AutoIt code cave no DLLs xD ToxicFog leveler example

Quote:

Originally Posted by trash TLS?

I see, thread local storage... thanks trash.

Well, ur much better off doing that in c/c++, c# or any other language. But u can do it, its just using DllCall() to call system functions after all.

E.g. These functions:

TlsAlloc(), TlsGetValue(), TlsSetValue(), TlsFree()... u can access them via DllCall on Kernel32.dll.... but its a pain in the a$$.

$result = DllCall("Kernel32.dll", "int", "TlsSetValue", "int", $dwTlsIndex, "ptr", $lpTlsValue)

Leaving the boolean return value in $result[0]. And $result[1] & $result[2] how the values of the parameters (incase passed by reference and value changed).

so long and ugly :D ... stick to c++ :p

Edit: Just been thinking about that, i see why ya want in assembly or machine code, using that DllCall there is useless bcuz the Tls functions will only be for the AutoIt process and not the conquer process (if i understand correctly). So i recon ur bettter off making a DLL using those functions and injecting it. And if ya really wanna inject it using autoit, just do the DllCalls to VirtualAllocEx(), WriteProcessMemory(), CreateRemoteThread()... which is a pain :p (And if u want no DLL file, u can make another program that writes autoit code to construct a string ($code or something) containing all the bytes of the DLL file, include it in ur source code and inject the string data... extremely ugly :D )

i got a little problem that when i log my ninja n open up teh auto lvler fog which is dc my co client :it happended to em 2 x

Quote:

Originally Posted by rongbo i got a little problem that when i log my ninja n open up teh auto lvler fog which is dc my co client :it happended to em 2 x

just take the code as an example for when ur programming in AutoIt . Your conquer.exe might be a different version to mine (so wont work bcuz the functions are at different memory location).
If you know how to locate the co-function using ollyDbg, then u can rewrite the code for ur client and make ur own bot.

basically... go into ini/stringres.ini (if i remember correctly)... look for an error message that occurs (like "you can't jump here")

then u'll have

<some number> = "you can't jump here"

convert that <some number> into hexidecimal using scientific mode on ur windows calculator (start -> run -> calc.exe) or anything u like.

then

open conquer.exe up w/ ollydbg

press ctrl+f for find

look for "push <that some number in hexidecimal>"

when ya find it in the code... scroll up until u see a line that says RETN, then go one line below it... and whola that is probably the memory address of the jump() function... change that Mov_EAX(<new jump() function address>) inside the conquer jump function in autoit.

u can repeat this to find other functions

like for scatter i think u use the error "please rest before using magic" or something like that (u get this from trying to scatter too fast)

above this lines is probably the worst junk u guys have ever read... im not good at writing tuts xD.

and everytime TQ updates their conquer.exe... do it all again lol

Quote:

Originally Posted by clintonselke u can repeat this to find other functions like for scatter i think u use the error "please rest before using magic" or something like that (u get this from trying to scatter too fast) above this lines is probably the worst junk u guys have ever read... im not good at writing tuts xD. and everytime TQ updates their conquer.exe... do it all again lol

The easiest way for finding the skill use functions is finding the address that contains your current selected skill, and use Cheat Engine, ollydbg, or whatever to find out what instructions that accesses that address :p.