def patch_origin_client(self):
origin = Client('Origin', 'Origin.exe', 'libeay32.dll', 'EVP_DigestVerifyFinal')
eadesktop = Client('EA Desktop', 'EADesktop.exe', 'libcrypto-1_1-x64.dll', 'EVP_DigestVerifyFinal')
client = origin
try:
client_process = Pymem(client.PROCESS_NAME)
except ProcessNotFound:
client = eadesktop
try:
client_process = Pymem(client.PROCESS_NAME)
except ProcessNotFound:
log.warning('Origin/EA Desktop process not found. Patching aborted')
return
if client_process.process_id == self.last_client_pid:
log.debug(f'{client.NAME} client is already patched')
return
log.info(f'Patching {client.NAME} client')
try:
dll_module = next(m for m in client_process.list_modules() if m.name.lower() == client.DLL_NAME)
except StopIteration:
log.error(f'{client.DLL_NAME} is not loaded. Patching aborted')
return
# The rest should complete without issues in most cases.
# Get the Export Address Table symbols
# noinspection PyUnresolvedReferences
dll_symbols = PE(dll_module.filename).DIRECTORY_ENTRY_EXPORT.symbols
# Get the symbol of the EVP_DigestVerifyFinal function
verify_func_symbol = next(s for s in dll_symbols if s.name.decode('ascii') == client.FUNCTION_NAME)
# Calculate the final address in memory
verify_func_addr = dll_module.lpBaseOfDll + verify_func_symbol.address
# Instructions to patch. We return 1 to force successful response validation.
patch_instructions = bytes([
0x66, 0xB8, 0x01, 0, # mov ax, 0x1
0xC3 # ret
])
client_process.write_bytes(verify_func_addr, patch_instructions, len(patch_instructions))
# Validate the written memory
read_instructions = client_process.read_bytes(verify_func_addr, len(patch_instructions))
if read_instructions != patch_instructions:
log.error('Failed to patch the instruction memory')
return
# At this point we know that patching was successful
self.last_client_pid = client_process.process_id
log.info(f'Patching {client.NAME} was successful')
def do_findinstances(self, class_name: str):
"""Find instances of a class"""
pm = Pymem("WizardGraphicalClient.exe")
finder = InstanceFinder(pm, class_name)
instances = self.run_coro(finder.get_instances(), None)
self.write(str(instances))
async def chaos_setup(self, ctx):
if ctx.author.is_mod:
try:
self.toggles = ''
p = Pymem('Game.exe')
base = p.process_base.lpBaseOfDll
pointer = base + 0x2F9464
val = p.read_int(pointer)
for i in (0x54, 0x688, 0x4, 0x44):
val = p.read_int(val + i)
reactions = p.read_float(val + 0x658) / 0.7
aggressivity = p.read_float(val + 0x660) / 0.6
intelligence = p.read_float(val + 0x664) / 0.8
sight = p.read_float(val + 0x66C)
for i in (reactions, aggressivity, intelligence, sight):
self.toggles += bin(int(round(i)))[2:].zfill(16)[::-1]
hearing = p.read_float(val + 0x670)
self.cooldown = floor(hearing / 1000)
self.duration = hearing - self.cooldown * 1000 - 100
if self.duration < 0:
print(
f'[ERROR] Chaos mod is disabled in-game, turn it on and run !csetup again'
)
else:
print(f'[INFO] Toggles set to: {self.toggles}')
print(f'[INFO] Cooldown set to: {self.cooldown}')
print(f'[INFO] Base duration set to: {self.duration}')
except ProcessNotFound:
print('[ERROR] Game is not running')
return
def __init__(self, path, executable, args):
Thread.__init__(self)
self.path = path
self.executable = executable
self.args = args
self.addresses = {}
self.isDarknetRunning = False
self.darknetProc = None
self.mw = Pymem()
self.objects = b'{}'
def do_findinstances(self, class_name: str):
"""Find instances of a class"""
if self.instance_finders.get(class_name):
finder = self.instance_finders[class_name]
else:
pm = Pymem("WizardGraphicalClient.exe")
finder = InstanceFinder(pm, class_name)
self.instance_finders[class_name] = finder
instances = self.run_coro(finder.get_instances(), None)
self.write(str(instances))
def position_tracker(points):
global INDEX
global CURRENT_POSITION
global CURRENT_POINT
INDEX = 0
pm = Pymem("XR_3DA.exe")
module_offset = utils.get_module_offset("xrGame.dll", pm)
CURRENT_POSITION = utils.data_from_game(pm, module_offset)
while INDEX < len(points):
CURRENT_POINT = tuple(points[INDEX])
CURRENT_POSITION = utils.data_from_game(pm, module_offset)
if (utils.on_point(game_data=CURRENT_POSITION, point=CURRENT_POINT)):
INDEX += 1
async def chaos_start(self, ctx):
if ctx.author.is_mod:
self.stopped = False
await ctx.send('Started Chaos Mod.')
