Hi, I got bored again and I've decided to analyze and learn about how to customize context menus in the CipSoft standalone Windows client (also known as Tibia.exe). This tutorial is designed for intermediate cheaters, so if you have basic knowledge about cheating and you want to have an easier journey than me to learn about context menus, follow my findings reading on:
In the following, we'll use Tibia 10.91, OllyDbg v1.10 and Cheat Engine 6.4.
I would like to arrange everything in a single post, but, currently, this forum allows a max of four images per post, so you know, I need many of them to explain things and this is the reason I usually expand a tutorial throughout many posts.
Outline
- Choosing a Context Menu and How to find Dialog pointer
- How to insert your own context menu items
- How to handle the action responsible for the user click on your added context menu items
- How to Code
Choosing a Context Menu and How to find Dialog pointer
In the client, there are different types of modal dialogs, triggered by different situations:
- When the user hits the "Enter game" in the start screen;
- When the user right clicks a message in the chatbox;
- When the user clicks in the close window button, to exit, logout or simply by miss click;
- When the user right clicks an item in the backpack;
- When the user right clicks a player in the screen and so on.
These are all examples of what Tibia calls modal dialogs. However, we are interested in a specific type of modal dialogs: Context Menus.
http://i.imgur.com/BVNtfMK.png
In the following, this tutorial will use the context menu when the user right clicks his own character
Now, we have a main goal: customize SCM (Self Context Menu).
Usually, I'll make a statement and won't prove it, but you're welcome to verify whether it's true or not (it's a good exercise, because, in the future, most likely you'll need update things yourself - because I'm not your bitch to update it for you - due CipSoft changes in the client). Whenever I make such statement, I'll try to remember to decorate it with CIY (meaning Check It Yourself).
CIY: In Tibia.exe, all dialogs are assigned to a global field (in the static memory) reserved for the dialogs.
The process to find such dialog pointer address is easy:
- Open a Tibia client and log in;
- Open CE (Cheat Engine) and attach to your Tibia instance;
- Close all modal dialogs and do a 4-bytes search for 0;
- Right click your character to popup SCM. Once the SCM appears in the screen, select "Changed value" in CE and search again;
- Repeat the last two steps until you find a static address in the Tibia.exe module memory which looks like a pointer (well, you are NOT a beginner and you know what a pointer is). Hint: It's near GUI pointer
So, we got Dialog Pointer address: