a packet needs to be sentQuote:
thanks man
is there a way to set the target with addresses?
Or just with sendpacket function?
PW Offset Finder
11/03/2012 18:09
Interest07#31
11/11/2012 01:26
somatando#32
Interest, i read about sendpacket and i tried to make a sendpacket class in vb net
can you tell me what is wrong with my code?
the crash in pw occurs when i call function createremotethread ...
can you help me? thanks in advance
can you tell me what is wrong with my code?
Code:
Public pr_processHandle As IntPtr
Private sendPacketOpcodeAddress, packetAddressLocation, packetSizeAddress As Integer
Private sendPacketOpcode As Byte() =
{&H60,
&HB8, &H0, &H0, &H0, &H0,
&H8B, &HD, &H0, &H0, &H0, &H0,
&H8B, &H49, &H20,
&HBF, &H0, &H0, &H0, &H0,
&H6A, &H0,
&H57,
&HFF, &HD0,
&H61,
&HC3
}
Private Sub LoadSendPacketOpcode()
sendPacketOpcodeAddress = MemFunctions.AllocateMemory(pr_processHandle, sendPacketOpcode.Length)
MemFunctions.MemWriteBytes(pr_processHandle, sendPacketOpcodeAddress, sendPacketOpcode)
Dim functionAddress As Byte() = {&H0, &H68, &HD6, &H40}
Array.Reverse(functionAddress)
Dim realBaseAddress As Byte() = {&H0, &HB4, &HEF, &H34}
Array.Reverse(realBaseAddress)
MemFunctions.MemWriteBytes(pr_processHandle, sendPacketOpcodeAddress + 2, functionAddress)
MemFunctions.MemWriteBytes(pr_processHandle, sendPacketOpcodeAddress + 8, realBaseAddress)
packetAddressLocation = sendPacketOpcodeAddress + 16
packetSizeAddress = sendPacketOpcodeAddress + 21
End Sub
Public Sub sendPacket(ByVal packetLocation As Byte(), ByVal packetSize As Integer)
If sendPacketOpcodeAddress = 0 Then
LoadSendPacketOpcode()
End If
MemFunctions.MemWriteBytes(pr_processHandle, packetAddressLocation, packetLocation)
MemFunctions.MemWriteByte(pr_processHandle, packetSizeAddress, CByte(packetSize))
Dim threadHandle As IntPtr = MemFunctions.CreateRemoteThread(pr_processHandle, sendPacketOpcodeAddress)
MemFunctions.WaitForSingleObject(threadHandle)
MemFunctions.CloseProcess(threadHandle)
End Sub
can you help me? thanks in advance
11/11/2012 14:53
Interest07#33
Have you checked if all the bytes get written correctly?Quote:
can you tell me what is wrong with my code?
the crash in pw occurs when i call function createremotethread ...Code:Public pr_processHandle As IntPtr Private sendPacketOpcodeAddress, packetAddressLocation, packetSizeAddress As Integer Private sendPacketOpcode As Byte() = {&H60, &HB8, &H0, &H0, &H0, &H0, &H8B, &HD, &H0, &H0, &H0, &H0, &H8B, &H49, &H20, &HBF, &H0, &H0, &H0, &H0, &H6A, &H0, &H57, &HFF, &HD0, &H61, &HC3 } Private Sub LoadSendPacketOpcode() sendPacketOpcodeAddress = MemFunctions.AllocateMemory(pr_processHandle, sendPacketOpcode.Length) MemFunctions.MemWriteBytes(pr_processHandle, sendPacketOpcodeAddress, sendPacketOpcode) Dim functionAddress As Byte() = {&H0, &H68, &HD6, &H40} Array.Reverse(functionAddress) Dim realBaseAddress As Byte() = {&H0, &HB4, &HEF, &H34} Array.Reverse(realBaseAddress) MemFunctions.MemWriteBytes(pr_processHandle, sendPacketOpcodeAddress + 2, functionAddress) MemFunctions.MemWriteBytes(pr_processHandle, sendPacketOpcodeAddress + 8, realBaseAddress) packetAddressLocation = sendPacketOpcodeAddress + 16 packetSizeAddress = sendPacketOpcodeAddress + 21 End Sub Public Sub sendPacket(ByVal packetLocation As Byte(), ByVal packetSize As Integer) If sendPacketOpcodeAddress = 0 Then LoadSendPacketOpcode() End If MemFunctions.MemWriteBytes(pr_processHandle, packetAddressLocation, packetLocation) MemFunctions.MemWriteByte(pr_processHandle, packetSizeAddress, CByte(packetSize)) Dim threadHandle As IntPtr = MemFunctions.CreateRemoteThread(pr_processHandle, sendPacketOpcodeAddress) MemFunctions.WaitForSingleObject(threadHandle) MemFunctions.CloseProcess(threadHandle) End Sub
can you help me? thanks in advance
11/11/2012 17:42
louco89#34
I'm trying to make a bot and with the updates, I always have to look for the new sendpacket address, anyone can help me to make one regexp for sendpacket.
