Register for your free account! | Forgot your password?

You last visited: Today at 15:09

  • Please register to post and access all features, it's quick, easy and FREE!

 

GW2 Memory Thread

Reply
 
Old   #61
 
elite*gold: 0
Join Date: Oct 2012
Posts: 141
Received Thanks: 31
Is Endurance stored serverside?

"Gw2.exe"+011D3C28

Doesn't seem to be, I can only inject for a few minutes before game crashes.
Thoughts?



Robban89 is offline  
Old   #62
 
elite*gold: 0
Join Date: Apr 2007
Posts: 950
Received Thanks: 2,403
Yeah It's checked sever side, if you bypass the check and try to dodge extra times it will disconnect back to the character select screen.


*M* is offline  
Old   #63
 
elite*gold: 0
Join Date: Apr 2009
Posts: 793
Received Thanks: 365
Anyone got expirience with map changes on the protocol layer?
Xereon is offline  
Old   #64
 
elite*gold: 0
Join Date: Apr 2012
Posts: 7
Received Thanks: 0
Quote:
Originally Posted by Cencil View Post
Yeah with heartbeat I just meant the movement
Change the last flag from 0 to 1 to get an auto sync teleporter with packets

Heartbeat movement packet under normal conditions:
uint16 packet code (0x0D)
uint16 time1
uint16 time2
float x
float y
float z
uint8 unk
uint16 flags, just set this **** to 0x1
Hey Cencil and thanks for the great work in this thread. Thanks to you, I was able to get a C++ version of your packet logger working Care to elaborate on the auto-sync teleporter with packets? I tried modifying the x,y,z and different variations of the flags but had no luck. In my PacketEncrypt detour I simply set x,y,z to some value. Then I modified my physical/visual x,y,z in memory and tried to move. It kept putting me back to original location but was sending movement packets (0x0D) with the location I was trying to teleport to. Any help would be appreciated.


whitea2 is offline  
Old   #65
 
elite*gold: 97
Join Date: Jun 2007
Posts: 2,246
Received Thanks: 4,850
Quote:
Originally Posted by whitea2 View Post
Hey Cencil and thanks for the great work in this thread. Thanks to you, I was able to get a C++ version of your packet logger working Care to elaborate on the auto-sync teleporter with packets? I tried modifying the x,y,z and different variations of the flags but had no luck. In my PacketEncrypt detour I simply set x,y,z to some value. Then I modified my physical/visual x,y,z in memory and tried to move. It kept putting me back to original location but was sending movement packets (0x0D) with the location I was trying to teleport to. Any help would be appreciated.
Works fine for me, I just tested it in the packet detour without modifiying my position in the memory.
Code:
    if (wOpCode = $0D) and (packetSize = 21) then
    begin
      with pVec do
      begin
        x := 0;
        y := 0;
        z := 100;
      end;

      Move(pVec, buffer[6], SizeOf(pVec)); // 12 bytes
      wNewFlag := 1;
      Move(wNewFlag, buffer[19], SizeOf(wNewFlag)); // 2 bytes
      pBuffer := @buffer[0];
    end;
Mansual sending also works like a charm.
Code:
  p := TGW2Packet.Create();
  p.PutUInt16($0D);
  p.PutUInt16(1000); // timing 1 (incorrect value but the server doesn't care)
  p.PutUInt16(1000); // timing 2 (incorrect value but the server doesn't care)
  p.PutFloat(100);
  p.PutFloat(100);
  p.PutFloat(50);
  p.PutUInt8(0);
  p.PutUInt16(1); // sync position :)
  p.Send();
  p.Free()
Normally timing 1 and timing 2 are uint32 values. The packet above is packed and just works if you don't use the PutPacketQueue function! Make sure your packet has a size of 28 bytes.
Cencil is offline  
Thanks
1 User
Old   #66
 
elite*gold: 0
Join Date: Apr 2012
Posts: 7
Received Thanks: 0
Code:
void _fastcall my_PacketEncrypt(VOID* Unk, VOID* Unk1, int bufferSize, packet* pBuffer, int* pTargetBuffer)
{
	if(bufferSize == 21 && pBuffer->opcode == 0x0D) //movement packet
	{
		cout << "moving\n" << endl;
				
		pBuffer->x = 100;
		pBuffer->y = 100;
		pBuffer->z = 100;

		pBuffer->flags[2] = 1;

		cout << "opcode:" << pBuffer->opcode << "  x:" << pBuffer->x << "  y:" << pBuffer->y << "  z:" << pBuffer->z << endl;
	}

	orig_PacketEncrypt(Unk, Unk1, bufferSize, pBuffer, pTargetBuffer);
}
where packet is defined as a structure:
Code:
struct packet{
	UINT16 opcode;	//2 bytes
	UINT16 Time1;	//2 bytes
	UINT16 Time2;	//2 bytes
	FLOAT x;		//4 bytes
	FLOAT y;		//4 bytes
	FLOAT z;		//4 bytes
	CHAR flags[3];	//3 bytes
};
and orig_PacketEncrypt is defined as
Code:
typedef VOID (_fastcall *tPacketEncrypt)(VOID* Unk, VOID* Unk1, int bufferSize, packet* pBuffer, int* pTargetBuffer);
VOID _fastcall my_PacketEncrypt(VOID* Unk, VOID* Unk1, int bufferSize, packet* pBuffer, int* pTargetBuffer);
tPacketEncrypt orig_PacketEncrypt = (tPacketEncrypt)(0x00A69C60);
Got it working, thanks so much! The problem was my structure of pBuffer. Flags were not 'changed' the way I thought they would be.
whitea2 is offline  
Old   #67
 
elite*gold: 0
Join Date: Jul 2009
Posts: 41
Received Thanks: 6
i know it is a lot work, but can somebody please upload a video which shows how to find the multilevel pointer for e.g. player x-y-z coordinates??
i did the multilevel pointer tutorial in CE but i can´t figure it out @ GW2.
Maybe some can explain (;
GeForce66 is offline  
Old   #68
 
elite*gold: 0
Join Date: Jun 2010
Posts: 65
Received Thanks: 0
Hi Leute,
bin neu in der Bot-Programmierung! Kann mir bitte irgendeiner die Begriffe der Memories erklären also z.b.:

Quote:
RotCos = 0x016A55C0
RotSin = 0x016A55C4
oder

Quote:
Base PreTargetPos = 0x015D359C
Offset1 = 0x8c
OffsetPosX = 0x78
OffsetPosY = 0x7C
OffsetPosZ = 0x80

Base Adrenaline = 0x016A5600
Offset1 = 0x184
Offset2 = 0x2C
Manche sachen (z.B Autowalk) sind ja selbsterklärend aber bei den oben genannten, bin ich selbst nach googlen nicht raufgekommen!

Danke für eure Hilfe!
Derrod
derrod is offline  
Old   #69
 
elite*gold: 0
Join Date: Jan 2008
Posts: 1,098
Received Thanks: 198
Quote:
Originally Posted by derrod View Post
Hi Leute,
bin neu in der Bot-Programmierung! Kann mir bitte irgendeiner die Begriffe der Memories erklären also z.b.:



oder



Manche sachen (z.B Autowalk) sind ja selbsterklärend aber bei den oben genannten, bin ich selbst nach googlen nicht raufgekommen!

Danke für eure Hilfe!
Derrod
RotCos wird wahrscheinlich der Cosinus der Kamera sein und
RotSin der Sinus
PreTargetPos damit kannst wahrscheinlich die Position des vorherigen Ziels auslesen (X,Y und Z)
Adrenalin kannst wahrscheinlich das Adrenalin auslesen
i4mSoH34Vy is offline  
Thanks
1 User
Old   #70
 
elite*gold: 57
Join Date: Jun 2007
Posts: 10,721
Received Thanks: 5,092
Quote:
Originally Posted by derrod View Post
Manche sachen (z.B Autowalk) sind ja selbsterklärend aber bei den oben genannten, bin ich selbst nach googlen nicht raufgekommen!

Danke für eure Hilfe!
Derrod
Wenn man zu einem Agent schaut sieht man schon den Lebenspunktebalken, er wird also schon vorausgewählt, ist aber noch nicht im target.
Sobald er dann ausgewählt ist, ist PreTarget gleich target.
_revo is offline  
Thanks
1 User
Old   #71
 
elite*gold: 97
Join Date: Jun 2007
Posts: 2,246
Received Thanks: 4,850
A small function update for 15977

Code:
004065F0 GetNetworkClassPtr
00B1C2A0 GetCliContext
00AEAE70 GetAsContext
00B1CC90 GetControlledCharacter
00B2AA90 Character::GetPlayer
00B32150 Character::IsAlive
00B32180 Character::IsDowned
00B321E0 Character::IsInWater
00B32240 Character::IsPlayer
00BF0430 Character::GetAgent
00B1C270 GetPlayerFromListById
00A66D50 Msg::DispatchStream
00A68420 Msg::GetPacketHandler
00A69C20 DeEncryptPacket
00A674E0 PutPacketQueue
00A7A140 PutPacketQueueCallProxy
00B61BD0 ProcessChatInput
00B658C0 PH_ChatMessage // packethandler for 0x133
00A7C390 SendMoveJump
00A7DB50 SendMoveStart
00A7DD10 SendMoveTurn
The PutPacketQueue function requires the unpacked packet buffer.
For example:
Code:
  if (FMover.SetPosition(Position)) then
  begin
    p := TGW2Packet.Create(28);
    p.PutUInt16($0D);
    p.PutUInt32(dwTiming);
    p.PutUInt32(dwTiming);
    p.PutVec3(Position);
    p.PutUInt32(0);
    p.PutUInt16(0);
    p.Send();
    p.Free();
  end;

  // send call

  asm
    push pBuf
    mov eax, $00A67BF0
    call eax
    mov edx, $1C // unpacked size
    mov ecx, eax
    mov eax, $00A674E0
    call eax
  end;
After you called it gw packs, encrypts and sends the packet for you.
Cencil is offline  
Thanks
2 Users
Old   #72
 
elite*gold: 0
Join Date: Jul 2008
Posts: 104
Received Thanks: 2
Quote:
Originally Posted by i4mSoH34Vy View Post
RotCos wird wahrscheinlich der Cosinus der Kamera sein und
RotSin der Sinus
PreTargetPos damit kannst wahrscheinlich die Position des vorherigen Ziels auslesen (X,Y und Z)
Adrenalin kannst wahrscheinlich das Adrenalin auslesen
RotCos is the cosinus player's facing not camera's. If you rotate your character you can see that those values change from -1 to 1 (4 peaks for north,west,south,east). You can calculate angle of facing using arc functions (atan2 in our case, which is included in pretty much every language).
Rorouni is offline  
Thanks
1 User
Old   #73
 
elite*gold: 0
Join Date: Jun 2010
Posts: 65
Received Thanks: 0
Thanks, but the problem is that I get values like 3212104670 or 1065259685!
derrod is offline  
Old   #74
 
elite*gold: 0
Join Date: Apr 2012
Posts: 7
Received Thanks: 0
Quote:
Originally Posted by Cencil View Post
A small function update for 15977
...
The PutPacketQueue function requires the unpacked packet buffer.
For example:
Code:
  if (FMover.SetPosition(Position)) then
  begin
    p := TGW2Packet.Create(28);
    p.PutUInt16($0D);
    p.PutUInt32(dwTiming);
    p.PutUInt32(dwTiming);
    p.PutVec3(Position);
    p.PutUInt32(0);
    p.PutUInt16(0);
    p.Send();
    p.Free();
  end;

  // send call

  asm
    push pBuf
    mov eax, $00A67BF0
    call eax
    mov edx, $1C // unpacked size
    mov ecx, eax
    mov eax, $00A674E0
    call eax
  end;
After you called it gw packs, encrypts and sends the packet for you.
Do you mind explaining the first 2 lines of the assembly? Is pBuf the pointer to your packet to send? Why is there a need to call $00A67BF0 (better yet, what function is that)?

Thanks so much for all the information you've put in this thread. I've learned so much and have gotten a ton of this working (main problem now is figuring out how to get a thread to execute code in the GW2 address space). Thanks again for all of the work you've freely shared!
whitea2 is offline  
Old   #75
 
elite*gold: 97
Join Date: Jun 2007
Posts: 2,246
Received Thanks: 4,850
Quote:
Originally Posted by whitea2 View Post
Do you mind explaining the first 2 lines of the assembly? Is pBuf the pointer to your packet to send? Why is there a need to call $00A67BF0 (better yet, what function is that)?

Thanks so much for all the information you've put in this thread. I've learned so much and have gotten a ton of this working (main problem now is figuring out how to get a thread to execute code in the GW2 address space). Thanks again for all of the work you've freely shared!
I didn't reversed what the function result from 0x00A67BF0 does in PutPacketQueue, but it seems to be fine for all movement packets.
PutPackQueue itself is a ms fastcall function. The third parameter is the buffer, as you already noticed.

To run my code in the correct threads I hook 0x00414450 (you can call it GameLoop or whatever you want) and ProcessChatInput.


Cencil is offline  
Thanks
2 Users
Reply



« Previous Thread | Next Thread »

Similar Threads
Grand Chase Memory Hacking Brigade Application Thread
Grand Chase Memory Hackers Brigade http://www.elitepvpers.com/forum/customgroupicons/socialgroupicon_1406_1294233999.gif Since i can't do...
34 Replies - Grand Chase
grand chase memory hackers brigade application thread
Grand Chase Memory Hackers Brigade http://www.elitepvpers.com/forum/customgroupicons/socialgroupicon_1406_1294233999.gif Since i can't do...
26 Replies - Grand Chase Philippines
Quick Memory Editor - Alternative Memory Hacking Software
This might be detected or not by GameGuard, I have not tested this on Official servers however it worked perfectly fine on other private servers....
11 Replies - Cabal Hacks, Bots, Cheats, Exploits & Macros
Fragen Zur Memory!!!(Auslesen von Spawn/Memory)
hey leute, ich wollte mal einen bot schreiben und nun bin ich ganz verwirrt. könnte mir jmd bitte schritt für schritt erklären wie das mit Memory...
3 Replies - Guild Wars



All times are GMT +2. The time now is 15:09.


Powered by vBulletin®
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.

Support | Contact Us | FAQ | Advertising | Privacy Policy
Copyright ©2017 elitepvpers All Rights Reserved.