Some Question About Syringe & Ares

[DrZlo]

I need some help!)
If i launch RA from Syringe all work normal, but if i place Ares.dll in RA folder and launch nothin hapeen =(.
tools: RA2YR 1.001, Ares 0.1.185.1, Syringe 0.6.0.0.
cmd for launch: D:\Games\RA2\Syringe.exe "D:\Games\RA2\RA2MD.exe"
exeption log(full log in attachment):

/////////////////////////////////////////////////////////////////////////////////
[23:49:31] SyringeDebugger::HandleException: ACCESS VIOLATION at 0x10020038!
[23:49:31] The process tried to read from 0x00000020.

[23:49:31] Registers:
[23:49:31] EAX = 0x003C27A0 ECX = 0x00000000 EDX = 0x100400E0
[23:49:31] EBX = 0x00000020 ESP = 0x0012EADC EBP = 0x0012ED60
[23:49:31] ESI = 0x00000000 EDI = 0x0012EE10 EIP = 0x10020038

[23:49:31] Stack dump:
[23:49:31] 0x0012EADC: 0x1003FDA0
[23:49:31] 0x0012EAE0: 0x00000000
[23:49:31] 0x0012EAE4: 0x00000000
[23:49:31] 0x0012EAE8: 0x7FFDFBF8
[23:49:31] 0x0012EAEC: 0x0012FC18
[23:49:31] 0x0012EAF0: 0x0012EBF6
[23:49:31] 0x0012EAF4: 0x7C91E958
[23:49:31] 0x0012EAF8: 0x00000016
[23:49:31] 0x0012EAFC: 0x00000002
[23:49:31] 0x0012EB00: 0x002E002C
[23:49:31] 0x0012EB04: 0x1003FC58
[23:49:31] 0x0012EB08: 0x003C2EF8
[23:49:31] 0x0012EB0C: 0x003C1EA0
[23:49:31] 0x0012EB10: 0x7C949301
[23:49:31] 0x0012EB14: 0x1003FDA0
[23:49:31] 0x0012EB18: 0x00000000
[23:49:31] 0x0012EB1C: 0xFEEEFEEE
[23:49:31] 0x0012EB20: 0x00000000
[23:49:31] 0x0012EB24: 0x00154770
[23:49:31] 0x0012EB28: 0x00000000
[23:49:31] 0x0012EB2C: 0x00000000
[23:49:31] 0x0012EB30: 0x00000000
[23:49:31] 0x0012EB34: 0x0012EC18
[23:49:31] 0x0012EB38: 0x7C9276EA
[23:49:31] 0x0012EB3C: 0x0012EE10
[23:49:31] 0x0012EB40: 0x00000000
[23:49:31] 0x0012EB44: 0x00154770
[23:49:31] 0x0012EB48: 0x00000000
[23:49:31] 0x0012EB4C: 0x00154778
[23:49:31] 0x0012EB50: 0x00000000
[23:49:31] 0x0012EB54: 0x7C91041E
[23:49:31] 0x0012EB58: 0x00000000
[23:49:31] 0x0012EB5C: 0x00000001
[23:49:31] 0x0012EB60: 0x0012EE7C
[23:49:31] 0x0012EB64: 0x00154778
[23:49:31] 0x0012EB68: 0x7C90E900
[23:49:31] 0x0012EB6C: 0x0012EEA4
[23:49:31] 0x0012EB70: 0x00000008
[23:49:31] 0x0012EB74: 0x0012EE20
[23:49:31] 0x0012EB78: 0x7C914202
[23:49:31] 0x0012EB7C: 0x00154780
[23:49:31] 0x0012EB80: 0x0012EBF8
[23:49:31] 0x0012EB84: 0x0000000F
[23:49:31] 0x0012EB88: 0x7C97D600
[23:49:31] 0x0012EB8C: 0x7C9142C7
[23:49:31] 0x0012EB90: 0x01BC0000
[23:49:31] 0x0012EB94: 0x0012E990
[23:49:31] 0x0012EB98: 0x7FFDFC00
[23:49:31] 0x0012EB9C: 0x0012EDD0
[23:49:31] 0x0012EBA0: 0x7C90E900

[23:49:31] SyringeDebugger::Run: Done.

[23:49:31] WinMain: SyringeDebugger::Run finished.
[23:49:31] WinMain: Exiting on success.
/////////////////////////////////////////////////////////////////////////////////

Sorry for my bad english, i'm from Russia.)

[DrZlo]

problem solved =)
cmd for launch: D:\Games\RA2\Syringe.exe "D:\Games\RA2\gamemd.exe"

[pd]

Yes.
RA2MD.exe is RA2's original launcher which launched gamemd.exe. Syringe is supposed to replace it.

[DrZlo]

And i need some small help again)

I start work from tutorial in "Contributing to Ares". Start new project in MSVC 2008, select DLL(without MFC), and wrote some code:

#include <YRPP.h>
#include <MacroHelpers.h>

DEFINE_HOOK(71A92A, _Temporal_AvoidFriendlies, 5)
{
GET(TemporalClass *, Temp, ESI);
HouseClass *hv = Temp->Target->Owner;
HouseClass *ho = Temp->Owner->Owner;
return ho->IsAlliedWith(hv) ? 0x71A97D : 0;
}

Then i build all this(add StaticInits.cpp to project and configure paths), copy dll to ra2 folder, create inj file:

71A92A = _Temporal_AvoidFriendlies, 5

Then i start synerge but again nothing happen =(.
LOG:

[17:41:19] Syringe 0.6.0.0
[17:41:19] ===============

[17:41:19] WinMain: lpCmdLine = ""D:\Games\RA2\gamemd.exe""
[17:41:19] WinMain: Trying to load executable file "D:\Games\RA2\gamemd.exe"...

