Move to coordinate

[Xantrax2150198]

Hello.
How to move on coordinate(no fly, only walk)?
I should use asm code or it possibly whith sending packets?
Somebody can give me packet, or asm code?
I write in Visual C++...
Thanks alot!

[ardy680]

its possible?

[Xantrax2150198]

Quote:

Originally Posted by ardy680

its possible?

what possible?

[Murmuring]

1.Did you read the Disclaimer not to ask any Questions here before you post ?
2.The Info you requested can easily found in this Board by using just this:

[Xantrax2150198]

Quote:

Originally Posted by Murmuring

1.Did you read the Disclaimer not to ask any Questions here before you post ?
2.The Info you requested can easily found in this Board by using just this:

I post and ask question... And yes,i read it....
Do you know that in find topics may be old offsets, adm code and other?
Anybody, who can help me with moveto?

Can anybory help me with pet offsets? How to find pet HP on my druid? I try it, but no result.
[More=func to find pet HP]

Code:

DWORD CNewBotDlg::MyPetHP()
{
    HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE,pid);
    DWORD value = 0;

    ReadProcessMemory(hProcess,(void*)BA,&value,sizeof(DWORD),NULL);
    ReadProcessMemory(hProcess,(void*)(value + M_D1),&value,sizeof(DWORD),NULL);
    ReadProcessMemory(hProcess,(void*)(value + PersStruct),&value,sizeof(DWORD),NULL);
    ReadProcessMemory(hProcess,(void*)(value + PET_ARRAY),&value,sizeof(DWORD),NULL);
    ReadProcessMemory(hProcess,(void*)(value + NUMBER_SLOT),&value,sizeof(DWORD),NULL);
    ReadProcessMemory(hProcess,(void*)(value + ACTIVE_PET_ID),&value,sizeof(DWORD),NULL);
    ReadProcessMemory(hProcess,(void*)(value + (NUMBER_SLOT*4+0x10)),&value,sizeof(DWORD),NULL);
    ReadProcessMemory(hProcess,(void*)(value + PET_HP),&value,sizeof(DWORD),NULL);
    
    CloseHandle(hProcess);
    return value;
}

[/More]

This is my offsets:

Code:

#define BA                          0x00B8FBCC
#define M_D1                      0x1C
#define PersStruct                0x34
#define PET_ARRAY              0x1140
#define NUMBER_SLOT         0x08
#define ACTIVE_PET_ID        0x07CC
#define PET_HP                    0x38

[Xantrax2150198]

I find pet HP, thanks alot to CheatEngine!

[Xantrax2150198]

Hello!
I write in Visual C++ MFC, and try to use asembler code in function in my simple project. I try it about 5 days, but not result. My function in asembler is simple, it off target mob.
Please somebody help me, i tired.
This is my code:

Code:

#define BA 0x00B8FBCC
//Функция определения ИД окна игры

DWORD PidbyName(CString nameofprogram)
{
    HANDLE pHandle = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
    PROCESSENTRY32 ProcessEntry;
    ProcessEntry.dwSize = sizeof(ProcessEntry);
    BOOL Loop = Process32First(pHandle,&ProcessEntry);
    while(Loop)
    {
        if(strcmp(ProcessEntry.szExeFile, nameofprogram) == 0)
        {
            pidgmwnd = ProcessEntry.th32ProcessID;
            CloseHandle(pHandle);
            return pidgmwnd;
        }
        Loop = Process32Next(pHandle, &ProcessEntry);
    }
    return 0;
}


//  Функция Сброса Таргета моба

void Target_THREAD()
{
	DWORD wid = 0;
	DWORD Myfunc = 0x00693D60;
	_asm
    {
		MOV EAX,DWORD PTR DS:[BA]
		PUSH wid
		MOV ECX,DWORD PTR DS:[EAX+0x20]
		ADD ECX,0x0EC
		CALL Myfunc
    }
}


// Инжектирующая функция

BYTE Inject(LPCVOID Func, LPCVOID Params)
{
	LPVOID pfunc = 0;
	LPVOID paramaddr = 0;
	DWORD* lpNumberOfBytes = NULL;
	HANDLE hProcThread;
    HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE,pidgmwnd);

    pfunc = VirtualAllocEx(hProcess,NULL,250,MEM_COMMIT,PAGE_READWRITE);
	WriteProcessMemory(hProcess,pfunc,Func,250,lpNumberOfBytes);

	paramaddr= VirtualAllocEx(hProcess,NULL,511,MEM_COMMIT,PAGE_READWRITE);
	WriteProcessMemory(hProcess,paramaddr,Params,511,lpNumberOfBytes);

	hProcThread = CreateRemoteThread(hProcess,0,0,(LPTHREAD_START_ROUTINE)pfunc,paramaddr,0,0); 

	WaitForSingleObject(hProcThread,INFINITE);
	CloseHandle(hProcThread);
	CloseHandle(hProcess);
	VirtualFreeEx(hProcess, paramaddr,0, MEM_RELEASE);
	VirtualFreeEx(hProcess, pfunc,0, MEM_RELEASE);
	return 1;
}
void CTestAssemblerDlg::OnBnClickedOk()
{
    Inject(Target_THREAD,0);
    //OnOK();
}

in attachment - full project.
Please, help.

[Murmuring]

man, try to search the board...its all here.
dont know why you want to use asm code for that simple stuff, use sendpacket.
start here or use search function:

[Xantrax2150198]

Quote:

Originally Posted by Murmuring

dont know why you want to use asm code for that simple stuff, use sendpacket.

i try it, because later i want use assembler code for move, because it simple then use packets. But even simple assembler code(escape target) wan't work .
Thanks for Treasure Map to Information, but there is no post with asm code, i see only inject packets...

[Xantrax2150198]

I rewrite my functions, but not result, game crush when i call functions(press button) and i don't know why, and no one can help me .
But what iterest? If see my exe program in ollydbg and copy binary code, and after write it in memory program work.
not work:

Code:

void Target_THREAD()
{
	DWORD wid = 0;                           //0x80104ac7
	DWORD Myfunc = 0x00693D60;
	_asm{
        MOV EAX,DWORD PTR DS:[0x00B8FBCC]    //BA
        PUSH 0                           //
        MOV ECX,DWORD PTR DS:[EAX+0x20]
        ADD ECX,0x0EC
        MOV EAX,0x00693D60
        CALL EAX
        RETN
    }
}


BYTE Inject(void* Func, void* Params)
{
   /* CString str;*/

        LPVOID pfunc = NULL;
	LPVOID paramaddr = NULL;
	LPVOID lpNumberOfBytes = NULL;
	HANDLE hProcThread;
    HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE,pidgmwnd);
    if(!hProcess)
    {
        MessageBox(NULL,"pid равен 0","",MB_OK);
        return 0;
    }

    pfunc = VirtualAllocEx(hProcess,NULL,4096,MEM_COMMIT,PAGE_READWRITE);
    paramaddr = VirtualAllocEx(hProcess,NULL,256,MEM_COMMIT,PAGE_READWRITE);
    WriteProcessMemory(hProcess,pfunc,Func,4096,NULL);
	WriteProcessMemory(hProcess,paramaddr,Params,256,NULL);
    
	hProcThread = CreateRemoteThread(hProcess,NULL,NULL,(LPTHREAD_START_ROUTINE)pfunc,paramaddr,NULL,NULL); 
    //DWORD t = GetLastError();
    //str.Format("%lu",t);
    //MessageBox(NULL,str,"",MB_OK|MB_ICONINFORMATION);


	WaitForSingleObject(hProcThread,INFINITE);
	CloseHandle(hProcThread);
	CloseHandle(hProcess);
    VirtualFreeEx(hProcess, pfunc,4096, MEM_RELEASE);
	VirtualFreeEx(hProcess, paramaddr,256, MEM_RELEASE);
	return 1;
}

void CTestAssemblerDlg::OnBnClickedOk()
{
    Inject(&Target_THREAD,0);
    //OnOK();
}