I suck with regexp =/
I suck with regexp =/
11/11/2012 18:27
Sᴡoosh#35
Why does everybody use regex? It's kind of slow searching whole client address space for matching patterns.
Matching byte patterns is a LOT faster from when I tested it. This can even be done on startup, only takes a few hundred ms on 32 matches - wheras regex takes 2-3 seconds. For one match.
Matching byte patterns is a LOT faster from when I tested it. This can even be done on startup, only takes a few hundred ms on 32 matches - wheras regex takes 2-3 seconds. For one match.
11/11/2012 20:15
Coinseller#36
@louco89
take a look in Interest07 wq bot offset finder, theres a regex for sendpacket:
helpfull answer, why dont you show us nubs how to work with byte patterns and write a excellent tutorial ?
take a look in Interest07 wq bot offset finder, theres a regex for sendpacket:
@SᴡooshQuote:
$SEARCH=STRINGREGEXP($DATA,"6A21"&"E8.{8}"&"8BF0"& "83C404"&"85F6"&"74.{2}"&"8A442418"&"668B4C2410"&" 66C7060000"&"88461E"&"8B442408"&"66894E1A"&"D94424 14"&"8B10"&"895602"&"8B4804"&"D80D.{8}"&"894E06"&" 8B5008"&"8B44240C"&"89560A"&"D805.{8}"&"8B08"&"894 E0E"&"8B5004"&"895612"&"8B4008"&"894616"&"E8.{8}"& "668B4C241C"&"6689461C"&"66894E1F"&"8B15(.{8})"&"6 A21"&"56"&"8B4A20"&"E8(.{8})"&"56"&"E8.{8}"&"83C40 4"&"5E"&"C3",2)
helpfull answer, why dont you show us nubs how to work with byte patterns and write a excellent tutorial ?
11/11/2012 21:08
Sᴡoosh#37
I don't have time to write any tutorial - but I can show you how I do it for forsaken world :Quote:
take a look in Interest07 wq bot offset finder, theres a regex for sendpacket:
@Sᴡoosh
helpfull answer, why dont you show us nubs how to work with byte patterns and write a excellent tutorial ?
Some structs...
PHP Code:
type
TOffsets = record
BaseAddress: Cardinal;
SendPacket: Cardinal;
AttackCall: Cardinal;
CharStruct: Cardinal;
Target: Cardinal;
ActionStruct : Cardinal;
SkillStruct : cardinal;
InventoryStruct : Cardinal;
HP: Cardinal;
HPMax: Cardinal;
MP: Cardinal;
MPMax: Cardinal;
name: Cardinal;
NPCDialog : Cardinal;
WalkStateAddress : Cardinal;
AutoRouteAddress : Cardinal;
end;
type
TSigData = record
Data: array of byte;
Signature: array of byte;
Wildcard: byte;
end;
type
TSigQuerryResult = record
Position: cardinal;
Value: Cardinal;
end;
PHP Code:
function TFWOffsetman.GetAddress(Sigdata: TSigData; Readlength: integer): TSigQuerryResult;
var
i, s, Value: Cardinal;
begin
result.Position := 0;
for i := 0 to length(Sigdata.Data) -1 do
begin
s := 0;
for s := 0 to length(Sigdata.Signature) - 1 do
begin
if (Sigdata.Data[i + s] <> Sigdata.Signature[s]) and (Sigdata.Signature[s] <> Sigdata.Wildcard) then
break;
end;
if s = length(Sigdata.Signature) then
begin
result.Position := i;
Copymemory(@Result.Value, @SigData.Data[i + length(Sigdata.Signature)], Readlength);
exit;
end;
end;
end;
PHP Code:
Baseaddr: array[0..16] of byte = ($B0, $01, $5E, $C3, $90, $90, $90, $90, $90, $90, $90, $90, $90, $90, $90, $51, $A1);
Please note that $ is hex representation in delphi.
