[Source] Basic Item Alerter

[corz]

Hey, if i want to add say a Normal Item - Gold ring, how do i do to add it?
Thanks in advance

[shogo]

Can't launch any file:

What's wrong? Libraries was installed.

[Spl3en]

Hi,
Thanks for the share SKU.

I've produced some utility code for this script ; I wanted something which retrieve the adresses of breakpoints, even after new patch so I can update it myself
Here my work : http://spl3en.alwaysdata.net/src/C/P...fsetFinder.exe
And the source : http://spl3en.alwaysdata.net/src/C/P...tFinder/main.c

It will automatically overwrites the addresses BP0, BP1 and BP2 in the file "ItemAlertPoE.py" with the new ones if the exe is in the same folder than the executable

A bit explaination about where I put the breakpoints (more details in the source)

Code:

       015486B6  ¦ ·  53            push ebx                       ; +> Arg4 : _In_ int flags
       015486B7  ¦ ·  50            push eax                       ; ¦  Arg3 : _In_ int len
       015486B8  ¦ ·  8D8431 980002 lea eax, [esi+ecx+20098]       ; ¦
       015486BF  ¦ ·  8B0E          mov ecx, [dword ds:esi]        ; ¦
BP1 -> 015486C1  ¦ ·  50            push eax                       ; ¦  Arg2 : _Out_ char *buf <- get_eax = char *buf
       015486C2  ¦ ·  51            push ecx                       ; ¦  Arg1 : _In_ SOCKET s
       015486C3  ¦ ·  FF15 B0898801 call [dword ds:<&WS2_32.#16>]  ; +> WS2_32.recv
BP0 -> 015486C9  ¦ ·  8BF8          mov edi, eax     <- get_eax = bytes_readen
[...]
       0154870D  ¦ ·  FFD2          call edx  <- Arg2 is unserialized
[...]
       01548730  ¦ ·  5B            pop ebx
BP2 -> 01548731  +>·  C3            retn  <- We wait until the end of the function to get Arg2

shogo : nothing wrong, just doubleclick on your ItemAlertPoE.py
If it doesn't work, open a new cmd.exe shell, type "python " then drag&drop your ItemAlertPoE.py so you ask to your python to launch this file.

[vitek]

Hi,
Thanks for share SKU.

I've produced some utility code for this script ; I wanted something which retrieve the adresses of breakpoints, even after new patch so I can update it myself
Here my work : http://spl3en.alwaysdata.net/src/C/P...fsetFinder.exe
And the source : http://spl3en.alwaysdata.net/src/C/P...tFinder/main.c

It will automatically overwrites the addresses BP0, BP1 and BP2 in the file "ItemAlertPoE.py" with the new ones if the exe is in the same folder than the executable

Hi,

Quick question - after I used Finder it deleted everything in my ItemAlertPoE.py file and writes only one line: "xCO"

Any idea how to fix it?

Btw, program is finding addresses before it corupts the ItemAlertPoE.py, so I took addresses and manually wrote it to the ItemAlertPoE.py, but it didn't help - not catching anyhting. I removed "_filterItems = True" line to see all the droped objects - didn't help.

[Spl3en]

Hi, thanks for the bug reporting vitek.

Quick question - after I used Finder it deleted everything in my ItemAlertPoE.py file and writes only one line: "xCO"

Erm... I'm confused, I've already got that bug, but I hadn't time to see where it comes from ;
My guess is that the string research fails and it overwrites with junk data (it searchs for the strings : "BP0 = ", "BP1 = " and BP2 = ".

I will add some piece of code to handle that error and prevents the code from erasing the ItemAlertPoe.py content.
There, I've updated the code slightly to check that case : (the exe has been updated aswell)
http://spl3en.alwaysdata.net/src/C/P...tFinder/main.c

but it didn't help - not catching anyhting.

Alright, I guess I will need to do more testing, it works fine on my computer
It's really weird because if it catch something, it's supposed to work... Please make sure you didn't modify anything in ItemAlertPoE.py except the addresses, it's my only one advice for the moment until it is fixed

[vitek]

Hi, thanks for the bug reporting vitek.

