[CODE]Ingame Functions( POST YOUR FINDINGS HERE )

my classmate is a software engineer i would like to ask what programming language i need to use to make a clientless bot? i want to ask him but he ask me what programming language coz hes not familiar with botting in online game

I am using C++ but you can use any language like C# as well.

do you think he can make a bot for aura kingdom? can you give me some hints or things i will tell him so that he can understand me what i want him to do

Ok, I spent 3 hours writing this basic piece of C code...

This was for me a needed step to make sure I have the correct base address of the game before coding anything.

Now, the first thing I ask myself is : is the base address the same depending the server ? I know that I have the french version of the game (only one french server available ig), but I don't know if this fact is data-only driven or if the client exe is different from another country version, meaning that maybe the base address is not the same.

Could someone verify its base address with CE or simply by outputing the hp value in my code and verifying it works ?

I'll try to get some usefull offsets with CE before coding some bot logic, and will come back later with usefull things as ntKid did in the first post.


edit :
I tried to reverse the entire player data where I got the hp previously. Here is what I deduced :
edit 2014/02/16 : Updated the code with what is this time a static base address.

[UPDATE]( 1 ) ( CHECK FIRST POST )
-Added SelectNearestTarget function using game engine( without sending tab key ) to my research
-Linked AlainProvist research on post #19 to first post.

I edited my previous post with a reversed player data (still not completely reversed).

Quote:

Originally Posted by AlainProvist I edited my previous post with a reversed player data (still not completely reversed).

Very nice Alain but i still think you are making your life very hard by not being in the process context, if you are using C/C++ why not perform a DLL injection?

Quote:

Originally Posted by Oriya9 That'd be a game-changing event. would damn love to see the encryption algorithm released. will you also release the source of such packet sniffer?

Damn, the Silkroad exploid God is playing AK too..
Well people be ready for some sick hacks/dupes soon i guess :rolleyes:

Damn this community is progressing pretty fast compared to a few days ago, I feel pretty crap for not being able to contribute.

geezzz....

this BOTTING things make me sorry for join graphic designer college :D

Quote:

Originally Posted by AlainProvist Ok, I spent 3 hours writing this basic piece of C code... This was for me a needed step to make sure I have the correct base address of the game before coding anything. PHP Code: #include <windows.h> #include <TlHelp32.h> #include <iostream> #include <tchar.h> using namespace std; DWORD FindProcessByName(const std::wstring& processName) {     HANDLE hProcessSnap;     //HANDLE hProcess;     PROCESSENTRY32 pe32;     //DWORD dwPriorityClass;     // Take a snapshot of all processes in the system.     hProcessSnap = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );     if( hProcessSnap == INVALID_HANDLE_VALUE )     {         return( FALSE );     }     // Set the size of the structure before using it.     pe32.dwSize = sizeof( PROCESSENTRY32 );     // Retrieve information about the first process,     // and exit if unsuccessful     if( !Process32First( hProcessSnap, &pe32 ) )     {         CloseHandle( hProcessSnap );          // clean the snapshot object         return( FALSE );     }     // Now walk the snapshot of processes, and     // display information about each process in turn     do     {         if ( !processName.compare(pe32.szExeFile) )         {             CloseHandle(hProcessSnap);             return pe32.th32ProcessID;         }     } while( Process32Next( hProcessSnap, &pe32 ) );     CloseHandle( hProcessSnap );     return( 0 ); } DWORD dwGetModuleBaseAddress(DWORD dwProcessIdentifier, TCHAR *lpszModuleName) {     HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwProcessIdentifier);     DWORD dwModuleBaseAddress = 0;     if(hSnapshot != INVALID_HANDLE_VALUE)     {         MODULEENTRY32 ModuleEntry32 = {0};         ModuleEntry32.dwSize = sizeof(MODULEENTRY32);         if(Module32First(hSnapshot, &ModuleEntry32))         {             do             {                 if(_tcscmp(ModuleEntry32.szModule, lpszModuleName) == 0)                 {                     dwModuleBaseAddress = (DWORD)ModuleEntry32.modBaseAddr;                     break;                 }             }             while(Module32Next(hSnapshot, &ModuleEntry32));         }         CloseHandle(hSnapshot);     }     return dwModuleBaseAddress; }  int main() {     DWORD pID = FindProcessByName(L"game.bin"); //Get PID of Process     if( pID == 0 )     {         printf("Process not found!\n");         return 0;     }     DWORD staticOffset = 0x00B509D4;// base address got from CE     HANDLE handle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pID);     DWORD baseAddr = dwGetModuleBaseAddress(pID, L"game.bin");     // Example : Read Current HP     {         DWORD Addr;         DWORD HP, HPmax;         ReadProcessMemory(handle, (LPCVOID)(baseAddr+staticOffset), &Addr, 4, NULL);         ReadProcessMemory(handle, (LPCVOID)(Addr+0x7b4), &Addr, 4, NULL);         ReadProcessMemory(handle, (LPCVOID)(Addr+0x7e8), &Addr, 4, NULL);         ReadProcessMemory(handle, (LPCVOID)(Addr+0x478), &Addr, 4, NULL);         ReadProcessMemory(handle, (LPCVOID)(Addr+0x28), &Addr, 4, NULL);         ReadProcessMemory(handle, (LPCVOID)(Addr+0x7fc+0x8), &HP, 4, NULL);         ReadProcessMemory(handle, (LPCVOID)(Addr+0x7fc+0x24), &HPmax, 4, NULL);         char name[100];         int it = -1;         do          {             ReadProcessMemory(handle, (LPCVOID)(Addr+0x7fc+0x100+it), &(name[++it]), 1, NULL);         } while(name[it] != 0x0);                  printf("%s\nHP : %d/%d\n", name, HP, HPmax);     }     CloseHandle(handle);     return 0; }  Now, the first thing I ask myself is : is the base address the same depending the server ? I know that I have the french version of the game (only one french server available ig), but I don't know if this fact is data-only driven or if the client exe is different from another country version, meaning that maybe the base address is not the same. Could someone verify its base address with CE or simply by outputing the hp value in my code and verifying it works ? I'll try to get some usefull offsets with CE before coding some bot logic, and will come back later with usefull things as ntKid did in the first post. edit : I tried to reverse the entire player data where I got the hp previously. Here is what I deduced : PHP Code: struct PlayerData         {             DWORD unk1;//0             DWORD unk2;//4             DWORD currentHP;//8             DWORD unk3;//C             DWORD level;//10             DWORD unk4;//14             DWORD speedmove;//18             DWORD critrate;//1C             DWORD speed;//20             DWORD HPmax;//24             DWORD def;//28             DWORD eva;//2C             DWORD critval;//30             DWORD acc;//34             DWORD regen;//38             DWORD unk5;//3C             DWORD unk6;//40             DWORD unk7;//44             DWORD dmg;//48             //DWORD score;//54             //DWORD currentExp;//68         };

