Finding offsets for triggerbot

[EviLcLoWnS™]

No discussing game automation or cheating(I have to say that autoit forums are so lame, i used to go there all the time). Now they cant help anyone lol?...

Well okay so i was wondering someone poster a triggerbot for firefall, and its all good, so they patched and now it wont work. Im not very exp in autoit, but can figure most things out pretty easy.

Wondering how to find the offsets in firefall here:

Quote:

SeDebugPrivilege()
$sExecutable = 'FirefallClient.exe'
$hProcess = OpenProcess(ProcessExists($sExecutable))
$lol = ProcessModuleGetBaseAddress($hProcess, $sExecutable)
CloseHandle($hProcess)

$stupid_offset1 = 0x01DF5352
$stupid_offset2 = 0x4
$stupid_offset3 = 0x10
$stupid_offset4 = 0x50
$stupid_offset5 = 0x4
$stupid_offset6 = 0x2bd

$ID=_MemoryOpen(ProcessExists("FirefallClient.exe" ))

IM wondering how to find them, Firefall i cant really arrow click on things, So finding the mob isent that easy, Name only pop up for a min.


full script

Code:

   #include <NomadMemory.au3>
   #include <GUIConstants.au3>
   #include <Misc.au3>
   #include <Array.au3>

   $talk = ObjCreate("SAPI.SpVoice")

HotKeySet('{ESC}','_exit')
HotKeySet('{PAUSE}','pause')
HotKeySet('{HOME}','play')

SeDebugPrivilege()
$sExecutable = 'FirefallClient.exe'
$hProcess = OpenProcess(ProcessExists($sExecutable))
$lol = ProcessModuleGetBaseAddress($hProcess, $sExecutable)
CloseHandle($hProcess)

$stupid_offset1 = 0x01DF5352
$stupid_offset2 = 0x4
$stupid_offset3 = 0x10
$stupid_offset4 = 0x50
$stupid_offset5 = 0x4
$stupid_offset6 = 0x2bd

$ID=_MemoryOpen(ProcessExists("FirefallClient.exe"))

if ($ID = 0 ) then
		$talk.Speak("Firefall Client not found, please start the game first!")
		_MemoryClose($ID)
		Exit
	EndIf
$talk.Speak("Rubysh's Firefall Autotrigger is now online, Checking pointers...")


$lol2 = _MemoryRead($lol+$stupid_offset1, $ID, "int[32]")
$lol3 = _MemoryRead($lol2+$stupid_offset2, $ID, "int[32]")
$lol4 = _MemoryRead($lol3+$stupid_offset3, $ID, "int[32]")
$lol5 = _MemoryRead($lol4+$stupid_offset4, $ID, "int[32]")
$lol6 = _MemoryRead($lol5+$stupid_offset5, $ID, "int[32]")
$fucking_address = _MemoryRead($lol6+$stupid_offset6, $ID, "BYTE")

$talk.Speak("All pointers found, the bot is ready, Have fun!")

$talk.Speak("Use the end button to close the bot while in the game, the bot will automaticly close it self if the client isn't running.")

autoshoot()

func autoshoot()
While 1
    $idcheck = ProcessExists("FirefallClient.exe")
	$fucking_address = _MemoryRead($lol6+$stupid_offset6, $ID, "BYTE")

	if ($fucking_address = 1 ) then
	MouseDown("left")

		While ($fucking_address = 1 )

   		$fucking_address = _MemoryRead($lol6+$stupid_offset6, $ID, "BYTE")
		Wend
	MouseUp("left")
	else
	sleep(1)
        endIf

	if ($idcheck = 0 ) then
		$talk.Speak("Firefall Client has been closed, The Autotrigger will now shutdown. Thank you for using Rauven's Firefall Autotrigger.")
		_MemoryClose($ID)
		Exit
	EndIf


Wend

endfunc


Func SeDebugPrivilege()
Local $iTokenIndex = 1
Local $Struct = DllStructCreate('DWORD;int')
Local $TOKEN_PRIVILEGES = DllStructCreate('DWORD;DWORD[' & (3 * 1) & ']')
DllStructSetData($TOKEN_PRIVILEGES, 1, 1)
While $iTokenIndex <= 1
  Local $bPrivilegeValue = DllCall('advapi32.dll', _
    'BOOL', 'LookupPrivilegeValue', _
    'str', '', _
    'str', 'SeDebugPrivilege', _ ;SE_DEBUG_NAME
    'ptr', DllStructGetPtr($Struct))
  If $bPrivilegeValue[0] Then
   DllStructSetData($TOKEN_PRIVILEGES, 2, 0x00000002, (3 * $iTokenIndex)) ;SE_PRIVILEGE_ENABLED
   DllStructSetData($TOKEN_PRIVILEGES, 2, DllStructGetData($Struct, 1), (3 * ($iTokenIndex - 1)) + 1)
   DllStructSetData($TOKEN_PRIVILEGES, 2, DllStructGetData($Struct, 2), (3 * ($iTokenIndex - 1)) + 2)
   DllStructSetData($Struct, 1, 0)
   DllStructSetData($Struct, 2, 0)
  EndIf
  $iTokenIndex += 1
WEnd
Local $hCurrentProcess = DllCall('kernel32.dll', _
   'HANDLE', 'GetCurrentProcess')
Local $hProcessToken = DllCall('advapi32.dll', _
   'BOOL', 'OpenProcessToken', _
   'HANDLE', $hCurrentProcess[0], _
   'DWORD', 0x00000020 + 0x00000008, _ ;TOKEN_ADJUST_PRIVILEGES + TOKEN_QUERY
   'HANDLE*', '')
Local $NEWTOKEN_PRIVILEGES = DllStructCreate('DWORD;DWORD[' & (3 * 1) & ']')
DllCall('advapi32.dll', _
   'BOOL', 'AdjustTokenPrivileges', _
   'HANDLE', $hProcessToken[3], _
   'BOOL', False, _
   'ptr', DllStructGetPtr($TOKEN_PRIVILEGES), _
   'DWORD', DllStructGetSize($NEWTOKEN_PRIVILEGES), _
   'ptr', '', _
   'DWORD*', '')
DllCall('kernel32.dll', _
   'BOOL', 'CloseHandle', _
   'HANDLE', $hProcessToken[3])
EndFunc
Func OpenProcess($iProcessID)
Local $hProcess = DllCall('kernel32.dll', _
   'HANDLE', 'OpenProcess', _
   'DWORD', 0x1F0FFF, _ ;DesiredAccess = PROCESS_ALL_ACCESS
   'BOOL', True, _ ;InheritHandle = True
   'DWORD', $iProcessID)
Return $hProcess[0]
EndFunc
Func ProcessModuleGetBaseAddress($hProcess, $sModuleName)
Local $ModulesMax = DllStructCreate('ptr[1024]')
Local $iProcessModules = DllCall('psapi.dll', _
   'BOOL', 'EnumProcessModules', _
   'HANDLE', $hProcess, _
   'ptr', DllStructGetPtr($ModulesMax), _
   'DWORD', DllStructGetSize($ModulesMax), _
   'DWORD*', '')
Local $sModuleBaseName
For $i = 1 To $iProcessModules[4] / 4
  $sModuleBaseName = DllCall('psapi.dll', _
    'DWORD', 'GetModuleBaseNameW', _
    'HANDLE', $hProcess, _
    'ptr', DllStructGetData($ModulesMax, 1, $i), _
    'wstr', '', _
    'DWORD', 256)
  If $sModuleBaseName[3] = $sModuleName Then Return DllStructGetData($ModulesMax, 1, $i)
Next
EndFunc
Func CloseHandle($hProcess)
Local $bResult = DllCall('kernel32.dll', _
   'BOOL', 'CloseHandle', _
   'HANDLE', $hProcess)
Return $bResult[0]
EndFunc

ty Rubyshdj

[Logtetsch]

Just an example how to use offsets in AutoIT.

