Page 1 of 1
Edit Mapper so when i click Ubi Online it opens a .bat
Posted: Sat Oct 09, 2021 6:39 am
by DavidSosa
In the mapper app, i want to edit so when i click on the ubi online option, the program opens a .bat, so how i can hard code or edit that?
Re: Edit Mapper so when i click Ubi Online it opens a .bat
Posted: Sun Oct 10, 2021 3:52 pm
by PluMGMK
Well, think about it. What does the Ubi Online option do in the standard Mapper? Does it try to open a browser with a particular URL? If so, it might be a good idea to search through the EXE's string resources for that URL, or maybe some of the files around it.
EDIT: I see, it's a bit more complicated than that, it just gives an error message now. Well, I'd still recommend having a look through the string resources for that message. Actually changing the code to run a file instead of connecting is likely to be challenging though, especially if nothing else in the Mapper does anything like that (i.e. there will be little to no support code to piggyback on).
Re: Edit Mapper so when i click Ubi Online it opens a .bat
Posted: Mon Oct 11, 2021 9:33 pm
by DavidSosa
well, the bat opens a url, so if it´s possible, instead of a bat that opens a url, it can open the url (nope), looks (NOT CONFIRMED) like the mapper opens client.exe in the UbiSoft/OSD folder, i searched the link that the Mapper opens to connect to the OSD, and looks like the wayback machine did not save it, the webpage looked cool (Rayman GOLD Manual photos), but anyways, maybe hex coding the mapper exe (i did hex edit it, but the mapper did not wanted to open), damn
Re: Edit Mapper so when i click Ubi Online it opens a .bat
Posted: Mon Oct 11, 2021 10:57 pm
by PluMGMK
It seems what it actually does is start "StartUp.exe" with a bunch of arguments that it pulls from INI files. One could short-circuit the INI file lookups and start "cmd.exe" instead with your batch file as an argument, as per the note at
https://docs.microsoft.com/en-us/window ... teprocessa
Not too difficult I'd say, but not trivial either. I might play around with it tomorrow. (Or if you're familiar with disassembling programs and altering their control flow you could have a go yourself, but I don't know if you are…)
EDIT: OK, I got something working. It was harder than expected, and it's a bit rough, but it works for me. It launches a file called "uo.bat".
This is a diff of hexdumps:
Code: Select all
--- mapper.hex.orig 2021-10-13 22:16:38.177798377 +0100
+++ mapper.hex.new 2021-10-13 22:16:41.884816437 +0100
@@ -2299,18 +2299,18 @@
000090e0 cc d9 44 00 8d 85 94 fe ff ff 68 04 01 00 00 89 |..D.......h.....|
000090f0 7d e0 50 8b 1d c4 59 45 00 68 58 d9 44 00 89 7d |}.P...YE.hX.D..}|
00009100 e4 68 c0 d9 44 00 89 7d e8 68 bc d9 44 00 ff d3 |.h..D..}.h..D...|
-00009110 85 c0 75 13 33 c0 8b 4d f4 5f 64 89 0d 00 00 00 |..u.3..M._d.....|
+00009110 eb 74 00 00 00 c0 8b 4d f4 5f 64 89 0d 00 00 00 |.t.....M._d.....|
