PDA

View Full Version : Interception with DirectX



Pages : [1] 2

Mato
05-23-2012, 02:05 PM
DirectX Interception
Status: Creating plugin for simba and working on the connection part

http://i48.tinypic.com/2gtc2l1.png


What is it?
It allows us to read the data that runescape client sends to the graphics card. That way we can identify each drawn object with an ID that the program creates automatically from the model and get its exact screen position. We can also get the vertex data of the ground we are standing on from a pretty large area and that way we can search for a specific point on the map and get our players relative position to it.



Features:

Accurate object finding with IDs
Perfect uptext reading, never messes up the letters
Searching inventory for specific item
New ChooseOption function, same precision as the uptext reading
New MakeCompass function that can set your minimap to the angle you want +- 1 degree
Accurate specific spot finding from the currently loaded minimap area
Accurate walking along created path
+ More features will come after getting this working with Simba

Home
05-23-2012, 02:13 PM
Looks awesome mate! I can't wait t see the source :)

~Home

Sin
05-23-2012, 02:15 PM
This actually looks really nice! Can't wait till you show us what you can do!

weequ
05-23-2012, 02:23 PM
Hey looks great. Does this limit the bots you can use to 1 or could you use multiple?

J J
05-23-2012, 02:28 PM
Looks interesting indeed. Good luck on getting the co-ordinates working!

Frement
05-23-2012, 02:32 PM
Hey looks great. Does this limit the bots you can use to 1 or could you use multiple?

You can have multiple, when you instantiate the hook you can create a unique identifier which then is bound to one plugin. I think it's even possible to use SMART's PID to identify which game is which.

Shatterhand
05-23-2012, 03:41 PM
LOL shocking first post. Nice, keep it going. :)

Slone
05-23-2012, 03:51 PM
This looks promising! Is there any benefits from using this?

Mato
05-23-2012, 04:06 PM
It uses very much less cpu than if you would search the screen and find an object by color + its probably faster + its more accurate + requires less updating.

If runescape is updated for example, many people have to update their scripts colors and so on but this uses only the object shape for searching, so with this all you have to do is walk next to the object, see whats the new ID and put that to script and it works again. And that is required only if the object models are updated, which happens rarely if ever because its much work for jagex to update all models and then we look for the new ID's in an hour.

Slone
05-23-2012, 04:15 PM
Hmm, so would i be right in saying that it would have to pull the shape from some database?

Mato
05-23-2012, 04:22 PM
It doesnt need any databases, when runescape client sends directx a command to render a chicken for example, my program detects that and sees how many points and triangles the chicken is made of. It combines them to make the ID for the object which is 74005 for chicken. When a new object is made to runescape it will automatically give it its own ID without me adding it to the code or anywhere else.

A database can be made to store the ID's for different objects if wanted but its not required.

blinkblink
05-23-2012, 04:24 PM
You are headed in the right direction on where simba should be working with next

Slone
05-23-2012, 05:28 PM
Oh very nice! I look forward to seeing what your capable of ;)

Sex
05-23-2012, 05:31 PM
Awesome :). Just don't leave us like silentwolf ;).

Mato
05-23-2012, 05:42 PM
Dont worry, in 2 weeks my summer holiday starts and lasts for 2 and half months so i have alot of time to work on this :)

wasfer
05-23-2012, 06:49 PM
This is really nice, good luck with this!:)

Mark
05-23-2012, 07:38 PM
Looking good.
Eager to test a beta version when ready.

n3ss3s
05-23-2012, 07:49 PM
saus

Hazzah
05-23-2012, 08:49 PM
This looks really impressive! What programming languages do you know?

[XoL]
05-23-2012, 11:21 PM
Wow very impressive, looking forward to seeing source and further development :)

Sirenia
05-24-2012, 07:34 AM
Could this work like reflection did?

Recursive
05-24-2012, 08:00 AM
If this works, does that mean dung bot is do-able?

EDIT: Yay 200 Posts :D

John
05-24-2012, 08:13 AM
:O
Awesome.

Olly
05-24-2012, 02:17 PM
[QUOTE=Chig;1028985]If this works, does that mean dung bot is do-able?

Dung bot is do-able without it lol

putonajonny
05-24-2012, 02:27 PM
Wow, really looking forward to hearing more about this

Mato
05-24-2012, 02:31 PM
I have worked on text recognition today, i already found the function that is used to draw all 2D sprites and text. Ill try to make some system to identify all the letters now.

E: And with same system inventory items too.

Sirenia
05-24-2012, 04:04 PM
But when Optimus would land, will this be unaffected right ?

Mato
05-24-2012, 04:47 PM
If they dont disable DirectX totally it will work.

I managed to access the sprite data before it is drawn and saved them as images. I found a font sprite that contains all the letters that uptext can contain + a whole minimap image from a pretty large area:

http://i45.tinypic.com/2d767aw.jpg

With the minimap i could make a very precise positioning system. If i can get the coordinates of what part of the minimap is drawn currently i can get the exact position of the player in the minimap coordinates. That way i can store for example walking path in minimap coords and make the player walk it very precisely without the risk of misswalking. Sounds good to me.

Frement
05-24-2012, 04:51 PM
If they dont disable DirectX totally it will work.

I managed to access the sprite data before it is drawn and saved them as images. I found a font sprite that contains all the letters that uptext can contain + a whole minimap image from a pretty large area:

http://i45.tinypic.com/2d767aw.jpg

With the minimap i could make a very precise positioning system. If i can get the coordinates of what part of the minimap is drawn currently i can get the exact position of the player in the minimap coordinates. That way i can store for example walking path in minimap coords and make the player walk it very precisely without the risk of misswalking. Sounds good to me.

The minimap is actually rendered from 4 chunks.

Like this: (EDIT: Takes a while to load the GIF)
http://www.frement.net/srl/interception/minimap.gif

Mato
05-24-2012, 05:02 PM
Because the minimap i got is in 1 piece it means it was drawn in just 1 call to the drawing function so what do you mean by 4 chunks?

n3ss3s
05-24-2012, 07:59 PM
Btw what'd you use to debug the DirectX calls RuneScape makes?

Frement
05-24-2012, 08:02 PM
Because the minimap i got is in 1 piece it means it was drawn in just 1 call to the drawing function so what do you mean by 4 chunks?

It might just be the OpenGL then. I haven't personally hooked DirectX.

Hazzah
05-25-2012, 12:14 AM
It might just be the OpenGL then. I haven't personally hooked DirectX.

Doesn't it depend on where you are standing on what hunks are loaded? like if someone was standing towards the center of Mato's image, wouldn't all four chunks load then and show as a single loaded chunk?

Mato
05-25-2012, 04:15 AM
I debug the functions by just adding the hook of the function i want, for example DrawIndexedPrimitive that is used to draw all the 3D models and then adding a hotkey to it. When i press the hotkey it will return D3D_OK which means like drawing succesfull and then i see it directly in the game what isnt drawn. This is just for drawing functions ofc but i dont use any other programs for this.

Ill get more minimap images today so i will see about the chunk thing.

grats
05-25-2012, 04:46 AM
If this works, does that mean dung bot is do-able?

EDIT: Yay 200 Posts :D

Would make it quite a bit easier, yes


Awesome :). Just don't leave us like silentwolf ;).

Mato
05-25-2012, 12:55 PM
My computers harddrive decided to break today, dont worry i had a backup of everything but it might take a few days to get back working on this.

Nava2
05-25-2012, 01:06 PM
Just a warning to everyone, please do NOT use any precompiled binaries without having either source or the approval of a staff member.

This looks good though, but why not hook OpenGL, that way its cross platform?

Olly
05-25-2012, 01:19 PM
If they dont disable DirectX totally it will work.

I managed to access the sprite data before it is drawn and saved them as images. I found a font sprite that contains all the letters that uptext can contain + a whole minimap image from a pretty large area:

http://i45.tinypic.com/2d767aw.jpg

With the minimap i could make a very precise positioning system. If i can get the coordinates of what part of the minimap is drawn currently i can get the exact position of the player in the minimap coordinates. That way i can store for example walking path in minimap coords and make the player walk it very precisely without the risk of misswalking. Sounds good to me.

Woah map the whole runescape with that :P would make sps alot more accurate :)

Frement
05-25-2012, 01:39 PM
I debug the functions by just adding the hook of the function i want, for example DrawIndexedPrimitive that is used to draw all the 3D models and then adding a hotkey to it. When i press the hotkey it will return D3D_OK which means like drawing succesfull and then i see it directly in the game what isnt drawn. This is just for drawing functions ofc but i dont use any other programs for this.

Ill get more minimap images today so i will see about the chunk thing.

Could you PM me (or just post here) some sources? I'd really love to see how you do the hooking :)

And out of curiosity, do you hook the gfx drivers directly, d3d9.dll or jagdx.dll?

Mato
05-25-2012, 02:13 PM
I didnt hook OpenGL because firstly i didnt find any DirectX hooks so it was like a challenge for me and second i dont have any experience with OpenGL so with that it would have taken much longer to achieve the same as what i have done now.

I will post some cleaned up code after i get my own computer running again, i should get a new harddrive tomorrow and then i will have to install windows again + visual studio + bla bla bla...

And i hook the d3d9.dll

Bobzilla69
05-25-2012, 02:31 PM
I didnt hook OpenGL because firstly i didnt find any DirectX hooks so it was like a challenge for me and second i dont have any experience with OpenGL so with that it would have taken much longer to achieve the same as what i have done now.

I will post some cleaned up code after i get my own computer running again, i should get a new harddrive tomorrow and then i will have to install windows again + visual studio + bla bla bla...

And i hook the d3d9.dll

can i suggest setting up a github for it that way you can show your work and not worry to much about loosing it.

i think you can also make it private if you are worried about people stealing stuff

litoris
05-25-2012, 02:48 PM
Hell, this could be the future of botting. Getting the minimap images only would allow us to do so much more.

Olly
05-25-2012, 06:42 PM
Can you read any camera pos with direct x?

like if you open the command thing and type in "getcamerapos"
It comes up with http://puu.sh/wIQs

would you be able to get any of that with directx? just wondering :P

Brandon
05-25-2012, 07:14 PM
Just a warning to everyone, please do NOT use any precompiled binaries without having either source or the approval of a staff member.

This looks good though, but why not hook OpenGL, that way its cross platform?

DirectX is always going to be a ton faster than OpenGL.. OpenGL doesn't converse directly with the screen buffer.. DirectX has Direct access to the screen buffers at least for colouring and rendering graphics; learned that in game programming.

Bobarkinator
05-25-2012, 07:18 PM
DirectX is always going to be a ton faster than OpenGL.. OpenGL doesn't converse directly with the screen buffer.. DirectX has Direct access to the screen buffers at least for colouring and rendering graphics; learned that in game programming.

But not cross platform.

Mato
05-25-2012, 08:05 PM
No, i cannot get the exact camera position because the vertex shader doesnt have it as variable. It has only the WorldViewProjection matrix that i use to calculate the screen coordinates of the drawn object but i cannot get the view position because i would need only the View matrix, nothing else combined to it.

Mark
05-25-2012, 08:42 PM
So can you use what you have now to detect coords of npc's ,objects,items?.

Would really love to see the source for this also

Mato
05-25-2012, 09:02 PM
I can find the coords on anything on the mainscreen but sprite recognition isnt done yet.

Frement
05-26-2012, 12:52 PM
I'm only interested in the way you hook the functions. That is the only thing I ask, I don't need the whole source code. Just for my curiosity ;)

Mato
05-26-2012, 04:08 PM
I got the harddrive today morning and im at my own computer now :)

Here is the current code for main.cpp:


#define _WINSOCKAPI_
#include <windows.h>
#include <winsock2.h>
#include <iostream>
#include <d3d9.h>
#include <d3dx9.h>

#include "vTable.h"
#include "dxhook_proto.h"

#pragma comment(lib, "WS2_32.lib")
#pragma comment(lib, "d3d9.lib")
#pragma comment(lib, "d3dx9.lib")

//#define HOOK_SEND
//#define LOG_PACKETS

#define CHICKEN (ID == 26870121)
#define BANK_DESK (ID == 7500)
#define DEPOSIT_BOX (ID == 13110)
#define BONES (ID == 11010136)
#define ORE_ROCK (ID == 27787767 || ID == 20316628 || ID == 25231890)
#define COW (ID == 61998039 || ID == 61211546 || ID == 61211521)

bool logNextFrame = false;
bool logging = false;
POINT *logObjects = NULL;
UINT numObjects = 0;
UINT maxObjects = 0;
DWORD searchID = 0;

bool drawIDs = false;

typedef int(WINAPI *send_t)(SOCKET, char *, int, int);

DWORD WINAPI Thread(LPVOID lpParam);
void* DetourFunc(BYTE *src, const BYTE *dst, const int len);
void DrawTextF(D3DCOLOR color, int x, int y, const char *fmt, ...);
void DrawRect(LPDIRECT3DDEVICE9 pDevice, int x, int y, int w, int h, BYTE r, BYTE g, BYTE b);
bool Compare(const BYTE* pData, const BYTE* bMask, const char* szMask);
DWORD FindPattern(DWORD dwAddress, DWORD dwLen, BYTE *bMask, char * szMask);
void doDisassembleShader(LPDIRECT3DDEVICE9 pDevice, char* FileName);

void FindRSWindow();
BOOL CALLBACK EnumChildProc(HWND hwnd, LPARAM lParam);
BOOL CALLBACK EnumWindowProc(HWND hwnd, LPARAM lParam);
void WindowToScreen(HWND hWnd, POINT &wnd, POINT &scrn);

#ifdef HOOK_SEND
int WINAPI hk_send(SOCKET s, char *buf, int len, int flags);

send_t o_send;

SOCKET sckt;
int flgs;
#endif

HWND hWnd = NULL;
LPD3DXFONT font = NULL;
LPDIRECT3DBASETEXTURE9 tex = NULL;

D3DXVECTOR3 mmCoords(0, 0, 0);

Present_t oPresent;
DrawIndexedPrimitive_t oDrawIndexedPrimitive;
DrawPrimitive_t oDrawPrimitive;
BeginScene_t oBeginScene;
EndScene_t oEndScene;

HRESULT WINAPI hkPresent(LPDIRECT3DDEVICE9 pDevice, RECT* pSourceRect, RECT* pDestRect, HWND hDestWindowOverride, RGNDATA *pDirtyRegion);
HRESULT WINAPI hkDrawIndexedPrimitive(LPDIRECT3DDEVICE9 pDevice, D3DPRIMITIVETYPE Type, int BaseVertexIndex, UINT MinIndex, UINT NumVertices, UINT StartIndex, UINT PrimitiveCount);
HRESULT WINAPI hkDrawPrimitive(LPDIRECT3DDEVICE9 pDevice, D3DPRIMITIVETYPE PrimitiveType, UINT StartVertex, UINT PrimitiveCount);
HRESULT WINAPI hkBeginScene(LPDIRECT3DDEVICE9 pDevice);
HRESULT WINAPI hkEndScene(LPDIRECT3DDEVICE9 pDevice);

#pragma pack(push)
#pragma pack(1)

//structs here...

#pragma pack(pop)

BOOL WINAPI DllMain(HINSTANCE hModule, DWORD dwReason, LPVOID reserved)
{
if(dwReason == DLL_PROCESS_ATTACH)
{
DisableThreadLibraryCalls(hModule);

#ifdef HOOK_SEND
DWORD addr_send = (DWORD)GetProcAddress(GetModuleHandle("WS2_32.dll"), "send");
o_send = (send_t)DetourFunc((PBYTE)addr_send, (PBYTE)hk_send, 5);
#endif

while(GetModuleHandleA("d3d9.dll") == 0)
Sleep(200);
DWORD DXBase = (DWORD)GetModuleHandle("d3d9.dll");
DWORD Pattern = FindPattern(DXBase, 0x128000, (PBYTE)"\xC7\x06\x00\x00\x00\x00\x89\x86\x00\x00\x00\x00\x 89\x86", "xx????xx????xx");
DWORD* vTable = NULL;
memcpy(&vTable, (void*)(Pattern+2), 4);

oPresent = (Present_t)DetourFunc((BYTE*)vTable[PRESENT], (BYTE*)hkPresent, 5);
oDrawIndexedPrimitive = (DrawIndexedPrimitive_t)DetourFunc((BYTE*)vTable[DRAWINDEXEDPRIMITIVE], (BYTE*)hkDrawIndexedPrimitive, 5);
oDrawPrimitive = (DrawPrimitive_t)DetourFunc((BYTE*)vTable[DRAWPRIMITIVE], (BYTE*)hkDrawPrimitive, 5);
oBeginScene = (BeginScene_t)DetourFunc((BYTE*)vTable[BEGINSCENE], (BYTE*)hkBeginScene, 5);
oEndScene = (EndScene_t)DetourFunc((BYTE*)vTable[ENDSCENE], (BYTE*)hkEndScene, 5);

CreateThread(NULL, NULL, (LPTHREAD_START_ROUTINE)Thread, NULL, NULL, NULL);

FindRSWindow();
}
return TRUE;
}

DWORD WINAPI Thread(LPVOID lpParam)
{
return 0;

for(;;)
{
Sleep(50);
}

return 0;
}

#ifdef HOOK_SEND
int WINAPI hk_send(SOCKET s, char *buf, int len, int flags)
{
sckt = s;
flgs = flags;

#ifdef LOG_PACKETS
if(len != 1 && len != 15 && len != 11 && len != 3)
{
FILE *file = NULL;
fopen_s(&file, "C:\\Users\\(your computer name)\\Desktop\\packetLog.txt", "a");
if(file)
{
fprintf(file, "Packet sent with length %i; first byte 0x%.2X\n", len, (DWORD)buf[0]);
fclose(file);
MessageBox(NULL, "pause", "foo", MB_OK);
}
}
#endif

return o_send(s, buf, len, flags);
}
#endif

HRESULT WINAPI hkPresent(LPDIRECT3DDEVICE9 pDevice, RECT* pSourceRect, RECT* pDestRect, HWND hDestWindowOverride, RGNDATA *pDirtyRegion)
{
return oPresent(pDevice, pSourceRect, pDestRect, hDestWindowOverride, pDirtyRegion);
}

HRESULT WINAPI hkDrawIndexedPrimitive(LPDIRECT3DDEVICE9 pDevice, D3DPRIMITIVETYPE Type, int BaseVertexIndex, UINT MinIndex, UINT NumVertices, UINT StartIndex, UINT PrimitiveCount)
{
DWORD ID = NumVertices | (PrimitiveCount << 16);

/*UINT stride;
UINT offset;
LPDIRECT3DVERTEXBUFFER9 buffer; //after the GetStreamSource() call this can be used to get the model vertices
pDevice->GetStreamSource(0, &buffer, &offset, &stride);*/

/*static bool once = true;
if(once)
{
once = false;
doDisassembleShader(pDevice, "C:\\Users\\(your computer name)\\Desktop\\shader.txt");
}*/

if(COW)
pDevice->SetRenderState(D3DRS_FILLMODE, D3DFILL_WIREFRAME);

D3DXMATRIX WVP;
pDevice->GetVertexShaderConstantF(0, (float*)&WVP, 4);
D3DXMatrixTranspose(&WVP, &WVP);

D3DXVECTOR3 out;
D3DXVECTOR3 in(0, 0, 0);
D3DXVec3TransformCoord(&out, &in, &WVP);

D3DVIEWPORT9 viewport;
pDevice->GetViewport(&viewport);

out.x = (out.x + 1.0f) * viewport.Width * 0.5f + viewport.X;
out.y = (1.0f - out.y) * viewport.Height * 0.5f + viewport.Y;

int x = (int)out.x;
int y = (int)out.y;

if(logging && ID == searchID && numObjects < maxObjects)
{
logObjects[numObjects].x = x;
logObjects[numObjects].y = y;
numObjects++;
}

if(drawIDs && out.x >= 0.0f && out.x <= (float)viewport.Width && out.y >= 0.0f && out.y <= (float)viewport.Height)
{
DrawTextF(D3DCOLOR_XRGB(0, 255, 0), x, y, "%u", ID);
}

HRESULT result = oDrawIndexedPrimitive(pDevice, Type, BaseVertexIndex, MinIndex, NumVertices, StartIndex, PrimitiveCount);
pDevice->SetRenderState(D3DRS_FILLMODE, D3DFILL_SOLID);
return result;
}

HRESULT WINAPI hkDrawPrimitive(LPDIRECT3DDEVICE9 pDevice, D3DPRIMITIVETYPE PrimitiveType, UINT StartVertex, UINT PrimitiveCount)
{
if(GetAsyncKeyState(VK_NUMPAD3) & 0x8000)
return D3D_OK;

if(GetAsyncKeyState(VK_INSERT) & 0x8000)
{
doDisassembleShader(pDevice, "C:\\Users\\(your computer name)\\Desktop\\hkDrawPrimitive_shader.txt");
MessageBox(NULL, "done", "hkDrawPrimitive", MB_OK);
}

/*static int numTexturesSaved = 0;
static int numTexturesToSave = 2000;
if(numTexturesSaved < numTexturesToSave)
{
if(SUCCEEDED(pDevice->GetTexture(0, &tex)))
{
char buff[512];
memset(buff, 0, 512);
sprintf_s(buff, 512, "C:\\Users\\(your computer name)\\Desktop\\textures\\texture_%i.dds", numTexturesSaved);
D3DXSaveTextureToFile(buff, D3DXIFF_DDS, tex, NULL);
numTexturesSaved++;
tex->Release();
}
}*/

if(SUCCEEDED(pDevice->GetTexture(0, &tex)))
{
LPDIRECT3DTEXTURE9 _tex = (LPDIRECT3DTEXTURE9)tex;
D3DSURFACE_DESC desc;
if(SUCCEEDED(_tex->GetLevelDesc(0, &desc)))
{
if(desc.Width == 512 && desc.Height == 512)
{
D3DXMATRIX m;
if(SUCCEEDED(pDevice->GetVertexShaderConstantF(0, (float*)&m, 4)))
{
D3DXMatrixTranspose(&m, &m);

D3DXVECTOR3 out;
D3DXVECTOR3 in(1.0f, -1.0f, 0);
D3DXVec3TransformCoord(&out, &in, &m);

mmCoords = out;
}
}
}
tex->Release();
}

return oDrawPrimitive(pDevice, PrimitiveType, StartVertex, PrimitiveCount);
}

HRESULT WINAPI hkBeginScene(LPDIRECT3DDEVICE9 pDevice)
{
static bool init = false;
if(!init)
{
init = true;
D3DXCreateFontA(pDevice, 12, 0, FW_NORMAL, 0, FALSE, DEFAULT_CHARSET, OUT_DEFAULT_PRECIS, ANTIALIASED_QUALITY, DEFAULT_PITCH | FF_DONTCARE, "Verdana", &font);
}

if(GetAsyncKeyState(VK_NUMPAD1) & 0x8000)
{
drawIDs = !drawIDs;
while(GetAsyncKeyState(VK_NUMPAD1) & 0x8000)
Sleep(25);
}

if(logNextFrame)
{
logNextFrame = false;
logging = true;
}

return oBeginScene(pDevice);
}

HRESULT WINAPI hkEndScene(LPDIRECT3DDEVICE9 pDevice)
{
logging = false;

DrawTextF(D3DCOLOR_XRGB(0, 255, 0), 10, 30, "(%f, %f)", mmCoords.x, mmCoords.y);

return oEndScene(pDevice);
}

void DrawTextF(D3DCOLOR color, int x, int y, const char *fmt, ...)
{
if(font == NULL)
return;

va_list args;
va_start(args, fmt);
char buff[512];
memset(buff, 0, 512);
vsprintf_s(buff, 512, fmt, args);
va_end(args);

RECT rct;
SetRect(&rct, x, y - 20, x + 500, y + 20);
font->DrawTextA(NULL, buff, -1, &rct, DT_LEFT | DT_VCENTER, color);
}

void DrawRect(LPDIRECT3DDEVICE9 pDevice, int x, int y, int w, int h, BYTE r, BYTE g, BYTE b)
{
D3DCOLOR RctColor = D3DCOLOR_XRGB(r, g, b);
D3DRECT Rct = { x, y, x + w, y + h };
pDevice->Clear(1, &Rct, D3DCLEAR_TARGET | D3DCLEAR_TARGET, RctColor, 0, 0);
}

void* DetourFunc(BYTE *src, const BYTE *dst, const int len)
{
BYTE *jmp = (BYTE*)VirtualAlloc(NULL, len+5, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
DWORD dwback, dwback2;

VirtualProtect(src, len, PAGE_READWRITE, &dwback);
VirtualProtect(jmp, len+5, PAGE_READWRITE, &dwback2);

memcpy(jmp, src, len); jmp += len;

jmp[0] = 0xE9;
*(DWORD*)(jmp+1) = (DWORD)(src+len - jmp) - 5;

src[0] = 0xE9;
*(DWORD*)(src+1) = (DWORD)(dst - src) - 5;

VirtualProtect(jmp, len+5, dwback2, &dwback2);
VirtualProtect(src, len, dwback, &dwback);

return (jmp-len);
}

bool Compare(const BYTE* pData, const BYTE* bMask, const char* szMask)
{
for(; *szMask; ++szMask, ++pData, ++bMask)
if(*szMask == 'x' && *pData != *bMask) return 0;
return (*szMask) == NULL;
}

DWORD FindPattern(DWORD dwAddress, DWORD dwLen, BYTE *bMask, char * szMask)
{
for(DWORD i = 0; i < dwLen; i++)
if(Compare((BYTE*)(dwAddress + i), bMask, szMask)) return (DWORD)(dwAddress + i);
return 0;
}

void doDisassembleShader(LPDIRECT3DDEVICE9 pDevice, char* FileName)
{
FILE* oLogFile = NULL;
fopen_s(&oLogFile, FileName, "w");

if (oLogFile == NULL)
{
MessageBox(NULL, "Failed to open file", "ERROR", MB_OK);
return;
}

IDirect3DVertexShader9* pShader;

pDevice->GetVertexShader(&pShader);

UINT pSizeOfData;

pShader->GetFunction(NULL, &pSizeOfData);

BYTE* pData = new BYTE[pSizeOfData];

pShader->GetFunction(pData,&pSizeOfData);

LPD3DXBUFFER bOut;

D3DXDisassembleShader(reinterpret_cast<DWORD*>(pData),NULL,NULL,&bOut);

fprintf(oLogFile, "%s", (LPSTR)bOut->GetBufferPointer());

fclose(oLogFile);
delete[] pData;
pShader->Release();

MessageBox(NULL, "Made file", "", MB_OK);
}

void FindRSWindow()
{
EnumWindows(EnumWindowProc, 0);
if(hWnd == NULL)
{
MessageBox(NULL, "Failed to find RS window", "info", MB_OK);
ExitProcess(0);
}
}

BOOL CALLBACK EnumChildProc(HWND hwnd, LPARAM lParam)
{
RECT rct;
GetClientRect(hwnd, &rct);
if((rct.right-rct.left) == 765 && (rct.bottom-rct.top) == 503)
{
hWnd = hwnd;
return FALSE;
}
return TRUE;
}

BOOL CALLBACK EnumWindowProc(HWND hwnd, LPARAM lParam)
{
EnumChildWindows(hwnd, EnumChildProc, 0);
if(hWnd)
return FALSE;
return TRUE;
}

void WindowToScreen(HWND hWnd, POINT &wnd, POINT &scrn)
{
WINDOWINFO info;
memset(&info, 0, sizeof(info));
info.cbSize = sizeof(WINDOWINFO);
GetWindowInfo(hWnd, &info);

scrn.x = info.rcWindow.left + wnd.x;
scrn.y = info.rcWindow.top + wnd.y;
}

/*UINT GetObjectsByID(DWORD ID, POINT *pts, UINT maxPoints, bool sortByDistance, POINT *center)
{
logObjects
}*/


Some of the functions are made by some other people like the FindPattern that are used by almost everybody in C++ hacking.

vTable.h:


enum D3D9_vTable
{
QUERYINTERFACE, //0
ADDREF, //1
RELEASE, //2
TESTCOOPERATIVELEVEL, //3
GETAVAILABLETEXTUREMEM, //4
EVICTMANAGEDRESOURCES, //5
GETDIRECT3D, //6
GET_DEVICE_CAPS, //7
GETDISPLAYMODE, //8
GETCREATIONPARAMETERS, //9
SETCURSORPROPERTIES, //10
SETCURSORPOSITION, //11
SHOW_CURSOR, //12
CREATEADDITIONALSWAPCHAIN, //13
GETSWAPCHAIN, //14
GETNUMBEROFSWAPCHAINS, //15
RESET, //16
PRESENT, //17
GETBACKBUFFER, //18
GETRASTERSTATUS, //19
SETDIALOGBOXMODE, //20
GETGAMMARAMP, //21
SETGAMMARAMP, //22
CREATETEXTURE, //23
CREATEVOLUMETEXTURE, //24
CREATECUBETEXTURE, //25
CREATEVERTEXBUFFER, //26
CREATEINDEXBUFFER, //27
CREATERENDERTARGET, //28
CREATEDEPTHSTENCILSURFACE, //29
UPDATESURFACE, //30
UPDATETEXTURE, //31
GETRENDERTARGETDATA, //32
GETFRONTBUFFERDATA, //33
STRETCHRECT, //34
COLORFILL, //35
CREATEOFFSCREENPLAINSURFACE, //36
SETRENDERTARGET, //37
GETRENDERTARGET, //38
SETDEPTHSTENCILSURFACE, //39
GETDEPTHSTENCILSURFACE, //40
BEGINSCENE, //41
ENDSCENE, //42
CLEAR, //43
SETTRANSFORM, //44
GETTRANSFORM, //45
MULTIPLYTRANSFORM, //46
SETVIEWPORT, //47
GETVIEWPORT, //48
SETMATERIAL, //49
GETMATERIAL, //50
SETLIGHT, //51
GETLIGHT, //52
LIGHTENABLE, //53
GETLIGHTENABLE, //54
SETCLIPPLANE, //55
GETCLIPPLANE, //56
SETRENDERSTATE, //57
GETRENDERSTATE, //58
CREATESTATEBLOCK, //59
BEGINSTATEBLOCK, //60
ENDSTATEBLOCK, //61
SETCLIPSTATUS, //62
GETCLIPSTATUS, //63
GETTEXTURE, //64
SETTEXTURE, //65
GETTEXTURESTAGESTATE, //66
SETTEXTURESTAGESTATE, //67
GETSAMPLERSTATE, //68
SETSAMPLERSTATE, //69
VALIDATEDEVICE, // 70
SET_PALETTE_ENTRIES, // 71
GET_PALETTE_ENTRIES, // 72
SETCURRENTTEXTUREPALETTE, // 73
GETCURRENTTEXTUREPALETTE, // 74
SETSCISSORRECT, // 75
GETSCISSORRECT, // 76
SETSOFTWAREVERTEXPROCESSING, // 77
GETSOFTWAREVERTEXPROCESSING, // 78
SETNPATCHMODE, // 79
GETNPATCHMODE, // 80
DRAWPRIMITIVE, // 81
DRAWINDEXEDPRIMITIVE, // 82
DRAWPRIMITIVEUP, // 83
DRAWINDEXEDPRIMITIVEUP, // 84
PROCESSVERTICES, // 85
CREATEVERTEXDECLARATION, // 86
SETVERTEXDECLARATION, // 87
GETVERTEXDECLARATION, // 88
SETFVF, // 89
GETFVF, // 90
CREATEVERTEXSHADER, // 91
SETVERTEXSHADER, // 92
GETVERTEXSHADER, // 93
SETVERTEXSHADERCONSTANTF, // 94
GETVERTEXSHADERCONSTANTF, // 95
SETVERTEXSHADERCONSTANTI, // 96
GETVERTEXSHADERCONSTANTI, // 97
SETVERTEXSHADERCONSTANTB, // 98
GETVERTEXSHADERCONSTANTB, // 99
SETSTREAMSOURCE, // 100
GETSTREAMSOURCE, // 101
SETSTREAMSOURCEFREQ, // 102
GETSTREAMSOURCEFREQ, // 103
SETINDICES, // 104
GETINDICES, // 105
CREATEPIXELSHADER, // 106
SETPIXELSHADER, // 107
GETPIXELSHADER, // 108
SETPIXELSHADERCONSTANTF, // 109
GETPIXELSHADERCONSTANTF, // 110
SETPIXELSHADERCONSTANTI, // 111
GETPIXELSHADERCONSTANTI, // 112
SETPIXELSHADERCONSTANTB, // 113
GETPIXELSHADERCONSTANTB, // 114
DRAWRECTPATCH, // 115
DRAWTRIPATCH, // 116
DELETEPATCH, // 117
CREATEQUERY, // 118
};


I got the vTable enum from some forum long time ago, no idea who is the original creator.

dxhook_proto.h:


#pragma once

typedef HRESULT(WINAPI *Present_t)(LPDIRECT3DDEVICE9 pDevice, RECT* pSourceRect, RECT* pDestRect, HWND hDestWindowOverride, RGNDATA *pDirtyRegion);

typedef HRESULT(WINAPI *DrawIndexedPrimitive_t)(LPDIRECT3DDEVICE9 pDevice, D3DPRIMITIVETYPE Type, int BaseVertexIndex, UINT MinIndex, UINT NumVertices, UINT StartIndex, UINT PrimitiveCount);
typedef HRESULT(WINAPI *DrawPrimitive_t)(LPDIRECT3DDEVICE9 pDevice, D3DPRIMITIVETYPE PrimitiveType, UINT StartVertex, UINT PrimitiveCount);

typedef HRESULT(WINAPI *BeginScene_t)(LPDIRECT3DDEVICE9 pDevice);
typedef HRESULT(WINAPI *EndScene_t)(LPDIRECT3DDEVICE9 pDevice);


Contains just the function porotypes for making pointers to them.

Create a new project, make the files there and compile as DLL and it should work. I use Visual Studio C++ 2008 express edition but it should compile with other versions too. And you need to have the DirectX sdk to have the include files for it to compile.

I also included the compiled version in attachments if someone wants to try it. Dont care about the name "packetHook" cause i tried to make it originally to hook runescapes packets sent to server and make a bot that way but didnt really get anywhere with it. To run it, start up runescape with the same settings as you use with simba (i havent tried with other settings) open the graphics options ingame and leave it there. Then start the RS_Injector.exe, it should say "Waiting for java.exe" and right after it "java.exe found bla bla bla...". After that you have 15 seconds time to change the graphics to use DirectX. This system is just cause with Vista and 7 the Start as admin screen makes the runescape client go to safe mode atleast for me so you have time to change it back before it injects.

After injection you know if it injected succesfully when two green numbers appear in the left upper corner, they are the minimap's current drawings position and rotation, i still have to work out how to get them to screen coordinates.

Its messy i know but i hope you get something out of it.


EDIT: Success! I can now get the coords in the minimap image of where your char is currently with 1 pixel tolerance! 1 tile in the ground is more than 1 pixel wide in minimap so it can get the exact tile on where you are standing on. I can also calculate very easily now the screen coordinates of where to click to get to some other spot, regardless of the minimap rotation. I can detect the minimap 'change' when you move out of the current image by the change in the coordinates too.

Mark
05-26-2012, 07:51 PM
Nice work will have a look when I get home hope there isn't anything suspicious going on in there ;)

Mato
05-26-2012, 08:01 PM
I can now set a point in the minimap to the code as x and y coordinate and it is able to calculate the screen coordinates for the same pixel in ingame minimap and click on it regardless of the direction you are looking at. Now i just have to work out how to make it walk well over those minimap image changes so it doesnt go to wrong direction.

Sirenia
05-26-2012, 10:42 PM
Could someone of higher knowledge confirm the .exe that Release.rar contains please? :/

Frement
05-26-2012, 11:25 PM
Could someone of higher knowledge confirm the .exe that Release.rar contains please? :/

The sources were clean as far as I'm concerned. Thought Mato, you might want to remove the sockets from your sources. I find them..well kind of disturbing.

Mato
05-27-2012, 04:54 AM
I know, i said it was messy cause i didnt clean it up and the send hook is disabled there atm, ill delete it today.

zmon
05-27-2012, 05:11 AM
It uses very much less cpu than if you would search the screen and find an object by color + its probably faster + its more accurate + requires less updating.

If runescape is updated for example, many people have to update their scripts colors and so on but this uses only the object shape for searching, so with this all you have to do is walk next to the object, see whats the new ID and put that to script and it works again. And that is required only if the object models are updated, which happens rarely if ever because its much work for jagex to update all models and then we look for the new ID's in an hour.

do they push entire 3d model or only visible surfaces? (i.e. will you get different model attributes from different angle?)

and nice - very nice :)

n3ss3s
05-27-2012, 05:34 AM
Meh, ran it and gave me 0.00's in the corner, probs did something wrong. Was in a VM that probs has an old ass DirectX installed so...

Mato
05-27-2012, 05:47 AM
The ID will stay the same when looking from any angle. It was probably your directx, i compiled this with june 2010 sdk so you need to have d3dx9_43.dll in the system files somewhere, it uses the d3dx library to do matrix math and save textures and some other stuff.

EDIT: I made a bit more code to the minimap coordinate system, it now uses a offset so that when the runescape loads a new minimap image the coordinates will stay the same. I will make it so that if you would be using for example a miner and banker with this, you would walk to some pre-defined spot and press a hotkey so that it resets the coordinates to (0, 0) at you. Then the script maker would have saved the walking points to the bank and mine and it could walk on them very long distances very accurately.

Ill next make some walking code and try to make it walk from place A to place B.

EDIT2: Walking works perfectly now. I hardcoded some points to the code and it walked from varrock to lumbridge 3 times, everytime with different looking angle.

Sirenia
05-27-2012, 02:36 PM
You could add the rar to the mainpost so nobody misses it :)

Mato
05-27-2012, 02:40 PM
I dont know if its worth adding to the mainpost, all you can do with it is see the float type coordinates of the minimap in the left upper corner and the object ID's so you can really do anything with it :P

And it isnt very easy to use yet.

Oh and did you try it and did it work for you?

Mark
05-27-2012, 03:49 PM
Good work mate have you created a function to return the coord(s) of the object ID's yet. Still aint had a look on pc yet and cant view whole code on phone for some reason.

And what I guess your using an exe to hook couldn't you have it in the dll and then called from simba?.

Starting to give me a bit motivation keep it up ;)

Mato
05-27-2012, 03:59 PM
The function to get the object ID's isnt ready yet, and the exe is used only to inject the dll to the process. I havent looked yet at how to make it work with simba, ill make the most important functions work fully before that.

Mark
05-27-2012, 04:07 PM
Using with simba shouldn't be a problem we can already call functions from dynamically loaded librarys for instance smart is library we use.

Sir Ducksworthy
05-27-2012, 07:36 PM
This is beautiful Nice work Mato

Sirenia
05-27-2012, 08:19 PM
Nope I couldnt get it to work at all actually :( I did what your post said and it told me it injecting and I changed to DirectX and all that good stuff but nothing happend :/

Mato
05-28-2012, 03:55 PM
You have to have 32 bit java also and you will need d3dx9_43.dll also if you dont have the lastest directx version.

I worked on inventory item recognition today and got it pretty good:
http://i48.tinypic.com/2gtc2l1.png

As you can see the items with basically same image such as ores and runes have the same ID because it generates the ID by counting the fully transparent pixels in the sprite. The colors change always little every time rs is restarted so i couldnt make a accurate ID for every individual item. But i think its good enough if your miner doesnt for example mine many different ores in one load.

Brandon
05-28-2012, 04:17 PM
Problem: Infinite loops for the "while(GetModuleHandleA("d3d9.dll") == 0)"

and the way you find the windows, if Jagex changes window size by just one pixel, you'd have to recompile your DLL :c
Other than that, looks nice.