CAN I USE MICROSOFT C++ ?
it Says..........


Compiling...
Cpp1.cpp
c:\documents and settings\ghenalenser\my documents\cpp1.cpp(37) : error C2664: 'int __thiscall std::basic_string<unsigned short,struct std::char_traits<unsigned short>,class std::allocator<unsigned short> >::compare(const class std::basic_string<uns
igned short,struct std::char_traits<unsigned short>,class std::allocator<unsigned short> > &) const' : cannot convert parameter 1 from 'char [260]' to 'const class std::basic_string<unsigned short,struct std::char_traits<unsigned short>,class std::a
llocator<unsigned short> > &'
Reason: cannot convert from 'char [260]' to 'const class std::basic_string<unsigned short,struct std::char_traits<unsigned short>,class std::allocator<unsigned short> >'
No constructor could take the source type, or constructor overload resolution was ambiguous
c:\documents and settings\ghenalenser\my documents\cpp1.cpp(85) : error C2664: 'dwGetModuleBaseAddress' : cannot convert parameter 2 from 'unsigned short [9]' to 'char *'
Types pointed to are unrelated; conversion requires reinterpret_cast, C-style cast or function-style cast
Error executing cl.exe.

Cpp1.exe - 2 error(s), 0 warning(s)

Quote:

Originally Posted by Shane¸ you're pretty impatient

sorry sempai, this anticipation and excitement is killing me lol

Guys do have any sites that offer tutorials on C++? I was an IT student when I was still on my first 2 years in uni so I quite know the basics but I've forgotten some things. So if anyone wants to share sites that are useful I would appreciate it. And I could also use the tools that you are using like compilers and such.

Quote:

Originally Posted by ntKid Very nice Alain but i still think you are making your life very hard by not being in the process context, if you are using C/C++ why not perform a DLL injection?

I'm not sure dll injection could make this easier. Deducing data structure from CE will be the same, accessing memory will be pretty similar, and I will gain access to opcode to modify it with hook/detouring functions but I'm not very skilled with this last point cause asm is not my cup of tea :p. I can read some basics instructions in asm and understand partial things but there is no way I write something in asm ^^.


@lensur13 : I compiled it with my old VS2008. No offense, but if you are not able to fix some small compilation errors like these ones, I assume that this code won't bring you anything since it's just reading the stats of your player for now.

Quote:

Originally Posted by NF725GM Guys do have any sites that offer tutorials on C++? I was an IT student when I was still on my first 2 years in uni so I quite know the basics but I've forgotten some things. So if anyone wants to share sites that are useful I would appreciate it. And I could also use the tools that you are using like compilers and such.

Unfortunatly I know a very good website with the greatest tuto I've ever seen (better than a real teacher actually), but it's in french only :'(.


edit: Holy crap !!! my offsets are no more valid ! I must have failed finding the base offset xD shame on me...

[UPDATE]( 1 ) ( CHECK FIRST POST )
-Added SelectNearestTarget function using game engine( without sending tab key ) to my research
-Linked AlainProvist research on post #19 to first post.

[UPDATE]( 2 ) ( CHECK FIRST POST )
-Added basic editable LUA multiclient bot example using AFKLoader and the published functions.