CO2 Memory Addresses and Examples

Page 2 of 4

12/03/2006 17:34 toreddo#16

Quote:

Originally posted by ColdStart+Dec 3 2006, 17:06--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (ColdStart @ Dec 3 2006, 17:06)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin--smoothjonny@Dec 3 2006, 00:14
for once i don't mind the double posts =P

...this kid seems like the real deal... watch out prog4mer (cuz i see you're here too atm)

he's a noob after our hearts :)

The only reasons why I double posted are that the editing function is extremely screwed up for the first post, so it is harder to manage and the guide to find static "base" address pointers from dynamic pointers is incredibly long.

I am only here to help. Capturing the hearts of thousands is just a perk.

Glad you think of me positively :) [/b][/quote]
Wow nice list, i want you in my msn :P

12/03/2006 17:56 ColdStart#17

Quote:

Originally posted by toreddo@Dec 3 2006, 11:34
Wow nice list, i want you in my msn :P

Hopefully this list won't become TOO innacurate after patch 4330. I will have to check up on it after this patch because it modifies a lot of the game, which also leaves a greater amount of variables, so their pointer addresses may change. Also, I will try to get the MP amount soon, but I am having trouble getting a reliable dynamic pointer, since the value either doesn't change or just disappears. If I don't have a dynamic pointer, I definitely won't have a static "base" pointer. Perhaps the other users reading this thread might want to help out.

12/03/2006 19:18 yokoyoko#18

tested your code, ColdStart, it works so perfectly ^^

and my way of getting PID worked also. It's

Code:

WinGet, pid, PID, MyCharName

of course you'll need the CO window renaming tool found here

[Only registered and activated users can see links. Click Here To Register...]

only problem I can see is if u use some other rename tool for other bots/macros, such as cukcoss's auto cotobo reconnector. But the thing is, if u'r using a macro like me, Autohotkey need need to click on the window, and obviously CoReconnect would activate the window that u don't want (no offense to the creator) . So there should be no problem using my way of finding PID, or at it should be expect ^^

12/03/2006 23:30 asdfasdfasdfj#19

2 things, why are you using autohotkeys yoko? its based off of autoit v2, v3 is out and i find the scripting much easier (the quotes allow me to actually see things seperately o.o) and the person who made the reconnector (i made a very simple one, his is better) could have used the ControlMouseClick function (autoit v3) (i think thats what the functions called, something like that) combined with an input box, and it would only reconnect on a window with a certain name, and that window could be running in backround. (or of course, you could always use co2swaps persistant mine function, but thats off topic ;))

12/04/2006 01:59 Christoph_#20

The pots in inventory are static too, lost the addresses due to lazyness. Same goes for arrows and arrowpacks.

I always had a little script running that checked if pots < 2 && items > 38 and scrolled back once one of both became true (copartner will level till you die and / or stop picking stuff if the inventory is full).

Pretty great for making arrow reloaders too.

12/04/2006 03:07 yokoyoko#21

I thought AutoIt is harder than autohotkey, and i wanted a quick solution, lol

@Christoph_
how do you check your inventory items?

12/04/2006 05:02 ColdStart#22

Quote:

Originally posted by yokoyoko@Dec 3 2006, 21:07
I thought AutoIt is harder than autohotkey, and i wanted a quick solution, lol

@Christoph_
how do you check your inventory items?

I believe he meant the amount of items in inventory and the amount of pots in inventory.

Also, AutoIt is actually much easier to understand and work with. AutoIt has a larger user base, a kinder community, and a lot of examples. Not to mention it handles the use of DLLs very well.
I prefer it for macro programming over everything else. In fact, soon I will be posting the code example for AutoIt3.

12/04/2006 12:27 Christoph_#23

For autoit you need:

mem.au3

This function, not mine, but see the comment at the end:

Code:

Func _HexadecimalToDecimal&#40;&#036;var&#41;
  &#036;result = 0
  &#036;sum = 0
  &#036;power=0
  
  Do
    &#036;currentDigit = StringRight&#40;_MemRev&#40;&#036;var&#41;,&#036;power+1&#41;
    &#036;currentDigit = StringLeft&#40;&#036;currentDigit,1&#41;
    If &#036;currentDigit = &#34;A&#34; Then
      &#036;currentDigit = 10
    ElseIf &#036;currentDigit = &#34;B&#34; Then
      &#036;currentDigit = 11
    ElseIf &#036;currentDigit = &#34;C&#34; Then
      &#036;currentDigit = 12
    ElseIf &#036;currentDigit = &#34;D&#34; Then
      &#036;currentDigit = 13
    ElseIf &#036;currentDigit = &#34;E&#34; Then
      &#036;currentDigit = 14
    ElseIf &#036;currentDigit = &#34;F&#34; Then
      &#036;currentDigit = 15
    EndIf
    &#036;result=&#036;currentDigit*16^&#036;power
    &#036;power = &#036;power + 1
    &#036;sum = &#036;sum + &#036;result
  Until &#036;currentDigit = &#34;x&#34;
  
