Hey, if i want to add say a Normal Item - Gold ring, how do i do to add it?
Thanks in advance
Hey, if i want to add say a Normal Item - Gold ring, how do i do to add it?
Thanks in advance
Can't launch any file:
What's wrong? Libraries was installed.
Hi,
Thanks for the share SKU.
I've produced some utility code for this script ; I wanted something which retrieve the adresses of breakpoints, even after new patch so I can update it myself
Here my work : http://spl3en.alwaysdata.net/src/C/P...fsetFinder.exe
And the source : http://spl3en.alwaysdata.net/src/C/P...tFinder/main.c
It will automatically overwrites the addresses BP0, BP1 and BP2 in the file "ItemAlertPoE.py" with the new ones if the exe is in the same folder than the executable
A bit explaination about where I put the breakpoints (more details in the source)
Code:015486B6 ¦ · 53 push ebx ; +> Arg4 : _In_ int flags 015486B7 ¦ · 50 push eax ; ¦ Arg3 : _In_ int len 015486B8 ¦ · 8D8431 980002 lea eax, [esi+ecx+20098] ; ¦ 015486BF ¦ · 8B0E mov ecx, [dword ds:esi] ; ¦ BP1 -> 015486C1 ¦ · 50 push eax ; ¦ Arg2 : _Out_ char *buf <- get_eax = char *buf 015486C2 ¦ · 51 push ecx ; ¦ Arg1 : _In_ SOCKET s 015486C3 ¦ · FF15 B0898801 call [dword ds:<&WS2_32.#16>] ; +> WS2_32.recv BP0 -> 015486C9 ¦ · 8BF8 mov edi, eax <- get_eax = bytes_readen [...] 0154870D ¦ · FFD2 call edx <- Arg2 is unserialized [...] 01548730 ¦ · 5B pop ebx BP2 -> 01548731 +>· C3 retn <- We wait until the end of the function to get Arg2
shogo : nothing wrong, just doubleclick on your ItemAlertPoE.py
If it doesn't work, open a new cmd.exe shell, type "python " then drag&drop your ItemAlertPoE.py so you ask to your python to launch this file.
Last edited by Spl3en; 03-25-2013 at 06:23 AM.
Hi,
Quick question - after I used Finder it deleted everything in my ItemAlertPoE.py file and writes only one line: "xCO"
Any idea how to fix it?
Btw, program is finding addresses before it corupts the ItemAlertPoE.py, so I took addresses and manually wrote it to the ItemAlertPoE.py, but it didn't help - not catching anyhting. I removed "_filterItems = True" line to see all the droped objects - didn't help.
Last edited by vitek; 03-24-2013 at 07:48 AM.
Hi, thanks for the bug reporting vitek.
Erm... I'm confused, I've already got that bug, but I hadn't time to see where it comes from ;Quick question - after I used Finder it deleted everything in my ItemAlertPoE.py file and writes only one line: "xCO"
My guess is that the string research fails and it overwrites with junk data (it searchs for the strings : "BP0 = ", "BP1 = " and BP2 = ".
I will add some piece of code to handle that error and prevents the code from erasing the ItemAlertPoe.py content.
There, I've updated the code slightly to check that case : (the exe has been updated aswell)
http://spl3en.alwaysdata.net/src/C/P...tFinder/main.c
Alright, I guess I will need to do more testing, it works fine on my computerbut it didn't help - not catching anyhting.
It's really weird because if it catch something, it's supposed to work... Please make sure you didn't modify anything in ItemAlertPoE.py except the addresses, it's my only one advice for the moment until it is fixed
Last edited by Spl3en; 03-24-2013 at 01:10 PM.
Please update; BP2 has been fixed
I hope it will fix the problem (still not sure why BP2 refused to breakpoint, but the new BP2 should be better, i've placed it right after the call edx)
Index of /src/C/PoeOffsetFinder
EDIT : It should work perfectly now! Tested on multiple configurations.
It's not going to work with BP2 = BP1 + 2 ; The unserialize function is at BP0 + 0x4C (call edx), you have to breakpoint somewhere after this instructionI have checked as well this option:
BP0 = 0x001D86C9
BP1 = 0x001D86C1
BP2 = PB1 + 2
Both didn't work )
Last edited by Spl3en; 03-24-2013 at 03:02 PM.
Could you paste the content of your log.txt with the new addresses ? I would like to see the instructions at the new breakpoints adresses
I got that for comparison :
========================================
Started ItemAlertPoE version 20130319a at 2013-03-24 20:20:51.125000.
Python version: sys.version_info(major=2, minor=7, micro=3, releaselevel='final', serial=0)
"Client.exe" processes found: [4372L]
Base address: 0x012c0000
bp0: 0x014986c9: mov edi,eax
bp1: 0x014986c1: push eax
bp2: 0x0149870f: mov eax,[esi+0x54]
Starting main loop.
Detected item drop: Scroll of Wisdom (id=0x50880baf)
Last edited by Spl3en; 03-24-2013 at 03:33 PM.
Here we go, thanks!
Started ItemAlertPoE version 20130319a at 2013-03-24 22:20:09.128000.
Python version: sys.version_info(major=2, minor=7, micro=3, releaselevel='final', serial=0)
"Client.exe" processes found: [3980L]
Base address: 0x00b30000
bp0: 0x009086c9: Unable to disassemble at 009086c9
bp1: 0x009086c1: Unable to disassemble at 009086c1
bp2: 0x0090870f: Unable to disassemble at 0090870f
<class 'pydbg.pdx.pdx'>
()
Failed setting breakpoint at 009086c9
Traceback (most recent call last):
File "itemalertpoe.py", line 149, in run
self.dbg.bp_set(ItemAlert.BP0, handler=self.grabPacketSize)
File "C:\Python27\lib\site-packages\pydbg\pydbg.py", line 568, in bp_set
raise pdx("Failed setting breakpoint at %08x" % address)
pdx: Failed setting breakpoint at 009086c9
Starting main loop.
That's not normal :Base address: 0x00b30000
bp0: 0x009086c9: Unable to disassemble at 009086c9
The breakpoints values are supposed to be :
BP0 = 0x001d86c9 + BaseAddress
BP0 = 0x001d86c9 + 0x00b30000
BP0 = 0x00D086C9 for your particular case
So I don't know why your script tries to breakpoint at 0x009086c9 ?
Please make sure you're using an original ItemAlertPoe.py
I'm using this one : http://pastebin.com/17Hk28QM
EDIT : Okay, my bad. I was using an "outdated" ItemAlertPoE.py, I can reproduce your bugs with the '0.10.3c' on github.
I'm fixing it
Last edited by Spl3en; 03-24-2013 at 04:07 PM.
Thank you, I've finally discovered what's wrong :
1) I've definitely fixed the problem with the file erased
2) I know why your addresses where incorrect : You copy-pasted the output of the console which was :
BP0 = 0x001d86c9 #(0x004a86c9)
BP1 = 0x001d86c1 #(0x004a86c1)
BP2 = 0x001d870f #(0x004a870f)
But in fact it must be :
BP0 = 0x001d86c9 + 0x00400000 #(0x004a86c9)
BP1 = 0x001d86c1 + 0x00400000 #(0x004a86c1)
BP2 = 0x001d870f + 0x00400000 #(0x004a870f)
I've fixed the output of the console log so the + 0x00400000 appears
New version updated !
Index of /src/C/PoeOffsetFinder
Thank you for testing it vitekthanks a lot for the help!!!
Last edited by Spl3en; 03-24-2013 at 04:29 PM.
Wow, that's pretty amazing too.
I tried compiling the main.c myself to see if I could try to learn from it but I get the error undefined reference to many functions in memblock / memproc files. Is there something I am missing?
The current files linked are Memchunk, memproc, win32 tools, ztring and bbqueue. Thanks!