PWI - Guide for SENDING Chat messages [C# and AutoIt examples included]
Discussion on PWI - Guide for SENDING Chat messages [C# and AutoIt examples included] within the PW Hacks, Bots, Cheats, Exploits forum part of the Perfect World category.
im shure next time there lot of bots banned, since with the last update they change some things.
like show ur ip and login time in chat window.
What do login time and your ip have to do with getting banned? They're just so you can see if anybody else accessed your account. So unless you sneakily use somebody else's account to bot on while they sleep, this shouldn't have any effect on botting
hm tought they start looking for multiple accounts logged in or check the login time with this.
i cant await dumfck spam killer, since after the last patch duke spams endless.
even if one got some token of best luck, what happend 99 percent.
dont know who can be so stupid to buy those packs...
2min. logged in, chat full of red spam.
later i made a nirvana run and after some trys, team stop talking in chat.
no one can read anything with this spam.
nice patch...duke spam on mass, pk and fly in secret passage -.-
i cant await dumfck spam killer, since after the last patch duke spams endless.
even if one got some token of best luck, what happend 99 percent.
dont know who can be so stupid to buy those packs...
2min. logged in, chat full of red spam.
later i made a nirvana run and after some trys, team stop talking in chat.
no one can read anything with this spam.
nice patch...duke spam on mass, pk and fly in secret passage -.-
I used the code from dumbfck's other thread on capturing chat messages to look for keywords that trigger a chatterbot's response. The idea is to make a character in faction that responds when people want it to, like the IRC bots from my younger days.
I have it working, but sending responses from the bot has been a royal pain; I've spent hours reading about how keyboard input works at the low level in Win32 so that I could simulate keystrokes in the PWI window. Now I found this thread.
The chat bot that I'm using is a .NET DLL called . AIML is an XML markup language that describes "knowledge" that the bot will use when making responses. You can read all about AIML and the "ALICE" AI project .
Here's an example of a simple AIMLbot interface for the command line, written in C#. It took very few modifications to incorporate this into your chat text grabber program and turn my PWI character into a chatterbot.
Code:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using AIMLbot;
namespace ChatterBot
{
class Program
{
static void Main(string[] args)
{
// Create the AIML bot and load its default settings
Bot bot = new Bot();
bot.loadSettings();
// Create a default "user" that will talk to the bot, and load all of the
// AIML files in
User user = new User("consoleUser", bot);
bot.isAcceptingUserInput = false;
bot.loadAIMLFromFiles();
bot.isAcceptingUserInput = true;
// Loop until the user types "quit". To interact with the bot, prefix
// questions or statements with "nc".
while (true)
{
Console.WriteLine();
Console.Write("> ");
string input = Console.ReadLine();
if (input.ToUpper().StartsWith("NC"))
{
Request r = new Request(input.Substring(3), user, bot);
Result res = bot.Chat(r);
Console.WriteLine(res.Output);
}
else if (input.ToUpper().Trim() == "QUIT")
{
break;
}
}
}
}
}
That looks pretty cool... I remember reading quite a lot about ALICE a few years back when I was interested in making phpBB forum modifications - I didn't realise there was a nice .dll available for it now! May have to check that out at some point, thanks for the info
As for sending messages, I had started looking at updating this at the end of last week but I've had a really busy long weekend so not had time to work on it. I think I've found the necessary client functions but I didn't get around to updating the injector functions. Should be ready soon though =]
Awesome, thanks! I'm taking a quick stab at implementing the code Interest07 shared with us on the other thread. I'll try to port that into your demo app and share it here too, so people can see both methods in the C# project.
One thing I never got around to checking last time because I wasn't familiar with the technique... I'm hoping that this call can be somehow derived from one of the function pointers in the chatbox's vTable (not sure if that's even the correct term, but that's what I'm gonna call it lol) in a similar way that the setChatText is. E.g., the setChatText() address can simply be found at [[[chatBoxBase]+0]+0x44]
I don't think the sendChat() function is directly referenced in that table, but I suspect that there's something else there that calls it
Turns out it is in there in a very roundabout sort of way lol...
Ok, we know there's a vTable at [[chatClassPtr]+0x0]
The second entry in that table, i.e., [[[chatClassPtr]+0x0]+0x04] is a pointer to a function which returns a value which helps us to find the sendChat() function address. Lets call this 'chatClassGetSendChatAddrFuncPtr' for simplicity hehe.
So, we make an injected call to the chatClassGetSendChatAddrFunc that we got from the vTable and it returns a static address (in the current PWI version, it's 0x954588 - which oddly is just a few words lower than the actual vTable). Lets call this someWeirdNumber.
Now, we simply read:
[[[[someWeirdNumber] + 0x4] + 0x18 + 0x8]
And voila! We get the sendChat function pointer.
I wrote that last part as 0x18 + 0x8 rather than simply + 0x20 because that's how it actually does it in the client, so it would make sense if you were tracing the code through
To be honest, I'm not sure if this is going to be any more or less reliable than searching for the function call address using regexes in the event of an update.
It's always good to have options though
Oh... and a little demo
Code:
#include <NomadMemory.au3>
Global $kernel32 = DllOpen('kernel32.dll')
Global $pid = ProcessExists('elementclient.exe')
Global $ph = _MemoryOpen($pid)
Global $baseCall = 0x00A521C0
Global $chatClassVtableList[8] = [0, 0x1C, 0x18, 0x8, 0xC4, 0x20, 0x0, 0x0]
Global $chatClassGetSendChatAddrFuncPtrList[9] = [0, 0x1C, 0x18, 0x8, 0xC4, 0x20, 0x0, 0x4, 0x0]
Global $chatClassVtable = _MemoryPointerRead($baseCall, $ph, $chatClassVtableList)
Global $chatClassGetSendChatAddrFuncPtr = _MemoryPointerRead($baseCall, $ph, $chatClassGetSendChatAddrFuncPtrList)
ConsoleWrite('Chat class vTable pointer: ' & Hex($chatClassVtable[0]) & @CRLF)
ConsoleWrite('Get sendChatCallAddress func pointer: ' & Hex($chatClassGetSendChatAddrFuncPtr[0]) & @CRLF)
Global $someWeirdNumberPtr = getSendChatFuncAddr($chatClassGetSendChatAddrFuncPtr[0])
if $someWeirdNumberPtr <> 0 Then
Global $sendChatCall = _MemoryRead(_MemoryRead(_MemoryRead($someWeirdNumberPtr, $ph) + 0x4, $ph) + 0x18 + 0x8, $ph)
ConsoleWrite('sendChat() function address: ' & Hex($sendChatCall) & @CRLF)
EndIf
DllClose($kernel32)
Global $returnPtr
Func getSendChatFuncAddr($funcAddr)
; Declare local variables
Local $pRemoteThread, $vBuffer, $loop, $result, $OPcode, $processHandle, $packetAddress
; Open process for given processId
$processHandle = memopen($pid)
; Allocate memory for the OpCode and retrieve address for this
$functionAddress = DllCall($kernel32, 'int', 'VirtualAllocEx', 'int', $processHandle, 'ptr', 0, 'int', 0x46, 'int', 0x1000, 'int', 0x40)
; Allocate space for the return value
$returnPtr = DllCall($kernel32, 'int', 'VirtualAllocEx', 'int', $processHandle, 'ptr', 0, 'int', 0x4, 'int', 0x1000, 'int', 0x40)
;Construct the OpCode for calling the function that returns the sendChat() function pointer
$OPcode &= '60' ;PUSHAD
$OPcode &= 'B8'&_hex($funcAddr) ;MOV EAX, funcCall (address of function which returns sendChat() address
$OPcode &= 'FFD0' ;CALL EAX
$OPcode &= 'A3'&_hex($returnPtr[0]) ;MOV [returnPtr], EAX
$OPcode &= '61' ;POPAD
$OPcode &= 'C3' ;RETN
;Put the OpCode into a struct for later memory writing
$vBuffer = DllStructCreate('byte[' & StringLen($OPcode) / 2 & ']')
For $loop = 1 To DllStructGetSize($vBuffer)
DllStructSetData($vBuffer, 1, Dec(StringMid($OPcode, ($loop - 1) * 2 + 1, 2)), $loop)
Next
;Write the OpCode to previously allocated memory
DllCall($kernel32, 'int', 'WriteProcessMemory', 'int', $processHandle, 'int', $functionAddress[0], 'int', DllStructGetPtr($vBuffer), 'int', DllStructGetSize($vBuffer), 'int', 0)
;Create a remote thread in order to run the OpCode
$hRemoteThread = DllCall($kernel32, 'int', 'CreateRemoteThread', 'int', $processHandle, 'int', 0, 'int', 0, 'int', $functionAddress[0], 'ptr', 0, 'int', 0, 'int', 0)
;Wait for the remote thread to finish
Do
$result = DllCall('kernel32.dll', 'int', 'WaitForSingleObject', 'int', $hRemoteThread[0], 'int', 50)
Until $result[0] <> 258
;Close the handle to the previously created remote thread
DllCall($kernel32, 'int', 'CloseHandle', 'int', $hRemoteThread[0])
;Free the previously allocated memory
DllCall($kernel32, 'ptr', 'VirtualFreeEx', 'hwnd', $processHandle, 'int', $functionAddress[0], 'int', 0, 'int', 0x8000)
;Close the Process
memclose($processHandle)
Return $returnPtr[0]
EndFunc
Func memopen($pid)
Local $mid = DllCall($kernel32, 'int', 'OpenProcess', 'int', 0x1F0FFF, 'int', 1, 'int', $pid)
Return $mid[0]
EndFunc
Func memclose($mid)
DllCall($kernel32, 'int', 'CloseHandle', 'int', $mid)
EndFunc
Func _hex($Value, $size=8)
Local $tmp1, $tmp2, $i
$tmp1 = StringRight("000000000" & Hex($Value),$size)
For $i = 0 To StringLen($tmp1) / 2 - 1
$tmp2 = $tmp2 & StringMid($tmp1, StringLen($tmp1) - 1 - 2 * $i, 2)
Next
Return $tmp2
EndFunc
Func _Quit()
Exit
EndFunc
I've attached the solution for the chat bot I created for my PWI faction. I changed some of the code around a bit to make it easier for me to work with.
Thank you guys so much for the great work and code tips! It's really cool that the whole thing actually works.
Sounds pretty cool, thanks for sharing
However... It might just be that I'm a 'tard, but when I extract your package, the directory structure seems ok but all the files are 0 bytes
Tried three different extraction utilities... WinZip, TUGzip and PeaZip.
How weird. I used 7-Zip, but I think it had PPMd selected as the compression algorithm so maybe the other ZIP utilities don't know what to do with PPMd?
is free and has become my favorite. I'll re-upload using a different ZIP program though so nobody else has that problem.
Cool, that one worked, thanks
Some interesting looking code in there - And very neatly coded too hehe... Much tidier than mine lol.
I like the idea of TW signup reminders and faction trial reminders, that's pretty sweet.
So, in general operation, what does it do? Does it answer questions in faction chat and stuff? If so, is there a limit to the frequency at which this happens?
I am very intrigued by this, but not sure how my faction would receive it lol (Especially as I barely log in so I don't know who half of them are xD).
This has excellent potential for making bots seem a bit more human too. Not that I particularly like bots though lol.
Either way, very nice work sir and thanks for sharing it
P.S: For anyone else who downloads this, your AV might trigger a false positive that there's a virus in there. This is due to the CreateRemoteThread / Read/WriteProcessMemory calls - There is no virus here.
PWI - Guide for finding chat message offsets - C# code included 03/23/2013 - PW Hacks, Bots, Cheats, Exploits - 179 Replies I've been lurking here for a while, so I figured it's time I contributed. I've seen several requests for this around this forum, including from the Prophets, so here goes; my guide to finding and traversing chat messages / objects in PWI.
Load up PWI from fresh (don't just relog, physically start a new client because the last chat index isn't reset by a relog)
Open CE before actually logging your character in and attach it to the process. Set up a scan ready to do a search for a 4 byte...
[EMU] Colorfull chat messages 03/23/2009 - WoW PServer Exploits, Hacks & Tools - 46 Replies I took this idea from some thread here.
With this macro you can write messages in all colors you want.
/run if(not scm) then scm = SendChatMessage; end; function SendChatMessage(msg,type,lang,chan) scm("\124cffxxxxxx\124Hitem:19:0:0:0:0:0:0:\1 24h" ..msg.. "\124h\124r",type,lang,chan);end;
on the red xxxxxx (only 6 letters code) you need to enter your color code like thoese:
09ffff Cyan color
fcff00 Yellow color
Garble your chat messages! 10/04/2007 - WoW Exploits, Hacks, Tools & Macros - 8 Replies I remember seeing a post about how to make chat "look funny" on here a while ago, but it wasn't described well and was hard or impossible to reproduce.
I just found that any undisplayed ASCII character now turns into a "?" and gets displayed over top of the character following it (I think this is a new "feature" of the 2.2 patch). Here's what that looks like in chat:
http://img220.imageshack.us/img220/365/garbledcha ttj6.png
Garbled Text Macro: