|
You last visited: Today at 22:02
Advertisement
Finding offsets for triggerbot
Discussion on Finding offsets for triggerbot within the AutoIt forum part of the Coders Den category.
09/05/2012, 22:41
|
#1
|
elite*gold: 20 
Join Date: Nov 2006
Posts: 1,073
Received Thanks: 440
|
Finding offsets for triggerbot
No discussing game automation or cheating(I have to say that autoit forums are so lame, i used to go there all the time). Now they cant help anyone lol?...
Well okay so i was wondering someone poster a triggerbot for firefall, and its all good, so they patched and now it wont work. Im not very exp in autoit, but can figure most things out pretty easy.
Wondering how to find the offsets in firefall here:
Quote:
SeDebugPrivilege()
$sExecutable = 'FirefallClient.exe'
$hProcess = OpenProcess(ProcessExists($sExecutable))
$lol = ProcessModuleGetBaseAddress($hProcess, $sExecutable)
CloseHandle($hProcess)
$stupid_offset1 = 0x01DF5352
$stupid_offset2 = 0x4
$stupid_offset3 = 0x10
$stupid_offset4 = 0x50
$stupid_offset5 = 0x4
$stupid_offset6 = 0x2bd
$ID=_MemoryOpen(ProcessExists("FirefallClient.exe" ))
|
IM wondering how to find them, Firefall i cant really arrow click on things, So finding the mob isent that easy, Name only pop up for a min.
full script
Code:
#include <NomadMemory.au3>
#include <GUIConstants.au3>
#include <Misc.au3>
#include <Array.au3>
$talk = ObjCreate("SAPI.SpVoice")
HotKeySet('{ESC}','_exit')
HotKeySet('{PAUSE}','pause')
HotKeySet('{HOME}','play')
SeDebugPrivilege()
$sExecutable = 'FirefallClient.exe'
$hProcess = OpenProcess(ProcessExists($sExecutable))
$lol = ProcessModuleGetBaseAddress($hProcess, $sExecutable)
CloseHandle($hProcess)
$stupid_offset1 = 0x01DF5352
$stupid_offset2 = 0x4
$stupid_offset3 = 0x10
$stupid_offset4 = 0x50
$stupid_offset5 = 0x4
$stupid_offset6 = 0x2bd
$ID=_MemoryOpen(ProcessExists("FirefallClient.exe"))
if ($ID = 0 ) then
$talk.Speak("Firefall Client not found, please start the game first!")
_MemoryClose($ID)
Exit
EndIf
$talk.Speak("Rubysh's Firefall Autotrigger is now online, Checking pointers...")
$lol2 = _MemoryRead($lol+$stupid_offset1, $ID, "int[32]")
$lol3 = _MemoryRead($lol2+$stupid_offset2, $ID, "int[32]")
$lol4 = _MemoryRead($lol3+$stupid_offset3, $ID, "int[32]")
$lol5 = _MemoryRead($lol4+$stupid_offset4, $ID, "int[32]")
$lol6 = _MemoryRead($lol5+$stupid_offset5, $ID, "int[32]")
$fucking_address = _MemoryRead($lol6+$stupid_offset6, $ID, "BYTE")
$talk.Speak("All pointers found, the bot is ready, Have fun!")
$talk.Speak("Use the end button to close the bot while in the game, the bot will automaticly close it self if the client isn't running.")
autoshoot()
func autoshoot()
While 1
$idcheck = ProcessExists("FirefallClient.exe")
$fucking_address = _MemoryRead($lol6+$stupid_offset6, $ID, "BYTE")
if ($fucking_address = 1 ) then
MouseDown("left")
While ($fucking_address = 1 )
$fucking_address = _MemoryRead($lol6+$stupid_offset6, $ID, "BYTE")
Wend
MouseUp("left")
else
sleep(1)
endIf
if ($idcheck = 0 ) then
$talk.Speak("Firefall Client has been closed, The Autotrigger will now shutdown. Thank you for using Rauven's Firefall Autotrigger.")