Code:

#RequireAdmin ; important
#include <Pointer.au3> ;or NomadMemory.au3..... You have to download it from the internet!

Global $PId = 0, $Handle = 0
Global const $Offsets[7] = [0, 0x01DF5352, 0x4, 0x10, 0x50, 0x4, 0x2bd]
Global const $Basepointer = _MemoryModuleGetBaseAddress ($PId, "ProcessName.exe") + 0x040000

While True
	$PId = ProcessExists ("ProcessName.exe")
	if $PId > 0 Then
		$Handle = _MemoryOpen ($PId)
		if IsArray ($Handle) Then
			_MemoryPointerWrite ($Basepointer, $Handle, $Offsets, "Value", "DWORD") ;Functions like "_MemoryPointerWrite, _MemoryWrite... are defined in the Pointer.au3 or NomadMemory.au3 file.
		EndIf
	EndIf
WEnd

;AutoIT is canceling all handles by closing the script

Here´s the function _MemoryModuleGetBaseAddress($PID, $Module) + 0x.....

 Spoiler

Code:

Func _MemoryModuleGetBaseAddress($iPID, $sModule)
    If Not ProcessExists($iPID) Then Return SetError(1, 0, 0)

    If Not IsString($sModule) Then Return SetError(2, 0, 0)

    Local   $PSAPI = DllOpen("psapi.dll")

    ;Get Process Handle
    Local   $hProcess
    Local   $PERMISSION = BitOR(0x0002, 0x0400, 0x0008, 0x0010, 0x0020) ; CREATE_THREAD, QUERY_INFORMATION, VM_OPERATION, VM_READ, VM_WRITE

    If $iPID > 0 Then
        Local $hProcess = DllCall("kernel32.dll", "ptr", "OpenProcess", "dword", $PERMISSION, "int", 0, "dword", $iPID)
        If $hProcess[0] Then
            $hProcess = $hProcess[0]
        EndIf
    EndIf

    ;EnumProcessModules
    Local   $Modules = DllStructCreate("ptr[1024]")
    Local   $aCall = DllCall($PSAPI, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($Modules), "dword", DllStructGetSize($Modules), "dword*", 0)
    If $aCall[4] > 0 Then
        Local   $iModnum = $aCall[4] / 4
        Local   $aTemp
        For $i = 1 To $iModnum
            $aTemp =  DllCall($PSAPI, "dword", "GetModuleBaseNameW", "ptr", $hProcess, "ptr", Ptr(DllStructGetData($Modules, 1, $i)), "wstr", "", "dword", 260)
            If $aTemp[3] = $sModule Then
                DllClose($PSAPI)
                Return Ptr(DllStructGetData($Modules, 1, $i))
            EndIf
        Next
    EndIf

    DllClose($PSAPI)
    Return SetError(-1, 0, 0)

EndFunc

Sorry if I misunderstood your problem, but I have no pleasure to read your text.

[lolkop]

Quote:

Originally Posted by Logtetsch

Just an example how to use offsets in AutoIT.

Sorry if I misunderstood your problem, but I have no pleasure to read your text.

he asked how to FIND "offsets"...

b2t:
reverse engineering isn't that easy... you'll need some basic asm knowledge and an understanding, of how highlevel language compilers are working.

once you've reached that point, you won't need to find "offsets", to build some kind of professional hacks =)

[EviLcLoWnS™]

I know how to find offsets,just wondering if anyone has messed around with firefall. Too fix the trigger bot do you think im looking for pointer id's. Problem is mobs name only light up for a min then fades away.

[fire99966]

If you ever manage to get this working, it would ROCK on firefall.

Looks like someone pulled it off.

Crack it!