Extracting Hidden Text with WinDbg
Sunday, January 11, 2009In How I Built a Working Online Poker Bot, Part 7: Extracting Text from 3rd-Party Applications, we talked about how to write code to snoop on the text painted to an application's user interface.
We noted that most applications, when they want to draw text, do so by calling one of a handful of standard operating system APIs. And we realized that we could "detour" these APIs in memory, such that whenever an application tried to call these APIs, it would end up calling our code instead. Our code would then have a chance to analyze the text being painted.
Several months later, one of the companies mentioned in the above-linked post—PokerStars—updated their software.
Specifically, they started painting text using a proprietary solution that doesn't rely on standard operating system APIs. Our technique stopped working, and tools which depended on it stopped working. In PokerStars Slams Hammer on Third Party Software Industry, we can see an email PokerStars sent to tool developers.
I regret to be the bearer of bad tidings, but this was the purpose and intent of the change -- to deny malicious third party developers access to hooking 'DrawText' to extract data from the dealer chat window. We have completely avoided the use of 'DrawText' and 'ExtTextOut' in favor of a proprietary internal solution, and as such the contents of the chat cannot be extracted any longer.
While we recognize that there are many third party odds calculators and other real time tools that are absolutely not malicious and in fact are permitted on PokerStars, malicious tools such as bots and dataminers also retrieve their data in the same manner, and it is against those developers that such measures are designed.
While unfortunate, some permitted apps are likely to be hobbled by the changes intended to prevent cheating, and there's little that we can offer you in way of a solution or a way around this. We can't offer you an API to the data (or malicious developers would hack it), and we can't go back to using DrawText. We believe it more important to keep the malicious programs out than it is to allow permitted programs to continue to function.
I wish I had a solution for you, but the truth is that additional changes will be forthcoming to make it even more difficult to gather "real time data" from the client as well. If a cheating program manages to find a way to code around these changes, we'll plug whatever hole they exploit as well (which may well break any solution you come up with for your applications as well).
I wish I had better news for you, but that is PokerStars' position on the gathering of real time data from the client. All I can offer is apologies that your application had to be caught up as "collateral damage" in the war on cheating applications.
Just to be clear, the issue here is that online poker tool developers have been programatically extracting text from the PokerStars game chat window.
This window gives crucial information about the betting actions in each game. The text contained in this window is not private in any way—it's intended for human consumption—but PokerStars would prefer that third-party software tools not have access to it. In their view, that capability makes it too easy for malicious software to hook into the PokerStars client. So they've taken steps to prevent it.
But is the PokerStars game chat text truly gone, such that it can never be extracted? Or is it merely hiding?
In order to answer that question, let's download a powerful but free piece of software called WinDbg, the core member of the Debugging Tools for Windows package. Here it is, in all its glory:
Most programmers who were weaned on a diet of Visual Studio development rarely, if ever, use any debugger other than the built-in Visual Studio debugger. That's usually okay because the Visual Studio debugger is integrated, eloquent, easy to use, and quite powerful. But there are many debugging facilities which aren't exposed through the Visual Studio debugger UI.
Once you've installed WinDbg, you should really take the time to configure your symbol files properly. But this isn't strictly necessary for today's work.
Let's choose the "Open Executable" option from the File menu:
Browse to the PokerStars executable:
A WinDbg command window will open. We'll see messages for each of the DLLs loaded by the target application, then a "break instruction" followed by the context (the state of the CPU registers) of the primary thread.
By default, when we launch an application through WinDbg, it opens the application in a state of suspended animation. That is, it invokes the application and then immediately halts it. When the target application is in this state, you can't interact with it in any way (except, of course, through the debugger).
So let's type g into the WinDbg command prompt (or use the toolbar button) in order to wake PokerStars up and give it a chance to run. The PokerStars main window should appear, and we'll see some more messages stream into the WinDbg command window.
Then we'll open one or more PokerStars tables, and let them run for a couple minutes, in order to accumulate some text in the game chat window.
After that, it's time to "break into the target" as we say. Hit the WinDbg Break button on the toolbar. The PokerStars application will freeze.
Now, I should mention that every game-related message in the PokerStars chat window is prefaced with the following phrase:
Dealer:
For the purposes of this experiment, we'll use that as a quick and dirty way of locating these game chat messages in memory. In other words, we want to scan the entire PokerStars process—all of it—for the above phrase.
In order to that, we'll execute the following command:
s -u 0x00000000 L?0xffffffff "Dealer: "
Loosely translated, this says: search, starting at memory location 0x00000000, and ending at memory location 0xFFFFFFFF, for all instances of the Unicode text phrase "Dealer: " in the PokerStars process. (We can tell WinDbg to search for ASCII text by replacing the "-u" with "-a".)
Type that into the WinDbg command window and voila!
As you can see, there are numerous instances of this text in PokerStars process memory—one for each line of text in the game chat window, in fact, plus a few occasional duplicates. For those of you who are new to "hex editor UI," let's look at it with some helpful annotations:
Each line corresponds to a specific memory address whose bytes, when interpreted as Unicode text, spell out our catchphrase. Clearly, the PokerStars chat text still exists, the same as it ever did. But let's take a closer look. Open a Memory window from the menu or by hitting Alt+5:
This will let us examine the actual bits and bytes of process memory.
At the top of the window, in the field labeled "Virtual," we'll plug in the address of one of the "Dealer: " text strings shown above. (The strings inside the red box. Don't use the actual values shown above; use the values returned by your copy of WinDbg).
We are now staring at the bits and bytes of a single line of text from the PokerStars game chat window. So when PokerStars says that game text "can no longer be extracted" we should take that statement, as always, with a grain of salt.
Extra Credit: Watchpoints
Most programmers are familiar with the concept of a breakpoint. When we're debugging an application, and execution reaches a breakpoint, the debugger breaks into the application and gives us a chance to start single-stepping through it, examining variables and so forth.
Most programmers eventually learn that we can set conditional breakpoints. Instead of halting the application when a particular breakpoint is reached, conditional breakpoints halt the application when a particular condition is true. For example, "break if the value of foo is 93".
But relatively few programmers are aware of data breakpoints, also known as watchpoints. These tell the debugger to halt the application not when a particular piece of code is executed, but when a certain memory address is accessed. In any way whatsoever.
For example, if we happen to know that a certain piece of text is sitting in process memory at a certain address, and we want the debugger to tell us whenever that piece of text is passed into a function, copied, or deallocated, we can create a watchpoint.
Within WinDebug, the ba command ("break on access") is used to set up a watchpoint. For example:
ba r4 0x04EFF210
This command reads break the application whenever the 4-bytes of memory starting at address 0x04EFF210 are accessed. Sounds good, except that breakpoints are usually set in the context of a specific thread, and PokerStars, like most applications nowadays, has multiple threads:
So what we want to do is somehow set the data breakpoint across all threads. Lo and behold, WinDbg allows us to do that by using a special prefix:
~* ba r4 0x04EFF210
The ~* instructs WinDebug to set the breakpoint across all (*) threads. We could also use it to set the breakpoint for specific threads.
Let's go ahead and type the above command into the WinDbg command line, replacing the address 0x04EFF210 with one of the addresses returned when you executed the s command above.
Once we've done that, type g to resume the application.
If we've timed things correctly, the breakpoint should be hit almost immediately. We'll continue typing g to resume the application each time the breakpoint is hit and we'll end up with output similar to the following:
At this point, we've learned two things:
- Where text exists inside the PokerStars (or other application) process.
- The state of the process, including all threads, stack frames, and registers, each time this text is accessed.
We know what the text is, and with some careful research, we can figure out what functions are accessing this text. In order to do that, we can examine the call stack each time the debugger halts the application: "Breakpoint 0 hit."
We can then work backwards, and start to determine which functions are responsible for creating, reading, and copying PokerStars game chat messages, as well as the structure of those messages in process memory. Without ever knowing the name of any of these functions or structures.
Once those functions are identified, we can start to interposition custom code in order to redirect execution flow from the original versions of those functions to custom code, written by us...giving us a chance, once again, to read PokerStars game text in real time.
That's just one way of doing it. There are others.
And of course, PokerStars is just an example. The above technique will work with any Windows application, although, as always, some tweaking is required. Stay tuned and we'll discuss some of the details and, after a three month hiatus, take a look at some more source code.
Happy disassembling.
Yes! Leave a Comment. All fields are optional.
- Sneak Peek: StopLight 1.0
- A Radioactive, Search-Hardened User Name for Online Poker
- Online Poker and the Multi-Tabling Effect
- A Primer Primer
- Moonlighting with OpenTK
- BROWSE ALL POSTS
Subscribe to Coding the Wheel over email or through any RSS reader. Coding the Wheel has been published since 2008.
- How I Built a Working Online Poker Bot, Part 1, 2, 3, 4, 5, 6, 7, 8
- Summoning the Harry Potter MMORPG
- Are Commercial Databases Worth It?
- 21 and the Monty Hall Paradox
- Visualizing the Internet (48)
SEO Packages wrote: Insightful, but the internet is a lot more difficult to portray imo. - 1,326 (41)
SEO Packages wrote: So disco isn't dead yet? - Dartboard-Driven Design (52)
SEO Packages wrote: Hilarious, very creative but I wouldn't guide myself after that. 90% of the surface of my target ... - How to Display Integrated Digg.com Comments on Your Website (27)
SEO Packages wrote: Very useful article, thanks for the info - Using Internet Conveyor Belts to Drive Traffic to Your Site (23)
SEO Packages wrote: Very useful info here, I am in the SEO business myself and I've learned some now stuff from your ... - Summoning the Harry Potter MMORPG (1048)
James Lloyd wrote: Is this Real LOOKS F*ING AMAZING :) can't wait till it is made :D - The Great Poker Hand Evaluator Roundup (119)
Cheap UGG Boots wrote: fddddffffff - The Great Poker Hand Evaluator Roundup (119)
mbt kisumu white wrote: dddddddddd - The Great Poker Hand Evaluator Roundup (119)
Discount MBT Shoes wrote: mbt kisumu black sandal and mbt kisumu white ar hot saling now in our website. This Summer,the mbt ... - How I Built a Working Online Poker Bot, Part 3 (133)
mr.cool wrote: Hello! I find this review very interesting !Vibram FiveFingers - A Circular Dilemma Concluded (39)
online bollywood movies wrote: It seeks to show how rarely needed a high voltage working environment in which candidates are difficult ... - How I Built a Working Online Poker Bot, Part 3 (133)
wewr wrote: [Replica Watches][1] [1]: http://superior-replica.com/"Replica Watches" ... - How I Built a Working Online Poker Bot, Part 3 (133)
wewr wrote: Sorry i not mean spam,...just like your article,...cheers [Replica Watches][1] [1]: http://www.superior-replica.com/"Replica ... - How I Built a Working Online Poker Bot, Part 3 (133)
wewr wrote: Vibram FiveFingers - How I Built a Working Online Poker Bot, Part 3 (133)
Replica Watches wrote: Replica Watches - How I Built a Working Online Poker Bot, Part 3 (133)
Replica Watches wrote: Yeah, after a study it more deeply, I know now.Replica Watches - How I Built a Working Online Poker Bot, Part 3 (133)
Replica Watches wrote: I had not understood the purpose of this article, but after a study it more deeply, I know now. Replica ... - How I Built a Working Online Poker Bot, Part 3 (133)
Replica Watches wrote: posts that are very evocative readers like me to understand more about what is contained in this article ... - How I Built a Working Online Poker Bot, Part 7: Extracting Text from 3rd-Party Applications (318)
window cleaning wrote: Great series and I enjoyed each article very much. I hope now you've got a whole batch of articles ... - How I Built a Working Online Poker Bot, Part 3 (133)
property management wrote: fat burning furnace scam or real.
78 comment(s)
ping - bang - boom
Anonymous on Monday, January 12, 2009Hello. My question is whether it's possible to detect those text strings as they're being created, rather than after they're created. This being more useful IMHO than looking at them after the fact. Is there a way to set up a breakpoint to occur when a text string containing "Dealer" is passed into any function----no matter where the text exists in memory?
Sullivan on Monday, January 12, 2009GREAT STUFF.
Consistently, you and pokerai are the only 2 sites on the Internet where you can find this level of technical info.
I don't and won't use WinDbg, but I enjoy the low-level techie stuff. Keep it coming.
xkcd on Monday, January 12, 2009After concealing the game # you give it away in a later image...
Anonymous on Monday, January 12, 2009Come on guys...every time he posts, the GREAT POST!!! FANTASTIC!! people come out of the woodwork, even when the quality is sub-par. Some of his posts are ground breaking, others are less so. Like any blogger, he's hit or miss. Not every blog post has to be FANTASTIC!! GROUNDBREAKING!! Sometimes a blog post is quick and dirty and thats okay. Stop kissing his arse.
Anonymous on Monday, January 12, 2009Game # 23771182740
Be Careful on Monday, January 12, 2009I think the referenced game number was observed on a public machine, like all his screenshots, without logging in, or logging in on another account. Based on an email I have from him.
Anonymous on Monday, January 12, 2009Nice workaround, but I can see the future, and it looks like...
encrypted data in memory
Chicken Strip on Monday, January 12, 2009Does the above technique work on a 64-bit machine?
You have 0x00000000 thru 0xFFFFFFFF as a range which to me says, 32-bit processes only.
What if you're running Win64?
gamerdude on Monday, January 12, 2009"but the truth is that additional changes will be forthcoming to make it even more difficult to gather "real time data" from the client as well. If a cheating program manages to find a way to code around these changes, we'll plug whatever hole they exploit as well"
which side has the advantage?
Advantage Wheel on Monday, January 12, 2009you really need to have a print view...
Anonymous on Monday, January 12, 2009A lot of this is a bit far fetched for me but I find your stories very interesting to read even if a lot of it is in another language. Not sure how I feel about my favourite site's security being loopholed :S
Poker Rakeback on Monday, January 12, 2009Lol I think you'll be receiving some more e-mails from PokerStars soon!
"So when PokerStars says that game text "can no longer be extracted" we should take that statement, as always, with a grain of salt."
I've noticed a trend in targetting PokerStars in this blog. Any particular reason? I'm not sure how much you play poker but are you a winning player?
Poker is Rigged | Forums on Monday, January 12, 2009if anybody has/coding a dataminer for ongame please conact me nemesisattax@hushmail.com
nemesisattax on Monday, January 12, 2009Ha. This is now turning into a reversing blog (or maybe a Poker Stars war blog?). Seriously, do some Google work and you can find all of these techniques and more related to general purpose reversing. Any competent coder should be able to read up on these techniques and apply it to this or any other problem. The weak point or any of PS's security is that as long as the application is running in the memory on your computer, you can access it. Yes they can make it harder, but the information is still there.
But wait, what if they encrypt their memory contents somehow? Doesn't matter. Remember the old analog-hole? Same concept applies. If human eyes can read it, a screen scraper can read it too. The pixels that make up the fonts in the chat box are pretty easy to scrape and convert to ascii. Once that is done, you have the game state regardless of any internal machinations that PS goes through.
Pff.
Anonymous on Monday, January 12, 2009so is this not an option to prevent snooping in memory addresses? http://msdn.microsoft.com/en-us/library/ms229741.aspx
is there ANY way to make data in a client/server app secure enough that it would be too burdensome to try and get?
with the money at stake, i would expect PS/FTP to employ someone like Schneier to help them with these problems. any chance of that happening?
thanks for another great post. really enjoying the look inside a poker app.
--bcd
bcd on Monday, January 12, 2009Weird thing is that pokertracker still works on pokerstars...
Anonymous on Monday, January 12, 2009Poker tracker works off of hand histories, not real-time game states.
It can still detect where players are sitting to place the HUD over them since that isn't defined by the chat....
Anonymous on Tuesday, January 13, 2009not sure about pokertracker, but HM seats the players on HUD only after the hand history has been sent.
Anonymous on Tuesday, January 13, 2009thanks for the update. I had actually pretty much entirely finished my bot, which was only going to be used for theory on a thesis, and they made this change. I've been spending time trying to figure out how to get the text again. this will definitely help but I'm still new to all this reverse engineering/injection etc. so I'm sure this will set me back another month or two :
What on Tuesday, January 13, 2009I'm surprised they leave any plain text in the app at all. They could easily use some strategies to encode the text until it's actually being drawn. If they used some sort of data-driven encoding they could be updating the encoding mechanism on the fly continuously. You would eventually be left with OCRing the chat box (not beyond the realms of possibility). If they were concerned about real-time cheater bots/tools they could still make a plain text chat stream available, just delayed by a minute or two to allow people to keep a record of their own chat history.
AnonForGoodReason on Tuesday, January 13, 2009[b]Please, please, please go into detail when you cover:[/b]
[quote]work backwards, and start to determine which functions are responsible for the PokerStars game chat messages, as well as the structure of those messages in process memory ... we can start to interposition custom code in order to redirect execution flow from the original[/quote]
This is as far as I've got on my own so I think I will learn something if you explain it. Thanks.
By the way, I think you should stop linking to urls in comments to stop the minor abuse before it gets worse.
Peter on Tuesday, January 13, 2009OpenHoldem has always used "screen scraping" and "OCR" (interpreting pixel bits based on location within an arbitrary bitmap cell) to obtain any necessary onscreen information. Chat text is never really needed except possibly as a validation of other stuff already determined by the position of certain items. Things such as cards, the button, bet fields, etc., depending on where they're located on the table, can determine the current game state. Chat text is normally irrelevant. But, of course, James was just using that as a demonstration.
My point is that "screen scraping" precludes any actions taken by the software to protect their internal data.
Bill on Wednesday, January 14, 2009I definitely agree with Bill...
myro on Wednesday, January 14, 2009@Bill:
screen scraping works UNTIL they send a software update which reconfigures the screen, or worse, they add a feature which dynamically alters the elements' locations on the screen. In fact, I'm surprised they haven't implemented the latter yet because its been talked about for years--any bot would need very robust scraping methods to get around that security feature. I wonder if doing that would muck up the "allowed" software that use heads-up to place things on the screen and thats why we havent seen it.
Bob on Wednesday, January 14, 2009I'm still waiting on a post about an efficient way to simulate human input. My bot is on permanent hiatus until i find a way to type or click without using SendInput. The only way I can be confident I won't be detected is by using a system similar to how Glider for WOW works; creating custom input drivers, and other various methods to prevent it from being detected. Unfortunately this option is a little too complex for my level of skill.
Sean on Thursday, January 15, 2009I fucking LOVE YOU JAMES!!!!!!!!!
Anonymous on Sunday, January 18, 2009"is there ANY way to make data in a client/server app secure enough that it would be too burdensome to try and get?"
No, crackers use these methods for years!
Anonymous on Sunday, January 18, 2009"would muck up the "allowed" software that use heads-up to place things on the screen"
that is it
Allowed Software on Sunday, January 18, 2009Surely I will switch to Screen Scraping + OCR. See this:
http://www.dzone.com/links/usingtheoffice2007ocrcomponentin_c.html
Anonymous on Monday, January 19, 2009@Sean - Creating custom input drivers is OK, but there are better ways.
Indiana on Monday, January 19, 2009"Consistently, you and pokerai are the only 2 sites on the Internet where you can find this level of technical info."
Not rocket science, you just haven't been looking at systems level programming, nor intermediate debugging. Learn what different text and drawing API's are usef for, etc. Go to MSDN.com and look them up. Some interesting ones for example: http://msdn.microsoft.com/en-us/library/ms534233(VS.85).aspx "Windows GDI Font and Text Functions"
The same stuff applies to anything else, game hacking ("hacking" a loose term), Poker client reading, system monitoring tools, etc.
Go on MSDN look up the APIs, play with a debugger, use your head, and you learn it. As a matter of fact a more visual, common and popilar, and probably a lot easier to use debugger is: http://www.ollydbg.de Google "ollydbg" for lots of tutorials.
Good and popular system level tools (and by far not the only place): http://technet.microsoft.com/en-us/sysinternals/default.aspx
The site is orientated to FPS game hacks, but lots of tutorials, code, etc., that applies to Poker clients too: http://forum.gamedeception.net/forumdisplay.php?f=33
Another good source: http://www.codeproject.com
And a good book to get, to know about systems level stuff: "Windows® Internals: Including Windows Server 2008 and Windows Vista, Fifth Edition (PRO-Developer) (Paperback)" The 5th edition not out til a week or two, else you can get the 4th.
http://www.amazon.com/Windows%C2%AE-Internals-Including-Windows-PRO-Developer/dp/0735625301/ref=pdbbssr_1?ie=UTF8&s=books&qid=1232407999&sr=8-1
Sirmabus on Monday, January 19, 2009*popular
Sirmabus on Monday, January 19, 2009i'm waiting for the code! it will be very interesting! great work!!!!!!!
Anonymous on Tuesday, January 20, 2009@Indiana - could you perhaps elobarate on some better ways. I know of plenty of ways it can be accomplished, but none that are satisfactory. I'm not entirely sure at what lengths I should go in order to not be detected. On a side, I found that the most simple(but probably naive) way to extract data from full tilt is to simply highlight text in the dealerchat, copy it to the clipboard, and parse through it. Could anybody tell me the disadvantages to this method?
Sean on Thursday, January 22, 2009the disadvantage is you block the input while you reading the chatbox becouse you have too make special mousemovement and after every copy you have to wait 5 seconds to make the next one.
ayke on Monday, March 30, 2009Thanks for your articles (don't think the word 'tutorial' applies to what you offer).
I USED to be a coder / reverser and whenever i read something by you, i get this nostalgic feeling and i feel like coding and cracking again.
Thanks for the flashbacks!!
magos on Tuesday, April 07, 2009hey great stuff.
following this article i had some trouble with the watchpoints, the memory locations i chose never got caught, i tried many times but it never broke execution, even when i could see the exact text in teh chat window. i feel like i am not understanding something.
I have had some experience disassembling java code, but not C programs, are there any good sites u can recommend?
madness on Tuesday, April 07, 2009Did anyone try to resume where James left off? I did and am hitting my head against the wall. If anyone knows where I went off-path your input is appreciated. Here's what I did...
Examining the call stack every time PokerStars accesses the dealer chat memory shows functions like [url=http://twopackages.com/call_stack.txt] these[/url] (more or less). Of those functions the only one that looks promising is RtlOemStringToUnicodeString.
I then found the RtlOemStringToUnicodeString definition/paramters/return values from its [url=http://msdn.microsoft.com/en-us/library/ms796937.aspx] MSDN site[/url]. I need thsi information to create my hook function.
I have Detours installed and successfully ran the WITHDLL tool to attach my DLLs to Pokerstars and other applications - so the next step was to hook PokerStars every time it called the RtlOemStringToUnicodeString function and hopefully extract dealer text.
The VS 2008 compiler absolutely hated my [url=http://twopackages.com/dllmain.cpp.txt] 1st attempt[/url] (as well as every attempt after). It doesn't recognize NTSTATUS, UNICODESTRING, OEMSTRING or RtlOemStringToUnicodeString. So re-checking the [url=http://msdn.microsoft.com/en-us/library/ms796937.aspx] MSDN site[/url] I notice a requirement for using the RtlOemStringToUnicodeString function is including the Ntifs.h header file. I tried googling/downloading Ntifs.h and all the header files it (and subsequent header files) reference but that quickly spiraled out of control. I wasn't sure if I was downloading the right versions, they became harder to find, etc. So I decided to look into Ntifs.h more.
Ntifs.h is part of the Windows Driver Kit which I eventually got my hands on. However, installing the [url=http://www.microsoft.com/whdc/devtools/wdk/default.mspx] WinDDK[/url] when I already had the SDK that came with VS 2008 installed was a mess. You really should only have one SDK/DDK installed on your system at a time.
And that's where I'm left. Any help is greatly appreciated. Thanks!
Dan on Tuesday, April 07, 2009yeah I was looking more at the function DispatchMessageW, but im not sure either is correct.
as PS's stated in their message that they have created a custom function to print stuff to the screen, so any function calls in the call stack wil be coming from the PS.exe not system DLL's, and also wont have a definition in the msdn. please correct me if im wrong.
if I could get the breakpoints to work id be able to investigate further, but cannot. i am using the logexts & logviewer from windbg to capture everything, but its like a needle in a haystack. not even sure if im on the right track there.
madness on Wednesday, April 08, 2009I'm a software engineer that lives in Reno Nevada. Anyone interested in meeting and working together? Email me at jmark821@yahoo.com I'll also be in Las Vegas May 9-11
jmark821 on Wednesday, April 08, 2009Hey found this cool program for debugging & disassembly
IDA
http://www.hex-rays.com/idapro/
you can download a free version
madness on Saturday, April 11, 2009jmark,
would like to, but im in Australia :(
madness on Saturday, April 11, 2009madness, thank you
Poker Bot on Monday, June 08, 2009ask bir hayal izle
ask bir hayal izle on Sunday, October 04, 2009Very clever method! I would never have happened. Know the functioning of this part of the system.
magia on Friday, October 16, 2009Hello, this is for the author of the article. I have been writing a program for the past few weeks that uses ReadProcessMemory() to determine the players cards. However, these are pointers and I haven't had any luck finding them.
Can you offer any tips? You can contact me at my email if you ever get a chance, thank you.
Oggy on Saturday, October 17, 2009>If human eyes can read it, a screen scraper can read it too. >The pixels that make up the fonts in the chat box are pretty >EASY to scrape and convert to ascii.................
>My point is that "screen scraping" precludes any actions taken >by the software to protect their internal data.
If with a screen scraper is really so EASY to read the Pokerstars chat text:
1) why in this site tere isìt any article about this matter? 2) why on the web I can't find any tutorial about this matter?
ezio on Tuesday, November 10, 2009Online sale for mens Nike Air Max Limited shoes, Cheap Nike Air Max Limited shoes, Top quality and low price. Buy Nike Air Max Shoes Now!
Nike Air Max Limited on Thursday, July 08, 2010nice article. keep post like this...
Fendi replica watches on Tuesday, July 20, 2010I loved this post so much. This was great. Keep it up!
Tudor replica watches on Saturday, July 24, 2010PerformingGraham for sale that will create a one-wayswiss watches backlink to your website whichMaurice Lacroix watches is a good point to have. It is Patek Philippe watchesa time-consuming Tag Heuer for saleprocess even though it produces good outcomes U-boat for saleand works. You can also swiss watchespost comments on blogs alongMaurice Lacroix watches together with your link, but make sureGraham watches these blogs are do-follow, which dolce & gabbana handbagsindicates the link that youreplica coach handbags simply post will probably be replica handbagscounted by the search engines jimmy choo replicaas a backlink.There are many thingsversace replica handbags that contribute to online businessjuicy couture replica failure, and the lack of good action thomas wyldeis surely one of the deadliest business-killersdolce gabbana handbags on the net. Take action like by no means chloe handbags replicaprior to, and don’t get struck by analysis paralysisburberry replica. Your achievement lies in your rapid actionchanel replica and how well you apply numerous strategies.
replica watches on Saturday, July 24, 2010nike air jordan 2010 nike air jordan 5 nike air jordan 3 nike air jordan 11 cheap nike air jordan 2 nike air jordan 1 nike air jordan shoes discount nike air jordan shoes nike air jordan 6 wholesale nike air jordan 1 discount nike air jordan 6 nike air jordan 7 nike air jordan 8 top quality nike air jordan shoes 23 nike air jordan 21 nike air jordan 22 nike air jordan 6 rings cheap nike air jordan 22 nike air lebron james shoes nike air lebron james shoes nike air jordan 2010 nike air joredan lebron james nike air jordan 2009 discount nike air jordan 2009 nike lebron james wholesale nike air jordan 2010 cheap nike air jordan 2009 discount nike air jordan 19 cheap nike air jordan 3 discount nike air jordan 18 brand nike air jordan 12 wholesale nike air jordan 2 nike air jordan 13 nike air jordan 14 nike air jordan 6 rings discount jordan shoes7 discount jordan shoes1 jordan shoes2010 jordan shoes 6 rings cheap jordan shoes2 discountjordan shoes3 discount jordan shoes4 jordan shoes uk23 jordan shoes classic bw22 cheap jordan shoes 21 ltd discount jordan shoes20 discountjordan shoes19 jordan shoes 18 uk nike air jordan shoes 17 cheap nike air jordan shoes 16 discount air jordan shoes 15 discount air jordan shoes 14 nike air jordan shoes 3 uk nike air jordan shoes 13 cheap nike air jordan shoes 11 discount air jordan shoes 6 discount jordan shoes 10 nike air jordan shoes 8 nike air jordan shoes 7 cheap louis vuitton bags cheap kobe bryant shoes cheap lebron james shoes .
cheapjordan on Saturday, July 24, 2010iPad Converter
ipad converter on Sunday, July 25, 2010The variety links of london items bearing depends on the occasion. You are plain, but you are elegant. links of London sweetie braceletIf presence a groove, especially nightfall outfit, you are allowed to be very gentle in truth. What you should do is to links of london charms choose some delicate sweetie bracelets with your subtle sensation of fashion on Christmas Day, Easter, Halloween and Valentines Day. Discovering links of London friendship bracelet on the net is an excellent choice for your needs and can also assure you may benefit from the best insurance coverage at the best price tag. The links of London braceletis one kind of those brands that basically level the start a time honored design and style and design untreated. links of london necklace and links of london earringswill be the consultant of level and higher personal taste; so many people contain the hopes for donning links of London sweetie bracelets. Nevertheless, in the large price, so most of us cannot pay the big money. links of London friendship bracelets charm bracelets links of london sale charm bracelet silver friendship bracelets links of london charm bracelet
links of london on Monday, July 26, 2010ed hardy, cheap ed hardy, ed hardy clothing, ed hardy outlet, ed hardy jeans, ed hardy bags, ed hardy swimwear, ed hardy shirts, ed hardy tee, ed hardy caps, ed hardy purse, ed hardy board shorts, ed hardy shoes, ed hardy for men, ed hardy for women, ed hardy jeans for women.
cheap ed hardy on Tuesday, July 27, 2010ed hardy, cheap ed hardy, ed hardy clothing, ed hardy outlet, ed hardy jeans, ed hardy bags, ed hardy swimwear, ed hardy shirts, ed hardy tee, ed hardy caps, ed hardy purse, ed hardy board shorts, ed hardy shoes, ed hardy for men, ed hardy for women, ed hardy jeans for women.
cheap ed hardy on Tuesday, July 27, 2010The house—which Hopper supposedly used to entertain his celebrity and artist pals like Jasper Johns and Roy Lichtenstein—features an open, loft-like floorplan, with soaring ceilings, exposed wood beams, and concrete floors that add to the masculine feel of the space.
ブランド腕時計;ロレックス時計;オメガ時計;IWC腕時計 ロレックスデイトナ;ロレックスエクスプローラー;ロレックスGMTマスターII オメガスピードマスター;オメガシーマスター;オメガアクアテラ;オメガデ・ヴィル IWCアクアタイマー;IWCインヂュニア;IWCスピットファイアー;IWCポルトギーゼ ロレックスサブマリーナ;ロレックスヨットマスター;ロレックスターノグラフ ロレックスミルガウス;ロレックスエアキング;ロレックスパーペチュアルデイト ロレックスチェリーニ チェリニウム;ロレックスデイデイト;ロレックスプリンス オメガコンステレーション;IWCクラシックパイロット;IWCポートフィノ;ロレックスデイトジャスト
The furnishings are relatively few and far between, though not entirely minimalist: next to streamlined midcentury pieces there are also a number of exotic, elaborate-looking goods that look like they could have been picked up on Hopper’s travels (ornate Oriental rugs, earthy-looking carved wood tables).
バッグ コピー、財布 コピー グッチ;グッチ バッグ;グッチ コインケース・キーケース・ポーチ・小物;グッチ 財布;シャネル;シャネル バッグ;シャネル 財布;ベルト;グッチ ベルト;ルイ・ヴィトン ベルト;エルメス ベルト;シャネル ベルト;フェンディ ベルト;バーバリー ベルト;ディオール ベルト;ブルガリ ベルト;ミュウミュウ;ミュウミュウ バッグ;ミュウミュウ 財布;プラダ;プラダ バッグ;プラダ 財布;バーバリー;バーバリー バッグ;バーバリー 財布;バレンシアガ;バレンシアガ バッグ;バレンシアガ 財布;ディオール;ディオール バッグ ;ディオール 財布;クロエ;クロエ バッグ;クロエ 財布;フェンディ;フェンディ バッグ;フェンディ 財布
And if all that space is too much for you, fear not: the main house and pool can be purchased separately (for $3.95 million!) while the condos range in price from $750,000 to $1.05 million.
グッチコピー|グッチバッグ|グッチ財布 グッチ ハンドバッグ;グッチ ショルダーバッグ;グッチ ボストンバッグ;グッチ トートバッグ; グッチ 二ツ折り財布;グッチ 長財布;グッチ wホック財布;
ブランド腕時計 on Wednesday, July 28, 2010The Best Louis vuitton Millionaire Replica Sunglasses The best inspired version of the Louis vuitton store to date! The 'Millionaire Luxe' features
High Quality Louis vuitton wallets, Louis vuitton Replica wallets lowest price. Wholesale price 35% - 75% off.3-7 Day Louis vuitton damier shipping, Free shipping now.
Just how do you tell a best Louis vuitton online store from the real thing? ... getting the perfect back-to-school outfit, we've got you covered with the best tips.
Best Replicas Wholesaler, Wholesale high quality and lowest price replica watches, ... Cartier Lighters Gold Series · Louis vuitton wallets auto 3 fold umbrella
louisvuitton4 on Thursday, July 29, 2010Your blog provided us with valuable information to work with. Each & every tips of your post are awesome. Thanks a lot for sharing. Keep blogging.
5.11 tactical boots on Thursday, July 29, 2010Wholesale NFL Jerseys
Cheap NFL Jerseys
NFL Jerseys
NFL Football Jerseys
Women NFL Jerseys
Kid NFL Jerseys
Super Bowl Jerseys
Super Bowl NFL Jerseys
Throwback Jerseys
Throwback NFL Jerseys
Cheap Throwback Jerseys
Wholesale Throwback Jerseys
Cheap Super Bowl Jerseys
Wholesale Super Bowl Jerseys
youth nfl jerseys wholesale
youth nfl jerseys cheap
nfl youth jerseys
Baltimore Ravens Jerseys
Chicago Bears Jerseys
Cincinnati Bengals Jerseys
Denver Broncos Jerseys
Dallas Cowboys Jerseys
Green Bay Packers Jerseys
Indianapolis Colts Jerseys
Minnesota Vikings Jerseys
New England Patriots Jerseys
New Orleans Saints Jerseys
New York Jets Jerseys
Arizona Cardinals Jerseys
Buffalo Bills Jerseys
Atlanta Falcons Jerseys
Carolina Panthers Jerseys
Cleveland Browns Jerseys
Houston Texans Jerseys
Detroit Lions Jerseys
Jacksonville Jaguars Jerseys
Kansas City Chiefs Jerseys
Miami Dolphins Jerseys
New York Giants Jerseys
Philadelphia Eagles Jerseys
San Francisco 49ers Jerseys
Oakland Raiders Jerseys
Seattle Seahawks Jerseys
Pittsburgh Steelers Jerseys
St Louis Rams Jerseys
San Diego Chargers Jerseys
Tampa Bay Buccaneers Jerseys
Tennessee Titans Jerseys
Washington Redskins Jerseys
Ray Lewis Jerseys
Ed Reed Jerseys
Joe Flacco Jerseys
Terrell Suggs Jerseys
Dick Butkus Jerseys
Greg Olsen Jerseys
Matt Forte Jerseys
Devin Hester Jerseys
Walter Payton Jerseys
Brian Urlacher Jerseys
Lance Briggs Jerseys
Jay Cutler Jerseys
Carson Palmer Jerseys
Rey Maualuga Jerseys
Chad Johnson Jerseys
Demarcus Ware Jerseys
Jason Witten Jerseys
Terrell Owens Jerseys
Felix Jones Jerseys
Marion Barber Navy Jerseys
Marion Barber Jerseys
Emmitt Smith Jerseys
Miles Austin Jerseys
Roger Staubach Jerseys
Troy Aikman Jerseys
Tony Romo Jerseys
Eddie Royal Jerseys
Brandon Marshall Jerseys
Aaron Rodgers Jerseys
A.J. Hawk Jerseys
Donald Driver Jerseys
Greg Jennings Jerseys
Peyton Manning Jerseys
Dallas Clark Jerseys
Robert Mathis Jerseys
Marvin Harrison Jerseys
Drew Brees Jerseys
Marques Colston Jerseys
Pierre Thomas Jerseys
Reggie Bush Jerseys
Jeremy Shockey Jerseys
Tarvaris Jackson Jerseys
Adrian Peterson Jerseys
Jared Allen Jerseys
Mark Sanchez Jerseys
Thomas Jones Jerseys
Leon Washington Jerseys
Brett Favre Jerseys
buynflshop on Thursday, July 29, 2010Topreplicashop retail and wholesale Louis Vuitton outlet, Key Chains, Cufflinks,
Accessories, ...
Louis Vuitton is no more a luxury if you find www.sale4louisvuitton.com, the best online source of top quality mirror image
wallets.html" tItlE="Louis Vuitton wallets">Louis Vuitton wallets, ...
Everybody who is interested in Louis Vuitton Belt, please come here ,it is surprised Louis Vuitton outlet you a huge
selecting of top quality AAA replica Watches .
louis vuitton on Thursday, July 29, 2010Pool Temperature Madera Jobs Madera Pest Control Madera Dentist Merced Dentist Visalia Dentist Modesto Dentist Fresno Limousine Fresno Granite briefcases leather leather briefcases prospect solution | prospect solutions | prospectsolution | prospectsolutions | prospectsolution.com prospect solution | prospect solutions | prospectsolution | prospectsolutions | prospectsolution.com prospect solution | prospect solutions | prospectsolution | prospectsolutions | prospectsolution.com
carmi on Friday, July 30, 2010Share your knowledge to continue a timeless tradition;
DVD Ripper on Friday, July 30, 2010essay essay writing essay writing service essay writing service uk
jane on Friday, July 30, 2010Life will change what you are but not who you are;
Blu-ray Ripper on Friday, July 30, 2010Marry a person who likes talking; because when you get old, you’ll find that chatting to be a great advantage
blu-ray ripper on Friday, July 30, 2010Live a noble and honest life. Reviving past times in your old age will help you to enjoy your life again;
DVD Ripper on Friday, July 30, 2010Speaking discount mbt of the mens mbt shoes British mbt shoes discount Fashionmbt footwearmbt shoes sale Council,mbt sneakers theymbts have just mbt sport shoes crowned uber-talented mbt walking shoes designer Erdem cheap mbt shoes as the winner of the Vogue/BFC Designer Fashion Fund. The winner beat stiff competition in the form of buy mbt shoes Christopher mbt masai shoes Kane, mbt swiss shoes Angel mbt running shoes Jackson, louis vuitton sale Marios Schwab louis vuitton monogram and Nicholas Kirkwood among others, and louis vuitton walletlouis vuitton purse will cheap louis vuitton receive £200,000. louis vuitton damier buy louis vuitton The designer Erdem Moralioglu wasdesigner louis vuitton handbags said authentic louis vuitton to be ‘thrilled’lv handbags with louis vuitton walletsnew louis vuitton his cheap louis vuitton bags win, statinglouis vuitton backpack thatpandora silver beads the pandora charm bracelets pandora necklace prize money would pandora glass beads allow the cheap ugg boots brand andugg boots on sale business discount ugg boots inugg ultra tall onugg australia uk ofpink ugg boots
discount on Friday, July 30, 2010I like your article. Will always support you!He is quite a good reading. i'd appreciate it. time to realize his.
DVD Ripper on Friday, July 30, 2010Your article is very appealing to me.I like this article, this article that i learned a lot of knowledge.
Video Converter on Friday, July 30, 2010In your article I found very different things. Very characteristic. I've never seen before.Thank you very much the share. you are very creative.
DVD to iPod on Friday, July 30, 2010You have a unique perspective.Thank you for sharing. it is wonderful super classic. I admire you.
DVD Cloner on Friday, July 30, 2010Replica miu miu handbags are not just beautiful and elegant, but it is also at excellent quality and similar design as the real. You will like it once you see it. Now attention please, at our shop, we are holding a promotion. You can buy replica miu miu bags of high quality with the lowest price. Meanwhile, miu miu handbags buying from here you can enjoy free and fast delivery shipping. Welcome to our shop!
miu miu bags on Friday, July 30, 2010www.thesuitshoes.com can provide you the best MBT shoes to choice.
mbt shoes on Friday, July 30, 2010www.thesuitshoes.com can provide you the best MBT shoes to choice.
mbt shoes on Friday, July 30, 2010good news
hermes birkin on Friday, July 30, 2010thanks for your kindly sharing
abercrombie and fitch on Friday, July 30, 2010