I already gave you a solution to use AttachThreadInput() and SetFocus(), try it and it will work.
Pointer collection
04/25/2009 10:54
vuduy#316
04/25/2009 12:57
BuBucekTop#317
Sending keys is a working solution, but it's far more interesting to do all things through memory writes.
Just look at [[[[Base Adress]+0x20]+0xBF4]+0x14] (for PW-INT and PW-RU).
You'll see that this is a key for all major actions in game - moving, attacking, use skills, ets...
Let us do some research in this way.
Just look at [[[[Base Adress]+0x20]+0xBF4]+0x14] (for PW-INT and PW-RU).
You'll see that this is a key for all major actions in game - moving, attacking, use skills, ets...
Let us do some research in this way.
04/25/2009 16:13
xindobnix#318
procedure TForm1.Timer1Timer(Sender: TObject);
var
vHwnd: DWORD;
rect: TRect;
vPos: TPoint;
vX, vY : Word;
begin
vHwnd := FindWindow(nil, 'Element Client');
if vHwnd <> 0 then
begin
GetWindowRect(vHwnd, rect);
vX := Random(rect.Right - 100);
GetCursorPos(vPos);
vY := vPos.Y;
PostMessage (vHwnd, WM_RBUTTONDOWN, MK_RBUTTON, MAKELONG(vX, vY));
vX := Random(rect.Right - 100);
vY := vPos.Y;
PostMessage (vHwnd, WM_MOUSEMOVE, 0, MAKELONG(vX, vY));
end;
end;
try this code..
var
vHwnd: DWORD;
rect: TRect;
vPos: TPoint;
vX, vY : Word;
begin
vHwnd := FindWindow(nil, 'Element Client');
if vHwnd <> 0 then
begin
GetWindowRect(vHwnd, rect);
vX := Random(rect.Right - 100);
GetCursorPos(vPos);
vY := vPos.Y;
PostMessage (vHwnd, WM_RBUTTONDOWN, MK_RBUTTON, MAKELONG(vX, vY));
vX := Random(rect.Right - 100);
vY := vPos.Y;
PostMessage (vHwnd, WM_MOUSEMOVE, 0, MAKELONG(vX, vY));
end;
end;
try this code..
04/25/2009 18:29
Megamorph#319
Well...
@vuduy:
I rly tried different possibilities, chat was working but couldn't figure out how to emulate W,S,A,D,Z,Space to move. (I also tried AttachThreadInput, SetFocus, Post/SendMessage).
@BuBucekTop:
This offset holds 8 all the time, also after restart. The values around it doesn't seem to have a linking with the inputs or actions like moving, too.
@xindobnix:
Thx but i already got that. Only problem here is that u never know where u click. It's simply not very clean / accurat to walk in this way (and also not possible in some situations).
At the moment im reversing the way how the game processes the inputs and return values from GetKeyState. Maybe i'll find a way how to move with patching or code injection.
@vuduy:
I rly tried different possibilities, chat was working but couldn't figure out how to emulate W,S,A,D,Z,Space to move. (I also tried AttachThreadInput, SetFocus, Post/SendMessage).
@BuBucekTop:
This offset holds 8 all the time, also after restart. The values around it doesn't seem to have a linking with the inputs or actions like moving, too.
@xindobnix:
Thx but i already got that. Only problem here is that u never know where u click. It's simply not very clean / accurat to walk in this way (and also not possible in some situations).
At the moment im reversing the way how the game processes the inputs and return values from GetKeyState. Maybe i'll find a way how to move with patching or code injection.
04/26/2009 01:17
merulz#320
Does anyone have the PW INT updated pointers? Or how can I find them? I really just want the cultivation pointer.
04/26/2009 05:48
wyane#321
yah ur right rank 8 item is the best for me
cuz im a YU-MANG /archer eheheheheh
cuz im a YU-MANG /archer eheheheheh
04/26/2009 10:41
Megamorph#322
[[Base Adress]+0x20]+0x460 --> iCultivation (PWI)
04/26/2009 17:38
chenhuaishan#323
Yep! With injected opcode , u can creat "autorun" func that allow u to keep follow a player ( Priest Tool ), for example, or else "move to mob" after being killed to pick up.... Its really useful for any idea
04/26/2009 17:45
chenhuaishan#324
Search ur opcode for ur version.Quote:
Func AutoRun($x, $y, $z)
;-------------------------------------
Local $result, $process, $code_add, $thread, $param_add
Local $Param = DllStructCreate("float [3]")
DllStructSetData($Param, 1, $x, 1)
DllStructSetData($Param, 1, $z, 2)
DllStructSetData($Param, 1, $y, 3)
$result = DllCall("Kernel32.Dll", "int", "OpenProcess", "int", 0x1F0FFF , "int", 0, "int", $pid)
$process = $result[0]
$result = DllCall("Kernel32.dll", "ptr", "VirtualAllocEx", "int", $process, "ptr", 0, "int", DllStructGetSize($Param), "int", 0x1000, "int", 0x40)
$param_add = $result[0]
$result = DllCall ("kernel32.dll", "int", "WriteProcessMemory", "int", $process, "ptr", $param_add, "ptr", DllStructGetPtr($Param), "int", DllStructGetSize($Param),"int", 0)
; ----------- kiem tra fly --------------------
Local $fly = 0
Local $a = _MemoryRead(0x0092C2F4, $MEMID)
$a = _MemoryRead($a + 0x1C, $MEMID)
$a = _MemoryRead($a + 0x20, $MEMID)
$a = _MemoryRead($a + 0x5EC, $MEMID)
If $a = 2 or $a = 1 Then; ( fly or swim)
$fly = 1
EndIf
;------------ code RUN --------------------
$OPcode = ""
pushad()
mov_edx(0x0092C2F4)
mov_ecx_dword_ptr_edx()
mov_edx_dword_ptr_ecx_add(0x1C)
$OPcode &= "8B7220"
mov_ecx_dword_ptr_esi_add(0xBCC)
mov_eax_dword_ptr_esi_add(0x5EC)
push(1)
mov_edx(0x45DD10)
call_edx()
mov_edi_eax()
push($param_add)
push($fly)
mov_ecx_edi()
mov_edx(0x461790)
call_edx()
push(0)
push(1)
push_edi()
push(1)
mov_ecx_dword_ptr_esi_add(0xBCC)
mov_edx(0x45E110)
call_edx()
popad()
ret()
;--------------------------------
Local $data = DllStructCreate("byte[" & StringLen($OPcode) / 2 & "]")
For $i = 1 To DllStructGetSize($data)
DllStructSetData($data, 1, Dec(StringMid($OPcode, ($i-1) * 2 + 1, 2)), $i)
Next
$result = DllCall("Kernel32.dll", "ptr", "VirtualAllocEx", "int", $process, "ptr", 0, "int", DllStructGetSize($data), "int", 0x1000, "int", 0x40)
$code_add = $result[0]
$result = DllCall ("kernel32.dll", "int", "WriteProcessMemory", "int", $process, "ptr", $code_add, "ptr", DllStructGetPtr($data), "int", DllStructGetSize($data),"int", 0)
$result = DllCall("kernel32.dll", "int", "CreateRemoteThread", "int", $process, "ptr", 0, "int", 0, "int", $code_add, "ptr", $param_add, "int", 0, "int", 0)
$thread = $result[0]
Do
$result = DllCall("kernel32.dll", "int", "WaitForSingleObject", "int", $thread, "int", 50)
Until $result[0] <> 0x102
DllCall("Kernel32.dll", "int", "CloseHandle", "int", $thread)
$result = DllCall("Kernel32.dll", "ptr", "VirtualFreeEx", "hwnd", $process, "ptr", DllStructGetPtr($data), "int", DllStructGetSize($data), "int", 0x8000)
$result = DllCall("Kernel32.dll", "ptr", "VirtualFreeEx", "hwnd", $process, "ptr", DllStructGetPtr($Param), "int", DllStructGetSize($Param), "int", 0x8000)
DllCall("Kernel32.dll", "int", "CloseHandle", "int", $process)
EndFunc
04/27/2009 11:34
BuBucekTop#325
chenhuaishan,
well it looks interesting, but kinda complicated. Can your explain more details or give some links to read on code caves and how did you discovered all these things in PW ?
well it looks interesting, but kinda complicated. Can your explain more details or give some links to read on code caves and how did you discovered all these things in PW ?
04/28/2009 07:23
asgborges#326
Go here:Quote:
chenhuaishan,
well it looks interesting, but kinda complicated. Can your explain more details or give some links to read on code caves and how did you discovered all these things in PW ?
[Only registered and activated users can see links. Click Here To Register...]
04/29/2009 17:41
toxic6666#327
hi.
i'm just curious, does anybody know how to meditate and how to send pet commands like attack, follow, stop on PWI?
i'm just curious, does anybody know how to meditate and how to send pet commands like attack, follow, stop on PWI?
05/05/2009 12:53
BuBucekTop#328
chenhuaishan, plz attach here your elementclient.exe for which your injections work...
05/13/2009 15:18
zbychos#329
Hi
Nomad write very useful functions to read/write code to memory.
Read and iniectjon is very simple
example:
Pointers correct to PW MS
Include Nomad
get handle PW window
call function
and function here :)
other ex MOB_ID = [BASE ADDRESS]+8+24+18+(index*4)+4+11C
Code iniectjon
select mob [BASE ADDRESS]+20+A4C:
[Only registered and activated users can see links. Click Here To Register...]
@chenhuaishan - you can translate your function AutoRun to use Nomad library?
Probably will write a much simpler and clearer ^^
Nomad write very useful functions to read/write code to memory.
Read and iniectjon is very simple
example:
Pointers correct to PW MS
Include Nomad
Code:
#include <NomadMemory.au3>
Code:
; aba = yours server base address in decimal !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Global $APP_BASE_ADDRESS = "0x" & Hex('aba')
Global $APP_TITLE = "Element Client"
Global $PROCESS_ID = WinGetProcess($APP_TITLE)
Global $PROCESS_INFORMATION = [COLOR="Red"]_MemoryOpen[/COLOR]($PROCESS_ID)
If @error Then
MsgBox(0, "Perfect World", "Run PW game first")
Exit
EndIf
Code:
$XYZ = GETPLAYERPOSITION() Beep(1500,100) MsgBox(262144,'Debug line ~' & @ScriptLineNumber,'Selection:' & @lf & '$X | $Y | $Z' & @lf & @lf & 'Return:' & @lf & $XYZ) ;### Debug MSGBOX
Code:
Func GETPLAYERPOSITION()
Local $RESULT, $MEMPOINTER[3], $X, $Y, $Z
$MEMPOINTER[1] = Dec("20")
$MEMPOINTER[2] = Dec("3C")
$RESULT = [COLOR="Red"]_MemoryPointerRead[/COLOR]($APP_BASE_ADDRESS, $PROCESS_INFORMATION, $MEMPOINTER, "float")
If @error Then Return @error
$X = StringFormat("%.2f", (4000 + $RESULT[1]) / 10)
$MEMPOINTER[2] = Dec("40")
$RESULT = [COLOR="Red"]_MemoryPointerRead[/COLOR]($APP_BASE_ADDRESS, $PROCESS_INFORMATION, $MEMPOINTER, "float")
If @error Then Return @error
$Z = StringFormat("%.2f", $RESULT[1] / 10)
$MEMPOINTER[2] = Dec("44")
$RESULT = [COLOR="Red"]_MemoryPointerRead[/COLOR]($APP_BASE_ADDRESS, $PROCESS_INFORMATION, $MEMPOINTER, "float")
If @error Then Return @error
$Y = StringFormat("%.2f", (5500 + $RESULT[1]) / 10)
Return $X & "|" & $Y & "|" & $Z
EndFunc
Code:
Func GET_MOBID($I)
Local $MEMPOINTER[7],$RESULT
$MEMPOINTER[1] = Dec("8")
$MEMPOINTER[2] = Dec("24")
$MEMPOINTER[3] = Dec("18")
$MEMPOINTER[4] = $I * 4
$MEMPOINTER[5] = Dec("4")
$MEMPOINTER[6] = Dec("11C")
$RESULT = [COLOR="Red"]_MemoryPointerRead[/COLOR]($APP_BASE_ADDRESS, $PROCESS_INFORMATION, $MEMPOINTER)
If @error Then Return @error
Return $RESULT[1]
EndFunc
select mob [BASE ADDRESS]+20+A4C:
Code:
Func MobSelect()
Local $MEMPOINTER[3],$MobID
$MobID = "0x" & Hex(GET_MOBID($I))
$MEMPOINTER[1] = Dec("20")
$MEMPOINTER[2] = Dec("A4C")
[COLOR="Red"]_MemoryPointerWrite[/COLOR]($APP_BASE_ADDRESS, $PROCESS_INFORMATION, $MEMPOINTER, $MobID)
EndFunction
@chenhuaishan - you can translate your function AutoRun to use Nomad library?
Probably will write a much simpler and clearer ^^
05/14/2009 19:46
Smurfin#330
@zbychos : what will happen if we use _MemoryOpen and we never close it ?
i'm also wondering why in the application i made using autoit, my total handles in Windows Task Manager [Ctrl-alt-del then select 'performance' tab] always increase when it's running.
i'm also wondering why in the application i made using autoit, my total handles in Windows Task Manager [Ctrl-alt-del then select 'performance' tab] always increase when it's running.