PWI Eclipse changes

Page 2 of 17

01/14/2015 20:03 Stark77#16

i love u - the pathing is working - thanks again :handsdown:

the address finder sadly isnt working for me:
Base Address = 0x00D22C74
SendPacket Address = 0x415E0BF420000000
AutoPath Address = 0x4151565020000000

01/14/2015 20:47 denzjh#17

Can u upload the elementclient.exe and link it here? I will try and check whats wrong with it...

01/14/2015 21:03 Stark77#18

sure. i put it in the attachment. thanks for your effort.

below is my autohotkey version of your autopathing in case some uses this. code AND comments sponsored by Interest in WQ pot :P

Spoiler

01/15/2015 06:50 denzjh#19

Quote:

Originally Posted by Stark77

sure. i put it in the attachment. thanks for your effort.

below is my autohotkey version of your autopathing in case some uses this. code AND comments sponsored by Interest in WQ pot :P

Spoiler

global realBaseAddress := 0xD22C74
global AutoPathAddress := 0x455940

autopath(X,Y,Z=0)
{
if X < 1000
X := floattohex((X*10)-4000)
if Y < 1000
Y := floattohex((Y*10)-5500)
revHex(revX, X)
revHex(revY, Y)
revHex(revZ, Z)
revHex(revBaseAddress, realbaseAddress)
revHex(revAutoPathAddress, AutoPathAddress)

winget, pid, PID, ahk_pid %processID%
ProcessHandle := DllCall("OpenProcess", "int", 2035711, "char", 1, "UInt", PID, "UInt")
functionSize := 0x7F
functionAddress := DllCall("VirtualAllocEx", "Uint", ProcessHandle, "Uint", 0, "Uint", functionSize, "Uint", 0x1000, "Uint", 0x40)
func =
func = %func%60
func = %func%B9%revY%
func = %func%BA%revZ%
func = %func%B8%revX%
func = %func%6a00
func = %func%51
func = %func%52
func = %func%50
func = %func%6a03
func = %func%6a00
func = %func%6a00
func = %func%684A010000
func = %func%b9%revBaseAddress%
func = %func%8B09
func = %func%83C11C
func = %func%8B09
func = %func%BB%revAutoPathAddress%
func = %func%FFD3
func = %func%B9%revZ%
func = %func%6A00
func = %func%6A00
func = %func%6A00
func = %func%51
func = %func%6A01
func = %func%6A00
func = %func%6A00
func = %func%684A010000
func = %func%B9%revBaseAddress%
func = %func%8B09
func = %func%83C11C
func = %func%8B09
func = %func%BB%revAutoPathAddress%
func = %func%FFD3
func = %func%61
func = %func%C3

MCode(autopathFunction, func)
DllCall("WriteProcessMemory", "UInt", ProcessHandle, "UInt", functionAddress, "Uint", &autopathFunction, "Uint", functionSize, "Uint *", 0)
SetFormat, IntegerFast, d
hThrd := DllCall("CreateRemoteThread", "Uint", ProcessHandle, "Uint", 0, "Uint", 0, "Uint", functionAddress, "Uint", 0, "Uint", 0, "Uint", 0)
loop
{
result := DllCall( "WaitForSingleObject", UInt,hThrd, UInt,50 )
if(result <> 258)
{
break
}
sleep 50
if(A_Index > 100)
{
break
}
}
DllCall( "CloseHandle", UInt,hThrd )
DllCall("VirtualFreeEx", "Uint", ProcessHandle, "Uint", functionAddress, "Uint", 0, "Uint", 0x8000)
DllCall( "CloseHandle", UInt,ProcessHandle )
}

MCode(ByRef code, hex) { ; allocate memory and write Machine Code there
VarSetCapacity(code,StrLen(hex)//2)
Loop % StrLen(hex)//2
NumPut("0x" . SubStr(hex,2*A_Index-1,2), code, A_Index-1, "Char")
}

Are you using the script (the one for searching for Base/SendPacket/AutoPath Address) in AutoIt or are you converting them to AutoHotKey?

I attached a zip file with some compiled exe's and the script for the said address retriever.

And here is the code for the said address retriever (PWI client v829 aka PWI Eclipse client):

Spoiler

Code:

Opt("GUICloseOnESC", 0)
Opt("GUIOnEventMode", 1)
Opt("TrayAutoPause", 0)
Opt("TrayMenuMode", 1)

GUICreate("PWI Essential Addresses", 400, 140)
GUISetOnEvent($GUI_EVENT_CLOSE, "_Exit")
GUICtrlCreateLabel("Base: ", 5, 10)
$OUTPUT_BASE = GUICtrlCreateInput("0x00000000", 100, 10, 80, 18)
GUICtrlCreateLabel("Send Packet: ", 5, 30)
$OUTPUT_PACKET = GUICtrlCreateInput("0x00000000", 100, 30, 80, 18)
GUICtrlCreateLabel("Auto Path: ", 5, 50)
$OUTPUT_AUTOPATH = GUICtrlCreateInput("0x00000000", 100, 50, 80, 18)

GUICtrlCreateLabel("Game Client: ", 5, 80)
$DEFAULT_FOLDER = @ProgramFilesDir & "\Arc\PWI_En\element\"
$DEFAULT_CLIENT = "elementclient.exe"
$INPUT_GAME = GUICtrlCreateInput($DEFAULT_FOLDER & $DEFAULT_CLIENT, 100, 80, 290, 18)
GUICtrlCreateButton("Browse", 100, 100, 50, 25)
GUICtrlSetOnEvent(-1, "GetClientExe")
GUICtrlCreateButton("Retrieve", 160, 100, 50, 25)
GUICtrlSetOnEvent(-1, "RetrieveAddress")
GUISetState()
While 1
	Sleep(100)
WEnd

Func GetClientExe()
	$EXE = FileOpenDialog("Perfect World Client", $DEFAULT_FOLDER, "Executable (*.exe)", 1, $DEFAULT_CLIENT)
	GUICtrlSetData($INPUT_GAME, $EXE)
EndFunc

Func RetrieveAddress()
	GUICtrlSetData($OUTPUT_BASE, "0x00000000")
	GUICtrlSetData($OUTPUT_PACKET, "0x00000000")
	GUICtrlSetData($OUTPUT_AUTOPATH, "0x00000000")
	$EXE = GUICtrlRead($INPUT_GAME)
	If @error Then Return
	$FILE = FileOpen($EXE, 16)
	$DATA = FileRead($FILE, FileGetSize($EXE))
	FileClose($FILE)
	$OPCODEBASE = 'A1(.{8})5332DB8B48.{2}'
	$BASE = StringRegExp($DATA, $OPCODEBASE, 1)
	$OPCODEPACKET = '6AFF68.{8}64A100000000506489250000000083EC185356578BF96A07'
	$PACKET = StringRegExp($DATA, $OPCODEPACKET, 1)
	$OPCODEAUTOPATH = '6AFF68.{8}64A100000000506489250000000083EC2053568BF18D4C2408E8.{8}8B4C243C8B542440'
	$AUTOPATH = StringRegExp($DATA, $OPCODEAUTOPATH, 1)
	If @error Then
		MsgBox(0, "Issues Attaching For Offsets", "There may be another bot attached to this process. Please close that bot and try again")
		Return
	EndIf
	$REALBASEADDRESS = '0x' & Rev($BASE[0])
	$SENDPACKETADDRESS = '0x' & Hex(StringInStr($DATA, $PACKET[0])/2 + 0x400000 - 1)
	$AUTOPATHADDRESS = '0x' & Hex(StringInStr($DATA, $AUTOPATH[0])/2 + 0x400000 - 1)

	GUICtrlSetData($OUTPUT_BASE, $REALBASEADDRESS)
	GUICtrlSetData($OUTPUT_PACKET, $SENDPACKETADDRESS)
	GUICtrlSetData($OUTPUT_AUTOPATH, $AUTOPATHADDRESS)
EndFunc

Func Rev($string)
	Local $all
	For $i = StringLen($string) + 1 To 1 Step -2
		$all = $all & StringMid($string, $i, 2)
	Next
	Return $all
EndFunc

Func _Exit()
	Exit
EndFunc

01/15/2015 14:30 Stark77#20

thank you alot =)

i am still not sure why this happens but the .exe gives me the correct results. if i run the script in autoit (SciTE editor) its not working. maybe autohotkey and autoit have a conflict. if i compile the au3-file to an exe, this is also not working. ill try to investigate this abit and reinstall autoit. but its working. great job :handsdown:

01/15/2015 18:35 jollyjoker0305#21

Sorry, i didn't get it clear. PW now have 2 type of Auto Move, i don't know what it's named but this is what they do:
- One can avoid object and only work when you are running or riding your mount
- One go direct to target, and if you are flying, you can adjust Z or stop flying when reach target

What is denzjh's function for?

If you need, i will give you the function i'm using. It is "very old way" move and can fly up/down vertically. But beware, it not use packet to move because i'm too lazy to write a "distance traveled calculator"

01/15/2015 20:14 Stark77#22

the function in this thread is the autopathing (alt+clickL ingame).

it moves to x,y and avoids obstacles like trees. while flying, it can only adjust the height in 45 degree. so it can not fly vertical up and down. u can also choose to drop down if u are at the destination after flying.

so if u can provide a method to fly vertically without packets or key sending, iam sure it would be useful for the community here.

01/22/2015 17:05 Smurfin#23

Any news on the other movement method yet ? The one for moving vertically.

01/25/2015 13:43 Remmm#24

injeckt moveToXYZ

Code:

 Walk1 = $49FF80;
  Walk2 = $4A6320;
  Walk3 = $4A0590;
  ActArr = $13EC;
 injcode.s ="60"                   ;60             PUSHAD
 injcode=injcode+"b800000000"      ;B8 00000000    MOV EAX,#Baseadr
 injcode=injcode+"8b00"            ;8B00           MOV EAX,DWORD PTR DS:[EAX]
 injcode=injcode+"8b401c"          ;8B40 1C        MOV EAX,DWORD PTR DS:[EAX+1C]
 injcode=injcode+"8b7028"          ;8B70 28        MOV ESI,DWORD PTR DS:[EAX+28]
 injcode=injcode+"8B8E00000000"    ;8B8E 11111111  MOV ECX,DWORD PTR DS:[ESI+ActArr]
 injcode=injcode+"6a01"            ;6A 01          PUSH 1
 injcode=injcode+"BA00000000"      ;BA 00000000    MOV EDX,Walk1
 injcode=injcode+"FFD2"            ;FFD2           CALL EDX
 injcode=injcode+"8bf8"            ;8BF8           MOV EDI,EAX
 injcode=injcode+"8d442418"        ;8D4424 18      LEA EAX,DWORD PTR SS:[ESP+18]
 injcode=injcode+"50"              ;50             PUSH EAX
 injcode=injcode+"ba00000000"      ;BA 00000000    MOV EDX, fly mode
 injcode=injcode+"52"              ;52             PUSH EDX
 injcode=injcode+"8bcf"            ;8BCF           MOV ECX,EDI
 injcode=injcode+"BA00000000"      ;BA 00000000    MOV EDX,Walk2
 injcode=injcode+"ffd2"            ;FFD2           CALL EDX
 injcode=injcode+"8b8e00000000"    ;8B8E 22222222  MOV ECX,DWORD PTR DS:[ESI+ActArr]
 injcode=injcode+"b800000000"      ;B8 00000000    MOV EAX,x
 injcode=injcode+"8bd7"            ;8BD7           MOV EDX,EDI
 injcode=injcode+"83c220"          ;83C2 20        ADD EDX,20
 injcode=injcode+"8902"            ;8902           MOV DWORD PTR DS:[EDX],EAX
 injcode=injcode+"b800000000"      ;B8 00000000    MOV EAX,z
 injcode=injcode+"8bd7"            ;8BD7           MOV EDX,EDI
 injcode=injcode+"83c224"          ;83C2 24        ADD EDX,24
 injcode=injcode+"8902"            ;8902           MOV DWORD PTR DS:[EDX],EAX
 injcode=injcode+"b800000000"      ;B8 00000000    MOV EAX,y
 injcode=injcode+"8bd7"            ;8BD7           MOV EDX,EDI
 injcode=injcode+"83c228"          ;83C2 28        ADD EDX,28
 injcode=injcode+"8902"            ;8902           MOV DWORD PTR DS:[EDX],EAX
 injcode=injcode+"6A00"            ;6A 00          PUSH 0
 injcode=injcode+"6A01"            ;6A 01          PUSH 1
 injcode=injcode+"57"              ;57             PUSH EDI
 injcode=injcode+"6A01"            ;6A 01          PUSH 1
 injcode=injcode+"BA00000000"      ;BA 00000000    MOV EDX,Walk3
 injcode=injcode+"ffd2"            ;FFD2           CALL EDX
 injcode=injcode+"61"              ;61             POPAD
 injcode=injcode+"c3"              ;C3             RETN

01/25/2015 20:16 denzjh#25

Well here is the AutoIt version of the said script. ^_^
Attached is the Address Retriever which includes the 3 new Addresses of the Called Built-in Functions for this new MoveTo Function

It can move vertically so Rejoice!
^___^

Spoiler

Code:

$ADDRESS_BASE = 0xD22C74
$ADDRESS_ACTION1 = 0x49FF80
$ADDRESS_ACTION2 = 0x4A6320
$ADDRESS_ACTION3 = 0x4A0590
$OFFSET_ACTIONBASE = 0x13EC

Func MoveXYZ($GAME_X, $GAME_Y, $GAME_Z, $MOVEVERT=0)
	$DEST_X = $GAME_X*10-4000
	$DEST_Y = $GAME_Y*10-5500	
	$DEST_Z = $GAME_Z*10
	MoveTo($DEST_X, $DEST_Y, $DEST_Z, $MOVEVERT)
EndFunc

Func MoveTo($DEST_X, $DEST_Y, $DEST_Z, $FLYMODE=0)
	;Declare local variables

	;Open process for given processId
	$processHandle = $GAME_PROCESS[1]

	;Allocate memory for the OpCode and retrieve address for this
	$functionAddress = DllCall('kernel32.dll', 'int', 'VirtualAllocEx', 'int', $processHandle, 'ptr', 0, 'int', 100, 'int', 0x1000, 'int', 0x40)

	;Construct the OpCode for calling the 'MoveXYZ' function
	$OPcode = "60"                   			;60             PUSHAD
	$OPcode &= "B8" & _Hex($ADDRESS_BASE)     	;B8 00000000    MOV EAX,#Baseadr
	$OPcode &= "8B00"            				;8B00           MOV EAX,DWORD PTR DS:[EAX]
	$OPcode &= "8B401C"          				;8B40 1C        MOV EAX,DWORD PTR DS:[EAX+1C]
	$OPcode &= "8B7028"          				;8B70 28        MOV ESI,DWORD PTR DS:[EAX+28]
	$OPcode &= "8B8E" & _Hex($OFFSET_ACTIONBASE);8B8E 11111111  MOV ECX,DWORD PTR DS:[ESI+ActArr]
	$OPcode &= "6A01"            				;6A 01          PUSH 1
	$OPcode &= "BA" & _Hex($ADDRESS_ACTION1)    ;BA 00000000    MOV EDX,Walk1
	$OPcode &= "FFD2"            				;FFD2           CALL EDX
	$OPcode &= "8BF8"            				;8BF8           MOV EDI,EAX
	$OPcode &= "8D442418"        				;8D4424 18      LEA EAX,DWORD PTR SS:[ESP+18]
	$OPcode &= "50"              				;50             PUSH EAX
	$OPcode &= "BA" & _Hex($FLYMODE)      		;BA 00000000    MOV EDX, fly mode
	$OPcode &= "52"              				;52             PUSH EDX
	$OPcode &= "8BCF"            				;8BCF           MOV ECX,EDI
	$OPcode &= "BA" & _Hex($ADDRESS_ACTION2)    ;BA 00000000    MOV EDX,Walk2
	$OPcode &= "FFD2"            				;FFD2           CALL EDX
	$OPcode &= "8B8E" & _Hex($OFFSET_ACTIONBASE);8B8E 22222222  MOV ECX,DWORD PTR DS:[ESI+ActArr]
	$OPcode &= "B8" & _Hex($DEST_X, 8, 'float') ;B8 00000000    MOV EAX,x
	$OPcode &= "8BD7"            				;8BD7           MOV EDX,EDI
	$OPcode &= "83C220"          				;83C2 20        ADD EDX,20
	$OPcode &= "8902"            				;8902           MOV DWORD PTR DS:[EDX],EAX
	$OPcode &= "B8" & _Hex($DEST_Z, 8, 'float') ;B8 00000000    MOV EAX,z
	$OPcode &= "8BD7"            				;8BD7           MOV EDX,EDI
	$OPcode &= "83C224"          				;83C2 24        ADD EDX,24
	$OPcode &= "8902"            				;8902           MOV DWORD PTR DS:[EDX],EAX
	$OPcode &= "B8" & _Hex($DEST_Y, 8, 'float') ;B8 00000000    MOV EAX,y
	$OPcode &= "8BD7"            				;8BD7           MOV EDX,EDI
	$OPcode &= "83C228"          				;83C2 28        ADD EDX,28
	$OPcode &= "8902"            				;8902           MOV DWORD PTR DS:[EDX],EAX
	$OPcode &= "6A00"            				;6A 00          PUSH 0
	$OPcode &= "6A01"            				;6A 01          PUSH 1
	$OPcode &= "57"              				;57             PUSH EDI
	$OPcode &= "6A01"            				;6A 01          PUSH 1
	$OPcode &= "BA" & _Hex($ADDRESS_ACTION3)    ;BA 00000000    MOV EDX,Walk3
	$OPcode &= "FFD2"            				;FFD2           CALL EDX
	$OPcode &= "61"              				;61             POPAD
	$OPcode &= "C3"              				;C3             RETN

	;Put the OpCode into a struct for later memory writing
	$vBuffer = DllStructCreate('byte[' & StringLen($OPcode) / 2 & ']')
	For $loop = 1 To DllStructGetSize($vBuffer)
		DllStructSetData($vBuffer, 1, Dec(StringMid($OPcode, ($loop - 1) * 2 + 1, 2)), $loop)
	Next

	;Write the OpCode to previously allocated memory
	DllCall('kernel32.dll', 'int', 'WriteProcessMemory', 'int', $processHandle, 'int', $functionAddress[0], 'int', DllStructGetPtr($vBuffer), 'int', DllStructGetSize($vBuffer), 'int', 0)


	;Create a remote thread in order to run the OpCode
	$hRemoteThread = DllCall('kernel32.dll', 'int', 'CreateRemoteThread', 'int', $processHandle, 'int', 0, 'int', 0, 'int', $functionAddress[0], 'ptr', 0, 'int', 0, 'int', 0)

	;Wait for the remote thread to finish
	Do
		$result = DllCall('kernel32.dll', 'int', 'WaitForSingleObject', 'int', $hRemoteThread[0], 'int', 50)
	Until $result[0] <> 258

	;Close the handle to the previously created remote thread
	DllCall('kernel32.dll', 'int', 'CloseHandle', 'int', $hRemoteThread[0])

