PWI - Guide for finding chat message offsets - C# code included

[sulivan2011]

edit: all working fine in autoit
mistake was i used char then wchar

[dumbfck]

Hehe you just beat me to it, sulivan. Regarding the message type, you can get that from the chat object too - see my chat object structure in the first post. Alternatively, that number is also embedded in the actual message if you look closely ^^

And I see what you mean now, omarranimado. I guess that might be a decent way to check, although there probably is a more efficient way. It's a while since I messed about with collecting mats and all I had was a pretty simple code injection to pick up a mat if you're standing right next to it.
I didn't dig much further.
Interest's suggestion would be quite clean as it's a single memory read to return an integer value, so you wouldn't have to parse a string or anything.

@Interest07 - Unfortunately I don't have the gold listings structure yet. That button was to retrieve the normal AH listings, which worked quite well. I figured out the packet signature for refreshing the page too, using your packet sender stuff ^^, so it would refresh every 30 secs or so, then read it all. I had planned to store everything in a database and build an alerts system, so when an item you're looking for appears in AH, it would tell you - Or if a silly-priced bargain came up
Would also be a nice way to get average prices for just about every item that goes through the AH.
My offsets are outdated now, but I might take another look at fixing that soon. Let me know if those offsets will be any use to you

Re: graphics stuff - I'm not really that great with it either, I just learn what I need to know, when I need to know it :P
And yes - I get the item images from the dds file. Makes it update proof =]
Only downside is that it's not massively fast. It needs some refinement hehe.

[Interest07]

Yeah, I've done something similar with all the cat shops in west archosaur (throws it into a database that a site reads from to view all the cat shops currently on), so would be quite nice actually to include the ah in there once every 10 mins or so that I'd walk past. Then I could check whether any catshops are buying something that's being sold in the ah for cheap. Gold prices would be real sweet too though, cos I'm too lazy to manually collect the data, but I'd love to analyze it a bit

Speed of your program is overrated with bots (within limits of course), You generally only really need a response time of about 500 ms or so, so as long as it's working, the speed shouldn't matter too much.... I'd prefer pretty pictures lol.

But yeah, I'd be quite interested in the ah offsets, since you have them...

[dumbfck]

Just trying to fix the AH offsets right now. Keep going in circles lol - I remember it was a bytch to find last time. Sadly, My documentation for that process wasn't too great =P. I'll be sure to do a better job this time.

Just had a look at gold listings too. Looks a bit tricky - Thought I'd found a static base pointer, but something seems to change every minute or so. Wondering if they've put some sort of 'protection' on it. Will try again later though ^^

I'll post some code later for the inventory icon fetching stuff

[Interest07]

awesome, good luck with the ah. I had a brief look at it and got totally demotivated Or perhaps I wasn't motivated enough, either way, it was a ****** alright lol

[dumbfck]

Wow that really was a bytch... Got there eventually though, thanks to OllyDbg ^^
Cheat engine just really wasn't cut out for this one - Nothing worse than scanning for a value and getting hundreds of results =P

Ok, with AH open, the base pointer to the sequential list of items is:
[[[[[[[BASE_CALL]+1C]+18]+8]+2BC]+208]+150]

ahItemObjSize = 0x5D0

Code:

struct ahItemObj
{
	*wchar		p_ahRow;		// 0x00	p->String of full line in AH (A bit broken though?)
	char		uk1[0x58];		// 0x04	Unknown
	*wchar		p_fullDescription	// 0x5C	p->Full description text
	uint		dwAuctionId		// 0xB0	Auction ID
	char		uk2[0x4]		// 0xB4	Unknown
	uint		dwCurrentBid		// 0xB8	Current Bid
	uint		dwBuyPrice		// 0xBC	Buy Now price
	char		uk2[0x8]		// 0xC0	Unknown
	uint		dwItemId		// 0xC8	Item ID
	char		uk2[0x504]		// 0xCC	Unknown
}

*EDIT: The string referenced by p_ahRow is a tab separated string of each column on the listing display (unicode tab = 0x0009).
I think it might be GBK encoded too (Chinese 2312 / GB2312 character set I think)

So for example, to get a list of just the IDs of everything in the AH:
Pseudocode:
[code]

Code:

// 15 items per page
for(i = 0 ; i < 15 ; i++)
{
	itemIDs[i] = ReadUnicode([[[[[[[[[BASE_CALL]+1C]+18]+8]+2BC]+208]+150]+ i*5D0 + B0]+0])
}

[dumbfck]

....And the sendPacket signature for updating the AH page:

You can specify the starting offset, which is basically like the page select.
There are 16 tems per page, so a starting offset of 0x10 would be page 2
Current AH page (so you can just refresh current page):
[[[[[[BASE_CALL]+0x1C]+0x18]+0x08]+0x74]+0x278]

Some of the other zeroes in there are to do with the filters etc, but they're not particularly useful

Code:

        private byte[] refreshAhPagePkt = new byte[] 
        { 
            //Header
            0x25, 0x00, 0x1A, 0x00,
            0x00, 0x00, 0x17, 0x00,
            0x00, 0x00, 0x24, 0x03,
            0x00, 0x00,
            0x00, 0x00, 0x00, 0x00,     // Player ID
            0x00, 0x00,
            0x00, 0x00, 0x00, 0x00,     
            0x00, 0x00, 0x00, 0x00,     // Start item offset
            0x00, 0x00, 0x00, 0x01,
            0x14
        };

        public void refreshAhPage()
        {
            //Get size of the packet
            int packetSize = refreshAhPagePkt.Length;

            if (refreshAhPageAddress == 0)
            {
                //load packet in memory
                loadPacket(refreshAhPagePkt, ref refreshAhPageAddress, ref refreshAhPageAddressRev);
            }

            // Get your player ID
            uint _playerId = MemFunctions.resolveNestedPointer(pr_processHandle, elements.baseCall, 0x1C, 0x34, 0x46C, 0);   // v505

            byte[] playerId = BitConverter.GetBytes(_playerId);
            playerId = playerId.Reverse().ToArray();
            MemFunctions.MemWriteBytes(pr_processHandle, refreshAhPageAddress + 14, playerId);

            // Get the current AH page
            uint _currentPage = MemFunctions.resolveNestedPointer(pr_processHandle, elements.baseCall, 0x1C, 0x18, 0x08, 0x74, 0x278, 0);   // v505

            byte[] currentPage = BitConverter.GetBytes(_currentPage);
            currentPage = currentPage.Reverse().ToArray();
            MemFunctions.MemWriteBytes(pr_processHandle, refreshAhPageAddress + 24, currentPage);

            sendPacket(refreshAhPageAddressRev, packetSize);
        }

I'll link this on the sending packets thread too ^^

[Interest07]

Woahh, nice work

*Fires up cheatengine to test it real quick*

Nice packet sender

edit:

+0xC8 is the itemId


Phewww was afraid that would somehow not be in there :P

The gold thing is also some tab delimited pleasure. And also has structures of 0x5D0

Ah found it

unicode tab delimited string for sell item i
= [[[[[[[[[BASE_CALL]+1C]+18]+8]+74]+208]+150]+ i*5D0 ]+0]

same for buy:
= [[[[[[[[[BASE_CALL]+1C]+18]+8]+74]+20C]+150]+ i*5D0 ]+0]

I was half hoping it would be located close to the regular ah Thanks so much for posting that!

[dumbfck]

Ahh thanks - updated =]
Managed to find a static for gold listings then? Hehe

And yeah... The packet sender stuff looks strangely familiar, huh? >_>

[Interest07]

Haha edited in the stuff for gold

I'm glad the packetSender was good enough to use an erm similar structure of code

For the gold I had a hunch it would be samish so after I noticed that it ended in +150 + i * 5D0... I got very happy indeed lol

[dumbfck]

Sweeeet! That was a result, well spotted hehe.
I'll throw some documentation together for finding those offsets - They changed quite drastically in the last two big updates.

[Interest07]

Quote:

Originally Posted by dumbfck

Sweeeet! That was a result, well spotted hehe.
I'll throw some documentation together for finding those offsets - They changed quite drastically in the last two big updates.

That would be helpful indeed for when it changes again

[Interest07]

I seem to be getting a different value for


this

in the packet

I encountered the same value in the packet for updating gold prices. THe value is identical to the one found for ah updating (and different from yours).

From the code it seems that a value of 0 would also be allowed, but I'll have to double check that first I suppose

[Smurfin]

you two talk in english mixed with hex-ish language lol

btw, I'm stuck trying to find [BASE_CHAT_ADDRESS] , I managed to get the static lastChatObject offset for pw server i'm playing on, which is [A60398+c], but in my IdaPro it won't view like yours that's showing : last chat index,chat struct size, and chatbase in boxy asm view, it displayed like below instead.

 Spoiler

Do I really need the Ida Pro to find the chatbase ? isn't it already found using CE earlier which was [[AE9620]+C] (it's [A60398+c] for mine)

[dumbfck]

Quote:

Originally Posted by Smurfin

you two talk in english mixed with hex-ish language lol

Lol! I can speak in binary too - I sound a bit like a dialup modem in real life ^^
"Bedooooop... BNNNNNGGG.... pshhhhhhh..... GLAAAAARRR"
[/nutter]

You're right, it may have been a slightly redundant step in the guide :P
(although it does kinda show the base, last message and struct size info all in one area).
The lastChatOffset should be the baseChatAddress + 0xC
Was that the only address that came up in the IDA search? (refer to pic_3 on first post).
Are you not getting what you would expect from those offsets?

I can't remember off the top of my head how to get IDA in flow chart view...
Just reformatted my computer and having trouble finding my backed-up installer for IDA. Once I re-install, I'll take a look =]

If you succeed in finding them, I'll add the offsets for your server to my first post.