Executables load at 0x140000000 without ASLR, so I'm not sure what's wrong. Is Modules[0] rs2client.exe?
If the Windows 7 executable is different from the Windows 10 one then the offsets won't work of course.
Executables load at 0x140000000 without ASLR, so I'm not sure what's wrong. Is Modules[0] rs2client.exe?
If the Windows 7 executable is different from the Windows 10 one then the offsets won't work of course.
Last edited by Kompromaus; 04-26-2018 at 02:11 AM.
On my old w7 laptop base address keeps changing every launch. Md5 hash however stays same. Ill try my w10 desktop pc at morning.
Ok tryed at w10 pc.
Exe hash is same, would indicate that it is same exe as on windows 7.Code:Name:rs2client.exe Path:c:\programdata\jagex\launcher\rs2client.exe Base:7ff63ddd0000 Size:74d000 Client MD5 hash:788b1fa4ff3afd8471172701332e0008
Your code result:
Buffer reads same result, what should be there actually? Some values pointing to other places in memory?Code:Enter PID: 10180 npcTableAddress:7FF63E4B3018 npcVTableAddress:7FF63E2FD370 buffer:5B08F000030D15 Woops, didn't read enough bytes (NPC 0)!
On Windows 10, can you run the command "Get-FileHash -Algorithm MD5 ./rs2client.exe" in the ProgramData/Jagex/launcher directory via PowerShell?
I get 3F04078166CA5652BC12C58D64D6FA98 as of today (April 26).
There are multiple Windows clients (64-bit and 32-bit)--like 2 or 3 of them. The launcher downloads a different one depending on hardware and such. That's why I hacked together some custom launcher from someone's open source Linux launcher.
edit: ok I checked. You have client binary type 6 (64 bit Windows + DLLs). My offsets only work with client type 2. I ported this https://github.com/syldrathecat/nxtlauncher to Windows but it's a mess. I'll see if I can clean it up later and post it on my GitHub.
edit 2: How did you find the GUI pattern? I've found some GUI stuff (panels/buttons/items) and have a hierarchy but I can't quite figure out how to find out which "interface" they belong to (e.g., bank pin, bank window, inventory panel...).
Last edited by Kompromaus; 04-26-2018 at 07:24 PM.
Updated and crashes possibly less.
and I wonder how could I make minimap dots rotate. Nvrmind its was easy
Srry couldnt stop spamming my own topic.
So I has investigated keyboard/mouse simulation methods. Most interesting ones are windows kernel ones. I has found a few and must ask software experts here which is best one to use.
It seems all of these install their own system dll and you can send your commands there.
InpOutx64 http://www.highrez.co.uk/downloads/inpout32/
Interception https://github.com/oblitum/Interception
WinRing0 https://github.com/QCute/WinRing0
Interception seems to best choice as it most maintained. But idno.
Edit: Can't find source code to his driver install.exe. I wanto check and install in source code.
Edit2: Well Interception works. But there is a huge issue. After using a fake mouse draw thing, as soon I move real mouse it jumps back to real mouse position. Nevermind I has given up on this thing
It will be easiest to use RDP. You should either try to look at MsRdpClient (and its variations) or FreeRDP for a programmatic interface to the resulting connection. You will need to use RDPWrap. If you look in the RDPWrap repository there is a test program which uses MsRdpClient2 but it is written in Delphi. The project has very recently been migrating to C++ so that it is easier to develop for.
It was not possible in my tests to use MsRdpClient at any version from C#. I do not know why. I have not had the time to retry with COM from C++. Some testing in either direction should be easy to start.
If you really would prefer I can help you try to use the methods you are talking about but they do not allow you to use your computer while you are running a bot. If you use RDP you can continue to use your computer as well as have the input you are generating look authentic. The kernel is injecting it somewhere in the terminal services code running the RDP session and it will generate a WM_INPUT event.
You probably do not want InpOutx64 or WinRing0. The first is for accessing the pins of the processor and the PCIe interface directly. WinRing0 could do what you want, but you would need to provide a lot of supporting code. Interception would work and I have read about it. There is also the USB/IP driver for creating fake devices to be driven over a network. USB/IP is your best bet if you want to create a fake device.
Last edited by R0b0t1; 05-20-2018 at 07:44 AM.
The jealous temper of mankind, ever more disposed to censure than
to praise the work of others, has constantly made the pursuit of new
methods and systems no less perilous than the search after unknown
lands and seas.
Inception works well... on desktop. But on remote window it tryes to control primary desktop mouse for some reason, even if it was started in remote desktop. Possible its driver sends info still to the REAL mouse from remote desktop. Now how does remote desktop mouse thing work? is it fake?
By remote window do you mean RDP? There is no reason to use it with RDP. The best solution is to launch an RDP connection with the MS-provided class I referenced or to hook into the FreeRDP code. You would then be sending events over the network that the Microsoft Terminal Services code turns into input events.
Inception registers what looks to Windows like a hardware device. Session 1 is a privileged terminal services instance that receives all human interface device events. The fake hardware will only go to the local privileged session as a protection against keylogging. Connecting via RDP creates additional terminal services sessions that are not session 1 and can only interact with the machine's physical hardware in limited ways.
As far as anyone is aware, logging in with RDP is the only method that can create a new terminal services session, and thus, a new copy of the low level input stack.
The jealous temper of mankind, ever more disposed to censure than
to praise the work of others, has constantly made the pursuit of new
methods and systems no less perilous than the search after unknown
lands and seas.
That RDP thing would be interesting but I has no idea what to do. Google doesn't wield any results on injecting mouse events on or onto remote desktop.
Nice job alar!
I am currently trying your plugin, it's pretty dope! Love the debug idea!
w2s doesn't seem to be working tho
Can't wait to start writing plugins with this beast!
EDIT: Trying your FindNpc example and for some reason, Simba is asking for 10 arguments, when you only provide 6. Looking at dllmain.cpp everything seems to be fine, I don't understand. Have any idea what is going on?
Here you can see:
yVPSQ6M.png
It compiles the first line, but the second one it doens't... Had to brute force parameter types to be able to compile the first one.
Code has changed :P
But to kill some goblins.
FindNPCs1([66],1,25,0,0,0,0,True,0,"Attack")
66 replace with goblins id and it should work. BUT you must now install interception to move mouse with it. Ill update first post.
Edit: As for picking up items, that code is not finished...
This thread contains a summary. You don't actually need to do any programming, but you do need to install a program which modifies a system DLL. The only catch is that you can't minimize the RDP window. Microsoft's implementation they give you by default stops sending events when minimized. You could try connecting with FreeRDP and seeing if there is any difference.
Working with MsRdpClient directly would allow you to "minimize" the window or not even create one in the first place. But if you don't want to do that you don't have to. If you have the time look at the code in the RDPWrap repository that uses the terminal services DLL and try to adapt it to FreePascal or C/C++.
The jealous temper of mankind, ever more disposed to censure than
to praise the work of others, has constantly made the pursuit of new
methods and systems no less perilous than the search after unknown
lands and seas.
Interception calculations aren't quite correct yet. Anyhow if console window shows that mouse is found, only after that can be mouse controlled by script.
Ohh okay! Well I got the mouse found message. Been looking through the repository, the code could be cleaned a bit
Anything I can be helpful with?
Well if you really wanto help....
Figure out how to get any char to translated to keyboard scancode.Code:VOID KeyPress_(char mK) { HKL kbl = GetKeyboardLayout(0); //no idea how to get shift characters KeyboardPress(MapVirtualKeyEx(VkKeyScanEx(mK, kbl), MAPVK_VK_TO_VSC, kbl), 100,2000); }
Currently it only does small case and not unicode.
Good luck
Well I am still waiting for anyone help me with stiff chars.
But I have noticed that jagex is reluctant dismissing java. Guess they keep it as backup plan in case if nxt as c program utterly falls to the haxers. They also fired mod philip who was main developer of nxt and showed browser version of it 2 years ago. Since then barely any progress have been made. No vulkan/dx12 support.
GitLab projects | Simba 1.4 | Find me on IRC or Discord | ScapeRune scripts | Come play bot ScapeRune!
<BenLand100> we're just in the transitional phase where society reclassifies guns as Badâ„¢ before everyone gets laser pistols
There are currently 1 users browsing this thread. (0 members and 1 guests)