And this is how the code is used :
PHP Code:
setlength(Siggy.Signature, length(ActionStruct));
Copymemory(@Siggy.Signature[0], @ActionStruct, length(ActionStruct));
self.LoadedOffsets.ActionStruct := GetAddress(Siggy, 4).value;
Progress := 10;
PHP Code:
setlength(Siggy.Signature, length(AutoRouteAddress));
Copymemory(@Siggy.Signature[0], @AutoRouteAddress[0], length(AutoRouteAddress));
Qresult := GetAddress(Siggy, 4);
self.LoadedOffsets.AutoRouteAddress :=
Qresult.position //Physical position of matching pattern starting from 00
+ length(AutoRouteAddress) //length of the pattern
+ $400000 + //Image base, almost always this
Qresult.value // value of 4 bytes following signature
+ 4; // add the 4 bytes we left out for signature
11/12/2012 10:45
Coinseller#38
thanks, that will maybe help some users here.
i dont program so i dont understand this :D
but its interesting to read here, bad luck that i didnt found the page wen i play pwi.
im playing raiderz now :)
i dont program so i dont understand this :D
but its interesting to read here, bad luck that i didnt found the page wen i play pwi.
im playing raiderz now :)
11/12/2012 13:07
ptdk#39
Hey!
Im trying to find offsets for a private server. This program finds something, but not even half of the adresses(as i understand i would need a different regex file for it).
Could anyone link me a guide, with which i can find the offsets? Preferably something simple, i was looking myself, but they seem quite complicated. So i wouldnt try unless i know they gonna work.
Cheers
Im trying to find offsets for a private server. This program finds something, but not even half of the adresses(as i understand i would need a different regex file for it).
Could anyone link me a guide, with which i can find the offsets? Preferably something simple, i was looking myself, but they seem quite complicated. So i wouldnt try unless i know they gonna work.
Cheers
11/12/2012 21:49
martmor#40
Did you took already a look to this page?
[Only registered and activated users can see links. Click Here To Register...]
Here are Links to all informations like how to search, find and change them.
[Only registered and activated users can see links. Click Here To Register...]
Here are Links to all informations like how to search, find and change them.
11/13/2012 15:38
ptdk#41
Yes.Quote:
[Only registered and activated users can see links. Click Here To Register...]
Here are Links to all informations like how to search, find and change them.
I got a few offsets with different offset retrievers(never base adress, just HP/MP/unfreeze, etc),and tried to find whole sets by that. None of them worked.
I tried to find the offsets myself, and while i could find 1 or two, i have no idea what exactly it is, how do i find the rest etc, its too complex(i dont even know if i did find what i wanted, as i was following a guide not knowing what im doing).
Guess i can live without it, was just wondering if there is another way.
11/13/2012 16:43
martmor#42
The most privat servers have the Version 1.4.4
If you have some offsets it should be easy to find the other ones by a search engine.
If you have some offsets it should be easy to find the other ones by a search engine.
11/16/2012 03:52
mjc88#43
(had a stupid question with some research i found my own answer)
11/16/2012 06:26
saykses#44
does not want to collect the loot .. help please
11/16/2012 06:54
martmor#45
I do not know which Bot you have. But if you have pgrind or prophetbot you can change the settings so that he do not collect the lootQuote: