Thanks Interest07, I will try it once I got home from work :)
Perfect World Bot PWI-Prophet Bot Recoded
10/19/2010 10:46
serpentmind#646
10/19/2010 18:20
SunB#647
As I understand, here is how to do it:Quote:
What kind of design are you doing? Keep it simple. Here's a simple design using memory mapped files without any synchronization. The layout of the memory map is as follow:
In the DLL, create a memory file mapping of say 64k in size with
*data = command valueCode:HANDLE hMap = CreateFileMapping(INVALID_HANDLE_VALUE, NULL, PAGE_READWRITE, 0, 64000, "Name"); unsigned int *data = (unsigned int*) MapViewOfFile(hMap, FILE_MAP_ALL_ACCESS, 0, 0, 64000);
*(data+1) = base address
*(data+2) = send function address
*(data+10) = size of byte[] data
(data+11) = the start address of byte[] data
then in your loop
From the C#, you create a memory map view:Code:while (1) { if (*data == 99) break; // command 99 = exit thread and unload the DLL if (*data == 1) // send function command { unsigned int base = *(data+1); unsigned int send = *(data+2); unsigned int length = *(data+10); unsigned int *buffer = data+11; __asm { pushad push length push buffer mov eax, base mov edx, [eax] mov ecx, [edx + 0x20] mov esi, send call esi popad ret } *data = 0; } Sleep(5); }
Then, to setup the base address and send address do:Code:IntPtr hMap = OpenFileMapping(FILE_MAP_ALL_ACCESS, false, "Name"); IntPtr pData = MapViewOfFile(hMap, FILE_MAP_ALL_ACCESS, 0, 0, 64000);
To send some opcodes, build the opcodes first (example to select target id):Code:Marshal.WriteInt32(pData, 4, baseaddress); Marshal.WriteInt32(pData, 8, sendaddress);
Code:uint targetid = 0x8000000; MemoryStream stream = new MemoryStream(); stream.Write(BitConverter.GetBytes(2), 0, 2); // 02 00 stream.Write(BitConverter.GetBytes(targetid), 0, 4); byte[] data = stream.ToArray(); Marshal.Copy(data, 0, (IntPtr)(pData.ToInt64() + 44), data.Length); // writing the buffer to (data+11) position Marshal.WriteInt32(pData, 40, data.Length); // writing the buffer size to *(data+10) Marshal.WriteInt32(pData, 0, 1) // writing command 1
in C++ dll
Code:
#pragma managed(push,off)
void dostuff(){
HANDLE hMap = CreateFileMapping(INVALID_HANDLE_VALUE, NULL, PAGE_READWRITE, 0, 64000, TEXT("FileMapping"));
unsigned int *data = (unsigned int*) MapViewOfFile(hMap, FILE_MAP_ALL_ACCESS, 0, 0, 64000);
while (true)
{
if (*data == 99) break; // command 99 = exit thread and unload the DLL
if (*data == 1) // send function command
{
unsigned int base = *(data+1);
unsigned int send = *(data+2);
unsigned int lengthP = *(data+10);
unsigned int *buffer = data+11;
__asm
{
pushad;
push lengthP;
push buffer;
mov eax, base;
mov edx, [eax];
mov ecx, [edx+0x20];
mov esi, send;
call esi;
popad;
ret;
}
*data = 0;
}
Sleep(5);
}
}
#pragma managed(pop)
Code:
void FileMappingService::inject(){
// open process
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pID);
// allocate memory for thread
LPVOID ThreadCodeAddr = VirtualAllocEx(hProcess, 0, 68096, MEM_COMMIT, PAGE_READWRITE);
// write the thread function into it
LPVOID Func = dostuff;
WriteProcessMemory(hProcess, ThreadCodeAddr, Func, 68096, 0);
//start thread
HANDLE hThread = CreateRemoteThread(hProcess, 0, 0,(LPTHREAD_START_ROUTINE)ThreadCodeAddr, 0, 0, 0);
//wait for thread to execute
WaitForSingleObject(hThread, INFINITE);
// cleanup
CloseHandle(hThread);
VirtualFreeEx(hProcess, ThreadCodeAddr, 68096, MEM_RELEASE);
CloseHandle(hProcess);
}
Code:
service = new FileMappingService(pID);
service.inject();
10/19/2010 19:56
vuduy#648
Umm, how do you get a DLL to inject itself? A DLL is a library - not an application; a library has to be loaded; it cannot be run. If you loaded a library to the process already then what/where are you injecting?
What you want to do is to make the game loads your DLL into its running process, so that the DLL has full access to all the memory/functions, and has its working thread there. To do that, you have to inject code to the gane's process to load the DLL.
Upon loading, your DllMain will spawn a thread that setups IPC and the loop. That's it.
The actual injection is done by your C# program by calling CreateRemoteThread to execute the "LoadLibrary" with the Dll's filename onto the game's process.
What you want to do is to make the game loads your DLL into its running process, so that the DLL has full access to all the memory/functions, and has its working thread there. To do that, you have to inject code to the gane's process to load the DLL.
Upon loading, your DllMain will spawn a thread that setups IPC and the loop. That's it.
The actual injection is done by your C# program by calling CreateRemoteThread to execute the "LoadLibrary" with the Dll's filename onto the game's process.
10/20/2010 02:17
aZnxBoixc#649
hmmm y the bot keep searching for target but it wont atk after i set the target mobs already?
10/20/2010 04:07
xuannhat2208#650
i have the same issue ? something wrong with mob address
10/20/2010 07:37
irishsailor84#651
Awesome Bot works great...sept when i have pet attack first,.. my veno runs to where the monster is then the pet will attack but means if mon is aggro it hits me a few times before the pet...no biggy i just don't have pet attack first, is there a way to have the pet attack with its others skills like alt 2 3 ? or just the skill i have right clicked. I know you guys are busy and just some ideas....Other then that your work is awesome!!!
10/20/2010 08:54
serpentmind#652
Hi Interest07, thanks for your help. The auto follow is now working as expected ^_^
10/20/2010 11:32
Interest07#653
Happy to hear it :)Quote:
10/24/2010 00:54
botter69#654
Air targetting is somewhat sketchy
10/26/2010 02:54
howldudu#655
and the offsets...
Already working in others pw , like MA, etc?
or still limited to pwi?
Already working in others pw , like MA, etc?
or still limited to pwi?
10/26/2010 10:14
Interest07#656
As far as I know this bot will ever only really support PWI, although you are free to edit the source code / offsets of course :)
10/26/2010 19:34
howldudu#657
interest... I tried so many ways to find offsets, the maximum I got is from the pet, X Y I tried search on CE , change cordinates , what point acess etc etc...
Anyway, I dont wana a free fast easy program to get all ofsets, but you can give a tip how I can get the others offsets? xD, program,debugs areas
Anyway, I dont wana a free fast easy program to get all ofsets, but you can give a tip how I can get the others offsets? xD, program,debugs areas
10/29/2010 07:25
tidori45#658
some one can help me with this code, i use for my bot, for targetting using TAB, but its fail, tab not select preffered monster but all monster, can some to help me thx :handsdown:
10/30/2010 05:21
penipu81#659
why sometime my char is not want attack the monsters (silent) ???
10/30/2010 14:29
aminlv#660
What can i say awesome job :)
just some times script stop working and char get killed after while
and one more problem on item pickup if even u set pick 100 item always pick closest item and giveup rest idk why tho any one have any idea about this :confused:
just some times script stop working and char get killed after while
and one more problem on item pickup if even u set pick 100 item always pick closest item and giveup rest idk why tho any one have any idea about this :confused: