DurianMontong, I think that is only way to do so, is using game movements, and not the auto follow, because auto follow is only make the others follow the leader and not make a formation, what you can do is read leader position and use movement function to make the other to "run along". Now I curios why you want to do this? :D
PWI Elysium Changes
06/01/2016 15:22
louco89#61
06/01/2016 21:20
jasty#62
autoit is really bad for squad level control due to a lack of multi threading. I have to cycle through each client process and issue commands individually (usually have to move on to next client before the command has finished executing). If its something complicated I have to write totally separate bot for each character.
06/02/2016 03:14
DurianMontong#63
:D its for fun formation , did you know Smurfin already use that formation :DQuote:
DurianMontong, I think that is only way to do so, is using game movements, and not the auto follow, because auto follow is only make the others follow the leader and not make a formation, what you can do is read leader position and use movement function to make the other to "run along". Now I curios why you want to do this? :D
i hope he read this post n share the autoit code
i not luck use movexyz it always force close in windows 10, but auto path work
hi need help Func that check $GAME_TITLE = "2" / $GAME_TITLE = "3" if nof not avaliable skip the Roll2() n Roll3() in Roll3X() because autoit force close if $GAME_TITLE = "2" / $GAME_TITLE = "3" not login
Func Roll3X()
Roll1()
Roll2()
Roll3()
EndFunc
Func Roll1()
$GAME_TITLE = "1"
$pid = WinGetProcess($GAME_TITLE)
Rool($pid)
EndFunc
Func Roll2()
$GAME_TITLE = "2"
$pid = WinGetProcess($GAME_TITLE)
Roll($pid)
EndFunc
Func Roll3()
$GAME_TITLE = "3"
$pid = WinGetProcess($GAME_TITLE)
Roll($pid)
EndFunc
Func Roll($pid)
local $packet, $packetSize
$packet = '9C00'
$packetSize = 2
sendPacket($packet, $packetSize, $pid)
EndFunc
06/02/2016 15:39
louco89#64
DurianMontong, I don't use autoit(i use delphi :rolleyes:), but I think is like others languages and I search a little and found this:
Hope someone can help if this is not the correct way :)
And game do not support movexyz with write memory only, because the game change that a time ago, now just autopatch.
PHP Code:
If WinExists($hWnd) Then....
or
; Test if the window was found and display the results.
If IsHWnd($hWnd) Then...
And game do not support movexyz with write memory only, because the game change that a time ago, now just autopatch.
06/02/2016 18:05
sasukezero#65
I use infiniteCore to solve the issue of multi threading. It works perfectly fine and i don't have any issues with it. Just has its own rules and you gotta have to look into it. Keep in mind to not use any global variables if you use it. I read all offsets etc in over a File or send values to the processes.
Here is a link:[Only registered and activated users can see links. Click Here To Register...]
Here is a link:[Only registered and activated users can see links. Click Here To Register...]
06/22/2016 20:56
sasukezero#66
So that i don't have to change 2 posts :)
when the char is logged into the game doesn't work anymore. Now in 955 it will simply switch to 0, which is no change to when first char is selected others you'll see.
Edit1: If you use as last offset 0xA54 then you can check for 4294967295 as a login trigger. It will have this variable whenever you're ingame. You'll get the number of chars you have while in char select :)
For those who used krueger's Charchoose offset chain, to check for $var > 10 so that you knowQuote:
when the char is logged into the game doesn't work anymore. Now in 955 it will simply switch to 0, which is no change to when first char is selected others you'll see.
As i leave my char most of the time in a city etc. i scan simply for npc's around me. If Ubound($npcarray) <> 0 then....that way you know. That's how i do it tho :)Quote:
Edit1: If you use as last offset 0xA54 then you can check for 4294967295 as a login trigger. It will have this variable whenever you're ingame. You'll get the number of chars you have while in char select :)
07/15/2016 12:55
sasukezero#67
I have checked out the package listener which jasty has shared here:
However, I would be more interested in incoming packages and read them myself. Like work with the stream of information that pwi is providing. Has anyone yet taken a look at that?Quote:
07/15/2016 13:40
Sᴡoosh#68
I have, a long time ago :Quote:
However, I would be more interested in incoming packages and read them myself. Like work with the stream of information that pwi is providing. Has anyone yet taken a look at that?
[Only registered and activated users can see links. Click Here To Register...]
Patched executable in memory, detoured call, read packet, jumped back. The address finding probably doesn't work anymore, but this was the function :
This hook captured every packet recieved that is encrypted - so it does not include initial handshake before RC4 key negotiation, since the function I hooked is part of the decryption process.Quote:
00779F70 . 8B5424 04 MOV EDX, DWORD PTR SS:[ESP+4] ; mswsock.703E17CD
00779F74 . 56 PUSH ESI
00779F75 . 8BF1 MOV ESI, ECX
00779F77 . 52 PUSH EDX
00779F78 . 8B46 08 MOV EAX, DWORD PTR DS:[ESI+8]
00779F7B . 8D4E 08 LEA ECX, DWORD PTR DS:[ESI+8]
00779F7E . FF50 0C CALL DWORD PTR DS:[EAX+C]
00779F81 . 50 PUSH EAX ; /Arg1 = 00000000
00779F82 . 8D8E 14010000 LEA ECX, DWORD PTR DS:[ESI+114] ; |
00779F88 . E8 13000000 CALL ELEMENTC.00779FA0 ; \ELEMENTC.00779FA0
00779F8D . 5E POP ESI ; ntdll_18.7764F8D1
00779F8E . C2 0400 RETN 4
Some screenshots of what's possible : [Only registered and activated users can see links. Click Here To Register...]
07/15/2016 16:20
sasukezero#69
That looks really good! Thank you for sharing!
I was worried about the encrypted packages as you cannot just sniff them. I'm not familiar with delphi. However, I stumbled upon the missing xorMembridge.pas.
Seems to be a library or a source that I cannot find. Have you created it yourself?
I found the function itself, which is at 0x821EB0 now. So, I guess it should still be working as it's still the same:
I was worried about the encrypted packages as you cannot just sniff them. I'm not familiar with delphi. However, I stumbled upon the missing xorMembridge.pas.
Seems to be a library or a source that I cannot find. Have you created it yourself?
I found the function itself, which is at 0x821EB0 now. So, I guess it should still be working as it's still the same:
Quote:
.text:00821EB0 mov edx, [esp+arg_0]
.text:00821EB4 push esi
.text:00821EB5 mov esi, ecx
.text:00821EB7 push edx
.text:00821EB8 mov eax, [esi+8]
.text:00821EBB lea ecx, [esi+8]
.text:00821EBE call dword ptr [eax+0Ch]
.text:00821EC1 push eax
.text:00821EC2 lea ecx, [esi+114h]
.text:00821EC8 call sub_821EE0
.text:00821ECD pop esi
.text:00821ECE retn 4
07/16/2016 15:12
Sᴡoosh#70
Yeah, I wrote that. Not needed for basic idea.
Just rip out what you need and compile yourself, if you found the address it should work same way. What I did was create a shared memoory section, and have bot read that. Shared memory was implemented in a ringbuffer fashion.
Just rip out what you need and compile yourself, if you found the address it should work same way. What I did was create a shared memoory section, and have bot read that. Shared memory was implemented in a ringbuffer fashion.
07/16/2016 17:14
sasukezero#71
Ahhh ok, that's what it was for. Could have known that by the name Membridge, but was confused by the xor as that is also used for decryption/encryption.
I'll dig into it and see what I can make out of it. Like you wrote before, it gives you all the advantages of a clientless bot. Overall really interesting.
Thank you very much again for sharing! Now I have some work in front of me :)
I'll dig into it and see what I can make out of it. Like you wrote before, it gives you all the advantages of a clientless bot. Overall really interesting.
Thank you very much again for sharing! Now I have some work in front of me :)
07/24/2016 19:11
DurianMontong#72
need help why some time i got reverse hex
_RevHex not working is same as _Hex the value
$packet &= _Hex($factionid)
DD CC BB AA
after revhex still
$packet &= _RevHex($factionid)
DD CC BB AA
_RevHex not working is same as _Hex the value
$packet &= _Hex($factionid)
DD CC BB AA
after revhex still
$packet &= _RevHex($factionid)
DD CC BB AA
07/25/2016 01:17
jasty#73
Hex() is forward (default function) and _Hex() is reverse byte order.Quote:
_RevHex not working is same as _Hex the value
$packet &= _Hex($factionid)
DD CC BB AA
after revhex still
$packet &= _RevHex($factionid)
DD CC BB AA
08/03/2016 08:37
DurianMontong#74
hi can someone give me sample func for read position realtime in GUI, like when i move
i use this but it not real time i must change one to another position x y z
Func PlayerPos1()
$GAME_TITLE = "1"
$GAME_PID = WinGetProcess($GAME_TITLE)
$GAME_PROCESS = _MemoryOpen($GAME_PID)
$Player = _MemoryRead(_MemoryRead(_MemoryRead($ADDRESS_BASE, $GAME_PROCESS) + 0x1C, $GAME_PROCESS) + $Player_Offset, $GAME_PROCESS)
Dim $pos[3]
$pos[0] = _MemoryRead($Player + 0x3C, $GAME_PROCESS, 'float')
$pos[1] = _MemoryRead($Player + 0x44, $GAME_PROCESS, 'float')
$pos[2] = _MemoryRead($Player + 0x40, $GAME_PROCESS, 'float')
_MemoryClose($GAME_PID)
MsgBox("", "", $pos[0])
EndFunc
i use this but it not real time i must change one to another position x y z
Func PlayerPos1()
$GAME_TITLE = "1"
$GAME_PID = WinGetProcess($GAME_TITLE)
$GAME_PROCESS = _MemoryOpen($GAME_PID)
$Player = _MemoryRead(_MemoryRead(_MemoryRead($ADDRESS_BASE, $GAME_PROCESS) + 0x1C, $GAME_PROCESS) + $Player_Offset, $GAME_PROCESS)
Dim $pos[3]
$pos[0] = _MemoryRead($Player + 0x3C, $GAME_PROCESS, 'float')
$pos[1] = _MemoryRead($Player + 0x44, $GAME_PROCESS, 'float')
$pos[2] = _MemoryRead($Player + 0x40, $GAME_PROCESS, 'float')
_MemoryClose($GAME_PID)
MsgBox("", "", $pos[0])
EndFunc
08/04/2016 07:09
denzjh#75
Try the code below or see the Test2.au3 inside the attached [Only registered and activated users can see links. Click Here To Register...] file. NomadMemory.au3 is included in the zip file. If you want the function to be called outside the main loop, you can also use AdlibRegister.Quote:
i use this but it not real time i must change one to another position x y z
Func PlayerPos1()
$GAME_TITLE = "1"
$GAME_PID = WinGetProcess($GAME_TITLE)
$GAME_PROCESS = _MemoryOpen($GAME_PID)
$Player = _MemoryRead(_MemoryRead(_MemoryRead($ADDRESS_BASE, $GAME_PROCESS) + 0x1C, $GAME_PROCESS) + $Player_Offset, $GAME_PROCESS)
Dim $pos[3]
$pos[0] = _MemoryRead($Player + 0x3C, $GAME_PROCESS, 'float')
$pos[1] = _MemoryRead($Player + 0x44, $GAME_PROCESS, 'float')
$pos[2] = _MemoryRead($Player + 0x40, $GAME_PROCESS, 'float')
_MemoryClose($GAME_PID)
MsgBox("", "", $pos[0])
EndFunc
I hope this is what you are looking for.