Mouse Simulation.

Whilst looking over some stuff I noticed the game loop Peaks a message from the window message queue.


[Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]

push 1 ; wRemoveMsg
push 0 ; wMsgFilterMax
push 0 ; wMsgFilterMin
push 0 ; hWnd
lea ecx, [esp+468h+Msg]
push ecx ; lpMsg
call ebp ; PeekMessageA
test eax, eax
jz loc_403854


It may be possible to simulate mouse (and keyboard*) input using PostMessage / SendMessage API.

Rather than the SendInput API.

I know anti hacks detect SendInput but maybe they do not bother to look at PostMessage and SendMessage.

I should note that the game appears to use dinput for keyboard input for most things other than text input.


Anyway sending the messages like this might be a way to script mouse bots that are not detected.



Thoughts?

I remember I was trying to figure out how to send keystrokes to the game which I did, I can also simulate mouse.

[Only registered and activated users can see links. Click Here To Register...]

Seem'd to do the trick without much trouble.

My Mini-Bot project uses that library to simulate keystrokes & mouse movement. If only I knew memory hacking at its finest I would be able to do a full working bot just like Afterburns did back in the days.

True, I got sending keyboard input to semi work with some thing.

But I also just hooked and found where dinput8 had its keyboard buffer.

Then in game loop after it was filled with keys but before they were checked.
I would modify the state to set my own keys.


Did the proof in Cheat Engine + some OllyDBG back in the day then coded it into one of the last versions of Map Fun hah.



By the way, If anyone is interested in calling game functions for input and can't just use PostMessage/SendMessage due to Anti Hack hooks.

The game methods are going to be called in the WindowProcedure for click events.

Search in IDA for this, its probably passed to the create window call, or you can look for a constant such as 0x202 which is WM_LBUTTONUP.


Then look for calls after a if or switch case for your value.

[Only registered and activated users can see links. Click Here To Register...]

Go into the call and see what its calling convention is.
Pressing Y in IDA or right click set function type. Will show you the type.

int __stdcall mouseLButtonUp(int, int)

Well lets assume those two ints are X and Y of the cursor.
And lets say relative to the window? (It might not be I have not bothered to look).

[Only registered and activated users can see links. Click Here To Register...]

In this particular game it looks like there are many mouseLButtonUp sub functions which can be used in particular circumstances.

Probably different dialog windows or areas of the game eg at login, char select, creation etc..
Inventory?.


Once you have found a function you want to call, try to type def it.

This is as simple as looking at the type IDA says. (Or working it out your self if your capable to do that).
int __stdcall mouseLButtonUp(int x, int y)

Then specifying a type def equivalent so your code knows about this type.
typedef int (__stdcall *t_mouseLButtonUp)(int x, int y);


Now to call this as a function (Assuming you have an injected dll)

You could do this, where ADDRESS is the address of the method you found in hex.
t_mouseLButtonUp mouseLButtonUp = (t_mouseLButtonUp)0xADDRESS;

then call it like so.
mouseLButtonUp(x,y);


To call it from cheat engine script without writing a dll "Useful to test" you could do something like this.

[enable]
alloc(MyCode,1024)
CreateThread(MyCode)

MyCode:
push 0
push 0
call 0xADDRESS
ret // exit thread

[disable]
dealloc(mycode)

Or put the code someplace in a code cave, and use Ctrl+Alt+T to start a thread there :).

[Only registered and activated users can see links. Click Here To Register...]

nice to see that you still using this ^^, i remember the day i showed you the cp hack and you was surprised to see that its possible to do calls from CE

i c what did u do there

Quote:

nice to see that you still using this ^^, i remember the day i showed you the cp hack and you was surprised to see that its possible to do calls from CE

Yeah haha, thanks its a big help for quickly testing stuff.

really got no time. im really srry