PWI Elysium Changes

Page 1 of 6

04/14/2016 21:07 jasty#1

I had a request for my offsets. Sorry for them being messy:

EDIT: updated offsets to v938.. was v936

04/14/2016 23:38 Stark77#2

are u still playing PWI?

cos those seem totally different from those i got.

starting with the baseAddress i got "0xE5B2E4"

04/15/2016 09:53 Kruger2001#3

my login offsets:

LoginPing = E5B2E4 + 228 + 6e4 + 6f4 + 4b0 + b0
Forcelog = E5B2E4 + 24c + 7c4 + 1e8 + 7e4 + 268
Charchoose = E5B2E4 + 0x1c|0x18|0x8|0xc4|0x124|0x34|0xA44 ;@LoginScreen = 4294967295
ConnectCheckAddress = e72c40

for those who need it:

KillClient(p)
{
DllCall("EndTask", Ptr , WinExist("ahk_pid" p), UInt, false, UInt, true) ;force
}

GetInternetConnectedState()
{
Return DllCall("Wininet.dll\InternetGetConnectedState", Str,0x43, Int,0 )
}

04/15/2016 16:28 Stark77#4

my current offset list (not everything tested so far):

Spoiler

instance ID:
0x00E5BA8C|0x1C|0x94

party member ID: i=0 to 9
0x1C|0x18|0x8|0xC4|0x3F0+0x4*i|0xF4

server ping login:
0x1C|0x18|0x8|0xC4|0xDC|0x24C|0x168|0xB0

select first (0) server in list:
writeOffsetChain(0,"0x1C|0x18|0x8|0xC4|0xDC|0xE8|0 x13C")

npc quest ID list:
0x1C|0x18|0x8|0xC4|0x2E0|0x24C|0x168| + i*0x800 + 0x1F0

biggest issue:
the movement without autopath isnt working anymore for me:
the "OFFSET_ACTIONBASE" is 0x1500 i can confirm this but maybe the ADDRESS_ACTION1-3 arent correct. any ideas?

04/15/2016 19:34 Kruger2001#5

I have found the same:

004C87E0
004CECD0
004C8DD0
004BE060

someone tell me there were added 2 new action, pickall and a new teleport, maybe therefore?

04/15/2016 20:13 Stark77#6

i am facing another problem aswell:
after starting the game i cannot press ESC to close the server list.
i need to activate the list with a mouse click first... so the offset chain to choose the server is also not helping cos this is sadly not activating it.

:confused: i hate updates

04/16/2016 18:17 jasty#7

Weird my addresses working fine for me... we have different .exe?
Maybe something screwy happened with their patch server.

My md5 of elementclient.exe is 9EADB26BA063481D63806C3A7F1DA5EA
[Only registered and activated users can see links. Click Here To Register...]

04/16/2016 19:02 Kruger2001#8

after the second update 938:

3CED21979A0FE8FEC6AA9624C8B6B676

04/16/2016 19:09 jasty#9

Ahh ok.. my game was still on 936. You used to not be able to connect if your game version was different than the server but I guess they broke that. Ill update my offsets.

For those having issue with gather make sure you are injecting the new PlayerStruct offset into the code. This is what my gather func looks like

Code:

Func GatherItem($ITEM_UNIQUE_ID, $ACTION_TYPE=0) ;UID + 0 for pick, 1 for dig

	;Construct the OpCode for calling the 'GatherItem' function
	$OPcode = "60"                   			;60             PUSHAD
	$OPcode &= "B9" & _Hex($ADDRESS_BASE)       ;B9 00000000    MOV ECX,#Baseadr
	$OPcode &= "8B09"            				;8B09           MOV ECX,DWORD PTR DS:[ECX]
	$OPcode &= "8B491C"          				;8B49 1C        MOV ECX,DWORD PTR DS:[ECX+1C]
	$OPcode &= "8B49" & _Hex($Player_Offset, 2) ;8B49 28        MOV ECX,DWORD PTR DS:[ECX+28]
	$OPcode &= "68" & _Hex($ACTION_TYPE)	    ;68 00000000    PUSH $ACTION_TYPE 0=Pick 1=Dig
	$OPcode &= "68" & _Hex($ITEM_UNIQUE_ID)     ;68 00000000    PUSH $ITEM_UNIQUE_ID
	$OPcode &= "BB" & _Hex($ADDRESS_GATHER)     ;BB 00000000    MOV EBX, $ADDRESS_GATHER
	$OPcode &= "FFD3"            				;FFD3           CALL EBX
	$OPcode &= "61"              				;61             POPAD
	$OPcode &= "C3"              				;C3             RETN

	InjectCode($OPcode)
 EndFunc

$Player_Offset was changed from 28 to 34

04/16/2016 20:41 Craz1nf#10

thank-you jasty, this was driving me nuts / nice easy fix :D

04/16/2016 20:56 Kruger2001#11

any way to skip the server choose? simulate mouse click is not a good way and interferes with more than one client, if you go back to the server choose, skip works with ESC.

I found the function of load current server at 007DE0C0, I'm not sure whether the buttons for Select and Cancel are inside, I do not think so. But when I find them, it is possible to inject the code with injectCode(func, p)?

04/20/2016 18:54 Kruger2001#12

Offsets v.940

global realBaseAddress := 0xE5B2A4
global SendPacketAddress := 0x81F130
global AutoPathAddress := 0x4592F0
global ADDRESS_GATHER := 0x4BDE00
global ADDRESS_ACTION1 := 0x4C8480
global ADDRESS_ACTION2 := 0x4CE970
global ADDRESS_ACTION3 := 0x4C8A70
Global $ADDRESS_CASTSKILL = 0x4B5E70
Global $ADDRESS_REGATTACK = 0x4BDCC0
Global $ADDRESS_FOLLOW= 0x70B360

global playerBattlemodeOffset := 0x7A0

04/20/2016 21:29 jasty#13

It's pretty weird for the .exe to be changed so frequently... might have to start calculating the offsets dynamically.

04/24/2016 04:44 oroche#14

Jasty, Offsets v.940 please ^^

04/25/2016 02:53 Stark77#15

Kruger posted them already... nothing else but instance_offset (0x4620A8) changed i think

Page 1 of 6

Last »