|
You last visited: Today at 16:11
Advertisement
PWI - Real Chat Filters - Remove red / system spam etc. AutoIt Code included
Discussion on PWI - Real Chat Filters - Remove red / system spam etc. AutoIt Code included within the PW Hacks, Bots, Cheats, Exploits forum part of the Perfect World category.
09/02/2011, 01:59
|
#1
|
elite*gold: 10 
Join Date: Sep 2010
Posts: 400
Received Thanks: 234
|
PWI / Rus / Indo - Real Chat Filters - Remove red spam etc. AutoIt Code included
EDIT: Should now work on PWI, PW Russia and Indo
Well, here it is lol... I'm too tired to do the writeup right now, but I'll try to update this post tomorrow with ins and outs of how it was all done ^_^
I figure some people will probably want it straight away due to the crazy red spam issue on PWI since the last update, hence I'm posting the code now.
A quick overview:
- Can choose which client to attach to
- Patches the client so that the filter overrides don't reset your filter settings when you open the game settings console
- Can turn any chat type on or off on any chat region tab, i.e., in the image below you can see that world chat and system chat are disabled in the common chat region
- Automatically finds all offsets required, so might be update proof :P
- Might work on other versions of PW - I'm not sure yet and this will require testing. Please give feedback if it works on your version
I'll explain more tomorrow... All you need to know for now is:
- Run your PWI client as normal and log in (must be logged in for the clients to be detected)
- Run the PW_ChatFilter.au3 file from AutoIt, or alternatively, compile it first
- (I didn't upload it as an exe because it uses some injections and therefore might throw some false positives with some antivirus programs... I can't be arsed to deal with people QQing that it has some virus, hence the code is here for all to see)
- When you run the program, it should populate the dropdown list at the top with the character names of all your opened clients
- Choose the one you want to fiddle with and hit 'Attach'
- Now hit the 'Patch' button. It won't work without this (I'll probably make this automatic when attaching at a later point... can't remember why I did it like this now lol)
- After a couple of seconds, it should hopefully tell you that it's successfully attached.
- Now, set whatever filters you want on or off and hit the 'Apply' button
- Yay! No more red spam!
(By the way, that red text in the screenshot showing the last login IP seems to not come under any of the normal filter categories)
As a side note, I have a feeling (not confirmed) that the last filter option (the third 'other' option) might be a Horn filter hehe.
EDIT:
Ok, finally got some time to explain the process of working this program out 
I don't claim to be a great hacker or anything, but I like to explain how I do things and give an insight into my thought process when doing this sort of thing, in the hope that it might teach people something they might not have known before, or to think about things in a slightly different way in their approach to reverse engineering.
I'm sure most people will probably just scroll down and get the files and use them, but for those interested, here goes :P
So, the first thing we need to do is find out what changes when we alter the filters using the in-game settings -> game tab interface, so for this, we fire up cheat engine and attach it to the elementclient.exe process.
Now, there are 6 chat regions (common, squad, faction, etc) and in each region, there are 11 filter options (normal, world, faction, squad, etc). So intuition might tell us that there is an array of 66 values somewhere which store these filter settings. Being that there are so many, intuition might also tell us that they could be stored as bytes for efficiency (well, booleans, i.e., 1 or 0) and that a 1 would mean the filter is enabled and a 0 would mean it's disabled.
So, once CE is attached and we have the game settings tab open, make sure the 'Normal' filter is enabled in the 'Common' chat region and do a memory search in CE for a byte with a value of 1 (see pic 1).
The search will find several million results, although had we started by searching for a 0 there would have been even more... hence we search for non-zero values first.
Now, disable the 'Normal' filter and change the value in the CE search to 0 then hit next scan. Now we just have a few thousand results. Leave the search value as 0 then hit 'next scan' a few more times - The number of results will pretty much be halved.
Now, re-enable the filter and search for 1 again. Rinse and repeat this process until we only have a few results. I managed to get down to 2 results which both clearly changed each time I clicked on the filter checkbox.
Take the lowest address and right click -> browse memory region.
Now we can modify a few different filters in-game and see some bytes changing near the address we found.
So, we know we've found a memory region which reflects the chat filters, however you may notice that they do not appear to be in the same order that they appear in-game.
All is not lost... Those of you who read my  might notice that they do match the order described there...
Code:
messageTypes (see chatObj->msgScope)
Local // 0
World // 1
Squad // 2
Faction // 3
Whisper // 4
5 // 5
6 // 6
Trade // 7
Notification // 8
System // 9
Gen. Info // 0xa
Local info(b) // 0xb
Local info(c) // 0xc
This also indicates that there are not 11 filters per region as previously expected, but 13 - The final two are hidden. Merkada has confirmed that the 13th filter value is actually for horns... Not so sure about the 12th.
So, we actually have 13 * 6 = 78 filters and the offsets from here for each chat region are:
Code:
Common -> Normal = 0
Squad -> Normal = 0xD
Faction -> Normal = 0x1A
Whisper -> Normal = 0x27
Trade -> Normal = 0x34
General -> Normal = 0x41
So, now we know we've found something associated with the chat filters, lets try something...
In the 'browse memory region' window, adjust one of the values for which we know which filter it applies to, i.e., the common -> normal filter. Change the value in CE and you will notice it doesn't change in game. However, if you change the value, then click on a different chat region (i.e., squad) then click back on 'Common' you'll see it has changed! If we adjust the next byte after the 'Normal' chat filter (world chat) then switch regions, then switch back to common, we'll see that the world chat filter is unchecked. You can now click apply, and any world chat messages will be removed from the in-game chat window. Yay! Seems we're almost there huh? Well, not quite.
Adjust the world chat filter to 0 (off), switch regions, switch back, click apply... World chat disappears. Awesome... Now click confirm, or close the game settings interface.
Now open the game settings interface again. Bugger... World chat is enabled again. All the previous world chat messages haven't been restored in the chat window though, but any subsequent messages will be displayed.
So, we now know that there must be another storage area for these filters.
There are a couple of ways we could find this... The first way is to do a search for an array of bytes that matches the array we've already found (do this after applying any filters you've adjusted).
Alternatively (and in my opinion, preferrably) we can find out what writes to this address.
For this, I will use OllyDbg simply because the disassembly is more readable and I can copy and paste code from it more easily :P
So, fire up OllyDbg and attach it to the PW client (you will need to detach CE from the process if you have previously attached it). Once Olly has attached, press F9 to unpause the client.
In the "Executable modules" list (Alt+E) double click "ElementClient" twice to take us to the elementclient module.
Now click in the memory dump area then hit Ctrl+G (Goto address) and type in the address of the memory location we found in CE which stores the filter byte for Common->Normal.
Now right click on this address and set a memory breakpoint on write access (see pic_3 - Depending on the version of Olly you have, this interface might look slightly different)
Now open the game settings interface and we should get a hit at:
Code:
00569167 - 8D 85 1C020000 - lea eax,[ebp+0000021C]
If we examine the code around here, we can see this:
Code:
00569151 |. 8B40 18 MOV EAX,DWORD PTR DS:[EAX+18] ; settings base address
00569154 |. 8DBD 14020000 LEA EDI,[EBP+214]
0056915A |. B9 3A000000 MOV ECX,3A ; Number of integers to copy
0056915F |. B2 01 MOV DL,1
00569161 |. 8DB0 55010000 LEA ESI,[EAX+155] ; ** static filters offset **
00569167 |. 8D85 1C020000 LEA EAX,[EBP+21C] ; points to the filters byte array we found
0056916D |. F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS
If we now remove our memory write breakpoint and run the client again, then set a normal breakpoint at the line:
Code:
00569151 |. 8B40 18 MOV EAX,DWORD PTR DS:[EAX+18] ; settings base address
Then open the game settings interface again, we'll see that EAX contains the value of our baseCall static offset ( &baseCall = 0xAFF144, *baseCall = AFF7E8).
Just for your information, the code above is basically like a block memory copy, which copies our non-static filter values to an area of memory that actually contains the static game settings.
So, from these few lines of code, we can get our complete offset list for the static filters offset, which is:
Code:
[[[baseCall]+0x18]+0x155]
Add this to your CE offset list and set the type to 'Array of bytes' and set the size to 78 bytes (pic 4)
You can also add the address we found earlier for the non-static filters in the same format, i.e., array of 78 bytes so we can compare side by side (pic 5)
But wait a minute... They don't seem to quite correlate. The static ones seem to be offset by 4 bytes, so what are these first 4 bytes? Well if we examine the 4 bytes of memory just before our non-static filters, and then change the 'Basic' settings in the game tab, then hit apply, we'll see that these bytes contain the boolean values for those four checkboxes (Zoom, A,D Keys, Squad Invites, Trade).
We can also find some of our other settings around this area, such as the autoreply status and message, which is somewhere just after our filters.
So to get to our chat filters offset, add 4 to the final offset we had before, i.e.,
Code:
[[[baseCall]+0x18]+0x159]
Now our two arrays of bytes in CE should be aligned (after setting filters and clicking apply).
We've now established where our filters are statically stored, where they are temporarily stored for the gui, and that the normally 'disabled' filters (world chat, whispers, etc) somehow get adjusted back to default when we reopen the game settings tab after successfully disabling them. So, let's find out what evil witchery keeps forcing us to endure that annoying red and yellow spam...
We know that world chat is one of the filters that gets forced back on, so lets set a memory write breakpoint on this in OllyDbg. I'll save us some time here by mentioning that the static filter isn't specifically modified, but the non static one is - The non-static filters are then bulk copied to the static offsets.
So, the address is our non-static filter base + 1. If you've lost the address of your non-static filters, I'll save some more time here and tell you it's at [[[[[baseCall]+0x18]+0x8]+0x4B0]+0x218] so put the breakpoint one byte above this address (for world chat filter) then open the game settings tab. It will break first where it did last time, so when it hits, hit F9 again to run to the next BP... Which hits a few lines down, here:
Code:
00569186 |. 8895 19020000 MOV BYTE PTR SS:[EBP+219],DL
When you open the game settings tab, what actually happens is something like this:
Static filter settings are copied to the non-static ones (the gui ones)
Some of the non-static ones get forced to different values (i.e., world / system chat)
Non-static filters are copied back to the static ones and the gui is displayed.
So, basically, there is no way we can just modify the filters and have them 'stick' the next time the game settings interface is opened. Bummer, eh? Well this just means we need to do a little patch.
Going back to the code we found a minute ago which modified the world chat filter, below that we can see that a few others get modified too.
Code:
00569186 |. 8895 19020000 MOV BYTE PTR SS:[EBP+219],DL ; Common -> World On
0056918C |. 889D 5A020000 MOV BYTE PTR SS:[EBP+25A],BL ; General -> World off
00569192 |. 889D 62020000 MOV BYTE PTR SS:[EBP+262],BL ; General -> System off (red)
00569198 |. 889D 5D020000 MOV BYTE PTR SS:[EBP+25D],BL ; General -> Whisper off
0056919E |. 889D 65020000 MOV BYTE PTR SS:[EBP+265],BL ; General -> Horn? off
Yeah... the 'General' chat region sounds like heaven. Unfortunately we're not given it as an option in the actual game chat regions lol.
Now, you might notice that those offsets don't cover any of the normal annoying settings, i.e., red system spam in all the other channels. If we scroll up a little bit in OllyDbg, we can see the culprit for this:
Code:
00569174 |> 8850 05 /MOV BYTE PTR DS:[EAX+5],DL
00569177 |. 8810 |MOV BYTE PTR DS:[EAX],DL
00569179 |. 8850 08 |MOV BYTE PTR DS:[EAX+8],DL
0056917C |. 83C0 0D |ADD EAX,0D
0056917F |. 49 |DEC ECX
00569180 |.^ 75 F2 \JNE SHORT 00569174
This loops through each chat region (hence the ADD EAX, 0D) and sets a few filters. Note that earlier I gave the offset for the non-static filters as [[[[[baseCall]+0x18]+0x8]+0x4B0]+0x218], but a few lines above this loop we can see the line:
Code:
00569167 |. 8D85 1C020000 LEA EAX,[EBP+21C]
So we start at the 5th filter on the Common chat region, which is 'whisper', so this loop above forces some filters on as follows:
Code:
00569174 |> 8850 05 /MOV BYTE PTR DS:[EAX+5],DL ; Red system
00569177 |. 8810 |MOV BYTE PTR DS:[EAX],DL ; Whisper
00569179 |. 8850 08 |MOV BYTE PTR DS:[EAX+8],DL ; Horn? (filter 13 or 0xC)
The only way we can stop these filters being reset every time we open the game settings interface is to apply a patch. In my program, I do the patch on the already opened client, i.e., in the client's program memory rather than patching the actual .exe file... 'cause that would be naughty :P
In my code, I read the client's memory into a big string, then do a string search for this code:
Code:
CPU Disasm
Address Hex dump Command Comments
00569174 |> /8850 05 /MOV BYTE PTR DS:[EAX+5],DL
00569177 |. |8810 |MOV BYTE PTR DS:[EAX],DL
00569179 |. |8850 08 |MOV BYTE PTR DS:[EAX+8],DL
0056917C |. |83C0 0D |ADD EAX,0D
0056917F |. |49 |DEC ECX
00569180 |.^\75 F2 \JNE SHORT 00569174
00569182 |. 33DB XOR EBX,EBX
00569184 |. 8BCD MOV ECX,EBP
00569186 |. 8895 19020000 MOV BYTE PTR SS:[EBP+219],DL
0056918C |. 889D 5A020000 MOV BYTE PTR SS:[EBP+25A],BL
00569192 |. 889D 62020000 MOV BYTE PTR SS:[EBP+262],BL
00569198 |. 889D 5D020000 MOV BYTE PTR SS:[EBP+25D],BL
0056919E |. 889D 65020000 MOV BYTE PTR SS:[EBP+265],BL
And then overwrite it with this:
Code:
CPU Disasm
Address Hex dump Command Comments
00569174 |> /90 /NOP
00569175 |. |90 |NOP
00569176 |. |90 |NOP
00569177 |. |90 |NOP
00569178 |. |90 |NOP
00569179 |. |90 |NOP
0056917A |. |90 |NOP
0056917B |. |90 |NOP
0056917C |. |83C0 0D |ADD EAX,0D
0056917F |. |49 |DEC ECX
00569180 |.^\75 F2 \JNE SHORT 00569174
00569182 |. 33DB XOR EBX,EBX
00569184 |. 8BCD MOV ECX,EBP
00569186 |. 90 NOP
00569187 |. 90 NOP
00569188 |. 90 NOP
00569189 |. 90 NOP
0056918A |. 90 NOP
0056918B |. 90 NOP
0056918C |. 90 NOP
0056918D |. 90 NOP
0056918E |. 90 NOP
0056918F |. 90 NOP
00569190 |. 90 NOP
00569191 |. 90 NOP
00569192 |. 90 NOP
00569193 |. 90 NOP
00569194 |. 90 NOP
00569195 |. 90 NOP
00569196 |. 90 NOP
00569197 |. 90 NOP
00569198 |. 90 NOP
00569199 |. 90 NOP
0056919A |. 90 NOP
0056919B |. 90 NOP
0056919C |. 90 NOP
0056919D |. 90 NOP
0056919E |. 90 NOP
0056919F |. 90 NOP
005691A0 |. 90 NOP
005691A1 |. 90 NOP
005691A2 |. 90 NOP
005691A3 |. 90 NOP
If you run my code (at the end of this guide) and attach to your client, then hit the patch button, you'll see that any changes you make now do not get changed back when you open the game settings tab. Yay!
So it would seem we're almost done, however, just updating the filter values in memory doesn't apply the filters to the contents of the in game chat box, i.e., say for example you filtered out world chat, the yellow text won't disappear from the current chat box although any subsequent world chat type messages will not be shown. The only way to clear previous messages in the chat box is to hit the apply button in the game filters interface. So, we need to do this automatically with some magic ^_^
I had some trouble finding the specific function in the client which actually propagates the changes to the chat box, so I took a slightly different approach and did a few injections into the client's function that handles all the button clicks within the gui menu system.
Because of the thing I mentioned earlier, whereby the filters are read from static memory into the gui memory, then back to static memory, the solution I came up with was to do the following:
Close the game settings interface if it's already open
Write your preferred filter settings to the static filter array
Call the gui control function to open the game settings interface (this syncs the static filters to the non-static ones, which are used when changes are applied)
Call the gui control function again to simulate hitting the "apply" button
Close the game settings interface
This actually often all happens so quickly that you won't even see the window open and close :P
Finding the gui control function has actually been described before in toxic6666's awesome thread on - If you're new to fiddling with PW then I highly recommend reading this thread.
However, for continuity, I'll describe here how to actually find this function (termed 'guiCommand()' by toxic6666)
(also updated)
toxic6666's method involved using w32dasm to find a string constant, however, this program is actually pretty difficult to find these days and most downloads you might find for it tend to have infections and/or be from 'questionable' sites. Fortunately, we don't need w32dasm for this as we can do it in OllyDbg.
From within OllyDgb, right click somewhere within the code window, i.e., actually click on some line of code then choose 'Search for' -> 'All referenced strings'
This should pop up a window with a list of all the string constants used in the client. Right click in this window and choose 'Search for text' (or if you're using the newer version of Olly, just hit Ctrl+F)
Search for "Dlg_Building" - there should only be one occurrence of it. When you find it, double click this line and it should take you to the code. At this point, you could open up IDA, enter the address that you just landed at in Olly then find the start of the function. However, the code here isn't too messy so you can just scroll up a few pages until you find a bunch of NOPS. The start of the function is the first line of code after these NOPS. In the current PWI version, this is at 0x604B30 and looks like this:
Code:
CPU Disasm
Address Hex dump Command Comments
00604B30 /. 53 PUSH EBX
00604B31 |. 8B5C24 08 MOV EBX,DWORD PTR SS:[ARG.1]
00604B35 |. 56 PUSH ESI
00604B36 |. 8B7424 10 MOV ESI,DWORD PTR SS:[ARG.2]
00604B3A |. 57 PUSH EDI
00604B3B |. 56 PUSH ESI ; /Arg2 => [ARG.2]
00604B3C |. 53 PUSH EBX ; |Arg1 => [ARG.1]
00604B3D |. E8 EE221E00 CALL 007E6E30 ; \ElementClient.007E6E30
00604B42 |. 84C0 TEST AL,AL
00604B44 |. 74 24 JE SHORT 00604B6A
The 2nd and 4th instructions here will load the gui command and the gui object pointer respectively. So, set a breakpoint at the PUSH EDI line (5th line shown above) then click the apply button in the game settings window.
When the BP hits, we'll see a value in ESI which will be the gui object and a string reference in EBX which will be the command. Fortunately, the commands used for the gui are quite reader friendly lol... The command for the apply button is simply a text string "apply".
If you do this a few times for some other things, i.e., click the game settings tab or click the close (X) button you'll get the command strings for these too. These are "gamesetting" and "Btn_Close" respectively.
Make a note of the value in ESI when you get into this function after hitting the apply button from within the game settings tab.
I won't go into detail about finding the guiBase pointers here as I think toxic6666 explained it all pretty well in his thread. He also explains how to get the offsets for the gui object for this function too, so I'll skip that part and just state that the offset we need is:
Code:
[[[[[baseCall]+0x1C]+0x18]+0x8]+0x4B0]
This is the gamesettings tab object and thankfully, all the commands we need to send are sent to this object.
Basically, this is the pseudo code for what we want to do now...
Assuming the guiCommand() function prototype is something like this:
Code:
void guiCommand(string * command, guiObjectPointer)
We would do...
Code:
If gameSettingsTab is open
{
guiCommand("Btn_Close", gamesettingTabObject) // close the tab
Wait until it's closed
}
setChatFilters() // Write our preferred filters to the static filter array
guiCommand("gamesetting", gamesettingTabObject) // Open the tab again
guiCommand("apply", gamesettingTabObject) // Hit apply
guiCommand("Btn_Close", gamesettingTabObject) // close the tab again
As for how to actually inject into this function, just look at the guiCommand() function in my code - I think this explains it
I think I have explained all the relevant parts of the code... The other bits are mostly just fancy trimmings hehe. As for the offset finding stuff, that's kind of beyond the scope of this guide, but I'll be posting a handy tool I made to aid this very time consuming process... maybe tonight.
That's all folks, hope you're not all bored to sleep now!
So, here's the code - You need all three files plus NomadMemory (you should all have this)
PW_ChatFilter.au3 (thanks to t212 for multiclient fix)
Code:
#include <ButtonConstants.au3>
#include <GUIConstantsEx.au3>
#include <WindowsConstants.au3>
#include <EditConstants.au3>
#include <ComboConstants.au3>
#include <StaticConstants.au3>
#include <GUIComboBox.au3>
#include <GDIPlus.au3>
#include <WinAPI.au3>
#include <Color.au3>
#include <NomadMemory.au3>
#include <Array.au3>
#include <filterOffsets.au3>
#Include "MultiAssocArray.au3" ; http://www.autoitscript.com/forum/topic/113182-easy-multidimensional-associative-arrays/
Opt("GUIOnEventMode", 1) ;0=disabled, 1=OnEvent mode enabled
Global $ApW = 300, $ApH = 450
Global Const $iPI = 3.1415926535897932384626433832795
$hGui = GUICreate("PW Real Chat Filter by dumbfck", $ApW, $ApH)
GUISetBkColor(0x192127)
GUISetOnEvent(-3, "_Quit")
$Pic = GUICtrlCreatePic("", 0, 75, $ApW, $ApH)
GUICtrlSetState(-1, $GUI_DISABLE)
$cboCharacter = GUICtrlCreateCombo("", 8, 8, 185, 25, BitOR($CBS_DROPDOWN, $CBS_AUTOHSCROLL))
$btnAttach = GUICtrlCreateButton("Attach", 200, 6, 80, 24)
GUICtrlSetOnEvent($btnAttach, "btnAttach_Click")
$btnApply = GUICtrlCreateButton("Apply", 120, 415, 100, 25)
GUICtrlSetOnEvent($btnApply, "btnApply_Click")
$btnPatch = GUICtrlCreateButton("Patch", 200, 36, 80, 25)
GUICtrlSetOnEvent($btnPatch, "btnPatch_Click")
Global $kernel32 = DllOpen('kernel32.dll')
Global $procName = "elementclient.exe"
Global $processes
Global $pid
Global $pHandle
Global $functionAddress
Global $charNames[1]
; Are assigned in constructOffsets()
Global $baseCall
Global $realBase
Global $playerBase
Global $playerNamePtr
Global $guiBase0
Global $guiBase1
Global $tab_gamesetting
Global $tabVisibleOffset
Global $str_Btn_Close
Global $str_gamesetting
Global $str_apply
Global $guiCommandCall
Global $settingsBase
Global $staticChatFilters
Global $patchSearchExpression = _
"885005" & _ ;00569174 MOV BYTE PTR DS:[EAX+5],DL ; force system chat = enabled
"8810" & _ ;00569177 MOV BYTE PTR DS:[EAX],DL ; force whisper enabled
"885008" & _ ;00569179 MOV BYTE PTR DS:[EAX+8],DL ; force horn enabled? (chat type 0xC)
"83C00D" & _ ;0056917C ADD EAX,0D
"49" & _ ;0056917F DEC ECX
"75F2" & _ ;00569180 JNE SHORT 00569174
"33DB" & _ ;00569182 XOR EBX,EBX
"8BCD" & _ ;00569184 MOV ECX,EBP
"889519020000" & _ ;00569186 MOV BYTE PTR SS:[EBP+219],DL
"889D5A020000" & _ ;0056918C MOV BYTE PTR SS:[EBP+25A],BL
"889D62020000" & _ ;00569192 MOV BYTE PTR SS:[EBP+262],BL
"889D5D020000" & _ ;00569198 MOV BYTE PTR SS:[EBP+25D],BL
"889D65020000" ;0056919E MOV BYTE PTR SS:[EBP+265],BL
Global $alreadyPatchedExpression = _
"9090909090909090" & _ ;8 x NOP
"83C00D" & _ ;ADD EAX,0D
"49" & _ ;DEC ECX
"75F2" & _ ;JNE SHORT 00564D54
"33DB" & _ ;XOR EBX,EBX
"8BCD" & _ ;MOV ECX,EBP
"909090909090909090909090909090909090909090909090909090909090" ; 30 x NOP
If Not StringLen($patchSearchExpression) = StringLen($alreadyPatchedExpression) Then
MsgBox(0, "D'oh!", "Patch and unpatch expression lengths do not match!")
Exit
EndIf
$processes = ProcessList($procName)
If UBound($processes) < 2 Then ; first entry is always empty
MsgBox(16, 'Error', 'No elementclients found')
Exit
Else
; Check first found client, get exe path and check the file to see if we can extract offsets
$pid = $processes[1][1] ; [x][1] = PID of process
$pHandle = _MemoryOpen($pid)
If $pHandle <> 0 Then
$client = GetModuleBaseByName($pid, $procName) ; $client[1]= *modBaseAddr, [2]=modbaseSize, [3]=szExePath
getOffsets($client[3], $search) ; $search is defined in filterOffsets.au3
constructOffsets()
Else
MsgBox(0, "Error", "No elementclient.exe clients were detected. Please run PW first")
EndIf
_MemoryClose($pHandle)
For $i = 1 To $processes[0][0]
$pid = $processes[$i][1] ; PID of process
$pHandle = _MemoryOpen($pid)
constructOffsets()
$charName = _MemoryRead($playerNamePtr, $pHandle, 'wchar[30]')
ReDim $charNames[$i]
$charNames[$i - 1] = $charName
_MemoryClose($pHandle)
Next
$charString = _ArrayToString($charNames, "|")
GUICtrlSetData($cboCharacter, $charString, 0)
ControlCommand("", "", $cboCharacter, "SetCurrentSelection", 0)
EndIf
PicSetGraphics($Pic, $ApW, $ApH); <-- Draw GDIPlus graphics on Picture control.
; Draw the checkbox grid
$startLeft = 93
$startTop = 145
$columns = 6
$rows = 13
Global $chkBox[$columns * $rows]
For $x = 0 To $columns - 1
For $y = 0 To $rows - 1
$id = $x * $rows + $y
$chkBox[$id] = GUICtrlCreateCheckbox("chk" & ($id), $startLeft + $x * 28, $startTop + $y * 20, 20, 20)
Next
Next
GUISetState(@SW_SHOW, $hGui)
; Loop forever
While 1
Sleep(10)
WEnd
; This must be updated whenever new offsets are added in filterOffsets.au3
Func constructOffsets()
; These vars are all globals declared at start of program
$baseCall = x('o.baseCall.offset')
ConsoleWrite('baseCall: ' & Hex($baseCall) & @CRLF)
$realBase = _MemoryRead($baseCall, $pHandle) + x('o.realBase.offset')
ConsoleWrite('realBase: ' & Hex($realBase) & @CRLF)
$playerBase = _MemoryRead($realBase, $pHandle) + x('o.playerBase.offset')
ConsoleWrite('playerBase: ' & Hex($playerBase) & @CRLF)
$playerNamePtr = _MemoryRead(_MemoryRead($playerBase, $pHandle) + x('o.playerName.offset'), $pHandle)
ConsoleWrite('playerNameOffset: ' & Hex($playerNamePtr) & @CRLF)
$guiBase0 = _MemoryRead($realBase, $pHandle) + x('o.guiBase0.offset')
ConsoleWrite('guiBase0: ' & Hex($guiBase0) & @CRLF)
$guiBase1 = _MemoryRead($guiBase0, $pHandle) + x('o.guiBase1.offset')
ConsoleWrite('guiBase1: ' & Hex($guiBase1) & @CRLF)
$tab_gamesetting = _MemoryRead($guiBase1, $pHandle) + x('o.tab_gamesetting.offset')
ConsoleWrite('tab_gamesetting: ' & Hex($tab_gamesetting) & @CRLF)
$tabVisibleOffset = x('o.str_gamesetting.offset')
ConsoleWrite('tabVisibleOffset: ' & Hex($tabVisibleOffset) & @CRLF)
$gamesettingTabVisible = _MemoryRead($tab_gamesetting, $pHandle) + x('o.tabVisible.offset')
ConsoleWrite('gamesettingTabVisible: ' & Hex($gamesettingTabVisible) & @CRLF)
$str_Btn_Close = x('o.str_Btn_Close.offset')
ConsoleWrite('str_Btn_Close: ' & Hex($str_Btn_Close) & @CRLF)
$str_gamesetting = x('o.str_gamesetting.offset')
ConsoleWrite('str_gamesetting: ' & Hex($str_gamesetting) & @CRLF)
$settingsBase = _MemoryRead($baseCall, $pHandle) + x('o.settingsBase.offset')
ConsoleWrite('settingsBase: ' & Hex($settingsBase) & @CRLF)
$staticChatFilters = _MemoryRead($settingsBase, $pHandle) + x('o.staticChatFilters.offset') + 4
ConsoleWrite('staticChatFilters: ' & Hex($staticChatFilters) & @CRLF)
#cs
; This bastard is reaaaally hard to find in the code with a regex search...
; So lets cheat and just write the string to memory somewhere (see memWriteString() function, called during attach process)
$str_apply = x('o.str_apply.offset')
ConsoleWrite('str_apply: ' & Hex($str_apply) & @CRLF)
#ce
$guiCommandCall = x('o.guiCommandCall.offset')
ConsoleWrite('guiCommandCall: ' & Hex($guiCommandCall) & @CRLF)
EndFunc
Func btnAttach_Click()
$selectedIndex = _GUICtrlComboBox_GetCurSel($cboCharacter)
$pid = $processes[$selectedIndex + 1][1] ; PID of process
$pHandle = _MemoryOpen($pid)
constructOffsets()
$charName = _MemoryRead($playerNamePtr, $pHandle, 'wchar[30]')
If Not @error Then
MsgBox(0, "Success", "Attached to " & $charName & @CRLF & "PID: " & Hex($pid))
getChatFilters()
; Dirty hack because the "apply" string constant offset is such a bitch to find with a regex
; This takes the place of where the string offset ideally should have been fetched in the constructConstants() function
$processHandle = memOpen($pid)
$str_apply = DllCall($kernel32, 'int', 'VirtualAllocEx', 'int', $processHandle, 'ptr', 0, 'int', 0x50, 'int', 0x1000, 'int', 0x40)
$str_apply = $str_apply[0]
memClose($processHandle)
; binary string for "apply" ...
_MemoryWrite($str_apply, $pHandle, "0x6170706C7900", "byte[6]")
EndIf
memClose($processHandle)
EndFunc
Func btnPatch_Click()
If GUICtrlRead($btnPatch) = "Patch" Then
patchClient()
Else
unPatchClient()
EndIf
EndFunc
Func btnApply_Click()
$processHandle = memOpen($pid)
;gamesetting tab needs to be closed to allow proper setting of the filters.
If checkTabVisibility($tab_gamesetting, 0x01) Then
guiCommand($str_Btn_Close, $tab_gamesetting) ; "Btn_Close"
While checkTabVisibility($tab_gamesetting, 0x01)
; just wait until closed
WEnd
EndIf
setChatFilters() ; write the new filter settings to memory
guiCommand($str_gamesetting, $tab_gamesetting) ; Open "gamesetting" tab
While checkTabVisibility($tab_gamesetting, 0x00)
; just wait until visible
WEnd
guiCommand($str_apply, $tab_gamesetting) ; "apply"
guiCommand($str_Btn_Close, $tab_gamesetting) ; "Btn_Close"
memClose($processHandle)
EndFunc ;==>btnApply_Click
Func checkTabVisibility($tabObj, $value)
$tabVisibility = _MemoryRead(_MemoryRead($tabObj, $pHandle) + x('o.tabVisible.offset') , $pHandle, 'byte[1]')
If $tabVisibility = $value Then
Return True
Else
Return False
EndIf
EndFunc ;==>checkTabVisibility
Func getChatFilters()
$filters = _MemoryRead($staticChatFilters, $pHandle, "byte[78]")
For $x = 0 To $columns - 1
For $y = 0 To $rows - 1
$id = $x * $rows + $y
If StringMid(Hex($filters), $id * 2 + 1, 2) = "01" Then
GUICtrlSetState($chkBox[$id], $GUI_CHECKED)
Else
GUICtrlSetState($chkBox[$id], $GUI_UNCHECKED)
EndIf
Next
Next
EndFunc ;==>getChatFilters
Func setChatFilters()
Local $stateBytes
For $i = 0 To UBound($chkBox) - 1
If GUICtrlRead($chkBox[$i]) = $GUI_CHECKED Then
$stateBytes &= "01"
Else
$stateBytes &= "00"
EndIf
Next
_MemoryWrite($staticChatFilters, $pHandle, "0x" & $stateBytes, "byte[78]")
EndFunc ;==>setChatFilters
Func patchClient()
Local $patchAddress
If $pHandle <> 0 Then
$client = GetModuleBaseByName($pid, $procName)
$data = _MemoryRead("0x" & Hex($client[1]), $pHandle, 'byte[' & $client[2] & ']')
Else
MsgBox(0, "Error", "No elementsclient.exe clients were detected. Please run PW first")
EndIf
Local $check = StringInStr($data, $patchSearchExpression)
If $check Then
; Patch the client
$patchAddress = $client[1] + $check / 2 - 1
_MemoryWrite($patchAddress, $pHandle, "0x" & $alreadyPatchedExpression, "byte[" & StringLen($alreadyPatchedExpression) / 2 & "]")
MsgBox(0, "Patch status", "Client successfully patched at address: " & Hex($patchAddress))
GUICtrlSetData($btnPatch, "Unpatch")
Else
$check = StringInStr($data, $alreadyPatchedExpression)
If $check Then
$patchAddress = $client[1] + $check / 2 - 1
MsgBox(0, "Patch status", "Client is already patched at address: " & Hex($patchAddress))
GUICtrlSetData($btnPatch, "Unpatch")
Else
MsgBox(0, "Error", "Could not find code pattern to patch" & @CRLF & "...Client update might have broken offsets >.<")
EndIf
EndIf
EndFunc ;==>patchClient
Func unPatchClient()
Local $patchAddress
If $pHandle <> 0 Then
$client = GetModuleBaseByName($pid, $procName)
$data = _MemoryRead("0x" & Hex($client[1]), $pHandle, 'byte[' & $client[2] & ']')
Else
MsgBox(0, "Error", "No elementsclient.exe clients were detected. Please run PW first")
EndIf
Local $check = StringInStr($data, $alreadyPatchedExpression)
If $check Then
; Unpatch the client
$patchAddress = $client[1] + $check / 2 - 1
_MemoryWrite($patchAddress, $pHandle, "0x" & $patchSearchExpression, "byte[" & StringLen($patchSearchExpression) / 2 & "]")
MsgBox(0, "Patch status", "Client successfully unpatched at address: " & Hex($patchAddress))
GUICtrlSetData($btnPatch, "Patch")
Else
$check = StringInStr($data, $patchSearchExpression)
If $check Then
$patchAddress = $client[1] + $check / 2 - 1
MsgBox(0, "Patch status", "Client isn't yet patched at address: " & Hex($patchAddress))
GUICtrlSetData($btnPatch, "Patch")
Else
MsgBox(0, "Error", "Could not find code pattern to patch" & @CRLF & "...Client update might have broken offsets >.<")
EndIf
EndIf
EndFunc ;==>unPatchClient
Func guiCommand($command, $guiObjPtr)
;//Declare local variables
Local $pRemoteThread, $vBuffer, $loop, $result, $OPcode, $processHandle, $stringAddress, $stringSize
$processHandle = memOpen($pid)
;//Allocate memory for the OpCode and retrieve address for this
$functionAddress = DllCall($kernel32, 'int', 'VirtualAllocEx', 'int', $processHandle, 'ptr', 0, 'int', 0x46, 'int', 0x1000, 'int', 0x40)
;//Construct the OpCode for calling the 'guiCommand' function
$OPcode &= '60' ; PUSHAD
$OPcode &= 'A1' & _hex($guiObjPtr) ; MOV EAX, guiObjPtr
;$OPcode &= '8B401C' ; MOV EAX, DWORD PTR DS:[EAX+1C]
;$OPcode &= '8B4018' ; MOV EAX, DWORD PTR DS:[EAX+18]
;$OPcode &= '8B4008' ; MOV EAX, DWORD PTR DS:[EAX+08]
;$OPcode &= '8B80' & _hex($guiObjPtr) ; MOV EAX, DWORD PTR DS:[EAX+XXXXXXXX]
$OPcode &= '50' ; PUSH EAX
$OPcode &= '68' & _hex($command) ; PUSH commandString
$OPcode &= 'B8' & _hex($guiCommandCall) ; MOV EAX, guiCommandCall
$OPcode &= 'FFD0' ; CALL EAX
$OPcode &= '61' ; POPAD
$OPcode &= 'C3' ; RETN
;//Put the OpCode into a struct for later memory writing
$vBuffer = DllStructCreate('byte[' & StringLen($OPcode) / 2 & ']')
For $loop = 1 To DllStructGetSize($vBuffer)
DllStructSetData($vBuffer, 1, Dec(StringMid($OPcode, ($loop - 1) * 2 + 1, 2)), $loop)
Next
;//Write the OpCode to previously allocated memory
DllCall($kernel32, 'int', 'WriteProcessMemory', 'int', $processHandle, 'int', $functionAddress[0], 'int', DllStructGetPtr($vBuffer), 'int', DllStructGetSize($vBuffer), 'int', 0)
;//Create a remote thread in order to run the OpCode
$hRemoteThread = DllCall($kernel32, 'int', 'CreateRemoteThread', 'int', $processHandle, 'int', 0, 'int', 0, 'int', $functionAddress[0], 'ptr', 0, 'int', 0, 'int', 0)
;//Wait for the remote thread to finish
Do
$result = DllCall('kernel32.dll', 'int', 'WaitForSingleObject', 'int', $hRemoteThread[0], 'int', 50)
Until $result[0] <> 258
;//Close the handle to the previously created remote thread
DllCall($kernel32, 'int', 'CloseHandle', 'int', $hRemoteThread[0])
;//Free the previously allocated memory
DllCall($kernel32, 'ptr', 'VirtualFreeEx', 'hwnd', $processHandle, 'int', $functionAddress[0], 'int', 0, 'int', 0x8000)
memClose($processHandle)
Return True
EndFunc ;==>guiCommand
Func _hex($value, $size = 8)
Local $tmp1, $tmp2, $i
$tmp1 = StringRight("000000000" & Hex($value), $size)
For $i = 0 To StringLen($tmp1) / 2 - 1
$tmp2 = $tmp2 & StringMid($tmp1, StringLen($tmp1) - 1 - 2 * $i, 2)
Next
Return $tmp2
EndFunc ;==>_hex
Func memopen($pid)
Local $mid = DllCall($kernel32, 'int', 'OpenProcess', 'int', 0x1F0FFF, 'int', 1, 'int', $pid)
Return $mid[0]
EndFunc ;==>memopen
Func memclose($mid)
DllCall($kernel32, 'int', 'CloseHandle', 'int', $mid)
EndFunc ;==>memclose
Func GetModuleBaseByName($pid, $module) ; thx to lolkop for this
;Edited by dumbfck to also return process exe path
Local $hSnapshot, $me32, $bFound, $baseAddress[4]
; Create a MODULEENTRY32 structure, $me32
; http://msdn.microsoft.com/en-us/library/ms684225%28v=VS.85%29.aspx
; typedef struct tagMODULEENTRY32 {
; DWORD dwSize;
; DWORD th32ModuleID;
; DWORD th32ProcessID;
; DWORD GlblcntUsage;
; DWORD ProccntUsage;
; BYTE *modBaseAddr;
; DWORD modBaseSize;
; HMODULE hModule;
; TCHAR szModule[MAX_MODULE_NAME32 + 1];
; TCHAR szExePath[MAX_PATH];
; } MODULEENTRY32, *PMODULEENTRY32;
$me32 = DllStructCreate("int;int;int;int;int;int;int;int;char[256];char[260]")
; Set first element (dwSize) of $me32 structure as the allocated size of the structure itself
DllStructSetData($me32, 1, DllStructGetSize($me32))
; Take a snapshot of the modules used by process $PID (flag=8 specifies modules only)
; If the function succeeds, it returns an open handle to the specified snapshot.
; If the function fails, it returns INVALID_HANDLE_VALUE
; Modules are enumerated by Module32First
$hSnapshot = DllCall("kernel32.dll", "hwnd", "CreateToolhelp32Snapshot", "int", 8, "int", $pid)
; Returned INVALID_HANDLE_VALUE ?
If $hSnapshot[0] = -1 Then Return 0
; Retrieve information about the first module associated with process
; Returns TRUE if the first entry of the module list has been copied to the buffer or FALSE otherwise
; The ERROR_NO_MORE_FILES error value is returned by the GetLastError function if no modules exist
; or the snapshot does not contain module information.
; The calling application must set the dwSize member of MODULEENTRY32 to the size, in bytes, of the structure.
; To retrieve information about other modules associated with the specified process, use the Module32Next function.
$bFound = DllCall("kernel32.dll", "int", "Module32First", "ptr", $hSnapshot[0], "long", DllStructGetPtr($me32))
; Traverse module list....
If $bFound[0] Then
Do
; if module name stored in $me32 structure = filename (elementclient.exe)
If StringLower(DllStructGetData($me32, 9)) = StringLower($module) Then
; *modBaseAddr
$baseAddress[1] = DllStructGetData($me32, 6)
; modbaseSize
$baseAddress[2] = DllStructGetData($me32, 7)
; szExePath
$baseAddress[3] = DllStructGetData($me32, 10)
ExitLoop
EndIf
; Set bFound as next module in module list
$bFound = DllCall("kernel32.dll", "int", "Module32Next", "ptr", $hSnapshot[0], "long", DllStructGetPtr($me32))
; Loop until we get ERROR_NO_MORE_FILES
Until Not $bFound[0]
EndIf
; Destroy the snapshot
DllCall("kernel32.dll", "int", "CloseHandle", "int", $hSnapshot[0])
; Hopefully we have a nice base address array
; [0] = ?
; [1] = Module base address pointer
; [2] = Module base size
; [3] = Module exe path
Return $baseAddress
EndFunc ;==>GetModuleBaseByName
Func PicSetGraphics($cID, $iW, $iH)
Local Const $STM_SETIMAGE = 0x0172
Local Const $IMAGE_BITMAP = 0
Local $hWnd, $hBitmap, $hImage, $hGraphic, $hBrush, $hBrush1, $hbmp, $aBmp
$hWnd = GUICtrlGetHandle($cID)
_GDIPlus_Startup()
$hBitmap = _WinAPI_CreateSolidBitmap($hGui, 0x192127, $iW, $iH) ; or use next command
$hImage = _GDIPlus_BitmapCreateFromHBITMAP($hBitmap)
$hGraphic = _GDIPlus_ImageGetGraphicsContext($hImage)
GDIPlus_SetAngledText($hGraphic, "Common", 116, 31, -60, "", 12, 0xFFA8A9AA)
GDIPlus_SetAngledText($hGraphic, "Squad", 139, 39, -60, "", 12, 0xFFA8A9AA)
GDIPlus_SetAngledText($hGraphic, "Faction", 170, 35, -60, "", 12, 0xFFA8A9AA)
GDIPlus_SetAngledText($hGraphic, "Whisper", 200, 34, -60, "", 12, 0xFFA8A9AA)
GDIPlus_SetAngledText($hGraphic, "Trade", 223, 42, -60, "", 12, 0xFFA8A9AA)
GDIPlus_SetAngledText($hGraphic, "General", 253, 35, -60, "", 12, 0xFFA8A9AA)
GDIPlus_SetAngledText($hGraphic, "Normal", 54, 80, 0, "", 12, 0xFFCED0D2)
GDIPlus_SetAngledText($hGraphic, "World", 59, 100, 0, "", 12, 0xFFCFBB06)
GDIPlus_SetAngledText($hGraphic, "Squad", 55, 120, 0, "", 12, 0xFF03D006)
GDIPlus_SetAngledText($hGraphic, "Faction", 52, 140, 0, "", 12, 0xFF03D0CF)
GDIPlus_SetAngledText($hGraphic, "Whisper", 50, 160, 0, "", 12, 0xFFDF439C)
GDIPlus_SetAngledText($hGraphic, "Damage", 50, 180, 0, "", 12, 0xFFA8A9AA)
GDIPlus_SetAngledText($hGraphic, "Combat", 50, 200, 0, "", 12, 0xFFCFB606)
GDIPlus_SetAngledText($hGraphic, "Trade", 59, 220, 0, "", 12, 0xFFCF6C06)
GDIPlus_SetAngledText($hGraphic, "System", 52, 240, 0, "", 12, 0xFFB2C58B)
GDIPlus_SetAngledText($hGraphic, "System", 52, 260, 0, "", 12, 0xFFEE3402)
GDIPlus_SetAngledText($hGraphic, "Other", 59, 280, 0, "", 12, 0xFF8793E1)
GDIPlus_SetAngledText($hGraphic, "Other", 59, 300, 0, "", 12, 0xFF8793E1)
GDIPlus_SetAngledText($hGraphic, "Other", 59, 320, 0, "", 12, 0xFF8793E1)
; Keeps all GDIPlus graphics visible
$hbmp = _GDIPlus_BitmapCreateHBITMAPFromBitmap($hImage)
$aBmp = DllCall("user32.dll", "hwnd", "SendMessage", "hwnd", $hWnd, "int", $STM_SETIMAGE, "int", $IMAGE_BITMAP, "int", $hbmp)
_WinAPI_RedrawWindow($hGui, "", "", BitOR($RDW_INVALIDATE, $RDW_UPDATENOW, $RDW_FRAME))
; Save Graphics on picture control
If $aBmp[0] <> 0 Then _WinAPI_DeleteObject($aBmp[0])
_GDIPlus_ImageDispose($hImage)
_GDIPlus_BrushDispose($hBrush)
_GDIPlus_GraphicsDispose($hGraphic)
_WinAPI_DeleteObject($hbmp)
_WinAPI_DeleteObject($hBitmap)
_GDIPlus_Shutdown()
EndFunc ;==>PicSetGraphics
Func _Quit()
Exit
EndFunc ;==>_Quit
; #FUNCTION# ================================================================
; Name...........: GDIPlus_SetAngledText
; Description ...: Adds text to a graphic object at any angle.
; Syntax.........: GDIPlus_SetAngledText($hGraphic, $nText, [$iCentreX, [$iCentreY, [$iAngle , [$nFontName , _
; [$nFontSize, [$iARGB, [$iAnchor]]]]]]] )
; Parameters ....: $hGraphic - The Graphics object to receive the added text.
; $nText - Text string to be displayed
; $iCentreX - Horizontal coordinate of horixontal centre of the text rectangle (default = 0 )
; $iCentreY - Vertical coordinate of vertical centre of the text rectangle (default = 0 )
; $iAngle - The angle which the text will be place in degrees. (default = "" or blank = 0 )
; $nFontName - The name of the font to be used (default = "" or Blank = "Arial" )
; $nFontSize - The font size to be used (default = "" or Blank = 12 )
; $iARGB - Alpha(Transparency), Red, Green and Blue color (0xAARRGGBB) (Default= "" = random color
; or Default = Blank = 0xFFFF00FF )
; $iAnchor - If zero (default) positioning $iCentreX, $iCentreY values refer to centre of text string.
; If not zero positioning $iCentreX, $iCentreY values refer to top left corner of text string.
; Return values .: 1
; Author ........: Malkey
; Modified.......:
; Remarks .......: Call _GDIPlus_Startup() before starting this function, and call _GDIPlus_Shutdown()after function ends.