Alright, I guess I will need to do more testing, it works fine on my computer
It's really weird because if it catch something, it's supposed to work... Please make sure you didn't modify anything in ItemAlertPoE.py except the addresses, it's my only one advice for the moment until it is fixed

Hey, thanks for the replay!

I have checked addresses with a buddy - he got the same addresses:

BP0 = 0x001D86C9
BP1 = 0x001D86C1
BP2 = 0x001D872E

I have checked as well this option:

BP0 = 0x001D86C9
BP1 = 0x001D86C1
BP2 = PB1 + 2

Both didn't work )

[Spl3en]

Please update; BP2 has been fixed
I hope it will fix the problem (still not sure why BP2 refused to breakpoint, but the new BP2 should be better, i've placed it right after the call edx)
Index of /src/C/PoeOffsetFinder
EDIT : It should work perfectly now! Tested on multiple configurations.

I have checked as well this option:

BP0 = 0x001D86C9
BP1 = 0x001D86C1
BP2 = PB1 + 2

Both didn't work )

It's not going to work with BP2 = BP1 + 2 ; The unserialize function is at BP0 + 0x4C (call edx), you have to breakpoint somewhere after this instruction

[vitek]

Please update; BP2 has been fixed
I hope it will fix the problem (still not sure why BP2 refused to breakpoint, but the new BP2 should be better, i've placed it right after the call edx)
Index of /src/C/PoeOffsetFinder
EDIT : It should work perfectly now! Tested on multiple configurations.



It's not going to work with BP2 = BP1 + 2 ; The unserialize function is at BP0 + 0x4C (call edx), you have to breakpoint somewhere after this instruction

Hi,

Still killing my .py file, wrote manually - not registering even with "# _filterItems = True"

P.S. Is finding a new BP2, which is : 0x001D870F now

[Spl3en]

Could you paste the content of your log.txt with the new addresses ? I would like to see the instructions at the new breakpoints adresses

I got that for comparison :

========================================
Started ItemAlertPoE version 20130319a at 2013-03-24 20:20:51.125000.
Python version: sys.version_info(major=2, minor=7, micro=3, releaselevel='final', serial=0)
"Client.exe" processes found: [4372L]
Base address: 0x012c0000
bp0: 0x014986c9: mov edi,eax
bp1: 0x014986c1: push eax
bp2: 0x0149870f: mov eax,[esi+0x54]
Starting main loop.
Detected item drop: Scroll of Wisdom (id=0x50880baf)

[vitek]

Here we go, thanks!

Started ItemAlertPoE version 20130319a at 2013-03-24 22:20:09.128000.
Python version: sys.version_info(major=2, minor=7, micro=3, releaselevel='final', serial=0)
"Client.exe" processes found: [3980L]
Base address: 0x00b30000
bp0: 0x009086c9: Unable to disassemble at 009086c9
bp1: 0x009086c1: Unable to disassemble at 009086c1
bp2: 0x0090870f: Unable to disassemble at 0090870f
<class 'pydbg.pdx.pdx'>
()
Failed setting breakpoint at 009086c9
Traceback (most recent call last):
File "itemalertpoe.py", line 149, in run
self.dbg.bp_set(ItemAlert.BP0, handler=self.grabPacketSize)
File "C:\Python27\lib\site-packages\pydbg\pydbg.py", line 568, in bp_set
raise pdx("Failed setting breakpoint at %08x" % address)
pdx: Failed setting breakpoint at 009086c9
Starting main loop.

[Spl3en]

Base address: 0x00b30000
bp0: 0x009086c9: Unable to disassemble at 009086c9

That's not normal :
The breakpoints values are supposed to be :
BP0 = 0x001d86c9 + BaseAddress
BP0 = 0x001d86c9 + 0x00b30000
BP0 = 0x00D086C9 for your particular case

So I don't know why your script tries to breakpoint at 0x009086c9 ?
Please make sure you're using an original ItemAlertPoe.py
I'm using this one : http://pastebin.com/17Hk28QM


EDIT : Okay, my bad. I was using an "outdated" ItemAlertPoE.py, I can reproduce your bugs with the '0.10.3c' on github.
I'm fixing it

[vitek]

That's not normal :
The breakpoints values are supposed to be :
BP0 = 0x001d86c9 + BaseAddress
BP0 = 0x001d86c9 + 0x00b30000
BP0 = 0x00D086C9 for your particular case

So I don't know why your script tries to breakpoint at 0x009086c9 ?
Please make sure you're using an original ItemAlertPoe.py
I'm using this one : [Python] #!/usr/bin/env python # -*- coding: ISO-8859-1 -*- ''' sku wrote this progr - Pastebin.com


EDIT : Okay, my bad. I was using an outdated ItemAlertPoE.py (1.0.3g) .
I'm fixing it

Just downloaded your version and all is perfect! thanks a lot for the help!!!

[Spl3en]

Thank you, I've finally discovered what's wrong :

1) I've definitely fixed the problem with the file erased
2) I know why your addresses where incorrect : You copy-pasted the output of the console which was :
BP0 = 0x001d86c9 #(0x004a86c9)
BP1 = 0x001d86c1 #(0x004a86c1)
BP2 = 0x001d870f #(0x004a870f)

But in fact it must be :
BP0 = 0x001d86c9 + 0x00400000 #(0x004a86c9)
BP1 = 0x001d86c1 + 0x00400000 #(0x004a86c1)
BP2 = 0x001d870f + 0x00400000 #(0x004a870f)

I've fixed the output of the console log so the + 0x00400000 appears

New version updated !
Index of /src/C/PoeOffsetFinder

thanks a lot for the help!!!

Thank you for testing it vitek

[FattyXP]

Hi,
Thanks for the share SKU.

I've produced some utility code for this script ; I wanted something which retrieve the adresses of breakpoints, even after new patch so I can update it myself
Here my work : http://spl3en.alwaysdata.net/src/C/P...fsetFinder.exe
And the source : http://spl3en.alwaysdata.net/src/C/P...tFinder/main.c

It will automatically overwrites the addresses BP0, BP1 and BP2 in the file "ItemAlertPoE.py" with the new ones if the exe is in the same folder than the executable

A bit explaination about where I put the breakpoints (more details in the source)

Code:

       015486B6  ¦ ·  53            push ebx                       ; +> Arg4 : _In_ int flags
       015486B7  ¦ ·  50            push eax                       ; ¦  Arg3 : _In_ int len
       015486B8  ¦ ·  8D8431 980002 lea eax, [esi+ecx+20098]       ; ¦
       015486BF  ¦ ·  8B0E          mov ecx, [dword ds:esi]        ; ¦
BP1 -> 015486C1  ¦ ·  50            push eax                       ; ¦  Arg2 : _Out_ char *buf <- get_eax = char *buf
       015486C2  ¦ ·  51            push ecx                       ; ¦  Arg1 : _In_ SOCKET s
       015486C3  ¦ ·  FF15 B0898801 call [dword ds:<&WS2_32.#16>]  ; +> WS2_32.recv
BP0 -> 015486C9  ¦ ·  8BF8          mov edi, eax     <- get_eax = bytes_readen
[...]
       0154870D  ¦ ·  FFD2          call edx  <- Arg2 is unserialized
[...]
       01548730  ¦ ·  5B            pop ebx
BP2 -> 01548731  +>·  C3            retn  <- We wait until the end of the function to get Arg2

shogo : nothing wrong, just doubleclick on your ItemAlertPoE.py
If it doesn't work, open a new cmd.exe shell, type "python " then drag&drop your ItemAlertPoE.py so you ask to your python to launch this file.

Holy crap batman! Thanks for the nifty tool! +rep

[z77777]

Wow, that's pretty amazing too.

I tried compiling the main.c myself to see if I could try to learn from it but I get the error undefined reference to many functions in memblock / memproc files. Is there something I am missing?

The current files linked are Memchunk, memproc, win32 tools, ztring and bbqueue. Thanks!