svenjatzu Posted February 13, 2020 Share Posted February 13, 2020 Hi i organised a coder to make a a little script, he just sent me it and i found this files + dll that i didnt see before and also cant find anything about it on google. Can someone please check if this is valid files or anything scam inside? this is his code expandcollapse popup#include <Array.au3> #include <Misc.au3> $gpass = @ScriptDir&'\' Func _bidm_imagesearch($findimage, $resultposition, $px, $py, $kx, $ky, ByRef $x, ByRef $y, $tolerance, $hbmp = 0) Return _bidm_imagesearcharea($findimage, $resultposition, $px, $py, $kx, $ky, $x, $y, $tolerance, $hbmp) EndFunc Func _bidm_imagesearcharea($findimage, $resultposition, $x1, $y1, $right, $bottom, ByRef $x, ByRef $y, $tolerance, $hbmp = 0) If IsString($findimage) Then If $tolerance > 0 Then $findimage = "*" & $tolerance & " " & $findimage If $hbmp = 0 Then $result = DllCall($gpass&"ISHDLLV2.dll", "str", "ImageSearch", "int", $x1, "int", $y1, "int", $right, "int", $bottom, "str", $findimage) Else $result = DllCall($gpass&"ISHDLLV2.dll", "str", "ImageSearchEx", "int", $x1, "int", $y1, "int", $right, "int", $bottom, "str", $findimage, "ptr", $hbmp) EndIf Else $result = DllCall($gpass&"ISHDLLV2.dll", "str", "ImageSearchExt", "int", $x1, "int", $y1, "int", $right, "int", $bottom, "int", $tolerance, "ptr", $findimage, "ptr", $hbmp) EndIf If $result[0]='0' Then ;MsgBox(1,'bbbbbbbbbbbbbbbbjj','ooo') Return 0 Else ;MsgBox(1,'good',$result[0]) EndIf $array = StringSplit($result[0], "|") ;MsgBox(1,'good',$array[4]) ;_ArrayDisplay($result) ;_ArrayDisplay($array) $x = Int(Number($array[2])) $y = Int(Number($array[3])) ; If $resultposition = 1 Then ; $x = $x + Int(Number($array[4]) / 2) ; $y = $y + Int(Number($array[5]) / 2) ; EndIf Return 1 EndFunc Func _imagesearch($findimage, $resultposition, ByRef $x, ByRef $y, $tolerance, $hbmp = 0) Return _imagesearcharea($findimage, $resultposition, 0, 0, @DesktopWidth, @DesktopHeight, $x, $y, $tolerance, $hbmp) EndFunc Func _imagesearcharea($findimage, $resultposition, $x1, $y1, $right, $bottom, ByRef $x, ByRef $y, $tolerance, $hbmp = 0) If IsString($findimage) Then If $tolerance > 0 Then $findimage = "*" & $tolerance & " " & $findimage ;MsgBox(1,'bbbbbbbbbbbbbbbbjj',$findimage) ;MsgBox(1,'bbbbbbbbbbbbbbbbjj',$gpass&"ISHDLLV2.dll") If $hbmp = 0 Then $result = DllCall($gpass&"ISHDLLV2.dll", "str", "ImageSearch", "int", $x1, "int", $y1, "int", $right, "int", $bottom, "str", $findimage) Else $result = DllCall($gpass&"ISHDLLV2.dll", "str", "ImageSearchEx", "int", $x1, "int", $y1, "int", $right, "int", $bottom, "str", $findimage, "ptr", $hbmp) EndIf Else $result = DllCall($gpass&"ISHDLLV2.dll", "str", "ImageSearchExt", "int", $x1, "int", $y1, "int", $right, "int", $bottom, "int", $tolerance, "ptr", $findimage, "ptr", $hbmp) EndIf ;_ArrayDisplay($result) If $result[0]='0' Then ;MsgBox(1,'bbbbbbbbbbbbbbbbjj','ooo') Return 0 Else ;MsgBox(1,'good',$result[0]) EndIf $array = StringSplit($result[0], "|") $x = Int(Number($array[2])) $y = Int(Number($array[3])) If $resultposition = 1 Then $x = $x + Int(Number($array[4]) / 2) $y = $y + Int(Number($array[5]) / 2) EndIf Return 1 EndFunc Local $gx, $gy Global $z_krok if MsgBox(1,'Open the website page in a browser! Then ','Begin?')