print('[INFO] Started Chaos Mod')
try:
p = Pymem('Game.exe')
except ProcessNotFound:
print('[ERROR] Game is not running')
return
base = p.process_base.lpBaseOfDll
pointer = base + 0x2F9464
while not self.stopped:
if not self.queue:
effect = self.random_effects(1)[0]
else:
effect = self.queue[0]
self.queue.pop(0)
effect_id = float(effect['id'] * 0.008)
while not self.stopped:
await asyncio.sleep(0.25)
try:
inGame = p.read_int(base + 0x2F94BC)
if not inGame:
val = p.read_int(pointer)
for i in (0x54, 0x688, 0x4, 0x44):
val = p.read_int(val + i)
p.write_float(val + 0x674, effect_id)
if self.shared:
await ctx.send(f'Using effect: {effect_id}')
self.blocked.append(
(effect, datetime.now() +
timedelta(seconds=effect['duration'] *
self.duration * 15)))
self.new_poll = True
self.sleep_task = asyncio.create_task(
self.effect_cooldown(self.cooldown))
await asyncio.wait({self.sleep_task})
break
except:
print(
'[WARN] Couldn\'t inject. If your game crashed, use !cend, restart game, wait for "Ended Chaos" message, then !cstart'
)
await ctx.send('Ended Chaos.')
print('[INFO] Ended Chaos Mod')
async def event_ready(self):
print(f'[INFO] Reading from channel {self.channel}')
print(f'[INFO] Reacting to bot {self.bot_name}')
print(f'[INFO] Toggles: {self.toggles}')
print(f'[INFO] Duration: {self.duration}')
print(f'[INFO] Cooldown: {self.cooldown}')
print('[INFO] Started Chaos Mod')
print(
f'[WARN] Go to Vincenzo in the options map and set it to {self.duration}!'
)
try:
p = Pymem('Game.exe')
except ProcessNotFound:
print('[ERROR] Game is not running')
return
base = p.process_base.lpBaseOfDll
pointer = base + 0x2F9464
while True:
while not self.effect_id:
await asyncio.sleep(0.25)
while True:
await asyncio.sleep(0.25)
try:
inGame = p.read_int(base + 0x2F94BC)
if not inGame:
val = p.read_int(pointer)
for i in (0x54, 0x688, 0x4, 0x44):
val = p.read_int(val + i)
p.write_float(val + 0x674, self.effect_id)
self.effect_id = None
self.sleep_task = asyncio.create_task(
self.effect_cooldown(self.cooldown))
await asyncio.wait({self.sleep_task})
break
except:
print(
'[WARN] Couldn\'t inject. If your game crashed, use !cend, restart game, wait for "Ended Chaos" message, then !cstart'
)
print('[INFO] Ended Chaos Mod')
import time
import json
import pymem
import keys
import keyboard
import mouse
from pymem import Pymem
from math import acos, pi, sin, sqrt, isclose
"""попытка сделать идеальный лифт"""
if __name__ == "__main__":
pm = Pymem("XR_3DA.exe")
keys = keys.Keys()
module_offset = None
for i in list(pm.list_modules()):
if(i.name == "xrGame.dll"):
module_offset = i.lpBaseOfDll
plahka = False
points = None
with open("dataclean", mode="r") as file:
points = json.loads(file.read())
index = 0
for i in range(2):
print(i)
time.sleep(1)
keys.directKey("lctrl")
time.sleep(0.016)
keys.directKey("lshift")
time.sleep(0.016)
from pymem import Pymem
import os
import subprocess
notepad = subprocess.Popen(['notepad.exe'])
pm = Pymem('notepad.exe')
pm.inject_python_interpreter()
filepath = os.path.join(os.path.abspath('.'), 'pymem_injection.txt')
filepath = filepath.replace("\\", "\\\\")
shellcode = """
f = open("{}", "w+")
f.write("pymem_injection")
f.close()
""".format(filepath)
pm.inject_python_shellcode(shellcode)
notepad.kill()
temp = config.try_get(config_section_name, key)
if temp is None: return None
log("Load config:" + key)
return int(temp.lstrip('0x'), 16)
hs2int = lambda x: int(x.lstrip('0x'), 16)
def get_value(addr, length):
return int.from_bytes(pm.read_bytes(addr, length), byteorder='little')
pid = config.try_get(config_section_name, 'application_pid')
if pid is not None:
pm = Pymem()
log("Load config:" + 'application_pid')
pm.open_process_from_id(int(pid))
else:
pm = Pymem(
config.try_get(config_section_name, 'application_name')
or 'ffxiv_dx11.exe')
'''
progress_offset = get_config_hex('current_progress') or 0x1D51C8C
cp_offset = get_config_hex('player_cp') or 0x1D307B4
actor_table_offset = get_config_hex('actor_table') or 0x1d2cf20
'''
progress_offset = hs2int(client_offset['CurrentProgress'])
cp_offset = hs2int(client_offset['MaxCp'])
actor_table_offset = hs2int(client_offset['ActorTable'])
def SMIO_read():
try:
SHAR = Pymem('Simpsons.exe')
except:
return
SHAR = Pymem('Simpsons.exe')
SMIO_info = {}
SMIO_info['Version'] = Version = Versions_dict[SHAR.read_int(0x593FFF)]
def VersionSelect(ReleaseEnglishAddress, DemoAddress,
ReleaseInternationalAddress, BestSellerSeriesAddress):
if Version == "ReleaseEnglish":
return ReleaseEnglishAddress
if Version == "Demo":
return DemoAddress
if Version == "ReleaseInternational":
return ReleaseInternationalAddress
if Version == "BestSellerSeries":
return BestSellerSeriesAddress
def GameFlow():
return SHAR.read_int(
VersionSelect(0x6C9014, 0x6C8FD4, 0x6C8FD4, 0x6C900C))
GameStates = [
"PreLicence", "Licence", "MainMenu", "DemoLoading", "DemoInGame",
"BonusSetup", "BonusLoading", "BonusInGame", "NormalLoading",
"NormalInGame", "NormalPaused", "Exit"
]
def GameState(GameFlow):
if GameFlow == 0:
return 0
else:
return GameStates[SHAR.read_int(GameFlow + 0xC)]
SMIO_info['GameState'] = GameState = GameState(GameFlow())
def CharacterPosition(Character):
Offset = Character + 100
v = Vector((SHAR.read_float(Offset), SHAR.read_float(Offset + 4),
SHAR.read_float(Offset + 8)))
v.y, v.z = v.z, v.y
return v
def CharacterManager():
return SHAR.read_int(VersionSelect(7111792, 7111728, 7111728, 7111784))
def Characters(CharacterManager, Index):
return SHAR.read_int(CharacterManager + 192 + Index * 4)
def CharacterRotation(Character):
return SHAR.read_float(Character + 272)
def CharacterInCar(Character):
return SHAR.read_int(Character + 348) != 0
def CharacterName(CharacterManager, Index):
return SHAR.read_string(CharacterManager + 448 + Index * 64, 64)
def CharacterCar(Character):
return SHAR.read_int(Character + 348)
def CarPosRot(Car):
Offset = Car + 184
# m = [
# [SHAR.read_float(Offset), SHAR.read_float(Offset + 4), SHAR.read_float(Offset + 8), SHAR.read_float(Offset + 12)],
# [SHAR.read_float(Offset + 16), SHAR.read_float(Offset + 20), SHAR.read_float(Offset + 24), SHAR.read_float(Offset + 28)],
# [SHAR.read_float(Offset + 32), SHAR.read_float(Offset + 36), SHAR.read_float(Offset + 40), SHAR.read_float(Offset + 44)],
# [SHAR.read_float(Offset + 48), SHAR.read_float(Offset + 52), SHAR.read_float(Offset + 56), SHAR.read_float(Offset + 60)]
# ]
rot = [
[
SHAR.read_float(Offset),
SHAR.read_float(Offset + 4),
SHAR.read_float(Offset + 8)
],
[
SHAR.read_float(Offset + 16),
SHAR.read_float(Offset + 20),
SHAR.read_float(Offset + 24)
],
[
SHAR.read_float(Offset + 32),
SHAR.read_float(Offset + 36),
SHAR.read_float(Offset + 40)
],
]
rot = Matrix(rot).to_quaternion()
rot.y, rot.z = rot.z, rot.y
rot = rot.to_euler()
pos = Vector(
(SHAR.read_float(Offset + 48), SHAR.read_float(Offset + 52),
SHAR.read_float(Offset + 56)))
pos.y, pos.z = pos.z, pos.y
return pos, rot
if GameState in ['NormalInGame', 'NormalPaused']:
CharManager = CharacterManager()
SMIO_info["Character"] = CharacterName(CharManager, 0)
Player = Characters(CharManager, 0)
InCar = CharacterInCar(Player)
SMIO_info['Player In Car'] = InCar
SMIO_info['Player_Position'] = CharacterPosition(Player)
SMIO_info['Player_Rotation'] = round(CharacterRotation(Player), 2)
if InCar:
PlayerCar = CharacterCar(Player)
SMIO_info['Car_Position'], SMIO_info['Car_Rotation'] = CarPosRot(
PlayerCar)
return SMIO_info
