Results 1 to 2 of 2
  1. #1
    Grooguz
    Grooguz is offline
    BanHammer Holder
    Grooguz's Avatar
    Join Date
    2010 May
    Posts
    678
    Thanks Thanks Given 
    152
    Thanks Thanks Received 
    537
    Thanked in
    167 Posts
    Rep Power
    15

    RegEx Offset Finder Source code

    Example how to write Offset Finder with AutoIt.
    Code from: https://progamercity.net/perfect-wor...er-source.html
    Code:
    #RequireAdmin
    #region ;**** Directives created by AutoIt3Wrapper_GUI ****
    #AutoIt3Wrapper_Compression=4
    #AutoIt3Wrapper_Res_Description=Find offsets for Perfect World
    #AutoIt3Wrapper_Res_Fileversion=2.0
    #AutoIt3Wrapper_Res_LegalCopyright=No0oB
    #AutoIt3Wrapper_Res_Language=1041
    #AutoIt3Wrapper_Run_Tidy=y
    #endregion ;**** Directives created by AutoIt3Wrapper_GUI ****
    #include <GUIListView.au3>
    #include <WinAPI.au3>
    ;#include <Array.au3>
    Opt("GUIOnEventMode", 1)
    
    Global $UnfreezeOffset = "(0F95C084C08885(.{8}))"
    Global $SearchExression = _
    		".*?(8B0D(.{8})898D40F1FFFF6A01)" & _ ;Base_Address
    		".*?(8986(.{8})8A4F03)" & _ ;LVL_Offset
    		".*?(898E(.{8})8B5714)" & _ ;Culti_Offset
    		".*?(8996(.{8})8B4718)" & _ ;EXP_Offset
    		".*?(8986(.{8})8B4F04)" & _ ;Spirit_offset
    		".*?(898E(.{8})8B570C)" & _ ;HP_OffSet
    		".*?(8996(.{8})8B471C)" & _ ;MP_OffSet
    		".*?(8986(.{8})8B4F08)" & _ ;CHI_OffSet
    		".*?(898E(.{8})8B5710)" & _ ;MaxHP_OffSet
    		".*?(8996(.{8})8B4720)" & _ ;MaxMP_OffSet
    		".*?(8986(.{8})8A4702)" & _ ;MaxCHI_Offset
    		".*?(8B108996(.{8})8B4004)" & _ ;gold_Offset
    		".*?(6A0A8986(.{8}))" & _ ;state_Offset
    		".*?(8986(.{8})8B40048BC8)" & _ ;castid_Offset
    		".*?(A1(.{8})578B482081C1EC)" & _ ;BaseCall_Offset
    		".*?(568BF18B86(.{8})85C0)" & _ ;target_Offset
    		".*?(8B8E(.{8})3BCB740655)" & _ ;pet_Offset
    		".*?(8B8E(.{8})8B47503BC8)" & _ ;str_Offset
    		".*?(8B96(.{8})8B47543BD0)" & _ ;dex_Offset
    		".*?(8B86(.{8})8B4F5C3BC1)" & _ ;vit_Offset
    		".*?(8B8E(.{8})8B47603BC8)" & _ ;mag_Offset
    		".*?(8B96(.{8})8B47643BD0)" & _ ;reputation_Offset
    		".*?(EB5D8B8E(.{8})B801)" & _ ;class_Offset
    		".*?(8B491C33C08B91(.{8})85D2)" & _ ;jump_Offset
    		".*?(32C0C38B89(.{8})568BB0)" & _ ;charid_Offset
    		".*?(8B83(.{8})8D4C243C)" & _ ;name_Offset
    		"";".*?((.{8}))" & _ ;
    
    Global $NameArray[26] = [ _
    		"Base_Address", _
    		"LVL_Offset", _
    		"Culti_Offset", _
    		"EXP_Offset", _
    		"Spirit_Offset", _
    		"HP_Offset", _
    		"MP_Offset", _
    		"CHI_Offset", _
    		"MaxHP_Offset", _
    		"MaxMP_OffSet", _
    		"MaxCHI_Offset", _
    		"Gold_Offset", _
    		"State_Offset", _
    		"CastID_Offset", _
    		"BaseCall_Address", _
    		"TargetID_Offset", _
    		"Pet_Offset", _
    		"STR_Offset", _
    		"DEX_Offset", _
    		"VIT_Offset", _
    		"MAG_Offset", _
    		"Reputation_Offset", _
    		"Class_Offset", _
    		"Jump_Offset", _
    		"CharID_Offset", _
    		"Name_Offset"]
    
    #region ### START Koda GUI section ### Form=
    $hGuiMain = GUICreate("Offset Retriever v2.0", 340, 400, -1, -1)
    GUISetOnEvent(-3, "_Exit")
    GUISetBkColor(0x000000, $hGuiMain)
    $ButtonFind = GUICtrlCreateButton("Find", 160, 3, 75, 25)
    $ButtonSave = GUICtrlCreateButton("Save", 240, 3, 75, 25)
    $ListView = _GUICtrlListView_Create($hGuiMain, "Name|Value(hex)|Value(dec)", 10, 30, 320, 340)
    _GUICtrlListView_SetExtendedListViewStyle($ListView, 0x00010120)
    _GUICtrlListView_SetColumnWidth($ListView, 0, 120)
    _GUICtrlListView_SetColumnWidth($ListView, 1, 100)
    _GUICtrlListView_SetColumnWidth($ListView, 2, 100)
    GUICtrlCreateLabel("Offset Retriever by No0oB", 10, 8, 128, 17)
    GUICtrlSetColor(-1, 0xFFFFFF)
    GUICtrlSetOnEvent($ButtonFind, "ButtonFindClick")
    GUICtrlSetOnEvent($ButtonSave, "ButtonSaveClick")
    GUISetState(@SW_SHOW)
    #endregion ### END Koda GUI section ###
    
    While 1
    	Sleep(100)
    WEnd
    
    Func _Exit()
    	Exit
    EndFunc   ;==>_Exit
    
    Func ButtonFindClick()
    	Local $File = "elementclient.exe", $Data = ""
    	$PID = ProcessExists($File)
    	If $PID <> 0 Then
    		$Elementclient = GetModuleBaseByName($PID, $File)
    		$Data = ReadMemory("0x" & Hex($Elementclient[1]), 'byte[' & $Elementclient[2] & ']')
    	Else
    		MsgBox(0, "Offset Retriever", "Point me to your 'elementclient.exe'.")
    		Local $File = FileOpenDialog("Search for file...", @DesktopDir, "(elementclient.exe)", 4, "")
    		If FileExists($File) Then
    			$FileHnd = FileOpen($File, 16)
    			Local $Data = FileRead($FileHnd, FileGetSize($File))
    			FileClose($FileHnd)
    		Else
    			Local $Data = ""
    		EndIf
    	EndIf
    
    	If $Data <> "" Then
    		Local $x = 0
    		Local $check = StringRegExp($Data, $SearchExression, 3)
    		If IsArray($check) Then
    			Local $info[UBound($check) / 2][3]
    			For $i = 1 To (UBound($check) - 1) Step 2
    				$info[$x][0] = $NameArray[$x]
    				$info[$x][1] = _RemoveZero(Reverse($check[$i]))
    				$info[$x][2] = Dec(Reverse($check[$i]))
    				$x += 1
    			Next
    			_ArraySort($info, 1, 0, 0, 2)
    			$aUnfreezeOffset = StringRegExp($Data, $UnfreezeOffset, 1)
    			$aBaseAddress = $info[0][1]
    			If IsArray($aUnfreezeOffset) Then
    				$UnfreezeAddress = ("0x" & $aBaseAddress) - 0x1C
    				$UnfreezeAddress = Hex($UnfreezeAddress + Dec(Reverse($aUnfreezeOffset[1])))
    				$ArraySize = UBound($info, 1)
    				ReDim $info[$ArraySize][3]
    				$info[$ArraySize - 1][0] = "Unfreeze_Address"
    				$info[$ArraySize - 1][1] = _RemoveZero($UnfreezeAddress)
    				$info[$ArraySize - 1][2] = Dec($UnfreezeAddress)
    			EndIf
    			_ArraySort($info, 1, 0, 0, 2)
    			_GUICtrlListView_BeginUpdate($ListView)
    			_GUICtrlListView_DeleteAllItems($ListView)
    			_GUICtrlListView_AddArray($ListView, $info)
    			For $i = 0 To 3
    				_GUICtrlListView_SetColumnWidth($ListView, $i, $LVSCW_AUTOSIZE_USEHEADER)
    			Next
    			_GUICtrlListView_EndUpdate($ListView)
    		Else
    			$msg = MsgBox(4, "Error", "Can't find all Offsets..." & @CRLF & "Try it with older method?" & @CRLF & "(Slow but maybe it'll find some offsets)")
    			If $msg = 6 Then
    				_OldFindWay($Data)
    			EndIf
    		EndIf
    	EndIf
    EndFunc   ;==>ButtonFindClick
    
    Func _OldFindWay($Data)
    	$Expressions = StringSplit($SearchExression, ".*?", 3)
    	Dim $info[UBound($Expressions) - 1][3]
    	_ArrayDelete($Expressions, 0)
    	$Progress = GUICtrlCreateProgress(10, 375, 320, 17)
    	For $i = 0 To UBound($Expressions) - 1 Step 1
    		$offset = StringRegExp($Data, $Expressions[$i], 1)
    		If IsArray($offset) Then
    			$info[$i][0] = $NameArray[$i]
    			$info[$i][1] = _RemoveZero(Reverse($offset[1]))
    			$info[$i][2] = Dec(Reverse($offset[1]))
    		Else
    			$info[$i][0] = $NameArray[$i]
    			$info[$i][1] = 0
    			$info[$i][2] = 0
    		EndIf
    		GUICtrlSetData($Progress, $i / (UBound($Expressions) - 1) * 100)
    	Next
    	_ArraySort($info, 1, 0, 0, 2)
    	$UnfreezeOffset = "(0F95C084C08885(.{8}))"
    	$aUnfreezeOffset = StringRegExp($Data, $UnfreezeOffset, 1)
    	$aBaseAddress = $info[0][1]
    	If IsArray($aUnfreezeOffset) Then
    		$UnfreezeAddress = ("0x" & $aBaseAddress) - 0x1C
    		$UnfreezeAddress = Hex($UnfreezeAddress + Dec(Reverse($aUnfreezeOffset[1])))
    		$ArraySize = UBound($info, 1)
    		ReDim $info[$ArraySize][3]
    		$info[$ArraySize - 1][0] = "Unfreeze_Address"
    		$info[$ArraySize - 1][1] = _RemoveZero($UnfreezeAddress)
    		$info[$ArraySize - 1][2] = Dec($UnfreezeAddress)
    	EndIf
    	GUICtrlSetData($Progress, 100)
    	GUICtrlDelete($Progress)
    	For $x = UBound($info, 1) - 1 To 0 Step -1
    		If $info[$x][2] = 0 Then
    			_ArrayDelete($info, $x)
    		EndIf
    	Next
    	_ArraySort($info, 1, 0, 0, 2)
    	_GUICtrlListView_BeginUpdate($ListView)
    	_GUICtrlListView_DeleteAllItems($ListView)
    	_GUICtrlListView_AddArray($ListView, $info)
    	For $i = 0 To 3
    		_GUICtrlListView_SetColumnWidth($ListView, $i, $LVSCW_AUTOSIZE_USEHEADER)
    	Next
    	_GUICtrlListView_EndUpdate($ListView)
    EndFunc   ;==>_OldFindWay
    
    Func ButtonSaveClick()
    	$ItemCount = _GUICtrlListView_GetItemCount($ListView)
    	If $ItemCount > 0 Then
    		Local $ResFile = @ScriptDir & "\Custom_Offsets.ini", $ResFileHex = @ScriptDir & "\Custom_Offsets_Hex.ini", $PROPHET_ADDRESS_SECTION_HEX = "Perfect_World_Base_Address_In_Hex", $PROPHET_ADDRESS_SECTION = "Perfect_World_Base_Address_In_Decimal", $ResSectionDec = "Custom_32_Offsets_In_Decimal", $ResSectionHex = "Custom_32_Offsets_In_Hex"
    		$Progress = GUICtrlCreateProgress(10, 375, 320, 20)
    
    		$Text = _GUICtrlListView_GetItemTextArray($ListView, 0)
    		IniWrite($ResFile, $PROPHET_ADDRESS_SECTION, $Text[1], $Text[3])
    		$Text = _GUICtrlListView_GetItemTextArray($ListView, 1)
    		IniWrite($ResFile, $PROPHET_ADDRESS_SECTION, $Text[1], $Text[3])
    		$Text = _GUICtrlListView_GetItemTextArray($ListView, 2)
    		IniWrite($ResFile, $PROPHET_ADDRESS_SECTION, $Text[1], $Text[3])
    
    		$Text = _GUICtrlListView_GetItemTextArray($ListView, 0)
    		IniWrite($ResFileHex, $PROPHET_ADDRESS_SECTION_HEX, $Text[1], $Text[2])
    		$Text = _GUICtrlListView_GetItemTextArray($ListView, 1)
    		IniWrite($ResFileHex, $PROPHET_ADDRESS_SECTION_HEX, $Text[1], $Text[2])
    		$Text = _GUICtrlListView_GetItemTextArray($ListView, 2)
    		IniWrite($ResFileHex, $PROPHET_ADDRESS_SECTION_HEX, $Text[1], $Text[2])
    
    		For $i = 3 To $ItemCount - 1
    			$Text = _GUICtrlListView_GetItemTextArray($ListView, $i)
    			$ResKey = StringReplace($Text[1], " ", "_")
    			IniWrite($ResFile, $ResSectionDec, $ResKey, $Text[3])
    			IniWrite($ResFileHex, $ResSectionHex, $ResKey, $Text[2])
    			GUICtrlSetData($Progress, $i / ($ItemCount - 1) * 100)
    		Next
    
    		GUICtrlDelete($Progress)
    	EndIf
    EndFunc   ;==>ButtonSaveClick
    
    Func _RemoveZero($sHexString)
    	If StringLen($sHexString) <> 0 Then
    		Do
    			$sHexString = StringTrimLeft($sHexString, 1)
    		Until StringLeft($sHexString, 1) <> "0"
    	EndIf
    	Return $sHexString
    EndFunc   ;==>_RemoveZero
    
    Func Reverse($sString)
    	Local $sRevString
    	For $i = StringLen($sString) + 1 To 1 Step -2
    		$sRevString = $sRevString & StringMid($sString, $i, 2)
    	Next
    	Return $sRevString
    EndFunc   ;==>Reverse
    
    Func ReadMemory($Address, $Type = 'dword')
    	Local $BytesRead, $Value
    	Local $PID = ProcessExists("elementclient.exe")
    	Local $hProc = _WinAPI_OpenProcess(0x1F0FFF, 1, $PID, True)
    	Local $Buffer = DllStructCreate($Type)
    	_WinAPI_ReadProcessMemory($hProc, $Address, DllStructGetPtr($Buffer), DllStructGetSize($Buffer), $BytesRead)
    	Local $Value = DllStructGetData($Buffer, 1)
    	_WinAPI_CloseHandle($hProc)
    	Return $Value
    EndFunc   ;==>ReadMemory
    
    Func GetModuleBaseByName($PID, $module) ; thx to lolkop for this
    	Local $hSnapshot, $me32, $bFound, $baseAddress[3]
    	$me32 = DllStructCreate("int;int;int;int;int;int;int;int;char[256];char[260]")
    	DllStructSetData($me32, 1, DllStructGetSize($me32))
    	$hSnapshot = DllCall("kernel32.dll", "hwnd", "CreateToolhelp32Snapshot", "int", 8, "int", $PID)
    	If $hSnapshot[0] = -1 Then Return 0
    	$bFound = DllCall("kernel32.dll", "int", "Module32First", "hwnd", $hSnapshot[0], "ptr", DllStructGetPtr($me32))
    	If $bFound[0] Then
    		Do
    			If StringLower(DllStructGetData($me32, 9)) = StringLower($module) Then
    				$baseAddress[1] = DllStructGetData($me32, 6)
    				$baseAddress[2] = DllStructGetData($me32, 7)
    				ExitLoop
    			EndIf
    			$bFound = DllCall("kernel32.dll", "int", "Module32Next", "hwnd", $hSnapshot[0], "ptr", DllStructGetPtr($me32))
    		Until Not $bFound[0]
    	EndIf
    	DllCall("kernel32.dll", "int", "CloseHandle", "int", $hSnapshot[0])
    	Return $baseAddress
    EndFunc   ;==>GetModuleBaseByName

  2. The Following 3 Users Say Thank You to Grooguz For This Useful Post:


  3. #2
    hamburger
    hamburger is offline
    New member
    Join Date
    2012 Jul
    Posts
    21
    Thanks Thanks Given 
    1
    Thanks Thanks Received 
    3
    Thanked in
    2 Posts
    Rep Power
    0
    Wow thats pretty cool done . But is the way via Patterns not a bit easyer? How robust is the code, i mean does it break easyer than a pattern for ida or ollydbg?

Similar Threads

  1. [Release] AutoIt Offset Finder + Source
    By MrSmith in forum Perfect World
    Replies: 5
    Last Post: 2013-09-26, 06:01 PM
  2. [Tutorial] Game Hacking for beginner, Video + Source Code
    By Dwar in forum Game Researching Tutorials
    Replies: 8
    Last Post: 2013-03-13, 09:39 AM
  3. [C++] Game Making Tutorial Videos + Source Code
    By Dwar in forum C/C++
    Replies: 4
    Last Post: 2012-05-22, 12:35 PM
  4. [Bot] Jade Dynasty Auto-Potter + Source code
    By Dwar in forum Jade Dynasty
    Replies: 1
    Last Post: 2011-11-02, 10:17 AM
  5. Question about tracing source code to memory
    By Bloapie in forum General Game Research
    Replies: 1
    Last Post: 2010-10-19, 09:41 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •