Pointer collection

Smurfin · 09/22/2009, 00:06

is there any offset for which pet slot is currently summoned, and also pet's max hp offset ?

with both active pet slot offset and pet's max hp offset we can simply leave pet autoheal ON or OFF without being bothered setting them manually everytime we summon a pet from any slot, and autoheal will be triggered based on pet's hp percentage.

leovn · 11/16/2009, 02:31

CharBaseAdd = BaseAdd + 0x1C + 0x20
PetBaseAdd = CharBaseAdd + OffsetPetArray (0xDF4 ... it's mine v.102)
PetOrder (Pet Slot) = PetBaseAdd + 0x8 (UINT_MAX if don't have pet called)

PetAdd = PetBaseAdd + 0x10 + i*4 ( "i" should be PetOrder)

PetLoyalty = PetAdd + 0x4
PetHunger = PetAdd + 0x8
PetLevel = PetAdd + 0x20
PetExp = PetAdd + 0x28
PetCurrentHP = PetAdd + 0x38
PetHPRate = PetAdd + 0x1c (Pet don't have maxHP, so u should use this to calculate maxHP)
PetName = PetAdd + 0x34 (Unicode)

d33cktr4zy · 12/03/2009, 12:18

Quote:

Originally Posted by Megamorph

hey,

i also figured out some stuff, which is maybe usefull:

1) walk to a mop/attack the mop:
[[Base Adress]+0x20]+0xA54
- insert mop-id here and do normal attack
- calculate the distance with help of the 3D vectors of char and mop to trigger spells and melee attacks in the right distance

2) walk to and forage mines/ressources/herbs:
[[[[[[Base Adress]+0x20]+0xBFC]0x30]+0x8]+0x20] (kind of "move to" id offset)
- freeze that to ur ressource ID (can be found here: [[[[[[[Base Adress]+0x8]+0x28]0x18]+i*0x4]0x4]0x10C])
- insert random (but valid) mop-id here [[Base Adress]+0x20]+0xA54
- do normal attack
--> char will go to mine/herb and forage it automatically

3) walk to item and pickup:
[[[[[[Base Adress]+0x20]+0xBFC]0x30]+0x8]+0x20] (kind of "move to" id offset)
- freeze that to ur item ID (can be found here: [[[[[[Base Adress]+0x8]+0x24]0x50]+i*0x4]+0x11C])
- insert random (but valid) mop-id here [[Base Adress]+0x20]+0xA54
- do normal attack
--> char will go to item (keep checking distance)
- do pick up
--> char will pick up the item

4) how to do "do normal attack" and "do pick up":
- put the actions to the skill bars (1-6,F1-F8)
- use PostMessage/SendMessage to activate it
example:
PostMessage(hWindow, WM_KEYDOWN, VK_F5, 1);
PostMessage(hWindow, WM_KEYDOWN, Ord('5'), 1);
notice:
dont use other functions unlike u want to loose the possibility to minimize the game

5) set 0x0 to the so called "move to" id offset to let the char stop

6) with the same method u can walk to every objekt (NPC,Player,Ressource,Item,Mop)
just check the distance and stop early enough (to not attack a player for example)
maybe "do default attack" also works for start talking with npc's, but haven't tested that until now

For me it would be very interesting to know how u can insert such a "unfreeze" feature like the Revo Bot coder did. I researched on it but found no suitable way. A possibility would be to inject a dll into the game, hook the WinAPI call which gives pw the information (not) being in focus and return wrong values (always in focus). But i dont want to use that method, cuz i want to stay fully extern. RevoBut just uses DLL injection to get the D3D shit work (especially the menu).

thx in advance
Megamorph

Quote:

Originally Posted by vuduy

That means the pointer [[[base] + 0x20] + 0xc70] is the action structure.

From here, it becomes easy.
0x8 = current active mode flag (1 = on, 0 = off)
0xc = current active mode copy (used by the game to indicate start/stop of an action)
0x14 = current active mode (found by Megamorph)
0x18 = current active mode flag (1 is for on, 0 is for off)
0x30 = action mode types (all the action pointers are under here)
Here's a list of them:
[0x30] + 0x0 = idle mode (when doing nothing)
[0x30] + 0x4 = normal movement mode
[0x30] + 0x8 = queue skill mode
[0x30] + 0xc = normal attack mode (you still need to lock target first before using this)
[0x30] + 0x10 = current executing skill mode
[0x30] + 0x1c = follow mode

Note each action mode pointer is an actual structure to the action. Play around with the offsets to find the parameters of those action modes. An example for queue skill mode is:

0x8 = done flag
0x20 = target id
0x38 = type (usually the same number but might be different for a specific skill)
0x4c = skill error (must set this to 0)
0x50 = skill address (you must find the skill list and use the address of each skill in here)

Another example for normal movement mode:
0x8 = done flag (bool)
0x20 = X (float)
0x24 = Z (float)
0x28 = Y (float)
0x2c = type (int) (movement by mouse click = one type, movement by WASD is another type)

So let's say you want to move your character to coordinate (1,2,3) then you would do:

1. Write int 0 to done flag: [[[[[base] + 0x20] + 0xc70] + 0x30] + 0x4] + 0x8
2. Write float value 1 to X: [[[[[base] + 0x20] + 0xc70] + 0x30] + 0x4] + 0x20
3. Write float value 2 to Y: [[[[[base] + 0x20] + 0xc70] + 0x30] + 0x4] + 0x28
4. Write float value 3 to Z: [[[[[base] + 0x20] + 0xc70] + 0x30] + 0x4] + 0x24
5. Write int 0 to type: [[[[[base] + 0x20] + 0xc70] + 0x30] + 0x4] + 0x2c
6. Write int 1 to current action mode flag: [[[base] + 0x20] + 0xc70] + 0x8
7. Read normal movement mode pointer to: value = [[[[base] + 0x20] + 0xc70] + 0x30] + 0x4
8. Write value above to current action mode: [[[base] + 0x20] + 0xc70] + 0x14
9. Write same value to current action mode copy: [[[base] + 0x20] + 0xc70] + 0x8

And watch it moves.

Does the server have some kind of ack packet? COz i've been trying to make a farming bot (or whatever it is called) that pools resource only and select that resource then mine the resouce by its id.

now, pooling resource is done, mining the resource is also done....but only at the first attemp.

I put the pointers for moving and change the code to attack state value, it walks to the res. even comparing when the mining completed. but then it stopped, it won't move anymore, even if i put the resource id to the move to id. change the current action to the attack, also the current action copy address. and change the cur action flag to 1 also done flag to zero.

what did i do wrong? or perhaps i need to make loops for it? i don't know how to make loop.

dwar · 12/06/2009, 11:50

d33cktr4zy
Why you try to do some action by using “attack” pointer? There are lot of interesting structures in the game and one of them is “Action array”, where all actions pointer (attack, follow, dig, rest etc) are stored. I don't know the base address and offsets for other servers, but for Russian “Action array” can be found here: [BA] + $1C + $20 + $C10 + $30.
And just look at this post in Russian thread:

There is xls document in attachment where described some base game structures (most of the comments in English), it will help you in further investigation

P.S. do you mind if I give a little advice? Most efficient way for doing any actions is a code injections… Yes, it seems that a “game” with pointers in memory for example for moving, is simple, but it’s not so.

d33cktr4zy · 12/06/2009, 20:53

Quote:

Originally Posted by dwar

d33cktr4zy
Why you try to do some action by using “attack” pointer? There are lot of interesting structures in the game and one of them is “Action array”, where all actions pointer (attack, follow, dig, rest etc) are stored. I don't know the base address and offsets for other servers, but for Russian “Action array” can be found here: [BA] + $1C + $20 + $C10 + $30.
And just look at this post in Russian thread:

There is xls document in attachment where described some base game structures (most of the comments in English), it will help you in further investigation

P.S. do you mind if I give a little advice? Most efficient way for doing any actions is a code injections… Yes, it seems that a “game” with pointers in memory for example for moving, is simple, but it’s not so.

OMG..thanks alot for the enlightment, dwar.

the xls is in russian tho, but i've managed to translate it a bit.

mmm...when you mention code injections do you mean by dll? sorry if its a very lame question. i'm still learning, and still alot to learn. perhaps can you point me on other russian's thread that discuss this? i might have to translate it, but it should be worth the while.

----edit----
correct me if i'm wrong, please. (preety much sure i'm wrong ... :P)
if i used code injection in building the bot, then i need to modify the elementclient.exe to provide the code cave? that way, i cannot make it universal. coz i want to make it available to be used with any server. ::devil:: just like the flexibility zcpwbot has since it uses ini files.

toxic6666 · 12/06/2009, 23:33

if anyone is interested in a tut on how to find and call ingame functions like "MoveTo","CastSpell", "SetTarget", "Pickup", "Gather", "Attack", "Jump", and so on, i could look for something i wrote a few months ago for myself before i quit this game and make a small tut from it. you could either further analyze these functions to get more details about the action objects or just call these functions to be on the safe side and just be happy. i think i also wrote about how to traverse mob,npc,player,item,inventory and pet lists. if not, i could probably include a .cpp file with some offsets, constants, structure- and function types and function calls that i used in my bot back in these days, although all the offsets and probably also the structures will be outdated, but it probably wouldnt be a big deal to update everything. that file includes virtually anything you need for a full bot and uses only function calls and mem reading.

dwar · 12/07/2009, 02:39

d33cktr4zy
Code injections in most cases don’t require modifying the program and provide with ample opportunity. Some information can be found in

1.

2. And working algorithm for mob selection in Delphi:

Also, for investigation and understanding and peeking how it works

, we have collected a huge amount of useful information from Chinese/Vietnamese forums (full source of bots etc.). Here the archive with cn/vn bots and one source:

toxic6666
It will be interesting to have a look on some functions, e.g. jumping

because I get stuck on it (my char “jump” without position changing), and of course for every one who has begun in code injections small tut will be helpful

d33cktr4zy · 12/07/2009, 04:58

dwar
i read about the cn bots in the rus thread. thanks alot on supplying the files. i'll try to analyize it, yet. anyway, the xls file is very accurate, again, thanks alot, pal.

toxic6666
please do. me and alot others must be very thankful if you can make a thread containing tutorials on code injection from the beginning.

and perhaps take a look at .cpp file can give us some inner view on how the game work and how to make another function to do other stuffs. that is if you are generous enough... [small letters] and i believe you are...

[/small letters]

yes i do realize memory manipulation can't get me anywhere else besides macro. so a tut for a basic code injection must be very useful. perhaps even doing dll injection. the concepts, the steps, and how to inject it, perhaps?

toxic6666 · 12/07/2009, 16:55

i never used code injection, i always use "silent" dll injection because it has so many advantages. it would be more a tutorial on how to find ingame stuff like function addresses via debugging/disassembling and how to call them (from within an injected dll). if your still interested, let me know

dwar · 12/08/2009, 00:53

toxic6666
It will be wonderful to read such tut!

~~omarranimado~~ · 01/10/2011, 22:38

Quote:

Originally Posted by Megamorph

hey,

i also figured out some stuff, which is maybe usefull:

2) walk to and forage mines/ressources/herbs:
[[[[[[Base Adress]+0x20]+0xBFC]0x30]+0x8]+0x20] (kind of "move to" id offset)
- freeze that to ur ressource ID (can be found here: [[[[[[[Base Adress]+0x8]+0x28]0x18]+i*0x4]0x4]0x10C])
- insert random (but valid) mop-id here [[Base Adress]+0x20]+0xA54
- do normal attack
--> char will go to mine/herb and forage it automatically

any one got this working in autoit and like to share a small sample ?
i use wasd moving to move to mats xy cords, but this seams the better solution.
but cant get it working

Sᴡoosh · 01/10/2011, 22:58

Use action struct. Current offset for PWI would be 0xFF4.

PW-Prophets · 01/10/2011, 23:05

Quote:

Originally Posted by omarranimado

any one got this working in autoit and like to share a small sample ?
i use wasd moving to move to mats xy cords, but this seams the better solution.
but cant get it working

Prophet Bot Unleashed has this function in autoit but will not be open source till about febuary. You can get a copey of the pre-release at

if you sign up for a premium mebership wich is $10 for one year but I am pretty sure you want to code this yourself and if that is the case someone here might be able to help you. If not just keep an eye out the first week of febuary for the open source release of Prophet Bot Unleashed.

Interest07 · 01/11/2011, 08:24

Quote:

Originally Posted by omarranimado

any one got this working in autoit and like to share a small sample ?
i use wasd moving to move to mats xy cords, but this seams the better solution.
but cant get it working

try this post :P

~~omarranimado~~ · 01/13/2011, 03:28

Quote:

Originally Posted by PW-Prophets

Prophet Bot Unleashed has this function in autoit but will not be open source till about febuary. You can get a copey of the pre-release at if you sign up for a premium mebership wich is $10 for one year but I am pretty sure you want to code this yourself and if that is the case someone here might be able to help you. If not just keep an eye out the first week of febuary for the open source release of Prophet Bot Unleashed.

thx for the reply

yes i like to code it my own and understand how it works.
my bot works fine using wasd moving and theres no reason to use the other code, then that i like to make the bot better.

i also wrote the author, will see if he reply me.

the fun is...i dont use my bot, had fun coding it, watching some times he run hours and hours farming tons of mats...and then get boring.
coding makes more fun, then let the bot run