Potion packets at ZSZC

Page 2 of 2

03/30/2011 14:56 sarkoplata#16

Quote:

Originally Posted by lolkop

nah my tutorials are mainly written, to show, that all of it can be done in asm.
the asm code can be used in almost every language.

if u're not able to understand the reversing part, you should start learning about it, with some easy tutorials, or at least start learning asm.

since u're able to build dlls in vb, those things could be used way better, since you can directly step into the client functions.

Well than I hate being stuck. And I am sorry but I hate auto-it too .
Most of tut.s are created in Auto-it , that makes me angry. :rtfm:
Anyway , I remember lolkop's first autopotion tools , which were like mine :D
So I believe one day I can become a lolkop:p
/Anyway , I am still looking for this packets in my form.
[I know I should first see where is the potion in inventory, and that's hard]
I'll do something diff. e.g.

PHP Code:


			
//This part is which timer will do; ( for example timer2 )

SendPacket("opcode" , "data for using X-Large potion at 1.slot)

SendPacket("opcode" , "data for using X-Large potion at 2.slot)

SendPacket("opcode" , "data for using X-Large potion at 3.slot)

SendPacket("opcode" , "data for using X-Large potion at 4.slot)

5.slot , 6.slot , 7.slot ... going like this.



//This part is another timer. ( for example timer1 )

ReadProcessMemory(readHandle, pointer + &H3B0, bytes, 24, rw)

Dim currMP As Integer = BitConverter.ToInt32(bytes, 0)

If currMP < Val(TextBox.Text) / 100 * maxMP[MaxMp is declared in another line already] Then

Timer2.enabled=True

Else

Timer2.enabled=False

End If



//This part is Form_load.

If CheckboxForAutopotActiviation.checked=True , then

Timer1.enabled=true

End If



If CheckboxForAutopotActiviation.checked=False, then

Timer1.enabled=false

End If

I think this should work properly. So as I do in elixir fusing.
Its like Sendpackets for hp slots , and works properly , fuses with order.
User of tool can tell program by a textbox how much mp does he buy , which slots are them.
What do you think?

03/30/2011 15:31 lolkop#17

how do you send packets to the client?

to be able to help you we'd have to know the way you use.

03/30/2011 16:12 sarkoplata#18

Quote:

Originally Posted by lolkop

how do you send packets to the client?

to be able to help you we'd have to know the way you use.

I'm using system.net.sockets
here is my code ;

Code:

 sroSocket = New Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp)

        Dim IP As IPAddress = IPAddress.Parse("127.0.0.1")
        Dim Port As Integer = 22580
        Dim IPEP As IPEndPoint = New IPEndPoint(IP, Port)

Code:

 Sub SendPacket(ByVal OpCode As String, ByVal sData As String)
        Using buffer As New IO.MemoryStream
            Using w As New IO.BinaryWriter(buffer)
                w.Write(CUShort(0))
                w.Write(CUShort("&H" + OpCode))
                w.Write(CUShort(1))

                For i = 0 To sData.Length / 2 - 1
                    w.Write(CByte("&H" & sData.Substring(i * 2, 2)))
                Next

                w.BaseStream.Position = 0
                w.Write(CUShort(w.BaseStream.Length - 6))
                w.Flush()
                sroSocket.Send(buffer.ToArray)

03/30/2011 17:36 lolkop#19

so u're using a proxy?

written on ur own, or by some1 else? to be able to use items from inventory, you'd have to be able to crypt and decrypt packets^^

03/30/2011 17:56 sarkoplata#20

Quote:

Originally Posted by lolkop

so u're using a proxy?

written on ur own, or by some1 else? to be able to use items from inventory, you'd have to be able to crypt and decrypt packets^^

Yes I'm using proxy , and my proxy supports decrypted packets ,
I found the packet for potion at 13.slot of inv.
That's just it (704C)19EC08
phAnalyzer can send it but I still dunno why my tool can't ^^

03/30/2011 18:24 sarkoplata#21

Finally my prog. can send enc. packets too.
GoneUp helped me a lot. Credits goes to him. :P
I will be here soon , when I get error from packet parsing .. :P

03/30/2011 21:36 sarkoplata#22

Quote:

Originally Posted by sarkoplata

PHP Code:

//This part is which timer will do; ( for example timer2 ) SendPacket("opcode" , "data for using X-Large potion at 1.slot) SendPacket("opcode" , "data for using X-Large potion at 2.slot) SendPacket("opcode" , "data for using X-Large potion at 3.slot) SendPacket("opcode" , "data for using X-Large potion at 4.slot) 5.slot , 6.slot , 7.slot ... going like this. //This part is another timer. ( for example timer1 ) ReadProcessMemory(readHandle, pointer + &H3B0, bytes, 24, rw) Dim currMP As Integer = BitConverter.ToInt32(bytes, 0) If currMP < Val(TextBox.Text) / 100 * maxMP[MaxMp is declared in another line already] Then Timer2.enabled=True Else Timer2.enabled=False End If //This part is Form_load. If CheckboxForAutopotActiviation.checked=True , then Timer1.enabled=true End If If CheckboxForAutopotActiviation.checked=False, then Timer1.enabled=false End If

This method works :mofo: I haven't read the inventory or such a thing ^^

03/31/2011 19:56 Kraizy#23

So, you are sending the packet for each slot everytime? What about if there is no pot anymore? Won't your client crash?

03/31/2011 21:05 sarkoplata#24

Quote:

Originally Posted by Fisticuff

So, you are sending the packet for each slot everytime? What about if there is no pot anymore? Won't your client crash?

Yes.No , client won't crash , if there is no pot , it uses 2nd slots pot. :)

04/02/2011 01:05 sarkoplata#25

Wow , finally made my auto party work , If u need help I'll just be here. :)

04/02/2011 12:40 lolkop#26

finally i've found a way to get the inventory content from memory without using any hooks =)

Code:

$actionBase = 0xCF5CD4
$charBase = 0xAA0E44
Global $kernel32 = DllOpen('kernel32.dll')
$mid = OpenProcess(WinGetProcess('[CLASS:CLIENT]'))

$inventoryBase = ReadProcessMemory($mid, ReadProcessMemory($mid, ReadProcessMemory($mid, ReadProcessMemory($mid, $actionBase) + 0x62C) + 0x78C) + 0x380)
For $i=0 To ReadProcessMemory($mid, ReadProcessMemory($mid, $charBase) + 0x16AC, 'byte')-1
	$slotBase = ReadProcessMemory($mid, ReadProcessMemory($mid, $inventoryBase + $i*4) + 0x360)
	$type = ReadProcessMemory($mid, $slotBase + 0x34)
	$nr = ReadProcessMemory($mid, $slotBase + 0x84)
	ConsoleWrite('Slot '&$i&':'&@CRLF)
	ConsoleWrite('   Item ID:'&$type&@CRLF)
	ConsoleWrite('   Item Quantity:'&$nr&@CRLF)
Next
CloseHandle($mid)
DllClose($kernel32)

haven't added it to my bot yet, but it makes it possible to use pots return scrolls etc directly from the inventory =)

beside that, it enables you to build a loop function and an auto tidy inventory function =)

basicly the code looks like this (if u're not able to understand the autoit):

Code:

inventoryBase = [[[[0xCF5CD4] + 0x62C] + 0x78C] + 0x380]
for i=0 to [[0xAA0E44] + 0x16AC] (byte) - 1
    slotBase = [[inventoryBase + i * 4] + 0x360]
    type = [slotBase + 0x34]
    nr = [slotBase + 0x84]
next

04/02/2011 13:37 Kraizy#27

Nice, will try it in .NET later :)

04/02/2011 19:04 sarkoplata#28

lolkop is genius , i'll try all this things in my project ^^
Thanks lolkop =)
btw thanks Fisticuff for posting me at other thread =)

04/03/2011 02:49 sarkoplata#29

Quote:

Originally Posted by Fisticuff

Nice, will try it in .NET later :)

If you make it work sucessfully , explain me too:p

04/25/2011 03:39 sarkoplata#30

Quote:
Originally Posted by lolkop
finally i've found a way to get the inventory content from memory without using any hooks =)
Code:
$actionBase = 0xCF5CD4
$charBase = 0xAA0E44
Global $kernel32 = DllOpen('kernel32.dll')
$mid = OpenProcess(WinGetProcess('[CLASS:CLIENT]'))

$inventoryBase = ReadProcessMemory($mid, ReadProcessMemory($mid, ReadProcessMemory($mid, ReadProcessMemory($mid, $actionBase) + 0x62C) + 0x78C) + 0x380)
For $i=0 To ReadProcessMemory($mid, ReadProcessMemory($mid, $charBase) + 0x16AC, 'byte')-1
	$slotBase = ReadProcessMemory($mid, ReadProcessMemory($mid, $inventoryBase + $i*4) + 0x360)
	$type = ReadProcessMemory($mid, $slotBase + 0x34)
	$nr = ReadProcessMemory($mid, $slotBase + 0x84)
	ConsoleWrite('Slot '&$i&':'&@CRLF)
	ConsoleWrite('   Item ID:'&$type&@CRLF)
	ConsoleWrite('   Item Quantity:'&$nr&@CRLF)
Next
CloseHandle($mid)
DllClose($kernel32)
haven't added it to my bot yet, but it makes it possible to use pots return scrolls etc directly from the inventory =)

beside that, it enables you to build a loop function and an auto tidy inventory function =)

basicly the code looks like this (if u're not able to understand the autoit):
Code:
inventoryBase = [[[[0xCF5CD4] + 0x62C] + 0x78C] + 0x380]
for i=0 to [[0xAA0E44] + 0x16AC] (byte) - 1
    slotBase = [[inventoryBase + i * 4] + 0x360]
    type = [slotBase + 0x34]
    nr = [slotBase + 0x84]
next

Do you think doing smth via memory is better ? or doing them with packets , and why ? :P btw is it possible to do multi-bot with a memory coded tool?

Page 2 of 2