config_updated = False
wo = WatchdogObserver()
wcuh = ConfigUpdateHandler(patterns=['*.ini'], ignore_directories=True)
wo.schedule(wcuh, path='.', recursive=False)
wo.start()
def teardown():
wo.stop()
wo.join()
while True:
sleep(DELAY)
try:
pass
with SocketIO(HOST, PORT, wait_for_connection=False) as socketIO:
pm = Pymem('TrickyTowers.exe')
while True:
if config_updated:
config_updated = False
break
start = default_timer()
data = parse(pm)
socketIO.emit('json', data)
# _exit(0)
end = default_timer()
delayed = end - start
to_sleep = DELAY - delayed
if to_sleep > 0:
sleep(DELAY - delayed)
from pymem import Pymem
from re import search
from pymem.process import module_from_name
from pymem.exception import ProcessNotFound
try:
processName='csgo.exe'
pm = Pymem(processName)
client = module_from_name(pm.process_handle,'client.dll')
clientLpBaseOfDll=client.lpBaseOfDll
clientModule = pm.read_bytes(clientLpBaseOfDll, client.SizeOfImage)
address = clientLpBaseOfDll + search(rb'\x83\xF8.\x8B\x45\x08\x0F',
clientModule).start() + 2
pm.write_uchar(address, 2 if pm.read_uchar(address) == 1 else 1)
pm.close_process()
print("hack completed")
except ProcessNotFound:
print("error: couldn't find process",processName)
Запускаю бота и смотрю что произойдет
"""
from pymem import Pymem
import time
import keyboard
import mouse
import json
for i in range(5):
print(i)
time.sleep(1)
if "__main__" == __name__:
pm = Pymem('XR_3DA.exe')
module_offset = None
for i in list(pm.list_modules()):
if (i.name == "xrGame.dll"):
module_offset = i.lpBaseOfDll
holder = []
plashka = False
print("started")
for i in range(0, 25):
z = pm.read_float(pm.base_address + 0x104944)
x = pm.read_float(pm.base_address + 0x10493C)
j = keyboard.is_pressed('space')
r = mouse.is_pressed('right')
plashka = pm.read_bool(module_offset + 0x54C2F9)
holder.append([x, z, j, r])
time.sleep(0.5)
import os
import time
import random
import ahk
from enum import Enum
from typing import List
config = configparser.ConfigParser()
config.read('./config.ini')
ahk = ahk.AHK()
server_name = config.get("Server", "server_name")
game_process = Pymem(config.get(server_name, "process_name"))
win_top_offset = int(config.get(server_name, "win_top_offset"))
win_left_offset = int(config.get(server_name, "win_left_offset"))
win_width = int(config.get(server_name, "win_width"))
win_height = int(config.get(server_name, "win_height"))
x_player_position_addr = int(config.get(server_name, "player_x_position"), 16)
y_player_position_addr = int(config.get(server_name, "player_y_position"), 16)
player_max_hp_addr = int(config.get(server_name, "player_max_hp"), 16)
player_cur_hp_addr = int(config.get(server_name, "player_cur_hp"), 16)
player_max_sp_addr = int(config.get(server_name, "player_max_sp"), 16)
player_cur_sp_addr = int(config.get(server_name, "player_cur_sp"), 16)
from pymem.exception import *
from mouse import click
from keyboard import register_hotkey
from colorama import init
from helper import *
from menu import IGMenu
try:
init(True)
pygame.display.init()
pygame.font.init()
filterwarnings("ignore")
with contextlib.redirect_stdout(None):
mem = Pymem("csgo.exe")
Offsets = parse_dump_offsets()
Offsets.game_module = module_from_name(mem.process_handle,
"client_panorama.dll").lpBaseOfDll
Offsets.game_engine = module_from_name(mem.process_handle,
"engine.dll").lpBaseOfDll
game_window = get_game_window()
overlay = create_overlay(game_window)
settings = Settings()
game_menu = IGMenu(settings)
weapon_ids = json.load(open("data/weapons.json"))
view_matrix = lambda: unpack(
"16f",
mem.read_bytes(Offsets.game_module + Offsets.dwViewMatrix, 16 * 4))
def dim(s):
return f"{Style.BRIGHT}{s}{Style.NORMAL}"
def fp(ptr):
