ofLight Posted August 30, 2007 Posted August 30, 2007 Several people have asked me for an example of howto use Pixelchecksum on a GameGuard protected game without having to run it in a VM. Although I stand by my Opinion that running these games in a VM is the easyer and much more effecient way to go, the following methode doesnt require any external software. This code was ripped from my 2moons Mobb hunter so its VERY ugly, and I just briefly tested it to verify functionality. The main purpose is to demonstrate the Steps needed and basic components. Note 1. This script is set to search the current active window, given the steps needed for use it is MUCH faster to specify a Smaller area within a window. Note 2. You can also use other file formats other than BMP. I mainly use BMP because It is the most consistent, however I have also Tried jpeg successfully. Jpeg is significantly faster than BMP, but getting a valid Checksum is difficult with the Standard "PixelCheckSum". expandcollapse popup#include<array.au3> ;#include<PixelCheckSumFindAll.au3> #Include<GUIConstants.au3> #include<misc.au3> #include<string.au3> #include<A3LScreenCap.au3> #include<IE.au3> Opt("PixelCoordMode", 0);1=absolute & Default, 0=relative, 2=client area ;Set CoOrds relative to Window not screen Opt("MouseCoordMode", 0) HotKeySet("`","_Go") HotKeySet("~","_record") HotKeySet('{esc}', '_Exit') Local $msg = "Press Shift+tilde to Record "&@LF&"Press tilde to Find "&@LF&"info saved in NoMia.ini" Local $xy,$currentpixel,$FileBMP = ".\Render.bmp",$IniFile = ".\NoMIA.ini" _initialize($IniFile) While 1 $xy = MouseGetPos() $currentpixel = PixelGetColor($xy[0],$xy[1]) ToolTip("Pixel color = " & $currentpixel & @LF & $msg) Sleep(100) WEnd Func _Go() $pixel = Int(IniRead($IniFile,"Rec1","PixelColor","-1")) $chksum = Int(IniRead($IniFile,"Rec1","PixelCheckSum","-1")) $WinLoc = WinGetPos("") _ScreenCap_Capture($FileBMP, $WinLoc[0], $WinLoc[1],$WinLoc[0]+$WinLoc[2],$WinLoc[1]+$WinLoc[3]) ;Create Image _RenderImg($FileBMP, $WinLoc[0], $WinLoc[1]) ;Render Image $WinLoc = WinGetPos(" Render VD") $Array = _PixelCheckSumFindAll( $pixel, $chksum, 5, 5, 5, 5, 0, 0, $WinLoc[2], $WinLoc[3]) ;Find in Image GUISetState(@SW_HIDE) For $i = 1 to $Array[0][0] ;Demonstrate Found locations MouseMove($Array[$i][0],$Array[$i][1], 10) MouseClick("Left") Next _ArrayDisplay($Array) EndFunc Func _record() IniWrite($IniFile,"Rec1","PixelColor",$currentpixel) Local $chksum = PixelChecksum($xy[0]-5, $xy[1]-5, $xy[0]+5, $xy[1]+5) IniWrite($IniFile,"Rec1","PixelCheckSum",$chksum) ToolTip(' '&@CRLF&' SAVED '&@CRLF&' ') Sleep(500) EndFunc Func _Exit() ToolTip(' '&@CRLF&' EXITING '&@CRLF&' ') Sleep(500) Exit EndFunc Func _initialize($IniFile) ;For $i = 0 to 9 $val01 = IniRead($IniFile, "Rec1","PixelColor", -1) $val02 = IniRead($IniFile, "Rec1","PixelCheckSum", -1) $val03 = IniRead($IniFile, "Rec1","Left_SerchArea", -1) $val04 = IniRead($IniFile, "Rec1","Top_SerchArea", -1) $val05 = IniRead($IniFile, "Rec1","Right_SerchArea", -1) $val06 = IniRead($IniFile, "Rec1","Bottom_SerchArea", -1) If $val01 = -1 then IniWrite($IniFile, "Rec1","PixelColor", "0") If $val02 = -1 then IniWrite($IniFile, "Rec1","PixelCheckSum", "0") If $val03 = -1 then IniWrite($IniFile, "Rec1","Left_SerchArea", "0") If $val04 = -1 then IniWrite($IniFile, "Rec1","Top_SerchArea", "0") If $val05 = -1 then IniWrite($IniFile, "Rec1","Right_SerchArea", "100") If $val06 = -1 then IniWrite($IniFile, "Rec1","Bottom_SerchArea", "100") ;Next EndFunc Func _RenderImg($FileBMP, $x, $y) $size = _ImageGetSize($FileBMP) ; 0 = width, 1 = height $Form1 = GUICreate(" Render VD", $size[0], $size[1], $x, $y, $WS_POPUP) GUICtrlCreatePic($FileBMP,0,0,$size[0],$size[1]) GUISetState(@SW_SHOW) EndFunc ;=============================================================================== ; Function Name: _PixelCheckSumFindAll ; Description: Finds all instances of Checksum within a given area and returns array with Total and all locations X and Y. ; Parameters: $Pixel Colour value of pixel to find (in decimal or hex). ; $chksum Previously generated checksum value of the region per(PixelChecksum) ; $CS_l left coordinate of rectangle. (amount to subtract) ; $CS_t Top coordinate of rectangle. (amount to subtract) ; $CS_r Right coordinate of rectangle. (amount to add) ; $CS_b Bottom coordinate of rectangle. (amount to add) ; $SB_l left coordinate of total area to search. Default is 0 (far left side of screen) ; $SB_t top coordinate of total area to search. Default is 0 (top most Side of screen) ; $SB_r Right coordinate of total area to search. Default is @DesktopWidth (Far Right side of screen) ; $SB_b Bottom coordinate of total area to search. Default is @DesktopHeight (Bottom most side of screen) ; Syntax: _PixelCheckSumFindAll($pixel, $chksum, $CS_l, $CS_t, $CS_r, $CS_b[, $SB_l, $SB_t, $SB_r, $SB_b]) ; Author(s): ofLight ; Returns: $Array[0][0] = 0 on failure, $Array on success ;=============================================================================== Func _PixelCheckSumFindAll($pixel,$chksum,$CS_l,$CS_t,$CS_r,$CS_b,$SB_l=0,$SB_t=0,$SB_r=@DesktopWidth,$SB_b=@DesktopHeight) $SB_b_Max = $SB_b $SB_l_Max = $SB_l Dim $Array[2][2] $Array[0][0] = "0" $Count = "0" While 1 $xy = PixelSearch($SB_l,$SB_t,$SB_r,$SB_b,$pixel, 0) If @error And $SB_b = $SB_b_Max Then SetError(1) Return $Array ElseIf @error Then $SB_t = $SB_b + 1 $SB_b = $SB_b_Max $SB_l = $SB_l_Max ElseIf $chksum = PixelCheckSum($xy[0]-$CS_l, $xy[1]-$CS_t, $xy[0]+$CS_r, $xy[1]+$CS_B) Then $Count = $Count+1 $Array[0][0] = $Count ReDim $Array[$Count+1][2] $Array[$Count][0] = $xy[0] $Array[$Count][1] = $xy[1] $SB_t = $xy[1] $SB_b = $SB_t $SB_l = $xy[0] + 1 Else $SB_t = $xy[1] $SB_b = $SB_t $SB_l = $xy[0] + 1 EndIf WEnd EndFunc ;========================== Render Image Specific ========================== Func _GUICtrlCreateGIF($gif, $x = 0, $y = 0, $border = 0) Local $oIE, $GUIActiveX Local $a_sizes = _ImageGetSize($gif) ; 0 = width, 1 = height $oIE = ObjCreate("Shell.Explorer.2") $GUIActiveX = GUICtrlCreateObj($oIE, $x, $y, $a_sizes[0], $a_sizes[1]) $oIE.navigate ("about:blank") While _IEPropertyGet($oIE, "busy") Sleep(100) WEnd $oIE.document.body.background = $gif $oIE.document.body.scroll = "no" If $border = 0 Then $oIE.document.body.style.border = "0px" Return $oIE EndFunc Func _ImageGetSize($sFile) Local $sHeader = _FileReadAtOffsetHEX($sFile, 1, 24); Get header bytes Local $asIdent = StringSplit("FFD8 424D 89504E470D0A1A 4749463839 4749463837 4949 4D4D", " ") Local $anSize = "" For $i = 1 To $asIdent[0] If StringInStr($sHeader, $asIdent[$i]) = 1 Then Select Case $i = 1; JPEG $anSize = _ImageGetSizeJPG($sFile) ExitLoop Case $i = 2; BMP $anSize = _ImageGetSizeSimple($sHeader, 19, 23, 0) ExitLoop EndSelect EndIf Next If Not IsArray($anSize) Then SetError(1) Return ($anSize) EndFunc Func _ImageGetSizeSimple($sHeader, $nXoff, $nYoff, $nByteOrder) Local $anSize[2] $anSize[0] = _Dec(StringMid($sHeader, $nXoff * 2 - 1, 4), $nByteOrder) $anSize[1] = _Dec(StringMid($sHeader, $nYoff * 2 - 1, 4), $nByteOrder) Return ($anSize) EndFunc Func _FileReadAtOffsetHEX($sFile, $nOffset, $nBytes) Local $hFile = FileOpen($sFile, 0) Local $sTempStr = "" FileRead($hFile, $nOffset - 1) For $i = $nOffset To $nOffset + $nBytes - 1 $sTempStr = $sTempStr & Hex(Asc(FileRead($hFile, 1)), 2) Next FileClose($hFile) Return ($sTempStr) EndFunc Func _Dec($sHexStr, $nByteOrder) If $nByteOrder Then Return (Dec($sHexStr)) Local $sTempStr = "" While StringLen($sHexStr) > 0 $sTempStr = $sTempStr & StringRight($sHexStr, 2) $sHexStr = StringTrimRight($sHexStr, 2) WEnd Return (Dec($sTempStr)) EndFunc Func _ImageGetSizeJPG($sFile) Local $anSize[2], $sData, $sSeg, $nFileSize, $nPos = 3 $nFileSize = FileGetSize($sFile) While $nPos < $nFileSize $sData = _FileReadAtOffsetHEX($sFile, $nPos, 4) If StringLeft($sData, 2) = "FF" Then; Valid segment start If StringInStr("C0 C2 CA C1 C3 C5 C6 C7 C9 CB CD CE CF", StringMid($sData, 3, 2)) Then; Segment with size data $sSeg = _FileReadAtOffsetHEX($sFile, $nPos + 5, 4) $anSize[1] = Dec(StringLeft($sSeg, 4)) $anSize[0] = Dec(StringRight($sSeg, 4)) Return ($anSize) Else $nPos = $nPos + Dec(StringRight($sData, 4)) + 2 EndIf Else ExitLoop EndIf WEnd Return ("") EndFunc There is always a butthead in the crowd, no matter how hard one tries to keep them out.......Volly
ofLight Posted September 17, 2007 Author Posted September 17, 2007 (edited) Per Several Requests, I am posting this here. I will update it to my Current working version as soon as I am able to access the box that has it. previous versions download total:25 Version 1.0.0.8 Example Use: expandcollapse popup#include<oL.au3> HotKeySet("`","_Find") ;Press tilde to Find All HotKeySet("~","_Record") ;Press Shift+tilde to Record HotKeySet('{esc}', '_Exit') Global $currentpixel,$xy ;_PixelShow_Virtual() While 1 $xy = MouseGetPos() $currentpixel = PixelGetColor($xy[0],$xy[1]) ToolTip("Test Waiting") Sleep(100) WEnd Func _Find() $Pixel = IniRead(".\Data.ini","Main","PixelColor",0) $chksum = IniRead(".\Data.ini","Main","PixelCheckSum",0) $coord = _PixelCheckSumFindAll_Virtual($Pixel, $chksum, 5, 5, 5, 5,0,0, 1680, 1050) If IsArray($coord) Then ;_ArrayDisplay($coord) For $i = 1 to $coord[0][0] mousemove($coord[$i][0],$coord[$i][1],20) Next EndIF EndFunc Func _Record() $chksum = _PixelCheckSumRecord_Virtual($xy[0]-5, $xy[1]-5, $xy[0]+5, $xy[1]+5) IniWrite(".\Data.ini","Main","PixelColor",$currentpixel) IniWrite(".\Data.ini","Main","PixelCheckSum",$chksum) EndFunc Func _Exit() ToolTip(' '&@CRLF&' EXITING '&@CRLF&' ') Sleep(500) Exit EndFunc Edited September 19, 2007 by ofLight There is always a butthead in the crowd, no matter how hard one tries to keep them out.......Volly
WolfWorld Posted September 17, 2007 Posted September 17, 2007 NIce Main project - Eat Spaghetti - Obfuscate and Optimize your script. The most advance add-on.Website more of GadGets!
WeMartiansAreFriendly Posted September 17, 2007 Posted September 17, 2007 (edited) I've never heard of "gameguard" But I looked it up and It sounds pretty nasty, glad you found a way to bypass it with Autoit. Although I wont find much use out of since I play simple freeware games Edited September 17, 2007 by mrRevoked Don't bother, It's inside your monitor!------GUISetOnEvent should behave more like HotKeySet()
BillLuvsU Posted September 17, 2007 Posted September 17, 2007 (edited) Good stuff mate! *implements into Gunbound Aimbot* LETS ROLL! And please explain to me what you mean by running it in a virtual machine? Edit: Also if you have a technique for bypassing the Send command, I will love you forever. =] Edited September 17, 2007 by fear1313 [center][/center]Working on the next big thing.Currently Playing: Halo 4, League of LegendsXBL GT: iRememberYhslaw
ofLight Posted September 18, 2007 Author Posted September 18, 2007 @fear1313 thanks for the comments Fear. Up until this current build, to bypass gameguard I would simple use VMWare to run the Game. I would then run my script on the hostbox. Which allowed me to use Pixel recognition commands on Any game because they wouldn't be reading the Pixels directly from the game but would be reading them from VMware. However useing PaulIA's partial screencap function as a method of quickly Rendering an image and then Reading it with Pixelsearch, this is no longer necessary. I have never seen the need to Bypass the Send command in ANY game. Usually if you have a program that is not responding to sends its a simple matter of increasing the Key down delay to something greater than the default. Opt("SendKeyDownDelay",20) There is always a butthead in the crowd, no matter how hard one tries to keep them out.......Volly
BillLuvsU Posted September 19, 2007 Posted September 19, 2007 Really? I thought GG blocked key press simulation requests to user32.dll, or whatever. IDK, been a while since my "hacking" days. =] [center][/center]Working on the next big thing.Currently Playing: Halo 4, League of LegendsXBL GT: iRememberYhslaw
DesireDenied Posted September 19, 2007 Posted September 19, 2007 (edited) Several people have asked me for an example of howto use Pixelchecksum on a GameGuard protected game without having to run it in a VM. Although I stand by my Opinion that running these games in a VM is the easyer and much more effecient way to go, the following methode doesnt require any external software.would you explain this idea?i mean, is there any way how to launch/run a game with out VM Station? Edited September 19, 2007 by DesireDenied
ofLight Posted September 19, 2007 Author Posted September 19, 2007 (edited) would you explain this idea?i mean, is there any way how to launch/run a game with out VM Station?ok Desire I posted an updated version of ol.au3 and an example use above. Simply start your game, then run the Example and you will be able to record and then find checksums directly from the game, no need for VMWare anymore.Really? I thought GG blocked key press simulation requests to user32.dll, or whatever.The Newest game I am aware of that uses GG is 2moons and it responds to Sends and Mouseclicks with no issues. As well as all previous games I have tested. Edited September 19, 2007 by ofLight There is always a butthead in the crowd, no matter how hard one tries to keep them out.......Volly
Manalessar Posted September 22, 2007 Posted September 22, 2007 ok Desire I posted an updated version of ol.au3 and an example use above. Simply start your game, then run the Example and you will be able to record and then find checksums directly from the game, no need for VMWare anymore.The Newest game I am aware of that uses GG is 2moons and it responds to Sends and Mouseclicks with no issues. As well as all previous games I have tested.Hmm i run your example and it works(i downloaded older client to install librarys needed in that script). But i dont know how to send a key for ex. "C" to the game? Where i must put send command? Do i need to record(tilda or shift tilda??) and then do smth? Ill be thankfull for fast answer
ofLight Posted September 24, 2007 Author Posted September 24, 2007 Hmm i run your example and it works(i downloaded older client to install librarys needed in that script). But i dont know how to send a key for ex. "C" to the game? Where i must put send command? Do i need to record(tilda or shift tilda??) and then do smth? Ill be thankfull for fast answerHay Manalessar, Sorry for the delayed response, I dont usually check the forums during the weekend.I am not sure I understand your question, but the above script is not meant to be a stand alone "bot", it is meant to show you an easy way to implement the functionality within your own script. If you have a script you are having trouble incorporating oL.au3 into, post it here and I will do my best to help. There is always a butthead in the crowd, no matter how hard one tries to keep them out.......Volly
DesireDenied Posted September 25, 2007 Posted September 25, 2007 I have never seen the need to Bypass the Send command in ANY game. Usually if you have a program that is not responding to sends its a simple matter of increasing the Key down delay to something greater than the default.lil of topic from my side but SOMEHOW increasing opt KeyDownDelay doesn't work for me in ANY game i've tested today.(KalOnline - HackShield)(SilkRoad - GameGuard)(2Moons - GameGuard)strange thing imho
ofLight Posted September 25, 2007 Author Posted September 25, 2007 Im not sure about KalOnline, but I have working Scripts for both Silkroad and 2moons, so I am certain AutoIt basic "send("{SPACE}")" type commands work with no issues. If you will post your code maybe we can Narrow down the Issue. If you have doubts about weather you can get direct "sends" to work, i would suggest creating as simple a script as possible and working up from there. There is always a butthead in the crowd, no matter how hard one tries to keep them out.......Volly
brandonlooi Posted September 25, 2007 Posted September 25, 2007 so it means it worked? wow thanks ! but how i use this lol!! XD new to autoit hehe
Gyro Posted October 1, 2007 Posted October 1, 2007 Im not sure about KalOnline, but I have working Scripts for both Silkroad and 2moons, so I am certain AutoIt basic "send("{SPACE}")" type commands work with no issues. If you will post your code maybe we can Narrow down the Issue. If you have doubts about weather you can get direct "sends" to work, i would suggest creating as simple a script as possible and working up from there.Well as of today I think GG is blocking Send commands (at least for 2 moons). I was able to use Ctrl Send and mouse clicks just fine and they updated GG this morning and they no longer work. Any ideas on how to get around that?
SXGuy Posted October 2, 2007 Posted October 2, 2007 Gamegaurd blocks all send commands, regardless. All api's are hooked. However there are PostMessage work arounds This isnt a bypass as such, but more of a work around. This method takes a "snapshot" of the current screen and then uses pixelchecksum, whereas if you were to just use pixelchecksum on the current window, it would not work. GameGaurd does nothing to stop a render of the window, which is why this is a "quick fix of sorts"
Richard Robertson Posted October 2, 2007 Posted October 2, 2007 GameGuard is rather advanced. There is one failsafe workaround that I have discovered though. Don't bother asking me for it, I'm just saying that it is there.
AgentSmith15 Posted October 26, 2007 Posted October 26, 2007 (edited) You can still send keys to games protected with GG. *Hint* Use On-Screen Keyboard and AutoIt Question, does anyone know if GG blocks all API calls or just calls that interfere with the game. A user in the AHK forums found a way to bypass GG when he sets the OSK to "Hover to select". Edited October 26, 2007 by AgentSmith15 [center][/center]
ofLight Posted November 1, 2007 Author Posted November 1, 2007 Hay Agentsmith, Can I get alittle more info on what onscreen keyboard you have used? are you useing the Default Windows? and if so what version of windows? or are you useing some other software? Thanks There is always a butthead in the crowd, no matter how hard one tries to keep them out.......Volly
BillLuvsU Posted November 1, 2007 Posted November 1, 2007 OMG, thats genius in it's simplicity! Why did I never think of this? But wait, GG hooks all API calls, so won't any attempt to manipulate the keyboard be blocked as well? o_0 Anyways, has this pixel function been patched yet? If not I'll make a quick "proof of concept" bot. And to say GG is "fairly" advanced is the understatment of the year. This thing is the Jane of the software industry. (Ender's Game reference) [center][/center]Working on the next big thing.Currently Playing: Halo 4, League of LegendsXBL GT: iRememberYhslaw
Recommended Posts