PWI Hack Sourcecodes Blog

[lolkop]

autoit automaticly reads the to normal strings if you use wchar @ memread

[Smurfin]

hi ntKid, thanks for the tips, but in my case I think I put a wrong charbase address since it didn't show up anything. As usual, I'm bad in figuring out memory addresses lol

[AngryShadow]

I am a n00b IT guy. I started a new job with the Army as a network administration specialist and am experienced in HTML and a little C+ but i'd really love to learn this sourcecode stuff for PWI as i love the game and would like to make some improvements and even host a server at some point if i could. If anyone could give me an idea as to where to start researching this knoweledge as to how to manipulate the code and enhance the user experience of the game, it would be much appreciated. I'd pay for lessons if i could find someone who had the time to teach me. I got skills, but their random and I havent gotten very far with PW code. I also have a copy of an Angelica 3D utility that has been modified somewhat from malaysian chinese GUI to English if that can help anyone. It has much functionality that I cannot translate because my chinese isnt that good at all. Arabic, Spanish, and Polish are my strong suits. I can also help with the decompilation of the models .pck files but thats about it at this point. I hope theres something i can bring to this forum as i am a veteran gamer and an avid PvPer. from Frogger - CounterStrike (valve) to Aion i've fooled with it all but to no mastery. Tell me if im in the right place please. and thankyou for your time =]

[omarranimado]

Quote:

Originally Posted by lolkop

well the functions are simple winapis. the hard stuff is not to use this, but to find the functions in the client...

if you know how to find those functions you can easily use them... that way you're able to do what ever you like in the client, without needing to send any keys or clicks...

for example you could even produce mouseclicks ingame...

this is an example function for mouseclicks ingame, without using real mouse commands.

Code:

; $mid (memory handle returned by openprocess) must be predefined as global (used this way cuz its more efficient)
Func Click($x, $y)
	Local $pRemoteThread, $vBuffer, $loop, $result, $OPcode
	; --- save the position of the allocated memory ---
	$pRemoteMem = DllCall($kernel32, 'int', 'VirtualAllocEx', 'int', $mid, 'ptr', 0, 'int', 0x46, 'int', 0x1000, 'int', 0x40)
	; --- build up the asm code ---
	;~ 00404856  |. 6A 00          PUSH 0                                   ; /Arg7 = 00000000
	;~ 00404858  |. 52             PUSH EDX                                 ; |Arg6 = 00000000
	;~ 00404859  |. 51             PUSH ECX                                 ; |Arg5 = y
	;~ 0040485A  |. 50             PUSH EAX                                 ; |Arg4 = x
	;~ 0040485B  |. A1 6C3E9F00    MOV EAX,DWORD PTR DS:[9F3E6C]            ; |
	;~ 00404860  |. 6A 00          PUSH 0                                   ; |Arg3 = 00000000
	;~ 00404862  |. 6A 00          PUSH 0                                   ; |Arg2 = 00000000
	;~ 00404864  |. 8B48 1C        MOV ECX,DWORD PTR DS:[EAX+1C]            ; |
	;~ 00404867  |. 68 E0000000    PUSH 0E0                                 ; |Arg1 = 000000E0
	;~ 0040486C  |. E8 8F5A0300    CALL elementc.0043A300                   ; \elementc.0043A300
	$OPcode &= '60'                                                         ; pushad
	$OPcode &= '6A00'                                                       ; push 0
	$OPcode &= '6A00'                                                       ; push Z (allways 0 :P)
	$OPcode &= '68'&_hex($y)                                                ; push y
	$OPcode &= '68'&_hex($x)                                                ; push x
	$OPcode &= 'A1'&_hex($base)                                             ; mov eax, [base]
	$OPcode &= '6A00'                                                       ; push 0
	$OPcode &= '6A00'                                                       ; push 0
	$OPcode &= '8B481C'                                                     ; mov ecx, [eax+0x1C]
	$OPcode &= '68'&_hex(0xE0)                                              ; push 0xE0
	$OPcode &= 'E8'&_hex($move_call-$pRemoteMem[0]-5-StringLen($OPcode)/2)  ; call move_call
	$OPcode &= '61'                                                         ; popad
	$OPcode &= 'C3'                                                         ; retn
	; --- enter the asm code to to a dllstruct, which can be used with WriteProcessMemory ---
	$vBuffer = DllStructCreate('byte[' & StringLen($OPcode) / 2 & ']')
	For $loop = 1 To DllStructGetSize($vBuffer)
		DllStructSetData($vBuffer, 1, Dec(StringMid($OPcode, ($loop - 1) * 2 + 1, 2)), $loop)
	Next
	; --- now letz write the code from our dllstruct ---
	DllCall($kernel32, 'int', 'WriteProcessMemory', 'int', $mid, 'int', $pRemoteMem[0], 'int', DllStructGetPtr($vBuffer), 'int', DllStructGetSize($vBuffer), 'int', 0)
	; --- now we run the asm code we've just written ---
	$hRemoteThread = DllCall($kernel32, 'int', 'CreateRemoteThread', 'int', $mid, 'int', 0, 'int', 0, 'int', $pRemoteMem[0], 'ptr', 0, 'int', 0, 'int', 0)
	; --- wait till the thread did his job ---
	Do
		$result = DllCall('kernel32.dll', 'int', 'WaitForSingleObject', 'int', $hRemoteThread[0], 'int', 50)
	Until $result[0] <> 258
	; --- close everything we've opened ---
	DllCall($kernel32, 'int', 'CloseHandle', 'int', $hRemoteThread[0])
	DllCall($kernel32, 'ptr', 'VirtualFreeEx', 'hwnd', $mid, 'int', $pRemoteMem[0], 'int', 0, 'int', 0x8000)
	Return True
EndFunc

as you can see i realy used the original function from the client.

so if you ask yourself, why would i do this if i could also use postmessage or sendmessage, here's the answer....
you can even chat while using this... it doesn't simulate anything. it just directly accesses the function the client uses, if you click somewhere.

another reason would be that you can work control-based ingame. the function i have posted will directly click @ the gameworld. it it won't access anything else, like the chatwindow or the minimap. its working behind those controls =)

any1 have a working autoit example of this ?
what is $move_call ?

[ericthow]

Can you make a bot for perfect world the legend of mermaid (my-en)??

[kerosene69]

Quote:

pRemoteMem = 0x1bc60000

How did brows get that address?