; Can enter calculation for Angle Eg. For incline, -ATan($iVDist / $iHDist) * 180 / $iPI , where
; $iVDist is Vertical Distance, $iHDist is Horizontal Distance, and, $iPI is Pi, (an added Global Const).
; When used with other graphics, call this function last. The MatrixRotate() may affect following graphics.
; Related .......: _GDIPlus_Startup(), _GDIPlus_Shutdown(), _GDIPlus_GraphicsDispose($hGraphic)
; Link ..........;
; Example .......; Yes
; ========================================================================================
Func GDIPlus_SetAngledText($hGraphic, $nText, $iCentreX = 0, $iCentreY = 0, $iAngle = 0, $nFontName = "Arial", _
$nFontSize = 12, $iARGB = 0xFFFF00FF, $iAnchor = 0)
Local $x, $y, $iX, $iY, $iWidth, $iHeight
Local $hMatrix, $iXt, $iYt, $hBrush, $hFormat, $hFamily, $hFont, $tLayout
; Default values
If $iAngle = "" Then $iAngle = 0
If $nFontName = "" Or $nFontName = -1 Then $nFontName = "Arial" ; "Microsoft Sans Serif"
If $nFontSize = "" Then $nFontSize = 12
If $iARGB = "" Then ; Randomize ARGB color
$iARGB = "0xFF" & Hex(Random(0, 255, 1), 2) & Hex(Random(0, 255, 1), 2) & Hex(Random(0, 255, 1), 2)
EndIf
$hFormat = _GDIPlus_StringFormatCreate(0)
$hFamily = _GDIPlus_FontFamilyCreate($nFontName)
$hFont = _GDIPlus_FontCreate($hFamily, $nFontSize, 1, 3)
$tLayout = _GDIPlus_RectFCreate($iCentreX, $iCentreY, 0, 0)
$aInfo = _GDIPlus_GraphicsMeasureString($hGraphic, $nText, $hFont, $tLayout, $hFormat)
$iWidth = Ceiling(DllStructGetData($aInfo[0], "Width"))
$iHeight = Ceiling(DllStructGetData($aInfo[0], "Height"))
;Later calculations based on centre of Text rectangle.
If $iAnchor = 0 Then ; Reference to middle of Text rectangle
$iX = $iCentreX
$iY = $iCentreY
Else ; Referenced centre point moved to top left corner of text string.
$iX = $iCentreX + (($iWidth - Abs($iHeight * Sin($iAngle * $iPI / 180))) / 2)
$iY = $iCentreY + (($iHeight + Abs($iWidth * Sin($iAngle * $iPI / 180))) / 2)
EndIf
;Rotation Matrix
$hMatrix = _GDIPlus_MatrixCreate()
_GDIPlus_MatrixRotate($hMatrix, $iAngle, 1)
_GDIPlus_GraphicsSetTransform($hGraphic, $hMatrix)
;x, y are display coordinates of center of width and height of the rectanglular text box.
;Top left corner coordinates rotate in a circular path with radius = (width of text box)/2.
;Parametric equations for a circle, and adjustments for centre of text box
$x = ($iWidth / 2) * Cos($iAngle * $iPI / 180) - ($iHeight / 2) * Sin($iAngle * $iPI / 180)
$y = ($iWidth / 2) * Sin($iAngle * $iPI / 180) + ($iHeight / 2) * Cos($iAngle * $iPI / 180)
;Rotation of Coordinate Axes formulae - To display at x and y after rotation, we need to enter the
;x an y position values of where they rotated from. This is done by rotating the coordinate axes.
;Use $iXt, $iYt in _GDIPlus_RectFCreate. These x, y values is the position of the rectangular
;text box point before rotation. (before translation of the matrix)
$iXt = ($iX - $x) * Cos($iAngle * $iPI / 180) + ($iY - $y) * Sin($iAngle * $iPI / 180)
$iYt = -($iX - $x) * Sin($iAngle * $iPI / 180) + ($iY - $y) * Cos($iAngle * $iPI / 180)
$hBrush = _GDIPlus_BrushCreateSolid($iARGB)
$tLayout = _GDIPlus_RectFCreate($iXt, $iYt, $iWidth, $iHeight)
_GDIPlus_GraphicsDrawStringEx($hGraphic, $nText, $hFont, $tLayout, $hFormat, $hBrush)
; Clean up resources
_GDIPlus_MatrixDispose($hMatrix)
_GDIPlus_FontDispose($hFont)
_GDIPlus_FontFamilyDispose($hFamily)
_GDIPlus_StringFormatDispose($hFormat)
_GDIPlus_BrushDispose($hBrush)
$tLayout = ""
Return 1
EndFunc ;==>GDIPlus_SetAngledText
Func Color_SetHSL($iHue, $Saturation = 180, $Brightness = 160)
If IsArray($iHue) Then
$aInput = $iHue
Else
Local $aInput[3] = [$iHue, $Saturation, $Brightness]
EndIf
Local $aiRGB = _ColorConvertHSLtoRGB($aInput)
Return "0x" & Hex(Round($aiRGB[0]), 2) & Hex(Round($aiRGB[1]), 2) & Hex(Round($aiRGB[2]), 2)
EndFunc ;==>Color_SetHSL
filterOffsets.au3
Code:
#Include "MultiAssocArray.au3" ; http://www.autoitscript.com/forum/topic/113182-easy-multidimensional-associative-arrays/
Global $search ; Full regex search expression
Const $ODconstant = 0
Const $ODfuncOffset = 1
#cs
00404070 . A1 A46DAF00 MOV EAX,DWORD PTR DS:[AF6DA4] baseCall
00404075 . 8A90 8C040000 MOV DL,BYTE PTR DS:[EAX+48C]
0040407B . 84D2 TEST DL,DL
0040407D . 75 05 JNZ SHORT ElementC.00404084
0040407F . B0 01 MOV AL,1
00404081 . C2 0400 RETN 4
00404084 > 8B40 1C MOV EAX,DWORD PTR DS:[EAX+1C] realBase
00404087 . 8B40 34 MOV EAX,DWORD PTR DS:[EAX+34] charBase
#ce
$search &= '.*?' & _
'A1(.{8})' & _ ;MOV EAX,DWORD PTR DS:[AF6DA4] baseCall
'8A90.{8}' & _ ;MOV DL,BYTE PTR DS:[EAX+48C]
'84D2' & _ ;TEST DL,DL
'7505' & _ ;JNZ SHORT ElementC.00404084
'B001' & _ ;MOV AL,1
'C20400' & _ ;RETN 4
'8B40(.{2})' & _ ;MOV EAX,DWORD PTR DS:[EAX+1C] realBase
'8B40(.{2})' ;MOV EAX,DWORD PTR DS:[EAX+34] charBase
x("o.baseCall.type", $ODconstant)
x("o.realBase.type", $ODconstant)
x("o.playerBase.type", $ODconstant)
#cs
004171E0 /$ 83EC 14 SUB ESP,14
004171E3 |. A1 A46DAF00 MOV EAX,DWORD PTR DS:[AF6DA4] baseCall again
004171E8 |. 53 PUSH EBX
004171E9 |. 55 PUSH EBP
004171EA |. 56 PUSH ESI
004171EB |. 8BF1 MOV ESI,ECX
004171ED |. 57 PUSH EDI
004171EE |. 8B48 1C MOV ECX,DWORD PTR DS:[EAX+1C] realBase
004171F1 |. 8B51 18 MOV EDX,DWORD PTR DS:[ECX+18] guiBase0
004171F4 |. 8B4A 08 MOV ECX,DWORD PTR DS:[EDX+8] guiBase1
#ce
$search &= '.*?' & _
'83EC.{2}' & _ ;SUB ESP,14
'A1.{8}' & _ ;MOV EAX,DWORD PTR DS:[AF6DA4] baseCall
'53' & _ ;PUSH EBX
'55' & _ ;PUSH EBP
'56' & _ ;PUSH ESI
'8BF1' & _ ;MOV ESI,ECX
'57' & _ ;PUSH EDI
'8B48.{2}' & _ ;MOV ECX,DWORD PTR DS:[EAX+1C] realBase
'8B51(.{2})' & _ ;MOV EDX,DWORD PTR DS:[ECX+18] guiBase0
'8B4A(.{2})' ;MOV ECX,DWORD PTR DS:[EDX+8] guiBase1
x("o.guiBase0.type", $ODconstant)
x("o.guiBase1.type", $ODconstant)
#cs
00484B60 /$ 8B4424 04 MOV EAX,DWORD PTR SS:[ARG.1] ; ElementClient.00484B60(guessed Arg1)
00484B64 |. 83EC 08 SUB ESP,8
00484B67 |. 53 PUSH EBX
00484B68 |. 8BD9 MOV EBX,ECX
00484B6A |. 50 PUSH EAX ; /Arg1 => [ARG.1]
00484B6B |. E8 B0010000 CALL 00484D20 ; \ElementClient.00484D20
00484B70 |. 84C0 TEST AL,AL
00484B72 |. 75 09 JNE SHORT 00484B7D
00484B74 |. B0 01 MOV AL,1
00484B76 |. 5B POP EBX
00484B77 |. 83C4 08 ADD ESP,8
00484B7A |. C2 0400 RETN 4
00484B7D |> A1 44F1AF00 MOV EAX,DWORD PTR DS:[0AFF144]
00484B82 |. 55 PUSH EBP
00484B83 |. 56 PUSH ESI
00484B84 |. 8BB3 C4060000 MOV ESI,DWORD PTR DS:[EBX+6C4]
00484B8A |. 8B48 04 MOV ECX,DWORD PTR DS:[EAX+4]
00484B8D |. 8B50 18 MOV EDX,DWORD PTR DS:[EAX+18]
#ce
$search &= '.*?' & _
'8B4424.{2}' & _ ; MOV EAX,DWORD PTR SS:[ARG.1] ; ElementClient.00484B60(guessed Arg1)
'83EC.{2}' & _ ; SUB ESP,8
'53' & _ ; PUSH EBX
'8BD9' & _ ; MOV EBX,ECX
'50' & _ ; PUSH EAX ; /Arg1 => [ARG.1]
'E8.{8}' & _ ; CALL 00484D20 ; \ElementClient.00484D20
'84C0' & _ ; TEST AL,AL
'75.{2}' & _ ; JNE SHORT 00484B7D
'B0.{2}' & _ ; MOV AL,1
'5B' & _ ; POP EBX
'83C4.{2}' & _ ; ADD ESP,8
'C2.{4}' & _ ; RETN 4
'A1.{8}' & _ ; MOV EAX,DWORD PTR DS:[0AFF144]
'55' & _ ; PUSH EBP
'56' & _ ; PUSH ESI
'8BB3.{8}' & _ ; MOV ESI,DWORD PTR DS:[EBX+6C4]
'8B48.{2}' & _ ; MOV ECX,DWORD PTR DS:[EAX+4]
'8B50(.{2})' ; MOV EDX,DWORD PTR DS:[EAX+18]
x("o.settingsBase.type", $ODconstant)
#cs
0053874F 90 NOP
00538750 83EC 20 SUB ESP,20
00538753 53 PUSH EBX
00538754 55 PUSH EBP
00538755 56 PUSH ESI
00538756 57 PUSH EDI
00538757 8BF1 MOV ESI,ECX
00538759 68 8469AA00 PUSH ElementC.00AA6984 ; ASCII "Btn_Close"
0053875E E8 CDA32B00 CALL ElementC.007F2B30
00538763 68 CCAFAA00 PUSH ElementC.00AAAFCC ; ASCII "Txt_Desc"
00538768 8BCE MOV ECX,ESI
0053876A 8BE8 MOV EBP,EAX
0053876C E8 BFA32B00 CALL ElementC.007F2B30
00538771 8BF8 MOV EDI,EAX
00538773 8BCF MOV ECX,EDI
#ce
$search &= '.*?' & _
'90' & _ ; NOP
'83EC.{2}' & _ ; SUB ESP,20
'53' & _ ; PUSH EBX
'55' & _ ; PUSH EBP
'56' & _ ; PUSH ESI
'57' & _ ; PUSH EDI
'8BF1' & _ ; MOV ESI,ECX
'68(.{8})' & _ ; PUSH ElementC.00AA6984 ; ASCII "Btn_Close"
'E8.{8}' & _ ; CALL ElementC.007F2B30
'68.{8}' & _ ; PUSH ElementC.00AAAFCC ; ASCII "Txt_Desc"
'8BCE' & _ ; MOV ECX,ESI
'8BE8' & _ ; MOV EBP,EAX
'E8.{8}' & _ ; CALL ElementC.007F2B30
'8BF8' & _ ; MOV EDI,EAX
'8BCF' ; MOV ECX,EDI
x("o.str_Btn_Close.type", $ODconstant)
#cs
00567A81 68 E4C6AA00 PUSH ElementC.00AAC6E4 ; ASCII "videosetting"
00567A86 8D4C24 24 LEA ECX,DWORD PTR SS:[ESP+24]
00567A8A E8 D1582F00 CALL ElementC.0085D360
00567A8F 84C0 TEST AL,AL
00567A91 74 0F JE SHORT ElementC.00567AA2
00567A93 8BCE MOV ECX,ESI
00567A95 E8 F654F7FF CALL ElementC.004DCF90
00567A9A 8BB8 B8040000 MOV EDI,DWORD PTR DS:[EAX+4B8]
00567AA0 EB 40 JMP SHORT ElementC.00567AE2
00567AA2 68 AC7EAA00 PUSH ElementC.00AA7EAC ; ASCII "gamesetting"
00567AA7 8D4C24 24 LEA ECX,DWORD PTR SS:[ESP+24]
00567AAB E8 B0582F00 CALL ElementC.0085D360
00567AB0 84C0 TEST AL,AL
00567AB2 74 0F JE SHORT ElementC.00567AC3
00567AB4 8BCE MOV ECX,ESI
00567AB6 E8 D554F7FF CALL ElementC.004DCF90
00567ABB 8BB8 B0040000 MOV EDI,DWORD PTR DS:[EAX+4B0] ;tab_gamesetting
#ce
$search &= '.*?' & _
'68.{8}' & _ ; PUSH ElementC.00AAC6E4 ; ASCII "videosetting"
'8D4C24.{2}' & _ ; LEA ECX,DWORD PTR SS:[ESP+24]
'E8.{8}' & _ ; CALL ElementC.0085D360
'84C0' & _ ; TEST AL,AL
'74.{2}' & _ ; JE SHORT ElementC.00567AA2
'8BCE' & _ ; MOV ECX,ESI
'E8.{8}' & _ ; CALL ElementC.004DCF90
'8BB8.{8}' & _ ; MOV EDI,DWORD PTR DS:[EAX+4B8]
'EB.{2}' & _ ; JMP SHORT ElementC.00567AE2
'68(.{8})' & _ ; PUSH ElementC.00AA7EAC ; ASCII "gamesetting"
'8D4C24.{2}' & _ ; LEA ECX,DWORD PTR SS:[ESP+24]
'E8.{8}' & _ ; CALL ElementC.0085D360
'84C0' & _ ; TEST AL,AL
'74.{2}' & _ ; JE SHORT ElementC.00567AC3
'8BCE' & _ ; MOV ECX,ESI
'E8.{8}' & _ ; CALL ElementC.004DCF90
'8BB8(.{8})' ; MOV EDI,DWORD PTR DS:[EAX+4B0] ;tab_gamesetting
x("o.str_gamesetting.type", $ODconstant)
x("o.tab_gamesetting.type", $ODconstant)
#cs
CPU Disasm
Address Hex dump Command Comments
0056D97C |. E8 CFF9F6FF CALL elementclient.004DD350
0056D981 |. 8B40 18 MOV EAX,DWORD PTR DS:[EAX+18]
0056D984 |. 8DBD 14020000 LEA EDI,[EBP+214]
0056D98A |. B9 3A000000 MOV ECX,3A
0056D98F |. B2 01 MOV DL,1
0056D991 |. 8DB0 55010000 LEA ESI,[EAX+155]
0056D997 |. 8D85 1C020000 LEA EAX,[EBP+21C]
#ce
$search &= '.*?' & _
'E8.{8}' & _ ; CALL elementclient.004DD350
'8B40.{2}' & _ ; MOV EAX,DWORD PTR DS:[EAX+18]
'8DBD.{8}' & _ ; LEA EDI,[EBP+214]
'B9.{8}' & _ ; MOV ECX,3A
'B2.{2}' & _ ; MOV DL,1
'8DB0(.{8})' & _ ; LEA ESI,[EAX+155]
'8D85.{8}' ; LEA EAX,[EBP+21C]
x("o.staticChatFilters.type", $ODconstant)
#cs
00604B30 /. 53 PUSH EBX ; guiCommand()
00604B31 |. 8B5C24 08 MOV EBX,DWORD PTR SS:[ARG.1]
00604B35 |. 56 PUSH ESI
00604B36 |. 8B7424 10 MOV ESI,DWORD PTR SS:[ARG.2]
00604B3A |. 57 PUSH EDI
00604B3B |. 56 PUSH ESI ; /Arg2 => [ARG.2]
00604B3C |. 53 PUSH EBX ; |Arg1 => [ARG.1]
00604B3D |. E8 EE221E00 CALL 007E6E30 ; \ElementClient.007E6E30
00604B42 |. 84C0 TEST AL,AL
00604B44 |. 74 24 JE SHORT 00604B6A
00604B46 |. 85F6 TEST ESI,ESI
00604B48 |. 74 18 JE SHORT 00604B62
00604B4A |. 8BCE MOV ECX,ESI
00604B4C |. E8 EFFD1E00 CALL 007F4940 ; [ElementClient.007F4940
00604B51 |. 84C0 TEST AL,AL
00604B53 |. 74 0D JE SHORT 00604B62
00604B55 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
00604B57 |. 6A 01 PUSH 1
00604B59 |. 6A 00 PUSH 0
00604B5B |. 6A 00 PUSH 0
00604B5D |. 8BCE MOV ECX,ESI
00604B5F |. FF50 1C CALL DWORD PTR DS:[EAX+1C]
00604B62 |> 5F POP EDI
00604B63 |. 5E POP ESI
00604B64 |. B0 01 MOV AL,1
00604B66 |. 5B POP EBX
00604B67 |. C2 0800 RETN 8
00604B6A |> 68 8C4CAB00 PUSH OFFSET 00AB4C8C ; /Arg2 = ASCII "Win_Popmsg"
#ce
; Capture the whole expression here so we can do a StringInStr() on it to get the function offset for guiCommand()
$search &= '.*?' & _
'(53' & _ ;PUSH EBX
'8B5C24.{2}' & _ ;MOV EBX,DWORD PTR SS:[ARG.1]
'56' & _ ;PUSH ESI
'8B7424.{2}' & _ ;MOV ESI,DWORD PTR SS:[ARG.2]
'57' & _ ;PUSH EDI
'56' & _ ;PUSH ESI
'53' & _ ;PUSH EBX
'E8.{8}' & _ ;CALL 007E6E30
'84C0' & _ ;TEST AL,AL
'74.{2}' & _ ;JE SHORT 00604B6A
'85F6' & _ ;TEST ESI,ESI
'74.{2}' & _ ;JE SHORT 00604B62
'8BCE' & _ ;MOV ECX,ESI
'E8.{8}' & _ ;CALL 007F4940
'84C0' & _ ;TEST AL,AL
'74.{2}' & _ ;JE SHORT 00604B62
'8B06' & _ ;MOV EAX,DWORD PTR DS:[ESI]
'6A01' & _ ;PUSH 1
'6A00' & _ ;PUSH 0
'6A00' & _ ;PUSH 0
'8BCE' & _ ;MOV ECX,ESI
'FF50.{2}' & _ ;CALL DWORD PTR DS:[EAX+1C]
'5F' & _ ;POP EDI
'5E' & _ ;POP ESI
'B001' & _ ;MOV AL,1
'5B' & _ ;POP EBX
'C20800' & _ ;RETN 8
'68.{8})' ;PUSH OFFSET 00AB4C8C
x("o.guiCommandCall.type", $ODfuncOffset)
#cs
0066109E |. 6A 05 PUSH 5 ; /count = 5
006610A0 |. 50 PUSH EAX ; |src => OFFSET LOCAL.26
006610A1 |. 51 PUSH ECX ; |dest => [LOCAL.6]
006610A2 |. FF15 74949F00 CALL DWORD PTR DS:[<&MSVCRT.memmove>] ; \MSVCRT.memmove
006610A8 |. 8B5424 68 MOV EDX,DWORD PTR SS:[LOCAL.6]
006610AC |. 83C4 0C ADD ESP,0C
006610AF |. 83C2 05 ADD EDX,5
006610B2 |. 895424 60 MOV DWORD PTR SS:[LOCAL.5],EDX
006610B6 |> A1 44F1AF00 MOV EAX,DWORD PTR DS:[0AFF144] baseCall
006610BB |. 53 PUSH EBX
006610BC |. 55 PUSH EBP
006610BD |. 8B2D 60949F00 MOV EBP,DWORD PTR DS:[<&MSVCRT.wcslen>]
006610C3 |. 8B48 1C MOV ECX,DWORD PTR DS:[EAX+1C] realBase
006610C6 |. 8B51 34 MOV EDX,DWORD PTR DS:[ECX+34] playerBase
006610C9 |. 8B9A 38060000 MOV EBX,DWORD PTR DS:[EDX+638] playerName
#ce
$search &= '.*?' & _
'6A.{2}' & _ ;PUSH 5
'50' & _ ;PUSH EAX
'51' & _ ;PUSH ECX
'FF15.{8}' & _ ;CALL DWORD PTR DS:[<&MSVCRT.memmove>]
'8B5424.{2}' & _ ;MOV EDX,DWORD PTR SS:[LOCAL.6]
'83C4.{2}' & _ ;ADD ESP,0C
'83C2.{2}' & _ ;ADD EDX,5
'895424.{2}' & _ ;MOV DWORD PTR SS:[LOCAL.5],EDX
'A1.{8}' & _ ;MOV EAX,DWORD PTR DS:[0AFF144]
'53' & _ ;PUSH EBX
'55' & _ ;PUSH EBP
'8B2D.{8}' & _ ;MOV EBP,DWORD PTR DS:[<&MSVCRT.wcslen>]
'8B48.{2}' & _ ;MOV ECX,DWORD PTR DS:[EAX+1C]
'8B51.{2}' & _ ;MOV EDX,DWORD PTR DS:[ECX+34]
'8B9A(.{8})' ;MOV EBX,DWORD PTR DS:[EDX+638] playerName
x("o.playerName.type", $ODconstant)
#cs
007F0A58 |. C686 90000000 00 MOV BYTE PTR DS:[ESI+90],0
007F0A5F |. 8B81 8C000000 MOV EAX,DWORD PTR DS:[ECX+8C]
007F0A65 |. 85C0 TEST EAX,EAX
007F0A67 |. 74 75 JE SHORT 007F0ADE
007F0A69 |> 3970 08 /CMP DWORD PTR DS:[EAX+8],ESI
007F0A6C |. 74 08 |JE SHORT 007F0A76
007F0A6E |. 8B00 |MOV EAX,DWORD PTR DS:[EAX]
007F0A70 |. 85C0 |TEST EAX,EAX
007F0A72 |.^ 75 F5 \JNE SHORT 007F0A69
007F0A74 |. EB 68 JMP SHORT 007F0ADE
007F0A76 |> 85C0 TEST EAX,EAX
#ce
$search &= '.*?' & _
'C686(.{8})00' & _ ; MOV BYTE PTR DS:[ESI+90],0
'8B81.{8}' & _ ; MOV EAX,DWORD PTR DS:[ECX+8C]
'85C0' & _ ; TEST EAX,EAX
'74.{2}' & _ ; JE SHORT 007F0ADE
'3970.{2}' & _ ; /CMP DWORD PTR DS:[EAX+8],ESI
'74.{2}' & _ ; |JE SHORT 007F0A76
'8B00' & _ ; |MOV EAX,DWORD PTR DS:[EAX]
'85C0' & _ ; |TEST EAX,EAX
'75.{2}' & _ ; \JNE SHORT 007F0A69
'EB.{2}' & _ ; JMP SHORT 007F0ADE
'85C0' ; TEST EAX,EAX
x("o.tabVisible.type", $ODconstant)
;getOffsets('elementclient.exe', $search)
Func getOffsets($fileName, $regex)
$file = FileOpen($fileName, 16)
$data = FileRead($file, FileGetSize($fileName))
FileClose($file)
$offsets = StringRegExp($data, $regex, 2)
If Not IsArray($offsets) Then
MsgBox(16, 'Error', 'Could not find all Offsets')
Exit
EndIf
$z = 1
for $names in x('o')
if x('o.' & $names & '.type') == $ODconstant Then
x('o.' & $names & '.offset', '0x' & rev($offsets[$z]))
ConsoleWrite($names & ': ' & rev($offsets[$z]) & @CRLF)
Else
$funcAddr = 0x400000 + StringInStr($data, $offsets[$z])/2 - 1
x('o.' & $names & '.offset', '0x' & Hex($funcAddr))
ConsoleWrite($names & ': ' & Hex($funcAddr) & @CRLF)
EndIf
$z = $z+1
Next
return x('o')
EndFunc
Func rev($string)
Local $all
For $i = StringLen($string) + 1 To 1 Step -2
$all = $all & StringMid($string, $i, 2)
Next
While StringLeft($all, 1) = '0'
$all = StringTrimLeft($all, 1)
WEnd
Return $all
EndFunc ;==>rev
MultiAssocArray.au3 (This is awesome! Found it )
Code:
#include-once
; Sourced from http://www.autoitscript.com/forum/topic/113182-easy-multidimensional-associative-arrays/
; #INDEX# =======================================================================================================================
; Title .........: xHashCollection
; AutoIt Version : 3.3.4.0
; Language ......: English
; Description ...: Create and use Multidimentional Associative Arrays
; Author ........: OHB <me at orangehairedboy dot com>
; ===============================================================================================================================
Global $_xHashCollection = ObjCreate( "Scripting.Dictionary" ), $_xHashCache
; #FUNCTION# ====================================================================================================================
; Name...........: x
; Description ...: Gets or sets a value in an Associative Array
; Syntax.........: SET: x( $sKey , $vValue )
; GET: x( $key )
; Parameters ....: $sKey - the key to set or get. Examples:
; x( 'foo' ) gets value of foo
; x( 'foo.bar' ) gets value of bar which is a key of foo
; $bar = "baz"
; x( 'foo.$bar' ) gets value of baz which is a key of foo (variables are expanded)
; Return values .: Success - When setting, return the value set. When getting, returns the requested value.
; Failure - Returns a 0
; Author ........: OHB <me at orangehairedboy dot com>
; ===============================================================================================================================
Func x( $sKey = '' , $vValue = '' )
$func = "get"
If @NumParams <> 1 Then $func = "set"
If $sKey == '' Then
If $func == "get" Then
Return $_xHashCollection
Else
$_xHashCollection.removeAll
Return ''
EndIf
EndIf
$parts = StringSplit( $sKey , "." )
$last_key = $parts[$parts[0]]
$cur = $_xHashCollection
For $x = 1 To $parts[0] - 1
If Not $cur.exists( $parts[$x] ) Then
If $func == "get" Then Return
$cur.add( $parts[$x] , ObjCreate( "Scripting.Dictionary" ) )
EndIf
$cur = $cur.item( $parts[$x] )
Next
If IsPtr( $vValue ) Then $vValue = String( $vValue )
If $func == "get" Then
If Not $cur.exists( $last_key ) Then Return
$item = $cur.item( $last_key )
Return $item
ElseIf Not $cur.exists( $last_key ) Then
$cur.add( $last_key , $vValue )
Else
$cur.item( $last_key ) = $vValue
EndIf
Return $vValue
EndFunc
; #FUNCTION# ====================================================================================================================
; Name...........: x_unset
; Description ...: Removes a key from an Associative Array
; Syntax.........: x_unset( $sKey )
; Parameters ....: $sKey - the key to remove.
; Return values .: Success - True
; Failure - False
; Author ........: OHB <me at orangehairedboy dot com>
; ===============================================================================================================================
Func x_unset( $sKey )
If $sKey == '' Then Return x( '' , '' )
$parts = StringSplit( $sKey , "." )
$cur = $_xHashCollection
For $x = 1 To $parts[0] - 1
If Not $cur.exists( $parts[$x] ) Then Return False
$cur = $cur.item( $parts[$x] )
Next
$cur.remove( $parts[$parts[0]] )
Return True
EndFunc
; #FUNCTION# ====================================================================================================================
; Name...........: x_display
; Description ...: Displays the contents of an Associative Array
; Syntax.........: x_display( $sKey )
; Parameters ....: $sKey - the key to display. Examples:
; x_display() displays everything
; x_display( 'foo' ) displays the contents of foo
; Author ........: OHB <me at orangehairedboy dot com>
; ===============================================================================================================================
Func x_display( $key = '' )
$text = $key
If $key <> '' Then $text &= " "
$text &= StringTrimRight( _x_display( x( $key ) , '' ) , 2 )
$wHnd = GUICreate( "Array " & $key , 700 , 500 )
GUISetState( @SW_SHOW , $wHnd )
$block = GUICtrlCreateEdit( $text , 5 , 5 , 690 , 490 )
GUICtrlSetFont( $block , 10 , 400 , -1 , 'Courier' )
While 1
If GUIGetMsg() == -3 Then ExitLoop
WEnd
GUISetState( @SW_HIDE , $wHnd )
GUIDelete( $wHnd )
EndFunc
; #INTERNAL_USE_ONLY# ===========================================================================================================
; Name...........: _x_display
; Description ...: Itterates through an array and builds output for x_display
; Author ........: OHB <me at orangehairedboy dot com>
; ===============================================================================================================================
Func _x_display( $item , $tab )
If IsObj( $item ) Then
$text = 'Array (' & @CRLF
$itemAdded = False
For $i In $item
$text &= $tab & " [" & $i & "] => " & _x_display( $item.item($i) , $tab & " " )
$itemAdded = True
Next
If Not $itemAdded Then $text &= @CRLF
$text &= $tab & ')'
ElseIf IsArray( $item ) Then
$text = "Array"
$totalItems = 1
$dimensions = UBound( $item , 0 )
For $dimension = 1 To $dimensions
$size = UBound( $item , $dimension )
$totalItems *= $size
$text &= "[" & $size & "]"
Next
$text &= " (" & @CRLF
For $itemID = 0 To $totalItems - 1
$idName = ''
$idNum = $itemID
For $dimension = 1 To $dimensions - 1
$mul = ( $totalItems / UBound( $item , $dimension ) )
$a = Floor( $idNum / $mul )
$idName &= '[' & $a & ']'
$idNum -= ( $a * $mul )
Next
$idName &= '[' & $idNum & ']'
$text &= $tab & " " & $idName & " => " & _x_display( Execute( "$item" & $idName ) , $tab & " " )
Next
$text &= $tab & ")"
Else
$text = $item
EndIf
$text &= @CRLF
Return $text
EndFunc
Enjoy!!
|
|
|
|
09/02/2011, 03:01
|
#2
|
elite*gold: 0
Join Date: May 2010
Posts: 220
Received Thanks: 203
|
WOW, i compile it and it works...who wonder it!
dont know what should i say 
|
|
|
|
|
09/02/2011, 20:03
|
#3
|
elite*gold: 0
Join Date: Mar 2011
Posts: 44
Received Thanks: 48
|
Quote:
Originally Posted by dumbfck
As a side note, I have a feeling (not confirmed) that the last filter option (the third 'other' option) might be a Horn filter hehe.
|
yep last "other" is horn, and probably id 11 "2nd other" can be GM talk, but not confirmed, never see GM talk  so they write system (id 9) msgs or id 11
here is rip from my source:
Code:
If $array[$i + 1][0] = 0 Then
$array[$i + 1][0] = "Normal"
ElseIf $array[$i + 1][0] = 1 Then
$array[$i + 1][0] = "World"
ElseIf $array[$i + 1][0] = 2 Then
$array[$i + 1][0] = "Squad"
ElseIf $array[$i + 1][0] = 3 Then
$array[$i + 1][0] = "Faction"
ElseIf $array[$i + 1][0] = 4 Then
$array[$i + 1][0] = "Whisper"
ElseIf $array[$i + 1][0] = 5 Then
$array[$i + 1][0] = "Damage"
ElseIf $array[$i + 1][0] = 6 Then
$array[$i + 1][0] = "Combat"
ElseIf $array[$i + 1][0] = 7 Then
$array[$i + 1][0] = "Trade"
ElseIf $array[$i + 1][0] = 8 Then
$array[$i + 1][0] = "Notification"
ElseIf $array[$i + 1][0] = 9 Then
$array[$i + 1][0] = "System"
ElseIf $array[$i + 1][0] = 10 Then
$array[$i + 1][0] = "Other"
ElseIf $array[$i + 1][0] = 11 Then
$array[$i + 1][0] = "???"
ElseIf $array[$i + 1][0] = 12 Then
$array[$i + 1][0] = "Horn"
EndIf
edit: btw nice to see how u change your opinion about AutoIT :P
|
|
|
|
|
09/02/2011, 20:57
|
#4
|
elite*gold: 0
Join Date: Mar 2010
Posts: 862
Received Thanks: 576
|
****, so many regexps, I feel sorry for you
Awesome job yet again
Love seeing all the open source stuff  Looking forward to the writeup as usual
|
|
|
|
|
09/03/2011, 03:13
|
#5
|
elite*gold: 10
Join Date: Sep 2010
Posts: 400
Received Thanks: 234
|
Quote:
Originally Posted by Merkada
yep last "other" is horn, and probably id 11 "2nd other" can be GM talk, but not confirmed, never see GM talk so they write system (id 9) msgs or id 11 |
Thanks for confirming it And yeah, the other "other" option might well be GM, since it is a hidden option normally and is set to 'on'... Although last time I spoke to a GM they used normal whispers.
Quote:
Originally Posted by Merkada
btw nice to see how u change your opinion about AutoIT :P
|
I still don't like it, but I like to challenge myself :P
One of the major advantages I've just realised recently is that you can post code in AutoIt here, and most people can compile it, so there is no need to post the compiled .exe which, when using injections, invariably pisses off people's antivirus programs.
Also the whole reading a file to a string thing is quite nice and I am yet to find such a straightforward solution in C#, so offset searching is pretty sweet in AutoIt. (My extremely similar version in C# takes almost 4 times as long :O)
Quote:
Originally Posted by Interest07
Damn, so many regexps, I feel sorry for you
|
Yep, you might have noticed in the code that there was one offset that just wasn't practical to get from the client, so I kinda botched it a bit >.>.
Aside from that, I love regex's but I got so pissed off with it I actually made a tool which makes it a bit easier... I shall be posting the details on here soon... I think it has potential to be awesome hehe.
Hint:
Code:
"^[0-9A-F]{8}[\^|\.\>\s\\\/\$]+(([0-9A-F]{2,8}):)?([0-9A-F]{2,8})?\s?([0-9A-F]{8})?([0-9A-F]{4})?([0-9A-F]{2})?[\s:]([0-9A-F]{8})?([0-9A-F]{4})?([0-9A-F]{2})?\s+(.+)"
Nice hint, eh? 
Quote:
Originally Posted by Interest07
Awesome job yet again
Love seeing all the open source stuff
Looking forward to the writeup as usual |
Thank you kindly, sir
There's been a lot of alcohol and drums on guitar hero tonight, and lots of work to do over the weekend, but hopefully will post the details fairly soon
|
|
|
|
|
09/03/2011, 07:17
|
#6
|
elite*gold: 0
Join Date: Mar 2010
Posts: 862
Received Thanks: 576
|
Quote:
Originally Posted by dumbfck
I still don't like it, but I like to challenge myself :P
One of the major advantages I've just realised recently is that you can post code in AutoIt here, and most people can compile it, so there is no need to post the compiled .exe which, when using injections, invariably pisses off people's antivirus programs.
|
That's definitely true. It's much easier to copy paste too, since it's all just stuck in one huge file generally (Perhaps with one or two utility files I guess). For smaller tools (codewise I mean) like the ones you're producing it is effective enough.