00009120 00 5e 5b 8b e5 5d c3 bf b0 d9 44 00 b9 ff ff ff |.^[..]....D.....|
00009130 ff 2b c0 f2 ae f7 d1 2b f9 8b d1 8b f7 b9 ff ff |.+.....+........|
00009140 ff ff 8d bd 94 fe ff ff 2b c0 f2 ae 4f 8b ca c1 |........+...O...|
00009150 e9 02 f3 a5 8b ca 68 cc d9 44 00 83 e1 03 68 04 |......h..D....h.|
00009160 01 00 00 f3 a4 8d 85 90 fc ff ff 50 68 58 d9 44 |...........PhX.D|
00009170 00 68 a4 d9 44 00 68 9c d9 44 00 ff d3 85 c0 74 |.h..D.h..D.....t|
-00009180 93 68 58 d9 44 00 8d 4d f0 e8 2a d5 01 00 c7 45 |.hX.D..M..*....E|
-00009190 fc 00 00 00 00 8b 45 f0 8d 8d 90 fc ff ff 50 8d |......E.......P.|
-000091a0 95 90 fd ff ff 51 68 b0 d9 44 00 68 88 d9 44 00 |.....Qh..D.h..D.|
-000091b0 52 e8 ba 7f 00 00 83 c4 14 8d 4d 98 8d 55 a8 51 |R.........M..U.Q|
-000091c0 52 6a 00 6a 00 8d 85 90 fd ff ff 68 20 02 00 00 |Rj.j.......h ...|
+00009180 93 68 58 d9 44 00 68 b0 04 45 00 ff 15 74 58 45 |.hX.D.h..E...tXE|
+00009190 00 68 a4 d9 44 00 50 ff 15 24 58 45 00 68 04 01 |.h..D.P..$XE.h..|
+000091a0 00 00 8d 8d 94 fe ff ff 51 68 88 d9 44 00 ff d0 |........Qh..D...|
+000091b0 eb 07 ba 7f 00 00 83 c4 14 8d 4d 98 8d 55 a8 51 |..........M..U.Q|
+000091c0 52 6a 00 6a 00 b8 90 d9 44 00 90 68 20 02 00 00 |Rj.j....D..h ...|
000091d0 8d 8d 94 fe ff ff 6a 00 6a 00 6a 00 50 51 ff 15 |......j.j.j.PQ..|
000091e0 c0 59 45 00 c7 45 fc ff ff ff ff 89 45 ec e8 08 |.YE..E......E...|
000091f0 00 00 00 8b 45 ec e9 1b ff ff ff 8d 4d f0 e9 41 |....E.......M..A|
@@ -19198,10 +19198,10 @@
0004b550 49 00 00 00 5c 00 00 00 00 00 00 00 3a 0a 00 00 |I...\.......:...|
0004b560 52 61 79 72 75 6e 2e 61 6e 69 00 00 52 61 79 77 |Rayrun.ani..Rayw|
0004b570 61 6c 6b 2e 61 6e 69 00 52 61 79 70 6f 69 6e 74 |alk.ani.Raypoint|
-0004b580 2e 61 6e 69 00 00 00 00 25 73 20 52 41 59 4b 49 |.ani....%s RAYKI|
-0004b590 54 20 30 20 25 73 20 25 73 00 00 00 52 41 59 4b |T 0 %s %s...RAYK|
-0004b5a0 49 54 00 00 4c 61 6e 67 75 61 67 65 00 00 00 00 |IT..Language....|
-0004b5b0 53 74 61 72 74 55 70 2e 65 78 65 00 4f 53 44 00 |StartUp.exe.OSD.|
+0004b580 2e 61 6e 69 00 00 00 00 43 4f 4d 53 50 45 43 00 |.ani....COMSPEC.|
+0004b590 20 2f 63 20 75 6f 2e 62 61 74 00 00 52 41 59 4b | /c uo.bat..RAYK|
+0004b5a0 49 54 00 00 47 65 74 45 6e 76 69 72 6f 6e 6d 65 |IT..GetEnvironme|
+0004b5b0 6e 74 56 61 72 69 61 62 6c 65 41 00 4f 53 44 00 |ntVariableA.OSD.|
0004b5c0 44 69 72 65 63 74 6f 72 79 00 00 00 55 62 69 53 |Directory...UbiS|
0004b5d0 6f 66 74 5c 75 62 69 2e 69 6e 69 00 4d 65 6d 6f |oft\ubi.ini.Memo|
0004b5e0 72 79 20 65 72 72 6f 72 20 69 6e 20 62 6c 6f 63 |ry error in bloc|
So the lines starting with minuses indicate what you need to hex edit, and the lines beginning with pluses indicate what to change it to.
This is what the patch does to the control flow:
- Original control flow before patching
- Control flow in patched EXE (with lots of dead code on the sides that can be ignored)