PWI Eclipse changes

[denzjh]

Okie Guys!

Here they are! AutoIt scripts for:

Global Variables

 Spoiler

Code:

Global $GAME_TITLE = "Perfect World"
Global $GAME_PID = WinGetProcess($GAME_TITLE)
Global $GAME_PROCESS = _MemoryOpen($GAME_PID)
Global $ADDRESS_BASE = 0xD22C74
Global $ADDRESS_SENDPACKET = 0x782FD0
Global $ADDRESS_AUTOPATH = 0x455940
Global $ADDRESS_ACTION1 = 0x49FF80
Global $ADDRESS_ACTION2 = 0x4A6320
Global $ADDRESS_ACTION3 = 0x4A0590
Global $ADDRESS_GATHER = 0x495C40
Global $ADDRESS_CASTSKILL = 0x48DF40

GatherItem function OpCode

 Spoiler

Code:

Func GatherItem($ITEM_UNIQUE_ID, $ACTION_TYPE=0)
	$ADDRESS_GATHER = 0x495C40
	;Construct the OpCode for calling the 'GatherItem' function
	$OPcode = "60"                   			;60             PUSHAD
	$OPcode &= "B9" & _Hex($ADDRESS_BASE)       ;B8 00000000    MOV ECX,#Baseadr
	$OPcode &= "8B09"            				;8B009          MOV ECX,DWORD PTR DS:[ECX]
	$OPcode &= "8B491C"          				;8B49 1C        MOV ECX,DWORD PTR DS:[ECX+1C]
	$OPcode &= "8B4928"          				;8B49 28        MOV ECX,DWORD PTR DS:[ECX+28]
	$OPcode &= "68" & _Hex($ACTION_TYPE)	    ;68 00000000    PUSH $ACTION_TYPE 0=Pick 1=Dig
	$OPcode &= "68" & _Hex($ITEM_UNIQUE_ID)     ;68 00000000    PUSH $ITEM_UNIQUE_ID
	$OPcode &= "BB" & _Hex($ADDRESS_GATHER)     ;BB 00000000    MOV EBX, $ADDRESS_GATHER
	$OPcode &= "FFD3"            				;FFD3           CALL EBX
	$OPcode &= "61"              				;61             POPAD
	$OPcode &= "C3"              				;C3             RETN

	InjectCode($OPcode)
EndFunc

CasSkill function OpCode

 Spoiler

Code:

Func CastSKILL($SKILL_POINTER, $SKILL_ID)
	;Declare local variables
	$ADDRESS_CASTSKILL = 0x48DF40
	;Construct the OpCode for calling the 'CastSKILL' function
	$OPcode = "60"                   			;60             PUSHAD
	$OPcode &= "B8" & _Hex($ADDRESS_BASE)       ;B8 00000000    MOV EAX,#Baseadr
	$OPcode &= "8B00"            				;8B00           MOV EAX,DWORD PTR DS:[EAX]
	$OPcode &= "8B401C"          				;8B40 1C        MOV EAX,DWORD PTR DS:[EAX+1C]
	$OPcode &= "8B7028"          				;8B70 28        MOV ESI,DWORD PTR DS:[EAX+28]
	$OPcode &= "B8" & _Hex($SKILL_POINTER)     	;B8 00000000    MOV EAX, $SKILL POINTER
	$OPcode &= "6AFF"            				;6A FF          PUSH -1
	$OPcode &= "6A00"            				;6A 00          PUSH 0
	$OPcode &= "6A00"            				;6A 00          PUSH 0
	$OPcode &= "B9" & _Hex($SKILL_ID) 	    	;B9 00000000    MOV ECX, $SKILL ID
	$OPcode &= "51"              				;51             PUSH ECX
	$OPcode &= "8BCE"            				;8BCE           MOV ECX,ESI
	$OPcode &= "BA" & _Hex($ADDRESS_CASTSKILL)    ;BA 00000000    MOV EDX, $ADDRESS_CASTSKILL
	$OPcode &= "FFD2"            				;FFD2           CALL EDX
	$OPcode &= "61"              				;61             POPAD
	$OPcode &= "C3"              				;C3             RETN

	InjectCode($OPcode)
EndFunc

Auto Path function OpCode

 Spoiler

Code:

Func AutoPath($DEST_X, $DEST_Y, $ALT=0, $DISMOUNT=0)

    ;Construct the OpCode for calling the 'AutoPath' function
    $OPcode = '60'								;60					PUSHAD
    $OPcode &= 'B9' & _Hex($DEST_Y, 8, 'float') ;B9 00000000		MOV ECX, Y-FLOAT
    $OPcode &= 'BA' & _Hex($ALT)				;BA 00000000		MOV EDX, Z-INT
    $OPcode &= 'B8' & _Hex($DEST_X, 8, 'float') ;B8 00000000		MOV EAX, X-FLOAT
    $OPcode &= '6A00'							;6A 00				PUSH 0
    $OPcode &= '51'								;51					PUSH ECX
    $OPcode &= '52'								;52					PUSH EDX
    $OPcode &= '50'								;50					PUSH EAX
    $OPcode &= '6A03'							;6A 03				PUSH 3
    $OPcode &= '6A00'							;6A 00				PUSH 0
    $OPcode &= '6A00'							;6A 00				PUSH 0
    $OPcode &= '684A010000'						;68 14A0			PUSH 0X14A
    $OPcode &= 'B9'&_Hex($ADDRESS_BASE)			;B9 00000000		MOV ECX, BASE_ADDRESS
    $OPcode &= '8B09'							;8B09				MOV ECX, DWORD PTR DS:[ECX]
    $OPcode &= '83C11C'							;83C1 1C			ADD ECX, 1C
    $OPcode &= '8B09'							;8B09				MOV ECX, DWORD PTR DS:[ECX]
    $OPcode &= 'BB'&_Hex($ADDRESS_AUTOPATH)		;BB 00000000		MOV EBX, AUTOPATH_ADDRESS
    $OPcode &= 'FFD3'							;FFD3				CALL EBX
    $OPcode &= 'B9' & _Hex($ALT)				;B9 00000000		MOV ECX, Z-INT
    $OPcode &= '6A00'							;6A 00				PUSH 0
    $OPcode &= '6A00'							;6A 00				PUSH 0
    $OPcode &= '6A' & _Hex($DISMOUNT, 2)		;6A 00				PUSH FLAG-DISMOUNT AT DESTINATION
    $OPcode &= '51'								;51					PUSH ECX
    $OPcode &= '6A01'							;6A 00				PUSH 1
    $OPcode &= '6A00'							;6A 00				PUSH 0
    $OPcode &= '6A00'							;6A 00				PUSH 0
    $OPcode &= '684A010000'						;68 14A0			PUSH 0X14A
    $OPcode &= 'B9'&_Hex($ADDRESS_BASE)			;B9 00000000		MOV ECX, BASE_ADDRESS
    $OPcode &= '8B09'							;8B09				MOV ECX, DWORD PTR DS:[ECX]
    $OPcode &= '83C11C'							;83C1 1C			ADD ECX, 1C
    $OPcode &= '8B09'							;8B09				MOV ECX, DWORD PTR DS:[ECX]
    $OPcode &= 'BB'&_Hex($ADDRESS_AUTOPATH)		;BB 00000000		MOV EBX, AUTOPATH_ADDRESS
    $OPcode &= 'FFD3'							;FFD3				CALL EBX
    $OPcode &= '61'								;61					POPAD
    $OPcode &= 'C3'								;C3					RET

	InjectCode($OPcode)
EndFunc

MoveTo function OpCode

 Spoiler

Code:

Func MoveTo($DEST_X, $DEST_Y, $DEST_Z, $VERTICAL=0)

	;Construct the OpCode for calling the 'MoveTo' function
	$OPcode =  "60"                   			;60             PUSHAD
	$OPcode &= "B8" & _Hex($ADDRESS_BASE)     	;B8 00000000    MOV EAX,#Baseadr
	$OPcode &= "8B00"            				;8B00           MOV EAX,DWORD PTR DS:[EAX]
	$OPcode &= "8B401C"          				;8B40 1C        MOV EAX,DWORD PTR DS:[EAX+1C]
	$OPcode &= "8B7028"          				;8B70 28        MOV ESI,DWORD PTR DS:[EAX+28]
	$OPcode &= "8B8E" & _Hex($OFFSET_ACTIONBASE);8B8E 11111111  MOV ECX,DWORD PTR DS:[ESI+ActArr]
	$OPcode &= "6A01"            				;6A 01          PUSH 1
	$OPcode &= "BA" & _Hex($ADDRESS_ACTION1)    ;BA 00000000    MOV EDX,Walk1
	$OPcode &= "FFD2"            				;FFD2           CALL EDX
	$OPcode &= "8BF8"            				;8BF8           MOV EDI,EAX
	$OPcode &= "8D442418"        				;8D4424 18      LEA EAX,DWORD PTR SS:[ESP+18]
	$OPcode &= "50"              				;50             PUSH EAX
	$OPcode &= "BA" & _Hex($VERTICAL)      		;BA 00000000    MOV EDX, fly mode
	$OPcode &= "52"              				;52             PUSH EDX
	$OPcode &= "8BCF"            				;8BCF           MOV ECX,EDI
	$OPcode &= "BA" & _Hex($ADDRESS_ACTION2)    ;BA 00000000    MOV EDX,Walk2
	$OPcode &= "FFD2"            				;FFD2           CALL EDX
	$OPcode &= "8B8E" & _Hex($OFFSET_ACTIONBASE);8B8E 22222222  MOV ECX,DWORD PTR DS:[ESI+ActArr]
	$OPcode &= "B8" & _Hex($DEST_X, 8, 'float') ;B8 00000000    MOV EAX,x
	$OPcode &= "8BD7"            				;8BD7           MOV EDX,EDI
	$OPcode &= "83C220"          				;83C2 20        ADD EDX,20
	$OPcode &= "8902"            				;8902           MOV DWORD PTR DS:[EDX],EAX
	$OPcode &= "B8" & _Hex($DEST_Z, 8, 'float') ;B8 00000000    MOV EAX,z
	$OPcode &= "8BD7"            				;8BD7           MOV EDX,EDI
	$OPcode &= "83C224"          				;83C2 24        ADD EDX,24
	$OPcode &= "8902"            				;8902           MOV DWORD PTR DS:[EDX],EAX
	$OPcode &= "B8" & _Hex($DEST_Y, 8, 'float') ;B8 00000000    MOV EAX,y
	$OPcode &= "8BD7"            				;8BD7           MOV EDX,EDI
	$OPcode &= "83C228"          				;83C2 28        ADD EDX,28
	$OPcode &= "8902"            				;8902           MOV DWORD PTR DS:[EDX],EAX
	$OPcode &= "6A00"            				;6A 00          PUSH 0
	$OPcode &= "6A01"            				;6A 01          PUSH 1
	$OPcode &= "57"              				;57             PUSH EDI
	$OPcode &= "6A01"            				;6A 01          PUSH 1
	$OPcode &= "BA" & _Hex($ADDRESS_ACTION3)    ;BA 00000000    MOV EDX,Walk3
	$OPcode &= "FFD2"            				;FFD2           CALL EDX
	$OPcode &= "61"              				;61             POPAD
	$OPcode &= "C3"              				;C3             RETN

	InjectCode($OPcode)
EndFunc

Auto Path function OpCode

 Spoiler

Code:

Func AutoPathInt($DEST_X, $DEST_Y, $DEST_Z=0, $DISMOUNT=0)
	;Declare local variables
	If $DEST_Z = 0 Then	$DEST_Z = $CHAR_Z/10

	;Construct the OpCode for calling the 'AutoPath' function
	$OPcode = '60'
	$OPcode &= 'B9' & _Hex($DEST_Y*10-5500, 8, 'float')
	$OPcode &= 'BA' & _Hex($DEST_Z)
	$OPcode &= 'B8' & _Hex($DEST_X*10-4000, 8, 'float')
	$OPcode &= '6A00'
	$OPcode &= '51'
	$OPcode &= '52'
	$OPcode &= '50'
	$OPcode &= '6A03'
	$OPcode &= '6A00'
	$OPcode &= '6A00'
	$OPcode &= '684A010000'
	$OPcode &= 'B9'&_Hex($ADDRESS_BASE)
	$OPcode &= '8B09'
	$OPcode &= '83C11C'
	$OPcode &= '8B09'
	$OPcode &= 'BB'&_Hex($ADDRESS_AUTOPATH)
	$OPcode &= 'FFD3'

	$OPcode &= 'B9' & _Hex($DEST_Z)
	$OPcode &= '6A00'
	$OPcode &= '6A00'
	$OPcode &= '6A' & _Hex($DISMOUNT, 2, 'int')
	$OPcode &= '51'
	$OPcode &= '6A01'
	$OPcode &= '6A00'
	$OPcode &= '6A00'
	$OPcode &= '684A010000'
	$OPcode &= 'B9'&_Hex($ADDRESS_BASE)
	$OPcode &= '8B09'
	$OPcode &= '83C11C'
	$OPcode &= '8B09'
	$OPcode &= 'BB'&_Hex($ADDRESS_AUTOPATH)
	$OPcode &= 'FFD3'
	$OPcode &= '61'
	$OPcode &= 'C3'

	InjectCode($OPcode)
EndFunc

MoveTo Function OpCode

 Spoiler

Code:

Func MoveToInt($DEST_X, $DEST_Y, $DEST_Z, $VERTICAL=0)

	;Construct the OpCode for calling the 'MoveTo' function
	$OPcode =  "60"                   			;60             PUSHAD
	$OPcode &= "B8" & _Hex($ADDRESS_BASE)     	;B8 00000000    MOV EAX,#Baseadr
	$OPcode &= "8B00"            				;8B00           MOV EAX,DWORD PTR DS:[EAX]
	$OPcode &= "8B401C"          				;8B40 1C        MOV EAX,DWORD PTR DS:[EAX+1C]
	$OPcode &= "8B7028"          				;8B70 28        MOV ESI,DWORD PTR DS:[EAX+28]
	$OPcode &= "8B8E" & _Hex($OFFSET_ACTIONBASE);8B8E 11111111  MOV ECX,DWORD PTR DS:[ESI+ActArr]
	$OPcode &= "6A01"            				;6A 01          PUSH 1
	$OPcode &= "BA" & _Hex($ADDRESS_ACTION1)    ;BA 00000000    MOV EDX, StartAction
	$OPcode &= "FFD2"            				;FFD2           CALL EDX
	$OPcode &= "8BF8"            				;8BF8           MOV EDI,EAX
	$OPcode &= "8D442418"        				;8D4424 18      LEA EAX,DWORD PTR SS:[ESP+18]
	$OPcode &= "50"              				;50             PUSH EAX
	$OPcode &= "BA" & _Hex($VERTICAL)      		;BA 00000000    MOV EDX, fly mode
	$OPcode &= "52"              				;52             PUSH EDX
	$OPcode &= "8BCF"            				;8BCF           MOV ECX,EDI
	$OPcode &= "BA" & _Hex($ADDRESS_ACTION2)    ;BA 00000000    MOV EDX, PerformAction
	$OPcode &= "FFD2"            				;FFD2           CALL EDX
	$OPcode &= "8B8E" & _Hex($OFFSET_ACTIONBASE);8B8E 22222222  MOV ECX,DWORD PTR DS:[ESI+ActArr]
	$OPcode &= "B8" & _Hex($DEST_X*10-4000, 8, 'float') ;B8 00000000    MOV EAX,x
	$OPcode &= "8BD7"            				;8BD7           MOV EDX,EDI
	$OPcode &= "83C220"          				;83C2 20        ADD EDX,20
	$OPcode &= "8902"            				;8902           MOV DWORD PTR DS:[EDX],EAX
	$OPcode &= "B8" & _Hex($DEST_Z*10, 8, 'float') ;B8 00000000    MOV EAX,z
	$OPcode &= "8BD7"            				;8BD7           MOV EDX,EDI
	$OPcode &= "83C224"          				;83C2 24        ADD EDX,24
	$OPcode &= "8902"            				;8902           MOV DWORD PTR DS:[EDX],EAX
	$OPcode &= "B8" & _Hex($DEST_Y*10-5500, 8, 'float') ;B8 00000000    MOV EAX,y
	$OPcode &= "8BD7"            				;8BD7           MOV EDX,EDI
	$OPcode &= "83C228"          				;83C2 28        ADD EDX,28
	$OPcode &= "8902"            				;8902           MOV DWORD PTR DS:[EDX],EAX
	$OPcode &= "6A00"            				;6A 00          PUSH 0
	$OPcode &= "6A01"            				;6A 01          PUSH 1
	$OPcode &= "57"              				;57             PUSH EDI
	$OPcode &= "6A01"            				;6A 01          PUSH 1
	$OPcode &= "BA" & _Hex($ADDRESS_ACTION3)    ;BA 00000000    MOV EDX, FinishAction
	$OPcode &= "FFD2"            				;FFD2           CALL EDX
	$OPcode &= "61"              				;61             POPAD
	$OPcode &= "C3"              				;C3             RETN

	InjectCode($OPcode)
EndFunc

Inject OpCodes

 Spoiler

Code:

Func InjectCode($OPcode)
	;Declare local variables

	;Open process for given processId
	$processHandle = $GAME_PROCESS[1]

	;Allocate memory for the OpCode and retrieve address for this
	$functionAddress = DllCall('kernel32.dll', 'int', 'VirtualAllocEx', 'int', $processHandle, 'ptr', 0, 'int', 100, 'int', 0x1000, 'int', 0x40)

	;Construct the OpCode for calling the function

	;Put the OpCode into a struct for later memory writing
	$vBuffer = DllStructCreate('byte[' & StringLen($OPcode) / 2 & ']')
	For $loop = 1 To DllStructGetSize($vBuffer)
		DllStructSetData($vBuffer, 1, Dec(StringMid($OPcode, ($loop - 1) * 2 + 1, 2)), $loop)
	Next

	;Write the OpCode to previously allocated memory
	DllCall('kernel32.dll', 'int', 'WriteProcessMemory', 'int', $processHandle, 'int', $functionAddress[0], 'int', DllStructGetPtr($vBuffer), 'int', DllStructGetSize($vBuffer), 'int', 0)


	;Create a remote thread in order to run the OpCode
	$hRemoteThread = DllCall('kernel32.dll', 'int', 'CreateRemoteThread', 'int', $processHandle, 'int', 0, 'int', 0, 'int', $functionAddress[0], 'ptr', 0, 'int', 0, 'int', 0)

	;Wait for the remote thread to finish
	Do
		$result = DllCall('kernel32.dll', 'int', 'WaitForSingleObject', 'int', $hRemoteThread[0], 'int', 50)
	Until $result[0] <> 258

	;Close the handle to the previously created remote thread
	DllCall('kernel32.dll', 'int', 'CloseHandle', 'int', $hRemoteThread[0])

	;Free the previously allocated memory
	DllCall('kernel32.dll', 'ptr', 'VirtualFreeEx', 'hwnd', $processHandle, 'int', $functionAddress[0], 'int', 0, 'int', 0x8000)

	Return True
EndFunc

Hex Converter

 Spoiler

Code:

Func _Hex($Value, $size=8, $type="int")
	Local $tmp1, $tmp2, $i
	If($type = "int") Then
        $tmp1 = StringRight("000000000" & Hex($Value), $size)
    ElseIf($type = "float") Then
        $tmp1 = StringRight("000000000" & _FloatToHex($Value), $size)
    EndIf
    For $i = 0 To StringLen($tmp1) / 2 - 1
        $tmp2 = $tmp2 & StringMid($tmp1, StringLen($tmp1) - 1 - 2 * $i, 2)
    Next
    Return $tmp2
EndFunc

Func _FloatToHex($floatval)
    $sF = DllStructCreate("float")
    $sB = DllStructCreate("ptr", DllStructGetPtr($sF))
    If $floatval = "" Then Exit
    DllStructSetData($sF, 1, $floatval)
    $return=DllStructGetData($sB, 1)
    Return $return
EndFunc

And lastly the Address Retriever (BTW this code is compiled into exe using Win 7 32-bit OS)

 Spoiler

Code:

#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
#AutoIt3Wrapper_Compile_Both=y
#AutoIt3Wrapper_UseX64=y
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****
#include <GuiConstantsEx.au3>
#include <EditConstants.au3>

Opt("GUICloseOnESC", 0)
Opt("GUIOnEventMode", 1)
Opt("TrayAutoPause", 0)
Opt("TrayMenuMode", 1)

GUICreate("PWI Essential Addresses", 400, 400)
GUISetOnEvent($GUI_EVENT_CLOSE, "_Exit")
$OUTPUT_ADDRESS = GUICtrlCreateEdit("", 10, 10, 380, 330, BitAND($ES_AUTOHSCROLL, $ES_AUTOVSCROLL, $ES_MULTILINE))

GUICtrlCreateLabel("Game Client: ", 5, 350)
$DEFAULT_FOLDER = @ProgramFilesDir & "\Arc\PWI_En\element\"
$DEFAULT_CLIENT = "elementclient.exe"
$INPUT_GAME = GUICtrlCreateInput($DEFAULT_FOLDER & $DEFAULT_CLIENT, 100, 350, 290, 18)
GUICtrlCreateButton("Browse", 100, 370, 50, 25)
GUICtrlSetOnEvent(-1, "GetClientExe")
GUICtrlCreateButton("Retrieve", 160, 370, 50, 25)
GUICtrlSetOnEvent(-1, "RetrieveAddress")
GUISetState()
While 1
	Sleep(100)
WEnd

Func GetClientExe()
	$EXE = FileOpenDialog("Perfect World Client", $DEFAULT_FOLDER, "Executable (*.exe)", 1, $DEFAULT_CLIENT)
	GUICtrlSetData($INPUT_GAME, $EXE)
EndFunc

Func RetrieveAddress()
	$EXE = GUICtrlRead($INPUT_GAME)
	If @error Then Return
	$FILE = FileOpen($EXE, 16)
	$DATA = FileRead($FILE, FileGetSize($EXE))
	FileClose($FILE)
	$OPCODEBASE = 'A1(.{8})5332DB8B48.{2}'
	$BASE = StringRegExp($DATA, $OPCODEBASE, 1)
	$OPCODEPACKET = '6AFF68.{8}64A100000000506489250000000083EC185356578BF96A07'
	$PACKET = StringRegExp($DATA, $OPCODEPACKET, 1)
	$OPCODEAUTOPATH = '6AFF68.{8}64A100000000506489250000000083EC2053568BF18D4C2408E8.{8}8B4C243C8B542440'
	$AUTOPATH = StringRegExp($DATA, $OPCODEAUTOPATH, 1)
	$OPCODE_ACTION1 = '64A1.{8}6AFF68.{8}508B442410648925.{8}5683F8138BF1'
	$ACTION1 = StringRegExp($DATA, $OPCODE_ACTION1, 1)
	$OPCODE_ACTION2 = '83EC2453558B6C243056578B7C243C8BF133DB896E2C8B07894620'
	$ACTION2 = StringRegExp($DATA, $OPCODE_ACTION2, 1)
	$OPCODE_ACTION3 = '5355568B74241485F6578BD975095F5E5D32C05BC20C00'
	$ACTION3 = StringRegExp($DATA, $OPCODE_ACTION3, 1)
	$OPCODE_GATHER = '5355578BF98B87.{8}C1E807A8010F85.{8}E8.{8}84C00F85.{8}8B6C2410'
	$GATHER = StringRegExp($DATA, $OPCODE_GATHER, 1)
	$OPCODE_CAST = '535556578BF16A04E8.{8}8B8E.{8}83C40485C974076A02'
	$CAST = StringRegExp($DATA, $OPCODE_CAST, 1)

	If @error Then
		MsgBox(0, "Issues Attaching For Offsets", "There may be another bot attached to this process. Please close that bot and try again")
		Return
	EndIf
	$ADDRESS_BASE = '0x' & Rev($BASE[0])
	$ADDRESS_SENDPACKET = '0x' & Hex(StringInStr($DATA, $PACKET[0])/2 + 0x400000 - 1)
	$ADDRESS_AUTOPATH = '0x' & Hex(StringInStr($DATA, $AUTOPATH[0])/2 + 0x400000 - 1)
	$ADDRESS_ACTION1 = '0x' & Hex(StringInStr($DATA, $ACTION1[0])/2 + 0x400000 - 1)
	$ADDRESS_ACTION2 = '0x' & Hex(StringInStr($DATA, $ACTION2[0])/2 + 0x400000 - 1)
	$ADDRESS_ACTION3 = '0x' & Hex(StringInStr($DATA, $ACTION3[0])/2 + 0x400000 - 1)
	$ADDRESS_GATHER = '0x' & Hex(StringInStr($DATA, $GATHER[0])/2 + 0x400000 - 1)
	$ADDRESS_CAST = '0x' & Hex(StringInStr($DATA, $CAST[0])/2 + 0x400000 - 1)

	$OUTPUT = ""
	$OUTPUT &= "Global $ADDRESS_BASE="
	$OUTPUT &= $ADDRESS_BASE
	$OUTPUT &= @CRLF
	$OUTPUT &= "Global $ADDRESS_SENDPACKET="
	$OUTPUT &= $ADDRESS_SENDPACKET
	$OUTPUT &= @CRLF
	$OUTPUT &= "Global $ADDRESS_AUTOPATH="
	$OUTPUT &= $ADDRESS_AUTOPATH
	$OUTPUT &= @CRLF
	$OUTPUT &= "Global $ADDRESS_ACTION1="
	$OUTPUT &= $ADDRESS_ACTION1
	$OUTPUT &= @CRLF
	$OUTPUT &= "Global $ADDRESS_ACTION2="
	$OUTPUT &= $ADDRESS_ACTION2
	$OUTPUT &= @CRLF
	$OUTPUT &= "Global $ADDRESS_ACTION3="
	$OUTPUT &= $ADDRESS_ACTION3
	$OUTPUT &= @CRLF
	$OUTPUT &= "Global $ADDRESS_GATHER="
	$OUTPUT &= $ADDRESS_GATHER
	$OUTPUT &= @CRLF
	$OUTPUT &= "Global $ADDRESS_CAST="
	$OUTPUT &= $ADDRESS_CAST
	$OUTPUT &= @CRLF
	GUICtrlSetData($OUTPUT_ADDRESS, $OUTPUT)
EndFunc

Func Rev($string)
	Local $all
	For $i = StringLen($string) + 1 To 1 Step -2
		$all = $all & StringMid($string, $i, 2)
	Next
	Return $all
EndFunc

Func _Exit()
	Exit
EndFunc

And to others who are pm-ing me, please stop it, it tickles...

Everything you wanted to know is already here.

Breast feeding are for babies!
Spoon feeding are for those who could not use spoon.

Thanks to Remmm and his resources, because of him I learned how to trace and make the CastSkill Function

And your welcum too guys!

[Remmm]

The Internet can answer many questions, the main thing to know how to ask a question



P.S. Sorry, my native language is Russian

[Stark77]

Wow thank you again so much. Works like a charm

I followed this guide few days ago () and without understanding everything i also got the function addresses, but had no clue how to use it.

So was your way to find those opcodes to search for the call address or is there another way like breakpoints? Did u use Olly or IDA to find them?

[Smurfin]

Wow awesome snippets, I hope you guys still around when Eclipse hits PWIndo.

Looking at all those, I bet everything's changed now huh with this Eclipse patch, Wanmei wasn't joking about the engine overhaul then ? The gfx still looks pretty much the same though.

Is it gonna be that way now, using opcodes not memorywrite anymore ? or it's just easier that way. If using memorywrite like the old actionstruct, we can check the values within the structure to see if the character is idle or done doing something. For example if using GatherItem($ITEM_UNIQUE_ID, $ACTION_TYPE=0) , the character will move to the item and dig it, but what can we use for 'waiting' the action to complete ?

[Stark77]

there is simple way to check if u perform an action like digging or moveing or attacking. the checkAction turns to 1 if u perform any action and is 0 if not.

