How to send a packet taken from WPE PRO with Winsock control vb2010

Page 2 of 4

03/28/2011 21:38 sarkoplata#16

Thanks for your reply again..
This is my new code,

PHP Code:


			
Imports System.Text
Imports System.IO


Public Class Form1

    Private Declare Function ReadProcessMemory Lib "kernel32.dll" (ByVal hProcess As IntPtr, ByVal lpBaseAddress As IntPtr, ByVal lpBuffer As Byte(), ByVal nSize As UIntPtr, ByRef lpNumberOfBytesWritten As UInteger) As Boolean
    Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
        Dim readHandle As IntPtr = Process.GetProcessesByName("SRO_Client")(0).MainWindowHandle
        Dim bytes As Byte() = New Byte(23) {}
        Dim rw As Integer = 0

        //Pointer
        ReadProcessMemory(readHandle, DirectCast(&HAA0E44, Integer), bytes, DirectCast(24, Integer), rw)
        Dim pointer As Integer = BitConverter.ToInt32(bytes, 0)

        //Charname
        Dim charNameAddress As UInteger = &HA9FB98
        ReadProcessMemory(readHandle, DirectCast(charNameAddress, UInteger), bytes, DirectCast(24, Integer), rw)
        Label1.Text = Encoding.UTF8.GetString(bytes)

        //Current HP
        ReadProcessMemory(readHandle, DirectCast(pointer + &H3BC, Integer), bytes, DirectCast(24, Integer), rw)
        Dim currHP As Integer = BitConverter.ToInt32(bytes, 0)
        Label2.Text = currHP

        //Maximal HP
        ReadProcessMemory(readHandle, DirectCast(pointer + &H3B4, Integer), bytes, DirectCast(24, Integer), rw)
        Dim maxHP As Integer = BitConverter.ToInt32(bytes, 0)
        Label3.Text = maxHP

        //Current MP
        ReadProcessMemory(readHandle, DirectCast(pointer + &H3B0, Integer), bytes, DirectCast(24, Integer), rw)
        Dim currMP As Integer = BitConverter.ToInt32(bytes, 0)
        Label4.Text = currMP

        //Maximal MP
        ReadProcessMemory(readHandle, DirectCast(pointer + &H3B8, Integer), bytes, DirectCast(24, Integer), rw)
        Dim maxMP As Integer = BitConverter.ToInt32(bytes, 0)
        Label5.Text = maxMP

        //Level
        ReadProcessMemory(readHandle, DirectCast(pointer + &H7C8, Integer), bytes, DirectCast(24, Integer), rw)
        Dim level As Byte = bytes(0)
        Label6.Text = level
    End Sub
End Class

With this code of usage I get all values return by "0" , and I still didnt understand what means " pointer + anyoffset "
btw , this code has 0 errors but 14 warnings , all the same
it is "Using DirectCast to cast a value-type to the same type is obsolete.
ps . Forgive me for asking lot questions please :p
LAST EDIT : Idk , some of my friends has just told me this is easier ( I don't think anymore ) and for using multi clients it's better to use offsets and I prefer this way because one day it will be needed so I wanna learn.

03/28/2011 22:29 sarkoplata#17

I've just fixed it, it was rly full of mistakes but basic was a truth.
So here is the new working code ,

PHP Code:


			
Imports System.Net.Sockets
Imports System.Net
Imports System.Text
Imports System.IO


Public Class Form1
    Private Declare Function ReadProccessMemoryString Lib "kernel32" Alias "ReadProcessMemory" (ByVal hProcess As Integer, ByVal lpBaseAddress As Integer, ByVal lpBuffer As String, ByVal nSize As Integer, ByVal lpNumberOfBytesWritten As Integer) As Integer
    Private Declare Function ReadProcessMemory Lib "kernel32.dll" (ByVal hProcess As IntPtr, ByVal lpBaseAddress As IntPtr, ByVal lpBuffer As Byte(), ByVal nSize As UIntPtr, ByRef lpNumberOfBytesWritten As UInteger) As Boolean
    Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
        Dim readHandle As IntPtr ' = Process.GetProcessesByName("SRO_Client")(0).MainWindowHandle
        Dim proc As Process = Process.GetCurrentProcess
        For Each proc In Process.GetProcesses
            If proc.MainWindowTitle = "SRO_Client" Then
                readHandle = proc.Handle

                Exit For
            End If
        Next

        Dim bytes(24) As Byte
        Dim rw As Integer = 0
        Me.Text = readHandle
        'Pointer
        ReadProcessMemory(readHandle, &HAA0E44, bytes, 24, rw)
        Dim pointer As Integer = BitConverter.ToInt32(bytes, 0)

        Dim charname(24) As Byte
        'Charname
        Dim charNameAddress As UInteger = &HA9FB98
        ReadProcessMemory(readHandle, charNameAddress, charname, 24, 0)
        Label1.Text = Encoding.ASCII.GetString(charname)

        '
        'Current HP
        ReadProcessMemory(readHandle, pointer + &H3BC, bytes, 24, rw)
        Dim currHP As Integer = BitConverter.ToInt32(bytes, 0)
        Label2.Text = currHP
        'Maximal HP 1 min ok
        ReadProcessMemory(readHandle, pointer + &H3B4, bytes, 24, rw)
        Dim maxHP As Integer = BitConverter.ToInt32(bytes, 0)
        Label3.Text = maxHP
        'Current MP
        ReadProcessMemory(readHandle, pointer + &H3B0, bytes, 24, rw)
        Dim currMP As Integer = BitConverter.ToInt32(bytes, 0)
        Label4.Text = currMP

        'Maximal MP
        ReadProcessMemory(readHandle, pointer + &H3B8, bytes, 24, rw)
        Dim maxMP As Integer = BitConverter.ToInt32(bytes, 0)
        Label5.Text = maxMP
        'Level
        ReadProcessMemory(readHandle, pointer + &H7C8, bytes, 24, rw)
        Dim level As Byte = bytes(0)
        Label6.Text = level
    End Sub
End Class

Thanks for your helps , I will be back when I fall down again :P

03/29/2011 15:44 sarkoplata#18

I can't capture the packet of using potions .. strangely

03/29/2011 16:10 Kraizy#19

Did you try to record S->C?

03/29/2011 16:29 sarkoplata#20

I get dc when I try records from S->C , already is it meaningful to send packet coming from server ?

03/29/2011 19:16 goldfarm24#21

i was curious bout that also

03/29/2011 19:26 sarkoplata#22

Quote:

Originally Posted by goldfarm24

i was curious bout that also

and what was ur solution?

03/29/2011 20:32 Kraizy#23

Quote:

Originally Posted by sarkoplata

I get dc when I try records from S->C , already is it meaningful to send packet coming from server ?

I think you can't send all S->C packets but some of them you can, for example the Loginpacket. When you enter your ID & PW you will receive a S->C packet which contains the length of your id, your id, the length of your password, your password and the ServerID. The packet looked like this:

PHP Code:


			
//ID: test
//PW: blubb
//(OpCode) Locale, ID-Length, ID, PW-Length, PW, ServerID
(6102) 04 0400 74657374 0500 626C756262 0100
//To convert a string (your ID or PW) you can use this site: http://www.string-functions.com/string-hex.aspx

I am sure you won't get a DC if you send the right Loginpacket (tried it 1 week ago) but I don't know which opcode is for using pots, don't have SRO atm..maybe u r sending the wrong one? Because I also tried to use a X-Large HP Pot and I had no DC, my char took the pot, but I don't remember the Opcode anymore :/
I will try to get ZSZC at the weekend and try to find it if you still have the problem..

Edit: Take a look at this [Only registered and activated users can see links. Click Here To Register...], there are explanations of some packets (but I think the opcodes are already wrong..)

03/29/2011 21:49 sarkoplata#24

(704C)11EC08
(B04C)01112500EC08
(305C)7AD89002C6A10000
[ tested it 3,4 times , I am sure ]
I get three packets from server when I use a potion , and all of them gives me disconnect.
I can get hp packet with WPEpro but it is strange that I can't send packets which I take from WPE PRO.
Anyway I am looking to do press a button from memory
(WriteProcessMemory)
But it seems to I need help...
EDIT : Raw packets from WPEPro is smth sh*t , cant be sent with any program without Wpepro. And phAnalyzer doesn't get a packet for it . I'm rly stuck atm , my only way is to press buttons with WriteProcessMemory , I can see it in lolkop's bot source but it is autoit so I guess I can't convert them fully , I have just found the APIs but .. I'll be waiting for your reply ...
LASTLY : The index you gave me is something outdated i guess..

03/30/2011 14:27 Kraizy#25

Quote:

Originally Posted by sarkoplata

I can get hp packet with WPEpro but it is strange that I can't send packets which I take from WPE PRO.

Maybe it doesn't en/decrypt the packets? Dunno, don't like to use WPEpro...

Quote:

Originally Posted by sarkoplata

my only way is to press buttons with WriteProcessMemory , I can see it in lolkop's bot source

lolkop's bot is a keypresser (if not show me his bot), you could use SendKeys, but SRO have to be in foreground all the time..otherwise you will need to use the SendMessage/PostMessage-API (I already made a little tutorial in e*pvpers Coders Tutorials) to send the keys only to SRO, so you will be able to send the keys if SRO is in background also.

Quote:

Originally Posted by sarkoplata

LASTLY : The index you gave me is something outdated i guess..

It was only to show you how the packets are built, not just to copy, because the opcodes are wrong..

03/30/2011 15:11 sarkoplata#26

Quote:

Originally Posted by Fisticuff

Maybe it doesn't en/decrypt the packets? Dunno, don't like to use WPEpro...
WpePro packets are encrypted I guess ,too.
lolkop's bot is a keypresser (if not show me his bot), you could use SendKeys, but SRO have to be in foreground all the time..otherwise you will need to use the SendMessage/PostMessage-API (I already made a little tutorial in e*pvpers Coders Tutorials) to send the keys only to SRO, so you will be able to send the keys if SRO is in background also.
I don't mean the keypresser one , this bot which uses autopot by pressing keys from memory with underbar offset ( which I still couldn't understand )Here is the explanataion for that ; ( Guide belongs to lolkop. )
[Only registered and activated users can see links. Click Here To Register...]
And here is the bot which I meant ( lolkop's open source bot , not keypress)
[Only registered and activated users can see links. Click Here To Register...]
It was only to show you how the packets are built, not just to copy, because the opcodes are wrong..

I know , I didn't mean it :p

BTW : I will check your tut. now and turn back. I've already set the autopot but it should be on foreground , which makes me annoying , but works properly.
LASTLY : I looked all of your posts, but I couldn't find it , I think it's in german :/

03/30/2011 15:36 Kraizy#27

Can I see how you did the autopot?

03/30/2011 16:21 sarkoplata#28

Quote:

Originally Posted by Fisticuff

Can I see how you did the autopot?

Yeah basicly for hp part ; of course some another dims are before here.

Code:

If currHP < Val(TextBox4.Text) / 100 * maxHP Then
SetForegroundWindow(hwnd)
SendKeys.SendWait(TextBox6.Text)
End If

03/30/2011 19:53 Kraizy#29

OK, SendKeys..so I could help you at first with SendMessage, so SRO doesn't need to be in foreground, and at the weekend I will try to find the pots packet..
I suppose that you put in the pot slot in TextBox6..if so, then try this:

PHP Code:


			
//SendMessage-API
Private Declare Function SendMessage Lib "user32.dll" Alias "SendMessageA" (ByVal hwnd As Integer, ByVal wMsg As Integer, ByVal wParam As Integer, ByVal lParam As Integer) As Integer

//Declarations
Private Const WM_CHAR As Integer = &H102
Private sroHandle As IntPtr

//Find SRO handle
sroHandle = Process.GetProcessesByName("SRO_Client")(0).MainWindowHandle

//Use pot at slot 9
SendMessage(sroHandle, WM_CHAR, Asc("9"), 0) //You can change "9" to TextBox6.Text

But ofcourse it will also send the number if you open the chat..

03/30/2011 19:59 sarkoplata#30

Quote:

Originally Posted by Fisticuff

OK, SendKeys..so I could help you at first with SendMessage, so SRO doesn't need to be in foreground, and at the weekend I will try to find the pots packet..
I suppose that you put in the pot slot in TextBox6..if so, then try this:

PHP Code:

//SendMessage-API Private Declare Function SendMessage Lib "user32.dll" Alias "SendMessageA" (ByVal hwnd As Integer, ByVal wMsg As Integer, ByVal wParam As Integer, ByVal lParam As Integer) As Integer //Declarations Private Const WM_CHAR As Integer = &H102 Private sroHandle As IntPtr //Find SRO handle sroHandle = Process.GetProcessesByName("SRO_Client")(0).MainWindowHandle //Use pot at slot 9 SendMessage(sroHandle, WM_CHAR, Asc("9"), 0) //You can change "9" to TextBox6.Text

But ofcourse it will also send the number if you open the chat..

Well , this is useful for me , but I found potion packets.
They are S->C , but there is a point , which is that packet is encrypted.
I added new security byte to the code so it can use potions now :)
For example , (704C)19EC08 this will use the X-Large hp pot at slot 13.
But at first, I will use ur solution because first I have to read what's in the inventory.
If you have any idea about this , please post.

Page 2 of 4