_MemoryClose($ID)
Exit
EndIf
Wend
endfunc
Func SeDebugPrivilege()
Local $iTokenIndex = 1
Local $Struct = DllStructCreate('DWORD;int')
Local $TOKEN_PRIVILEGES = DllStructCreate('DWORD;DWORD[' & (3 * 1) & ']')
DllStructSetData($TOKEN_PRIVILEGES, 1, 1)
While $iTokenIndex <= 1
Local $bPrivilegeValue = DllCall('advapi32.dll', _
'BOOL', 'LookupPrivilegeValue', _
'str', '', _
'str', 'SeDebugPrivilege', _ ;SE_DEBUG_NAME
'ptr', DllStructGetPtr($Struct))
If $bPrivilegeValue[0] Then
DllStructSetData($TOKEN_PRIVILEGES, 2, 0x00000002, (3 * $iTokenIndex)) ;SE_PRIVILEGE_ENABLED
DllStructSetData($TOKEN_PRIVILEGES, 2, DllStructGetData($Struct, 1), (3 * ($iTokenIndex - 1)) + 1)
DllStructSetData($TOKEN_PRIVILEGES, 2, DllStructGetData($Struct, 2), (3 * ($iTokenIndex - 1)) + 2)
DllStructSetData($Struct, 1, 0)
DllStructSetData($Struct, 2, 0)
EndIf
$iTokenIndex += 1
WEnd
Local $hCurrentProcess = DllCall('kernel32.dll', _
'HANDLE', 'GetCurrentProcess')
Local $hProcessToken = DllCall('advapi32.dll', _
'BOOL', 'OpenProcessToken', _
'HANDLE', $hCurrentProcess[0], _
'DWORD', 0x00000020 + 0x00000008, _ ;TOKEN_ADJUST_PRIVILEGES + TOKEN_QUERY
'HANDLE*', '')
Local $NEWTOKEN_PRIVILEGES = DllStructCreate('DWORD;DWORD[' & (3 * 1) & ']')
DllCall('advapi32.dll', _
'BOOL', 'AdjustTokenPrivileges', _
'HANDLE', $hProcessToken[3], _
'BOOL', False, _
'ptr', DllStructGetPtr($TOKEN_PRIVILEGES), _
'DWORD', DllStructGetSize($NEWTOKEN_PRIVILEGES), _
'ptr', '', _
'DWORD*', '')
DllCall('kernel32.dll', _
'BOOL', 'CloseHandle', _
'HANDLE', $hProcessToken[3])
EndFunc
Func OpenProcess($iProcessID)
Local $hProcess = DllCall('kernel32.dll', _
'HANDLE', 'OpenProcess', _
'DWORD', 0x1F0FFF, _ ;DesiredAccess = PROCESS_ALL_ACCESS
'BOOL', True, _ ;InheritHandle = True
'DWORD', $iProcessID)
Return $hProcess[0]
EndFunc
Func ProcessModuleGetBaseAddress($hProcess, $sModuleName)
Local $ModulesMax = DllStructCreate('ptr[1024]')
Local $iProcessModules = DllCall('psapi.dll', _
'BOOL', 'EnumProcessModules', _
'HANDLE', $hProcess, _
'ptr', DllStructGetPtr($ModulesMax), _
'DWORD', DllStructGetSize($ModulesMax), _
'DWORD*', '')
Local $sModuleBaseName
For $i = 1 To $iProcessModules[4] / 4
$sModuleBaseName = DllCall('psapi.dll', _
'DWORD', 'GetModuleBaseNameW', _
'HANDLE', $hProcess, _
'ptr', DllStructGetData($ModulesMax, 1, $i), _
'wstr', '', _
'DWORD', 256)
If $sModuleBaseName[3] = $sModuleName Then Return DllStructGetData($ModulesMax, 1, $i)
Next
EndFunc
Func CloseHandle($hProcess)
Local $bResult = DllCall('kernel32.dll', _
'BOOL', 'CloseHandle', _
'HANDLE', $hProcess)
Return $bResult[0]
EndFunc
ty Rubyshdj
|
|
|
|
09/06/2012, 22:57
|
#2
|
elite*gold: 192
Join Date: May 2009
Posts: 2,227
Received Thanks: 3,262
|
Just an example how to use offsets in AutoIT.
Code:
#RequireAdmin ; important
#include <Pointer.au3> ;or NomadMemory.au3..... You have to download it from the internet!
Global $PId = 0, $Handle = 0
Global const $Offsets[7] = [0, 0x01DF5352, 0x4, 0x10, 0x50, 0x4, 0x2bd]
Global const $Basepointer = _MemoryModuleGetBaseAddress ($PId, "ProcessName.exe") + 0x040000
While True
$PId = ProcessExists ("ProcessName.exe")
if $PId > 0 Then
$Handle = _MemoryOpen ($PId)
if IsArray ($Handle) Then
_MemoryPointerWrite ($Basepointer, $Handle, $Offsets, "Value", "DWORD") ;Functions like "_MemoryPointerWrite, _MemoryWrite... are defined in the Pointer.au3 or NomadMemory.au3 file.
EndIf
EndIf
WEnd
;AutoIT is canceling all handles by closing the script
Here´s the function _MemoryModuleGetBaseAddress($PID, $Module) + 0x.....
