Sending Packets

Quote:

#include <GUIButton.au3> #include <GUIToolbar.au3> #include <GUIConstantsEx.au3> #include <ProgressConstants.au3> #include <StaticConstants.au3> #include <WindowsConstants.au3> #include <EditConstants.au3> #include <NomadMemory.au3> #include <Array.au3> Global $kernel32 = DllOpen('kernel32.dll') Global $pid = ProcessExists('elementclient.exe') global $realBaseAddress = 10229012 global $sendPacketFunction = 0x005BD7B0 DllClose($kernel32) Func dropGold($amount, $pid) ;Drops $amount of gold to floor local $packet, $packetSize $packet = '1400' $packet &= _hex($amount) $packetSize = 6 sendPacket($packet, $packetSize, $pid) EndFunc Func sendPacket($packet, $packetSize, $pid) ;Declare local variables Local $pRemoteThread, $vBuffer, $loop, $result, $OPcode, $processHandle, $packetAddress ;Open process for given processId $processHandle = memopen($pid) ;Allocate memory for the OpCode and retrieve address for this $functionAddress = DllCall($kernel32, 'int', 'VirtualAllocEx', 'int', $processHandle, 'ptr', 0, 'int', 0x46, 'int', 0x1000, 'int', 0x40) ;Allocate memory for the packet to be sent and retrieve the address for this $packetAddress = DllCall($kernel32, 'int', 'VirtualAllocEx', 'int', $processHandle, 'ptr', 0, 'int', $packetSize, 'int', 0x1000, 'int', 0x40) ;Construct the OpCode for calling the 'SendPacket' function $OPcode &= '60' ;PUSHAD $OPcode &= 'B8'&_hex($sendPacketFunction) ;MOV EAX, sendPacketAddress $OPcode &= '8B0D'&_hex($realBaseAddress) ;MOV ECX, DWORD PTR [revBaseAddress] $OPcode &= '8B4920' ;MOV ECX, DWORD PTR [ECX+20] $OPcode &= 'BF'&_hex($packetAddress[0]) ;MOV EDI, packetAddress //src pointer $OPcode &= '6A'&_hex($packetSize,2) ;PUSH packetSize //size $OPcode &= '57' ;PUSH EDI $OPcode &= 'FFD0' ;CALL EAX $OPcode &= '61' ;POPAD $OPcode &= 'C3' ;RET ;Put the OpCode into a struct for later memory writing $vBuffer = DllStructCreate('byte[' & StringLen($OPcode) / 2 & ']') For $loop = 1 To DllStructGetSize($vBuffer) DllStructSetData($vBuffer, 1, Dec(StringMid($OPcode, ($loop - 1) * 2 + 1, 2)), $loop) Next ;Write the OpCode to previously allocated memory DllCall($kernel32, 'int', 'WriteProcessMemory', 'int', $processHandle, 'int', $functionAddress[0], 'int', DllStructGetPtr($vBuffer), 'int', DllStructGetSize($vBuffer), 'int', 0) ;Put the packet into a struct for later memory writing $vBuffer = DllStructCreate('byte[' & StringLen($packet) / 2 & ']') For $loop = 1 To DllStructGetSize($vBuffer) DllStructSetData($vBuffer, 1, Dec(StringMid($packet, ($loop - 1) * 2 + 1, 2)), $loop) Next ;Write the packet to previously allocated memory DllCall($kernel32, 'int', 'WriteProcessMemory', 'int', $processHandle, 'int', $packetAddress[0], 'int', DllStructGetPtr($vBuffer), 'int', DllStructGetSize($vBuffer), 'int', 0) ;Create a remote thread in order to run the OpCode $hRemoteThread = DllCall($kernel32, 'int', 'CreateRemoteThread', 'int', $processHandle, 'int', 0, 'int', 0, 'int', $functionAddress[0], 'ptr', 0, 'int', 0, 'int', 0) ;Wait for the remote thread to finish Do $result = DllCall('kernel32.dll', 'int', 'WaitForSingleObject', 'int', $hRemoteThread[0], 'int', 50) Until $result[0] <> 258 ;Close the handle to the previously created remote thread DllCall($kernel32, 'int', 'CloseHandle', 'int', $hRemoteThread[0]) ;Free the previously allocated memory DllCall($kernel32, 'ptr', 'VirtualFreeEx', 'hwnd', $processHandle, 'int', $functionAddress[0], 'int', 0, 'int', 0x8000) DllCall($kernel32, 'ptr', 'VirtualFreeEx', 'hwnd', $processHandle, 'int', $packetAddress[0], 'int', 0, 'int', 0x8000) ;Close the Process memclose($processHandle) Return True EndFunc Func memopen($pid) Local $mid = DllCall($kernel32, 'int', 'OpenProcess', 'int', 0x1F0FFF, 'int', 1, 'int', $pid) Return $mid[0] EndFunc Func memclose($mid) DllCall($kernel32, 'int', 'CloseHandle', 'int', $mid) EndFunc Func _hex($Value, $size=8) Local $tmp1, $tmp2, $i $tmp1 = StringRight("000000000" & Hex($Value),$size) For $i = 0 To StringLen($tmp1) / 2 - 1 $tmp2 = $tmp2 & StringMid($tmp1, StringLen($tmp1) - 1 - 2 * $i, 2) Next Return $tmp2 EndFunc

true or false may script isn't work (PW indonesia)

You aren't calling a single function in that script, so it will do nothing. If that's what you intend it to do then it will work ;)

You might want to add a line saying:
dropGold(1, $pid)
for example

Quote:

#include <GUIButton.au3> #include <GUIToolbar.au3> #include <GUIConstantsEx.au3> #include <ProgressConstants.au3> #include <StaticConstants.au3> #include <WindowsConstants.au3> #include <EditConstants.au3> #include <NomadMemory.au3> #include <Array.au3> Global $kernel32 = DllOpen('kernel32.dll') Global $pid = ProcessExists('elementclient.exe') global $realBaseAddress = 10229012 global $sendPacketFunction = 0x005BD7B0 DllClose($kernel32) Func dropGold($1, $pid) ;Drops $amount of gold to floor local $packet, $packetSize $packet = '1400' $packet &= _hex($amount) $packetSize = 6 sendPacket($packet, $packetSize, $pid) EndFunc Func sendPacket($packet, $packetSize, $pid) ;Declare local variables Local $pRemoteThread, $vBuffer, $loop, $result, $OPcode, $processHandle, $packetAddress ;Open process for given processId $processHandle = memopen($pid) ;Allocate memory for the OpCode and retrieve address for this $functionAddress = DllCall($kernel32, 'int', 'VirtualAllocEx', 'int', $processHandle, 'ptr', 0, 'int', 0x46, 'int', 0x1000, 'int', 0x40) ;Allocate memory for the packet to be sent and retrieve the address for this $packetAddress = DllCall($kernel32, 'int', 'VirtualAllocEx', 'int', $processHandle, 'ptr', 0, 'int', $packetSize, 'int', 0x1000, 'int', 0x40) ;Construct the OpCode for calling the 'SendPacket' function $OPcode &= '60' ;PUSHAD $OPcode &= 'B8'&_hex($sendPacketFunction) ;MOV EAX, sendPacketAddress $OPcode &= '8B0D'&_hex($realBaseAddress) ;MOV ECX, DWORD PTR [revBaseAddress] $OPcode &= '8B4920' ;MOV ECX, DWORD PTR [ECX+20] $OPcode &= 'BF'&_hex($packetAddress[0]) ;MOV EDI, packetAddress //src pointer $OPcode &= '6A'&_hex($packetSize,2) ;PUSH packetSize //size $OPcode &= '57' ;PUSH EDI $OPcode &= 'FFD0' ;CALL EAX $OPcode &= '61' ;POPAD $OPcode &= 'C3' ;RET ;Put the OpCode into a struct for later memory writing $vBuffer = DllStructCreate('byte[' & StringLen($OPcode) / 2 & ']') For $loop = 1 To DllStructGetSize($vBuffer) DllStructSetData($vBuffer, 1, Dec(StringMid($OPcode, ($loop - 1) * 2 + 1, 2)), $loop) Next ;Write the OpCode to previously allocated memory DllCall($kernel32, 'int', 'WriteProcessMemory', 'int', $processHandle, 'int', $functionAddress[0], 'int', DllStructGetPtr($vBuffer), 'int', DllStructGetSize($vBuffer), 'int', 0) ;Put the packet into a struct for later memory writing $vBuffer = DllStructCreate('byte[' & StringLen($packet) / 2 & ']') For $loop = 1 To DllStructGetSize($vBuffer) DllStructSetData($vBuffer, 1, Dec(StringMid($packet, ($loop - 1) * 2 + 1, 2)), $loop) Next ;Write the packet to previously allocated memory DllCall($kernel32, 'int', 'WriteProcessMemory', 'int', $processHandle, 'int', $packetAddress[0], 'int', DllStructGetPtr($vBuffer), 'int', DllStructGetSize($vBuffer), 'int', 0) ;Create a remote thread in order to run the OpCode $hRemoteThread = DllCall($kernel32, 'int', 'CreateRemoteThread', 'int', $processHandle, 'int', 0, 'int', 0, 'int', $functionAddress[0], 'ptr', 0, 'int', 0, 'int', 0) ;Wait for the remote thread to finish Do $result = DllCall('kernel32.dll', 'int', 'WaitForSingleObject', 'int', $hRemoteThread[0], 'int', 50) Until $result[0] <> 258 ;Close the handle to the previously created remote thread DllCall($kernel32, 'int', 'CloseHandle', 'int', $hRemoteThread[0]) ;Free the previously allocated memory DllCall($kernel32, 'ptr', 'VirtualFreeEx', 'hwnd', $processHandle, 'int', $functionAddress[0], 'int', 0, 'int', 0x8000) DllCall($kernel32, 'ptr', 'VirtualFreeEx', 'hwnd', $processHandle, 'int', $packetAddress[0], 'int', 0, 'int', 0x8000) ;Close the Process memclose($processHandle) Return True EndFunc Func memopen($pid) Local $mid = DllCall($kernel32, 'int', 'OpenProcess', 'int', 0x1F0FFF, 'int', 1, 'int', $pid) Return $mid[0] EndFunc Func memclose($mid) DllCall($kernel32, 'int', 'CloseHandle', 'int', $mid) EndFunc Func _hex($Value, $size=8) Local $tmp1, $tmp2, $i $tmp1 = StringRight("000000000" & Hex($Value),$size) For $i = 0 To StringLen($tmp1) / 2 - 1 $tmp2 = $tmp2 & StringMid($tmp1, StringLen($tmp1) - 1 - 2 * $i, 2) Next Return $tmp2 EndFunc

@Interest07
not work work in PW indonesia can repair my script!!!

@Khansa

You need to change your dropGold function back to the way it was

dropGold($amount, $pid)

and then insert a line like what Interest07 said, to actually call your function

thanks zen hehehe ;)

Quote:

#include <GUIButton.au3> #include <GUIToolbar.au3> #include <GUIConstantsEx.au3> #include <ProgressConstants.au3> #include <StaticConstants.au3> #include <WindowsConstants.au3> #include <EditConstants.au3> #include <NomadMemory.au3> #include <Array.au3> Global $kernel32 = DllOpen('kernel32.dll') Global $pid = ProcessExists('elementclient.exe') global $realBaseAddress = 0x009C1514 global $sendPacketFunction = 0x005BD7B0 DllClose($kernel32) Func dropGold($amount, $pid) dropGold(1, $pid) ;Drops $amount of gold to floor local $packet, $packetSize $packet = '1400' $packet &= _hex($amount) $packetSize = 6 sendPacket($packet, $packetSize, $pid) EndFunc Func sendPacket($packet, $packetSize, $pid) ;Declare local variables Local $pRemoteThread, $vBuffer, $loop, $result, $OPcode, $processHandle, $packetAddress ;Open process for given processId $processHandle = memopen($pid) ;Allocate memory for the OpCode and retrieve address for this $functionAddress = DllCall($kernel32, 'int', 'VirtualAllocEx', 'int', $processHandle, 'ptr', 0, 'int', 0x46, 'int', 0x1000, 'int', 0x40) ;Allocate memory for the packet to be sent and retrieve the address for this $packetAddress = DllCall($kernel32, 'int', 'VirtualAllocEx', 'int', $processHandle, 'ptr', 0, 'int', $packetSize, 'int', 0x1000, 'int', 0x40) ;Construct the OpCode for calling the 'SendPacket' function $OPcode &= '60' ;PUSHAD $OPcode &= 'B8'&_hex($sendPacketFunction) ;MOV EAX, sendPacketAddress $OPcode &= '8B0D'&_hex($realBaseAddress) ;MOV ECX, DWORD PTR [revBaseAddress] $OPcode &= '8B4920' ;MOV ECX, DWORD PTR [ECX+20] $OPcode &= 'BF'&_hex($packetAddress[0]) ;MOV EDI, packetAddress //src pointer $OPcode &= '6A'&_hex($packetSize,2) ;PUSH packetSize //size $OPcode &= '57' ;PUSH EDI $OPcode &= 'FFD0' ;CALL EAX $OPcode &= '61' ;POPAD $OPcode &= 'C3' ;RET ;Put the OpCode into a struct for later memory writing $vBuffer = DllStructCreate('byte[' & StringLen($OPcode) / 2 & ']') For $loop = 1 To DllStructGetSize($vBuffer) DllStructSetData($vBuffer, 1, Dec(StringMid($OPcode, ($loop - 1) * 2 + 1, 2)), $loop) Next ;Write the OpCode to previously allocated memory DllCall($kernel32, 'int', 'WriteProcessMemory', 'int', $processHandle, 'int', $functionAddress[0], 'int', DllStructGetPtr($vBuffer), 'int', DllStructGetSize($vBuffer), 'int', 0) ;Put the packet into a struct for later memory writing $vBuffer = DllStructCreate('byte[' & StringLen($packet) / 2 & ']') For $loop = 1 To DllStructGetSize($vBuffer) DllStructSetData($vBuffer, 1, Dec(StringMid($packet, ($loop - 1) * 2 + 1, 2)), $loop) Next ;Write the packet to previously allocated memory DllCall($kernel32, 'int', 'WriteProcessMemory', 'int', $processHandle, 'int', $packetAddress[0], 'int', DllStructGetPtr($vBuffer), 'int', DllStructGetSize($vBuffer), 'int', 0) ;Create a remote thread in order to run the OpCode $hRemoteThread = DllCall($kernel32, 'int', 'CreateRemoteThread', 'int', $processHandle, 'int', 0, 'int', 0, 'int', $functionAddress[0], 'ptr', 0, 'int', 0, 'int', 0) ;Wait for the remote thread to finish Do $result = DllCall('kernel32.dll', 'int', 'WaitForSingleObject', 'int', $hRemoteThread[0], 'int', 50) Until $result[0] <> 258 ;Close the handle to the previously created remote thread DllCall($kernel32, 'int', 'CloseHandle', 'int', $hRemoteThread[0]) ;Free the previously allocated memory DllCall($kernel32, 'ptr', 'VirtualFreeEx', 'hwnd', $processHandle, 'int', $functionAddress[0], 'int', 0, 'int', 0x8000) DllCall($kernel32, 'ptr', 'VirtualFreeEx', 'hwnd', $processHandle, 'int', $packetAddress[0], 'int', 0, 'int', 0x8000) ;Close the Process memclose($processHandle) Return True EndFunc Func memopen($pid) Local $mid = DllCall($kernel32, 'int', 'OpenProcess', 'int', 0x1F0FFF, 'int', 1, 'int', $pid) Return $mid[0] EndFunc Func memclose($mid) DllCall($kernel32, 'int', 'CloseHandle', 'int', $mid) EndFunc Func _hex($Value, $size=8) Local $tmp1, $tmp2, $i $tmp1 = StringRight("000000000" & Hex($Value),$size) For $i = 0 To StringLen($tmp1) / 2 - 1 $tmp2 = $tmp2 & StringMid($tmp1, StringLen($tmp1) - 1 - 2 * $i, 2) Next Return $tmp2 EndFunc

whats wrong my script its not work i dont get gold ?????

Well, it would help if you understood the basics in programming I suppose. I'd suggest following a tutorial or two on AutoIt (or any other programming 'language'). In an AutoIt script, you declare functions by writing
Where you may have 0 to N parameters.

In order to perform said function, you 'call' the function elsewhere in the code. It is generally not advisable to call the same function inside the function itself unless you are expressly interested in recursion (which, trust me, you are not).

In AutoIt the code that will be performed upon starting the script will be in the top part, usually after declaring the global variables. Since the 'dropGold' function requires the $pid to be given, I'd suggest writing the function call to dropGold "dropGold(1, $pid)" after the bit of code where the $pid is retrieved.

So after
You'd put your function call for the packet you wish to send, just like in my first post of this thread.

And just to reiterate in case you didn't understand. You can NOT use packets to randomly spawn gold or exp or items or robot unicorns that shoot rainbows.

Iam confused!!! can you make TRUE SCript for PW indo plese??

I am currently using C# to send package to the server,after a while, about 3 or 4 times, the game client become stuck and not responding. Any suggestion for that error?
Thanks ^ ^

Quote:

Originally Posted by SunB I am currently using C# to send package to the server,after a while, about 3 or 4 times, the game client become stuck and not responding. Any suggestion for that error? Thanks ^ ^

I'm sorry I've never encountered any difficulties even after sending thousands of packets. You might want to ensure that the packets I've listed are the same for your version of PW. As someone has mentioned before somewhere in this thread, for the russian version of PW the packets for using skills might be different for example.

Quote:

Originally Posted by khansa Iam confused!!! can you make TRUE SCript for PW indo plese??

If my explanation confused you, you might want to follow some very basic tutorials on using AutoIt, how to use functions specifically...

I'm not here to write scripts for other people. I'm happy to help them achieve their goals if they have questions I can answer or I have information to share. Simply copy-pasting code and randomly expecting it to do what you want isn't the way to go. Try and understand what the code does instead.

Quote:

Originally Posted by Interest07 I'm sorry I've never encountered any difficulties even after sending thousands of packets. You might want to ensure that the packets I've listed are the same for your version of PW. As someone has mentioned before somewhere in this thread, for the russian version of PW the packets for using skills might be different for example.

Quote:

Originally Posted by Interest07 If my explanation confused you, you might want to follow some very basic tutorials on using AutoIt, how to use functions specifically... I'm not here to write scripts for other people. I'm happy to help them achieve their goals if they have questions I can answer or I have information to share. Simply copy-pasting code and randomly expecting it to do what you want isn't the way to go. Try and understand what the code does instead.

Interest07, i am both impressed and in awe of your patience and stamina when you are dealing with these .... erm.. cases. :)
I would have sent them to a "warm" place a long time ago.

So here is to you Interest07, keep up the good work, please send some patience my way and I'm dying of curiosity on how you will handle their follow up questions, such as: "why do I need to press compile?" or "does my computer need to be turned on for bot to work?". :)

Quote:

Originally Posted by Shareen Interest07, i am both impressed and in awe of your patience and stamina when you are dealing with these .... erm.. cases. :) I would have sent them to a "warm" place a long time ago. So here is to you Interest07, keep up the good work, please send some patience my way and I'm dying of curiosity on how you will handle their follow up questions, such as: "why do I need to press compile?" or "does my computer need to be turned on for bot to work?". :)

Hahaha :handsdown: I love the way you put that...
When I first happened across these forums and knew absolutely nothing about cheat engine, asm, etcetera I was helped a lot by posts from people such as yourself to enter this newly found realm (to me at least) inside of PW. That inspired me to try and share any knowledge I came across to help others in a similar manner. I've also come to understand where the occasional outburst of aggravation came from though ;)

I'm trying to keep my cool, even though I think some people are biting off a bit more than they can chew at times... :rolleyes:

lol Shareen, this forum needs someone knowledgeable with a lot of patience like Interest07 :D
He has been very very helpful :handsdown:

Quote:

Originally Posted by Interest07 I'm sorry I've never encountered any difficulties even after sending thousands of packets. You might want to ensure that the packets I've listed are the same for your version of PW. As someone has mentioned before somewhere in this thread, for the russian version of PW the packets for using skills might be different for example.

I can do self cast but I can not do it with target and after do 4-5 self cast spells, the game client become not responding. Maybe my code do something stupid with the game client. Anyway, thank for your respond ^ ^:D

P/s: Is there any problem if I open and close the process many time, for example, update game info, perform send package, scan for mob, items, npc?