PWI Elysium Changes

[sasukezero]

Quote:

Originally Posted by jasty

You need to replace a "28" in there with _Hex($Player_Offset, 2), the 28 was hard coded when it should not have been.

Ah didn't see that ty
Does anyone by chance have the current Partyinv offset as 0xE67CC8 doesn't seem to work ?
I can't even find it with my old regex....

[Stark77]

try 0xE67C80

[sasukezero]

Checked the Adress in IDA and tested it, works Tyvm
Apparently there is sometimes an issue when you read an Address lower case like current base address like this "0xe5b2a4" instead of this "0xE5B2A4". Let's the game crash oh well....one reason why Moveto didn't work.

I'm starting to lose my mind...the Moveto function works again, but my character tries to walk to the top end of the map all the time...I checked wrong addresses, different calculations, different variations of x,y,z(in case something changed), Autopath works...., tried revhex, hex etc......
Is anyone facing the same problem ?

[Stark77]

i changed nothing but the Player_Offset and everything worked as before.

[Remmm]

click for "Select" serverlist:

Code:

Procedure ClConfurm(pid)
    
    hProcess=OpenProcess_(#PROCESS_ALL_ACCESS, #False, pid) 
    ReadProcessMemory_(hProcess,($00e5ba4c ) Ibuf,4,***)
    ReadProcessMemory_(hProcess,(ibuf+$18) Ibuf,4,***)
    ReadProcessMemory_(hProcess,(ibuf+$8) windarr,4,***)
    ReadProcessMemory_(hProcess,(WindArr+$8c) Winup,4,***)
    
    While WinUp<>0
      ReadProcessMemory_(hProcess,(WinUp+$8) winstruct,4,***)
      ReadProcessMemory_(hProcess,(winstruct+$4c)  winnameadr,4,***)
      ReadProcessMemory_(hProcess,(winnameadr+0)  winname,50,***) ;ASCII string
      
      If winname="Win_LoginServerListButton"
        ReadProcessMemory_(hProcess,(winstruct+$1c8) Ibuf,4,***)
        ReadProcessMemory_(hProcess,(ibuf+$0c) Ibuf,4,***)
        ReadProcessMemory_(hProcess,(ibuf+$08) Ibuf,4,***)
        ReadProcessMemory_(hProcess,(ibuf+$1c) Ibuf,4,***) ; Commandadr
        
        opcode.s="60"+"B9"+Reverse(winstruct)+"68"+Reverse(ibuf)+"BA"+Reverse($A69A70)+"FFD2"+"61"+"C3"
        Inject(pid,opcode) 
        CloseHandle_(hProcess)
        ProcedureReturn 1;click send
      EndIf 
      ReadProcessMemory_(hProcess,(WinUp) Winup,4,***)
      
    Wend
    
    CloseHandle_(hProcess) 
    ProcedureReturn 0 ;not find window
  EndProcedure

* Chance of ReportBug
** addresses are specified for the current version PWI(946)
*** English is not my native language.

[sasukezero]

Quote:

Originally Posted by Stark77

i changed nothing but the Player_Offset and everything worked as before.

Found the issue...it was a replaced 24...replace all is not always good...
Went through my whole code to eliminate a lot of things and therefore it happened oh well. Tyvm, this way i knew it still works

[Stark77]

thats good to hear i acutally also have a question related to this moveto function. for me this function is only working on windows 7 or lower. client will crash with win10.

does anyone have the same issue or maybe even knows how to fix it? the opcode i use is below.

 Spoiler

Code:

     global realBaseAddress := 0xE5B2A4
     global playerOffSet := 0x34
     global playerActionStructOffset := 0x1500
     global AutoPathAddress := 0x4592F0
     global ADDRESS_ACTION1 := 0x4C8480
     global ADDRESS_ACTION2 := 0x4CE970
     global ADDRESS_ACTION3 := 0x4C8A70

      revHex(revX, X)
      revHex(revY, Y)
      revHex(revZ, Z)
      revHex(revBaseAddress, realbaseAddress)
      revHex(revPlayerOffSet, playerOffSet,2)
      revHex(revADDRESS_ACTION1, ADDRESS_ACTION1)
      revHex(revADDRESS_ACTION2, ADDRESS_ACTION2)
      revHex(revADDRESS_ACTION3, ADDRESS_ACTION3)
      revHex(OFFSET_ACTIONBASE, playerActionStructOffset)
      revHex(FLYMODE, flyflag)

      func =					
      func = %func%60
      func = %func%B8%revBaseAddress%
      func = %func%8B00
      func = %func%8B401C
      func = %func%8B70%revPlayerOffSet%
      func = %func%8B8E%OFFSET_ACTIONBASE%
      func = %func%6A01
      func = %func%BA%revADDRESS_ACTION1%
      func = %func%FFD2
      func = %func%8BF8
      func = %func%8D442418
      func = %func%50
      func = %func%BA%FLYMODE%
      func = %func%52
      func = %func%8BCF
      func = %func%BA%revADDRESS_ACTION2%
      func = %func%FFD2
      func = %func%8B8E%OFFSET_ACTIONBASE%
      func = %func%B8%revX%
      func = %func%8BD7
      func = %func%83C220
      func = %func%8902
      func = %func%B8%revZ%
      func = %func%8BD7
      func = %func%83C224
      func = %func%8902
      func = %func%B8%revY%
      func = %func%8BD7
      func = %func%83C228
      func = %func%8902
      func = %func%6A00
      func = %func%6A01
      func = %func%57
      func = %func%6A01
      func = %func%BA%revADDRESS_ACTION3%
      func = %func%FFD2
      func = %func%61
      func = %func%C3
      injectCode(func)

[Remmm]

Try it moveto (works for win10, unstable, possible crash client)

 Spoiler

Code:

Hex dump          Command                                  
60              PUSHAD
B8 00000000     MOV EAX,BaseAddress
8B00            MOV EAX,DWORD PTR DS:[EAX]
8B40 1C         MOV EAX,DWORD PTR DS:[EAX+1C]
8B78 34         MOV EDI,DWORD PTR DS:[EAX+34]
8B8F 11111111   MOV ECX,DWORD PTR DS:[EDI+playerActionStructOffset]
6A 01           PUSH 1
BA 00000000     MOV EDX, Walk1
FFD2            CALL EDX
8D4C24 1C       LEA ECX,[ESP+1C]
89C6            MOV ESI,EAX
51              PUSH ECX
BA 00000000     MOV EDX,FLYMODE
52              PUSH EDX
89F1            MOV ECX,ESI
BA 00000000     MOV EDX,Walk2
FFD2            CALL EDX
8B8F 22222222   MOV ECX,DWORD PTR DS:[EDI+playerActionStructOffset]
B8 00000000     MOV EAX,X
89F2            MOV EDX,ESI
83C2 20         ADD EDX,20
8902            MOV DWORD PTR DS:[EDX],EAX
B8 00000000     MOV EAX,Z
89F2            MOV EDX,ESI
83C2 24         ADD EDX,24
8902            MOV DWORD PTR DS:[EDX],EAX
B8 00000000     MOV EAX,Y
89F2            MOV EDX,ESI
83C2 28         ADD EDX,28
8902            MOV DWORD PTR DS:[EDX],EAX
6A 01           PUSH 1
56              PUSH ESI
6A 01           PUSH 1
BA 00000000     MOV EDX,Walk3
FFD2            CALL EDX
61              POPAD
C3              RETN

copied from http://zhyk.ru/ author diagnost

[Stark77]

THANK YOU alot for this ... its working perfectly

[sasukezero]

I was playing around with the chat. I can read out the whole chat with this function here:

 Spoiler

Local $array[1][2], $pointer, $counter

$pid = ProcessExists("elementclient.exe")

$PROCESS_INFORMATION = _MemoryOpen($pid)
For $i = 0 To 199
$pointer = _MemoryRead(0xE61580, $PROCESS_INFORMATION)
ReDim $array[$counter + 1][2]
$array[$counter][0] = _MemoryRead($pointer + $i * Dec("24") + 0x4, $PROCESS_INFORMATION, "Byte") ;Chat Type
$array[$counter][1] = _MemoryRead(_MemoryRead($pointer + $i * Dec("24") + 0x8, $PROCESS_INFORMATION)+0x0, $PROCESS_INFORMATION, 'wchar[100]') ;Chat text

$counter += 1


Next
_MemoryClose($pid)
_ArraySort($array, "", "", "", 6)
_ArrayDisplay($array)

The only Problem here is, that linked items are shown like this "<1><>" :/
Does anyone know what way i can read out the text with items as wchar doesn't really do the trick?

[jasty]

Quote:

Originally Posted by sasukezero

The only Problem here is, that linked items are shown like this "<1><>" :/
Does anyone know what way i can read out the text with items as wchar doesn't really do the trick?

Here's an old writeup but getting the actual tooltip looks complicated.

The item itself looks like its at the same offset chain but with 0xC at the end instead of 0x8.

[sasukezero]

Quote:

Originally Posted by jasty

Here's an old writeup but getting the actual tooltip looks complicated.

The item itself looks like its at the same offset chain but with 0xC at the end instead of 0x8.

That did the trick with 0xC it reads out the item name too. Now i still have the extra signs etc but its more readable. String replace does the rest. Ty

 Spoiler

$array[$counter][2] = _MemoryRead(_MemoryRead($pointer + $i * Dec("24") + 0xC, $PROCESS_INFORMATION), $PROCESS_INFORMATION, 'wchar[100]') ;Chat text

[DurianMontong]

hi any one can give me questID for Enter Base faction from

Faction Base Manager Zeen


i try find in pwdatabase.com

"Enter the Base"


but no quest found

[sasukezero]

I checked for the send package via this old guid:

And came up with this:

 Spoiler

func EnterFactionbase($pid,$playerid_,$factionid)

Local $packet, $packetSize

$packet = '2500'
$packet &= "40000000"
$packet &= "10000000"
$packet &= "3C110000"
$packet &= Hex($playerid_)
$packet &= Hex($factionid)
$packet &= Hex($factionid)
$packetSize = 26
sendPacket($packet, $packetSize, $pid)
EndFunc

Tested it on 2 different characters and it works like a charm.
Seems like you don't have to open the npcdialogue, just stand close enough and select it

[DurianMontong]

Quote:

Originally Posted by sasukezero

I checked for the send package via this old guid:

And came up with this:

 Spoiler

func EnterFactionbase($pid,$playerid_,$factionid)

Local $packet, $packetSize

$packet = '2500'
$packet &= "40000000"
$packet &= "10000000"
$packet &= "3C110000"
$packet &= Hex($playerid_)
$packet &= Hex($factionid)
$packet &= Hex($factionid)
$packetSize = 26
sendPacket($packet, $packetSize, $pid)
EndFunc

Tested it on 2 different characters and it works like a charm.
Seems like you don't have to open the npcdialogue, just stand close enough and select it

hi thx for info, but can u tell me how to find my $factionid