Memory Bot

[hok30]

Hey,
OK - I've always wondered how to move the character using memory (or lack of real mouseclicks). If someone could explain it to me, either through MSN or here... that'd be great.

- Hok

[IAmHawtness]

It's something about finding the walk function, then tell the program which way you're going (e.g. to the right) and then call the function.
You should ask _fobos_ .

[hok30]

Quote:

Originally Posted by IAmHawtness

It's something about finding the walk function, then tell the program which way you're going (e.g. to the right) and then call the function.
You should ask _fobos_ .

lol alright... I'll try talkin to him.

[_fobos_]

Quote:

Originally Posted by hok30

lol alright... I'll try talkin to him.

Lol I got your PM, the fast answer is thru dll injection,
Why?
Because you will want to execute the jump/walk function within another process (conquer.exe), finding the function(s) is pretty easy too.

After that here's pseudocode:

Code:

__asm
{
push X-Coordinate
push Y-Coordinate
mov ecx,esi
call Function
}

Thats basicly it, create a thread, inject it and on a button click or whatever make it jump/walk to the coordinate u want.
Once you got that figured out you can basicly make any memory based bot.
So read up on dll injection and if questions post in this thread when i have the time i will help and if not someone else will

BTW to understand the jump/walk function better i suggest inline patch first just 'hardcode' patch for example make pathfind button execute a jump to a coordinate (which u ofcourse have to set )
experiment a bit and then when you know how the function exactly works you 'mimic' the function in a dll, inject it and execute the function at will.

*this way of botting doesnt get you send to clickjail, it's how SkillerSluwt my skiller bot worked*

[hok30]

Quote:

Originally Posted by _fobos_

Lol I got your PM, the fast answer is thru dll injection,
Why?
Because you will want to execute the jump/walk function within another process (conquer.exe), finding the function(s) is pretty easy too.

After that here's pseudocode:

Code:

__asm
{
push X-Coordinate
push Y-Coordinate
mov ecx,esi
call Function
}

Thats basicly it, create a thread, inject it and on a button click or whatever make it jump/walk to the coordinate u want.
Once you got that figured out you can basicly make any memory based bot.
So read up on dll injection and if questions post in this thread when i have the time i will help and if not someone else will

BTW to understand the jump/walk function better i suggest inline patch first just 'hardcode' patch for example make pathfind button execute a jump to a coordinate (which u ofcourse have to set )
experiment a bit and then when you know how the function exactly works you 'mimic' the function in a dll, inject it and execute the function at will.

*this way of botting doesnt get you send to clickjail, it's how SkillerSluwt my skiller bot worked*

Thanks, but I kinda need a more in depth and instructional answer o.O. Can you add me on MSN?

I'm googling it though :P

[Relaxation]

whats clickjail? sorry for the OT question but i never heard of it before

[_fobos_]

Quote:

Originally Posted by hok30

Thanks, but I kinda need a more in depth and instructional answer o.O. Can you add me on MSN?

I'm googling it though :P

More in depth? Thats kinda all to it
Cant really go more in depth, besides what would you learn with a guide like this:
Step 1: Open up your IDE.
Step 2: Create a new project.
Step 3: ... yada yada yada

You get my point

Just read up on dll injection, theres like a ton about it out there, second what language do you use and how well do you use em.
See theres not much more I can give you because well i dont have the right memory addresses and no time to go look for them either.

I have coded 2 memory based bots 1 in delphi and other in C++.
So I have another idea to help you, download SkillerSluwt place Slut.exe in your CO folder and then open it with Olly.
Since I dont no current memory addresses I have the old 1 for the sit function so you can play with.

this is copy and pasted from my source and shows you like i said that thats all to it

Code:

procedure TCoSlut.DoSit();
var
  Pointer, SitOffset : integer;
begin

  Pointer:=$005DA9A0;
  SitOffset:=$0040AD60; // when you have opened slut.exe in olly search for Call 0040AD60
  asm
    mov ECX,Pointer; //You will see a similar line like this mov ecx,edi the value of edi is Pointer
    mov EDX,SitOffset;
    call EDX;

  end;
end;

Now that procedure gets called when a button was getting selected.
with a timer you regulate the interval and done
Hope that helps.

Also in olly a function looks like this, this is the magic attack function from Slut.exe, ofcourse you would need to update the addresses for current exe

Code:

00487D73              8BCF                 MOV ECX,EDI <-- edi holds pointer
00487D75              FF35 F0A95D00        PUSH DWORD PTR DS:[5DA9F0] <-- Holds the UID being cast on, note not an ID but UID always changes!
00487D7B              FFB6 54F30A00        PUSH DWORD PTR DS:[ESI+AF354] <-- holds skill ID being casted, 441 I believe for stig.
00487D81              E8 792C0600          CALL Slut.004EA9FF

Example used in SkillerSluwt source:
Dont hate cuz it looks ugly lol.

procedure TCoSlut.DoStig();
var
  pointer, AtkCall, Stigma, UIDpointer : integer;
begin
  pointer:=$005DA9A0;
  AtkCall:=$004EA9FF;
  Stigma:=$0447;
  UIDpointer:=$005DA9F0;
  asm
    mov EDI, dword ptr ss:[UIDpointer];
    push dword ptr ss:[EDI];
    push Stigma;
    mov ECX,pointer;
    call AtkCall;
  end;
end;

See how the function works in co itself and how you must mimic it?

Lets first just put ur questions and all in this thread maybe you'll get my yahoo later, I barely have time cuz I work a lot so it be better to keep it in this thread.

Quote:

Originally Posted by Relaxation

whats clickjail? sorry for the OT question but i never heard of it before

Use anything that sends background clicks, like control clicks you will be send to a clickjail and can only exit there every turning of the hour.

[hok30]

Quote:

Originally Posted by _fobos_

More in depth? Thats kinda all to it
Cant really go more in depth, besides what would you learn with a guide like this:
Step 1: Open up your IDE.
Step 2: Create a new project.
Step 3: ... yada yada yada

You get my point

Just read up on dll injection, theres like a ton about it out there, second what language do you use and how well do you use em.
See theres not much more I can give you because well i dont have the right memory addresses and no time to go look for them either.

I have coded 2 memory based bots 1 in delphi and other in C++.
So I have another idea to help you, download SkillerSluwt place Slut.exe in your CO folder and then open it with Olly.
Since I dont no current memory addresses I have the old 1 for the sit function so you can play with.

this is copy and pasted from my source and shows you like i said that thats all to it

Code:

procedure TCoSlut.DoSit();
var
  Pointer, SitOffset : integer;
begin

  Pointer:=$005DA9A0;
  SitOffset:=$0040AD60; // when you have opened slut.exe in olly search for Call 0040AD60
  asm
    mov ECX,Pointer; //You will see a similar line like this mov ecx,edi the value of edi is Pointer
    mov EDX,SitOffset;
    call EDX;

  end;
end;

Now that procedure gets called when a button was getting selected.
with a timer you regulate the interval and done
Hope that helps.

Also in olly a function looks like this, this is the magic attack function from Slut.exe, ofcourse you would need to update the addresses for current exe

Code:

00487D73              8BCF                 MOV ECX,EDI <-- edi holds pointer
00487D75              FF35 F0A95D00        PUSH DWORD PTR DS:[5DA9F0] <-- Holds the UID being cast on, note not an ID but UID always changes!
00487D7B              FFB6 54F30A00        PUSH DWORD PTR DS:[ESI+AF354] <-- holds skill ID being casted, 441 I believe for stig.
00487D81              E8 792C0600          CALL Slut.004EA9FF

Example used in SkillerSluwt source:
Dont hate cuz it looks ugly lol.

procedure TCoSlut.DoStig();
var
  pointer, AtkCall, Stigma, UIDpointer : integer;
begin
  pointer:=$005DA9A0;
  AtkCall:=$004EA9FF;
  Stigma:=$0447;
  UIDpointer:=$005DA9F0;
  asm
    mov EDI, dword ptr ss:[UIDpointer];
    push dword ptr ss:[EDI];
    push Stigma;
    mov ECX,pointer;
    call AtkCall;
  end;
end;

See how the function works in co itself and how you must mimic it?

Lets first just put ur questions and all in this thread maybe you'll get my yahoo later, I barely have time cuz I work a lot so it be better to keep it in this thread.


Use anything that sends background clicks, like control clicks you will be send to a clickjail and can only exit there every turning of the hour.

yeah I'm researchin DLL Injections, but I asked on this programming forum and the guy was like - well, you are either doing this to improve security, or you're hacking.

-.-



EDIT: Would this be about what I am looking for - in terms of AutoIT UDFs...

[_fobos_]

Quote:

Originally Posted by hok30

yeah I'm researchin DLL Injections, but I asked on this programming forum and the guy was like - well, you are either doing this to improve security, or you're hacking.

-.-



EDIT: Would this be about what I am looking for - in terms of AutoIT UDFs...

Wait wait wait.. You telling me you gonna attempt this in AutoIt?
No way thats gonna work, to my knowledge AutoIt cant execute code within another process

[hok30]

Quote:

Originally Posted by _fobos_

Wait wait wait.. You telling me you gonna attempt this in AutoIt?
No way thats gonna work, to my knowledge AutoIt cant execute code within another process

And there enlies the problem. Well, I guess I'm gonna have to add to my extremely limited knowlage of C# and see if I can do anything.

[_fobos_]

Quote:

Originally Posted by hok30

And there enlies the problem. Well, I guess I'm gonna have to add to my extremely limited knowlage of C# and see if I can do anything.

Even in C# I wouldnt place my bet lol.
C# doesnt support inline ASM (there are some modules out there but most is **** and limited)
Delphi or C++ I'd say

[hok30]

Quote:

Originally Posted by _fobos_

Even in C# I wouldnt place my bet lol.
C# doesnt support inline ASM (there are some modules out there but most is **** and limited)
Delphi or C++ I'd say

Even though there is that specific UDF that does exactly what you just described - you're saying that doesn't work?

[_fobos_]

Quote:

Originally Posted by hok30

Even though there is that specific UDF that does exactly what you just described - you're saying that doesn't work?

Cant judge on something I havnt seen but i highly doubt it
Show me anyway!

[hok30]

Quote:

Originally Posted by _fobos_

Cant judge on something I havnt seen but i highly doubt it
Show me anyway!

Prove you wrong or show you the page o.O

I'll prove you wrong =P

[_fobos_]

Quote:

Originally Posted by hok30

Prove you wrong or show you the page o.O

I'll prove you wrong =P

Thats not what i meant.
Course you can inject a dll, but can u write the dll you mimic the function in with AutoIt ?