|
You last visited: Today at 20:32
Advertisement
PWI - Guide for finding chat message offsets - C# code included
Discussion on PWI - Guide for finding chat message offsets - C# code included within the PW Hacks, Bots, Cheats, Exploits forum part of the Perfect World category.
09/05/2011, 17:47
|
#106
|
elite*gold: 20 
Join Date: May 2009
Posts: 1,290
Received Thanks: 326
|
In case anyone needs it :
This is what I wrote some time ago for reading chat messages from array :
Code:
function TPWChat.GetMessage(Indx: Integer; length: Integer): string;
var
written: cardinal;
eax: cardinal;
indexcalc: cardinal;
Str: array [0 .. 240] of Widechar;
begin
if Indx < 199 then
begin
indexcalc := (((Indx - 1) * $1C) + $18);
ReadProcessMemory(Pidhandle, ptr(chatbase), @eax, sizeof(eax), written);
ReadProcessMemory(Pidhandle, ptr(eax + indexcalc), @eax,
sizeof(eax), written);
ReadProcessMemory(Pidhandle, ptr(eax + $0), @Str, length, written);
Result := Str;
end;
if Indx >= 199 then
begin
ReadProcessMemory(Pidhandle, ptr(chatbase), @eax, sizeof(eax), written);
ReadProcessMemory(Pidhandle, ptr(eax + $15B0), @eax, sizeof(eax), written);
ReadProcessMemory(Pidhandle, ptr(eax + $0), @Str, length, written);
Result := Str;
end;
end;
Very messy code, and I know that typecasting widestring to string is not safe at all, but I couldnt be arsed to fix it back then. Just dumping this here.
Indx is the current chat index (The counter that counts even though you cleared your log), length is the length of the message you wish to copy / 2 (unicode).
Hope this helps a bit, cheers...
|
|
|
|
10/27/2011, 13:19
|
#107
|
elite*gold: 0
Join Date: Mar 2011
Posts: 44
Received Thanks: 48
|
i have one question about Auction, iam trying remake AH for better and faster searching, but i stuck on this.....
auctionid.txt
Code:
ID group full name
19 19 ☆Bronze Sword
4688 19 ☆☆Bronze Sword
4499 19 ☆☆☆Bronze Sword
this example shows how add to group 19 IDs like 19,4688,4499 and in auctiontree.txt u can use group 19 an AH find every 3 swords
i try remake TT mats like this:
auctiontree.txt
Code:
60
Chientien's Edge 15227
Broken Drum 15228
Piece of Skeleton 15229
70
Chientien's Armor Shard 15230
Framework of Drum 15231
Soulgatherer's Tentacle 15232
Frenzy Lion's Skin 15233
Ancient Serpent's Skin 15234
Broken Shard of Gold Armor 15235
Forshura's Armor 15236
Forshura's Black Orb 15237
Mysterious Skull 15238
80
Chin's Plate 15239
War Drum 15240
Frenzy Lion's Claw 15241
Soulgatherer's Mirror 15242
Forshura's Hook 15243
Ancient Serpent's Blood 15244
Tough Shard of Gold Armor 15245
Feng's Black Armor 15246
Giant Ape's Tooth 15247
Claw of Consumer of Souls 15248
Feng's Iron Bars 15249
Giant Ape's Skin 15250
Mane of Consumer of Souls 15251
Ancient Serpent's Orb 15252
Golden Spirit 15253
Feng's Steel Armor 15254
Giant Ape's Palm 15255
Klunky Sword 15256
90
Frenzy Lion's Edge 15257
Iron Plate of Darkness 15258
Forshura's Arm 15259
Evil Minion's Horn 15260
Horn of Feng's horse 15261
Sorceress's Hand 15262
Sacred Mother's Orb 15263
Giant Ape's Tail 15264
Dust of Stars 15265
Ghost Lord's Ribbon 15266
Antenna of Consumer of Souls 15267
Giant Beast's Armor 15268
Wheel of the Seven Luminaries 15269
Astral Stone 15270
Ancient Devil's Horn 15271
Dust of Devil 15272
Evil Minion's Shell 15273
Sacred Mother's Aura 15274
Touch of the Seven Luminaries 15275
Giant Beast's Shell 15276
Power of the Seven Luminaries 15277
Ancient Devil's Soul 15278
Stone of Sacred Temple 15279
99
Shards of Darkness 15280
Evil Minion's Axe Edge 15281
Giant Pincers of Darkness 15282
Sorceress's Hearwear 15283
Evil Minion's Burning Heart 15284
Sacred Mother's Stone 15285
Sorceress's Aura 15286
Ghost Lord's Power 15287
Sacred Mother's Heart 15288
Giant Beast's Black Aura 15289
Ghost Lord's Dark Aura 15290
Giant Beast's Crimson Horn 15291
Skaidread's Orb 15292
Skaidread's Edge 15293
Tsu's Ghost Mask 15294
Minister's Stone 15295
Monarch's Will 15296
Tsuchun's Silk Whip 15297
Illusion Spring 15298
Sorceress's Soul 15299
Ghost Lord's Protection 15300
Giant Beast's Footprint 15301
Empire's Back Image 15302
Tsuchun's Dark Soul 15303
Empire's Sigh 15304
Tsuchung's Blazing Wings 15305
Illusion Lord's Stone 15306
Illusion Stone 15307
Sign of Twilight 15308
100
Golden Mask 15309
Twilight Scepter 15310
Heart of Nature 15311
but doesnt work ... when i look in auctionid.txt every TT mats was added to group, so i remake that on this:
auctionid.txt
Code:
15227 15227 Chientien's Edge
15228 15228 Broken Drum
15229 15229 Piece of Skeleton
15230 15230 Chientien's Armor Shard
15231 15231 Framework of Drum
15232 15232 Soulgatherer's Tentacle
15233 15233 Frenzy Lion's Skin
15234 15234 Ancient Serpent's Skin
15235 15235 Broken Shard of Gold Armor
15236 15236 Forshura's Armor
15237 15237 Forshura's Black Orb
15238 15238 Mysterious Skull
15239 15239 Chin's Plate
15240 15240 War Drum
15241 15241 Frenzy Lion's Claw
15242 15242 Soulgatherer's Mirror
15243 15243 Forshura's Hook
15244 15244 Ancient Serpent's Blood
15245 15245 Tough Shard of Gold Armor
15246 15246 Feng's Black Armor
15247 15247 Giant Ape's Tooth
15248 15248 Claw of Consumer of Souls
15249 15249 Feng's Iron Bars
15250 15250 Giant Ape's Skin
15251 15251 Mane of Consumer of Souls
15252 15252 Ancient Serpent's Orb
15253 15253 Golden Spirit
15254 15254 Feng's Steel Armor
15255 15255 Giant Ape's Palm
15256 15256 Klunky Sword
15257 15257 Frenzy Lion's Edge
15258 15258 Iron Plate of Darkness
15259 15259 Forshura's Arm
15260 15260 Evil Minion's Horn
15261 15261 Horn of Feng's horse
15262 15262 Sorceress's Hand
15263 15263 Sacred Mother's Orb
15264 15264 Giant Ape's Tail
15265 15265 Dust of Stars
15266 15266 Ghost Lord's Ribbon
15267 15267 Antenna of Consumer of Souls
15268 15268 Giant Beast's Armor
15269 15269 Wheel of the Seven Luminaries
15270 15270 Astral Stone
15271 15271 Ancient Devil's Horn
15272 15272 Dust of Devil
15273 15273 Evil Minion's Shell
15274 15274 Sacred Mother's Aura
15275 15275 Touch of the Seven Luminaries
15276 15276 Giant Beast's Shell
15277 15277 Power of the Seven Luminaries
15278 15278 Ancient Devil's Soul
15279 15279 Stone of Sacred Temple
15280 15280 Shards of Darkness
15281 15281 Evil Minion's Axe Edge
15282 15282 Giant Pincers of Darkness
15283 15283 Sorceress's Hearwear
15284 15284 Evil Minion's Burning Heart
15285 15285 Sacred Mother's Stone
15286 15286 Sorceress's Aura
15287 15287 Ghost Lord's Power
15288 15288 Sacred Mother's Heart
15289 15289 Giant Beast's Black Aura
15290 15290 Ghost Lord's Dark Aura
15291 15291 Giant Beast's Crimson Horn
15292 15292 Skaidread's Orb
15293 15293 Skaidread's Edge
15294 15294 Tsu's Ghost Mask
15295 15295 Minister's Stone
15296 15296 Monarch's Will
15297 15297 Tsuchun's Silk Whip
15298 15298 Illusion Spring
15299 15299 Sorceress's Soul
15300 15300 Ghost Lord's Protection
15301 15301 Giant Beast's Footprint
15302 15302 Empire's Back Image
15303 15303 Tsuchun's Dark Soul
15304 15304 Empire's Sigh
15305 15305 Tsuchung's Blazing Wings
15306 15306 Illusion Lord's Stone
15307 15307 Illusion Stone
15308 15308 Sign of Twilight
15309 15309 Golden Mask
15310 15310 Twilight Scepter
15311 15311 Heart of Nature
with this i made every TT mats outside any group (like for example fasion), and of course original TT mats search with low, medium, high, top classes may dont work, but for me everything work like before, so i want ask if anybody try this before, or is any other place where game can access "old" groups, i try look elements.data with sELedit, but dont find any TT mats there, i tryed this before with fashion and works fine but this one doesnt seem to work, can someone give any hint here, ty so much 
|
|
|
|
|
10/27/2011, 14:54
|
#108
|
elite*gold: 10
Join Date: Sep 2010
Posts: 400
Received Thanks: 234
|
I was about to try something like this but my lunch break is over now lol...
Give this a try...
Add to the bottom of autiontree.txt:
Code:
TT by level
TT60
TT60 materials 60
TT70
TT70 materials 70
TT80
TT80 materials 80
TT90
TT90 materials 90
And add to the bottom of auctionid.txt:
Code:
15461 60 Ultimate Substance
15229 60 Piece of Skeleton
15227 70 Chientien's Edge
15228 70 Broken Drum
15230 70 Chientien's Armor Shard
15231 80 Framework of Drum
15233 80 Frenzy Lion's Skin
15235 80 Broken Shard of Gold Armor
15232 90 Soulgatherer's Tentacle
15234 90 Ancient Serpent's Skin
Those probably aren't the right TT levels for those mats but this was just to test the theory... Give it a try and let me know if it works - I'll try it when I get home later too.
Edit: I've just realised that if this works, you'll probably get some other items in those lists too as, for example, group 60 isn't unique:
Code:
60 60 ☆Viper Spear
4739 60 ☆☆Viper Spear
4552 60 ☆☆☆Viper Spear
The 60 / 70 / 80 / 90 numbers are arbitrary really, just so it was readable. You'd be better off finding some unique numbers that aren't already used as group IDs in auctionid.txt
Maybe try 600, 700 etc.
|
|
|
|
|
10/27/2011, 18:39
|
#109
|
elite*gold: 0
Join Date: Mar 2011
Posts: 44
Received Thanks: 48
|
i try this....
auctiontree.txt
Code:
TT by level
TT60
TT60 materials 106000
TT70
TT70 materials 107000
TT80
TT80 materials 108000
TT90
TT90 materials 109000
TT99
TT99 materials 109900
TT100
TT100 materials 110000
autcionid.txt
Code:
15227 106000 Chientien's Edge
15228 106000 Broken Drum
15229 106000 Piece of Skeleton
15230 107000 Chientien's Armor Shard
15231 107000 Framework of Drum
15232 107000 Soulgatherer's Tentacle
15233 108000 Frenzy Lion's Skin
15234 108000 Ancient Serpent's Skin
15235 108000 Broken Shard of Gold Armor
15236 108000 Forshura's Armor
15237 109000 Forshura's Black Orb
15238 109000 Mysterious Skull
15239 109000 Chin's Plate
15240 109000 War Drum
15241 109000 Frenzy Lion's Claw
15242 109900 Soulgatherer's Mirror
15243 109900 Forshura's Hook
15244 109900 Ancient Serpent's Blood
15245 109900 Tough Shard of Gold Armor
15246 109900 Feng's Black Armor
15247 109900 Giant Ape's Tooth
15248 109900 Claw of Consumer of Souls
15249 109900 Feng's Iron Bars
15250 110000 Giant Ape's Skin
15251 110000 Mane of Consumer of Souls
15252 110000 Ancient Serpent's Orb
15253 110000 Golden Spirit
15254 110000 Feng's Steel Armor
15255 110000 Giant Ape's Palm
NO WORK 
edit: but original auction tree (materials-other-tt-low,mid,high,top) still works for all TT drops, so it seems game not read auctionid.txt becouse no change when i edit that...
edit2: i completly remove auctionid.txt from *.pck and auction works fine 
|
|
|
|
|
10/27/2011, 19:06
|
#110
|
elite*gold: 10
Join Date: Sep 2010
Posts: 400
Received Thanks: 234
|
Quote:
Originally Posted by Merkada
edit2: i completly remove auctionid.txt from *.pck and auction works fine |
Lol nice! I guess that's a redundant file then...
And yeah I just checked my suggestion too, which didn't work.
But if you got it working, then great
Edit: Wait a minute though.... If you remove auctionid.txt, how would it know which groups to assign to the tree? Or do you mean the standard auction works, but you don't get your custom stuff?
|
|
|
|
|
10/27/2011, 19:25
|
#111
|
elite*gold: 0
Join Date: Mar 2011
Posts: 44
Received Thanks: 48
|
Quote:
Originally Posted by dumbfck
Edit: Wait a minute though.... If you remove auctionid.txt, how would it know which groups to assign to the tree? Or do you mean the standard auction works, but you don't get your custom stuff?
|
probably mirror of that file in other *.pck or something like that, auctiontree.txt game use bot auctionid.txt dont use, and everything in auction work normal, game still know wich ID assign to tree
in other words... auctionid.txt is junk file
edit: and it can be a server sided, wich is dont good for me
|
|
|
|
|
11/14/2011, 15:47
|
#112
|
elite*gold: 0
Join Date: May 2010
Posts: 220
Received Thanks: 203
|
Quote:
Originally Posted by dumbfck
So for example, to get a list of just the IDs of everything in the AH:
Pseudocode:
[code]
Code:
// 15 items per page
for(i = 0 ; i < 15 ; i++)
{
itemIDs[i] = ReadUnicode([[[[[[[[[BASE_CALL]+1C]+18]+8]+2BC]+208]+150]+ i*5D0 + B0]+0])
}
|
for the update before this one, i found the new offset myself.
but forget how 
2BC changed to 0x74
now i try a search while count it from 0 to 10.000 and use the result converted to hex...but found no text 
is there maybe a regex string for this or did they change more, wen text become colored ?
|
|
|
|
|
11/14/2011, 16:51
|
#113
|
elite*gold: 10
Join Date: Sep 2010
Posts: 400
Received Thanks: 234
|
Yeah I expect some stuff near the end of the offset chain probably changed a bit when they added all the coloured ****... Maybe.
By the way, 0x74 is actually the currently focused window. You'll find all your offsets will be screwed if you focus another window :P
I'm at work atm so I can't take a poke at this one, but you could perhaps take a look at my GUI mapper tool to see how windows are found and how the child controls / objects are iterated.
There will still be a constant pointer to the AH UI window in [[guiBase1]+something] but I suppose it might have moved. If my gui mapper still works at all, it'll give you that offset (the one that was previously 0x2BC).
List objects such as the AH listings, friend lists, hotkeys list, etc. are a bit of a ***** to figure out. I'd recommend trying  if you want to explore the GUI stuff.
Alternatively, I'll try to take a look later when I get home :P
It might just be the 0xB0 part at the end... The i * 0x5D0 part points to an object for each entry in the list, 0xB0 is simply one of that object's properties. If you dig around in there, you can find all sorts of stuff, from positioning, ID, name, etc. If they've added an extra field for text colours or something then the final offsets in the chain might be different.
However, I would have thought it would make sense for them to just have the text like:
^FF2300 derp ^34FF12 blah
Like how they normally implement multicoloured text - then all the colours are handled in the final text dispatcher / display function.
|
|
|
|
|
11/15/2011, 19:07
|
#114
|
elite*gold: 0
Join Date: May 2010
Posts: 220
Received Thanks: 203
|
thanks for the answer
hmm sounds the fault is on my side, i give it another try with antifreeze first.
before the last update all worked fine, so i thought a new offset is the problem.
|
|
|
|
|
11/16/2011, 00:41
|
#115
|
elite*gold: 10
Join Date: Sep 2010
Posts: 400
Received Thanks: 234
|
I seem to get asked how to find the chat message offsets (from the first post in this thread) quite a lot, so here's a tool for finding them - Just save this as an AutoIt script in your element folder and run it:
Code:
getChatOffsets()
Func getChatOffsets()
$path = "elementclient.exe"
$file = FileOpen($path, 16)
$data = FileRead($file, FileGetSize($path))
FileClose($file)
$search ='.*?' & _
'8B0D(.{8})' & _ ; /MOV ECX,DWORD PTR DS:[elementclient.0B2DE40]
'8B4C0E.{2}' & _ ; |MOV ECX,DWORD PTR DS:[ECX+ESI+0C]
'85C9' & _ ; |TEST ECX,ECX
'74.{2}' & _ ; |JE SHORT elementclient.004F1586
'8B11' & _ ; |MOV EDX,DWORD PTR DS:[ECX]
'6A.{2}' & _ ; |PUSH 1
'FF12' & _ ; |CALL DWORD PTR DS:[EDX]
'A1(.{8})' ; |MOV EAX,DWORD PTR DS:[elementclient.0B2DE4C]
$matches = StringRegExp($data, $search, 2)
ConsoleWrite('$chatBase = 0x'&rev($matches[1])&@CRLF)
ConsoleWrite('$lastChatIndex = 0x'&rev($matches[2])&@CRLF)
EndFunc
Func rev($string)
Local $all
For $i = StringLen($string) + 1 To 1 Step -2
$all = $all & StringMid($string, $i, 2)
Next
While StringLeft($all, 1) = '0'
$all = StringTrimLeft($all, 1)
WEnd
Return $all
EndFunc
@amineurin - I'll take a look at the AH stuff now - been distracted the last couple of evenings with a new toy ^_^
Edit:
New AH offsets are:
Item AH page, tab delimited string for each item:
[[[[[[[[baseCall]+0x1C]+0x18]+0x8]+0x2C8]+0x208]+0x168] + i*0x800 + 0x0]
Item AH page, item IDs:
[[[[[[[[baseCall]+0x1C]+0x18]+0x8]+0x2C8]+0x208]+0x168] + i*0x800 + 0xB0]
Gold listings page, Sell list, tab delimited string for each item:
[[[[[[[[baseCall]+0x1C]+0x18]+0x8]+0x3B0]+0x208]+0x168] + i*0x800 + 0x0]
Gold listings page, Buy list, tab delimited string for each item:
[[[[[[[[baseCall]+0x1C]+0x18]+0x8]+0x3B0]+0x20C]+0x168] + i*0x800 + 0x0]
Cheers
|
|
|
|
|
11/17/2011, 19:28
|
#116
|
elite*gold: 0
Join Date: May 2010
Posts: 220
Received Thanks: 203
|
ah cool, thanks a lot!
dont want to disturb you on your project with interest07
so they change more then the one offset, no wonder i cant found anything.
since im not familiar like you, with finding offsets...i start after a new update to count up the old offset +1, till i find the working offset.
after those pack madness, the game got so boring.
merchanding is much harder, since most invest money in those packs.
so now i program mosttime other tools, more helpfull in reallife.
but thanks to you, i can take a look again in the ah for some cheap stuff
|
|
|
|
|
11/17/2011, 20:21
|
#117
|
elite*gold: 10
Join Date: Sep 2010
Posts: 400
Received Thanks: 234
|
Hehe no problem. Unfortunately the new offsets were changed quite a bit this time, but I didn't go through the whole process of tracing back from the beginning this time.
I'll give a brief description...
First of all, for any GUI related stuff, probably the two most useful offsets are:
[[[[[baseCall]+0x1C]+0x18]+0x08]+0x244]
and
[[[[[baseCall]+0x1C]+0x18]+0x08]+0x248]
The first one gives the base offset for GUI window you are hovering over - The second one gives the offset for which control (e.g., button / label / text box) within that window that you are hovering over.
So, for this problem, I opened the AH page then hovered my mouse over it and wrote down the offset for the main window - I also hovered over the actual auction list and wrote down the other offset for the control which is hovered over. Then, using I checked around guiBase1:
[[[[baseCall]+0x1C]+0x18]+0x08]
and looked for the value I wrote down.
Once I found that, I plugged the new offsets back into CE - Luckily the offset for the auction list control was still right.
Then I just looked up the offsets in CE to see where the chain broke - which was where the offset was previously 150. Then again, I just used ReClass to look where there was a suspicious looking number and hey presto - 0x168. Then I just did the same for the 0x800 value - most of the offsets around here are empty, so when you see a number like 0x1Dxxxxxxx or something, that's probably it.
That's about it. ReClass is awesome lol
|
|
|
|
|
03/07/2012, 02:34
|
#118
|
elite*gold: 0
Join Date: May 2010
Posts: 220
Received Thanks: 203
|
*bump*
|
|
|
|
|
03/07/2012, 09:55
|
#119
|
elite*gold: 10
Join Date: Sep 2010
Posts: 400
Received Thanks: 234
|
Nothing has really changed with regards to getting the message objects, except for the messageBase and lastMessageID. I'm not at home at the moment... All I can remember is that the message base offset ends in 0xAXXA98 and the last ID ends in 0xAXXAA4 :P
Start client from fresh, wait until 5 or 6 messages appear in chat window, search for number, say, between 5-15, then next search for increased number every time a new message appears in the chat window
All the structure sizes are the same as before.
I don't think the regex I posted somewhere in this thread works anymore for finding those two static offsets, but the above method s easy as pie.
|
|
|
|
|
03/07/2012, 18:37
|
#120
|
elite*gold: 0
Join Date: Mar 2011
Posts: 44
Received Thanks: 48
|
Chat base - A57A98
last ID = A57A98 + C = A57AA4 (but dont use chat base + 0xC pointer)
|
|
|
|
 |
|
Similar Threads
|
guide: debug pwi, find function addresses and offsets, write a bot(c++ code included)
09/04/2022 - PW Hacks, Bots, Cheats, Exploits - 123 Replies
hi,
let's start right away.
what you can learn:
- trace and call ingame-functions like attack, cast spell, pick up, moveto, ...
- traverse object lists like items, mobs, players
- read ingame structures (class objects) and how they play together
- write your own fully client-side bot that doesnt need to simulate mouse/keyboard input and doesnt need to read pixels
|
Finding offsets?
12/04/2009 - CO2 Programming - 2 Replies
Btw trying to make an aimbot :P just throwing that out there
EDIT: This is what iv'e found so far,am I on the right track? this is for a v5165 private server that I own,When I was jumping around on one of my chars,around another character of mine that had the proccess on her client,these are the addresses that came up,eventually I got down to the last x and last y address,and every jump they were right,but the question is am I doing this right
Heres what I found:
01175390 - proper x...
|
problem-finding and updating CE Offsets
11/03/2009 - Dekaron - 2 Replies
Hey guys,
Ive checked the 2moons exploit hacks and stuff and i used the tutorial how to find and update the offsets using Cheat engine by using Array of bytes and the Value of the hack..and i get a new address.so far so good.
Now the problem is when i open Cheat engine(the updates file which i got the scripts of the hacks in,Just need to update offsets) and i do edit Script.once i change the Adress i try to save but the file is being saved as a CEA file,and i don't know how to open it.
The...
|
mr argus, finding offsets.
02/14/2008 - Final Fantasy XI - 0 Replies
Well, I have been reading the tutorial on how to find them, and all was going well, until i ran into a snag. After following the instructions about 30 times over and over again, and banging my head into my desk a couple times, I decided I needed help from people who already know how to find them. I have searched all around and cant find any other tutorials except for the single one on how to find ownposition. Is there any chance someone could make a video tutorial on how to get all the offsets?...
|
Finding Memory Offsets in WoW?
07/12/2007 - World of Warcraft - 3 Replies
Hey people,
i make bots, and so far i had some guy finding the offsets for me. how to do? do u know?
|
All times are GMT +1. The time now is 20:33.
|
|