Mato
05-28-2012, 04:28 PM
I know theres a infinite loop for finding d3d9.dll, but i cant really do it any other way. Thats just meant to wait until the dll is loaded, because my dll cant hook the directx functions before its loaded and without hooking them its useless.

And i dont think jagex is going to change the window size because then they would have to remake the border sprites so there wouldnt be any gaps between them. And if they did it, it would take me like 5min to find the new dimensions and recompile it.

I looked at other ways to find the rs window, but it didnt have any caption and the window class it uses isnt anyhow unique so i decided to use the dimensions to find it. If you know any other better solution let me know.

Frement
05-28-2012, 04:29 PM
Problem: Infinite loops for the "while(GetModuleHandleA("d3d9.dll") == 0)"

and the way you find the windows, if Jagex changes window size by just one pixel, you'd have to recompile your DLL :c
Other than that, looks nice.

We can inject it to SMART directly, so not a problem. When I was experimenting with OpenGL I had quite different way to hook the functions and inject it.

whaevr
05-28-2012, 05:41 PM
OHH gawd this looks very interesting!
Subscribed. c:

Sir Ducksworthy
05-29-2012, 08:46 AM
Mato that's awesome dude, with Item's with the Same Id's it wouldn't make any difference since they only need a ColorSpeedTolerance(0) 1 Pixel Color Check on each of them to Differentiate

Mato
05-30-2012, 11:29 AM
Uptext recognition is almost done, i will make it so it saves the uptext each frame and the function to get the uptext just returns a pointer to the uptext string so its really fast because it doesnt need any image recognition this way. It doesnt detect spaces in the string but that doesnt really matter.

Sirenia
05-30-2012, 01:15 PM
I dont think should be too much of a problem since in most cases you dont search for more then one word

sm321
05-30-2012, 03:15 PM
This seems like it is getting somewhere. There was talk of this after the first bot nuke, but no-one carried it on. Does this script/idea have anti-ban? You also seem like you are having fun too.

Frement
05-30-2012, 03:43 PM
Uptext recognition is almost done, i will make it so it saves the uptext each frame and the function to get the uptext just returns a pointer to the uptext string so its really fast because it doesnt need any image recognition this way. It doesnt detect spaces in the string but that doesnt really matter.

Could you update your first post with the current sources? Nice job by the way :)

kitchenrange
05-30-2012, 04:39 PM
This is fucking sweet, Similar to reflection without breaking any laws as far as I can tell.

Hopefully, someone doesn't take your idea and mass market it.

Very fast and nice work my friend.

Edit: Extra encouragement without double post :)

Mato
05-30-2012, 04:44 PM
Thanks for the support guys :)

I will update the sources after i get past a little problem with a vertex buffer locking for the uptext reading. The text reading itself works well but it crashes once in a while so i have to fix the problem, i already know what code snippet is causing it.

Hazzah
05-31-2012, 12:56 AM
This is showing some real promise! I look forward to its release so I can +Rep you!

Jakkle
05-31-2012, 10:21 AM
Truly great work. I have a feeling this will be big.
I really hope you keep up the work and like people have said, I hope you don't leave and let this project die.
Much appreciation, for everything your doing :thumbsup:
Rep + :)

Wizzup?
05-31-2012, 10:45 AM
can i suggest setting up a github for it that way you can show your work and not worry to much about loosing it.

i think you can also make it private if you are worried about people stealing stuff

Yeah, github sounds like a nice idea!


DirectX is always going to be a ton faster than OpenGL.. OpenGL doesn't converse directly with the screen buffer.. DirectX has Direct access to the screen buffers at least for colouring and rendering graphics; learned that in game programming.

Not really relevant; but they're close performance wise. And OpenGL is usually faster. Then again, in the end it usually comes down to the drivers (which are crippled for opengl on windows) and the engine.


------

I could help writing the Simba plugin at some point.

Hazzah
05-31-2012, 05:03 PM
I could help writing the Simba plugin at some point.

Wizzup? getting on board?!? :spot:

Brandon
05-31-2012, 05:12 PM
Not really relevant; but they're close performance wise. And OpenGL is usually faster. Then again, in the end it usually comes down to the drivers (which are crippled for opengl on windows) and the engine.


Ahh well he was asking why use OpenGL vs. DirectX. In terms of grabbing colours off the screen and rendering graphics, DirectX will always and I mean always be faster than OpenGL. May depend on the drivers somewhat but in most new games Dx wins. Every programming class I've ever been to for game programming has said that. Portability wise though.. OpenGL wins.

So it would have been better if this was started in OpenGL for the guys that use linux and mac. Although they can probably just use a windows partition or vmware.:spongebob:


I just wanna see the entire project :P

Mato
05-31-2012, 05:55 PM
As few people wanted to see the code ill post it here. Its VERY messy atm cause i have just been trying all kinds of things and so on. All the maincode is piled in 1 file so finding anything from there might be a little difficult :P

Once i get the uptext reading working well ill rewrite the whole thing and make it in multiple source files. The problem with the uptext reading is that the vertex buffer where i read the UV texture coordinates to get the drawn character is made with D3DUSAGE_WRITEONLY flag, so it crashes after a while if i try to read from it. I have to get CreateVertexBuffer hooked properly to change the flag at the creation, but it seems that runescape is using only 1 big vertex buffer for everything, so the buffer is obviously created at very early right after directx's module is loaded to the game. So i was trying to get DirectX hooked a bit different way by hooking Direct3DCreate9 which runescape uses to create the Direct3DDevice but something is undoing my hook after its made so its never called. Im wondering does jagex have some sort of antihook enabled at startup or what?

Im going sleeping now, lets see if i get this worked out tomorrow.

Heres the link for source: http://www.filefactory.com/file/2la3n8lfj6x/n/RS_packetHook_rar

Couldnt upload it as attachment cause it was over 1.4mb.

zmon
05-31-2012, 08:29 PM
ok let me see if i understand it - your main problem is that by the time you attach to have hooks for d3d9, the system was already initialized?

i was looking at the way smart 7 does the load and spent time browsing through jni docs and basically this might work

the java virtual machine runs within simba process, created by jni, created from smart which is a dll loaded by simba

so the address space between the jni and simba is all shared so if you load DLL that has been previously loaded and hooked, it should result in noop

so... perhaps loading the d3d9.dll within simba process, hooking it and then initializing smart might work?

Frement
05-31-2012, 09:13 PM
ok let me see if i understand it - your main problem is that by the time you attach to have hooks for d3d9, the system was already initialized?

i was looking at the way smart 7 does the load and spent time browsing through jni docs and basically this might work

the java virtual machine runs within simba process, created by jni, created from smart which is a dll loaded by simba

so the address space between the jni and simba is all shared so if you load DLL that has been previously loaded and hooked, it should result in noop

so... perhaps loading the d3d9.dll within simba process, hooking it and then initializing smart might work?

Yes, that would most likely work. Thought they might check if the DLL is already loaded and unload it? That would cause problems. And I'm also concerned about the detection.

Hazzah
05-31-2012, 10:04 PM
Yes, that would most likely work. Thought they might check if the DLL is already loaded and unload it? That would cause problems. And I'm also concerned about the detection.

Is this d3d9.dll unique to run runescape or is it used in other games that run using Direct-X. What I'm saying is that, wouldn't it be hard for them to detect if it was loaded using a 3rd party client or if it was loaded in say firefox with a game that already uses the d3d9.dll already using it?

Frement
05-31-2012, 10:08 PM
Is this d3d9.dll unique to run runescape or is it used in other games that run using Direct-X. What I'm saying is that, wouldn't it be hard for them to detect if it was loaded using a 3rd party client or if it was loaded in say firefox with a game that already uses the d3d9.dll already using it?

The d3d9.dll is loaded inside the Java process. So any other Java game that uses DirectX would have their own process where their d3d9.dll is loaded. So it wouldn't affect other games/applications. Someone may correct me if I'm wrong.

zmon
05-31-2012, 10:09 PM
Yes, that would most likely work. Thought they might check if the DLL is already loaded and unload it? That would cause problems. And I'm also concerned about the detection.

that would cause browsers to crash

did simple test - open IE9, ok, so far so good, navigate, it loads d3d9.dll, great, open runescape, it loads also d3d9.dll from same process

memory mapping stays the same, yet on my system they use memory mapping randomization so it wouldn't end up in same place

plus the internet explorer would die an untimely death if you reload dll while running within that process

so i think as far as unloading, they cannot afford to do it

detect? perhaps, but not quite sure that would be easy


The d3d9.dll is loaded inside the Java process. So any other Java game that uses DirectX would have their own process where their d3d9.dll is loaded. So it wouldn't affect other games/applications. Someone may correct me if I'm wrong.

yes, unless you run it from same instance of simba that is.

every process gets its unique dll handle

Frement
05-31-2012, 10:24 PM
that would cause browsers to crash

did simple test - open IE9, ok, so far so good, navigate, it loads d3d9.dll, great, open runescape, it loads also d3d9.dll from same process

memory mapping stays the same, yet on my system they use memory mapping randomization so it wouldn't end up in same place

plus the internet explorer would die an untimely death if you reload dll while running within that process

so i think as far as unloading, they cannot afford to do it

detect? perhaps, but not quite sure that would be easy



yes, unless you run it from same instance of simba that is.

every process gets its unique dll handle

Nice to know this :) But yeah they can detect it.

zmon
06-01-2012, 01:03 AM
Nice to know this :) But yeah they can detect it.

i am not sure - while you may be able to get the actual memory location of a function, for them to detect that it is a hook, one function wouldn't be enough, they'd have to check several to figure out relative offset, than take into account target platform, target processor capabilities, patches and every revision of dll ever released by microsoft

so that when directx update comes out, their client would initially most likely see it as tampered or not on the list, because in terms of dll hooks, they basically use vtable to execute function, and they would have to analyze the vtable for anomalies... and i think that's a little bit out of the ordinary to do that

alternatively they could check the dll that was loaded - but that one is clean, it's only the memory vtable that's modified

Frement
06-01-2012, 01:45 AM
i am not sure - while you may be able to get the actual memory location of a function, for them to detect that it is a hook, one function wouldn't be enough, they'd have to check several to figure out relative offset, than take into account target platform, target processor capabilities, patches and every revision of dll ever released by microsoft

so that when directx update comes out, their client would initially most likely see it as tampered or not on the list, because in terms of dll hooks, they basically use vtable to execute function, and they would have to analyze the vtable for anomalies... and i think that's a little bit out of the ordinary to do that

alternatively they could check the dll that was loaded - but that one is clean, it's only the memory vtable that's modified

With Direct3D 7 you can create own device and check the vtable, which is global and shared with all device instances (whether it points to inside d3d7.dll or not), with Direct3D 9 as they already have their own device pointer, they can just enumerate thru it's vtable and check for any pointer outside d3d9.dll and trace it, and also CRC the code it's pointing to, etc.

If you can alter it, why couldn't they (alter and verify the integrity of it)?

Didn't bother to check where the pattern points to, but I'm assuming it's getting global vtable for direct3d device class, so they can just check their own device's vtable and see whether any entry has been redirected and/or code behind it.

Subliment
06-01-2012, 10:22 AM
Brilliant! Would it be able to register NPC's that are moving?

Mato
06-01-2012, 11:33 AM
Yes, it can get the screen position of any object in the screen. Ill code another dll today just to get DirectX hooked at the startup, the main one is so messed that i dont want to mess it any more.

putonajonny
06-01-2012, 11:36 AM
Yes, it can get the screen position of any object in the screen. Ill code another dll today just to get DirectX hooked at the startup, the main one is so messed that i dont want to mess it any more.

Could you also do some instructions with it on how to use the files to produce results for us mortals?

Cinkupis
06-01-2012, 11:45 AM
This looks interesting and promising.

I believe that if this is complete, it would be something different from what simba is now and probably would be something as a new bot.

Mato
06-01-2012, 12:50 PM
When i get DirectX hooked at the startup so i can hook CreateVertexBuffer etc. I will rewrite all the code much cleaner. There are so much extra code from all my tests and so on that its hard for even myself to find something sometimes :P

When i have rewritten the code ill post it here with a little tut on how to make something with it.

EDIT:

log.txt:


addrCallCreateDevice: 0x6A08257A
IDirect3DDevice9: 0x21BB4E00
CreateVertexBuffer: 0x6A2793CC
hkCreateVertexBuffer: Usage changed
hkCreateVertexBuffer: Usage changed
hkCreateVertexBuffer: Usage changed
hkCreateVertexBuffer: Usage changed
hkCreateVertexBuffer: Usage changed
hkCreateVertexBuffer: Usage changed
hkCreateVertexBuffer: Usage changed
hkCreateVertexBuffer: Usage changed
hkCreateVertexBuffer: Usage changed
hkCreateVertexBuffer: Usage changed
hkCreateVertexBuffer: Usage changed
hkCreateVertexBuffer: Usage changed
hkCreateVertexBuffer: Usage changed
hkCreateVertexBuffer: Usage changed
hkCreateVertexBuffer: Usage changed
hkCreateVertexBuffer: Usage changed
hkCreateVertexBuffer: Usage changed
hkCreateVertexBuffer: Usage changed
hkCreateVertexBuffer: Usage changed
hkCreateVertexBuffer: Usage changed
hkCreateVertexBuffer: Usage changed
hkCreateVertexBuffer: Usage changed
hkCreateVertexBuffer: Usage changed
hkCreateVertexBuffer: Usage changed
hkCreateVertexBuffer: Usage changed
hkCreateVertexBuffer: Usage changed
hkCreateVertexBuffer: Usage changed
hkCreateVertexBuffer: Usage changed
hkCreateVertexBuffer: Usage changed
hkCreateVertexBuffer: Usage changed


Victory!

Tomorrow i can start rewriting the code as i can now hook directx better :)
I had to hook the call at jagdx.dll to CreateDevice() to make it work, it appeared that for some reason runescape loads d3d9.dll twice, overwriting the old one at the second time. Thats why my hook got removed, so jagex wasnt undoing my hooks ;) Unless they make some CRC checks on their dll's they cant detect my hook, it only modifies 5 bytes so its not easy to spot.

Frement
06-02-2012, 12:00 AM
I had to hook the call at jagdx.dll to CreateDevice() to make it work, it appeared that for some reason runescape loads d3d9.dll twice, overwriting the old one at the second time. Thats why my hook got removed, so jagex wasnt undoing my hooks ;) Unless they make some CRC checks on their dll's they cant detect my hook, it only modifies 5 bytes so its not easy to spot.

Well they can do that easily. And as it is their DLL, they know exactly how many different versions of it there are. So I'd say thats a bad way to go.

Mato
06-02-2012, 04:49 AM
The hook is called only once and after it it automatically deletes the hook, so it isnt there very long, only a few seconds. I can today easily check if they scan it in that time but i doubt it.

Bhrampage
06-03-2012, 01:55 AM
how's the project mato? :)

Mato
06-03-2012, 05:59 AM
Going well, i got uptext reading working without crashes yesterday, today ill continue rewriting all the other stuff :)

John
06-03-2012, 06:20 AM
Going well, i got uptext reading working without crashes yesterday, today ill continue rewriting all the other stuff :)
Could you post a list of what you have got left to do and what is complete?

radplane
06-03-2012, 06:41 AM
Haven't been excited for this is a looong time. If you ever need any help (even small nooby things) drop me a message ;). Would love to work even a little bit on such a broad project. I know C++ and attempted at DX9 but building something out of nothing is quiet hard work. If you think I can be any assest just drop me a pm.

Cant wait to see this finished and running! Definitly going to be a tester (and probably scriptor). Major Props!!

Mato
06-03-2012, 09:51 AM
Heres the current source i got so far rewritten:
http://www.filefactory.com/file/5nkakrsf1ead/n/DxInterception_rar

Would be great if someone could test if it works well for others too. In the Release folder in the rar file theres RS_Injector.exe and CreateVertexBufferHook.dll, extract those to some folder, go to runescape in a browser like firefox and when you see the screen "checking updates" you have to start the RS_Injector before it goes to the "fletching updates" screen. When it gets to the login screen, you know if it worked if it made a textfile named "Log" in the folder you extracted it.

If you got the textfile, you can login and get ingame. You can then save the current uptext by pressing numpad 0. It saves it to the log file and says how long it took for it to get the uptext.

The dll needs d3dx9_43.dll for it to work, which is included in the newest DirectX version. So if it crashes or something its probably because of that or then you need the Visual C++ redistributable.

THESE ARE ONLY NEEDED IF IT DOESNT WORK:
if you have 32 bit windows, download the first one and for 64 bit the second one.
x86 redistributable: http://www.microsoft.com/en-us/download/details.aspx?id=29
x64 redistributable: http://www.microsoft.com/en-us/download/details.aspx?id=15336

If that didnt make it work, try this:
http://www.dll-files.com/dllindex/dll-files.shtml?d3dx9_43

If you did those and it doesnt work, cant help anymore :/

Mark
06-03-2012, 04:20 PM
Still looking good does this version contain the object coord grabbing on phone again can't see

Gala
06-03-2012, 04:28 PM
https://www.virustotal.com/file/c91c490052a67ab95c1b3dc46c5e58db5e32fcf784e9d607be 6b019fca7be60b/analysis/1338740544/

Good stuff, I think those 4 detections are because of the "injection" process? I ran it in Sanboxie, it doesn't create any processes. I think the download is clean.

Sorry if I am that skeptical, I just want to avoid any RAT downloads ;)

Sirenia
06-03-2012, 05:00 PM
It works on my main comp but not on my laptop :/

Mato
06-03-2012, 06:02 PM
Did you try to download the redistributable or the dll?

Thanks for the virus scan Gala :)

It doesnt have object grabbing code in that version, i coded the whole day today and made a few new functions:


LPCSTR GetUptext();
LPCSTR GetUptextLower();
bool IsUptext(LPCSTR text, bool lower);
void FindObjectsByIDs(DWORD *IDs, UINT numIDs, POINT *points, UINT maxObjects, UINT &numFound);
UINT GetNumInvItems();
UINT DropItems(DWORD sum, LPCSTR up);
UINT GetCoTextStartIndex(LPCSTR coText); //this is used only by ChooseOption, not important for you
UINT FindHiddenText(LPCSTR text, LPCSTR ttf);
bool ChooseOption(LPCSTR opt);


Those are the C++ prototypes, i hope everyone can understand someway how they are used :) All of them are tested and working well.

EDIT: Oh yea i forgot to say, i made a simple working powerminer with those functions fully without color detection implemented in the same dll. It mines inventory full of copper and then drops all of them and does it again :P If it had random solver too it would be pretty much perfect powerminer for singleplayer.

Mark
06-03-2012, 06:05 PM
Will be giving this ago soon as I'm home will let you know

Edit:er are you releasing that version tonight?

Mato
06-03-2012, 06:20 PM
Yup here: http://www.filefactory.com/file/5d4zmhvde6th/n/DxInterception_v2_rar

Had to make a few cleanups before releasing. If you want to use the powerminer, go to some place wheres few copper rocks in your view and press numpad 0 to activate it. To stop it, hold the multiply (*) key on numpad for so long that it stops.

Instructions to inject it at post #103.

EDIT: And to show the ID's at the screen hold numpad 1. 3D models ID's are in hexadecimal format, thats why the letters there.

Shady?
06-03-2012, 07:04 PM
You just made my way back into the cheating scene, Mato :) I'm really looking forward to seeing more of this!
You did a great work, keep it up!

KillaKev
06-03-2012, 08:22 PM
What version of Java are you running Mato? Seems to crash as soon as it attempts to inject the process.

radplane
06-04-2012, 06:23 AM
Cant wait to play and explore this tonight! Sure it will be a great learning tool. Welcome back (even tho I never knew you :)). Will let you know how it goes for me :)

Edit: realizing its 3am Ill save this gem for morning :sasmokin: Might need a morning smoke to start this one.

Mato
06-04-2012, 09:49 AM
Heres a bit updated version of the last one: http://www.filefactory.com/file/2oefas1zm6iv/n/DxInterception_v3_rar
Smoother mouse movement added using cubic bezier curves :) The old one would get you banned pretty quick because of the instant mouse movement.

EDIT: KillaKev, did you try downloading the redistributable or the dll that i mentioned at post #103?

Mark
06-04-2012, 12:40 PM
ive got 20 mins on my pc to give this a quck go will post if i get it working

KillaKev
06-04-2012, 05:25 PM
Heres a bit updated version of the last one: http://www.filefactory.com/file/2oefas1zm6iv/n/DxInterception_v3_rar
Smoother mouse movement added using cubic bezier curves :) The old one would get you banned pretty quick because of the instant mouse movement.

EDIT: KillaKev, did you try downloading the redistributable or the dll that i mentioned at post #103?

Yeah I downloaded both but I still couldn't get it to work without Java crashing. However, when I ran it in a VM, it injected properly however the VM lacked DirectX suppport. Now I gotta get a VM with DirectX support installed.

Mato
06-04-2012, 06:18 PM
Just came to my mind that your java also has to be 32 bit, it wont work with 64 bit. I dont know if runescape can even run with 64 bit but yea.

KillaKev
06-04-2012, 06:20 PM
Just came to my mind that your java also has to be 32 bit, it wont work with 64 bit. I dont know if runescape can even run with 64 bit but yea.

Yeah I figured that must be it since my main OS is 64bit and my VM was 32bit. Finally got the VM set up though so I'll let you know how it goes.

zmon
06-04-2012, 06:43 PM
Just came to my mind that your java also has to be 32 bit, it wont work with 64 bit. I dont know if runescape can even run with 64 bit but yea.

runescape runs fine on 64 bit system in 64 bit internet explorer with 64 bit java

but most other browsers are just 32bit so you if you use say chrome, it will be 32bit although java is executed through stub

c:\>java -version
java version "1.6.0_18"
Java(TM) SE Runtime Environment (build 1.6.0_18-b07)
Java HotSpot(TM) 64-Bit Server VM (build 16.0-b13, mixed mode)

KillaKev
06-04-2012, 07:08 PM
runescape runs fine on 64 bit system in 64 bit internet explorer with 64 bit java

but most other browsers are just 32bit so you if you use say chrome, it will be 32bit although java is executed through stub

c:\>java -version
java version "1.6.0_18"
Java(TM) SE Runtime Environment (build 1.6.0_18-b07)
Java HotSpot(TM) 64-Bit Server VM (build 16.0-b13, mixed mode)


Your right, just tried it with chrome and it injected successfully. However..java still crashed.

n3ss3s
06-04-2012, 08:40 PM
I open it during checking updates, java crashes once fetching updates is done :/

Mark
06-04-2012, 09:12 PM
I've successfully injected had to restart computer twice tho ;/ but all worked fine afterwards aint had chance to play with the dll will have a little play with it in delphi tonight.
I finally have some well earned rest been fitting my new kitchen all weekend only got to tile the floor and I'm done;)

N3ss3s: it worked for me when I set graphics to DirectX then reloaded soon as I refresh page I start the injection hope that helps

Mato
06-04-2012, 09:16 PM
Did you still get the log file? I will make another version of the dll tomorrow (today) that will print more flags to the log file so i know what it was doing when it crashed. Jagdx.dll is loaded at the end of fetching updates screen so it means it didnt crash instantly after injection.

KillaKev
06-04-2012, 09:32 PM
No log file was made as far as I can tell. Never made it to the login screen. However I will try CRU1Z1N's method now..

n3ss3s
06-04-2012, 09:46 PM
N3ss3s: it worked for me when I set graphics to DirectX then reloaded soon as I refresh page I start the injection hope that helps

Yeh that's the way I did it, black screen after fetching updates, also didn't get the log

Jakkle
06-05-2012, 01:18 AM
I tried the rs_injector.exe in V3. I did what was explained in post#103.
It said successful in injecting then this came up.

http://img580.imageshack.us/img580/7738/rsim.png

any reason why avg would say its malware ?

Yago
06-05-2012, 01:46 AM
I tried the rs_injector.exe in V3. I did what was explained in post#103.
It said successful in injecting then this came up.

http://img580.imageshack.us/img580/7738/rsim.png

any reason why avg would say its malware ?

you injecting stuff... It can be a security risk in almost any situation.

Jakkle
06-05-2012, 01:48 AM
you injecting stuff... It can be a security risk in almost any situation.

Ok thanks Yago :) just trying to be careful :p
Not got much clue when it comes to things like that.

Yago
06-05-2012, 01:51 AM
Ok thanks Yago :) just trying to be careful :p
Not got much clue when it comes to things like that.

Yeah, AVs are here only when you've screwed things up or to scare you :) So don't worry about them.

Jakkle
06-05-2012, 02:07 AM
Yeah, AVs are here only when you've screwed things up or to scare you :) So don't worry about them.

I know lol they always scare me with things popping up saying 'THREAT FOUND', ahhhh panic lol. I know you can get false positives and all that but thought its best to ask. Thanks again Yago

n3ss3s
06-05-2012, 03:01 AM
DLL injection usually makes any AV go apeshit...

zmon
06-05-2012, 03:22 AM
most likely because injection is ordinarily associated with malicious intent

Jakkle
06-05-2012, 04:07 AM
Tried it multiple times and every time it crashes runescape loading into the login, if I do it as soon as checking for updates comes up.
If I click it when it says fetching updates 92% and leave it the login screen comes up. I then tried to login and it keeps coming up with advertisements and after the ad it goes blank.

E: I installed what you said and linked to and also downloaded the dll and placed it into system32.

Edit2: I moved the dll to the folder where RS_Injector is and tried again.
Once again I tried to do it when it says checking for updates and it just crashed.
I then tried it on fetching updates and then logged in. After the advert to my surprise the lobby screen came up :).
I then pressed 1 and......
http://img51.imageshack.us/img51/3658/rsdxin.png

There we have it, I got it working YAY :D

Edit3: The trees seem to have very weird ids.

Frement
06-05-2012, 05:41 AM
Mato, perhaps display the ID's with %i, not %X? :)

Also I have an idea for the 2D model recognition, you could convert the sprite to 16 colors, and then devise an ID from those colors? Should be the same every time.

Jakkle
06-05-2012, 05:48 AM
Mato, perhaps display the ID's with %i, not %X? :)

Also I have an idea for the 2D model recognition, you could convert the sprite to 16 colors, and then devise an ID from those colors? Should be the same every time.

I take it the ids are on top each other, where the tree is ?

Frement
06-05-2012, 05:50 AM
I take it the ids are on top each other, where the tree is ?

Yes, thats why they are so weird.