return f"0x{ptr & 0xffff:04x}" if (
ptr >> 0x10) == 0xffff else f"0x{ptr:06x}"
##
## m a i n
colorama.init(convert=True)
mem = Pymem("RALibretro")
paused = False
list_view = False
cheat_menu_open = False
def process_keyboard():
while msvcrt.kbhit():
c = msvcrt.getch()
if c == b'p':
global paused
paused = not paused
elif c == b' ':
global list_view
list_view = not list_view
elif c == b'c':
from pymem import Pymem
fileStruct = (0x6d9100)
bufferOffset = (3 - 1) * 4
pm = Pymem('Rebels.exe')
bufferPtr = pm.read_uint(fileStruct + bufferOffset)
content = []
idx = 0
while True:
ch = pm.read_uchar(bufferPtr + idx)
if ch in [0x0D, 0xF0, 0xAD, 0xBA]:
break
content.append(ch)
idx += 1
print(''.join([chr(x) for x in content]))
production_building_operating_costs = ()
production_building_sleep_costs = ()
def calculate_yield_rates_for_building(building):
return create_rates(building['yield rate'])
yield_rates = np.array(
tuple(
calculate_yield_rates_for_building(building)
for building in buildings))
process = Pymem('Anno1602.exe')
base_address = process.process_base.lpBaseOfDll
population_offset = 0x622FE0
camera_x_offset = 0x59FA5C
camera_y_offset = 0x59FA60
# TODO: Increase numbers as buildings are built
number_of_buildings = np.zeros((len(buildings), ))
number_of_buildings_to_build = np.zeros((len(buildings), ))
# TODO: Navigate to area of map by clicking on location on minimap. This also sets the visible area of the map.
# Therefore the camera position does not need to be read out of the memory of the Anno 1602 process.
viewport_width = 1024
viewport_height = 768
def __init__(self,
episode_length: int,
res_shape: Tuple[int, int],
action_delay: float = 0,
grayscale: bool = True,
stacked_frames: int = 1,
window_size: Optional[Tuple[int, int, int, int]] = None,
device: str = "cpu",
read_mem: bool = False):
"""
Creates the environment.
Args:
episode_length (float): The maximum amount of time an agent can play
before an environment reset.
res_shape (Tuple[int, int]): The shape to resize the captured
images to.
action_delay (int): The amount of time in between actions, will wait
for the delay before committing the action.
grayscale (bool): Will convert the image to grayscale if true.
stacked_frames (int): The number of frames to stack
(along channel dimension)
window_size (Optional[Tuple[int, int, int, int]]): The values of
(left, top, right, bottom) to capture.
device (str): The device to store tensors on.
read_mem (bool): If true, will attach to the speedrunners process to
read memory values (DO NOT USE ONLINE).
"""
super().__init__()
self.action_delay = action_delay
self.state_space = (res_shape +
((1 if grayscale else 3) * stacked_frames, ))
self.stacked_frames = stacked_frames
self.window_size = window_size
self.actor = Actor()
self.last_window = None
self.window = None
# Create the d3dshot instance
capture_output = ("pytorch_float" +
("_gpu" if str(device) == "cuda" else ""))
d3d = d3dshot.create(capture_output=capture_output,
frame_buffer_size=stacked_frames)
frame_transforms = [
lambda frame: frame.unsqueeze(0),
ConvertDimensionOrder()
]
if grayscale:
frame_transforms.append(Grayscale())
frame_transforms.append(Interpolate(size=res_shape, mode="bilinear"))
frame_transforms.append(lambda frame: frame.squeeze(0))
stack_transforms = [StackDimension(1)]
self.frame_handler = WindowsFrameHandler(d3d, frame_transforms,
stack_transforms)
self.episode_length = episode_length
self.action_space = (self.actor.num_actions(), )
# The environment properties
self._reached_goal = False
# Relevant memory information
self.memory = Pymem() if read_mem else None
self.match = Match()
self.match.players.append(Player())
self._last_time = 0
self.last_action_time = 0