Sending Packets

Page 1 of 29 1 2311 Last »
09/12/2010 19:18 Interest07#1
As per Smurfin's request:

reposting of what I posted in the Prophet's bot thread.

some example of functions you could use with sending packets (AutoIt code, see link below for C#):


The following regular expression should get you the base address for the partyInvCounter

The value you are looking for in the accept party invite is then:
PHP Code:
$partyInviteCounter readMemory(invCounterBase+0x14
Find skillIds here:
[Only registered and activated users can see links. Click Here To Register...]

If you need to find the address for the sendPacket function you can use the offset retriever included in this [Only registered and activated users can see links. Click Here To Register...]

some stuff on sending movement packets [Only registered and activated users can see links. Click Here To Register...]

For an example of code in C# look [Only registered and activated users can see links. Click Here To Register...]

In some cases it might be preferable to use actionStructs instead of packets, [Only registered and activated users can see links. Click Here To Register...]'s the example code in C# you could use.
09/12/2010 21:33 Smurfin#2
just got IDA Pro installed, I'm totally blind with it lol, could you pls explain the first steps before searching this (void *Src, size_t Size)
cmiiw :
1. run IDA Pro
2. drag elementclient.exe
3. choose portable executable for 80386 [PE] , then click ok without messing other things.
4. fill (void *Src, size_t Size) in text search

but the result is far too different compared to your screenshot, dunno what I did wrong, please advise.


Here is how mine looks like :

should I go to sub_5D9C80 before searching ? but couldn't find the same hex, closest I can find is sub_5D9CB0 , it's a B not eight.
09/12/2010 23:41 lolkop#3
finding the function isn't realy hard, since it gets called when ever you move.
here's how it looks like in pwi:

so letz build a script in autoit to make our script get the adress for us...
all we have to do is replace the variable call and jump adresses by placeholders and run regexp funcs to get the adresses.

when we're done our script looks like this:

Edit:
btw Interest07 you should make autoit caluculate the packet size.
and beside that static stuff should allways stay written in the client. if you keep on redoing the same stuff over and over again, you're just wasting cpu and memory.
09/13/2010 03:28 Smurfin#4
woot! it works, thanks a lot lolkop, saves me the trouble doing something hard and spare Interest07 from explaining the how :D

the sendpacket works great, tried some of the packet collection there and each one is done exactly like what the function said.

the dropgold doesn't work for me though, or maybe I used it wrong, I put it like this :
dropgold(1,$pid)

but it gives me this error :
Code:
>"C:\Program Files\AutoIt3\SciTE\..\autoit3.exe" /ErrorStdOut "G:\AutoIT\Smurfit 1.7 PJ\sendpacket.au3"    
G:\AutoIT\Smurfit 1.7 PJ\sendpacket.au3 (183) : ==> Variable used without being declared.:
$packet &= _hex($invIndex)
$packet &= _hex(^ ERROR
>Exit code: 1    Time: 0.309
not that I'll be using dropGold much lol, I prefer picking it :p, just curious
09/13/2010 03:44 Interest07#5
oops, little error in that function Smurfin, it should say $amount, not $invIndex.

I edited it in the first post now :p

@lolkop, i know I can just calculate the size of the packet, but I like it better this way (not sure why, just gives me a more complete view of the different packets to me I guess). What static stuff are you referring to?
09/13/2010 04:17 Smurfin#6
tks, done changing and now it works, tried using it to drop 1 gold per x millisecond and it leaves gold trails when walk :D

is SkillId the same for every server ? do you have the list for cleric ?
09/13/2010 04:45 Interest07#7
lol funny gold thing :D

and for PW MS the skill Ids are as follows:
Code:
11  "Metal Element Mastery"

15  "Chromatic Healing Beam"

16  "Extremity Recovery Array"
 
17  "Five Element Hierogram"
 
18  "Resurrection"

19  "Plume Barrier"

113  "Pure Heart Spell"

114  "Whisht Heart Spell"

115  "Sapience Pour"

116  "River of Rejuvenation"

117  "Five Corporeity Hierogram"

118  "Five Tone Hierogram"

119  "Five Hue Hierogram"

120  "Solid Shell Hierogram"

121  "Aegis’s Spirit"

122  "Rimption Soul Exaltation"

123  "Heaven’s Array"

124  "Divine Weapons"

125  "Plume Quill"

126  "Feather Razors"

127  "Great Cyclone"

128  "Thunder Sphere"

129  "Hurricane Blast"

130  "Galactic Storm"

163  "Thunder Wield"

189  "Purify Spell"

190  "Flying Mastery"

191  "Spirit Gather Hierogram"

192  "Celestial Guard Hierogram"

193  "Nimbus-Aid Hierogram" 

194  "Grand Protector"

232  "Fury Burst"

233  "Advanced Fury Burst"

372  "Ether Fury Burst"

373  "Dark Fury Burst"

542  "Holy-Pure Heart Spell"

543  "Dark-Pure Heart Spell"

544  "Holy-Whisht Heart Spell"

545  "Dark-Whisht Heart Spell"

546  "Holy-Sapience Pour"

547  "Dark-Sapience Pour"

548  "Holy-Resurrection"

549  "Dark-Resurrection"