[17:41:19] SyringeDebugger::RetrieveInfo: Retrieving info from the executable file...
[17:41:19] SyringeDebugger::LoadControlFile: Control file successfully loaded.
[17:41:19] exe = D:\Games\RA2\gamemd.exe
[17:41:19] pImLoadLibrary = 0x007E1220
[17:41:19] pImGetProcAddress = 0x007E1250
[17:41:19] pcEntryPoint = 0x007CD80F

[17:41:19] SyringeDebugger::LoadControlFile: Opening D:\Games\RA2\gamemd.exe to determine imports.
[17:41:19] WinMain: SyringeDebugger::FindDLLs();

[17:41:19] SyringeDebugger::FindDLLs: Recognized DLL: "exmachine.dll"
[17:41:19] SyringeDebugger::FindDLLs: Done (1 hooks added).

[17:41:19] WinMain: SyringeDebugger::Run("");

[17:41:19] SyringeDebugger::Run: Running process to debug. cmd = "D:\Games\RA2\gamemd.exe "
[17:41:19] SyringeDebugger::Run: Allocating 0x1000 bytes ...
[17:41:19] SyringeDebugger::Run: pAlloc = 0x00140000
[17:41:19] SyringeDebugger::Run: Filling allocated space with zero...
[17:41:19] SyringeDebugger::Run: Setting addresses...
[17:41:19] SyringeDebugger::Run: Writing DLL loader & caller code...
[17:41:19] SyringeDebugger::Run: pcLoadLibrary = 0x00140001
[17:41:19] SyringeDebugger::Run: Entering debug loop...
[17:41:20] SyringeDebugger::HandleException: Loaded ProcAddress: exmachine.dll - _Temporal_AvoidFriendlies - 0x01151020
[17:41:20] SyringeDebugger::HandleException: Finished retrieving proc addresses.
[17:41:20] SyringeDebugger::HandleException: Creating code hooks.
[17:41:20] SyringeDebugger::Run: Done.

[17:41:20] WinMain: SyringeDebugger::Run finished.
[17:41:20] WinMain: Exiting on success.

What i do wrong? -_-
And i have one question, what debbuger you use(fo disassembling)? I ask that because i don't know how start gamemd.exe from olly debugger. I know, i can start RAMD2.exe, but how debug in this case?)

[pd]

Ah, looks like somebody who knows about the topic.

About the Temporal thing, DCoder is the one to ask here (he'll certainly see this early enough) as I got no clue.
Syringe detected your DLL and the Hook and that means the code should be actually executed. Maybe try to add a MessageBox call to see whether it really is executed.

Anyway, concerning the debugger, we're using IDA Pro, but OllyDBG should work as well.
The reason you can't start gamemd.exe just like that is because it checks for the launcher running. I hacked that check away and could run gamemd.exe by itself to debug.
RA2MD.exe is of no worth, it's merely a copy protection and anti-debugging utility, it contains none of the game logics.
Funnily enough, Westwood left many log messages in gamemd.exe so the check is very easy to track down, even I could do it when I was new to disassembling.

Again though, I say DCoder can help you out here, he's been greatly enhancing my IDA Pro database from back then and we have a really good part of the executable unveiled, even if not entirely analyzed. Using that would make the start for you relatively quick.

Even though I've retired from this project, I'd be happy to see more people joining the project.

[DrZlo]

Heh, when i say nothing happen, i mean really nothing happen), Red Alert don't start. I know, i dont see anything with this code, i simple want launch RA with this small hack.

And about gamemd.exe, i try to remove launcher protection. I think sources of syringe help me). But new question, i use gcc make 3.75 to compile standart ares makefile(wihout InjGen, i simply remove this from makefile), and have 31 errors.. what's wrong i do?) err log in attachment.


Again, sorry for my english.

[DCoder]

Indeed, very nice to see new people.

Use mingw32-make instead of plain make, that's what I use.

The game doesn't launch with your DLL because, like pd said, it's checking for the launcher. You need to add hooks to overwrite those checks. The code for that is in our SVN, if you don't want to track them down yourself.

[DrZlo]

Ok, with CopyProtection hooks all work! But pd say only about debbuging).

[pd]

Well, technically Syringe is a debugger.
Failed to mention it here, hehe.

Good you have gotten things to work.

[DrZlo]

Again though, I say DCoder can help you out here, he's been greatly enhancing my IDA Pro database from back then and we have a really good part of the executable unveiled, even if not entirely analyzed. Using that would make the start for you relatively quick.

Maybe anybody give me that database?


Edited by Renegade: Took the liberty of converting the inline quote into a formatted quote.

[pd]

You should probably contact DCoder about this, I don't maintain mine any longer so it's over a year out of date.

[~Guest~]

Sygrine does not compile on my computer (VC++ Express) with this error:


Compiling resources...
Microsoft ® Windows ® Resource Compiler Version 6.1.6723.1
Copyright © Microsoft Corporation. All rights reserved.
.\res.rc(10) : fatal error RC1015: cannot open include file 'afxres.h'.

[Renegade]

well, do you have an afxres.h, and is it accessible?

[~Guest~]

well, do you have an afxres.h, and is it accessible?

I have no afxres.h. How to get it?

[DCoder]

It's part of the MFC, available in the Platform SDK.