Wednesday, July 16, 2008

Exposing the Dealer Text box on Pokerstars.

There are several threads floating around various forums from people trying to build poker bots with varying degrees of success. Inevitably they get stuck trying to get input from the poker software. The dealer boxes have all of the information in an easily regular-expression-ed pattern, but the control won't give up the text. Some have turned to OCR, and that works ok, but there has to be a better way.

Pokerstars is my particular favorite, so they get to be the guinea pig. I wrote the Support department, and they said they didn't have any APIs. They also pointed me quite firmly to the the Terms of Service which specifically permits data collection and specifically forbids the use of auto-playing bots.

So now, on to the puzzle.

First, the easy approach. Fire up WinSpy++ or Winspector and browse around the Pokerstars window. The Textbox of interest has a funny class name, AFX:4200:something. That's about it. When we watch the messages in and out of the window there are just a bunch of WM_PAINT messages. The application doesn't leak a lot of information on this approach.

Interesting. All that window does is WM_PAINT, redrawing the window. That means it has to be a graphical window, a bitmap of text, that just _looks_ like a control. Very Very sneaky Mr. Stars, very sneaky.

Time for another Tool, PEView. PeView decodes the PE format of the binary, and reveals the libraries and Functions the application is importing. Scanning the list, it looks like pretty standard stuff. GDI32.dll, the kernel, User32... some others. Looking through the list, we only care about functions with "text" in the name. These are in the DLLs GDI32 and User32.

Now if only there was a way to override and trap every call to those libraries and dig around for our text. Following the aforementioned example, we'd want that to be a free tool, and available within the first page of Google results. ;) Enter WinAPIOverride Running the inspector we attach to Pokerstars and monitor the calls for GDI, the graphics library. In there we can see the application creating Display components, bitmaps, and generating those paint messages, but no Dealer Text. Reloading and monitoring the User functions is much more interesting. Ah-ha! There they are big as day. The Pokerstars dealer messages are all created using the DrawText function. Minimized, maximized, they are all there.

So that is how Pokerstars does it, they create a bitmap of what the textbox looks like off screen, and then show the bitmap. To get it out, all you have to do is write an API hook for the USER32 dll and IPC those messages over to your application. For a simple hook, Take a look at this CodeProject article on dead simple API hooking. Looking at the source, you would only have to change about 7 lines (6 for the functions and 1 to make it hook Pokerstars.exe) in it to expose all of the Pokerstars text where any application can reach it. Magic. ;)

I need a copy of Visual Studio to I finish this, but the hard part is done. :(

Thanks for a fun Puzzle.

Elizabeth Greene


maarten said...

very interesting :)
nice read

Ellie said...

They changed it since I wrote this. Now they have the painting routines buried in their own code. All is not lost though. There is a project called Sikuli,, that is an image recognition based programming language. It can be hooked to python so it makes the implementation a lot cleaner.

Do you play?

maarten said...

Low microstakes though ;)

I noticed when i tried to capture the output ;). I'm only intereseted in pokerstars anyways.. I hooked BitBlt hoping to find a method later to make the windows force repaint even when not (entirely) visible :P

maarten said...

Jesus christ sikuli looks very promissing. Must take a look at it soon :p