But same code work if add byte code:

Code:

BYTE Inject(void* Func, void* Params)
{
   /* CString str;*/
    char packet[25] = "\xA1\xCC\xFB\xB8\x00\x6A\x00\x8B\x48\x20\x81\xC1\xEC\x00\x00\x00\xB8\x60\x3D\x69\x00\xFF\xD0\xC3";
    LPVOID pfunc = NULL;
	LPVOID paramaddr = NULL;
	LPVOID lpNumberOfBytes = NULL;
	HANDLE hProcThread;
    HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE,pidgmwnd);
    if(!hProcess)
    {
        MessageBox(NULL,"pid равен 0","",MB_OK);
        return 0;
    }

    pfunc = VirtualAllocEx(hProcess,NULL,4096,MEM_COMMIT,PAGE_READWRITE);
    paramaddr = VirtualAllocEx(hProcess,NULL,256,MEM_COMMIT,PAGE_READWRITE);
    WriteProcessMemory(hProcess,pfunc,packet,4096,NULL);
	WriteProcessMemory(hProcess,paramaddr,Params,256,NULL);
    
	hProcThread = CreateRemoteThread(hProcess,NULL,NULL,(LPTHREAD_START_ROUTINE)pfunc,paramaddr,NULL,NULL); 
    //DWORD t = GetLastError();
    //str.Format("%lu",t);
    //MessageBox(NULL,str,"",MB_OK|MB_ICONINFORMATION);


	WaitForSingleObject(hProcThread,INFINITE);
	CloseHandle(hProcThread);
	CloseHandle(hProcess);
    VirtualFreeEx(hProcess, pfunc,4096, MEM_RELEASE);
	VirtualFreeEx(hProcess, paramaddr,256, MEM_RELEASE);
	return 1;
}

void CTestAssemblerDlg::OnBnClickedOk()
{
    Inject(&Target_THREAD,0);
    //OnOK();
}

this byte code

Code:

char packet[25] = "\xA1\xCC\xFB\xB8\x00\x6A\x00\x8B\x48\x20\x81\xC1\xEC\x00\x00\x00\xB8\x60\x3D\x69\x00\xFF\xD0\xC3";

is equally

Code:

void Target_THREAD()
{
	DWORD wid = 0;                           
	DWORD Myfunc = 0x00693D60;
	_asm{
        MOV EAX,DWORD PTR DS:[0x00B8FBCC]   
        PUSH 0                           
        MOV ECX,DWORD PTR DS:[EAX+0x20]
        ADD ECX,0x0EC
        MOV EAX,0x00693D60
        CALL EAX
        RETN
    }
}

it's mysticism?

[Murmuring]

Quote:

Originally Posted by Xantrax2150198

i try it, because later i want use assembler code for move, because it simple then use packets.

yes, we all see...asm is for you more simple then just using sendpacket function

since i see no code to move the char in your postings, heres some code in visual c for example select/deselect a target...with sendpacket.

Code:

void INJECTOR::TargetOff()
{
  PACKET pack;
  pack.len=2;
  pack.Bytes[0]='\x08';
  pack.Bytes[1]='\x00';
  SendPacket(&pack);
}


void INJECTOR::TargetMob(DWORD wid)
{
  PACKET pack;
  pack.len=6;
  char Packet[6] = "\x02\x00\x00\x00\x00\x00";
  memcpy(pack.Bytes,Packet,pack.len);
  memcpy(pack.Bytes+2,&wid,4);
  SendPacket(&pack);
}


BYTE INJECTOR::SendPacket(PACKET* pack)
{
  HANDLE hProcThread;

  char fdata[29]="\x60\x8B\x0D\x00\x00\x00\x00\x8B\x49\x20\x68\x11\x11\x11\x11\x68\x22\x22\x22\x22\xB8\x33\x33\x33\x33\xFF\xD0\x61\xC3";
  int lenfunc=29;
  DWORD func=ofs->F_SEND_PACKET;
  DWORD ba=ofs->BA;
  DWORD len=pack->len;

  //HANDLE hProcess=OpenProcess(PROCESS_ALL_ACCESS,false,pid);
  if (!hProcess) return 0;

  WriteProcessMemory(hProcess,pParam,pack->Bytes,len,NULL);

  DWORD addr=DWORD(pParam);
  memcpy(fdata+3,&ba,4);
  memcpy(fdata+11,&len,4);
  memcpy(fdata+16,&addr,4);
  memcpy(fdata+21,&func,4);

  WriteProcessMemory(hProcess,pFunction,fdata,lenfunc,NULL);

  hProcThread = CreateRemoteThread(hProcess,NULL,NULL,(LPTHREAD_START_ROUTINE)pFunction,NULL,NULL,NULL);
  if(hProcThread==INVALID_HANDLE_VALUE) 
  {
    return 0;
  }

  WaitForSingleObject(hProcThread, INFINITE); 
  CloseHandle(hProcThread); 
  return 1;	
}

and for moving i would use some action struct injection like this...

Code:

void INJECTOR::Move(float x, float y, float z, int walkmode)
{
  char fdata[117]="\x60\xA1\x00\x00\x00\x00\x8B\xB0\x11\x11\x11\x11\x8B\x8E\x22\x22\x22\x22\x6A\x01\xBB\x33\x33\x33\x33\xFF\xD3\x89\xC7\x8D\x44\xE4\x0C\x50\x68\x44\x44\x44\x44\x89\xF9\xBB\x55\x55\x55\x55\xFF\xD3\x8B\x8E\x66\x66\x66\x66\x6A\x00\x6A\x01\x57\x6A\x01\xBB\x77\x77\x77\x77\xFF\xD3\xA1\x88\x88\x88\x88\x8B\x80\x99\x99\x99\x99\x8B\x80\xAA\xAA\xAA\xAA\x8B\x40\x30\x8B\x48\x04\xB8\xBB\xBB\xBB\xBB\x89\x41\x20\xB8\xCC\xCC\xCC\xCC\x89\x41\x24\xB8\xDD\xDD\xDD\xDD\x89\x41\x28\x61\xC3";
  DWORD func1=ofs->F_MOVE1;
  DWORD func2=ofs->F_MOVE2;
  DWORD func3=ofs->F_MOVE3;
  DWORD ga=ofs->GA;
  DWORD ps=ofs->PERS_STRUCT;
  DWORD maa=ofs->MY_ACTION_ARRAY;
  DWORD wmode=1; if (walkmode==0) wmode=0;


  memcpy(fdata+2,&ga,4);
  memcpy(fdata+8,&ps,4);
  memcpy(fdata+14,&maa,4);
  memcpy(fdata+21,&func1,4);
  memcpy(fdata+35,&wmode,4);
  memcpy(fdata+42,&func2,4);
  memcpy(fdata+50,&maa,4);
  memcpy(fdata+62,&func3,4);
  memcpy(fdata+69,&ga,4);
  memcpy(fdata+75,&ps,4);
  memcpy(fdata+81,&maa,4);
  memcpy(fdata+92,&x,4);
  memcpy(fdata+100,&z,4);
  memcpy(fdata+108,&y,4);
  
  InjectFunction(&fdata,117);
}

but you can write some more postings with your experimental asm code, im sure some people are amused.

[Xantrax2150198]

Thanks alot for move with packets, but, it need send with any time period = 500ms or i'm wrong?
and whats is actually offsets in revival of dynasties for move?

[Murmuring]

Quote:

Originally Posted by Xantrax2150198

Thanks alot for move with packets, but, it need send with any time period = 500ms or i'm wrong?
and whats is actually offsets in revival of dynasties for move?

were the hell did i wrote its moving with packets code ?
if you not willed to start reading the info you can find in this board, good luck.

[Interest07]

I've always had trouble with inline asm, so I can't really help you with that. Since you're using c++ why not just inject a dll, that way you can just write regular c++ code and call that instead of having to deal with asm.