Page 3 of 6 FirstFirst 12345 ... LastLast
Results 51 to 75 of 144

Thread: Memory reading.

  1. #51
    Join Date
    Apr 2017
    Posts
    11
    Mentioned
    1 Post(s)
    Quoted
    5 Post(s)

    Default

    Executables load at 0x140000000 without ASLR, so I'm not sure what's wrong. Is Modules[0] rs2client.exe?

    If the Windows 7 executable is different from the Windows 10 one then the offsets won't work of course.
    Last edited by Kompromaus; 04-26-2018 at 02:11 AM.

  2. #52
    Join Date
    Jul 2009
    Posts
    166
    Mentioned
    5 Post(s)
    Quoted
    69 Post(s)

    Default

    On my old w7 laptop base address keeps changing every launch. Md5 hash however stays same. Ill try my w10 desktop pc at morning.

  3. #53
    Join Date
    Jul 2009
    Posts
    166
    Mentioned
    5 Post(s)
    Quoted
    69 Post(s)

    Default

    Ok tryed at w10 pc.
    Code:
    Name:rs2client.exe Path:c:\programdata\jagex\launcher\rs2client.exe Base:7ff63ddd0000 Size:74d000
    Client MD5 hash:788b1fa4ff3afd8471172701332e0008
    Exe hash is same, would indicate that it is same exe as on windows 7.
    Your code result:
    Code:
    Enter PID:
    10180
    npcTableAddress:7FF63E4B3018
    npcVTableAddress:7FF63E2FD370
    buffer:5B08F000030D15
    Woops, didn't read enough bytes (NPC 0)!
    Buffer reads same result, what should be there actually? Some values pointing to other places in memory?

  4. #54
    Join Date
    Apr 2017
    Posts
    11
    Mentioned
    1 Post(s)
    Quoted
    5 Post(s)

    Default

    On Windows 10, can you run the command "Get-FileHash -Algorithm MD5 ./rs2client.exe" in the ProgramData/Jagex/launcher directory via PowerShell?

    I get 3F04078166CA5652BC12C58D64D6FA98 as of today (April 26).

    There are multiple Windows clients (64-bit and 32-bit)--like 2 or 3 of them. The launcher downloads a different one depending on hardware and such. That's why I hacked together some custom launcher from someone's open source Linux launcher.

    edit: ok I checked. You have client binary type 6 (64 bit Windows + DLLs). My offsets only work with client type 2. I ported this https://github.com/syldrathecat/nxtlauncher to Windows but it's a mess. I'll see if I can clean it up later and post it on my GitHub.

    edit 2: How did you find the GUI pattern? I've found some GUI stuff (panels/buttons/items) and have a hierarchy but I can't quite figure out how to find out which "interface" they belong to (e.g., bank pin, bank window, inventory panel...).
    Last edited by Kompromaus; 04-26-2018 at 07:24 PM.

  5. #55
    Join Date
    Jul 2009
    Posts
    166
    Mentioned
    5 Post(s)
    Quoted
    69 Post(s)

    Default

    Updated and crashes possibly less.

  6. #56
    Join Date
    Jul 2009
    Posts
    166
    Mentioned
    5 Post(s)
    Quoted
    69 Post(s)

    Default

    and I wonder how could I make minimap dots rotate. Nvrmind its was easy

  7. #57
    Join Date
    Jul 2009
    Posts
    166
    Mentioned
    5 Post(s)
    Quoted
    69 Post(s)

    Default

    Srry couldnt stop spamming my own topic.

    So I has investigated keyboard/mouse simulation methods. Most interesting ones are windows kernel ones. I has found a few and must ask software experts here which is best one to use.
    It seems all of these install their own system dll and you can send your commands there.
    InpOutx64 http://www.highrez.co.uk/downloads/inpout32/
    Interception https://github.com/oblitum/Interception
    WinRing0 https://github.com/QCute/WinRing0

    Interception seems to best choice as it most maintained. But idno.
    Edit: Can't find source code to his driver install.exe. I wanto check and install in source code.
    Edit2: Well Interception works. But there is a huge issue. After using a fake mouse draw thing, as soon I move real mouse it jumps back to real mouse position. Nevermind I has given up on this thing

  8. #58
    Join Date
    Dec 2006
    Location
    Banville
    Posts
    3,914
    Mentioned
    12 Post(s)
    Quoted
    98 Post(s)

    Default

    It will be easiest to use RDP. You should either try to look at MsRdpClient (and its variations) or FreeRDP for a programmatic interface to the resulting connection. You will need to use RDPWrap. If you look in the RDPWrap repository there is a test program which uses MsRdpClient2 but it is written in Delphi. The project has very recently been migrating to C++ so that it is easier to develop for.

    It was not possible in my tests to use MsRdpClient at any version from C#. I do not know why. I have not had the time to retry with COM from C++. Some testing in either direction should be easy to start.


    If you really would prefer I can help you try to use the methods you are talking about but they do not allow you to use your computer while you are running a bot. If you use RDP you can continue to use your computer as well as have the input you are generating look authentic. The kernel is injecting it somewhere in the terminal services code running the RDP session and it will generate a WM_INPUT event.

