Poker-AI.org

I would love to read the data from memory, but to me it seems so extremelly hard, I guess I am more of a high level guy.

And then there is not only getting the data, but also the stealth.

If you haven't done any reverse engineering and stuff like that, it is certainly a steep learning curve. Having said that, the difficulty depends a lot on the software and how the data is stored in memory. I haven't reversed any poker software, so I don't know about that.



Stealth is certainly an issue. One could use stealth techniques that modern rootkits use to circumvent anti virus software. Fwiw, OCR is not stealth either. Taking screenshots every second has to be detectable.

Not if you use 2 machines or run the poker client in a vm

But how can they detect it? (not using VM)

They could probably scan for winapi calls like printwindow. Then they will scan for other processes, automatic clicks etc. and they will make a very detailed scan, the screenshotting alone might not be enough to ban you, but they will find more.

But seriously, how is it even possible to get the gamestate from PokerStars? I have been trying it for 2 days now and I made zero progress. I don't need it for a bot, but for something else.

I monitor it with spy++ and with api monitor -> zero calls to winapi.

I try to scan the memory, it has no real structure, its just 60 MB of random data to me.

I just need the players, open seats and player labels in real time.

I am willing to pay for someone to teach me how to do it.

Perhaps this points you in the right direction?

http://webcache.googleusercontent.com/s ... th-windbg/

Thank you. I downloaded windbg, it's a good tool. But unfortunatelly I couldn't solve my problem yet. I can search the memory for strings, but not much more. I am trying to break, when the memory changes, but I don't know, which memory addresses are relevant. I can get the dealer chat now and I can get handhistories, but I still can not get real time player names and stacks.

Ok, I stopped trying to use memory scanning and read up about dll injection instead. I have managed to inject my dll with CreateRemoteThread.

I also realized, that PS does have a normal message loop, it was only, that Spy++ didn't display it, because I was using the 64bit version and Stars is 32bit, with 32bit spy++ I can see all the messages.

Now all that is left is detouring the relevant methods. I have already hooked the window message loop, but this will most likelly not be enough.

I also thought about hooking DrawText, because I decompiled a tool for PokerStars and it seems it also hooks DrawText. With that I would probably have all the player names and stacks for all positions.

Am I on the right track? I am also wondering, how I should detour the function. Microsoft Detours is not an option, because I might want to sell my software at some point. Would EasyHook be good?
The alternatives would be to do it by hand, I was thinking about import address table manipulation, export address table manipulation and hot patching, any tipps as to which one to choose, or any other tipps?

Maybe this can help you, it's c# code for datamining.
http://forumserver.twoplustwo.com/45/so ... ng-353393/
I didn't test it.

How do you hide the hooks?

I am not hiding them. I am not using them for botting, a few guys asked me to develop a software for them, it will do nothing forbidden.

You are right, I wanted to use it for botting at first but it was too hard and I used OCR instead. I got interrested in RE again, when I started developing a poker tool, because here I will at least need no stealth, maybe that way it will be somehow possible to do it. It would still be way too hard with stealth.

I admit, it's a little different, from when the topic started.

I was unable to do it with EasyHook, I downloaded MinHook instead: http://www.codeproject.com/Articles/443 ... king-Libra

Now I can hook the winapi calls and the message queue, but I wonder if that will be enough. I have realized, that DrawText only gets called in some cases, for instance, when you hover over a name.

Ok, I think I am done. It was a very educational experience.