Darkfall Assist : Darkfall Online - Submissions

[seand88]

Ok I post a useful tool here and no i didnt know there was a trojan.

I have not been planning this for a while, I did register the site a while back planning to code my own tool but it never happened.

I found this tool and posted it up because i thought it was a good fit.

I DID NOT place the trojan in the file.

If someone has the original i will glady replace it with what is up currently.

Like i said i received this from another player so he could have put a trojan in?

Im not sure how the trojan would have been placed since it is an auto it script.

If someone can identify the malicious code i will remove it and re-upload the file.

ONCE AGAIN, I have not been planning this and I DID NOT place a trojan with the macro script.

I cant find any malicious code in the auto-it script so it may be tied to the .dll file. I am guessing IMAGESEARCH.dll

For those who have scanned it... Does it say which file the virus is coming from?

Let me know so i can fix it.

By the way for an OPEN community you guys are very pessimistic.

Thanks.

[seand88]

I am guessing the virus would be tied to DLL calls.

I found this code which shows it uses two dynamic link libraries.

Code: Select all

Func _IMAGESEARCH($FINDIMAGE, $RESULTPOSITION, ByRef $X, ByRef $Y, $TOLERANCE)
	$SIZE = WinGetClientSize("Darkfall Online")
	Return _IMAGESEARCHAREA($FINDIMAGE, $RESULTPOSITION, 0, 0, $SIZE[0], $SIZE[1], $X, $Y, $TOLERANCE)
EndFunc


Func _IMAGESEARCHAREA($FINDIMAGE, $RESULTPOSITION, $X1, $Y1, $RIGHT, $BOTTOM, ByRef $X, ByRef $Y, $TOLERANCE)
	If $TOLERANCE > 0 Then $FINDIMAGE = "*" & $TOLERANCE & " " & $FINDIMAGE
	$RESULT = DllCall("ImageSearchDLL.dll", "str", "ImageSearch", "int", $X1, "int", $Y1, "int", $RIGHT, "int", $BOTTOM, "str", $FINDIMAGE)
	If $RESULT[0] = "0" Then Return 0
	$ARRAY = StringSplit($RESULT[0], "|")
	$X = Int(Number($ARRAY[2]))
	$Y = Int(Number($ARRAY[3]))
	If $RESULTPOSITION = 1 Then
		$X = $X + Int(Number($ARRAY[4]) / 2)
		$Y = $Y + Int(Number($ARRAY[5]) / 2)
	EndIf
	Return 1
EndFunc


Func _ISPRESSED($SHEXKEY, $VDLL = "user32.dll")
	Local $A_R = DllCall($VDLL, "short", "GetAsyncKeyState", "int", "0x" & $SHEXKEY)
	If @error Then Return SetError(@error, @extended, False)
	Return BitAND($A_R[0], 32768) <> 0
EndFunc

If you guys could help me identify which .dll has a virus that would be great.

I can then try to recreate the dll functions with clean code and post it here.

[logite]

It's the dfassist.exe.

http://www.virustotal.com says theres a trojan on it, but kapersky free online scan was clean.

[derek2]

i had the rapid macro,but when my hardrive died i lost it,and while were on the subject of that copy having trojans a lil birdie mentioned Arkillion in the convo,do not touch it with a barge pole.

[ilovedarkfall]

And what does this tool do?

[logite]

it beats the crap out your alt standing in front of you then heals it up supposedly.

How do you use it exactly? It seems the pixel detect part is having issues for me. Anything special you have to do like a certain resolution?

[logite]

You have to lower the opacity of all your gui elements for it to start working, but even then I've hit another snag. I'm guessing the background color palette in game can interfere with it. I had it working last night when the it was actually night in darkfall, but today i can't get it working again.

[dabladest]

So you guys are actually using this Version that might be not clean ?

[hokuto78]

the script is clean it looks like. Just don't use the .exe thats in the package.

[dabladest]

Ah ok, but we still dont have any instructions and hints for needed resolution etc, right ?

[logite]

Works with any resolution, but best in window mode. It's just kinda picky about the background textures I believe. For instance I kept trying it over and over, and it would perform the hits but not heals. Well, suddenly the sun came out in Agon and the texture I was facing brightened up. I restarted it and WHAM it started working perfectly.

Turn your opacity all the way up (except for status bar, and hotbar) or just turn off all the windows, and turn off the scrolling text I know that helps. I've been trying to play with gamma to perfect it.

[Tault_admin]

Can members say yay or nay to this so we may give tu bucks and/or premium. If you nay the submission remember to include as to why.

[combitherm]

Can members say yay or nay to this so we may give tu bucks and/or premium. If you nay the submission remember to include as to why.

Hey, I send you a pm, like 1 month ago. Can you please turn my TU bucks into premium subcription.

[Tault_admin]

Fixed combitherm. We had an update that messed up some pms blah. Anyways fixed ya

[Tault_admin]

Still need some yays and nays