to load it via a custom dll using an injector. I tried implementing it into gamex86.dll (wrapper) and it doesn't work, because the dll gets loaded far too late. Any ideas whatelse I can do to load the dll in the beginning with MOHAA. Or perhaps I have to do a fs_restart or something? The other thing I can think of, would be to modify the .exe and basically write some native code to load it in LoadLibrary(). What would you say to that?

That you're going waaay over the top there. Keep things simple and in the SDK, you'll be a happier person for it.

Well thats part of the problem haha. MOHAA never released its SDK haha. Everything I am doing I have to do though somewhat trial & error and off the quake3 & fakk2 SDK's haha. That and I would have to reverse my own functions in mohaa. the gamex86 wrapper that I am talking about is a custom wrapper my friend wrote, its just something that hooks into the original gamex86.dll but its not the full SDK, so you can see where I may be having some issues with this :P