    You probably do not want InpOutx64 or WinRing0. The first is for accessing the pins of the processor and the PCIe interface directly. WinRing0 could do what you want, but you would need to provide a lot of supporting code. Interception would work and I have read about it. There is also the USB/IP driver for creating fake devices to be driven over a network. USB/IP is your best bet if you want to create a fake device.
    Last edited by R0b0t1; 05-20-2018 at 07:44 AM.
    The jealous temper of mankind, ever more disposed to censure than
    to praise the work of others, has constantly made the pursuit of new
    methods and systems no less perilous than the search after unknown
    lands and seas.

  9. #59
    Join Date
    Jul 2009
    Posts
    166
    Mentioned
    5 Post(s)
    Quoted
    69 Post(s)

    Default

    Inception works well... on desktop. But on remote window it tryes to control primary desktop mouse for some reason, even if it was started in remote desktop. Possible its driver sends info still to the REAL mouse from remote desktop. Now how does remote desktop mouse thing work? is it fake?

  10. #60
    Join Date
    Dec 2006
    Location
    Banville
    Posts
    3,914
    Mentioned
    12 Post(s)
    Quoted
    98 Post(s)

    Default

    Quote Originally Posted by alar82 View Post
    Inception works well... on desktop. But on remote window it tryes to control primary desktop mouse for some reason, even if it was started in remote desktop. Possible its driver sends info still to the REAL mouse from remote desktop. Now how does remote desktop mouse thing work? is it fake?
    By remote window do you mean RDP? There is no reason to use it with RDP. The best solution is to launch an RDP connection with the MS-provided class I referenced or to hook into the FreeRDP code. You would then be sending events over the network that the Microsoft Terminal Services code turns into input events.

    Inception registers what looks to Windows like a hardware device. Session 1 is a privileged terminal services instance that receives all human interface device events. The fake hardware will only go to the local privileged session as a protection against keylogging. Connecting via RDP creates additional terminal services sessions that are not session 1 and can only interact with the machine's physical hardware in limited ways.

    As far as anyone is aware, logging in with RDP is the only method that can create a new terminal services session, and thus, a new copy of the low level input stack.
    The jealous temper of mankind, ever more disposed to censure than
    to praise the work of others, has constantly made the pursuit of new
    methods and systems no less perilous than the search after unknown
    lands and seas.

  11. #61
    Join Date
    Jul 2009
    Posts
    166
    Mentioned
    5 Post(s)
    Quoted
    69 Post(s)

    Default

    That RDP thing would be interesting but I has no idea what to do. Google doesn't wield any results on injecting mouse events on or onto remote desktop.

  12. #62
    Join Date
    Feb 2012
    Location
    Portugal
    Posts
    91
    Mentioned
    3 Post(s)
    Quoted
    41 Post(s)

    Default

    Nice job alar!
    I am currently trying your plugin, it's pretty dope! Love the debug idea!

    w2s doesn't seem to be working tho
    Can't wait to start writing plugins with this beast!

    EDIT: Trying your FindNpc example and for some reason, Simba is asking for 10 arguments, when you only provide 6. Looking at dllmain.cpp everything seems to be fine, I don't understand. Have any idea what is going on?

    Here you can see:
    yVPSQ6M.png

    It compiles the first line, but the second one it doens't... Had to brute force parameter types to be able to compile the first one.

  13. #63
    Join Date
    Jul 2009
    Posts
    166
    Mentioned
    5 Post(s)
    Quoted
    69 Post(s)

    Default

    Quote Originally Posted by PatriqDesigns View Post
    Nice job alar!
    I am currently trying your plugin, it's pretty dope! Love the debug idea!

    w2s doesn't seem to be working tho
    Can't wait to start writing plugins with this beast!

    EDIT: Trying your FindNpc example and for some reason, Simba is asking for 10 arguments, when you only provide 6. Looking at dllmain.cpp everything seems to be fine, I don't understand. Have any idea what is going on?

    Here you can see:
    yVPSQ6M.png

    It compiles the first line, but the second one it doens't... Had to brute force parameter types to be able to compile the first one.

    Code has changed :P
    But to kill some goblins.
    FindNPCs1([66],1,25,0,0,0,0,True,0,"Attack")
    66 replace with goblins id and it should work. BUT you must now install interception to move mouse with it. Ill update first post.
    Edit: As for picking up items, that code is not finished...

  14. #64
    Join Date
    Dec 2006
    Location
    Banville
    Posts
    3,914
    Mentioned
    12 Post(s)
    Quoted
    98 Post(s)

    Default

    Quote Originally Posted by alar82 View Post
    That RDP thing would be interesting but I has no idea what to do. Google doesn't wield any results on injecting mouse events on or onto remote desktop.
    This thread contains a summary. You don't actually need to do any programming, but you do need to install a program which modifies a system DLL. The only catch is that you can't minimize the RDP window. Microsoft's implementation they give you by default stops sending events when minimized. You could try connecting with FreeRDP and seeing if there is any difference.

    Working with MsRdpClient directly would allow you to "minimize" the window or not even create one in the first place. But if you don't want to do that you don't have to. If you have the time look at the code in the RDPWrap repository that uses the terminal services DLL and try to adapt it to FreePascal or C/C++.
    The jealous temper of mankind, ever more disposed to censure than
    to praise the work of others, has constantly made the pursuit of new
    methods and systems no less perilous than the search after unknown
    lands and seas.

  15. #65
    Join Date
    Nov 2011
    Location
    England
    Posts
    3,072
    Mentioned
    296 Post(s)
    Quoted
    1094 Post(s)

    Default

    Quote Originally Posted by R0b0t1 View Post
    Microsoft's implementation they give you by default stops sending events when minimized
    SIKE. https://villavu.com/forum/showthread...44#post1391344

  16. #66
    Join Date
    Jul 2009
    Posts
    166
    Mentioned
    5 Post(s)
    Quoted
    69 Post(s)

    Default

    Interception calculations aren't quite correct yet. Anyhow if console window shows that mouse is found, only after that can be mouse controlled by script.

  17. #67
    Join Date
    Feb 2012
    Location
    Portugal
    Posts
    91
    Mentioned
    3 Post(s)
    Quoted
    41 Post(s)

    Default

    Ohh okay! Well I got the mouse found message. Been looking through the repository, the code could be cleaned a bit

  18. #68
    Join Date
    Jul 2009
    Posts
    166
    Mentioned
    5 Post(s)
    Quoted
    69 Post(s)

    Default

    Quote Originally Posted by PatriqDesigns View Post
    Ohh okay! Well I got the mouse found message. Been looking through the repository, the code could be cleaned a bit
    Yes. Needs a lot of fixin too.
    Updated plug, SetupRSReading changed.

  19. #69
    Join Date
    Feb 2012
    Location
    Portugal
    Posts
    91
    Mentioned
    3 Post(s)
    Quoted
    41 Post(s)

    Default

    Anything I can be helpful with?

  20. #70
    Join Date
    Jul 2009
    Posts
    166
    Mentioned
    5 Post(s)
    Quoted
    69 Post(s)

    Default

    Well if you really wanto help....

    Code:
    VOID KeyPress_(char mK) {
    	HKL kbl = GetKeyboardLayout(0);
    	//no idea how to get shift characters
    	KeyboardPress(MapVirtualKeyEx(VkKeyScanEx(mK, kbl), MAPVK_VK_TO_VSC, kbl), 100,2000);
    }
    Figure out how to get any char to translated to keyboard scancode.
    Currently it only does small case and not unicode.
    Good luck

  21. #71
    Join Date
    Jul 2009
    Posts
    166
    Mentioned
    5 Post(s)
    Quoted
    69 Post(s)

    Default

    Well I am still waiting for anyone help me with stiff chars.

    But I have noticed that jagex is reluctant dismissing java. Guess they keep it as backup plan in case if nxt as c program utterly falls to the haxers. They also fired mod philip who was main developer of nxt and showed browser version of it 2 years ago. Since then barely any progress have been made. No vulkan/dx12 support.

  22. #72
    Join Date
    Sep 2010
    Posts
    5,762
    Mentioned
    136 Post(s)
    Quoted
    2739 Post(s)

    Default

    Quote Originally Posted by alar82 View Post
    Well I am still waiting for anyone help me with stiff chars.

    But I have noticed that jagex is reluctant dismissing java. Guess they keep it as backup plan in case if nxt as c program utterly falls to the haxers. They also fired mod philip who was main developer of nxt and showed browser version of it 2 years ago. Since then barely any progress have been made. No vulkan/dx12 support.
    he didn't get fired

  23. #73
    Join Date
    Jul 2009
    Posts
    166
    Mentioned
    5 Post(s)
    Quoted
    69 Post(s)

    Default

    Quote Originally Posted by rj View Post
    he didn't get fired
    Well looks bit like it. Maybe they didn't pay him enough.

    Guys, anyone has seen smart source? I can't find it. It would be interesting to see.

  24. #74
    Join Date
    Oct 2012
    Posts
    1,258
    Mentioned
    40 Post(s)
    Quoted
    588 Post(s)

    Default

    Quote Originally Posted by alar82 View Post
    Well looks bit like it. Maybe they didn't pay him enough.

    Guys, anyone has seen smart source? I can't find it. It would be interesting to see.
    yup. It's available on benland100's github page

  25. #75
    Join Date
    Dec 2011
    Location
    East Coast, USA
    Posts
    4,231
    Mentioned
    112 Post(s)
    Quoted
    1869 Post(s)

    Default

    Quote Originally Posted by acow View Post
    yup. It's available on benland100's github page
    https://github.com/BenLand100/SMART

    GitLab projects | Simba 1.4 | Find me on IRC or Discord | ScapeRune scripts | Come play bot ScapeRune!

    <BenLand100> we're just in the transitional phase where society reclassifies guns as Badâ„¢ before everyone gets laser pistols

Page 3 of 6 FirstFirst 12345 ... LastLast

Thread Information

Users Browsing this Thread

There are currently 2 users browsing this thread. (0 members and 2 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •