|
You last visited: Today at 09:02
Advertisement
Pointer collection
Discussion on Pointer collection within the PW Hacks, Bots, Cheats, Exploits forum part of the Perfect World category.
04/25/2009, 10:54
|
#316
|
elite*gold: 0 
Join Date: Mar 2008
Posts: 109
Received Thanks: 64
|
I already gave you a solution to use AttachThreadInput() and SetFocus(), try it and it will work.
|
|
|
|
04/25/2009, 12:57
|
#317
|
elite*gold: 0
Join Date: Nov 2007
Posts: 160
Received Thanks: 28
|
Sending keys is a working solution, but it's far more interesting to do all things through memory writes.
Just look at [[[[Base Adress]+0x20]+0xBF4]+0x14] (for PW-INT and PW-RU).
You'll see that this is a key for all major actions in game - moving, attacking, use skills, ets...
Let us do some research in this way.
|
|
|
|
|
04/25/2009, 16:13
|
#318
|
elite*gold: 0
Join Date: Aug 2008
Posts: 61
Received Thanks: 31
|
procedure TForm1.Timer1Timer(Sender: TObject);
var
vHwnd: DWORD;
rect: TRect;
vPos: TPoint;
vX, vY : Word;
begin
vHwnd := FindWindow(nil, 'Element Client');
if vHwnd <> 0 then
begin
GetWindowRect(vHwnd, rect);
vX := Random(rect.Right - 100);
GetCursorPos(vPos);
vY := vPos.Y;
PostMessage (vHwnd, WM_RBUTTONDOWN, MK_RBUTTON, MAKELONG(vX, vY));
vX := Random(rect.Right - 100);
vY := vPos.Y;
PostMessage (vHwnd, WM_MOUSEMOVE, 0, MAKELONG(vX, vY));
end;
end;
try this code..
|
|
|
|
|
04/25/2009, 18:29
|
#319
|
elite*gold: 0
Join Date: Feb 2009
Posts: 46
Received Thanks: 30
|
Well...
@vuduy:
I rly tried different possibilities, chat was working but couldn't figure out how to emulate W,S,A,D,Z,Space to move. (I also tried AttachThreadInput, SetFocus, Post/SendMessage).
@BuBucekTop:
This offset holds 8 all the time, also after restart. The values around it doesn't seem to have a linking with the inputs or actions like moving, too.
@xindobnix:
Thx but i already got that. Only problem here is that u never know where u click. It's simply not very clean / accurat to walk in this way (and also not possible in some situations).
At the moment im reversing the way how the game processes the inputs and return values from GetKeyState. Maybe i'll find a way how to move with patching or code injection.
|
|
|
|
|
04/26/2009, 01:17
|
#320
|
elite*gold: 0
Join Date: Apr 2008
Posts: 35
Received Thanks: 3
|
Does anyone have the PW INT updated pointers? Or how can I find them? I really just want the cultivation pointer.
|
|
|
|
|
04/26/2009, 05:48
|
#321
|
elite*gold: 0
Join Date: Dec 2008
Posts: 2
Received Thanks: 0
|
yah ur right rank 8 item is the best for me
cuz im a YU-MANG /archer eheheheheh
|
|
|
|
|
04/26/2009, 10:41
|
#322
|
elite*gold: 0
Join Date: Feb 2009
Posts: 46
Received Thanks: 30
|
[[Base Adress]+0x20]+0x460 --> iCultivation (PWI)
|
|
|
|
|
04/26/2009, 17:38
|
#323
|
elite*gold: 0
Join Date: Jul 2008
Posts: 8
Received Thanks: 1
|
Yep! With injected opcode , u can creat "autorun" func that allow u to keep follow a player ( Priest Tool ), for example, or else "move to mob" after being killed to pick up.... Its really useful for any idea
|
|
|
|
|
04/26/2009, 17:45
|
#324
|
elite*gold: 0
Join Date: Jul 2008
Posts: 8
Received Thanks: 1
|
Quote:
Func AutoRun($x, $y, $z)
;-------------------------------------
Local $result, $process, $code_add, $thread, $param_add
Local $Param = DllStructCreate("float [3]")
DllStructSetData($Param, 1, $x, 1)
DllStructSetData($Param, 1, $z, 2)
DllStructSetData($Param, 1, $y, 3)
$result = DllCall("Kernel32.Dll", "int", "OpenProcess", "int", 0x1F0FFF , "int", 0, "int", $pid)
$process = $result[0]
$result = DllCall("Kernel32.dll", "ptr", "VirtualAllocEx", "int", $process, "ptr", 0, "int", DllStructGetSize($Param), "int", 0x1000, "int", 0x40)
$param_add = $result[0]
$result = DllCall ("kernel32.dll", "int", "WriteProcessMemory", "int", $process, "ptr", $param_add, "ptr", DllStructGetPtr($Param), "int", DllStructGetSize($Param),"int", 0)
; ----------- kiem tra fly --------------------
Local $fly = 0
Local $a = _MemoryRead(0x0092C2F4, $MEMID)
$a = _MemoryRead($a + 0x1C, $MEMID)
$a = _MemoryRead($a + 0x20, $MEMID)
$a = _MemoryRead($a + 0x5EC, $MEMID)
If $a = 2 or $a = 1 Then; ( fly or swim)
$fly = 1
EndIf
;------------ code RUN --------------------
$OPcode = ""
pushad()
mov_edx(0x0092C2F4)
mov_ecx_dword_ptr_edx()
mov_edx_dword_ptr_ecx_add(0x1C)
$OPcode &= "8B7220"
mov_ecx_dword_ptr_esi_add(0xBCC)
mov_eax_dword_ptr_esi_add(0x5EC)
push(1)
mov_edx(0x45DD10)
call_edx()
mov_edi_eax()
push($param_add)
push($fly)
mov_ecx_edi()
mov_edx(0x461790)
call_edx()
push(0)
push(1)
push_edi()
push(1)
mov_ecx_dword_ptr_esi_add(0xBCC)
mov_edx(0x45E110)
call_edx()
popad()
ret()
;--------------------------------
Local $data = DllStructCreate("byte[" & StringLen($OPcode) / 2 & "]")
For $i = 1 To DllStructGetSize($data)
DllStructSetData($data, 1, Dec(StringMid($OPcode, ($i-1) * 2 + 1, 2)), $i)
Next
$result = DllCall("Kernel32.dll", "ptr", "VirtualAllocEx", "int", $process, "ptr", 0, "int", DllStructGetSize($data), "int", 0x1000, "int", 0x40)
$code_add = $result[0]
$result = DllCall ("kernel32.dll", "int", "WriteProcessMemory", "int", $process, "ptr", $code_add, "ptr", DllStructGetPtr($data), "int", DllStructGetSize($data),"int", 0)
$result = DllCall("kernel32.dll", "int", "CreateRemoteThread", "int", $process, "ptr", 0, "int", 0, "int", $code_add, "ptr", $param_add, "int", 0, "int", 0)
$thread = $result[0]
Do
$result = DllCall("kernel32.dll", "int", "WaitForSingleObject", "int", $thread, "int", 50)
Until $result[0] <> 0x102
DllCall("Kernel32.dll", "int", "CloseHandle", "int", $thread)
$result = DllCall("Kernel32.dll", "ptr", "VirtualFreeEx", "hwnd", $process, "ptr", DllStructGetPtr($data), "int", DllStructGetSize($data), "int", 0x8000)
$result = DllCall("Kernel32.dll", "ptr", "VirtualFreeEx", "hwnd", $process, "ptr", DllStructGetPtr($Param), "int", DllStructGetSize($Param), "int", 0x8000)
DllCall("Kernel32.dll", "int", "CloseHandle", "int", $process)
EndFunc
|
Search ur opcode for ur version.
|
|
|
|
|
04/27/2009, 11:34
|
#325
|
elite*gold: 0
Join Date: Nov 2007
Posts: 160
Received Thanks: 28
|
chenhuaishan,
well it looks interesting, but kinda complicated. Can your explain more details or give some links to read on code caves and how did you discovered all these things in PW ?
|
|
|
|
|
04/28/2009, 07:23
|
#326
|
elite*gold: 0
Join Date: Dec 2008
Posts: 29
Received Thanks: 54
|
Quote:
Originally Posted by BuBucekTop
chenhuaishan,
well it looks interesting, but kinda complicated. Can your explain more details or give some links to read on code caves and how did you discovered all these things in PW ?
|
Go here:
|
|
|
|
|
04/29/2009, 17:41
|
#327
|
elite*gold: 0
Join Date: Mar 2007
Posts: 26
Received Thanks: 38
|
hi.
i'm just curious, does anybody know how to meditate and how to send pet commands like attack, follow, stop on PWI?
|
|
|
|
|
05/05/2009, 12:53
|
#328
|
elite*gold: 0
Join Date: Nov 2007
Posts: 160
Received Thanks: 28
|
chenhuaishan, plz attach here your elementclient.exe for which your injections work...
|
|
|
|
|
05/13/2009, 15:18
|
#329
|
elite*gold: 0
Join Date: Jan 2009
Posts: 16
Received Thanks: 12
|
Hi
Nomad write very useful functions to read/write code to memory.
Read and iniectjon is very simple
example:
Pointers correct to PW MS
Include Nomad
Code:
#include <NomadMemory.au3>
get handle PW window
Code:
; aba = yours server base address in decimal !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Global $APP_BASE_ADDRESS = "0x" & Hex('aba')
Global $APP_TITLE = "Element Client"
Global $PROCESS_ID = WinGetProcess($APP_TITLE)
Global $PROCESS_INFORMATION = [COLOR="Red"]_MemoryOpen[/COLOR]($PROCESS_ID)
If @error Then
MsgBox(0, "Perfect World", "Run PW game first")
Exit
EndIf
call function
Code:
$XYZ = GETPLAYERPOSITION()
Beep(1500,100)
MsgBox(262144,'Debug line ~' & @ScriptLineNumber,'Selection:' & @lf & '$X | $Y | $Z' & @lf & @lf & 'Return:' & @lf & $XYZ) ;### Debug MSGBOX
and function here 
Code:
Func GETPLAYERPOSITION()
Local $RESULT, $MEMPOINTER[3], $X, $Y, $Z
$MEMPOINTER[1] = Dec("20")
$MEMPOINTER[2] = Dec("3C")
$RESULT = [COLOR="Red"]_MemoryPointerRead[/COLOR]($APP_BASE_ADDRESS, $PROCESS_INFORMATION, $MEMPOINTER, "float")
If @error Then Return @error
$X = StringFormat("%.2f", (4000 + $RESULT[1]) / 10)
$MEMPOINTER[2] = Dec("40")
$RESULT = [COLOR="Red"]_MemoryPointerRead[/COLOR]($APP_BASE_ADDRESS, $PROCESS_INFORMATION, $MEMPOINTER, "float")
If @error Then Return @error
$Z = StringFormat("%.2f", $RESULT[1] / 10)
$MEMPOINTER[2] = Dec("44")
$RESULT = [COLOR="Red"]_MemoryPointerRead[/COLOR]($APP_BASE_ADDRESS, $PROCESS_INFORMATION, $MEMPOINTER, "float")
If @error Then Return @error
$Y = StringFormat("%.2f", (5500 + $RESULT[1]) / 10)
Return $X & "|" & $Y & "|" & $Z
EndFunc
other ex MOB_ID = [BASE ADDRESS]+8+24+18+(index*4)+4+11C
Code:
Func GET_MOBID($I)
Local $MEMPOINTER[7],$RESULT
$MEMPOINTER[1] = Dec("8")
$MEMPOINTER[2] = Dec("24")
$MEMPOINTER[3] = Dec("18")
$MEMPOINTER[4] = $I * 4
$MEMPOINTER[5] = Dec("4")
$MEMPOINTER[6] = Dec("11C")
$RESULT = [COLOR="Red"]_MemoryPointerRead[/COLOR]($APP_BASE_ADDRESS, $PROCESS_INFORMATION, $MEMPOINTER)
If @error Then Return @error
Return $RESULT[1]
EndFunc
Code iniectjon
select mob [BASE ADDRESS]+20+A4C:
Code:
Func MobSelect()
Local $MEMPOINTER[3],$MobID
$MobID = "0x" & Hex(GET_MOBID($I))
$MEMPOINTER[1] = Dec("20")
$MEMPOINTER[2] = Dec("A4C")
[COLOR="Red"]_MemoryPointerWrite[/COLOR]($APP_BASE_ADDRESS, $PROCESS_INFORMATION, $MEMPOINTER, $MobID)
EndFunction
@chenhuaishan - you can translate your function AutoRun to use Nomad library?
Probably will write a much simpler and clearer ^^
|
|
|
|
|
05/14/2009, 19:46
|
#330
|
elite*gold: 0
Join Date: Oct 2008
Posts: 1,243
Received Thanks: 670
|
@zbychos : what will happen if we use _MemoryOpen and we never close it ?
i'm also wondering why in the application i made using autoit, my total handles in Windows Task Manager [Ctrl-alt-del then select 'performance' tab] always increase when it's running.
|
|
|
|
 |
|
Similar Threads
|
collection wod
03/08/2011 - RFO Hacks, Bots, Cheats, Exploits & Guides - 3 Replies
tv dvd
dvd collection
p90x
Buy high quality DVD collection online store .
TV DVD COLLECTION
Welcome to select any classic TV series what you want
High quality DVD selling at a best price !
P90X
|
[TUT] Video How to hack with CE und Pointer+Pointer mit SKill-Lvl und Kingdom-Hack
10/25/2010 - 4Story Hacks, Bots, Cheats & Exploits - 135 Replies
Also ich habe auch mal ein How to do Video gemacht. Wie man mit Cheat Engine und einem Pointer hackt da es viele Leute immer noch nicht wissen. Den 3. Teil kann man sich ja bestimmt denken, wenn nicht der 3. Teil kommt am Dienstag denke ich mal weil ich heute in Urlaub fahre. Solange müsstet ihr euch dann noch gedulden. Unten steht der Link für Cheat Engine, der Link von Superx321 Skill Liste für den Skill-Hack und der Bypass von St0rmBl4de.
Also:
How to do Video 1. Teil:
YouTube - How to...
|
Frage: Wie findet man zB UG Pointer?Speed pointer?
03/30/2010 - Kal Online - 2 Replies
kann mir einer sagen wie man UG/Speed pointer finden kann usw^^´ß#
|
Pointer collection
11/09/2009 - General Gaming Discussion - 9 Replies
Hi guys,
Let’s collect useful information like pointers and other data (if it’s possible) for coding own bots
Next list is a base address and offsets for Russian server:
Char stats 1: + $354 +
$A4 - HP current (4 Bytes)
$A8 - HP max (4 Bytes)
$AC - MP current (4 Bytes)
$B0 - MP max (4 Bytes)
|
All times are GMT +1. The time now is 09:02.
|
|