Code:

baseAddress := ReadMemoryUint(realBaseAddress, processID) ;~ 0xD22C74
structurePointer := ReadMemoryUint(baseAddress + baseOffset, processID) ;~ 0x1C 
playerPointer := ReadMemoryUint(structurePointer + playerOffset, processID) ;~ 0x28
actionStruct := ReadMemoryUint(playerPointer + playerActionStructOffset, processID) ;~ 0x13EC
checkAction:= ReadMemoryUint(actionstruct+0x38,processID) ;~ same as 0x24

[denzjh]

As for your checkAction or ActionFlag, just want to inform you these:

When using GatherItem function and your character is far from the resource,

1. The CheckAction/ActionFlag value will be 1 when your character will move towards the resource.
2. The CheckAction/ActionFlag value will be 0 when your character will stop moving as it arrives near the resource.
3. The CheckAction/ActionFlag value will be 1 when your character will start digging the resource.
4. The CheckAction/ActionFlag value will be 0 when your character is done gathering the resource.

This also happens when using CastSkill Function and your character's target is beyond the skill's range.

I suggest to check for checkAction/ActionFlag values twice before calling the said functions again.

For Example:

 Spoiler

Code:

#include <NomadMemory.au3>
#include <Array.au3>

Dim $GAME_EXE = "elementclient.exe"
Dim $GAME_PID = ProcessExists($GAME_EXE)
Dim $GAME_PROCESS = _MemoryOpen($GAME_PID)
Dim $ADDRESS_BASE = 0xD22C74
Dim $LIST_DIG[2] = ['Nectar', 'Ageratum']

While 1
	AutoFarm()
	; Insert some auto pots here
	; Insert some memory reducers here
	Sleep(250)
WEnd

Func AutoFarm()
	For $i = 0 To UBound($LIST_DIG) - 1
		DigItem($LIST_DIG[$i])
	Next
EndFunc

Func DigItem($STRING)
	$ARRAY = ItemsArray()
	$index = _ArraySearch($ARRAY, $STRING, 0, 0, 0, 1)
	If $index <> -1 Then
		$ITEM_SN = $ARRAY[$index][0]
		GatherItem($ITEM_SN, 1)
		Do
			; Insert some traveled distance check or stuck check here
			; Insert some auto pots here
			; Insert some memory reducers here
			Sleep(250)
		Until ActionFlag() = 0
		Sleep(250)
		GatherItem($ITEM_SN, 1)
		Do
			; Insert some traveled distance check or stuck check here
			; Insert some auto pots here
			; Insert some memory reducers here
			Sleep(250)
		Until ActionFlag() = 0
	EndIf
EndFunc

Func ActionFlag()
	$POINTER_BASE = _MemoryRead(_MemoryRead($ADDRESS_BASE, $GAME_PROCESS) + 0x1C, $GAME_PROCESS)
	$POINTER_CHAR = _MemoryRead($POINTER_BASE + 0x28, $GAME_PROCESS)
	$POINTER_ACTION = _MemoryRead($POINTER_CHAR + 0x13EC, $GAME_PROCESS)
	Return _MemoryRead($POINTER_ACTION + 0x24, $GAME_PROCESS)
EndFunc

Func ItemsArray()
	$POINTER_BASE = _MemoryRead(_MemoryRead($ADDRESS_BASE, $GAME_PROCESS) + 0x1C, $GAME_PROCESS)
	$SORTEDLIST = _MemoryRead($POINTER_BASE + 0x14, $GAME_PROCESS)
	$ITEMBASE = _MemoryRead($SORTEDLIST + 0x24, $GAME_PROCESS)
	$ITEMCOUNT = _MemoryRead($ITEMBASE + 0x14, $GAME_PROCESS)
	If $ITEMCOUNT = 0 Then Return
	$ITEMLIST = _MemoryRead($ITEMBASE + 0x1C, $GAME_PROCESS)
	
	Dim $ARRAY[1][7], $COUNTER=0
	For $i = 0 To 768
		$ITEM = _MemoryRead(_MemoryRead($ITEMLIST + $i*4, $GAME_PROCESS) + 0x4 , $GAME_PROCESS)
		If $ITEM <> 0 Then
			ReDim $ARRAY[$COUNTER+1][8]
			$ARRAY[$COUNTER][0] = _MemoryRead($ITEM + 0x110, $GAME_PROCESS)
			$ARRAY[$COUNTER][1] = _MemoryRead($ITEM + 0x114, $GAME_PROCESS)
			$ARRAY[$COUNTER][2] = _MemoryRead(_MemoryRead($ITEM + 0x168, $GAME_PROCESS), $GAME_PROCESS, 'wchar[100]')
			$ARRAY[$COUNTER][3] = _MemoryRead($ITEM + 0x150, $GAME_PROCESS)
			$ARRAY[$COUNTER][4] = _MemoryRead($ITEM + 0x3C, $GAME_PROCESS, 'float') ;X Coord in Map
			$ARRAY[$COUNTER][5] = _MemoryRead($ITEM + 0x44, $GAME_PROCESS, 'float') ;y Coord in Map
			$ARRAY[$COUNTER][6] = _MemoryRead($ITEM + 0x40, $GAME_PROCESS, 'float') ;Z Coord or Vertical Altitude
			$COUNTER += 1
		EndIf
	Next
	Return $ARRAY
EndFunc

Func InjectCode($OPcode)
	;Declare local variables

	;Open process for given processId
	$processHandle = $GAME_PROCESS[1]

	;Allocate memory for the OpCode and retrieve address for this
	$functionAddress = DllCall('kernel32.dll', 'int', 'VirtualAllocEx', 'int', $processHandle, 'ptr', 0, 'int', 100, 'int', 0x1000, 'int', 0x40)

	;Construct the OpCode for calling the function

	;Put the OpCode into a struct for later memory writing
	$vBuffer = DllStructCreate('byte[' & StringLen($OPcode) / 2 & ']')
	For $loop = 1 To DllStructGetSize($vBuffer)
		DllStructSetData($vBuffer, 1, Dec(StringMid($OPcode, ($loop - 1) * 2 + 1, 2)), $loop)
	Next

	;Write the OpCode to previously allocated memory
	DllCall('kernel32.dll', 'int', 'WriteProcessMemory', 'int', $processHandle, 'int', $functionAddress[0], 'int', DllStructGetPtr($vBuffer), 'int', DllStructGetSize($vBuffer), 'int', 0)


	;Create a remote thread in order to run the OpCode
	$hRemoteThread = DllCall('kernel32.dll', 'int', 'CreateRemoteThread', 'int', $processHandle, 'int', 0, 'int', 0, 'int', $functionAddress[0], 'ptr', 0, 'int', 0, 'int', 0)

	;Wait for the remote thread to finish
	Do
		$result = DllCall('kernel32.dll', 'int', 'WaitForSingleObject', 'int', $hRemoteThread[0], 'int', 50)
	Until $result[0] <> 258

	;Close the handle to the previously created remote thread
	DllCall('kernel32.dll', 'int', 'CloseHandle', 'int', $hRemoteThread[0])

	;Free the previously allocated memory
	DllCall('kernel32.dll', 'ptr', 'VirtualFreeEx', 'hwnd', $processHandle, 'int', $functionAddress[0], 'int', 0, 'int', 0x8000)

	Return True
EndFunc

Func GatherItem($ITEM_UNIQUE_ID, $ACTION_TYPE=0)

	;Construct the OpCode for calling the 'GatherItem' function
	$OPcode = "60"                   			;60             PUSHAD
	$OPcode &= "B9" & _Hex($ADDRESS_BASE)       ;B9 00000000    MOV ECX,#Baseadr
	$OPcode &= "8B09"            				;8B09           MOV ECX,DWORD PTR DS:[ECX]
	$OPcode &= "8B491C"          				;8B49 1C        MOV ECX,DWORD PTR DS:[ECX+1C]
	$OPcode &= "8B4928"          				;8B49 28        MOV ECX,DWORD PTR DS:[ECX+28]
	$OPcode &= "68" & _Hex($ACTION_TYPE)	    ;68 00000000    PUSH $ACTION_TYPE 0=Pick 1=Dig
	$OPcode &= "68" & _Hex($ITEM_UNIQUE_ID)     ;68 00000000    PUSH $ITEM_UNIQUE_ID
	$OPcode &= "BB" & _Hex($ADDRESS_GATHER)     ;BB 00000000    MOV EBX, $ADDRESS_GATHER
	$OPcode &= "FFD3"            				;FFD3           CALL EBX
	$OPcode &= "61"              				;61             POPAD
	$OPcode &= "C3"              				;C3             RETN

	InjectCode($OPcode)
EndFunc

Func _Hex($Value, $size=8, $type="int")
	Local $tmp1, $tmp2, $i
	If($type = "int") Then
        $tmp1 = StringRight("000000000" & Hex($Value), $size)
    ElseIf($type = "float") Then
        $tmp1 = StringRight("000000000" & _FloatToHex($Value), $size)
    EndIf
    For $i = 0 To StringLen($tmp1) / 2 - 1
        $tmp2 = $tmp2 & StringMid($tmp1, StringLen($tmp1) - 1 - 2 * $i, 2)
    Next
    Return $tmp2
EndFunc

Func _FloatToHex($floatval)
    $sF = DllStructCreate("float")
    $sB = DllStructCreate("ptr", DllStructGetPtr($sF))
    If $floatval = "" Then Exit
    DllStructSetData($sF, 1, $floatval)
    $return=DllStructGetData($sB, 1)
    Return $return
EndFunc

In my opinion, a better solution to check if your character is digging / channeling / casting, is by tracing their Progress Bar Flags.
(A.K.A. trace the gui struct). Because we can tell if your character would be still moving towards the target after calling the GatherItem / CastSkill functions if Progress Bar Flag is Off while Action Flag is On.

I'm currently Experimenting on this Function. I am trying to make a function that will return the value of EAX or DWORD PTR SS:[ESP+10] in 0x0049FF8E. But like I said, I'm not a software developer/computer programmer so, still stuck with my experiments (A.k.a multiple client crashes ).

