[Question] House Permit Bot (AutoIt3)

Quote:

Originally Posted by _fobos_ Some more info about hooking to jump function, when doing so you will get the "cant jump to this coordinate" message when someone stands on the coordinate you're trying to jump too. So it aint that failsafe either, course you could add a rand() of 1-2 to each coordinate. anyway thought id share. But eitherway dont think with autoit u can hook to a function, proof me wrong :p

YES and NO! :D

I'm pretty sure u've seen autoit do DLL injection in another thread, but i know autoit can not do assembly language :D

I'm gonna write the DLL in c/c++, and im gonna use an autoit functions to inject this DLL into conquer.exe (Note: that this inject function is not a primary function of autoit, it actually grabs the function from another DLL just like the NomadMemory.au3 grabs ReadProcessMemory from a system DLL). Then im gonna use the TCPSocket functions of autoit to communicate to the DLL that is hosting on 127.0.0.1 on port 27015 (only for one co client atm, i can use different port numbers for each client i want to communicate with).

And source for the DLL i attach below. Its modeled off your DLL injection to pause and resume minesweeper. :D

If AutoIt wont inject directly, then i'll make it call another program that makes the injection :p ... Then AutoIt can communicate to it with sockets.

And I can communicate with it using Telnet also for debugging.

like

> telnet 127.0.0.1 27015
ctrl+]
> send jump 123 211 <-- causes the DLL to call ConquerJump(123,211), making the player jump to coordinates (123,211)

Edit: umm... forgot 'extern "C"' just b4 DllMain() function, i forgot i used .cpp file. :p

:D

Quote:

Originally Posted by _fobos_ Some more info about hooking to jump function, when doing so you will get the "cant jump to this coordinate" message when someone stands on the coordinate you're trying to jump too. So it aint that failsafe either, course you could add a rand() of 1-2 to each coordinate.

well that ain't much fun :p

maybe hooking this jump will allow for making an multiple house permit bots running at once in AutoIt, or multiple other bots running at once in AutoIt.

I know u don't like autoit (i've been tracking ur posts :p), but i find it has a really nice syntax. It has similar syntax to c/c++, and ya don't have to do much setup code or compiling. True autoit has less power, but its easy to work with. Ever seen socket programming done w/ just a TCPConnect() & TCPSend() :D, w/o this WSAStartup() stuff and everything else u have to do.

AutoIt is a nice noob language, and im a noob :D

Edit: TCPStartUp() lol, i forgot about that... that must be the thingy that calls WSAStartup() internally.

Not working yet :D

My CO2Claw.log
i switch to port 12345, bcuz port 27015 was already in use. (lol picked a random port # and happened to be in use already, theres like 65536 of them)

anyway, i went telnet

telnet
> open 127.0.0.1 12345
Ctrl+]
> send jump 40 80

and ya can see from my log the DLL got the command jump 40 80, then that makes it call the following...

and it crashes lol... i could have the address of the jump() function wrong (004C6303), or i just called it using the wrong assembly language :p

I'm a noob at assembly, expecially that AT&T assembly (i use mingw compiler). :p

Edit: PS: i love ur SkillerSluwt _fobos_ :D

Quote:

Originally Posted by clintonselke Yea, its all only script, i wont compile it to .exe, had so many going "someone scan it plz", "someone scan it plz", in my other posts. I think more people are comfortable with just the source, at least for the "Programming" section, the other sections i would release executables. If ya want to test it, u use AutoIt3 to run the script, remember to follow the instructions in the first post.lol

Yeah, I'm not a beginner AutoIt programmer myself and I know what it is xD

Although, you're script looks good.

When i execute conquer first, then run OllyDBG and attach it to the conquer process, i get a different address for what i think is the jump() function.

I now think its at 004C5F99, can anyone confirm that?

Thanks.

Edit:

Here is what i see

with a breakpoint

ECX and ESI holds 005DABB8

EDIT: IT WORKS IT WORKS!!!! I Can't Believe it ,,, it WORKS :D ... I just got my x and y coordinate mixed up lol.

ok, i got autoit to do one jump xD

but after it jumps the $Socket connection is lost :p... any1 experienced w/ autoit sockets?

thanks again xD

Quote:

Originally Posted by clintonselke ok, i got autoit to do one jump xD PHP Code: Func MoveTo($Coord, $AddNoise = False)     If $AddNoise Then         $Coord[0] = $Coord[0] + Int(Random(-$NOISE_IN_WAYPOINT, $NOISE_IN_WAYPOINT))         $Coord[1] = $Coord[1] + Int(Random(-$NOISE_IN_WAYPOINT, $NOISE_IN_WAYPOINT))     EndIf     TCPSend($Socket, "jump " & $Coord[0] & " " & $Coord[1])     Delay(500) EndFunc  but after it jumps the $Socket connection is lost :p... any1 experienced w/ autoit sockets? thanks again xD

Not me, no experience with autoit sockets :p
But yes that looks like the jump function,
I did something like this

__asm
{
push x
push y
mov ecx,esi
call jump
}

Inject it and call it.

EDIT: I just read ur other posts on other page, must admit pretty nice thinking there :p
if its still crashing debug when executing so you see what goes wrong and where :p

When you're doing this good, you could just make a 100 % memory based bot without needing any mouse clicks at all, which is a good idea since people (e.g. flying archers) could be blocking NPCs and stuff like that.

You could find the "talk to NPC" function and call it, too, like you did with the jump function. Same with selling items, dropping, etc. That takes time, though :p.

Anyways, good luck with your bot :D<3.

Quote:

Originally Posted by _fobos_ EDIT: I just read ur other posts on other page, must admit pretty nice thinking there :p if its still crashing debug when executing so you see what goes wrong and where :p

Its starting to turn out nice. Not crashing anymore, only problem now is that my autoit sockets wont stay open. But the weird thing is it works fine using telnet from command prompt. And i kinda think i know what it is, I think my c/c++ DLL is using Blocking sockets and autoit is using Asyncronise sockets, and might be y the dam connection doesn't stay past 1 data send. But that single data send works brillantly :D... just need more than one :p

I'll get back to work on it :D, and soon i'll release the latests source so ur all not left in the dark on this project.

Quote:

Originally Posted by IAmHawtness When you're doing this good, you could just make a 100 % memory based bot without needing any mouse clicks at all, which is a good idea since people (e.g. flying archers) could be blocking NPCs and stuff like that. You could find the "talk to NPC" function and call it, too, like you did with the jump function. Same with selling items, dropping, etc. That takes time, though :p. Anyways, good luck with your bot :D<3.

Yea, thats a great idea :D .

Wanna help me :o , those functions are so hard to find :p

i saw a thread called [CO2]Functions, it had all the memory addresses of really nice functions :D, but its outdated :( . However maybe the assembly language instruction patterns are similar and i can search the patterns to find their new locations in memory for the new client. :D

Wish me luck :D

Quote:

Originally Posted by clintonselke ok, i got autoit to do one jump xD PHP Code: Func MoveTo($Coord, $AddNoise = False)     If $AddNoise Then         $Coord[0] = $Coord[0] + Int(Random(-$NOISE_IN_WAYPOINT, $NOISE_IN_WAYPOINT))         $Coord[1] = $Coord[1] + Int(Random(-$NOISE_IN_WAYPOINT, $NOISE_IN_WAYPOINT))     EndIf     TCPSend($Socket, "jump " & $Coord[0] & " " & $Coord[1])     Delay(500) EndFunc  but after it jumps the $Socket connection is lost :p... any1 experienced w/ autoit sockets? thanks again xD

lol.... i know the problem... its my script. no such function as Delay(), i need to use Sleep() lol.

Dude. Stop triple posting and quoting yourself to talk to.

hok30@
What is the problem? It is one very interesting thread, and it has to do with Programming! It is not request or other shit that people post in the Programming Section.
I think that he does do not hurt anyone. He keeps "in live" a very interesting thread.

Ok, guys, i decided to release the code and executables now. I have AutoIt3 using the conquer jump() now for more accuracy. Sorry about the triple posting, i just get excited sometimes :p .

This code is not 100% working atm, but it lets others know how to call conquer functions with AutoIt.

I have also included a DllInject.au3 file, which is a extended function for autoit allow u to inject Dlls into processes. Unfortunately it is currently not working for me, so u guys will have to use Winject.exe instead before u run the script.

One good thing now is there is no longer a need to use Ctrl+L for learning mode.

Note also: I found the questions at the mine caves to be dynamically allocated, it works on my computer but not my brothers. And for some strange reason, the addresses for the map coordinates have now changed also (need to search it too in cheat engine). What a pain :p

U'll need to update these values using CheatEngine if they are invalid for your machine. (these will be needed to be done until one of us makes them static :p)

Global Const $REPLY_ADDRESS[4] = [0x01D3DFBC, 0x01D3E0F4,0x01D3E22C,0x01D3E364]

In order they are the addresses for the replies TOP-LEFT (0), TOP-RIGHT (1), BOTTOM-LEFT (2), BOTTOM-RIGHT (3)

And update these too, for your client. I dont know y they suddenly change on me.
Global Const $X_COORDINATE_ADDRESS = 0x005DAD20 ;0x005DAE34
Global Const $Y_COORDINATE_ADDRESS = 0x005DAD24 ;0x005DAE38

And the following are the steps to running it.

Step 1: Run conquer, log in ur char. (ur noob only, incase of botjail / click jail)

Step 2: Run Winject.exe and inject CO2Claw.dll into ur running process of conquer.

Step 3: Use cheatEngine or similar program to update the addresses for ur player coordinates and for ur mine cave question text-replies (using text search). Sorry bout this step :p

Step 4: Update those new addresses in house-permit-quest.au3

Step 5: Run house-permit-quest.au3 with ur autoit.

Step 6: Try out Alt+1 (it should buy 2 tc scrolls), Alt+2 should go from pharmacist to market, Alt+3 mk to craftsman (trades for wood), Alt+5 craftsman to carpenter (trades for rosewood), Use a tc scroll and press Alt+4, that should send ya to mine caves (coords inside cave are now inaccurate :p, u made need to click to help it once inside).

The new one seems like more of a pain than the old one atm... But no more Alt+L for its learning of mouse to map coordinates :D, plus it jumps faster and is faster at following the waypoints.

I need to find those functions for talking to NPCs and for moving items from inventory to wh, its gonna take forever to find those functions.

Edit: for your X-Coordinate try address 0x005DAE2C, and for your Y-Coordinate try address 0x005DAE30. Idk y they suddenly moved and seemed to become fixed again.

Update: found a function for clicking the guard w/o using the mouse.

StrRes.ini:
100029=Hold the Ctrl key and left click to attack the guard.

100029 is 186BD in hexidecimal

search "push 186BD"

004C7693 |. 68 BD860100 PUSH 186BD

scroll to top of function

Starts at 004C746F

now seach CALL 004C746F

When i add a break point here, and click on the Guard, the code stops at the breakpoint. But looks like for attack guard, not for talk to NPC. I'll keep looking.

Edit: Its for attack monster too, not just guard it seems. that EDI might be the ID-number of the thing its told to attack. Not really good useful for this bot, but for anothe bot maybe, one used for melee hunting or something.