=1 then else exit endif ;MsgBox(1,'Script',@DesktopWidth & " X " & @DesktopHeight) ;Sleep(2000) ;Sleep(3000) ;Send("^{HOME}") $z_krok=0 While 1 ;поки э бігунок вниз if $z_krok=0 then if _bidm_imagesearch($gpass&"new_bmp\xxx.bmp", 1,1,1,@DesktopWidth, @DesktopHeight, $gx, $gy, 0)=1 then if $gx then $vnuz_x=$gx $vnuz_y=$gy MouseMove($gx+20, $gy+20) Sleep(100) MouseClick("left", $gx+20, $gy+20, 1, 1) Sleep(500) MouseMove($gx+100, $gy+100) $z_krok=1 Sleep(3000) else endif else endif if _bidm_imagesearch($gpass&"new_bmp\xxxb.bmp", 1,1,1,@DesktopWidth, @DesktopHeight, $gx, $gy, 0)=1 then if $gx then $vnuz_x=$gx $vnuz_y=$gy MouseMove($gx+20, $gy+20) Sleep(100) MouseClick("left", $gx+20, $gy+20, 1, 1) Sleep(500) MouseMove($gx+100, $gy+100) $z_krok=1 Sleep(3000) else endif else endif endif if $z_krok=1 then if _bidm_imagesearch($gpass&"new_bmp\mmm.bmp", 1,1,1,@DesktopWidth, @DesktopHeight, $gx, $gy, 0)=1 then if $gx then $vnuz_x=$gx $vnuz_y=$gy MouseMove($gx+20, $gy+20) Sleep(100) MouseClick("left", $gx+20, $gy+20, 1, 1) Sleep(500) MouseMove($gx+100, $gy+100) $z_krok=2 Sleep(3000) else endif else endif endif if $z_krok=2 then if _bidm_imagesearch($gpass&"new_bmp\eee.bmp", 1,1,1,@DesktopWidth, @DesktopHeight, $gx, $gy, 0)=1 then if $gx then $vnuz_x=$gx $vnuz_y=$gy MouseMove($gx+20, $gy+20) Sleep(100) MouseClick("left", $gx+20, $gy+20, 1, 1) Sleep(500) MouseMove($gx+100, $gy+100) $z_krok=0 Sleep(3000) else endif else endif endif Sleep(5000) ;ExitLoop ; бігунка нема WEnd ;_bidm_imagesearch("D:\xamppxx\htdocs\www\2017work006\ai\abc\"&_dfile(StringMid($fss, $i, 1))&".bmp", 1,$x_poch,$y_poch,$x_kin, $y_poch+20, $gx, $gy, 0)=1 then ISHDLLV2.dll and this is the dll file ISHDLLV2.dll Link to comment Share on other sites More sharing options...
Danyfirex Posted February 14, 2020 Share Posted February 14, 2020 It seems to be a mod of the real image search. I've checked import Directory and seems to use almost same API. I did'not check if It's free of virus(It will require deep analysis). But It looks normal in a fast view. Saludos Danysys.com AutoIt... UDFs: VirusTotal API 2.0 UDF - libZPlay UDF - Apps: Guitar Tab Tester - VirusTotal Hash Checker Examples: Text-to-Speech ISpVoice Interface - Get installed applications - Enable/Disable Network connection PrintHookProc - WINTRUST - Mute Microphone Level - Get Connected NetWorks - Create NetWork Connection ShortCut Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now