 Spoiler

Code:

0049FF80  /$ 64:A1 00000000 MOV EAX,DWORD PTR FS:[0]
0049FF86  |. 6A FF          PUSH -1
0049FF88  |. 68 2C9AB600    PUSH PWI.00B69A2C
0049FF8D  |. 50             PUSH EAX
0049FF8E  |. 8B4424 10      MOV EAX,DWORD PTR SS:[ESP+10]
0049FF92  |. 64:8925 000000>MOV DWORD PTR FS:[0],ESP
0049FF99  |. 56             PUSH ESI
0049FF9A  |. 83F8 13        CMP EAX,13                               ;  Switch (cases 0..13) 
0049FF9D  |. 8BF1           MOV ESI,ECX
0049FF9F  |. 0F87 5F040000  JA PWI.004A0404
0049FFA5  |. FF2485 18044A0>JMP DWORD PTR DS:[EAX*4+4A0418] ;;<---- Value of EAX determines the Current Action from the List
0049FFAC  |> 6A 30          PUSH 30                                  ;  Case 0 of switch 0049FF9A
0049FFAE  |. E8 AD455600    CALL PWI.00A04560
0049FFB3  |. 83C4 04        ADD ESP,4
0049FFB6  |. 894424 14      MOV DWORD PTR SS:[ESP+14],EAX
0049FFBA  |. 85C0           TEST EAX,EAX
0049FFBC  |. C74424 0C 0000>MOV DWORD PTR SS:[ESP+C],0
0049FFC4  |. 0F84 3A040000  JE PWI.004A0404
0049FFCA  |. 56             PUSH ESI
0049FFCB  |. 8BC8           MOV ECX,EAX
0049FFCD  |. E8 0E9C0000    CALL PWI.004A9BE0
0049FFD2  |. 8B4C24 04      MOV ECX,DWORD PTR SS:[ESP+4]
0049FFD6  |. 64:890D 000000>MOV DWORD PTR FS:[0],ECX
0049FFDD  |. 5E             POP ESI
0049FFDE  |. 83C4 0C        ADD ESP,0C
0049FFE1  |. C2 0400        RETN 4
0049FFE4  |> 6A 7C          PUSH 7C                                  ;  Case 1 of switch 0049FF9A
0049FFE6  |. E8 75455600    CALL PWI.00A04560
0049FFEB  |. 83C4 04        ADD ESP,4
0049FFEE  |. 894424 14      MOV DWORD PTR SS:[ESP+14],EAX
0049FFF2  |. 85C0           TEST EAX,EAX
0049FFF4  |. C74424 0C 0100>MOV DWORD PTR SS:[ESP+C],1
0049FFFC  |. 0F84 02040000  JE PWI.004A0404
004A0002  |. 56             PUSH ESI
004A0003  |. 8BC8           MOV ECX,EAX
004A0005  |. E8 765F0000    CALL PWI.004A5F80
004A000A  |. 8B4C24 04      MOV ECX,DWORD PTR SS:[ESP+4]
004A000E  |. 64:890D 000000>MOV DWORD PTR FS:[0],ECX
004A0015  |. 5E             POP ESI
004A0016  |. 83C4 0C        ADD ESP,0C
004A0019  |. C2 0400        RETN 4
004A001C  |> 6A 44          PUSH 44                                  ;  Case 2 of switch 0049FF9A
004A001E  |. E8 3D455600    CALL PWI.00A04560
004A0023  |. 83C4 04        ADD ESP,4
004A0026  |. 894424 14      MOV DWORD PTR SS:[ESP+14],EAX
004A002A  |. 85C0           TEST EAX,EAX
004A002C  |. C74424 0C 0200>MOV DWORD PTR SS:[ESP+C],2
004A0034  |. 0F84 CA030000  JE PWI.004A0404
004A003A  |. 56             PUSH ESI
004A003B  |. 8BC8           MOV ECX,EAX
004A003D  |. E8 EEA30000    CALL PWI.004AA430
004A0042  |. 8B4C24 04      MOV ECX,DWORD PTR SS:[ESP+4]
004A0046  |. 64:890D 000000>MOV DWORD PTR FS:[0],ECX
004A004D  |. 5E             POP ESI
004A004E  |. 83C4 0C        ADD ESP,0C
004A0051  |. C2 0400        RETN 4
004A0054  |> 6A 2C          PUSH 2C                                  ;  Case 3 of switch 0049FF9A
004A0056  |. E8 05455600    CALL PWI.00A04560
004A005B  |. 83C4 04        ADD ESP,4
004A005E  |. 894424 14      MOV DWORD PTR SS:[ESP+14],EAX
004A0062  |. 85C0           TEST EAX,EAX
004A0064  |. C74424 0C 0300>MOV DWORD PTR SS:[ESP+C],3
004A006C  |. 0F84 92030000  JE PWI.004A0404
004A0072  |. 56             PUSH ESI
004A0073  |. 8BC8           MOV ECX,EAX
004A0075  |. E8 165A0000    CALL PWI.004A5A90
004A007A  |. 8B4C24 04      MOV ECX,DWORD PTR SS:[ESP+4]
004A007E  |. 64:890D 000000>MOV DWORD PTR FS:[0],ECX
004A0085  |. 5E             POP ESI
004A0086  |. 83C4 0C        ADD ESP,0C
004A0089  |. C2 0400        RETN 4
004A008C  |> 6A 34          PUSH 34                                  ;  Case 4 of switch 0049FF9A
004A008E  |. E8 CD445600    CALL PWI.00A04560
004A0093  |. 83C4 04        ADD ESP,4
004A0096  |. 894424 14      MOV DWORD PTR SS:[ESP+14],EAX
004A009A  |. 85C0           TEST EAX,EAX
004A009C  |. C74424 0C 0400>MOV DWORD PTR SS:[ESP+C],4
004A00A4  |. 0F84 5A030000  JE PWI.004A0404
004A00AA  |. 56             PUSH ESI
004A00AB  |. 8BC8           MOV ECX,EAX
004A00AD  |. E8 6E970000    CALL PWI.004A9820
004A00B2  |. 8B4C24 04      MOV ECX,DWORD PTR SS:[ESP+4]
004A00B6  |. 64:890D 000000>MOV DWORD PTR FS:[0],ECX
004A00BD  |. 5E             POP ESI
004A00BE  |. 83C4 0C        ADD ESP,0C
004A00C1  |. C2 0400        RETN 4
004A00C4  |> 6A 34          PUSH 34                                  ;  Case 5 of switch 0049FF9A
004A00C6  |. E8 95445600    CALL PWI.00A04560
004A00CB  |. 83C4 04        ADD ESP,4
004A00CE  |. 894424 14      MOV DWORD PTR SS:[ESP+14],EAX
004A00D2  |. 85C0           TEST EAX,EAX
004A00D4  |. C74424 0C 0500>MOV DWORD PTR SS:[ESP+C],5
004A00DC  |. 0F84 22030000  JE PWI.004A0404
004A00E2  |. 56             PUSH ESI
004A00E3  |. 8BC8           MOV ECX,EAX
004A00E5  |. E8 96C50000    CALL PWI.004AC680
004A00EA  |. 8B4C24 04      MOV ECX,DWORD PTR SS:[ESP+4]
004A00EE  |. 64:890D 000000>MOV DWORD PTR FS:[0],ECX
004A00F5  |. 5E             POP ESI
004A00F6  |. 83C4 0C        ADD ESP,0C
004A00F9  |. C2 0400        RETN 4
004A00FC  |> 6A 24          PUSH 24                                  ;  Case 6 of switch 0049FF9A
004A00FE  |. E8 5D445600    CALL PWI.00A04560
004A0103  |. 83C4 04        ADD ESP,4
004A0106  |. 894424 14      MOV DWORD PTR SS:[ESP+14],EAX
004A010A  |. 85C0           TEST EAX,EAX
004A010C  |. C74424 0C 0600>MOV DWORD PTR SS:[ESP+C],6
004A0114  |. 0F84 EA020000  JE PWI.004A0404
004A011A  |. 56             PUSH ESI
004A011B  |. 8BC8           MOV ECX,EAX
004A011D  |. E8 1E130000    CALL PWI.004A1440
004A0122  |. 8B4C24 04      MOV ECX,DWORD PTR SS:[ESP+4]
004A0126  |. 64:890D 000000>MOV DWORD PTR FS:[0],ECX
004A012D  |. 5E             POP ESI
004A012E  |. 83C4 0C        ADD ESP,0C
004A0131  |. C2 0400        RETN 4
004A0134  |> 6A 4C          PUSH 4C                                  ;  Case 7 of switch 0049FF9A
004A0136  |. E8 25445600    CALL PWI.00A04560
004A013B  |. 83C4 04        ADD ESP,4
004A013E  |. 894424 14      MOV DWORD PTR SS:[ESP+14],EAX
004A0142  |. 85C0           TEST EAX,EAX
004A0144  |. C74424 0C 0700>MOV DWORD PTR SS:[ESP+C],7
004A014C  |. 0F84 B2020000  JE PWI.004A0404
004A0152  |. 56             PUSH ESI
004A0153  |. 8BC8           MOV ECX,EAX
004A0155  |. E8 56360000    CALL PWI.004A37B0
004A015A  |. 8B4C24 04      MOV ECX,DWORD PTR SS:[ESP+4]
004A015E  |. 64:890D 000000>MOV DWORD PTR FS:[0],ECX
004A0165  |. 5E             POP ESI
004A0166  |. 83C4 0C        ADD ESP,0C
004A0169  |. C2 0400        RETN 4
004A016C  |> 6A 38          PUSH 38                                  ;  Case 8 of switch 0049FF9A
004A016E  |. E8 ED435600    CALL PWI.00A04560
004A0173  |. 83C4 04        ADD ESP,4
004A0176  |. 894424 14      MOV DWORD PTR SS:[ESP+14],EAX
004A017A  |. 85C0           TEST EAX,EAX
004A017C  |. C74424 0C 0800>MOV DWORD PTR SS:[ESP+C],8
004A0184  |. 0F84 7A020000  JE PWI.004A0404
004A018A  |. 56             PUSH ESI
004A018B  |. 8BC8           MOV ECX,EAX
004A018D  |. E8 FE260000    CALL PWI.004A2890
004A0192  |. 8B4C24 04      MOV ECX,DWORD PTR SS:[ESP+4]
004A0196  |. 64:890D 000000>MOV DWORD PTR FS:[0],ECX
004A019D  |. 5E             POP ESI
004A019E  |. 83C4 0C        ADD ESP,0C
004A01A1  |. C2 0400        RETN 4
004A01A4  |> 6A 44          PUSH 44                                  ;  Case 9 of switch 0049FF9A
004A01A6  |. E8 B5435600    CALL PWI.00A04560
004A01AB  |. 83C4 04        ADD ESP,4
004A01AE  |. 894424 14      MOV DWORD PTR SS:[ESP+14],EAX
004A01B2  |. 85C0           TEST EAX,EAX
004A01B4  |. C74424 0C 0900>MOV DWORD PTR SS:[ESP+C],9
004A01BC  |. 0F84 42020000  JE PWI.004A0404
004A01C2  |. 56             PUSH ESI
004A01C3  |. 8BC8           MOV ECX,EAX
004A01C5  |. E8 76150000    CALL PWI.004A1740
004A01CA  |. 8B4C24 04      MOV ECX,DWORD PTR SS:[ESP+4]
004A01CE  |. 64:890D 000000>MOV DWORD PTR FS:[0],ECX
004A01D5  |. 5E             POP ESI
004A01D6  |. 83C4 0C        ADD ESP,0C
004A01D9  |. C2 0400        RETN 4
004A01DC  |> 6A 24          PUSH 24                                  ;  Case A of switch 0049FF9A
004A01DE  |. E8 7D435600    CALL PWI.00A04560
004A01E3  |. 83C4 04        ADD ESP,4
004A01E6  |. 894424 14      MOV DWORD PTR SS:[ESP+14],EAX
004A01EA  |. 85C0           TEST EAX,EAX
004A01EC  |. C74424 0C 0A00>MOV DWORD PTR SS:[ESP+C],0A
004A01F4  |. 0F84 0A020000  JE PWI.004A0404
004A01FA  |. 56             PUSH ESI
004A01FB  |. 8BC8           MOV ECX,EAX
004A01FD  |. E8 8E900000    CALL PWI.004A9290
004A0202  |. 8B4C24 04      MOV ECX,DWORD PTR SS:[ESP+4]
004A0206  |. 64:890D 000000>MOV DWORD PTR FS:[0],ECX
004A020D  |. 5E             POP ESI
004A020E  |. 83C4 0C        ADD ESP,0C
004A0211  |. C2 0400        RETN 4
004A0214  |> 6A 2C          PUSH 2C                                  ;  Case B of switch 0049FF9A
004A0216  |. E8 45435600    CALL PWI.00A04560
004A021B  |. 83C4 04        ADD ESP,4
004A021E  |. 894424 14      MOV DWORD PTR SS:[ESP+14],EAX
004A0222  |. 85C0           TEST EAX,EAX
004A0224  |. C74424 0C 0B00>MOV DWORD PTR SS:[ESP+C],0B
004A022C  |. 0F84 D2010000  JE PWI.004A0404
004A0232  |. 56             PUSH ESI
004A0233  |. 8BC8           MOV ECX,EAX
004A0235  |. E8 F6900000    CALL PWI.004A9330
004A023A  |. 8B4C24 04      MOV ECX,DWORD PTR SS:[ESP+4]
004A023E  |. 64:890D 000000>MOV DWORD PTR FS:[0],ECX
004A0245  |. 5E             POP ESI
004A0246  |. 83C4 0C        ADD ESP,0C
004A0249  |. C2 0400        RETN 4
004A024C  |> 6A 24          PUSH 24                                  ;  Case C of switch 0049FF9A
004A024E  |. E8 0D435600    CALL PWI.00A04560
004A0253  |. 83C4 04        ADD ESP,4
004A0256  |. 894424 14      MOV DWORD PTR SS:[ESP+14],EAX
004A025A  |. 85C0           TEST EAX,EAX
004A025C  |. C74424 0C 0C00>MOV DWORD PTR SS:[ESP+C],0C
004A0264  |. 0F84 9A010000  JE PWI.004A0404
004A026A  |. 56             PUSH ESI
004A026B  |. 8BC8           MOV ECX,EAX
004A026D  |. E8 2E920000    CALL PWI.004A94A0
004A0272  |. 8B4C24 04      MOV ECX,DWORD PTR SS:[ESP+4]
004A0276  |. 64:890D 000000>MOV DWORD PTR FS:[0],ECX
004A027D  |. 5E             POP ESI
004A027E  |. 83C4 0C        ADD ESP,0C
004A0281  |. C2 0400        RETN 4
004A0284  |> 6A 24          PUSH 24                                  ;  Case D of switch 0049FF9A
004A0286  |. E8 D5425600    CALL PWI.00A04560
004A028B  |. 83C4 04        ADD ESP,4
004A028E  |. 894424 14      MOV DWORD PTR SS:[ESP+14],EAX
004A0292  |. 85C0           TEST EAX,EAX
004A0294  |. C74424 0C 0D00>MOV DWORD PTR SS:[ESP+C],0D
004A029C  |. 0F84 62010000  JE PWI.004A0404
004A02A2  |. 56             PUSH ESI
004A02A3  |. 8BC8           MOV ECX,EAX
004A02A5  |. E8 86130000    CALL PWI.004A1630
004A02AA  |. 8B4C24 04      MOV ECX,DWORD PTR SS:[ESP+4]
004A02AE  |. 64:890D 000000>MOV DWORD PTR FS:[0],ECX
004A02B5  |. 5E             POP ESI
004A02B6  |. 83C4 0C        ADD ESP,0C
004A02B9  |. C2 0400        RETN 4
004A02BC  |> 6A 48          PUSH 48                                  ;  Case E of switch 0049FF9A
004A02BE  |. E8 9D425600    CALL PWI.00A04560
004A02C3  |. 83C4 04        ADD ESP,4
004A02C6  |. 894424 14      MOV DWORD PTR SS:[ESP+14],EAX
004A02CA  |. 85C0           TEST EAX,EAX
004A02CC  |. C74424 0C 0E00>MOV DWORD PTR SS:[ESP+C],0E
004A02D4  |. 0F84 2A010000  JE PWI.004A0404
004A02DA  |. 56             PUSH ESI
004A02DB  |. 8BC8           MOV ECX,EAX
004A02DD  |. E8 AE280000    CALL PWI.004A2B90
004A02E2  |. 8B4C24 04      MOV ECX,DWORD PTR SS:[ESP+4]
004A02E6  |. 64:890D 000000>MOV DWORD PTR FS:[0],ECX
004A02ED  |. 5E             POP ESI
004A02EE  |. 83C4 0C        ADD ESP,0C
004A02F1  |. C2 0400        RETN 4
004A02F4  |> 6A 20          PUSH 20                                  ;  Case F of switch 0049FF9A
004A02F6  |. E8 65425600    CALL PWI.00A04560
004A02FB  |. 83C4 04        ADD ESP,4
004A02FE  |. 894424 14      MOV DWORD PTR SS:[ESP+14],EAX
004A0302  |. 85C0           TEST EAX,EAX
004A0304  |. C74424 0C 0F00>MOV DWORD PTR SS:[ESP+C],0F
004A030C  |. 0F84 F2000000  JE PWI.004A0404
004A0312  |. 56             PUSH ESI
004A0313  |. 8BC8           MOV ECX,EAX
004A0315  |. E8 26920000    CALL PWI.004A9540
004A031A  |. 8B4C24 04      MOV ECX,DWORD PTR SS:[ESP+4]
004A031E  |. 64:890D 000000>MOV DWORD PTR FS:[0],ECX
004A0325  |. 5E             POP ESI
004A0326  |. 83C4 0C        ADD ESP,0C
004A0329  |. C2 0400        RETN 4
004A032C  |> 6A 58          PUSH 58                                  ;  Case 10 of switch 0049FF9A
004A032E  |. E8 2D425600    CALL PWI.00A04560
004A0333  |. 83C4 04        ADD ESP,4
004A0336  |. 894424 14      MOV DWORD PTR SS:[ESP+14],EAX
004A033A  |. 85C0           TEST EAX,EAX
004A033C  |. C74424 0C 1000>MOV DWORD PTR SS:[ESP+C],10
004A0344  |. 0F84 BA000000  JE PWI.004A0404
004A034A  |. 56             PUSH ESI
004A034B  |. 8BC8           MOV ECX,EAX
004A034D  |. E8 FE2C0000    CALL PWI.004A3050
004A0352  |. 8B4C24 04      MOV ECX,DWORD PTR SS:[ESP+4]
004A0356  |. 64:890D 000000>MOV DWORD PTR FS:[0],ECX
004A035D  |. 5E             POP ESI
004A035E  |. 83C4 0C        ADD ESP,0C
004A0361  |. C2 0400        RETN 4
004A0364  |> 6A 2C          PUSH 2C                                  ;  Case 11 of switch 0049FF9A
004A0366  |. E8 F5415600    CALL PWI.00A04560
004A036B  |. 83C4 04        ADD ESP,4
004A036E  |. 894424 14      MOV DWORD PTR SS:[ESP+14],EAX
004A0372  |. 85C0           TEST EAX,EAX
004A0374  |. C74424 0C 1100>MOV DWORD PTR SS:[ESP+C],11
004A037C  |. 0F84 82000000  JE PWI.004A0404
004A0382  |. 56             PUSH ESI
004A0383  |. 8BC8           MOV ECX,EAX
004A0385  |. E8 06930000    CALL PWI.004A9690
004A038A  |. 8B4C24 04      MOV ECX,DWORD PTR SS:[ESP+4]
004A038E  |. 64:890D 000000>MOV DWORD PTR FS:[0],ECX
004A0395  |. 5E             POP ESI
004A0396  |. 83C4 0C        ADD ESP,0C
004A0399  |. C2 0400        RETN 4
004A039C  |> 6A 2C          PUSH 2C                                  ;  Case 12 of switch 0049FF9A
004A039E  |. E8 BD415600    CALL PWI.00A04560
004A03A3  |. 83C4 04        ADD ESP,4
004A03A6  |. 894424 14      MOV DWORD PTR SS:[ESP+14],EAX
004A03AA  |. 85C0           TEST EAX,EAX
004A03AC  |. C74424 0C 1200>MOV DWORD PTR SS:[ESP+C],12
004A03B4  |. 74 4E          JE SHORT PWI.004A0404
004A03B6  |. 56             PUSH ESI
004A03B7  |. 8BC8           MOV ECX,EAX
004A03B9  |. E8 12960000    CALL PWI.004A99D0
004A03BE  |. 8B4C24 04      MOV ECX,DWORD PTR SS:[ESP+4]
004A03C2  |. 64:890D 000000>MOV DWORD PTR FS:[0],ECX
004A03C9  |. 5E             POP ESI
004A03CA  |. 83C4 0C        ADD ESP,0C
004A03CD  |. C2 0400        RETN 4
004A03D0  |> 6A 28          PUSH 28                                  ;  Case 13 of switch 0049FF9A
004A03D2  |. E8 89415600    CALL PWI.00A04560
004A03D7  |. 83C4 04        ADD ESP,4
004A03DA  |. 894424 14      MOV DWORD PTR SS:[ESP+14],EAX
004A03DE  |. 85C0           TEST EAX,EAX
004A03E0  |. C74424 0C 1300>MOV DWORD PTR SS:[ESP+C],13
004A03E8  |. 74 1A          JE SHORT PWI.004A0404
004A03EA  |. 56             PUSH ESI
004A03EB  |. 8BC8           MOV ECX,EAX
004A03ED  |. E8 0E4F0000    CALL PWI.004A5300
004A03F2  |. 8B4C24 04      MOV ECX,DWORD PTR SS:[ESP+4]
004A03F6  |. 64:890D 000000>MOV DWORD PTR FS:[0],ECX
004A03FD  |. 5E             POP ESI
004A03FE  |. 83C4 0C        ADD ESP,0C
004A0401  |. C2 0400        RETN 4
004A0404  |> 8B4C24 04      MOV ECX,DWORD PTR SS:[ESP+4]             ;  Default case of switch 0049FF9A
004A0408  |. 33C0           XOR EAX,EAX
004A040A  |. 64:890D 000000>MOV DWORD PTR FS:[0],ECX
004A0411  |. 5E             POP ESI
004A0412  |. 83C4 0C        ADD ESP,0C
004A0415  \. C2 0400        RETN 4
004A0418   . ACFF4900       DD PWI.0049FFAC                          ;  Switch table used at 0049FFA5
004A041C   . E4FF4900       DD PWI.0049FFE4
004A0420   . 1C004A00       DD PWI.004A001C
004A0424   . 54004A00       DD PWI.004A0054
004A0428   . 8C004A00       DD PWI.004A008C
004A042C   . C4004A00       DD PWI.004A00C4
004A0430   . FC004A00       DD PWI.004A00FC
004A0434   . 34014A00       DD PWI.004A0134
004A0438   . 6C014A00       DD PWI.004A016C
004A043C   . A4014A00       DD PWI.004A01A4
004A0440   . DC014A00       DD PWI.004A01DC
004A0444   . 14024A00       DD PWI.004A0214
004A0448   . 4C024A00       DD PWI.004A024C
004A044C   . 84024A00       DD PWI.004A0284
004A0450   . BC024A00       DD PWI.004A02BC
004A0454   . F4024A00       DD PWI.004A02F4
004A0458   . 2C034A00       DD PWI.004A032C
004A045C   . 64034A00       DD PWI.004A0364
004A0460   . 9C034A00       DD PWI.004A039C
004A0464   . D0034A00       DD PWI.004A03D0

For casting skills, this how i check my bot if it is casting or not.
It returns the current skill pointer or 0 if not casting any skills.

 Spoiler

Code:

Func CurrentCast()
	$POINTER_BASE = _MemoryRead(_MemoryRead($ADDRESS_BASE, $GAME_PROCESS) + 0x1C, $GAME_PROCESS)
	$POINTER_CHAR = _MemoryRead($POINTER_BASE + 0x28, $GAME_PROCESS)
	Return _MemoryRead($POINTER_CHAR + 0x7C4, $GAME_PROCESS)
EndFunc

[Smurfin]

Ah I see, good to know that. Cos in the old ActionStructure I usually use 2things in there which have their values changed when doing something, one of them probably what you guys call ActionFlag.

As for the value changed to 0 shortly in between actions I use a delay like 1.5 seconds to sleep it off.

It looks like this for mine :

 Spoiler

Code:

func digdelay()
	sleep(500)
	$readfmode1 = _MEMORYPOINTERREAD($APPBASEADDRESS, $mid2, $fmode1)
	$readfmode2 = _MEMORYPOINTERREAD($APPBASEADDRESS, $mid2, $fmode2)
			
	if $readfmode1[1]<>0 and $readfmode2[1]<>0 Then
		do 
			$readfmode1 = _MEMORYPOINTERREAD($APPBASEADDRESS, $mid2, $fmode1)
			$readfmode2 = _MEMORYPOINTERREAD($APPBASEADDRESS, $mid2, $fmode2)
			checkalive()
			if $charstatus="dead" then exitloop
		until $readfmode1[1]=0 and $readfmode2[1]=0 
		sleep(1500)
		$readfmode1 = _MEMORYPOINTERREAD($APPBASEADDRESS, $mid2, $fmode1)
		$readfmode2 = _MEMORYPOINTERREAD($APPBASEADDRESS, $mid2, $fmode2)
		if $readfmode1[1]<>0 and $readfmode2[1]<>0 Then
			do 
				$readfmode1 = _MEMORYPOINTERREAD($APPBASEADDRESS, $mid2, $fmode1)
				$readfmode2 = _MEMORYPOINTERREAD($APPBASEADDRESS, $mid2, $fmode2)
				checkalive()
				if $charstatus="dead" then exitloop
			until $readfmode1[1]=0 and $readfmode2[1]=0 
		EndIf
	EndIf
endfunc

Dunno why I check it like twice in the function but once a function works I usually don't bother trimming it, it's a simple stupid way but it works with the annoying 1 0 1 0 behaviour for gathering resource for moving and actually dig it.

I hope big changes like this won't happen often, it's annoying rewriting everything

[Stark77]

to wait till a skill is casted i check its cooldown:

Code:

skillCooldown := ReadMemoryUint(skillPointer + 0x10,processID)/1000

to check if a npc dialog is opened:

Code:

NPCOpened := ReadMemoryUint(playerPointer + 0xD9E, processID) ; write 1 here to disable the dialog window

----------------------------------------------------------------------------

here a little snipet to check for PMs (chatBase_offset := 0xD28948).
the older chat read functions didnt work for me ()
so sadly $array[$counter][0] = _MemoryRead($pointer + $i * dec("1c") + 0x4, $PROCESS_INFORMATION, "Byte") is not returning the Chat Type anymore unless i do something wrong. to traverse the chat you can now use ChatBasePointer + i*0x24 + 0x8

detect pm snipet:

 Spoiler

Code:

getLastChatNumber() ;~ returns the latest chatNumber of a whisper
{
   ChatBasePointer := ReadMemoryUint(chatBase_offset, processID)
   NumberOfChatMessages := ReadMemoryUint(chatBase_offset + 0x0c, processID)
   thisChatNumber := 0
   
   Loop % 199
   {
      i := NumberOfChatMessages - A_index + 1
      if (i < 0)
         break
      ChatFullText := ReadMemoryUint(ChatBasePointer + i*0x24 + 0x8, processID)
      thisChatType := ReadMemoryUint(ChatFullText + 0x4, processID)
      if ((thisChatType = 3407942) OR ( thisChatType = 3538992)) ;~ whisper friend or normal
      {
         thisChatNumber := ReadMemoryUint(ChatBasePointer + i*0x24 + 0x14, processID) ;~ between 0 and 199
         break
      }
   }
   return thisChatNumber
}

;~ check the global value of latestChatNumber every few sec
Settimer, checkForPMs, 10000

checkForPMs:
{
   checkPMs := getLastChatNumber()
   If (checkPMs > latestChatNumber)
   {
      if (latestChatNumber > 0)
      {
         log("Someone sent you a PM")
         TrayTip, %PlayerName% , "Someone sent you a PM" , 10, 2 
      }
      latestChatNumber := checkPMs
   }
}
return

[WhoMoi]

I am trying to figure out how to convert sending packets from AutoIT to C#. I working off of Interest07 post . I know nothing about AutoIt but I do know some .net and little of C#/C++ variants.

