well since there have been many questsions about this before, i'll give some example codes, of how to list mobs and select them, and how to list items and pick them up.
these functions are a great start for a bot =)
we'll start with the listing functions:
both functions will return arrays with informations about the listed stuff. these informations should be enough to build up a good item/mob filter.
now we have to use the select and pick function from the client, to select/pick the specified ids.
well i've written my own memory functions, and a function to turn integers into reversed hexstrings, usable for the cpu (needed in asm functions)
there's just one more thing to say. the item listing lists all normal items, plus the harvest stuff. the pickup function is only made to pickup normal items. there's another function in the client for harvest stuff, but i'm not realy able to use it yet :s
as soon as i'm able to use it, i'll post it here.
well for those of you who need an example of usage for my functions:
as you can see $kernel32, $pid, $mid, $base, $select_call and $pick_call ain't defined in my functions, so you have to do that or pre-define them as global constants, which is more efficient :P
these functions are a great start for a bot =)
we'll start with the listing functions:
Code:
Func GetNpcList() Local $array[1][8], $pointer, $npc_base, $counter $pointer = memread(memread(memread(memread(memread($base) + 0x1C) + 0x8) + 0x24) + 0x18) For $x=0 To 768 $npc_base = memread(memread($pointer + $x*0x4) + 0x4) If $npc_base<>0 Then ReDim $array[$counter+1][8] $array[$counter][0] = memread($npc_base, 'byte') ;NPC Type (NPC/MOB/PET) $array[$counter][1] = memread($npc_base + 0x11C) ;NPC ID $array[$counter][2] = memread(memread($npc_base + 0x254), 'wchar[30]') ;NPC Name $array[$counter][3] = memread($npc_base + 0x124) ;NPC Level $array[$counter][4] = memread($npc_base + 0x248) ;Special Info $array[$counter][5] = (memread($npc_base + 0x3C, 'float')+4000)/10 ;NPC x-position $array[$counter][6] = (memread($npc_base + 0x44, 'float')+5500)/10 ;NPC y-position $array[$counter][7] = memread($npc_base + 0x40, 'float')/10 ;NPC z-position $counter += 1 EndIf Next Return $array EndFunc Func GetItemList() Local $array[1][6], $pointer, $item_base, $counter $pointer = memread(memread(memread(memread(memread($base) + 0x1C) + 0x8) + 0x28) + 0x18) For $i=0 To 768 $item_base = memread(memread($pointer + $i*4) + 0x4) If $item_base<>0 Then ReDim $array[$counter+1][6] $array[$counter][0] = memread($item_base + 0x110) ;Item-SN $array[$counter][1] = memread($item_base + 0x10C) ;Item-ID $array[$counter][2] = memread(memread($item_base + 0x164), 'wchar[30]') ;Item-Name $array[$counter][3] = (memread($item_base + 0x3C, 'float')+4000)/10 ;Item x-position $array[$counter][4] = (memread($item_base + 0x44, 'float')+5500)/10 ;Item y-position $array[$counter][5] = memread($item_base + 0x40, 'float')/10 ;Item z-position $counter += 1 EndIf Next Return $array EndFunc Func GetPlayerList() Local $array[1][5], $pointer, $player_base, $counter $pointer = memread(memread(memread(memread(memread($base) + 0x1C) + 0x8) + 0x20) + 0x18) For $x=0 To 768 $player_base = memread(memread($pointer + $x*0x4) + 0x4) If $player_base<>0 Then ReDim $array[$counter+1][5] $array[$counter][0] = memread(memread($player_base + 0x610), 'wchar[30]') ;Name $array[$counter][1] = $class_info[memread($player_base + 0x618)] ;class $array[$counter][2] = (memread($player_base + 0x3C, 'float')+4000)/10 ;x $array[$counter][3] = (memread($player_base + 0x44, 'float')+5500)/10 ;y $array[$counter][4] = memread($player_base + 0x40, 'float')/10 ;z $counter += 1 EndIf Next Return $array EndFunc
now we have to use the select and pick function from the client, to select/pick the specified ids.
Code:
Func SelectMob($id)
Local $pRemoteThread, $vBuffer, $loop, $result, $OPcode
; --- save the position of the allocated memory ---
$pRemoteMem = DllCall($kernel32, 'int', 'VirtualAllocEx', 'int', $mid, 'ptr', 0, 'int', 0x46, 'int', 0x1000, 'int', 0x40)
; --- build up the asm code ---
; 0046061D A1 6C3E9F00 MOV EAX,DWORD PTR DS:[9F3E6C]
; 00460622 57 PUSH EDI <---- EDI Contains Mob-ID
; 00460623 8B48 20 MOV ECX,DWORD PTR DS:[EAX+20]
; 00460626 81C1 EC000000 ADD ECX,0EC
; 0046062C E8 8F961800 CALL elementc.005E9CC0
$OPcode &= '60' ; pushad
$OPcode &= 'A1'&_hex($base) ; mov eax, [base]
$OPcode &= '68'&_hex($id) ; push mob-id
$OPcode &= '8B4820' ; mov ecx, [eax+0x20]
$OPcode &= '81C1'&_hex(0xEC) ; add ecx, 0xEC
$OPcode &= 'E8'&_hex($select_call-$pRemoteMem[0]-5-StringLen($OPcode)/2) ; call select_call
$OPcode &= '61' ; popad
$OPcode &= 'C3' ; retn
; --- enter the asm code to to a dllstruct, which can be used with WriteProcessMemory ---
$vBuffer = DllStructCreate('byte[' & StringLen($OPcode) / 2 & ']')
For $loop = 1 To DllStructGetSize($vBuffer)
DllStructSetData($vBuffer, 1, Dec(StringMid($OPcode, ($loop - 1) * 2 + 1, 2)), $loop)
Next
; --- now letz write the code from our dllstruct ---
DllCall($kernel32, 'int', 'WriteProcessMemory', 'int', $mid, 'int', $pRemoteMem[0], 'int', DllStructGetPtr($vBuffer), 'int', DllStructGetSize($vBuffer), 'int', 0)
; --- now we run the asm code we've just written ---
$hRemoteThread = DllCall($kernel32, 'int', 'CreateRemoteThread', 'int', $mid, 'int', 0, 'int', 0, 'int', $pRemoteMem[0], 'ptr', 0, 'int', 0, 'int', 0)
; --- wait till the thread did his job ---
Do
$result = DllCall('kernel32.dll', 'int', 'WaitForSingleObject', 'int', $hRemoteThread[0], 'int', 50)
Until $result[0] <> 258
; --- close everything we've opened ---
DllCall($kernel32, 'int', 'CloseHandle', 'int', $hRemoteThread[0])
DllCall($kernel32, 'ptr', 'VirtualFreeEx', 'hwnd', $mid, 'int', $pRemoteMem[0], 'int', 0, 'int', 0x8000)
Return True
EndFunc
Func PickItem($sn, $id)
Local $pRemoteThread, $vBuffer, $loop, $result, $OPcode
; --- save the position of the allocated memory ---
$pRemoteMem = DllCall($kernel32, 'int', 'VirtualAllocEx', 'int', $mid, 'ptr', 0, 'int', 0x46, 'int', 0x1000, 'int', 0x40)
; --- build up the asm code ---
;~ 004707F8 |. 8B15 6C3E9F00 MOV EDX,DWORD PTR DS:[9F3E6C] ; edx <- [base]
;~ 004707FE |. 50 PUSH EAX ; /Item-SN
;~ 004707FF |. 51 PUSH ECX ; |Item- ID
;~ 00470800 |. 8B4A 20 MOV ECX,DWORD PTR DS:[EDX+20] ; |
;~ 00470803 |. 81C1 EC000000 ADD ECX,0EC ; |
;~ 00470809 |. E8 42941700 CALL elementc.005E9C50 ; \elementc.005E9C50
$OPcode &= '60' ; pushad
$OPcode &= '8B15'&_hex($base) ; mov edx, [base]
$OPcode &= '68'&_hex($sn) ; push item-sn
$OPcode &= '68'&_hex($id) ; push item-id
$OPcode &= '8B4A20' ; mov ecx, [edx+0x20]
$OPcode &= '81C1'&_hex(0xEC) ; add ecx, 0xEC
$OPcode &= 'E8'&_hex($pick_call-$pRemoteMem[0]-5-StringLen($OPcode)/2) ; call pick_call
$OPcode &= '61' ; popad
$OPcode &= 'C3' ; retn
; --- enter the asm code to to a dllstruct, which can be used with WriteProcessMemory ---
$vBuffer = DllStructCreate('byte[' & StringLen($OPcode) / 2 & ']')
For $loop = 1 To DllStructGetSize($vBuffer)
DllStructSetData($vBuffer, 1, Dec(StringMid($OPcode, ($loop - 1) * 2 + 1, 2)), $loop)
Next
; --- now letz write the code from our dllstruct ---
DllCall($kernel32, 'int', 'WriteProcessMemory', 'int', $mid, 'int', $pRemoteMem[0], 'int', DllStructGetPtr($vBuffer), 'int', DllStructGetSize($vBuffer), 'int', 0)
; --- now we run the asm code we've just written ---
$hRemoteThread = DllCall($kernel32, 'int', 'CreateRemoteThread', 'int', $mid, 'int', 0, 'int', 0, 'int', $pRemoteMem[0], 'ptr', 0, 'int', 0, 'int', 0)
; --- wait till the thread did his job ---
Do
$result = DllCall('kernel32.dll', 'int', 'WaitForSingleObject', 'int', $hRemoteThread[0], 'int', 50)
Until $result[0] <> 258
; --- close everything we've opened ---
DllCall($kernel32, 'int', 'CloseHandle', 'int', $hRemoteThread[0])
DllCall($kernel32, 'ptr', 'VirtualFreeEx', 'hwnd', $mid, 'int', $pRemoteMem[0], 'int', 0, 'int', 0x8000)
Return True
EndFunc
Code:
Func memopen($pid)
Local $mid = DllCall($kernel32, 'int', 'OpenProcess', 'int', 0x1F0FFF, 'int', 1, 'int', $pid)
Return $mid[0]
EndFunc
Func memread($adress, $type = 'dword')
Local $struct = DllStructCreate($type)
DllCall($kernel32, 'int', 'ReadProcessMemory', 'int', $mid, 'int', $adress, 'ptr', DllStructGetPtr($struct), 'int', DllStructGetSize($struct), 'int', '')
Return DllStructGetData($struct, 1)
EndFunc
Func memclose($mid)
DllCall($kernel32, 'int', 'CloseHandle', 'int', $mid)
EndFunc
Func _hex($Value)
Local $tmp1, $tmp2, $i
$tmp1 = StringRight("0000000" & Hex($Value), 8)
For $i = 0 To StringLen($tmp1) / 2 - 1
$tmp2 = $tmp2 & StringMid($tmp1, StringLen($tmp1) - 1 - 2 * $i, 2)
Next
Return $tmp2
EndFunc
as soon as i'm able to use it, i'll post it here.
well for those of you who need an example of usage for my functions:
Code:
#include <array.au3>
Global $kernel32 = DllOpen('kernel32.dll')
Global Const $base = 0x9F3E6C, $select_call = 0x5E9CC0, $pick_call = 0x5E9C50
Global $class_info[8] = ['Blademaster', 'Wizzard', 'Psychic', 'Venomancer', 'Barbarian', 'Assassin', 'Archer', 'Cleric']
Global $special_info[10] = ['None', 'Increased Movement', 'Unknown Special', 'Increased Defence', 'Increased Mag Resistance', 'Increased Attack', 'Increased Magical Attack', 'Sacrificial Assault', 'Increased Life', 'Weak']
Global $pid = ProcessExists('elementclient.exe')
Global $mid = memopen($pid)
$npcs = GetNpcList()
_ArrayDisplay($npcs)
$items = GetItemList()
_ArrayDisplay($items)
$players = GetPlayerList()
_ArrayDisplay($players)
memclose($mid)
DllClose($kernel32)