Quote:
Also the whole reading a file to a string thing is quite nice and I am yet to find such a straightforward solution in C#, so offset searching is pretty sweet in AutoIt. (My extremely similar version in C# takes almost 4 times as long :O)
|
While I admit regexps aren't the most straightforward in C# (escaping every single byte with \x is a pain and I simply hate using the bloody things), I don't find them to be slow at all. I'd even say time isn't really an issue at all as far as I've noticed (unless you were to regexp the offset every time you wish to use said offset of course ).
Quote:
Yep, you might have noticed in the code that there was one offset that just wasn't practical to get from the client, so I kinda botched it a bit >.>.
Aside from that, I love regex's but I got so pissed off with it I actually made a tool which makes it a bit easier... I shall be posting the details on here soon... I think it has potential to be awesome hehe.
Hint:
Code:
"^[0-9A-F]{8}[\^|\.\>\s\\\/\$]+(([0-9A-F]{2,8}):)?([0-9A-F]{2,8})?\s?([0-9A-F]{8})?([0-9A-F]{4})?([0-9A-F]{2})?[\s:]([0-9A-F]{8})?([0-9A-F]{4})?([0-9A-F]{2})?\s+(.+)"
Nice hint, eh?
|
lmao, I'd rather stay away from regexps completely (besides for addresses), they're nasty as shows in your 'hint'
offsets are usually easy enough to change with simple statements like "UPDATE pwi_offsets SET value = value + 0x4 WHERE value > 0xC40" or whatever. Substitute that code with whatever you need for how you store your offsets of course Then again, for real public use you need to bloody offset finders or you get your daily dosage of moaning at every patch
Quote:
Thank you kindly, sir
There's been a lot of alcohol and drums on guitar hero tonight, and lots of work to do over the weekend, but hopefully will post the details fairly soon
|
I've personally always been bad at GUI related stuff (even programming it myself) so I always find the things you produce impressive 
Hope you have a fun weekend without halucinations about regexps
|
|
|
|
|
09/04/2011, 23:11
|
#7
|
elite*gold: 10
Join Date: Sep 2010
Posts: 400
Received Thanks: 234
|
Updated the first post with all the gruesome details
|
|
|
|
|
09/07/2011, 12:35
|
#8
|
elite*gold: 0
Join Date: Mar 2010
Posts: 862
Received Thanks: 576
|
Since you seem to be quite into the whole GUI bit of the game... I was wondering, do you happen to know how to figure out the x, y coords on screen of items in your inventory (and whether or not they are actually visible, in the case of inventories with scroll bar).
I'm working on integrating some little tools into the client via dll injection like this:
and kinda want to be able to drag for example a potion to a slot to indicate i want to use that potion type. Or perhaps something similar with skills and such. I might post the source code for this later if there's any interest.
|
|
|
|
|
09/07/2011, 15:09
|
#9
|
elite*gold: 10
Join Date: Sep 2010
Posts: 400
Received Thanks: 234
|
Ooooh have you coded that in, or just photoshopped that for now? :O
That looks awesome hehe.
I don't know of a way to get the x,y coords based on the actual item as such, but one way you could do it is to read the position of the inventory window relative to the screen
Inventory window object = [[[[[baseCall]+0x1C]+0x18]+0x8]+0x404]
Inventory window X pos = [[[[[[baseCall]+0x1C]+0x18]+0x8]+0x404]+0x98]
Inventory window Y pos = [[[[[[baseCall]+0x1C]+0x18]+0x8]+0x404]+0x9C]
Inv Window Open flag = [[[[[[baseCall]+0x1C]+0x18]+0x8]+0x404]+0x90]
Then you could do a calculation.
Horizontal distance from the left side of the inventory window the left side of the first inventory item = 28 pixels
Vertical distance from top of inventory window to top of first item inventory item = 314 pixels
Inventory icons = 32 x 32 pixels
Horizontal spacing between inventory icons = 1 pixel
Vertical spacing between inventory icons = 2 pixels
So from those values you could calculate the bounds of each element in the inventory something like:
Code:
for i = 0 to maxSlots
{
boxes[i][left] = 28 + (i % 8) * (iconWidth + horizSpacing)
boxes[i][top] = 314 + (int)(i / 8) * (iconHeight + vertSpacing)
}
to get the positions relative to the inventory window, then add the window x,y to get the positions relative to the game window.
As for whether they are visible, I'd suggest finding the offsets that determine whether you are in scrolled or docked mode and if you're in scrolled mode, perhaps try to find where the value of the scrollbar position is stored and do a calculation from that.
I had just started looking for the scrolled / docked / scrollbar offsets but I ran out of lunch break :P
Although I think at one point when changing the scrollbar, I think I did glance upon a changing list of item objects although I didn't get time to investigate.
If you're doing GUI based stuff, here are a few other offsets you will undoubtedly find useful:
guiBase0 = [[[baseCall]+0x1C]+0x18]
guiBase1 = [[[[baseCall]+0x1C]+0x18]+0x8]
guiHoverOuterObj = [[[[baseCall]+0x1C]+0x18]+0x244]
guiHoverInnerObj = [[[[baseCall]+0x1C]+0x18]+0x248]
Those last two are particularly useful for finding gui object pointers. Just hover over them and read off the values.
The guiHoverInnerObj shows the object pointer for controls within gui windows / objects.
Hover over your inventory items and it looks like it actually returns the item objects? I might be wrong and again I didn't have time to investigate further.
Hope this helps ^^
|
|
|
|
|
09/07/2011, 18:02
|
#10
|
elite*gold: 0
Join Date: Mar 2010
Posts: 862
Received Thanks: 576
|
Wow, that certainly looks promising
I have in fact coded the window above in using a D3D8 endscene hook . The dll loads the images in separately though, so i dont use them directly from the game files. Im on my phone right now, but ill definitely have a look at what you posted when i get home, thanks!
Edit; i currently intercept Windows messages to detect whether a user clicked a button but it might be hard to prevent qn item to fall on the ground or staying stuck under the cursor unless i find. The pointer to the object currently. being dragged so i can null it somehow
|
|
|
|
|
09/07/2011, 19:41
|
#11
|
elite*gold: 10
Join Date: Sep 2010
Posts: 400
Received Thanks: 234
|
As for the accidental item dropping thing, perhaps you could inject an escape key? If you drag an item out of your inventory and hit esc it cancels the drag
Or, I wonder if it might be possible to see how the mechanism works when, for example you drag an item into another window such as when you drag an item into the slot for refining / imbuing / manufacturing?
In fact I just had a look and it seems if you drag an inventory item onto any other gui object and release the mouse, it returns it to your inventory. If guiHoverInnerObj != 0 then maybe it does some other trickery to drop it there.
Perhaps it simply checks if guiHoverOuterObj == 0, so if you can make your interface seem like a real in game interface, you might be in luck :P
Glass is always half full eh?
That endscene stuff sounds awesome btw. I'd have no idea where to even start with something like that!
|
|
|
|
|
09/07/2011, 20:24
|
#12
|
elite*gold: 0
Join Date: Mar 2010
Posts: 862
Received Thanks: 576
|
lmao, I never realised the escape key did that XD
thanks for that :O
That oughta simplify this
I'll post the program / source code once I've cleaned it up a little It's my first real work in C++ so I'm prollly lacking a bit in memory management.... Oh and for endscene hooking, there should be plenty of guides available through google. PWI uses D3D8 that's all you need to know, as the method is the same regardless of the game as long you know the version of directx it uses
Quote:
Originally Posted by dumbfck
As for the accidental item dropping thing, perhaps you could inject an escape key? If you drag an item out of your inventory and hit esc it cancels the drag
Or, I wonder if it might be possible to see how the mechanism works when, for example you drag an item into another window such as when you drag an item into the slot for refining / imbuing / manufacturing?
In fact I just had a look and it seems if you drag an inventory item onto any other gui object and release the mouse, it returns it to your inventory. If guiHoverInnerObj != 0 then maybe it does some other trickery to drop it there.
Perhaps it simply checks if guiHoverOuterObj == 0, so if you can make your interface seem like a real in game interface, you might be in luck :P
Glass is always half full eh?
That endscene stuff sounds awesome btw. I'd have no idea where to even start with something like that! |
|
|
|
|
|
09/08/2011, 00:58
|
#13
|
elite*gold: 10
Join Date: Sep 2010
Posts: 400
Received Thanks: 234
|
Small update:
The scroll / dock offset is: [[[[[[[baseCall]+0x1C]+0x18]+0x8]+0x404]+0x214]+0x78]
This is a single byte, 1 for scroll, 0 for dock.
The scroll bar position is:
[[[[[[[baseCall]+0x1C]+0x18]+0x8]+0x404]+0x214]+0x140]
This is a value between 0-4
0 shows items 0-31
1 shows items 8-39
2 shows items 16-47
3 shows items 24-55
4 shows items 32-63
That should simplify things a bit :P
Seems to be another value that changes too when adjusting the scrollbar. Not sure what these numbers correlate to though.
[[[[[[[baseCall]+0x1C]+0x18]+0x8]+0x404]+0x214]+0x12C]
Position 0 = 0xF = 15d
Position 1 = 0x22 = 34d
Position 2 = 0x35 = 53d
Position 3 = 0x48 = 72d
Position 4 = 0x5C = 92d
Edit: It's the position of the scrolly thingy relative to the top of the control- Prolly not very useful lol
|
|
|
|
|
09/08/2011, 01:27
|
#14
|
elite*gold: 0
Join Date: Mar 2010
Posts: 862
Received Thanks: 576
|
Wow, you work fast
I posted my lil tool in a separate thread with source included in case you're interested
I'll see how to integrate proper dragging and dropping items later, shouldn't be too hard
|
|
|
|
|
10/25/2011, 17:55
|
#15
|
elite*gold: 0
Join Date: Sep 2008
Posts: 24
Received Thanks: 0
|
hi dumbfck,
I got a little idea about EP buffer for TW.. can we targeting people that whispering to us? if that possible, can you teach me how to make it? Idk how to start from..
|
|
|
|
 |
|
Similar Threads
|
PWI - Guide for SENDING Chat messages [C# and AutoIt examples included]
09/16/2013 - PW Hacks, Bots, Cheats, Exploits - 32 Replies
Ok, so some time ago I posted a guide for finding the offsets to read chat messages from within the game, which sparked some interest and seems to have proved useful in a couple of bots for PM detection.
Around the time I figured that stuff out, I had tried a few times to work out how to send messages too, but never quite got there. Well, it seems taking a short break has helped because I've finally figured it out http://www.elitepvpers.com/forum/images/smilies/bi ggrin.gif
Sure,...
|
PWI - Guide for finding chat message offsets - C# code included
03/23/2013 - PW Hacks, Bots, Cheats, Exploits - 179 Replies
I've been lurking here for a while, so I figured it's time I contributed. I've seen several requests for this around this forum, including from the Prophets, so here goes; my guide to finding and traversing chat messages / objects in PWI.
Load up PWI from fresh (don't just relog, physically start a new client because the last chat index isn't reset by a relog)
Open CE before actually logging your character in and attach it to the process. Set up a scan ready to do a search for a 4 byte...
|
Need Help: AutoIt Code to Examine Contents of Chat Window
10/14/2010 - Perfect World - 0 Replies
I'd like to develop some AutoIt code that looks at the chat window and puts up a window or beeps when a user defined string is presented.
Can anyone help me out?
|
[Release]-omtheWorld System (Hack Pack Included)
12/17/2007 - GunZ - 0 Replies
- omtheWorld System + Others
Includes:
- Weapon Damage.
(All Swords, Daggers, Some Guns
- Weapon Delay.
(All Swords, Daggers, Some Guns
- Clip Sizes.
|
All times are GMT +1. The time now is 16:12.
|
|