My goal is to figure out how to get the MoveTo or AutoPath to work. I figured I'd start easy with the GatherItem. I tried it several different ways but with no success.

One thing I do know is the "B9" on the second line. If you refer to the link, under the area where it says "//opcode for sending a packet private byte[] sendPacketOpcode = new byte[] ", it shows "B8" on the second line. I tried this both ways.

I tried to make it make the whole packet without using the "//opcode for sending a packet private byte[] sendPacketOpcode = new byte[] " area. Nothing.

Little help please?

Here is what I have at the moment.

 Spoiler

//GatherItem
private int GatherItemAddress;
private byte[] GatherItemAddressRev;
private byte[] GatherItemPkt = new byte[]
{
//0x60,
//0xB9, 0x00, 0x00, 0x00, 0x00, //Address Base
//0x8B, 0x09,
//0x8B, 0x49, 0x1C,
//0x8B, 0x49, 0x28,
0x68, 0x00, 0x00, 0x00, 0x00, //Action Type 0=Pick 1=Dig
0x68, 0x00, 0x00, 0x00, 0x00, //Unique Id of item
0xBB, 0x00, 0x00, 0x00, 0x00, //Gather Address
//0xFF, 0xD3,
//0x61,
//0xc3
};

public void GatherItem(int UniqueID, int ActionType = 0)
{
int packetSize = GatherItemPkt.Length;
if (GatherItemAddress == 0)
{
//load packet in memory
loadPacket(GatherItemPkt, ref GatherItemAddress, ref GatherItemAddressRev);
}

//byte[] realBaseAddressRev = BitConverter.GetBytes(0xD22C74);
//realBaseAddressRev.Reverse();
//MemFunctions.MemWriteBytes(pr_processHandle, GatherItemAddress + 2, realBaseAddressRev);

byte[] ActionTypeRev = BitConverter.GetBytes(ActionType);
ActionTypeRev.Reverse();
MemFunctions.MemWriteBytes(pr_processHandle, GatherItemAddress + 1, ActionTypeRev);

byte[] UniqueIDRev = BitConverter.GetBytes(UniqueID);
UniqueIDRev.Reverse();
MemFunctions.MemWriteBytes(pr_processHandle, GatherItemAddress + 6, UniqueIDRev);

byte[] GatherAddressRev = BitConverter.GetBytes(0x495C40);
GatherAddressRev.Reverse();
MemFunctions.MemWriteBytes(pr_processHandle, GatherItemAddress + 11, GatherAddressRev);

sendPacket(GatherItemAddressRev, packetSize);
}

Thanks

[Stark77]

i am not an expert but maybe you should try to read this (snipets in c):

[WhoMoi]

Figured it out... Here is the snippet if anybody needs

 Spoiler

//GatherItem
private int GatherItemAddress;
private byte[] GatherItemAddressRev;
private byte[] GatherItemPkt = new byte[]
{
0x60,
0xB9, 0x00, 0x00, 0x00, 0x00, //Address Base
0x8B, 0x09,
0x8B, 0x49, 0x1C,
0x8B, 0x49, 0x28,
0x68, 0x00, 0x00, 0x00, 0x00, //Action Type 0=Pick 1=Dig
0x68, 0x00, 0x00, 0x00, 0x00, //Unique Id of item
0xBB, 0x00, 0x00, 0x00, 0x00, //Gather Address
0xFF, 0xD3,
0x61,
0xc3
};

public void GatherItem(int UniqueID, int ActionType)
{
int packetSize = GatherItemPkt.Length;
if (GatherItemAddress == 0)
{
//load packet in memory
loadPacket(GatherItemPkt, ref GatherItemAddress, ref GatherItemAddressRev);
}

byte[] realBaseAddressRev = BitConverter.GetBytes(0xD22C74);
realBaseAddressRev.Reverse();
MemFunctions.MemWriteBytes(pr_processHandle, GatherItemAddress + 2, realBaseAddressRev);

byte[] ActionTypeRev = BitConverter.GetBytes(ActionType);
ActionTypeRev.Reverse();
MemFunctions.MemWriteBytes(pr_processHandle, GatherItemAddress + 15, ActionTypeRev);

byte[] UniqueIDRev = BitConverter.GetBytes(UniqueID);
UniqueIDRev.Reverse();
MemFunctions.MemWriteBytes(pr_processHandle, GatherItemAddress + 20, UniqueIDRev);

byte[] GatherAddressRev = BitConverter.GetBytes(0x495C40);
GatherAddressRev.Reverse();
MemFunctions.MemWriteBytes(pr_processHandle, GatherItemAddress + 25, GatherAddressRev);

MemFunctions.MemWriteBytes(pr_processHandle, packetAddressLocation, GatherItemAddressRev);
MemFunctions.MemWriteByte(pr_processHandle, packetSizeAddress, (byte)packetSize);

//Run the opcode
IntPtr threadHandle = MemFunctions.CreateRemoteThread(pr_processHandle, GatherItemAddress);

//Wait for opcode to be done
MemFunctions.WaitForSingleObject(threadHandle);

//Close the thread
MemFunctions.CloseProcess(threadHandle);
}

[denzjh]

Regular Attack on Target Function:

 Spoiler

Code:

Func InjectCode($OPcode)
	;Declare local variables

	;Open process for given processId
	$processHandle = $GAME_PROCESS[1]

	;Allocate memory for the OpCode and retrieve address for this
	$functionAddress = DllCall('kernel32.dll', 'int', 'VirtualAllocEx', 'int', $processHandle, 'ptr', 0, 'int', 100, 'int', 0x1000, 'int', 0x40)

	;Construct the OpCode for calling the function

	;Put the OpCode into a struct for later memory writing
	$vBuffer = DllStructCreate('byte[' & StringLen($OPcode) / 2 & ']')
	For $loop = 1 To DllStructGetSize($vBuffer)
		DllStructSetData($vBuffer, 1, Dec(StringMid($OPcode, ($loop - 1) * 2 + 1, 2)), $loop)
	Next

	;Write the OpCode to previously allocated memory
	DllCall('kernel32.dll', 'int', 'WriteProcessMemory', 'int', $processHandle, 'int', $functionAddress[0], 'int', DllStructGetPtr($vBuffer), 'int', DllStructGetSize($vBuffer), 'int', 0)


	;Create a remote thread in order to run the OpCode
	$hRemoteThread = DllCall('kernel32.dll', 'int', 'CreateRemoteThread', 'int', $processHandle, 'int', 0, 'int', 0, 'int', $functionAddress[0], 'ptr', 0, 'int', 0, 'int', 0)

	;Wait for the remote thread to finish
	Do
		$result = DllCall('kernel32.dll', 'int', 'WaitForSingleObject', 'int', $hRemoteThread[0], 'int', 50)
	Until $result[0] <> 258

	;Close the handle to the previously created remote thread
	DllCall('kernel32.dll', 'int', 'CloseHandle', 'int', $hRemoteThread[0])

	;Free the previously allocated memory
	DllCall('kernel32.dll', 'ptr', 'VirtualFreeEx', 'hwnd', $processHandle, 'int', $functionAddress[0], 'int', 0, 'int', 0x8000)

	Return True
EndFunc

Func RegAttack($TARGET_ID)
	$OPCODE_REGATTACK = '53558B6C240C56578BF985ED0F84.{8}3BAF.{8}0F84.{8}A1.{8}'
	$ADDRESS_REGATTACK = 0x495B00

	;Construct the OpCode for calling the 'QuestCheck' function
	$OPcode = "60"                   			;60             PUSHAD
	$OPcode &= "6A00"   	         			;6A 00          PUSH 0
	$OPcode &= "6A00"   	         			;6A 00          PUSH 0
	$OPcode &= "BF" & _Hex($TARGET_ID)	  	     	;BF 00000000    MOV EDI, Target ID
	$OPcode &= "57"   	         				;57             PUSH EDI
	$OPcode &= "B9" & _Hex($ADDRESS_BASE)       ;B8 00000000    MOV ECX, $ADDRESS_BASE
	$OPcode &= "8B09"            				;8B009          MOV ECX,DWORD PTR DS:[ECX]
	$OPcode &= "8B491C"          				;8B49 1C        MOV ECX,DWORD PTR DS:[ECX+1C]
	$OPcode &= "8B4928"          				;8B49 28        MOV ECX,DWORD PTR DS:[ECX+28]
	$OPcode &= "BA" & _Hex($ADDRESS_REGATTACK)  ;BA 00000000    MOV EDX, $ADDRESS_REGATTACK
	$OPcode &= "FFD2"            				;FFD2           CALL EDX
	$OPcode &= "61"              				;61             POPAD
	$OPcode &= "C3"              				;C3             RETN

	InjectCode($OPcode)
EndFunc

The OpCode for Searching the RegAttack Function Address is included.

[Smurfin]

About AutoFollow , have anyone look into it ? it's one of the most useful thing for multiclienting, one button pressed and we can have all char follow our main.

AutoFollow is weird, I tried to check if it has a packet for doing that but there's nothing or maybe it's clientside.

Btw Stark777, what method do you use to sniff packets ? I use Interest07's MHS script, I wonder if it's still working with Eclipse patch.

[Stark77]

i do it exactly like this:


follow has no packet... it will just create a sequence of move packets so dont even try. easy way is just make a loop that reads your mains (x,y) and use the autopath every 1 (or 2) seconds to it.

[Remmm]

sniff packets - "PW PacketListener"


config.ini

Code:

[main]
BaseAddress = D22C74
GameRun = D23414
PacketSendFunction = 782fd0
HostPlayerStruct = 28
Name = 6d8
MagicNumber = 7