Finding offsets for triggerbot

09/05/2012 22:41 EviLcLoWnS™#1
No discussing game automation or cheating(I have to say that autoit forums are so lame, i used to go there all the time). Now they cant help anyone lol?...

Well okay so i was wondering someone poster a triggerbot for firefall, and its all good, so they patched and now it wont work. Im not very exp in autoit, but can figure most things out pretty easy.

Wondering how to find the offsets in firefall here:
Quote:
SeDebugPrivilege()
$sExecutable = 'FirefallClient.exe'
$hProcess = OpenProcess(ProcessExists($sExecutable))
$lol = ProcessModuleGetBaseAddress($hProcess, $sExecutable)
CloseHandle($hProcess)

$stupid_offset1 = 0x01DF5352
$stupid_offset2 = 0x4
$stupid_offset3 = 0x10
$stupid_offset4 = 0x50
$stupid_offset5 = 0x4
$stupid_offset6 = 0x2bd

$ID=_MemoryOpen(ProcessExists("FirefallClient.exe" ))
IM wondering how to find them, Firefall i cant really arrow click on things, So finding the mob isent that easy, Name only pop up for a min.


full script
Code:
   #include <NomadMemory.au3>
   #include <GUIConstants.au3>
   #include <Misc.au3>
   #include <Array.au3>

   $talk = ObjCreate("SAPI.SpVoice")

HotKeySet('{ESC}','_exit')
HotKeySet('{PAUSE}','pause')
HotKeySet('{HOME}','play')

SeDebugPrivilege()
$sExecutable = 'FirefallClient.exe'
$hProcess = OpenProcess(ProcessExists($sExecutable))
$lol = ProcessModuleGetBaseAddress($hProcess, $sExecutable)
CloseHandle($hProcess)

$stupid_offset1 = 0x01DF5352
$stupid_offset2 = 0x4
$stupid_offset3 = 0x10
$stupid_offset4 = 0x50
$stupid_offset5 = 0x4
$stupid_offset6 = 0x2bd

$ID=_MemoryOpen(ProcessExists("FirefallClient.exe"))

if ($ID = 0 ) then
		$talk.Speak("Firefall Client not found, please start the game first!")
		_MemoryClose($ID)
		Exit
	EndIf
$talk.Speak("Rubysh's Firefall Autotrigger is now online, Checking pointers...")


$lol2 = _MemoryRead($lol+$stupid_offset1, $ID, "int[32]")
$lol3 = _MemoryRead($lol2+$stupid_offset2, $ID, "int[32]")
$lol4 = _MemoryRead($lol3+$stupid_offset3, $ID, "int[32]")
$lol5 = _MemoryRead($lol4+$stupid_offset4, $ID, "int[32]")
$lol6 = _MemoryRead($lol5+$stupid_offset5, $ID, "int[32]")
$fucking_address = _MemoryRead($lol6+$stupid_offset6, $ID, "BYTE")

$talk.Speak("All pointers found, the bot is ready, Have fun!")

$talk.Speak("Use the end button to close the bot while in the game, the bot will automaticly close it self if the client isn't running.")

autoshoot()

func autoshoot()
While 1
    $idcheck = ProcessExists("FirefallClient.exe")
	$fucking_address = _MemoryRead($lol6+$stupid_offset6, $ID, "BYTE")

	if ($fucking_address = 1 ) then
	MouseDown("left")

		While ($fucking_address = 1 )

   		$fucking_address = _MemoryRead($lol6+$stupid_offset6, $ID, "BYTE")
		Wend
	MouseUp("left")
	else
	sleep(1)
        endIf

	if ($idcheck = 0 ) then
		$talk.Speak("Firefall Client has been closed, The Autotrigger will now shutdown. Thank you for using Rauven's Firefall Autotrigger.")
		_MemoryClose($ID)
		Exit
	EndIf


Wend

endfunc


Func SeDebugPrivilege()
Local $iTokenIndex = 1
Local $Struct = DllStructCreate('DWORD;int')
Local $TOKEN_PRIVILEGES = DllStructCreate('DWORD;DWORD[' & (3 * 1) & ']')
DllStructSetData($TOKEN_PRIVILEGES, 1, 1)
While $iTokenIndex <= 1
  Local $bPrivilegeValue = DllCall('advapi32.dll', _
    'BOOL', 'LookupPrivilegeValue', _
    'str', '', _
    'str', 'SeDebugPrivilege', _ ;SE_DEBUG_NAME
    'ptr', DllStructGetPtr($Struct))
  If $bPrivilegeValue[0] Then
   DllStructSetData($TOKEN_PRIVILEGES, 2, 0x00000002, (3 * $iTokenIndex)) ;SE_PRIVILEGE_ENABLED
   DllStructSetData($TOKEN_PRIVILEGES, 2, DllStructGetData($Struct, 1), (3 * ($iTokenIndex - 1)) + 1)
   DllStructSetData($TOKEN_PRIVILEGES, 2, DllStructGetData($Struct, 2), (3 * ($iTokenIndex - 1)) + 2)
   DllStructSetData($Struct, 1, 0)
   DllStructSetData($Struct, 2, 0)
  EndIf
  $iTokenIndex += 1
WEnd
Local $hCurrentProcess = DllCall('kernel32.dll', _
   'HANDLE', 'GetCurrentProcess')
Local $hProcessToken = DllCall('advapi32.dll', _
   'BOOL', 'OpenProcessToken', _
   'HANDLE', $hCurrentProcess[0], _
   'DWORD', 0x00000020 + 0x00000008, _ ;TOKEN_ADJUST_PRIVILEGES + TOKEN_QUERY
   'HANDLE*', '')
Local $NEWTOKEN_PRIVILEGES = DllStructCreate('DWORD;DWORD[' & (3 * 1) & ']')
DllCall('advapi32.dll', _
   'BOOL', 'AdjustTokenPrivileges', _
   'HANDLE', $hProcessToken[3], _
   'BOOL', False, _
   'ptr', DllStructGetPtr($TOKEN_PRIVILEGES), _
   'DWORD', DllStructGetSize($NEWTOKEN_PRIVILEGES), _
   'ptr', '', _
   'DWORD*', '')
DllCall('kernel32.dll', _
   'BOOL', 'CloseHandle', _
   'HANDLE', $hProcessToken[3])
EndFunc
Func OpenProcess($iProcessID)
Local $hProcess = DllCall('kernel32.dll', _
   'HANDLE', 'OpenProcess', _
   'DWORD', 0x1F0FFF, _ ;DesiredAccess = PROCESS_ALL_ACCESS
   'BOOL', True, _ ;InheritHandle = True
   'DWORD', $iProcessID)
Return $hProcess[0]
EndFunc
Func ProcessModuleGetBaseAddress($hProcess, $sModuleName)
Local $ModulesMax = DllStructCreate('ptr[1024]')
Local $iProcessModules = DllCall('psapi.dll', _
   'BOOL', 'EnumProcessModules', _
   'HANDLE', $hProcess, _
   'ptr', DllStructGetPtr($ModulesMax), _
   'DWORD', DllStructGetSize($ModulesMax), _
   'DWORD*', '')
Local $sModuleBaseName
For $i = 1 To $iProcessModules[4] / 4
  $sModuleBaseName = DllCall('psapi.dll', _
    'DWORD', 'GetModuleBaseNameW', _
    'HANDLE', $hProcess, _
    'ptr', DllStructGetData($ModulesMax, 1, $i), _
    'wstr', '', _
    'DWORD', 256)
  If $sModuleBaseName[3] = $sModuleName Then Return DllStructGetData($ModulesMax, 1, $i)
Next
EndFunc
Func CloseHandle($hProcess)
Local $bResult = DllCall('kernel32.dll', _
   'BOOL', 'CloseHandle', _
   'HANDLE', $hProcess)
Return $bResult[0]
EndFunc
ty Rubyshdj
09/06/2012 22:57 Logtetsch#2
Just an example how to use offsets in AutoIT.

Code:
#RequireAdmin ; important
#include <Pointer.au3> ;or NomadMemory.au3..... You have to download it from the internet!

Global $PId = 0, $Handle = 0
Global const $Offsets[7] = [0, 0x01DF5352, 0x4, 0x10, 0x50, 0x4, 0x2bd]
Global const $Basepointer = _MemoryModuleGetBaseAddress ($PId, "ProcessName.exe") + 0x040000

While True
	$PId = ProcessExists ("ProcessName.exe")
	if $PId > 0 Then
		$Handle = _MemoryOpen ($PId)
		if IsArray ($Handle) Then
			_MemoryPointerWrite ($Basepointer, $Handle, $Offsets, "Value", "DWORD") ;Functions like "_MemoryPointerWrite, _MemoryWrite... are defined in the Pointer.au3 or NomadMemory.au3 file.
		EndIf
	EndIf
WEnd

;AutoIT is canceling all handles by closing the script
Here´s the function _MemoryModuleGetBaseAddress($PID, $Module) + 0x.....
Sorry if I misunderstood your problem, but I have no pleasure to read your text.
09/07/2012 00:37 lolkop#3
Quote:
Originally Posted by Logtetsch View Post
Just an example how to use offsets in AutoIT.

Sorry if I misunderstood your problem, but I have no pleasure to read your text.
he asked how to FIND "offsets"...

b2t:
reverse engineering isn't that easy... you'll need some basic asm knowledge and an understanding, of how highlevel language compilers are working.

once you've reached that point, you won't need to find "offsets", to build some kind of professional hacks =)
09/07/2012 22:56 EviLcLoWnS™#4
I know how to find offsets,just wondering if anyone has messed around with firefall. Too fix the trigger bot do you think im looking for pointer id's. Problem is mobs name only light up for a min then fades away.
09/09/2013 04:28 fire99966#5
If you ever manage to get this working, it would ROCK on firefall.

Looks like someone pulled it off.


Crack it! :D