I opened a new blog at wordpress, because i think PW is such a great game and got such a small coding community.
I release tools, offsets, memory stuff, loader and lots of stuff there, but ONLY AutoIT sourcecodes.
If you like .exe files you can take my sourcecodes and create one on your own with AutoIT.
Feel free and take a look, if you like PW and AutoIT. I will update as often i can!
I'll keep new Memory Adresses and Offsets for PWI up2date as good as i can.
Hope to see you in comments, or feel free to discuss the stuff in this thread.
and a function to select the mobs we've just collected, using the id:
Code:
Func Int2Hex($Value)
Local $tmp1, $tmp2, $i
$tmp1 = StringRight("0000000" & Hex($Value), 8)
For $i = 0 To StringLen($tmp1) / 2 - 1
$tmp2 = $tmp2 & StringMid($tmp1, StringLen($tmp1) - 1 - 2 * $i, 2)
Next
Return $tmp2
EndFunc
Func SelectMob($pid, $mob_id)
Local $kernel32, $pRemoteThread, $vBuffer, $loop, $result, $OPcode
$kernel32 = DllOpen("kernel32.dll")
; --- open the process ---
$mid = DllCall("kernel32.dll", 'int', 'OpenProcess', 'int', 0x1F0FFF, 'int', 1, 'int', $pid)
; --- save the position of the allocated memory ---
$pRemoteMem = DllCall($kernel32, "ptr", "VirtualAllocEx", "int", $mid[0], "ptr", 0, "int", 0x46, "int", 0x1000, "int", 0x40)
$pRemoteMem = $pRemoteMem[0]
; --- build up the asm code ---
$OPcode = "608B156C3E9F0068"&Int2Hex($mob_id)&"8B4A2081C1EC000000BAC09C5E00FFD261C3"
; --- enter the asm code to to a dllstruct, which can be used with WriteProcessMemory ---
$vBuffer = DllStructCreate("byte[" & StringLen($OPcode) / 2 & "]")
For $loop = 1 To DllStructGetSize($vBuffer)
DllStructSetData($vBuffer, 1, Dec(StringMid($OPcode, ($loop - 1) * 2 + 1, 2)), $loop)
Next
; --- now letz write the code from our dllstruct ---
DllCall($kernel32, "int", "WriteProcessMemory", "int", $mid[0], "ptr", $pRemoteMem, "ptr", DllStructGetPtr($vBuffer), "int", DllStructGetSize($vBuffer), "int", 0)
; --- now we run the asm code we've just written ---
$hRemoteThread = DllCall($kernel32, "int", "CreateRemoteThread", "int", $mid[0], "ptr", 0, "int", 0, "int", $pRemoteMem, "ptr", 0, "int", 0, "int", 0)
; --- wait till the thread did his job ---
Do
$result = DllCall("kernel32.dll", "int", "WaitForSingleObject", "int", $hRemoteThread[0], "int", 50)
Until $result[0] <> 258
; --- close everything we've opened ---
DllCall($kernel32, "int", "CloseHandle", "int", $hRemoteThread[0])
DllCall($kernel32, "ptr", "VirtualFreeEx", "hwnd", $mid[0], "ptr", $pRemoteMem, "int", 0, "int", 0x8000)
DllCall("kernel32.dll", 'int', 'CloseHandle', 'int', $mid[0])
DllClose($kernel32)
Return True
EndFunc
Well those Functions are made to work for PWI they had to be edited to work for other clients too =) (could easily be automated, using the stringregexp functions)
same could be done with items on the ground, to pick them up.
guess explaining of the codecave i've used for selecting mobs is not needed. there's allready a stickied thread about it.
Added a Perfect World map supporting multiclient. (you can see where your characters are, while being on desktop)
The only use for now what I can see for that map is if you attach Herb/Monster/NPC/Resource locations to it (like ) and make it so clicking in the external map autopaths your character ingame there.
well the functions are simple winapis. the hard stuff is not to use this, but to find the functions in the client...
if you know how to find those functions you can easily use them... that way you're able to do what ever you like in the client, without needing to send any keys or clicks...
for example you could even produce mouseclicks ingame...
this is an example function for mouseclicks ingame, without using real mouse commands.
Code:
; $mid (memory handle returned by openprocess) must be predefined as global (used this way cuz its more efficient)
Func Click($x, $y)
Local $pRemoteThread, $vBuffer, $loop, $result, $OPcode
; --- save the position of the allocated memory ---
$pRemoteMem = DllCall($kernel32, 'int', 'VirtualAllocEx', 'int', $mid, 'ptr', 0, 'int', 0x46, 'int', 0x1000, 'int', 0x40)
; --- build up the asm code ---
;~ 00404856 |. 6A 00 PUSH 0 ; /Arg7 = 00000000
;~ 00404858 |. 52 PUSH EDX ; |Arg6 = 00000000
;~ 00404859 |. 51 PUSH ECX ; |Arg5 = y
;~ 0040485A |. 50 PUSH EAX ; |Arg4 = x
;~ 0040485B |. A1 6C3E9F00 MOV EAX,DWORD PTR DS:[9F3E6C] ; |
;~ 00404860 |. 6A 00 PUSH 0 ; |Arg3 = 00000000
;~ 00404862 |. 6A 00 PUSH 0 ; |Arg2 = 00000000
;~ 00404864 |. 8B48 1C MOV ECX,DWORD PTR DS:[EAX+1C] ; |
;~ 00404867 |. 68 E0000000 PUSH 0E0 ; |Arg1 = 000000E0
;~ 0040486C |. E8 8F5A0300 CALL elementc.0043A300 ; \elementc.0043A300
$OPcode &= '60' ; pushad
$OPcode &= '6A00' ; push 0
$OPcode &= '6A00' ; push Z (allways 0 :P)
$OPcode &= '68'&_hex($y) ; push y
$OPcode &= '68'&_hex($x) ; push x
$OPcode &= 'A1'&_hex($base) ; mov eax, [base]
$OPcode &= '6A00' ; push 0
$OPcode &= '6A00' ; push 0
$OPcode &= '8B481C' ; mov ecx, [eax+0x1C]
$OPcode &= '68'&_hex(0xE0) ; push 0xE0
$OPcode &= 'E8'&_hex($move_call-$pRemoteMem[0]-5-StringLen($OPcode)/2) ; call move_call
$OPcode &= '61' ; popad
$OPcode &= 'C3' ; retn
; --- enter the asm code to to a dllstruct, which can be used with WriteProcessMemory ---
$vBuffer = DllStructCreate('byte[' & StringLen($OPcode) / 2 & ']')
For $loop = 1 To DllStructGetSize($vBuffer)
DllStructSetData($vBuffer, 1, Dec(StringMid($OPcode, ($loop - 1) * 2 + 1, 2)), $loop)
Next
; --- now letz write the code from our dllstruct ---
DllCall($kernel32, 'int', 'WriteProcessMemory', 'int', $mid, 'int', $pRemoteMem[0], 'int', DllStructGetPtr($vBuffer), 'int', DllStructGetSize($vBuffer), 'int', 0)
; --- now we run the asm code we've just written ---
$hRemoteThread = DllCall($kernel32, 'int', 'CreateRemoteThread', 'int', $mid, 'int', 0, 'int', 0, 'int', $pRemoteMem[0], 'ptr', 0, 'int', 0, 'int', 0)
; --- wait till the thread did his job ---
Do
$result = DllCall('kernel32.dll', 'int', 'WaitForSingleObject', 'int', $hRemoteThread[0], 'int', 50)
Until $result[0] <> 258
; --- close everything we've opened ---
DllCall($kernel32, 'int', 'CloseHandle', 'int', $hRemoteThread[0])
DllCall($kernel32, 'ptr', 'VirtualFreeEx', 'hwnd', $mid, 'int', $pRemoteMem[0], 'int', 0, 'int', 0x8000)
Return True
EndFunc
as you can see i realy used the original function from the client.
so if you ask yourself, why would i do this if i could also use postmessage or sendmessage, here's the answer....
you can even chat while using this... it doesn't simulate anything. it just directly accesses the function the client uses, if you click somewhere.
another reason would be that you can work control-based ingame. the function i have posted will directly click @ the gameworld. it it won't access anything else, like the chatwindow or the minimap. its working behind those controls =)
odbg is awesome if u're looking for functions. functions are allways getting called by the main programm.
so you could set breakpoints on each single call using parameters (olly shows you the arguements the calls use), and u'll see where the client breaks on actions.
so if you do something and the client breaks @ the breakpoint, u've found the function.
Okay I'll try to find some functions when I'm home.
But one question to your 1. code:
You Wrote a Struct with WriteProcessMemory in the mem, but why do you need a struct for that?
I tried to get the code in c#, but the client crashs always (or It gives some stupid error messages).
Now I wrote the byte[] array directly with WriteProcessMemory, but than the Client always give me the Message::
Server Error. Please log off and try again.
well autoit isn't able to handle pointers, with external dll calls.
writeprocessmemory needs a pointer to the code, that gets written. since i'm not able to create pointers in autoit, i have to use the dllstruct command
hey lolkop ^^
i failed to translate "608B156C3E9F0068(mob_id)8B4A2081C1EC000000BAC09C5 E00FFD261C3"
to clear asm text -.- can you pls post it... ^^"
...
or is this right ?
pushad
mov edx,[0x009F3E6C]
push (mob_id)
mov ecx,[edx+0x20]
add ecx,0x000000ec
mov edx,[0x005E9CC0]
call edx
popad
ret
[Stolen]Sourcecodes 03/10/2010 - CrossFire - 4 Replies hi habe ein paar Sourcecodes für die coder vllt hilft euch das ja.
Credits gehen an:dodo4876(****.net)
{
public:
float fMoveMentWalkRate; //0000
float fMovementDuckRate; //0004
float fMovementSideRate; //0008
float fMoveMentAcceleration; //000C
float fMoveMentFriction; //0010
SourceCodes: SmurfIT, AutoPotv1.95 and ZcPWBotv1.2 10/23/2009 - Perfect World - 45 Replies I am in open source feeling, so im spreading the sources of this Bots. Partwise its crappy code, but nevertheless enjoy it!
SmurfIT:
cl1p.net
AutoPotv1.95:
cl1p.net
ZcPWBotv1.2:
cl1p.net
Suche SourceCodes 10/06/2009 - Flyff Private Server - 4 Replies Hi
ich suche ein paar source von verschiedenen Flyff hacks. Habe auch schon via google gesucht, aber noch nichts gefunden. Soweit ich weiß kann mann aus diesen SourceCodes einen Neuen UNDETECTEN hack basteln oder?
Alle hilfreichen posts werden mit einem dicken DaumenHoch und einem Thanks bedankt ;)
Suche SourceCodes von Hacks 04/12/2008 - General Coding - 0 Replies Moin ich mal wieder...
bin auf der suche nach sourcecodes von hacks favorisiert aber css... ist egal ob detectet oder nicht oder wieviele funktionen er hat. bin einfach nur interessiert wie genau den sowas funktioniert und wie man das mit dem d3d ingame menu anstellt
wäre für ein paar links hier oder per pm sehr dankbar
thanks 
