Perfect World Bot PWI-Prophet Bot Recoded

09/11/2010 15:02 asaky#421
Quote:
Originally Posted by Interest07 View Post
This way you aren't actually sending packets yourself, you're just making the game think it's been told to perform a certain action, just like with the other injection functions. This function is just two or three function calls further down the line from say an 'Equip this gear' function. There is technically absolutely no difference, you could call it 'PerformAction' function instead if it makes you feel better :D :D
lol yes now I get it, I though packet sending sent infomation to the server :S yeah now I understand lol. Thank you.
09/11/2010 15:26 Interest07#422
hehe I edited my post a little more, didn't catch you replying already :D
09/11/2010 17:24 Interest07#423
Prophets,

I fixed the function I posted earlier (I had only posted what it would look like) and tested it, This code gives an example of the usage by sending a 'deselect current target' packet. (The _hex function has been slightly adjusted )

for pwi
Code:
realBaseAddress=0x00A5B90C
SendPacketAddress=0x0060E310
last time I checked. I just threw on any includes that were in your bot file as I couldn't be bothered to check which are needed :p

Code:

#include <GUIButton.au3>
#include <GUIToolbar.au3>
#include <GUIConstantsEx.au3>
#include <ProgressConstants.au3>
#include <StaticConstants.au3>
#include <WindowsConstants.au3>
#include <EditConstants.au3>
#include <NomadMemory.au3>
#include <Array.au3>

Global $kernel32 = DllOpen('kernel32.dll')
Global $pid = ProcessExists('elementclient.exe')
global $realBaseAddress = 0x0098657C
global $sendPacketFunction = 0x005BD7B0

;Deselect target (example usage of sendPacket)
sendPacket('0800', 2, $pid)

DllClose($kernel32)

Func sendPacket($packet, $packetSize, $pid)
	;Declare local variables
	Local $pRemoteThread, $vBuffer, $loop, $result, $OPcode, $processHandle, $packetAddress
	
	;Open process for given processId
	$processHandle = memopen($pid)
	
	;Allocate memory for the OpCode and retrieve address for this
	$functionAddress = DllCall($kernel32, 'int', 'VirtualAllocEx', 'int', $processHandle, 'ptr', 0, 'int', 0x46, 'int', 0x1000, 'int', 0x40)
	
	;Allocate memory for the packet to be sent and retrieve the address for this
	$packetAddress = DllCall($kernel32, 'int', 'VirtualAllocEx', 'int', $processHandle, 'ptr', 0, 'int', $packetSize, 'int', 0x1000, 'int', 0x40)
	
	;Construct the OpCode for calling the 'SendPacket' function
	$OPcode &= '60'								;PUSHAD
	$OPcode &= 'B8'&_hex($sendPacketFunction)	;MOV	 EAX, sendPacketAddress
	$OPcode &= '8B0D'&_hex($realBaseAddress)	;MOV     ECX, DWORD PTR [revBaseAddress]
	$OPcode &= '8B4920'							;MOV     ECX, DWORD PTR [ECX+20]
	$OPcode &= 'BF'&_hex($packetAddress[0])		;MOV     EDI, packetAddress	//src pointer
	$OPcode &= '6A'&_hex($packetSize,2)			;PUSH    packetSize		//size
	$OPcode &= '57'								;PUSH    EDI
	$OPcode &= 'FFD0'							;CALL    EAX
	$OPcode &= '61'								;POPAD
	$OPcode &= 'C3'								;RET		
	
	;Put the OpCode into a struct for later memory writing
	$vBuffer = DllStructCreate('byte[' & StringLen($OPcode) / 2 & ']')
	For $loop = 1 To DllStructGetSize($vBuffer)
		DllStructSetData($vBuffer, 1, Dec(StringMid($OPcode, ($loop - 1) * 2 + 1, 2)), $loop)
	Next
	
	;Write the OpCode to previously allocated memory
	DllCall($kernel32, 'int', 'WriteProcessMemory', 'int', $processHandle, 'int', $functionAddress[0], 'int', DllStructGetPtr($vBuffer), 'int', DllStructGetSize($vBuffer), 'int', 0)
		
	;Put the packet into a struct for later memory writing
	$vBuffer = DllStructCreate('byte[' & StringLen($packet) / 2 & ']')
	For $loop = 1 To DllStructGetSize($vBuffer)
		DllStructSetData($vBuffer, 1, Dec(StringMid($packet, ($loop - 1) * 2 + 1, 2)), $loop)
	Next
	
	;Write the packet to previously allocated memory
	DllCall($kernel32, 'int', 'WriteProcessMemory', 'int', $processHandle, 'int', $packetAddress[0], 'int', DllStructGetPtr($vBuffer), 'int', DllStructGetSize($vBuffer), 'int', 0)
		
	;Create a remote thread in order to run the OpCode
	$hRemoteThread = DllCall($kernel32, 'int', 'CreateRemoteThread', 'int', $processHandle, 'int', 0, 'int', 0, 'int', $functionAddress[0], 'ptr', 0, 'int', 0, 'int', 0)
	
	;Wait for the remote thread to finish
	Do
		$result = DllCall('kernel32.dll', 'int', 'WaitForSingleObject', 'int', $hRemoteThread[0], 'int', 50)
	Until $result[0] <> 258
	
	;Close the handle to the previously created remote thread
	DllCall($kernel32, 'int', 'CloseHandle', 'int', $hRemoteThread[0])
	
	;Free the previously allocated memory
	DllCall($kernel32, 'ptr', 'VirtualFreeEx', 'hwnd', $processHandle, 'int', $functionAddress[0], 'int', 0, 'int', 0x8000)
	DllCall($kernel32, 'ptr', 'VirtualFreeEx', 'hwnd', $processHandle, 'int', $packetAddress[0], 'int', 0, 'int', 0x8000)
	
	;Close the Process
	memclose($processHandle)
	
	Return True
EndFunc

Func memopen($pid)
	Local $mid = DllCall($kernel32, 'int', 'OpenProcess', 'int', 0x1F0FFF, 'int', 1, 'int', $pid)
	Return $mid[0]
EndFunc

Func memclose($mid)
	DllCall($kernel32, 'int', 'CloseHandle', 'int', $mid)
EndFunc

Func _hex($Value, $size=8)
	Local $tmp1, $tmp2, $i 
	$tmp1 = StringRight("000000000" & Hex($Value),$size) 
	For $i = 0 To StringLen($tmp1) / 2 - 1 
		$tmp2 = $tmp2 & StringMid($tmp1, StringLen($tmp1) - 1 - 2 * $i, 2)
	Next
	Return $tmp2
EndFunc
09/11/2010 22:17 Interest07#424
some example of functions you could use with sending packets:

09/11/2010 23:59 PW-Prophets#425
Quote:
Originally Posted by Interest07 View Post
some example of functions you could use with sending packets:

All I can say is :handsdown: and a lil more :handsdown: wait wait wait 1 more :handsdown:. If this works this will change ALOT of things.:handsdown:
09/12/2010 08:01 PW-Prophets#426
Quote:
Originally Posted by Interest07 View Post
some example of functions you could use with sending packets:

Well, this has got to be one of the nicest things we both have ever seen we cannot begin to thank you enough for this. Everything works flawlessly, This constitutes a WHOLE NOTHER RECODE :). Everyone keep their eyes out for a bigger badder prophet bot. It may take awhile with having a job now and all.
09/12/2010 08:04 asaky#427
Quote:
Originally Posted by PW-Prophets View Post
Well, this has got to be one of the nicest things we both have ever seen we cannot begin to thank you enough for this. Everything works flawlessly, This constitutes a WHOLE NOTHER RECODE :). Everyone keep their eyes out for a bigger badder prophet bot. It may take awhile with having a job now and all.
Can't wait!!! And thank you interest07 :)
09/12/2010 08:52 Interest07#428
You're welcome, glad to be of use :p

If anything doesn't work or you need any other specific functions (like accepting revive and stuff?) I'll look into em. Congrats on getting a job too :D

I'm not sure if the PM I sent worked prophets as it is not storing anything into my 'sent items' folder.

Trying to figure out how the set up catshop packet works atm, but its being a bugger.
09/12/2010 17:03 Smurfin#429
@Interest07, about the sendpacket in code global $sendPacketFunction = 0x005BD7B0 , how do I find the correct address to use sendpacket ?

also please find the accepting revive packet, hope you could find it too.

this sendpacket thing is great, looks like a lot more things can be done with it, and simpler coz it's the same packet for all PW server, right ? right now just need the address and test it on PW Indo and see if it works there :D

is it ok to put sendpacket in a loop, to do normal attack for example ? because I guess it will instantly send data to the server, while if using keypresses it'll only send packet when a keypress is accepted to trigger the attack, if pressing too much/rapidly some will just be ignored until attacking queue is opened again and it only happens in our PC without sending packets.

about useSkillWithoutCastTime , is it really casting skill without cast time like if we use nocast pill or just eliminate the animation so casting look faster ?

oh and please make a new thread about this sendpacket, so a lot of questions about other things unrelated to bot can be asked there :handsdown:, dun want to be oot later.

thanks for sharing this, can't wait to try it here. :p
09/12/2010 19:12 Interest07#430
useSkillWithoutCastTime is for skills that don't have a cast time in game, such as change to fox or tiger form, or warrior run skill or +pdef/-mdef skill.

Most packets will be the same for all servers. There might be some exceptions that I haven't encountered yet.


finding the sendPacketFunction is much easier:

1)
search for:
Code:
(void *Src, size_t Size)
2)
You'll get 7 results (most likely), pick the third one:
[Only registered and activated users can see links. Click Here To Register...]

3)
It'll look like this (lots of Xrefs)
[Only registered and activated users can see links. Click Here To Register...]

and there you go, the address of this function.

from my wq bot thread
09/12/2010 20:36 asaky#431
*Nods and pretends he knows what your talking about* Yes, yes I see now. :D
09/13/2010 04:15 Interest07#432
resurrect functions for you prophets :p


Code:
Func rezToTown($pid)
	;Respawn in town after death
	local $packet, $packetSize
	
	$packet = '0400'
	$packetSize = 2
	
	sendPacket($packet, $packetSize, $pid)
EndFunc

Func rezWithScroll($pid)
	;Respawn in the place you died, costs a rez scroll
	local $packet, $packetSize
	
	$packet = '0500'
	$packetSize = 2
	
	sendPacket($packet, $packetSize, $pid)
EndFunc

Func acceptRez($pid)
	;Accept rez by a priest.
	local $packet, $packetSize

	$packet = '5700'
	
	$packetSize = 2
	
	sendPacket($packet, $packetSize, $pid)
EndFunc
09/13/2010 07:13 asaky#433
Quote:
Originally Posted by Interest07 View Post
resurrect functions for you prophets :p


Code:
Func rezToTown($pid)
	;Respawn in town after death
	local $packet, $packetSize
	
	$packet = '0400'
	$packetSize = 2
	
	sendPacket($packet, $packetSize, $pid)
EndFunc

Func rezWithScroll($pid)
	;Respawn in the place you died, costs a rez scroll
	local $packet, $packetSize
	
	$packet = '0500'
	$packetSize = 2
	
	sendPacket($packet, $packetSize, $pid)
EndFunc

Func acceptRez($pid)
	;Accept rez by a priest.
	local $packet, $packetSize

	$packet = '5700'
	
	$packetSize = 2
	
	sendPacket($packet, $packetSize, $pid)
EndFunc
Could you make a walk to target func? including up and down movements? Alot of people have been complaining about looting underwater.
09/13/2010 11:16 Interest07#434
Quote:
Originally Posted by asaky View Post
Could you make a walk to target func? including up and down movements? Alot of people have been complaining about looting underwater.


Sure, I can see what I can do.
09/13/2010 11:17 asaky#435
Quote:
Originally Posted by Interest07 View Post
Sure, I can see what I can do.
Thanks man, wish I could help with all this stuff being a leech doesn't feel good :\