	;Free the previously allocated memory
	DllCall('kernel32.dll', 'ptr', 'VirtualFreeEx', 'hwnd', $processHandle, 'int', $functionAddress[0], 'int', 0, 'int', 0x8000)

	Return True
EndFunc

Func _Hex($Value, $size=8, $type="int")
	Local $tmp1, $tmp2, $i
	If($type = "int") Then
        $tmp1 = StringRight("000000000" & Hex($Value), $size)
    ElseIf($type = "float") Then
        $tmp1 = StringRight("000000000" & _FloatToHex($Value), $size)
    EndIf
    For $i = 0 To StringLen($tmp1) / 2 - 1
        $tmp2 = $tmp2 & StringMid($tmp1, StringLen($tmp1) - 1 - 2 * $i, 2)
    Next
    Return $tmp2
EndFunc

01/25/2015 21:01 Stark77#26

You guys are the best :D

i'd love to know how to find such OPcodes but thanks alot for sharing this. :handsdown:

Also thanks for the exe version of the address finder. I still havent figured out why the au3 isnt working for me so this is very helpful.

here copy pasted to AHK:

Spoiler

Code:

normalMoveTo(X,Y,Z=0,flyflag=0)
{
	if (X < 1000)
	{
		X := floattohex((X*10)-4000) 
		Y := floattohex((Y*10)-5500) 
		Z := floattohex(Z*10)
	}
		
	revHex(revX, X)
	revHex(revY, Y)
	revHex(revZ, Z)
	revHex(revBaseAddress, realbaseAddress)
	revHex(ADDRESS_ACTION1, 0x49FF80)
	revHex(ADDRESS_ACTION2, 0x4A6320)
	revHex(ADDRESS_ACTION3, 0x4A0590)
	revHex(OFFSET_ACTIONBASE, 0x13EC)
	revHex(FLYMODE, flyflag)
	
	winget, pid, PID, ahk_pid %processID%
	ProcessHandle 	:= 	DllCall("OpenProcess", "int", 2035711, "char", 1, "UInt", PID, "UInt")
	functionSize 	:=  0x6D
	functionAddress :=  DllCall("VirtualAllocEx", "Uint", ProcessHandle, "Uint", 0, "Uint", functionSize, "Uint", 0x1000, "Uint", 0x40)
	
	func =					
	func = %func%60
	func = %func%B8%revBaseAddress%
	func = %func%8B00
	func = %func%8B401C
	func = %func%8B7028
	func = %func%8B8E%OFFSET_ACTIONBASE%
	func = %func%6A01
	func = %func%BA%ADDRESS_ACTION1%
	func = %func%FFD2
	func = %func%8BF8
	func = %func%8D442418
	func = %func%50
	func = %func%BA%FLYMODE%
	func = %func%52
	func = %func%8BCF
	func = %func%BA%ADDRESS_ACTION2%
	func = %func%FFD2
	func = %func%8B8E%OFFSET_ACTIONBASE%
	func = %func%B8%revX%
	func = %func%8BD7
	func = %func%83C220
	func = %func%8902
	func = %func%B8%revZ%
	func = %func%8BD7
	func = %func%83C224
	func = %func%8902
	func = %func%B8%revY%
	func = %func%8BD7
	func = %func%83C228
	func = %func%8902
	func = %func%6A00
	func = %func%6A01
	func = %func%57
	func = %func%6A01
	func = %func%BA%ADDRESS_ACTION3%
	func = %func%FFD2
	func = %func%61
	func = %func%C3

	MCode(normalWalkFunction, func)
	DllCall("WriteProcessMemory", "UInt", ProcessHandle, "UInt", functionAddress, "Uint", &normalWalkFunction, "Uint", functionSize, "Uint *", 0)
	SetFormat, IntegerFast, d
	hThrd := DllCall("CreateRemoteThread", "Uint", ProcessHandle, "Uint", 0, "Uint", 0, "Uint", functionAddress, "Uint", 0, "Uint", 0, "Uint", 0)
	loop
	{
		result := DllCall( "WaitForSingleObject", UInt,hThrd, UInt,50 ) 
		if(result <> 258)
		{
			break
		}
		sleep 50
		if(A_Index > 100)
		{
			break
		}
	}
	DllCall( "CloseHandle", UInt,hThrd )
	DllCall("VirtualFreeEx", "Uint", ProcessHandle, "Uint", functionAddress, "Uint", 0, "Uint", 0x8000)
	DllCall( "CloseHandle", UInt,ProcessHandle ) 
}

-.-.-.-.-.-.--.-.-.-.-.-.--.-.-.-.-.-.--.-.-.-.-.-.--.-.-.-.-.-.--.-.-.-.-.-.--.-.-.-.-.-.-

Does anyone has a snipet how to use skills now since the action structs dont work? I am doing it with packets, but those dont move to the object so i use for skill a normal attack till the skill is in cooldown. see here:

Spoiler

to talk to a npc i move near it (must be lower than 5 meter) this way:

Spoiler

01/25/2015 21:22 Smurfin#27

Ah finally a working vertical movement script, and it's already in AutoIt. Thanks a ton ! :)

01/27/2015 11:46 denzjh#28

Quote:

Originally Posted by Stark77

Does anyone has a snipet how to use skills now since the action structs dont work? I am doing it with packets, but those dont move to the object so i use for skill a normal attack till the skill is in cooldown. see here:

For Interact-To-Dig

Spoiler

To Interact-To-TalktoNPC

Spoiler

For Interact-To-Normal Attack (Left Click the NPC when its already selected or double left click when not selected)

Spoiler

For Interact-To-Cast-Spell

Spoiler

For Cast Spell

Spoiler

As you will notice that there are 2 functions called similar to the MoveXYZ function by Remmm. These are "PWI.0049FF80" and "PWI.004A0590". And there are functions called in between them. Thus, we can name them as PerformAction and FinishAction respectively, Right?.

Unfortunately, I do not know ASM language and I can not translate them as Injectable Function... :facepalm:

Hopefully someone like Remmm can :D

01/27/2015 20:25 Remmm#29

Code:

Procedure PicWalcLyt(wid,type)
  calladr=$495C40
  GameAdr=$00D23414
  injcode.s ="60"                   ;60             PUSHAD 
  injcode=injcode+"B900000000"      ;B9 00000000    MOV ECX, GameAdr
  injcode=injcode+"8B09"            ;8B09           MOV ECX,DWORD PTR DS:[ECX]
  injcode=injcode+"8B4928"          ;8B49 28        MOV ECX,DWORD PTR DS:[ECX+28] ; pers_str
  injcode=injcode+"6800000000"      ;68 00000000    PUSH 0-lyt , 1- mine
  injcode=injcode+"6800000000"      ;68 00000000    PUSH wid
  injcode=injcode+"BB00000000"      ;BB 00000000    MOV EBX,caladr
  injcode=injcode+"FFD3"            ;FFD3           CALL EBX
  injcode=injcode+"61"              ;61             POPAD
  injcode=injcode+"c3"              ;C3             RETN

[Only registered and activated users can see links. Click Here To Register...]

01/28/2015 14:07 Underavelvetmoon#30

So if im correct after reading those snippets, in order to make a function (That doesnt come from Packets or Memory Read/Write) you pretty much copy the opcode from IDA/Olly, find where the function parameters are, attach them to (in my case) autoit declarations e.g Func Move($X, $Y, $Z) then a bunch of opcode where x y z are put into use?

That seems incredibly simple - albeit ive never attempted that - but does make a lot of sense. Would make it incredibly easy to make an API or something if thats the case.

Its a shame that theres no generalized API for PWI, like gwa2 for Guild Wars. Would make coding much more easy, but I guess this way you learn a lot. I would never start experimenting with opcode xD

Page 2 of 17

Last »