edit: all working fine in autoit
mistake was i used char then wchar :D
mistake was i used char then wchar :D
PWI - Guide for finding chat message offsets - C# code included
04/17/2011 12:51
sulivan2011#16
04/17/2011 16:05
dumbfck#17
Hehe you just beat me to it, sulivan. Regarding the message type, you can get that from the chat object too - see my chat object structure in the first post. Alternatively, that number is also embedded in the actual message if you look closely ^^
And I see what you mean now, omarranimado. I guess that might be a decent way to check, although there probably is a more efficient way. It's a while since I messed about with collecting mats and all I had was a pretty simple code injection to pick up a mat if you're standing right next to it.
I didn't dig much further.
Interest's suggestion would be quite clean as it's a single memory read to return an integer value, so you wouldn't have to parse a string or anything.
@Interest07 - Unfortunately I don't have the gold listings structure yet. That button was to retrieve the normal AH listings, which worked quite well. I figured out the packet signature for refreshing the page too, using your packet sender stuff ^^, so it would refresh every 30 secs or so, then read it all. I had planned to store everything in a database and build an alerts system, so when an item you're looking for appears in AH, it would tell you - Or if a silly-priced bargain came up ;)
Would also be a nice way to get average prices for just about every item that goes through the AH.
My offsets are outdated now, but I might take another look at fixing that soon. Let me know if those offsets will be any use to you
Re: graphics stuff - I'm not really that great with it either, I just learn what I need to know, when I need to know it :P
And yes - I get the item images from the dds file. Makes it update proof =]
Only downside is that it's not massively fast. It needs some refinement hehe.
And I see what you mean now, omarranimado. I guess that might be a decent way to check, although there probably is a more efficient way. It's a while since I messed about with collecting mats and all I had was a pretty simple code injection to pick up a mat if you're standing right next to it.
I didn't dig much further.
Interest's suggestion would be quite clean as it's a single memory read to return an integer value, so you wouldn't have to parse a string or anything.
@Interest07 - Unfortunately I don't have the gold listings structure yet. That button was to retrieve the normal AH listings, which worked quite well. I figured out the packet signature for refreshing the page too, using your packet sender stuff ^^, so it would refresh every 30 secs or so, then read it all. I had planned to store everything in a database and build an alerts system, so when an item you're looking for appears in AH, it would tell you - Or if a silly-priced bargain came up ;)
Would also be a nice way to get average prices for just about every item that goes through the AH.
My offsets are outdated now, but I might take another look at fixing that soon. Let me know if those offsets will be any use to you
Re: graphics stuff - I'm not really that great with it either, I just learn what I need to know, when I need to know it :P
And yes - I get the item images from the dds file. Makes it update proof =]
Only downside is that it's not massively fast. It needs some refinement hehe.
04/17/2011 17:15
Interest07#18
Yeah, I've done something similar with all the cat shops in west archosaur (throws it into a database that a site reads from to view all the cat shops currently on), so would be quite nice actually to include the ah in there once every 10 mins or so that I'd walk past. Then I could check whether any catshops are buying something that's being sold in the ah for cheap. Gold prices would be real sweet too though, cos I'm too lazy to manually collect the data, but I'd love to analyze it a bit :p
Speed of your program is overrated with bots (within limits of course), You generally only really need a response time of about 500 ms or so, so as long as it's working, the speed shouldn't matter too much.... I'd prefer pretty pictures lol.
But yeah, I'd be quite interested in the ah offsets, since you have them... :D
Speed of your program is overrated with bots (within limits of course), You generally only really need a response time of about 500 ms or so, so as long as it's working, the speed shouldn't matter too much.... I'd prefer pretty pictures lol.
But yeah, I'd be quite interested in the ah offsets, since you have them... :D
04/17/2011 18:16
dumbfck#19
Just trying to fix the AH offsets right now. Keep going in circles lol - I remember it was a bytch to find last time. Sadly, My documentation for that process wasn't too great =P. I'll be sure to do a better job this time.
Just had a look at gold listings too. Looks a bit tricky - Thought I'd found a static base pointer, but something seems to change every minute or so. Wondering if they've put some sort of 'protection' on it. Will try again later though ^^
I'll post some code later for the inventory icon fetching stuff ;)
Just had a look at gold listings too. Looks a bit tricky - Thought I'd found a static base pointer, but something seems to change every minute or so. Wondering if they've put some sort of 'protection' on it. Will try again later though ^^
I'll post some code later for the inventory icon fetching stuff ;)
04/17/2011 22:30
Interest07#20
awesome, good luck with the ah. I had a brief look at it and got totally demotivated Or perhaps I wasn't motivated enough, either way, it was a bugger alright lol
04/18/2011 17:01
dumbfck#21
Wow that really was a bytch... Got there eventually though, thanks to OllyDbg ^^
Cheat engine just really wasn't cut out for this one - Nothing worse than scanning for a value and getting hundreds of results =P
Ok, with AH open, the base pointer to the sequential list of items is:
[[[[[[[BASE_CALL]+1C]+18]+8]+2BC]+208]+150]
ahItemObjSize = 0x5D0
*EDIT: The string referenced by p_ahRow is a tab separated string of each column on the listing display (unicode tab = 0x0009).
I think it might be GBK encoded too (Chinese 2312 / GB2312 character set I think)
So for example, to get a list of just the IDs of everything in the AH:
Pseudocode:
[code]
Cheat engine just really wasn't cut out for this one - Nothing worse than scanning for a value and getting hundreds of results =P
Ok, with AH open, the base pointer to the sequential list of items is:
[[[[[[[BASE_CALL]+1C]+18]+8]+2BC]+208]+150]
ahItemObjSize = 0x5D0
Code:
struct ahItemObj
{
*wchar p_ahRow; // 0x00 p->String of full line in AH (A bit broken though?)
char uk1[0x58]; // 0x04 Unknown
*wchar p_fullDescription // 0x5C p->Full description text
uint dwAuctionId // 0xB0 Auction ID
char uk2[0x4] // 0xB4 Unknown
uint dwCurrentBid // 0xB8 Current Bid
uint dwBuyPrice // 0xBC Buy Now price
char uk2[0x8] // 0xC0 Unknown
uint dwItemId // 0xC8 Item ID
char uk2[0x504] // 0xCC Unknown
}
I think it might be GBK encoded too (Chinese 2312 / GB2312 character set I think)
So for example, to get a list of just the IDs of everything in the AH:
Pseudocode:
[code]
Code:
// 15 items per page
for(i = 0 ; i < 15 ; i++)
{
itemIDs[i] = ReadUnicode([[[[[[[[[BASE_CALL]+1C]+18]+8]+2BC]+208]+150]+ i*5D0 + B0]+0])
}
04/18/2011 20:51
dumbfck#22
....And the sendPacket signature for updating the AH page:
You can specify the starting offset, which is basically like the page select.
There are 16 tems per page, so a starting offset of 0x10 would be page 2
Current AH page (so you can just refresh current page):
[[[[[[BASE_CALL]+0x1C]+0x18]+0x08]+0x74]+0x278]
Some of the other zeroes in there are to do with the filters etc, but they're not particularly useful
I'll link this on the sending packets thread too ^^
You can specify the starting offset, which is basically like the page select.
There are 16 tems per page, so a starting offset of 0x10 would be page 2
Current AH page (so you can just refresh current page):
[[[[[[BASE_CALL]+0x1C]+0x18]+0x08]+0x74]+0x278]
Some of the other zeroes in there are to do with the filters etc, but they're not particularly useful
Code:
private byte[] refreshAhPagePkt = new byte[]
{
//Header
0x25, 0x00, 0x1A, 0x00,
0x00, 0x00, 0x17, 0x00,
0x00, 0x00, 0x24, 0x03,
0x00, 0x00,
0x00, 0x00, 0x00, 0x00, // Player ID
0x00, 0x00,
0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, // Start item offset
0x00, 0x00, 0x00, 0x01,
0x14
};
public void refreshAhPage()
{
//Get size of the packet
int packetSize = refreshAhPagePkt.Length;
if (refreshAhPageAddress == 0)
{
//load packet in memory
loadPacket(refreshAhPagePkt, ref refreshAhPageAddress, ref refreshAhPageAddressRev);
}
// Get your player ID
uint _playerId = MemFunctions.resolveNestedPointer(pr_processHandle, elements.baseCall, 0x1C, 0x34, 0x46C, 0); // v505
byte[] playerId = BitConverter.GetBytes(_playerId);
playerId = playerId.Reverse().ToArray();
MemFunctions.MemWriteBytes(pr_processHandle, refreshAhPageAddress + 14, playerId);
// Get the current AH page
uint _currentPage = MemFunctions.resolveNestedPointer(pr_processHandle, elements.baseCall, 0x1C, 0x18, 0x08, 0x74, 0x278, 0); // v505
byte[] currentPage = BitConverter.GetBytes(_currentPage);
currentPage = currentPage.Reverse().ToArray();
MemFunctions.MemWriteBytes(pr_processHandle, refreshAhPageAddress + 24, currentPage);
sendPacket(refreshAhPageAddressRev, packetSize);
}
04/19/2011 10:28
Interest07#23
Woahh, nice work :D
*Fires up cheatengine to test it real quick*
Nice packet sender :D
edit:
+0xC8 is the itemId
Phewww was afraid that would somehow not be in there :P
The gold thing is also some tab delimited pleasure. And also has structures of 0x5D0
Ah found it
unicode tab delimited string for sell item i
= [[[[[[[[[BASE_CALL]+1C]+18]+8]+74]+208]+150]+ i*5D0 ]+0]
same for buy:
= [[[[[[[[[BASE_CALL]+1C]+18]+8]+74]+20C]+150]+ i*5D0 ]+0]
I was half hoping it would be located close to the regular ah :D Thanks so much for posting that!
*Fires up cheatengine to test it real quick*
Nice packet sender :D
edit:
+0xC8 is the itemId
Phewww was afraid that would somehow not be in there :P
The gold thing is also some tab delimited pleasure. And also has structures of 0x5D0
Ah found it
unicode tab delimited string for sell item i
= [[[[[[[[[BASE_CALL]+1C]+18]+8]+74]+208]+150]+ i*5D0 ]+0]
same for buy:
= [[[[[[[[[BASE_CALL]+1C]+18]+8]+74]+20C]+150]+ i*5D0 ]+0]
I was half hoping it would be located close to the regular ah :D Thanks so much for posting that!
04/19/2011 11:22
dumbfck#24
Ahh thanks - updated =]
Managed to find a static for gold listings then? Hehe
And yeah... The packet sender stuff looks strangely familiar, huh? >_>
Managed to find a static for gold listings then? Hehe
And yeah... The packet sender stuff looks strangely familiar, huh? >_>
04/19/2011 12:06
Interest07#25
Haha edited in the stuff for gold :)
I'm glad the packetSender was good enough to use an erm similar structure of code :p
For the gold I had a hunch it would be samish so after I noticed that it ended in +150 + i * 5D0... I got very happy indeed lol
I'm glad the packetSender was good enough to use an erm similar structure of code :p
For the gold I had a hunch it would be samish so after I noticed that it ended in +150 + i * 5D0... I got very happy indeed lol
04/19/2011 12:49
dumbfck#26
Sweeeet! That was a result, well spotted hehe.
I'll throw some documentation together for finding those offsets - They changed quite drastically in the last two big updates.
I'll throw some documentation together for finding those offsets - They changed quite drastically in the last two big updates.
04/19/2011 13:14
Interest07#27
That would be helpful indeed for when it changes again :)Quote:
Sweeeet! That was a result, well spotted hehe.
I'll throw some documentation together for finding those offsets - They changed quite drastically in the last two big updates.
04/19/2011 18:01
Interest07#28
I seem to be getting a different value for
this
in the packet
I encountered the same value in the packet for updating gold prices. THe value is identical to the one found for ah updating (and different from yours).
From the code it seems that a value of 0 would also be allowed, but I'll have to double check that first I suppose
this
in the packet
I encountered the same value in the packet for updating gold prices. THe value is identical to the one found for ah updating (and different from yours).
From the code it seems that a value of 0 would also be allowed, but I'll have to double check that first I suppose
04/21/2011 17:35
Smurfin#29
you two talk in english mixed with hex-ish language lol :p
btw, I'm stuck trying to find [BASE_CHAT_ADDRESS] , I managed to get the static lastChatObject offset for pw server i'm playing on, which is [A60398+c], but in my IdaPro it won't view like yours that's showing : last chat index,chat struct size, and chatbase in boxy asm view, it displayed like below instead.
Do I really need the Ida Pro to find the chatbase ? isn't it already found using CE earlier which was [[AE9620]+C] (it's [A60398+c] for mine)
btw, I'm stuck trying to find [BASE_CHAT_ADDRESS] , I managed to get the static lastChatObject offset for pw server i'm playing on, which is [A60398+c], but in my IdaPro it won't view like yours that's showing : last chat index,chat struct size, and chatbase in boxy asm view, it displayed like below instead.
Do I really need the Ida Pro to find the chatbase ? isn't it already found using CE earlier which was [[AE9620]+C] (it's [A60398+c] for mine)
04/21/2011 19:27
dumbfck#30
Lol! I can speak in binary too - I sound a bit like a dialup modem in real life ^^Quote:
"Bedooooop... BNNNNNGGG.... pshhhhhhh..... GLAAAAARRR"
[/nutter]
You're right, it may have been a slightly redundant step in the guide :P
(although it does kinda show the base, last message and struct size info all in one area).
The lastChatOffset should be the baseChatAddress + 0xC
Was that the only address that came up in the IDA search? (refer to pic_3 on first post).
Are you not getting what you would expect from those offsets?
I can't remember off the top of my head how to get IDA in flow chart view...
Just reformatted my computer and having trouble finding my backed-up installer for IDA. Once I re-install, I'll take a look =]
If you succeed in finding them, I'll add the offsets for your server to my first post.