  Return &#036;sum
EndFunc;==>_HexadecimalToDecimal by joshdb

And here is an example howto read data from memory, the offsets are outdated, cos it's old. I used it to watch copartner.

Code:

Func Gateway &#40;&#41;
&#036;Process = &#34;Conquer.exe&#34;
&#036;Pid = ProcessExists&#40;&#036;Process&#41;
&#036;h_open1 = _MemOpen&#40;&#036;pid&#41;
&#036;Read3 = _MemRead&#40;&#036;h_open1,0x01540284,4&#41;
&#036;Potions = _HexadecimalToDecimal&#40;&#036;Read3&#41;
&#036;Read4 = _MemRead&#40;&#036;h_open1,0x4FF40C,4&#41;
&#036;Items = _HexadecimalToDecimal&#40;&#036;Read4&#41;
_MemClose&#40;&#036;h_open1&#41;
	If &#036;Potions &#60; 5 Then
	Send&#40;&#34;{F11}&#34;&#41;
	Send&#40;&#34;{F3}&#34;&#41;
	Send&#40;&#34;{ENTER}&#34;&#41;
	Sleep &#40;1500&#41;
	If &#036;Items >35 Then
	WinActivate &#40;&#34;&#91;Conquer2.0&#93;&#34;&#41;
	Send&#40;&#34;{F11}&#34;&#41;
	Sleep &#40;6000&#41;
	Send&#40;&#34;{F3}&#34;&#41;
	Send&#40;&#34;{ENTER}&#34;&#41;
	Sleep &#40;1500&#41;
	Else
	Sleep&#40;300&#41;
	Endif
Endfunc

12/04/2006 23:22 yokoyoko#24

the memory reading seems so much easier than autohotkey

12/05/2006 00:20 ColdStart#25

Here is an example that gets the user's Gold (static) and Current HP (dynamic) in AutoIt3:

Code:

;Get the Process ID of Conquer.exe
&#036;pid=ProcessExists&#40;&#34;Conquer.exe&#34;&#41;

;Check if Conquer.exe is Running
If &#036;pid Then
;Open the Process for memory Handling
&#036;mem=MemOpen&#40;&#036;pid&#41;

;Check if Memory Access Established and No Errors Present
If Not @error Then
;Get the Amount of Gold
&#036;gold=MemRead&#40;&#036;mem, 0x004FF1E0, &#34;int&#34;&#41;

;Get the Base Pointer Address for Char HP
&#036;hpa=MemRead&#40;&#036;mem, 0x004FF1B8, &#34;int&#34;&#41;
;Get the Char HP
&#036;hp=MemRead&#40;&#036;mem, &#036;hpa + 24, &#34;int&#34;&#41;

;Close the Memory Access and Process Handle
MemClose&#40;&#036;mem&#41;

;Display the Gold Amount and Char HP
MsgBox&#40;0,&#34;CO2 Gold and HP&#34;,&#34;Gold&#58; &#34; & &#036;gold & @CRLF & &#34;HP&#58;&#34; & &#036;hp&#41;
EndIf
EndIf

#region Memory Access Functions &#40;Reusable&#41;
;Open Process for Memory Access
Func MemOpen&#40; &#036;i_Pid, &#036;i_Access = 0x1F0FFF, &#036;i_Inherit = 0 &#41;
Local &#036;av_Return&#91;2&#93; = &#91;DllOpen&#40;'kernel32.dll'&#41;&#93;
Local &#036;ai_Handle = DllCall&#40;&#036;av_Return&#91;0&#93;, 'int', 'OpenProcess', 'int', &#036;i_Access, 'int', &#036;i_Inherit, 'int', &#036;i_Pid&#41;
If @error Then
DllClose&#40;&#036;av_Return&#91;0&#93;&#41;
SetError&#40;1&#41;
Return 0
EndIf
&#036;av_Return&#91;1&#93; = &#036;ai_Handle&#91;0&#93;
Return &#036;av_Return
EndFunc

;Close Process Handle Returned by MemOpen
Func MemClose&#40; &#036;ah_Mem &#41;
Local &#036;av_Ret = DllCall&#40;&#036;ah_Mem&#91;0&#93;, 'int', 'CloseHandle', 'int', &#036;ah_Mem&#91;1&#93;&#41;
DllClose&#40;&#036;ah_Mem&#91;0&#93;&#41;
Return &#036;av_Ret&#91;0&#93;
EndFunc

;Read a Process Handle Returned by MemOpen at a Certain Address and Return Type
Func MemRead&#40; &#036;ah_Mem, &#036;i_Address, &#036;s_Type = '' &#41;
If &#036;s_Type = '' Then
Local &#036;v_Return = ''
Local &#036;v_Struct = DllStructCreate&#40;'byte&#91;1&#93;'&#41;
Local &#036;v_Ret
While 1
	DllCall&#40;&#036;ah_Mem&#91;0&#93;, 'int', 'ReadProcessMemory', 'int', &#036;ah_Mem&#91;1&#93;, 'int', &#036;i_Address, 'ptr', DllStructGetPtr&#40;&#036;v_Struct&#41;, 'int', 1, 'int', 0&#41;
	&#036;v_Ret = DllStructGetData&#40;&#036;v_Struct, 1&#41;
	If &#036;v_Ret = 0 Then ExitLoop
	&#036;v_Return &= Chr&#40;&#036;v_Ret&#41;
	&#036;i_Address += 1
WEnd
Else
Local &#036;v_Struct = DllStructCreate&#40;&#036;s_Type&#41;
DllCall&#40;&#036;ah_Mem&#91;0&#93;, 'int', 'ReadProcessMemory', 'int', &#036;ah_Mem&#91;1&#93;, 'int', &#036;i_Address, 'ptr', DllStructGetPtr&#40;&#036;v_Struct&#41;, 'int', _SizeOf&#40;&#036;s_Type&#41;, 'int', 0&#41;
Local &#036;v_Return = DllStructGetData&#40;&#036;v_Struct, 1, 1&#41;
EndIf
Return &#036;v_Return
EndFunc

;Gets the Size of a DLL Structure
Func _SizeOf&#40; &#036;s_Type &#41;
Local &#036;v_Struct = DllStructCreate&#40;&#036;s_Type&#41;, &#036;i_Size = DllStructGetSize&#40;&#036;v_Struct&#41;
If @error Then
SetError&#40;1&#41;
Return 0
EndIf
&#036;v_Struct = 0
Return &#036;i_Size
EndFunc
#endregion

[Only registered and activated users can see links. Click Here To Register...]

12/05/2006 02:05 Christoph_#26

Quote:

Originally posted by yokoyoko@Dec 4 2006, 23:22
the memory reading seems so much easier than autohotkey

Because ColdStart did reinvent the wheel in the post above this one :D

There is a UDF called MemRead published on autoitscript which can be included so you only need to call Memread instead of coding the dll-call part again.

I used that one, so I need only 2-4 lines of code to retrieve the data instead of something like 30. It's always better to drop all support functions into seperate files and call them from the main "bot" file.

But I'm thankfull that he did the Autohotkey part, because Autohotkey is better for a few things (has some functions that are nice for bot making which Autoit lacks).

12/05/2006 02:15 hondureno#27

Quote:

Originally posted by smoothjonny@Dec 3 2006, 06:14
he's a noob after our hearts :)

he got mine, I've been trying to get this addresses for a long time

+K

12/05/2006 02:34 ColdStart#28

Quote:

Originally posted by Christoph_+Dec 4 2006, 20:05--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (Christoph_ @ Dec 4 2006, 20:05)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin--yokoyoko@Dec 4 2006, 23:22
the memory reading seems so much easier than autohotkey

Because ColdStart did reinvent the wheel in the post above this one :D

There is a UDF called MemRead published on autoitscript which can be included so you only need to call Memread instead of coding the dll-call part again. [/b][/quote]
Ha, well I never noticed. My code is near identical except for the bit-size versus type handling in the MemRead function :eek:
You could easily put it into a separate file and include it.

Well... sometimes you have to reinvent the the wheel in order to make it better.

12/05/2006 05:27 DM2000#29

#move CO2 Exploits, Hacks & Tools
#pinned

@ColdStart, thank you for your great contribution. :)
We are proud of you !

DM

12/05/2006 06:36 hax0rzz#30

very cool i've been using autohotkey for a while now but never really incorporated mem within. This is very very useful since i don't feel like breaking out c++ :P

Page 2 of 4