Answer to How PWI is exploited

Page 5 of 5

04/15/2013 10:27 Afro-Head#61

Quote:

Originally Posted by Interest07

Ehmm, I believe it can be found in a tiny array before you take the +0xC pointer. But it's been a long time ago since I did anything with this, you'll just have to browse the memory along the pointer chain to find it.

Any chance that you can take a look in your Bot source and post the function you used ?
Im not so pro to find anything, since i don't know exactly for what i should search :(

I start looking here: ((charBase + buylist) +0x10))
Browsing from 0x0 up to 0x7d0 and try to find an array with some results like 10,11,12,13,14...

I also set up a Catshop and try to find the Cell Numbers for my shop.
If i sell 5 Items like:
12345
XXXXX

and the fourth Item is sold out it looks for me like:
12345
XXX_X

for other players it looks like this:
1234
XXXX

So the Cell Count is stored in the Playerbase of selected Player and not in the Buy/Sell list or a totally different place ?
I think i don't see the point, just to much Numbers :o

Thank you.

04/15/2013 11:48 Interest07#62

Ok, the following function shows how to read in the items from a catshop. The part you already know how to do is the first two lines, giving maxItemCount and itemListAddress. The one to pay attention to is the 'specialListAddress' (stupid name but oh well). You'll notice in the pwi item constructor it passes along an index, this is the special index you are interested in, which can be found at MemFunctions.MemReadInt(pr_processHandle, specialListAddress + i * 0x10)

Ignore the 4th parameter here, I don't think it's important for what you're trying to do.

PHP Code:


			
        public void updateList()
        {
            int maxItemCount = MemFunctions.MemReadInt(pr_processHandle, pr_address + 0x10);
            int itemListAddress = MemFunctions.MemReadInt(pr_processHandle, pr_address + 0xC);
            int specialListAddress = MemFunctions.MemReadInt(pr_processHandle, pr_address + 0x24);
            itemList = new PWI_Item[maxItemCount];
            int itemAddress;
            for (int i = 0; i < maxItemCount; i++)
            {
                itemAddress = MemFunctions.MemReadInt(pr_processHandle, itemListAddress + i * 0x4);
                PWI_Item newItem = new PWI_Item(pr_processHandle, itemAddress, MemFunctions.MemReadInt(pr_processHandle, specialListAddress + i * 0x10), MemFunctions.MemReadShort(pr_processHandle, specialListAddress + i * 0x10 + 12));
                if (itemAddress > 0)
                {
                    updateDescription(itemAddress);
                }
                newItem.updateValues();
                itemList[i] = newItem;

            }


        }


        //Item constructor
        public PWI_Item(IntPtr processHandle, int structureAddress, int index, short specialVar)
        {
            pr_processHandle = processHandle;
            pr_structureAddress = structureAddress;
            pr_description = "";
            realIndex = index;
            special = specialVar;
        }

Keep in mind that this code is a couple of hard disks old, so the offsets might have changed a bit, but I expect the mechanics to be the same.

04/15/2013 12:09 n05f3247u#63

but basically what is all this for? exploiting catshops? or getting different items trough website item send?

04/15/2013 13:30 Interest07#64

Quote:

Originally Posted by n05f3247u

but basically what is all this for? exploiting catshops? or getting different items trough website item send?

Why does everything have to be an exploit or a hack or cheat to gain an unintended advantage. This is simply how to buy items from a catshop via code instead of manually clicking stuff.

04/15/2013 13:48 Afro-Head#65

Quote:

Originally Posted by Interest07

Ok, the following function shows how to read in the items from a catshop. The part you already know how to do is the first two lines, giving maxItemCount and itemListAddress. The one to pay attention to is the 'specialListAddress' (stupid name but oh well). You'll notice in the pwi item constructor it passes along an index, this is the special index you are interested in, which can be found at MemFunctions.MemReadInt(pr_processHandle, specialListAddress + i * 0x10)

Ignore the 4th parameter here, I don't think it's important for what you're trying to do.

PHP Code:

public void updateList() { int maxItemCount = MemFunctions.MemReadInt(pr_processHandle, pr_address + 0x10); int itemListAddress = MemFunctions.MemReadInt(pr_processHandle, pr_address + 0xC); int specialListAddress = MemFunctions.MemReadInt(pr_processHandle, pr_address + 0x24); itemList = new PWI_Item[maxItemCount]; int itemAddress; for (int i = 0; i < maxItemCount; i++) { itemAddress = MemFunctions.MemReadInt(pr_processHandle, itemListAddress + i * 0x4); PWI_Item newItem = new PWI_Item(pr_processHandle, itemAddress, MemFunctions.MemReadInt(pr_processHandle, specialListAddress + i * 0x10), MemFunctions.MemReadShort(pr_processHandle, specialListAddress + i * 0x10 + 12)); if (itemAddress > 0) { updateDescription(itemAddress); } newItem.updateValues(); itemList[i] = newItem; } } //Item constructor public PWI_Item(IntPtr processHandle, int structureAddress, int index, short specialVar) { pr_processHandle = processHandle; pr_structureAddress = structureAddress; pr_description = ""; realIndex = index; special = specialVar; }

Keep in mind that this code is a couple of hard disks old, so the offsets might have changed a bit, but I expect the mechanics to be the same.

Thanks a lot Interest07 :handsdown:
That explain a lot more to me and im sure i can find the right offsets for this.

So there is a Pointer to the right Index, i need to get first and then call with the item i actual read out the Information.

I better don't ask how you find this all out :o

Quote:

Originally Posted by n05f3247u

but basically what is all this for? exploiting catshops? or getting different items trough website item send?

omg :mad:

04/15/2013 14:47 n05f3247u#66

sorry omg didnt mean to hurt your feelings people... i am not a coding addict >-< just curiousity

05/24/2013 00:12 EvilEye23#67

:D Hi, i know this is probably some sort of necro to an incredibly old thread or something..
but..I was wondering how you built that web proxy that did those things? :confused:
I just wanna toy with it and see how it works so i would be very grateful if someone showed me how to make one :handsdown:
(and yes, I realize the bug's been fixed. I'm not after the bug/exploit).

05/24/2013 00:57 Murmuring#68

Quote:

Originally Posted by EvilEye23

:D Hi, i know this is probably some sort of necro to an incredibly old thread or something..
but..I was wondering how you built that web proxy that did those things? :confused:
I just wanna toy with it and see how it works so i would be very grateful if someone showed me how to make one :handsdown:
(and yes, I realize the bug's been fixed. I'm not after the bug/exploit).

you dont need a proxy, just use a modern browser and edit the page while watching.
works fine with opera, just right click and go...
for firefox theres a plugin:
[Only registered and activated users can see links. Click Here To Register...]

05/25/2013 00:58 EvilEye23#69

Quote:

Originally Posted by Murmuring

you dont need a proxy, just use a modern browser and edit the page while watching.
works fine with opera, just right click and go...
for firefox theres a plugin:
[Only registered and activated users can see links. Click Here To Register...]

Ty :p I'm new at this stuff and browsing randomly, tbh.
Oh, and yes I realize questions here are not promoted-I just asked since it was an old thread that had the topic I wanted to know about anyways.

10/25/2014 05:33 xxaquilexx#70

Im guessing those codes aint working anymore through ARC? anyone has anything similar atm?

10/26/2014 12:25 deltadagger#71

Quote:

Originally Posted by xxaquilexx

Im guessing those codes aint working anymore through ARC? anyone has anything similar atm?

and guess that everyone who used it got banned :p

Page 5 of 5

« First