Hey, first of all, kudos on your app, it's looking great!

I was looking around yesterday for a solution to the duplicate loot bug and I saw today that you posted a fix to github already. Reading through your code, it doesn't seem you're satisfied with your solution so I figured I'd check it out again, so here's some info that hopefully will help you (and if it's something that you've already tried feel free to ignore me! hehe)

My first thought was the obvious one, look for valid text behind a string to see if it's just a copypaste, but then I saw in your post here that you were aware of that solution (duh!) and apparently it doesn't always work out. (I'm assuming this is because, as the memory gets cleared, there are chunks of old messages that now and again seem "real")

So then I tried looking for a pattern to finding strings that never returned duplicates (or old bits of messages) and found the following:

• DESKTOP CLIENT
  ^{note: this held true for me using dx5, dx9 and opengl but I haven't tried it on a different pc at all so its possible that it doesn't hold true in other environments, hopefully not though!}

• Every message that showed up in the server log (and elsewhere) was immediately found in 4 different locations, I'm assuming you avoided these duplicates by searching for a specific part of the memory or you already had something else set in place to skip them.

• However, only one specific version of the message, the "real" one, was prefaced by these bytes 03 00 00 00 00 00 00. Here are some examples:

  00 B0 01 0F 03 00 00 00 00 00 00 --> 03:04 Your last visit in Tibia: 06. Feb 2016 06:28:50 CET.
  00 3C 01 0D 03 00 00 00 00 00 00 --> 03:04 Your depot contains 109 items.
  00 EC 01 0D 03 00 00 00 00 00 00 --> 03:06 Your depot contains 108 items.
  00 B0 01 0F 03 00 00 00 00 00 00 --> 03:05 Your last visit in Tibia: 06. Feb 2016 06:57:27 CET.
  00 F7 01 0E 03 00 00 00 00 00 00 --> 02:36 You see a grimy wooden plank.
  00 12 01 0E 03 00 00 00 00 00 00 --> 02:36 You see a grimy wooden plank.
  00 A9 01 0E 03 00 00 00 00 00 00 --> 02:36 You see dirt.
  00 47 01 0E 03 00 00 00 00 00 00 --> 02:38 You see a grimy wooden plank.
  00 09 01 0B 03 00 00 00 00 00 00 --> 02:39 You see a label.
  00 67 01 0E 03 00 00 00 00 00 00 --> 02:40 You see a grimy wooden plank.
  00 D8 01 08 03 00 00 00 00 00 00 --> 02:41 You see a label.It weighs 0.10 oz.
  00 05 01 0D 03 00 00 00 00 00 00 --> 02:41 You see a bag (Vol:8).
  00 49 01 0C 03 00 00 00 00 00 00 --> 02:42 You see a pick.
  00 1F 01 0A 03 00 00 00 00 00 00 --> 02:44 You see a letter.

• This was the case in every server log message I tried, other types of message had different patterns, so using a check like this should also trim useless chat messages altogether.

• FLASH CLIENT ^{note:I tried this in chrome {and a slightly outdated version at that heh} and again, didn't test on a different computer.}

• Messages here are as wacky as you mentioned in the source comments, flashing all over the place, but I found that there was also a "real" version of the message that was always kept in memory in the same spot and was both prefaced and followed by at least three 00 bytes; searching the memory for any specific message surrounded by these, I never found any duplicates, so that should be a good check to make sure a message is good and whole.

• In the case of the flash client, I could spot no obvious difference between server log messages and others.

• The "real" version of the message found this way is not the version that uses style tags, but rather the clean message (which is why you can't tell it's a server log message just by it's color tag)

• Flash, as I'm sure you're well aware, was created by the devil in hopes of expanding his dominion on earth. All hail Satan, destroyer of sanity.

All of this I found using a memory editor (namely Cheat Engine), and there's a good chance that the versions of the messages I'm referring to aren't the same ones currently being found by tibalyzer, so I'd recommend you use a memory editor to see if my findings hold true and (assuming they do hehe) possibly adjust the memory region tibialyzer uses accordingly. I wish I could have compiled tibialyzer myself to try to make a proof of concept for a fix using this info, but my old potato doesn't meet the system reqs of visual studio '15, hehe!

Well, heres hoping I didn't waste your time with this wall of text and good luck going further, we're all excited to see what you do next with tibialyzer!