I was looking around the sanderling project on GitHub and was curious on how you figured out the structure of the UI. Could you explain briefly what you did to figure out things like the existencenof RootUI and the structure of the other elements in memory?
Thank you!
I did that a long time ago. Here is how I remember the process now:
- Start with changing window coordinates and sizes in the game client UI. Compare the memory contents to get the subset of changed addresses.
- Try to find stable paths to those addresses in the form of sequences of offsets.
- Fail to find stable paths.
- Try to improve the efficiency of the path search by avoiding offsets that would be invalid because they cross allocation blocks. Try to develop a framework to get read allocation blocks by parsing the memory management structures on the heap that general C/Windows libraries should maintain.
- Fail at the robust enumeration of allocated memory blocks.
- Switch to using the specifics of Python: Read the CPython program code. List all the python types registered in the memory and their properties and their names to decide which to look closer at.