Sign in to follow this  
Followers 0
marscom

Reading Var Values from a Flash app

15 posts in this topic

Is there any way other than pixel detection to get the information presented in a flash applications? Memory reading for example?

Thanks

Marscom

Share this post


Link to post
Share on other sites



Is there any way other than pixel detection to get the information presented in a flash applications? Memory reading for example?

Thanks

Marscom

i've tried grabbing data from flash applications before, and an issue that i ran into was that the same memory locations weren't used each time. I used realtime debuggers and memory searches (softice, and artmoney) to identify the location of specific values and could then change those values in that instance, but could not hardcode addresses to be used repeatedly. A few times i've actually reversed out the flash (check out swf flash decompiler) and then created a gui to replace the flash completely, just because after you reverse and sort through the flash, you know what arguments are sent to where and can do all of that from your own code. do you have a link to the flash application you're trying to work with?


1100111 00001011101111 00011101101111 00010111100100 00001111110100 00110111110010 00101101111001 0011100i didn't make up this form of encryption, but i like it.credit to the lvl 6 challenge on arcanum.co.nz

Share this post


Link to post
Share on other sites

Yeah I do, but I am terrible with flash - its all a mess to me to be honest.

I have spent 2 weeks trying to get a pixel searching method thats fast enough but nothing seems faster than reading straight from memory.

Once you see the flash you will see what im trying to do, if your interested I can let you see the code I have so far, its just I need these values in under 2 seconds and its taking 5-6 atm, which is too much tbh.

Check it.

http://rapidshare.de/files/38456381/FLASH.rar.html

Share this post


Link to post
Share on other sites

Yeah I do, but I am terrible with flash - its all a mess to me to be honest.

I have spent 2 weeks trying to get a pixel searching method thats fast enough but nothing seems faster than reading straight from memory.

Once you see the flash you will see what im trying to do, if your interested I can let you see the code I have so far, its just I need these values in under 2 seconds and its taking 5-6 atm, which is too much tbh.

Check it.

http://rapidshare.de/files/38456381/FLASH.rar.html

what is the flash? it's trying to communicate out before it displays anything of use and i blocked it

1100111 00001011101111 00011101101111 00010111100100 00001111110100 00110111110010 00101101111001 0011100i didn't make up this form of encryption, but i like it.credit to the lvl 6 challenge on arcanum.co.nz

Share this post


Link to post
Share on other sites

Sorry about that, if you go into the aa folder you will see the flash app. Anyways its the client for websites such as gameaccount.com, it allows you to play backgammon online. I have been trying to automate the task but getting the position of the checkers quickly is quite a task..

Thanks in advance for any help.

Marscom

Share this post


Link to post
Share on other sites

Sorry about that, if you go into the aa folder you will see the flash app. Anyways its the client for websites such as gameaccount.com, it allows you to play backgammon online. I have been trying to automate the task but getting the position of the checkers quickly is quite a task..

Thanks in advance for any help.

Marscom

without opening the flash, it sounds like you should be able to accomplish that with a simple PixelGetColor(). your game pieces are going to have fixed dimensions, as are the parts of the board where they'll be placed, regardless of the board. you should be able to store an array of coordinates where each coordinate pair represents a pixel in spot where a piece can go that will be one of 3 values whether the spot is empty, occupied by player 1, or occupied by player 2. are you following me here?


1100111 00001011101111 00011101101111 00010111100100 00001111110100 00110111110010 00101101111001 0011100i didn't make up this form of encryption, but i like it.credit to the lvl 6 challenge on arcanum.co.nz

Share this post


Link to post
Share on other sites

#7 ·  Posted (edited)

I see what you mean, its just what with having 12 positions across and the middle position, as well as 15 possible total options for each of the 12 or 13 including the midpoint its 13x15 positions. Also if I have more than say 9 checkers on one position certain checkers become lost as the ones ontop become indistinguashible from the ones below

aka, aaa and zzz

____xxx aaa xxx

__xxx xxx xxx xxx

\ xxx xxx zzz xxx xxx

I really appreciate the help, Im just looking for a rough idea of the most efficiant way to do this. Thanks again and excuse the spelling, 36hours on modifinal :D

Edited by marscom

Share this post


Link to post
Share on other sites

I see what you mean, its just what with having 12 positions across and the middle position, as well as 15 possible total options for each of the 12 or 13 including the midpoint its 13x15 positions. Also if I have more than say 9 checkers on one position certain checkers become lost as the ones ontop become indistinguashible from the ones below

aka, aaa and zzz

____xxx aaa xxx

__xxx xxx xxx xxx

\ xxx xxx zzz xxx xxx

I really appreciate the help, Im just looking for a rough idea of the most efficiant way to do this. Thanks again and excuse the spelling, 36hours on modifinal :D

i'm not able to run the game at work because it wants to communicate out, but i'll try it at home later to put together an example.

1100111 00001011101111 00011101101111 00010111100100 00001111110100 00110111110010 00101101111001 0011100i didn't make up this form of encryption, but i like it.credit to the lvl 6 challenge on arcanum.co.nz

Share this post


Link to post
Share on other sites

i've tried grabbing data from flash applications before, and an issue that i ran into was that the same memory locations weren't used each time. I used realtime debuggers and memory searches (softice, and artmoney) to identify the location of specific values and could then change those values in that instance, but could not hardcode addresses to be used repeatedly. A few times i've actually reversed out the flash (check out swf flash decompiler) and then created a gui to replace the flash completely, just because after you reverse and sort through the flash, you know what arguments are sent to where and can do all of that from your own code. do you have a link to the flash application you're trying to work with?

That is because of DMA (Dynamic Memory Allocation). If you search google for memory pointers or pointer address, you will see that you need to call a different memory location that contains a variable address which when you add a static offset to it, it will equal the address of the memory that you could initially only change once.

So depending on what memory UDF you are using, it would be something like this to defeat DMA:

_memread(_memread($address) + $offset)

Share this post


Link to post
Share on other sites

That is because of DMA (Dynamic Memory Allocation). If you search google for memory pointers or pointer address, you will see that you need to call a different memory location that contains a variable address which when you add a static offset to it, it will equal the address of the memory that you could initially only change once.

So depending on what memory UDF you are using, it would be something like this to defeat DMA:

_memread(_memread($address) + $offset)

I suppose it would be alot of work to discover these pointers, however I do have the code. Would I be able to just request the variable from the flash application? Or how would I go about getting the variable value from memory using these pointers?

Share this post


Link to post
Share on other sites

I suppose it would be alot of work to discover these pointers, however I do have the code. Would I be able to just request the variable from the flash application? Or how would I go about getting the variable value from memory using these pointers?

it is rather easy using something like artmoney or t-search

Share this post


Link to post
Share on other sites

Getting this from the ArtMoney Guide.

Pointer search only works for Win32 games with executable file. It does not work on DOS, emulated, browser and "Macromedia Flash" games.

Seems there is very little information on the internet about getting specific variables, I spent hours on Tsearch and Cheatengine a few days ago and gave up - it seems very hard, not even considering this pointer thing, the flash memory values have to be multiplied by 8 and other things.

Any suggestions anyone?

Share this post


Link to post
Share on other sites

Getting this from the ArtMoney Guide.

Pointer search only works for Win32 games with executable file. It does not work on DOS, emulated, browser and "Macromedia Flash" games.

Seems there is very little information on the internet about getting specific variables, I spent hours on Tsearch and Cheatengine a few days ago and gave up - it seems very hard, not even considering this pointer thing, the flash memory values have to be multiplied by 8 and other things.

Any suggestions anyone?

i have used artmoney to manipulate some flash games, but had to re-find values. the values you're looking for though, i think are more easily determined visually than through memory.

1100111 00001011101111 00011101101111 00010111100100 00001111110100 00110111110010 00101101111001 0011100i didn't make up this form of encryption, but i like it.credit to the lvl 6 challenge on arcanum.co.nz

Share this post


Link to post
Share on other sites

To be honest I agree but the code I have is taking several seconds to execute, If there was any way to implement this pointer thing or speed up the code that would be perfect and I have a few ideas like pixelchecksumming the positions when they have a certain amount of checkers in them but it all seems like it would take far too long.

Is there anyway to look for a specific pixel, get the co,ords (aka pixelsearch) and then continue searching for more pixels? Just thinking.

Share this post


Link to post
Share on other sites

To be honest I agree but the code I have is taking several seconds to execute, If there was any way to implement this pointer thing or speed up the code that would be perfect and I have a few ideas like pixelchecksumming the positions when they have a certain amount of checkers in them but it all seems like it would take far too long.

Is there anyway to look for a specific pixel, get the co,ords (aka pixelsearch) and then continue searching for more pixels? Just thinking.

well pixelchecksum will take more time than just checking w/ a pixel get color. the way that i would do it, is use nested loops to check each position, when there is the possibility of a stack (spot 10 is occupied and spot 11 would be stacked or something like that, i don't know the game) then use the pixelchecksum to figure out spot 11 etc. you can have a conditional exit in your loops so that if spot 5 is vacant, it exits instead of checking spots 6-15 for that position... i feel like i may be explaining the concept poorly if you're still thinking that it's going to take too much time... because even if you're checking every single position of the 13x15 board, it's still only 195 positions, and with only 1 or 2 decisions each iteration it should not eat up a lot of time.

1100111 00001011101111 00011101101111 00010111100100 00001111110100 00110111110010 00101101111001 0011100i didn't make up this form of encryption, but i like it.credit to the lvl 6 challenge on arcanum.co.nz

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0