Linux [Python] Need help making a IPChanger

[Elwyn]

I'm making a IPChanger in Python and I'm having problems detecting the tibia client version. The code in resume does this:

>>> import ptrace
>>> ptrace.attach(22876)
>>> ptrace.peekdata(22876, 0x8048000 + 0x3320d4)
2336927755350992214
>>> hex(2336927755350992214)
'0x206e6f6973726556'
>>> ptrace.peekdata(22876, 0x8048000 + 0x3320d6)
7216209636618761074
>>> hex(7216209636618761074)
'0x6425206e6f697372'
>>> ptrace.detach(22876, 18)

Using lib ptrace 1.0.1, which can be found here: https://pypi.python.org/pypi/ptrace/1.0.1

In this case "0x6425" should be the version before the point. Like 10, 9 or 8 but it's a %d in this case. Where in the Tibia Client can I find the client version in explicit manner?

Note: When I finish it, it'll be on github, with others ipchangers that ppl from OTBr (Brazilian open tibia community) is developing.


Solved:

The version string was in another region of the memory. The executable is in two parts of the memory, I believe one of them is the skeleton of the program and the other the actual body with %d, %s and so on replaced.

08048000-0841f000 r-xp 0000000008:049438516  /home/gugah/devel/cpp/tibia/tibia-client/860/Tibia
0841f000-08420000 rw-p 003d700008:049438516  /home/gugah/devel/cpp/tibia/tibia-client/860/Tibia

In 0841f000-08420000 is where's the program body after replacing all of the %s, %d and so on if I'm correct.


A little program in python showing it working:

import ptrace
import os
import binascii

process = os.popen("pidof -s Tibia")
pid = process.readlines()
pid = int(pid[0])
print pid

ptrace.attach(pid)
base_addr = 0x841f000

data = ptrace.peekdata(pid, base_addr + 0x9213 + 8)
data = hex(data)

data = binascii.unhexlify(data[2:])
data = ''.join(reversed(data))
data = data[:4]
print data

ptrace.detach(pid, 18)