550  "Holy-Purify Spell"

551  "Dark-Purify Spell"

552  "Holy-Chromatic Healing Beam"

553  "Dark-Chromatic Healing Beam"

554  "Holy-River of Rejuvenation"

555  "Dark-River of Rejuvenation"

556  "Holy-Five Element Hierogram"

557  "Dark-Five Element Hierogram"

558  "Holy-Five Corporeity Hierogram"

559  "Dark-Five Corporeity Hierogram"

560  "Holy-Five Tone Hierogram"

561  "Dark-Five Tone Hierogram"

562  "Holy-Five Hue Hierogram"

563  "Dark-Five Hue Hierogram"

564  "Holy-Solid Shell Hierogram"

565  "Dark-Solid Shell Hierogram"

566  "Holy-Spirit Gather Hierogram"

567  "Dark-Spirit Gather Hierogram"

568  "Holy-Celestial Guard Hierogram"

569  "Dark-Celestial Guard Hierogram"

570  "Holy-Nimbus-Aid Hierogram"

571  "Dark-Nimbus-Aid Hierogram"

572  "Holy-Plume Quill"

573  "Dark-Plume Quill"

574  "Holy-Plume Barrier"

575  "Dark-Plume Barrier"

576  "Holy-Feather Razors"

577  "Dark-Feather Razors"

578  "Holy-Great Cyclone"

579  "Dark-Great Cyclone"

580  "Holy-Thunder Sphere"

581  "Dark-Thunder Sphere"

582  "Holy-Hurricane Blast"

583  "Dark-Hurricane Blast"

584  "Holy-Thunder Wield"

585  "Holy-Galactic Storm"

586  "Dark-Thunder Wield"

587  "Dark-Galactic Storm"

588  "Holy-Metal Element Mastery"

919  "Protective Divinity Light"

920  "Wings of Protection"

921  "Wind Elf"

922  "God's Seal"

933  "Wind Elf"

934  "God's Seal"
09/13/2010 16:15 lolkop#8
Quote:
Originally Posted by Interest07 View Post
@lolkop, i know I can just calculate the size of the packet, but I like it better this way (not sure why, just gives me a more complete view of the different packets to me I guess). What static stuff are you referring to?
everything thats not needing any parameters is static.

simply store the code to push in the memory. there's no need to delete it right after using it and rewrite it some secs later...
09/14/2010 12:16 Smurfin#9
what tools do you use to get packets ? is it wpepro ?
can we intercept packets and tamper with it before send it back to the game ?

I remember ever done it using wpe pro on other game, putting 1million gold to storage/inventory bank then withdraw 100k, the server will send packet contain a value of 100.000 [in hex i think] , then wpepro will search that value in the packet and alter it then send it back to the game, but I was disconnected. Tried it on PW long time ago when I play on pw my en, but I forgot the result, it just didn't work.

I wonder if we can use it like that, record a succesful refine equipment packet, then replace whatever incoming packet with the recorded succesful refine packet for the next refines, is it doable ?
09/14/2010 13:57 Interest07#10
The packets are encrypted before sent to the server as far as I know, so WPE pro won't help. I view the packets by settings a breakpoint at the sendPacket function (so before encryption) using MHS and displaying whats in the stack. YOu can automatically edit the packets here if you wish, but the above methods shouldn't be possible though, as you send a packet to the server saying "Please refine this n that item" instead of "I refined this item, update it please"
09/14/2010 16:43 vuduy#11
Good to see someone finally gets it right. Although you need to steer away from AutoIt; that is just a CPU killer.
09/14/2010 16:47 Smurfin#12
@Interest07 :
ohh I see :D, thought it was that simple.
btw have you ever found anything related to refining equips, like the formula of how the game decide the success rate, do they put like a 100% fail rate randomly too :( ?



hi vuduy, what other language do you suggest ? the easiest one for beginner.
09/14/2010 17:03 vuduy#13
C# is the easiest/quickest to use and program anything.

Like you, I started with AutoIt 5-6 years ago, then I switched to coding in C++/.NET which is alright, then on to C# which I find so easy and fast to make a program.

Of course, everything is self-learn. If you can learn AutoIt on your own then you will be able to learn C# easily, and you will find that whatever things you do in AutoIt, you can do it in C# with fewer lines and a lot faster.

Did I mention that you will cut CPU usage down by at least 50%?
09/14/2010 17:19 Smurfin#14
thanks for the info, I'll look into it later.

I agree autoit seems like using too much resources, the tool I made uses like from 0 to 24% CPU usage randomly at times on a quadcore x3350, could be because of my noobness in making it though :p, but still kinda surprising coz when I look in task manager sometimes it's just on top and even beat elementclient.exe itself lol
09/14/2010 18:00 lolkop#15
Quote:
Originally Posted by vuduy View Post
Did I mention that you will cut CPU usage down by at least 50%?
Epic Fail!
code efficience is not language related!

Quote:
Originally Posted by vuduy View Post
If you can learn AutoIt on your own then you will be able to learn C# easily, and you will find that whatever things you do in AutoIt, you can do it in C# with fewer lines and a lot faster.
you won't be able to do anything in less lines than it could be done in autoit.
Page 1 of 29 1 2311 Last »