First post, but have been following the tips all over this forum for about 6 months since I started writing my own bots.
Recently the server headers changed, and although it looks like the community have pulled through and released a new version of GWA2 to reflect it, there are other headers that I'm using, that aren't in the vanilla GWA2 code.
The above command would have previously told GW to move $lQuantity items of $lItemID into bag $lBagID , slot $aSlot
Of course, with the header change, 0x6F no longer means the same thing.
My question:
How do you guys debug the changed headers? Is there a way of going about it that doesn't mean crashing your GW client over and over until you find the correct header value?
Apologies if this has been asked before or it seems like an obvious question, but I've never had to look into this before and would really be grateful for any feedback.
The moveItem function in GWA2 does exactly what you have. You COULD look in that function to see what header is used there but the better way would be to just use that function.
The function could have been updated since I last checked (or the version I was using was borked) but when developing, if I used MoveItem (instead of MoveItemEx, which is the function the above example is from but isn't included in GWA2), it moves a whole stack instead of being supplied a quantity to move.
MoveItem($aItem, $aBag, $aSlot) - No ability to tell quantity
In my current (old) version, MoveItem uses header 0x6C which is different to the 0x6F seen in my previous post.
I've found the headers I need in the above example by going on rheek123's API Patcher example file @
My question wasn't specifically how to I find and update this particular header - I want to be able to contribute by finding and identifying these types of headers myself. Is there a tool I can use to sniff the headers that my client sends?
There are several ways to do this. If you did it from scratch, you'd want to fire up a Debugger/Disassembler such as OllyDbg, or more recently x32dbg and attach it to GW. Then look for the w32 network traffic receive function, and see what the program does with this [it is encrypted and you want to follow up to after GW has decrypted it for you].
Luckily many people have done this before, so that there's tons of little hacks that log this network traffic.
In the attachment, you can find a very minimalistic DLL source code, which allocates a console window and prints out the network stream. The first 2 bytes are the header that you're looking for. Take care of the size, as several packets may be sent in one recv-sequence.
Get Visual Studio Community (Free), start a new project, configure it as a DLL, add the attached source code, and compile. Then use any of the thousands of DLL injectors on the web to load it into GW, and voila, you can reverse both CtoS (Client to Server) and StoC (Server to Client) packets yourself.
You may want to deactivate StoC logging as it generates a lot of noise, especially if you're only interested in CtoS packets. Do this by adding a return at the right place in the Packet() function.
You'll have to go on your own from here, good luck.
The function could have been updated since I last checked (or the version I was using was borked) but when developing, if I used MoveItem (instead of MoveItemEx, which is the function the above example is from but isn't included in GWA2), it moves a whole stack instead of being supplied a quantity to move.
MoveItem($aItem, $aBag, $aSlot) - No ability to tell quantity
In my current (old) version, MoveItem uses header 0x6C which is different to the 0x6F seen in my previous post.
I've found the headers I need in the above example by going on rheek123's API Patcher example file @
My question wasn't specifically how to I find and update this particular header - I want to be able to contribute by finding and identifying these types of headers myself. Is there a tool I can use to sniff the headers that my client sends?
MoveItemEx the header is +3 higher than MoveItem(). MoveItemEx is also called SplitStack by some people.
So headers have changed a few times since my last post, and although now I can actively contribute to GWA2 to keep these up-to-date, I can't reply on the BotDeveloper to work - its broken with the latest GW update, too.
I've been trying to use OllyDbg to add a breakpoint at the SendPacket function, and from there inspect the header value being sent, but I'm having trouble picking these things out.
I'm using an archived GR page at to help, but it doesn't have the original images that were included in the post (replace the ***'s in the URL)
The attached image is a screenshot of how far I've got, adding a breakpoint for the packetsend function, and then having it break when the character moves. Somehow I should be able to find out the header for the MoveTo function from this code.
Is someone able to give some pointers on how to proceed?
So headers have changed a few times since my last post, and although now I can actively contribute to GWA2 to keep these up-to-date, I can't reply on the BotDeveloper to work - its broken with the latest GW update, too.
I've been trying to use OllyDbg to add a breakpoint at the SendPacket function, and from there inspect the header value being sent, but I'm having trouble picking these things out.
I'm using an archived GR page at to help, but it doesn't have the original images that were included in the post (replace the ***'s in the URL)
The attached image is a screenshot of how far I've got, adding a breakpoint for the packetsend function, and then having it break when the character moves. Somehow I should be able to find out the header for the MoveTo function from this code.
Is someone able to give some pointers on how to proceed?
Uploaded a new Version of BotDeveloper.
If you wanna do it with a Olly do this:
1. Breakpoint the Sendpacket-Func @58E840 (you did it already)
2. Do smth you wanna analyze (eg toggle Hard-/Normal Mode).
3. Olly should pause GW (show you on buttom right (yellow)).
4. In the Register-Window (Top Right) EDX gives you the size of the Packet.
5. In the Buttom Right Window right click the 2nd entry from Top and click "Follow in Dump".
6. The Bottom Left Window shows you the Byte String of the Packet. 1st Element is the Header followed by the parameters (if they are given).
You only need to read size (EDX) entries. Watch out Endianness.
There are several ways to do this. If you did it from scratch, you'd want to fire up a Debugger/Disassembler such as OllyDbg, or more recently x32dbg and attach it to GW. Then look for the w32 network traffic receive function, and see what the program does with this [it is encrypted and you want to follow up to after GW has decrypted it for you].
Luckily many people have done this before, so that there's tons of little hacks that log this network traffic.
In the attachment, you can find a very minimalistic DLL source code, which allocates a console window and prints out the network stream. The first 2 bytes are the header that you're looking for. Take care of the size, as several packets may be sent in one recv-sequence.
Get Visual Studio Community (Free), start a new project, configure it as a DLL, add the attached source code, and compile. Then use any of the thousands of DLL injectors on the web to load it into GW, and voila, you can reverse both CtoS (Client to Server) and StoC (Server to Client) packets yourself.
You may want to deactivate StoC logging as it generates a lot of noise, especially if you're only interested in CtoS packets. Do this by adding a return at the right place in the Packet() function.
You'll have to go on your own from here, good luck.
I tried using this in 2024 and injected the dll but the console window is empty. I'm guessing the CtoS/StoC PacketCrypterCode arrays have changed?
Wich Header is better? / Welcher Header ist besser? 10/05/2012 - General Art - 5 Replies Hello Com,
wich header is better?
My site is about Anonymize your links.
Hallo Com,
welcher header ist besser?
Meine Seite Anonymisiert die links.
Suche Header für Homepage / Search Header 04/29/2012 - Artist Trading - 2 Replies Hey Leute,
Ich suche einen neuen Header für meine ClanHomepage
wichtig ist :
Breite: 958 Pixel
Höhe: 188 Pixel
Dateiformat: .jpg
Name: eVolution of Gaming Series (bitte den Namen in den Header reintun)
css wie mach ich ein header und vom header der hintergrund z.B blau 11/14/2010 - Coding Tutorials - 2 Replies Hallo leute meine Frage kann man kaum erklären ich will nen Header
z.B
http://web85.germaninfo29.erfurt16.de/ebay/ftp_bi lder/header_moeller_1220_358.jpg
also da steht traum company aber ich will in mein Header jetz Traum company und dann nur für denn Header ein blauen hintergrund also
![[GWA2] How to chase after updated header values?](https://www.elitepvpers.com/forum/iconimages/gw-bots/gwa2-how-chase-after-updated-header-values_ltr.gif){kind=small}