Code:
Func _MemoryModuleGetBaseAddress($iPID, $sModule)
If Not ProcessExists($iPID) Then Return SetError(1, 0, 0)
If Not IsString($sModule) Then Return SetError(2, 0, 0)
Local $PSAPI = DllOpen("psapi.dll")
;Get Process Handle
Local $hProcess
Local $PERMISSION = BitOR(0x0002, 0x0400, 0x0008, 0x0010, 0x0020) ; CREATE_THREAD, QUERY_INFORMATION, VM_OPERATION, VM_READ, VM_WRITE
If $iPID > 0 Then
Local $hProcess = DllCall("kernel32.dll", "ptr", "OpenProcess", "dword", $PERMISSION, "int", 0, "dword", $iPID)
If $hProcess[0] Then
$hProcess = $hProcess[0]
EndIf
EndIf
;EnumProcessModules
Local $Modules = DllStructCreate("ptr[1024]")
Local $aCall = DllCall($PSAPI, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($Modules), "dword", DllStructGetSize($Modules), "dword*", 0)
If $aCall[4] > 0 Then
Local $iModnum = $aCall[4] / 4
Local $aTemp
For $i = 1 To $iModnum
$aTemp = DllCall($PSAPI, "dword", "GetModuleBaseNameW", "ptr", $hProcess, "ptr", Ptr(DllStructGetData($Modules, 1, $i)), "wstr", "", "dword", 260)
If $aTemp[3] = $sModule Then
DllClose($PSAPI)
Return Ptr(DllStructGetData($Modules, 1, $i))
EndIf
Next
EndIf
DllClose($PSAPI)
Return SetError(-1, 0, 0)
EndFunc
Sorry if I misunderstood your problem, but I have no pleasure to read your text.
|
|
|
|
|
09/07/2012, 00:37
|
#3
|
elite*gold: 280
Join Date: May 2007
Posts: 2,818
Received Thanks: 3,483
|
Quote:
Originally Posted by Logtetsch
Just an example how to use offsets in AutoIT.
Sorry if I misunderstood your problem, but I have no pleasure to read your text.
|
he asked how to FIND "offsets"...
b2t:
reverse engineering isn't that easy... you'll need some basic asm knowledge and an understanding, of how highlevel language compilers are working.
once you've reached that point, you won't need to find "offsets", to build some kind of professional hacks =)
|
|
|
|
|
09/07/2012, 22:56
|
#4
|
elite*gold: 20
Join Date: Nov 2006
Posts: 1,073
Received Thanks: 440
|
I know how to find offsets,just wondering if anyone has messed around with firefall. Too fix the trigger bot do you think im looking for pointer id's. Problem is mobs name only light up for a min then fades away.
|
|
|
|
|
09/09/2013, 04:28
|
#5
|
elite*gold: 0
Join Date: Jan 2010
Posts: 5
Received Thanks: 0
|
If you ever manage to get this working, it would ROCK on firefall.
Looks like someone pulled it off.
Crack it! 
|
|
|
|
 |
Similar Threads
|
Finding Offsets for FFXIV (or any MMO)
08/14/2012 - Final Fantasy XIV - 2 Replies
Here is a video showing how to find the offsets for FFXIV.
I assume some knowledge of Cheat Engine but you should be able to copy what I am doing to update offsets until 2.0 (or find new ones for your own programs).
http://youtu.be/lhAtFkaWDHQ
Ask any questions you have (about the video). If I can I will answer them.
Please give Thanks so I can feel good about myself :P
|
Finding offsets for 1.4.4 clients?
12/01/2011 - Perfect World - 3 Replies
Could anyone tell me how to do it?
Is there a program for it to easily find it ?
I'm playing a privatge server with the new content but it's at 1.4.4 so all the bots with the latest PWI offsets wont work for it.
Tried using MHS Offset retriever but it doesn't work for some reason (Prophet bot still can';t find character info).
Any help would be appreciated!
|
Finding offsets?
12/04/2009 - CO2 Programming - 2 Replies
Btw trying to make an aimbot :P just throwing that out there
EDIT: This is what iv'e found so far,am I on the right track? this is for a v5165 private server that I own,When I was jumping around on one of my chars,around another character of mine that had the proccess on her client,these are the addresses that came up,eventually I got down to the last x and last y address,and every jump they were right,but the question is am I doing this right
Heres what I found:
01175390 - proper x...
|
mr argus, finding offsets.
02/14/2008 - Final Fantasy XI - 0 Replies
Well, I have been reading the tutorial on how to find them, and all was going well, until i ran into a snag. After following the instructions about 30 times over and over again, and banging my head into my desk a couple times, I decided I needed help from people who already know how to find them. I have searched all around and cant find any other tutorials except for the single one on how to find ownposition. Is there any chance someone could make a video tutorial on how to get all the offsets?...
|
Finding Memory Offsets in WoW?
07/12/2007 - World of Warcraft - 3 Replies
Hey people,
i make bots, and so far i had some guy finding the offsets for me. how to do? do u know?
|
All times are GMT +1. The time now is 22:02.
|
|