Mato
06-05-2012, 05:58 AM
The ID's of trees are weird because the tree is rendered in many parts, the tree stump, the upper part of the tree and leaves are all rendered seperately. I like to use %X because that way all the ID's are the same lenght, atleast for me they are easier to use. Ill look into the color 16 thing today, good idea :)

Writing this from my phone so not very long post lol.

EDIT: Tried the color16 thing but it doesnt work, the ID still changes at every startup. Its because some colors are near the color border and sometimes they cross it and the ID changes a bit.

EDIT2: I will work on walking today, i have a new type walking system thinked in my mind, no color detection.

EDIT3: I made a coordinate system for walking today that will work over minimap changes, it wont work when going to dungeons etc. but when walking on one land like to chop trees and go to bank it works perfectly.

picture:
http://i47.tinypic.com/6yfsjp.png

You can see the path I made there, it renders it over the minimap in the correct position and rotates with the minimap too. Right now i can just walk to a point, press a hotkey and it adds it to the path. I can also save the path to a text file in C++ format that i can just copy paste to the code and it can use it that way. The coordinate system requires the "script" to be started at specific tile for the path points to go to right spot. Next i will make walking code that can walk along the path.

Mark
06-05-2012, 09:57 PM
been trying to use your dll with o luck i can hook with no problem but i cant seem to use any of its functions ive been trying to load the libary into a delphi app with no success



here's what im doing
edit: ignore the smart stuff

unit Unit1;


interface

uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs,stdCtrls;
type
TForm1 = class(TForm)
Button1: TButton;
procedureButton1Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;

var
Form1: TForm1;
hLibrary : HINST;
a,b:longint;
aa:array of tpoint;

procedure std_setup(ServerURL, SecondParam: PChar; sizeX, sizeY: Integer; SomeStr: PChar); stdcall; external 'libsmart.dll';
procedure FindObjectsByIDs(IDs:Longint;numIDs:LongInt; POINT :array of Tpoint; maxObjects:LongInt;numFound:LongInt); stdcall;external 'CreateVertexBufferHook.dll';

implementation

{$R *.dfm}
{$R a.Res}
{$R smart.Res}

procedure TForm1.Button1Click(Sender: TObject);

begin
FindObjectsByIDs(111,1,aa,100,0);

std_setup('http://world1.runescape.com/','', 765, 504, '');
end;
end.

Mato
06-06-2012, 06:40 AM
The prototype of FindObjectsByIDs is wrong; the IDs parameter isnt long int, its a pointer to longint array. Also the numFound should be a reference to a longint where the result is saved. It doesnt check for incorrect pointers so you passing 111 as IDs means it will try to read the ID from memory address111 that is obviously blank and gives access violation and crashes.

Im not good with pascal so i dont know how the prototype should be written but thats not the right way.

Brandon
06-06-2012, 07:10 AM
Type
PDWord = Array of LongInt;
PSDWord = ^PDWord
TPointArray = Array Of TPoint;
PTPA = ^TPointArray;

procedure FindObjectsByIDs(IDs: PSDWord; numIDs: LongInt; POINT: PTPA; maxObjects: LongInt; var numFound: LongInt); stdcall; external 'CreateVertexBufferHook.dll';


Not so familiar with Pascal and Pascal pointers but I THINK the above is how I'd do it..

var = address of / pass by reference operator.
and I think ^ (Chevron) is the dereference operator/pointer.

Mark
06-06-2012, 10:13 AM
Yeah I wasn't too sure myself don't know any C so was a total guess on variable types.

Cheers ggzz will have another play when I finish work.

Jakkle
06-07-2012, 06:19 PM
Mato, hope things are coming along ok. Is there any update on how things are going at all ?

Mato
06-07-2012, 07:27 PM
I am working on walking and minimap detection atm, walking is working very well when the script is started at a specific tile but i want it to detect the players position by some method from the minimap.

I have worked on getting somekind of unchanging ID from the minimap area you are in so it would detect if you get some random for example. I know SRL has SPS for walking but i want to make my own version thats more accurate and would work even on areas where the minimap color is almost the same everywhere. All it would need to do is get one basepoint to identify the location and after that it could walk very accurately to anywhere following a path.

Jakkle
06-08-2012, 05:12 PM
Sounds great, Mato. I'm looking forward to giving the walking a go.
Keep up the amazing work :)

Mark
06-09-2012, 05:55 PM
How's your walking idea coming along moto.

Mato
06-09-2012, 06:18 PM
Pretty well, I am trying to detect a specific spot by the map geometry instead of the minimap texture. The map geometry never changes like all the other models so its pretty easy to generate a ID from a specific spot. It still needs work on the ID generation, not sure how much time I need to make it work properly. But as the geometry doesnt change its for sure possible to make it 100% accurate so i will keep doing it :)

Mark
06-09-2012, 07:32 PM
Sounds good pretty clever idea.

I've been having abit trouble getting your function for returning the coords working I'm stuck trying declare I'd's it throws a memory fit
Anychance you can have the I'd returned other than a hex value I've tried converting on my end still throws exception.

Brandon
06-09-2012, 08:13 PM
Sounds good pretty clever idea.

I've been having abit trouble getting your function for returning the coords working I'm stuck trying declare I'd's it throws a memory fit
Anychance you can have the I'd returned other than a hex value I've tried converting on my end still throws exception.

In pascal, one digit in hex denotes 4 bits prefixed by $ sign.

'$00FF' = 0xFF
'$000A' = 0xA

Of course this is without the padded 0's. One solution is to just convert the Hex returned by his functions to a 32-bit integer and back.

Mato
06-09-2012, 08:31 PM
You dont need to convert the return value to anything, you can use it directly just as an int.

When a value is assigned to a variable, it is stored as bits regardless of the type. You can assign a value of 0xFF in hex or 255 which is the same as 0xFF in decimal to some variable and it will look just the same when viewing the memory in bits. Thats why you can just aswell input a decimal ID for the function if you want because it is really the exact same number. You can use windows calculator to convert between hex and decimal values.

Jakkle
06-10-2012, 04:17 PM
Mato, I was looking into learning what your doing so I could hopefully help you with this project. While searching the internet I found someone else had made something similar to what your doing with other games. Just thought I would post a link to it Here (http://graphics.stanford.edu/~mdfisher/D3D9Interceptor.html), maybe something helpful in there.

I'm installing visual studio 2010 and the DirectX SDK so I can start trying to help out. Is there anything else I need or need to know to help me on my way ? I'm in the middle of learning C++ to.

Mato
06-10-2012, 05:26 PM
Cool, you should also learn how DirectX works and so on, this is good read: http://www.directxtutorial.com/Tutorial9/B-Direct3DBasics/dx9B.aspx
The parts 1-7 cover many basic things well :)

My msn is leevi.k95@hotmail.com if you want to talk.

Jakkle
06-10-2012, 05:57 PM
Cool, you should also learn how DirectX works and so on, this is good read: http://www.directxtutorial.com/Tutorial9/B-Direct3DBasics/dx9B.aspx
The parts 1-7 cover many basic things well :)

Ok nice one, thanks a lot. I will definitely have a look and try to learn as much as possible about DriectX after I have finished with C++. Thanks for the link and I will add you in a bit mate :)

JN13
06-12-2012, 06:34 PM
Any Development news? :)

Mato
06-12-2012, 09:47 PM
Minimap spot searching by the geometry works pretty well now, still needs a bit work on it. Cant write more atm, on my phone.

putonajonny
06-15-2012, 08:18 PM
Is there any chance we can use this to grab maps for SPS?

Mato
06-15-2012, 09:51 PM
Yea thats very easy to make, ill post a version with that tomorrow if you want.

putonajonny
06-15-2012, 10:44 PM
Yea thats very easy to make, ill post a version with that tomorrow if you want.

Yes please :)

John
06-16-2012, 01:22 AM
Hey Mato Could you update The OP with what you have completed and what you have left?

Mato
06-16-2012, 06:04 PM
Here is a version that can grab the minimap: http://www.filehosting.org/file/details/352971/DxInterception_v4.rar

Extract the whole thing to somewhere so you have the CreateVertexBufferHook folder and everything inside it unpacked. In the Release folder there is the DLL file that is needed.

Follow the injection instructions i posted in the previous page i think or earlier or use a method that works for you.

When you are ingame press numpad 4 so you see the red text so you know it has injected good and then walk to some place where you want to grab minimap and press numpad 3. It will then save it to the "sprites" folder.

This version also has a simple iron miner and banker for falador. If you want to test it, go to the falador east bank and press numpad 0. I have used it for about 20 hours total, it has worked flawless for the whole time. Walking is working very well now with the ground geometry detection.

I will play rs legit for a few days now having a break from this and after that ill start making the plugin for simba :)

Bobzilla69
06-16-2012, 06:34 PM
Loving your work, keep it up :)

JN13
06-18-2012, 07:50 PM
I seriously can't wait to see that plugin.

Zyt3x
06-18-2012, 08:14 PM
This might become the future of Simba botting if it's stable and good enough :)

Mark
06-18-2012, 08:32 PM
This might become the future of Simba botting if it's stable and good enough :)
Has been my thoughts for awhile now

Mato
06-18-2012, 08:54 PM
Nice to see you are interested in my work :) For the stability, it has never crashed for me ingame unless there has been some little bug somewhere. I have ran the current version for like 20 hours and no crashes so far. Only thing it crashes on is closing the big world map but when you are botting you dont really use it for anything.

Zyt3x
06-18-2012, 11:11 PM
Nice to see you are interested in my work :) For the stability, it has never crashed for me ingame unless there has been some little bug somewhere. I have ran the current version for like 20 hours and no crashes so far. Only thing it crashes on is closing the big world map but when you are botting you dont really use it for anything.Yes, that reloads opengl, so I can imagine that might arise problems.. Should be fixable though, but that can come later ;)

John
06-18-2012, 11:36 PM
In simple form, This enables us to use ID For items? And a much more stable walking method?

Mark
06-18-2012, 11:56 PM
A lot more than that it can do everything we can do now butter easier and better and or things like altering colors ,textures may be usefull

John
06-19-2012, 12:34 AM
A lot more than that it can do everything we can do now butter easier and better and or things like altering colors ,textures may be usefull
Sounds very useful, Will there be any complications with importing it into simba?

JN13
06-19-2012, 12:35 AM
And even better, Its (hopefully) legal :) Just like SRL is. The only small issue I see is its Windows Specific.

John
06-19-2012, 01:57 AM
And even better, Its (hopefully) legal :) Just like SRL is. The only small issue I see is its Windows Specific.Are there any reasons it wouldn't be legal?

JN13
06-19-2012, 04:02 AM
Are there any reasons it wouldn't be legal?

Isn't there a slight injection at the beginning?

Mato
06-19-2012, 08:21 AM
There is an injection, but i am not altering any java code or the game code so it shouldnt be illegal. Atleast i have never heard of someone being sued for directx hooking lol.

Mark
06-19-2012, 09:12 AM
Sounds very useful, Will there be any complications with importing it into simba?

I wouldn't think so tho I never got time to work on. My prototype much with work and life ect will have time to try this out again closer to the weekend.

Mat
06-19-2012, 09:43 AM
When I try to inject RS it always white screens after it says successful, and ideas?

Bob The Cat
06-19-2012, 10:26 AM
OpenGL works very well. Would be cool to see Simba advance from Color to OpenGL as OpenGl is more stable and better. Also please update the OP i wanna see the progess :)

Jakkle
06-19-2012, 12:41 PM
When I try to inject RS it always white screens after it says successful, and ideas?

I find the best time to inject is when it says fetching updates 92%. As long as it injects before it has fully updated it's normally fine.
The only trouble I have found is that if your using a F2P account you will get an advert and after the advert it white screens, it does sometimes load tho. Your better off using a new 14 day free trial account as it dose not load any adverts. Hope that helps :)

kitchenrange
06-19-2012, 03:52 PM
You could also try adblocking the advert.

adblock for firefox.

putonajonny
06-19-2012, 05:22 PM
:/ http://i.imgur.com/X8al2.png
I think it was working, so a restart might fix things
since I'm on a laptop I'm going to have to use simba to press numpad buttons

Jakkle
06-19-2012, 05:47 PM
You could also try adblocking the advert.

adblock for firefox.

You are the man lol, I totally forgot to turn my adblock plus for chrome back on after having to turn it off the other day :duh:

Mat
06-19-2012, 06:27 PM
It was a P2P acc i am testing on, and it kept failing I'll try your suggestion tho :)
Mat
Nope:Still not working.

Mark
06-19-2012, 07:11 PM
@mat
Have you downloaded and followed what he said on post 103 I think it was I never received anymore errors after I followed them exactly it injects every time for me I've even started the injection exe beforei load rs and it works fine remeber to change back to DirextX after using smart again as it puts you back to safemode.

JN13
06-21-2012, 12:28 AM
realistically, when would a stable Simba plugin be ready? also will we have to change around Smart to make it DirectX? One more: Will any updates/bot nukes really effect this detection method? (I wouldn't think so unless its a graphical update)

I iz xcited.

Frement
06-21-2012, 01:04 AM
Only model updates would affect this method. And as far as I know only SRL's SetupSRL method would need to be changed (Or LoginPlayer) to change mode to DirectX. I don't know if SMART can achieve this with launch parameters.

zmon
06-21-2012, 10:50 PM
Only model updates would affect this method. And as far as I know only SRL's SetupSRL method would need to be changed (Or LoginPlayer) to change mode to DirectX. I don't know if SMART can achieve this with launch parameters.

currently smart forces no acceleration available on startup from what i recall when i looked at the code, so obviously startup parameters for java would need to change as well

Home
06-21-2012, 11:17 PM
currently smart forces no acceleration available on startup from what i recall when i looked at the code, so obviously startup parameters for java would need to change as well

SmartSetup('http://'+prefix+'.runescape.com/', 'plugin.js?param=o0,a' + IntToStr((Integer(not(Signed)) + 1) * Integer(not((SuperDetail and Signed)))) + ',m' + IntToStr(Integer(Members)), 765, 503, 's');


Remove 'S' :)

~Home

Hazzah
06-23-2012, 07:25 AM
SmartSetup('http://'+prefix+'.runescape.com/', 'plugin.js?param=o0,a' + IntToStr((Integer(not(Signed)) + 1) * Integer(not((SuperDetail and Signed)))) + ',m' + IntToStr(Integer(Members)), 765, 503, 's');


Remove 'S' :)

~Home

Wouldn't removing 's' make it launch in OpenGL which wouldn't work for this since it is direct-x?

I am really really impressed with this!

Gala
06-23-2012, 03:45 PM
This would even allow botting in HD mode, is that correct? I should really start to read through some books, since this seems to be the future if botting. I am definitely looking forward to us the hook for walking. :)

Sirenia
06-23-2012, 04:01 PM
How come this is legal when you inject the client here too? Anyway I can see this too very useful when its complete :)

Mark
06-23-2012, 05:20 PM
reflection is illegal because you alter games code this doesnt im gonna have anouther go at the prototype tonight or tomorrow

Mat
06-23-2012, 05:23 PM
I still can't get it to inject.
:(
I'll wait for now.
Mat

Bobarkinator
06-23-2012, 07:36 PM
How come this is legal when you inject the client here too? Anyway I can see this too very useful when its complete :)

This isn't technically injecting the client. This is injecting the DirectX plugin. Jagex doesn't own the DirectX plugin. An argument could be made that you are injecting the instance of the plugin that they instantiated but that argument doesn't seem like it would hold much water.


reflection is illegal because you alter games code this doesnt im gonna have anouther go at the prototype tonight or tomorrow

Injection alters the game code. Reflection just reads variables from the java runtime, in a sense they are "reflected" over to your program.

n3ss3s
06-23-2012, 08:33 PM
This isn't technically injecting the client. This is injecting the DirectX plugin. Jagex doesn't own the DirectX plugin. An argument could be made that you are injecting the instance of the plugin that they instantiated but that argument doesn't seem like it would hold much water.



Injection alters the game code. Reflection just reads variables from the java runtime, in a sense they are "reflected" over to your program.

I guess they could say they have the right to the values they're calling the D3D functions with since that basically defines their game's graphics, idk

Bobarkinator
06-23-2012, 09:06 PM
I guess they could say they have the right to the values they're calling the D3D functions with since that basically defines their game's graphics, idk

Yeah, probably. But I wanna say I have a right to everything processed on my computer using my hardware :P

Jakkle
06-24-2012, 01:08 PM
Yeah, probably. But I wanna say I have a right to everything processed on my computer using my hardware :P
^This I totally agree with.
Everything in/on your computer that has not been encrypted is yours to do what you want with, am I not right ?

Sirenia
06-24-2012, 04:36 PM
^This I totally agree with.
Everything in/on your computer that has not been encrypted is yours to do what you want with, am I not right ?
Every script I download is for now on mine.











(Jk :P)

JN13
06-27-2012, 05:03 AM
Been a while, any updates?

Brandon
06-27-2012, 05:08 AM
I was looking into hooking OpenGL and thought, why do you hook through the browser rather than the RSClient? I thought it'd be better for you to just inject directly into the offical RS Client so that you don't get these crashes or have to hook at a specific time.

Mato
06-27-2012, 07:57 AM
I am not hooking the browser, i hook the java process that is run by the browser. The reason that it must be injected at a specific time is that the rs client doesnt load the directx module immediatly when the process starts. It is loaded after the fetching updates screen, so it has to be injected before that but it cannot be injected too early either because the client crashes if it is injected too early for some reason. People have different computers so others load the client faster than others so its hard for me to say a working injection time for everyone.

I will start working with the simba plugin in a few days.

smurg
06-27-2012, 08:18 AM
^This I totally agree with.
Everything in/on your computer that has not been encrypted is yours to do what you want with, am I not right ?

Well...

The WOW bot, wowglider/mmoglider paid out a sick lawsuit and could possibly be a bad precedent ( http://en.wikipedia.org/wiki/Glider_(bot) ). Especially since nothing is installed and it's run over a browser.


While MDY Industries asserts that the software is meant to overcome design flaws in the World of Warcraft environment, Blizzard contended in a 2006 United States federal lawsuit that the program's use violated their terms of service.[6] In July 2008, the court entered summary judgment holding MDY Industries liable for tortious interference and copyright infringement, based, in part, upon the legal premise that users of the World of Warcraft client software are licensees rather than owners of their copy of software.[1]

Public Knowledge, a public interest group which filed an amicus brief in the case,[7] criticized the decision, saying it makes the loading into memory of legally obtained software an act of copyright infringement subject to high statutory penalties, if the user has violated the software's license agreement in any way.[8][9] The court did not hold this view and found that Glider infringed upon Blizzard's intellectual property by making an illicit copy of the World of Warcraft client in order to avoid Blizzard's anti-cheating software, Warden, and ordered MDY Industries to pay Blizzard six million dollars.[10] In finding this, the court agreed with Blizzard that World of Warcraft is licensed, not sold.[11]

Following the judgment, Blizzard petitioned to enjoin MDY Industries from distributing Glider or releasing its source code.[12] In March 2009, MDY Industries suspended Glider sales and operations pursuant to an injunction.[13] On December 14, 2010, United States Court of Appeals for the Ninth Circuit issued its ruling. They agreed that users were licensees rather than owners of the software. They changed the ruling on copyright, stating that users were in breach of contract concerning the end-user license agreement (EULA), but that this did not constitute a violation of copyright. Nevertheless, they ruled that the bot violated the DMCA. MDY requested that the case be sent back for review, but as of August 2011, the court had yet to hear or agree to any review. MDY's owner, Michael Donnely stated in a release on the official forums that given the manner of the ruling and the statements by the court, that it was highly unlikely that MDY was going to be able to bring glider back in any form. He stated that they were looking at their options, and that he would speak with the lawyers working the case; but due to the cost of the case it wasn't likely that there was much that they could do. By Sept 2011, mmoglider.com the official "Glider" homepage had vanished. [14][15]

LordJashin
06-28-2012, 04:27 PM
Notice that you CANNOT copy shit. The client copying. As long as this uses DirectX and not any of Jagex's stuff it should be fine. Note that could be charged with violating their TOS. Also changing the DLLs after Jagex's loads them could be considered bad. But if it's just the DirectX that you installed it should be fine.

This is very nice, integrate this with SMART and have a way to restart things. Just remember to update your objects on your scripts after an update. Also some1 would have to check if Jagex updated their stuff to check for this hooking.
Then we could have:

{DEFINE DirectX}

Sirenia
06-28-2012, 06:09 PM
Notice that you CANNOT copy shit. The client copying. As long as this uses DirectX and not any of Jagex's stuff it should be fine. Note that could be charged with violating their TOS. Also changing the DLLs after Jagex's loads them could be considered bad. But if it's just the DirectX that you installed it should be fine.

This is very nice, integrate this with SMART and have a way to restart things. Just remember to update your objects on your scripts after an update. Also some1 would have to check if Jagex updated their stuff to check for this hooking.
Then we could have:

{DEFINE DirectX}
or {$i Interception/Interception.simba} I think it was kinda that way you included reflection in a script?

Mato
07-06-2012, 03:24 PM
I thought i should post something here so you wont think i dissapeared too.

I have worked on the connection part between the dll and the plugin. I found a good way to do it using named pipes, if you want to take a look visit here: http://msdn.microsoft.com/en-us/library/windows/desktop/aa365588%28v=vs.85%29.aspx

I havent started making the plugin yet because i want to make sure connection part works well before it. I already made a simple client and server using the pipes so next i will implement the server to the dll.

Frement
07-06-2012, 03:26 PM
Nice job keeping everyone up to date :)

Sirenia
07-06-2012, 04:49 PM
Is some people negative to DirectX cuz it cannot be ran on Mac's? Whats the bigger differences on DX and Ogl anw? :O

Mato
07-06-2012, 05:12 PM
There arent very big differences, it just handles stuff a bit different way and so on. I would have done this in ogl if i knew the api but i dont know any of it so thats why i make this with directx.

Those who are against it or cant use it just dont use it, i cant do anything to that. I will ofcourse use this myself to bot on my accounts, i have already made a testing "script" in C++ inside the dll that mines iron in falador south and banks the ores. Scripting it took about an hour and it has ran about 20 hours so far flawless, 0% color.

Wizzup?
07-06-2012, 10:03 PM
I will start working with the simba plugin in a few days.

Let me know if you need help with this.

Any chance of a github repo at some point? :)

Brotein
07-06-2012, 11:13 PM
Really hoping this takes off, looks very promising.

Mato
07-07-2012, 12:29 AM
I think i can manage to get the plugin made with silentwolfs plugin source as a base, if not then i will defeneatly ask you about it :)

I already tried making a github thing for it some weeks ago but it didnt really work out, i guess i have to read a bit more about how it works to get it up.

Silent
07-07-2012, 12:59 AM
I think i can manage to get the plugin made with silentwolfs plugin source as a base, if not then i will defeneatly ask you about it :)

I already tried making a github thing for it some weeks ago but it didnt really work out, i guess i have to read a bit more about how it works to get it up.

Keep up the great work man. This looks extremely promising!

Joe
07-07-2012, 03:07 AM
You should update the first post rather than making us all scavenge the entire thread for your work.
Looks extremely well made and hopefully will be a great addition to SRL

eska
07-07-2012, 03:59 AM
This guy comes out of nowhere and manage to intercept stuff from directx in 2 days.

Very impressive.

Mato
07-07-2012, 10:25 AM
Ok i updated the first post, check it out. Post here if you think i forgot something, i made it pretty quick :)

Flight
07-07-2012, 10:41 AM
I'm guessing this has already been asked somewhere and you've answered it, but Mato, why might I ask you'd rather work with DirectX as opposed to OpenGL? Are there advantages here that made you choose to work with this? Because from what I've reading around here as well as MITB OpenGL is the way to go.

Mato
07-07-2012, 10:55 AM
OpenGL is cross platform, thats its biggest advantage. They both can do pretty much the same things so OpenGL would be better but when i started this i didnt really feel like lerning a completely new API so i ended up doing it with DirectX.

Flight
07-07-2012, 11:12 AM
OpenGL is cross platform, thats its biggest advantage. They both can do pretty much the same things so OpenGL would be better but when i started this i didnt really feel like lerning a completely new API so i ended up doing it with DirectX.

Ah yeah, just a personal preference? I can understand that.

Daniel
07-07-2012, 11:59 AM
I'm guessing this has already been asked somewhere and you've answered it, but Mato, why might I ask you'd rather work with DirectX as opposed to OpenGL? Are there advantages here that made you choose to work with this? Because from what I've reading around here as well as MITB OpenGL is the way to go.

OMG! Can't you read? He said in an earlier post that the reason is because he is more familiar with DirectX hooking. Geeeeeeeeez! Search nub.
:google: :google: :google: :spot: :spot: :spot: :bart: :bart: :bart:

Olly
07-07-2012, 12:58 PM
Damn even walking, this is so promising :P

Mato
07-07-2012, 05:00 PM
Woot :P
http://i46.tinypic.com/jakygy.png

Got the basic frame of the plugin working and added in my own MakeCompass function :) Ran it and it rotated the minimap in rs perfectly to 109.5 degrees or something like that and then ended the script in simba :)

function DXI_MakeCompass(angle: integer): integer;

Will continue with this tomorrow making the data transferring better and then ill add rest of the functions to it :)

f1fanatic
07-07-2012, 05:33 PM
hohoho exciting stuff :). This could be the future of botting nice one Mato!

NKN
07-07-2012, 05:41 PM
Good job bro!

This is one big project.

Hazzah
07-08-2012, 02:34 AM
Good job bro!

This is one big project.

It's one big project that Mato has taken on by himself! Impressive work Mato!

JN13
07-08-2012, 04:03 AM
Lets say I killed a monster and it drops a rune on top of a charm. Will this still display an ID for the charm, or just the rune on top?

John
07-08-2012, 04:41 AM
Lets say I killed a monster and it drops a rune on top of a charm. Will this still display an ID for the charm, or just the rune on top?

I'm quite sure it would show both.

JN13
07-08-2012, 05:10 AM
I'm quite sure it would show both.

I was almost positive too, but just checking.

Mato
07-08-2012, 06:05 AM
It would show it for both because it still draws both of the items.

Mark
07-08-2012, 09:31 AM
Haha the time comes congratulations buddy this is one project awesome project really great work rep++

Justin
07-09-2012, 10:37 AM
Wow, Nice work on this mate!

Mato
07-09-2012, 12:47 PM
Thanks everyone :)

I have a problem with the plugin now, simba just crashes for some reason when it tries to load my plugin. It is a weird problem because if i set GetFunctionCount() to return 1, it works fine but if it is set to anything higher it will somehow mess up. And i have 3 functions that i am trying to export, the addresses and pascal-type declaration are checked and they are fine.

If someone who has more experience in plugins could take a look at the source i would appreciate it.

Some things are from silentwolf's plugin so credits to him.

And yea i can change any of the other two exports to be the first and they work well when GFC returns 1 so there is no problem with any specific export. I compile it with Visual Studio C++ 2008 Express.



#include <windows.h>
#include <stdio.h>

#define Export __declspec(dllexport)
#define DelphiExport extern "C" Export

#define DX_PIPE "\\\\.\\pipe\\DxInterceptPipe"

DelphiExport int GetPluginABIVersion();
DelphiExport int GetFunctionCount();
DelphiExport int GetFunctionInfo(int x, void** address, char** def);

DelphiExport bool DXI_Connect();
DelphiExport void DXI_Disconnect();
DelphiExport int DXI_MakeCompass(int angle);

HINSTANCE inst = NULL;
HANDLE hPipe = INVALID_HANDLE_VALUE;

BOOL WINAPI DllMain(HINSTANCE hInstance, DWORD reason, LPVOID reserved)
{
switch(reason)
{
case DLL_PROCESS_ATTACH:
{
inst = hInstance;
return true;
} break;

case DLL_PROCESS_DETACH:
{
FreeLibrary(inst);
} break;
}
return false;
}

DelphiExport bool DXI_Connect()
{
if(hPipe != INVALID_HANDLE_VALUE)
return true;

hPipe = CreateFile(DX_PIPE, GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, 0, NULL);
return (hPipe != INVALID_HANDLE_VALUE);
}

DelphiExport void DXI_Disconnect()
{
if(hPipe != INVALID_HANDLE_VALUE)
CloseHandle(hPipe);
hPipe = INVALID_HANDLE_VALUE;
}

DelphiExport int DXI_MakeCompass(int angle)
{
if(hPipe == INVALID_HANDLE_VALUE)
return -1;

float request = (float)angle;
DWORD written = 0;
BOOL success = WriteFile(hPipe, &request, 4, &written, NULL);
if(!success || written != 4)
{
return -1;
}

float receive;
DWORD read = 0;
success = ReadFile(hPipe, &receive, 4, &read, NULL);
if(success && read == 4)
{
return (int)receive;
}

return -1;
}

DelphiExport int GetPluginABIVersion()
{
return 2;
}

DelphiExport int GetFunctionCount()
{
return 1; //with 1 works well, 2 or 3 makes it crash
}

#pragma warning(disable : 4996) //strcpy not safe
DelphiExport int GetFunctionInfo(int x, void** address, char** def)
{
switch(x)
{
case 0:
{
*address = GetProcAddress(inst, "DXI_MakeCompass");
strcpy(*def, "function DXI_MakeCompass(angle: integer): integer;");
} break;

case 1:
{
*address = GetProcAddress(inst, "DXI_Connect");
strcpy(*def, "function DXI_Connect: boolean;");
} break;

case 2:
{
*address = GetProcAddress(inst, "DXI_Disconnect");
strcpy(*def, "procedure DXI_Disconnect();");
} break;

default:
{
char buff[128];
memset(buff, 0, 128);
sprintf_s(buff, 128, "Wrong function index: %i", x);
MessageBox(NULL, buff, "info", MB_OK);
x = -1;
}
}

return x;
}
#pragma warning(default : 4996)

Brandon
07-09-2012, 01:50 PM
Use *& to assign to a pointer. Don't assign to the pointer like that. Use a reinterpret_cast if you're strict on this being C++ rather than a c-style cast. Static won't work here. That's all I changed I think?

Sorry I removed your pragma warnings because I used sprintf instead of sprintf_s.


#include <windows.h>
#include <stdio.h>

#define Export __declspec(dllexport)
#define DelphiExport extern "C" Export

#define DX_PIPE "\\\\.\\pipe\\DxInterceptPipe"

DelphiExport int GetPluginABIVersion();
DelphiExport int GetFunctionCount();
DelphiExport int GetFunctionInfo(int x, void*& address, char*& def);

DelphiExport bool DXI_Connect();
DelphiExport void DXI_Disconnect();
DelphiExport int DXI_MakeCompass(int angle);

HINSTANCE inst = NULL;
HANDLE hPipe = INVALID_HANDLE_VALUE;

BOOL WINAPI DllMain(HINSTANCE hInstance, DWORD reason, LPVOID reserved)
{
switch(reason)
{
case DLL_PROCESS_ATTACH:
{
inst = hInstance;
return true;
} break;

case DLL_PROCESS_DETACH:
{
FreeLibrary(inst);
} break;
}
return false;
}

DelphiExport bool DXI_Connect()
{
if(hPipe != INVALID_HANDLE_VALUE)
return true;

hPipe = CreateFile(DX_PIPE, GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, 0, NULL);
return (hPipe != INVALID_HANDLE_VALUE);
}

DelphiExport void DXI_Disconnect()
{
if(hPipe != INVALID_HANDLE_VALUE)
CloseHandle(hPipe);
hPipe = INVALID_HANDLE_VALUE;
}

DelphiExport int DXI_MakeCompass(int angle)
{
if(hPipe == INVALID_HANDLE_VALUE)
return -1;

float request = (float)angle;
DWORD written = 0;
BOOL success = WriteFile(hPipe, &request, 4, &written, NULL);
if(!success || written != 4)
{
return -1;
}

float receive;
DWORD read = 0;
success = ReadFile(hPipe, &receive, 4, &read, NULL);
if(success && read == 4)
{
return (int)receive;
}

return -1;
}

DelphiExport int GetPluginABIVersion()
{
return 2;
}

DelphiExport int GetFunctionCount()
{
return 3; //with 1 works well, 2 or 3 makes it crash
}

DelphiExport int GetFunctionInfo(int x, void*& address, char*& def)
{
switch(x)
{
case 0:
{
address = reinterpret_cast<void*>(GetProcAddress(inst, "DXI_MakeCompass"));
strcpy(def, "function DXI_MakeCompass(angle: integer): integer;");
} break;

case 1:
{
address = reinterpret_cast<void*>(GetProcAddress(inst, "DXI_Connect"));
strcpy(def, "function DXI_Connect: boolean;");
} break;

case 2:
{
address = reinterpret_cast<void*>(GetProcAddress(inst, "DXI_Disconnect"));
strcpy(def, "procedure DXI_Disconnect();");
} break;

default:
{
char buff[128];
memset(buff, 0, 128);
sprintf(buff, "Wrong function index: %i", 128);
MessageBox(NULL, buff, "info", MB_OK);
x = -1;
}
}

return x;
}


http://i.imgur.com/1IFbF.png

Mato
07-09-2012, 02:04 PM
Thanks for the help but it still crashes with the exact same code you have there. I think its something to do with the simba version, i see you use 990 and i use 984. Ill download the newest one too and check if it works with it.

EDIT: Yep, that was it. Works beutifully now ;) Again thanks for the help.

Brandon
07-09-2012, 03:21 PM
You're right.. I just downgraded Simba to 0.984, it crashes.. I got a stacktrace though but it isn't helpful in any way.
I also tried it with the new libsmart (Not remote) and it also crashes. Made my own plugin and that crashes too. Dunno why either.

With that said, use the 0.99 I guess since it works there.. The below shows 0.984 trying to load your plugin twice. Time to re-upgrade then.

For any on lookers, You can try running simba through CMD and see what I mean.. It'll look like:


Microsoft Windows [Version 6.2.8400]
(c) 2012 Microsoft Corporation. All rights reserved.

C:\Users\Brandon>C:/Simba/Simba.exe
Setting LastConfig/MainForm/RecentFiles/File10 to
You cannot hide the window, since its not created by Simba
No valid command line args are passed
Init procedure successfully called
Init procedure successfully called
Init procedure successfully called
Setting Extensions/ExtensionCount to 10
Adding Plugin Path: C:\Simba\Plugins\
Adding Plugin Path: C:\Simba\Plugins\
Current Simba version: 984
Latest Simba Version: 984
Loading plugin ExportPascal at C:\Simba\Plugins\
funcinfo 0
funcinfo 1
funcinfo 2
Loading plugin ExportPascal at C:\Simba\Plugins\
funcinfo 0
funcinfo 1
funcinfo 2
TApplication.HandleException Access violation
Stack trace:
$0040C2C8
$0053B8AE
$759C7704
$759C842B
$759C81ED
$759C82DA
$0053E505
$00421E39
$0042227F
$00460513
$0042223A
$0042223A

C:\Users\Brandon>

Olly
07-10-2012, 02:40 AM
Mato how does your direct x walking work? Can work out a way to get tiles or what :P Just wondering.

Mark
07-10-2012, 08:59 AM
He uses the Geometry of runescape surface I think pretty clever and accurate

Mato
07-10-2012, 10:31 AM
Thats right. The paths are just arrays of points relative to the path starting point. The starting point is found by searching the surface geometry for that point so it only has to find the one point once and then it can walk along the path correctly regardless of compass angle.

John
07-10-2012, 11:12 AM
Thats right. The paths are just arrays of points relative to the path starting point. The starting point is found by searching the surface geometry for that point so it only has to find the one point once and then it can walk along the path correctly regardless of compass angle.

I'm Guessing you dont have an ETA on this? I can't wait to Integrate this into my scripts :D

Mat
07-10-2012, 11:16 AM
Same as John :)
It'll be amazing if you had a vague ETA :)
Mat

Mark
07-10-2012, 11:24 AM
I've been eager for this myself we just have to be patient as this is a one man show atm.

I'm currently looking into the basics of C++ myself so I could possible help in the near future but I have to admit the language is ugly as hell.

Mato
07-10-2012, 11:41 AM
This might be a stupid question but what do you mean by ETA? I tried to search for it in google but didnt find anything that would fit this topic.

Mark
07-10-2012, 11:42 AM
haha you need to watch more action films estimated time arrival

Mato
07-10-2012, 11:44 AM
Oh yea haha :P I was linking it to some copyright related stuff :D But yea i cant give a accurate ETA cause i just do this in my freetime when i feel like it :)

John
07-10-2012, 12:33 PM
Oh yea haha :P I was linking it to some copyright related stuff :D But yea i cant give a accurate ETA cause i just do this in my freetime when i feel like it :)

It's all good :D Just don't leave us like Silent wolf :(

Flight
07-10-2012, 02:19 PM
It's all good :D Just don't leave us like Silent wolf :(

This looks familiar... Oh right!


Awesome :). Just don't leave us like silentwolf ;).


Silentwolf left long before you were around here, John.

On another note, Silentwolf worked with OpenGL and the project was continued by Aftermath and MissSilabsoft over at MITB. Infact, an OGL plugin for Simba is still fully functional to this day; Aftermath wrote many anti-randoms through the plugin alone. So Silentwolf's leaving was not "the end of it".

Mark
07-11-2012, 07:30 PM
Alrite bud been tryng to play with the pluggin having trouble injecting the dll now which i wasnt befoe this version has anything changed to effect the injection process ?

NKN
07-11-2012, 07:39 PM
Mato, how long did it take to get it this far, like, when did you start working on it?

Mato
07-11-2012, 08:29 PM
I started with this about 1 and a half months ago. And no, nothing in that side has changed so the injection should go just like before. Can you give me a more detailed report of the problem and the log file if it ran long enough to print it so i could see where the problem is? And also did you switch to directx first, reload the game and then inject or did you just try to switch to directx after injection? If you did like last way, do it the way i said first.

Mark
07-11-2012, 08:40 PM
ive tried it both ways
here is the log file


HandlePipe(): Pipe succesfully created
addrCallCreateDevice: 0x634A257A
hWnd: 0x000402CE
Hooks initialized


also i have no problems using the other DLL injects perfect with that one allows me Show id ect while this one doesnt also tried running the Compas procedure from pluggin it correcty calls the function Mouse moves ect but due to it not injecting doesnt correctly change angle.

Mato
07-11-2012, 08:51 PM
If the mouse moves even a bit it means that it should be running properly. Did you remember to press numpad 4 ingame so the text pops out? Im on my phone atm so i cant check but you might need to press that key for it to start updating the minimap position and angle so try that. If no luck with that, i cant do more from my phone.

Sirenia
07-11-2012, 08:59 PM
Nice work on the first post but you forgot the links to download your project :P

Mark
07-11-2012, 09:35 PM
If the mouse moves even a bit it means that it should be running properly. Did you remember to press numpad 4 ingame so the text pops out? Im on my phone atm so i cant check but you might need to press that key for it to start updating the minimap position and angle so try that. If no luck with that, i cant do more from my phone.

Yeah i pressed num 4 but nothing shows up like it used to will have to try later on
busy sorting y fishing gear tonite the mrs been chewing my ear off to sort the shed out for awhile now :/

Master BAW
07-12-2012, 12:01 AM
Nice project! Subscribed and +REP. I hope this will still work after optimus though :rolleyes:

John
07-12-2012, 12:17 AM
This looks familiar... Oh right!




Silentwolf left long before you were around here, John.

On another note, Silentwolf worked with OpenGL and the project was continued by Aftermath and MissSilabsoft over at MITB. Infact, an OGL plugin for Simba is still fully functional to this day; Aftermath wrote many anti-randoms through the plugin alone. So Silentwolf's leaving was not "the end of it".
I knew i read about him some where :whistling: