|
You last visited: Today at 03:28
Advertisement
Sending Packets
Discussion on Sending Packets within the PW Hacks, Bots, Cheats, Exploits forum part of the Perfect World category.
02/20/2012, 09:46
|
#301
|
elite*gold: 10 
Join Date: Sep 2010
Posts: 400
Received Thanks: 234
|
Perhaps use the move action struct to move to your current position?
|
|
|
|
02/20/2012, 11:12
|
#302
|
elite*gold: 0
Join Date: May 2010
Posts: 220
Received Thanks: 203
|
hm............i give it a try, i just remove all action struct for moving.
since the mobs is wandering, bot walk to old mob possition and then attack, looks a bit wirred.
with the send packet, he follow the wandering mob while running to him 
but for stopping, it can be *** enough.
thanks for the hint, sometime i cant see the tree in the wood 
|
|
|
|
|
02/20/2012, 15:25
|
#303
|
elite*gold: 0
Join Date: Sep 2010
Posts: 12
Received Thanks: 2
|
Quote:
Originally Posted by amineurin
thanks for the hint, sometime i cant see the tree in the wood |
The good old walk through door trick.
can't live without it.
btw, thanks ami for the epfollowleader tips.
I finally figure it out and get it to work.
It's weird that MemoryPointerRead and Write fail to work, and I have to make another set of functions to work around that. Maybe its because I'm using win7 64bit? You mentioned to have some difficulties with AutoIt run on the OS. Could you share what your experiences were?
many thanks
|
|
|
|
|
02/20/2012, 19:48
|
#304
|
elite*gold: 0
Join Date: May 2010
Posts: 220
Received Thanks: 203
|
Quote:
Originally Posted by atelarie
It's weird that MemoryPointerRead and Write fail to work, and I have to make another set of functions to work around that. Maybe its because I'm using win7 64bit? You mentioned to have some difficulties with AutoIt run on the OS. Could you share what your experiences were?
many thanks
|
the problems u descripe come from the actual autoit version 3.3.8.1
u have to rewrite some things in the nomadmemory.au3, since in the new version there some syntax changes.
like this:
Quote:
Hex(DllStructGetData($v_Buffer, 2))
comes to
Hex(Int(DllStructGetData($v_Buffer, 2)))
|
if u to lazy to rewrite, grab autoit version 3.3.6.1
works fine without changing anything 
|
|
|
|
|
03/13/2012, 14:48
|
#305
|
elite*gold: 0
Join Date: Jan 2009
Posts: 23
Received Thanks: 3
|
Hi!
I have problems getting selecttarget packet to work.
My package looks like this: Package: '0200217E1080' ;Vanguard Isis
sendPackageFunction at 0x63AA80
I use AutoIt and the code from the first post in this thread.
If I manually click a target I can see that at the start of the sendpackage function esi already contains a pointer to the package to be sent.
If I let the injected code call it the esi register doesn't contain that pointer.
Isn't it enough with the package pointer and package length beeing pushed to the stack before the call, do I need to put it in the esi register?
Hoping you guys can help me out, thanks in advance
Edit: Problem is solved. I didn't use the real base address but some other baseAddress I found in an other forum. With a521c0 as realBaseAddress it worked fine.
/Sturolv
|
|
|
|
|
03/18/2012, 11:30
|
#306
|
elite*gold: 0
Join Date: Jan 2009
Posts: 23
Received Thanks: 3
|
Hi all!
Regarding the regexp to find the invite struct in the start of this thread I have updated the reg expression to find the invCounterBase:
$search = StringRegExp($data, _
'8B85(.{8})' & _
'8B4C2414' & _
'8B542420' & _
'2B54080C' & _
'8DB5.{8}' & _
'03C1',2)
If Not @Error Then
$invCounterBase = hex(dec(rev($search[1])) + 0x20)
EndIf
Hope it will help someone.
|
|
|
|
|
03/25/2012, 13:46
|
#307
|
elite*gold: 0
Join Date: May 2010
Posts: 220
Received Thanks: 203
|
any one know the new packet for refreshing the auction hall page ?
i got it some time ago from dumbfck, but its not working after descent update 
thx
Quote:
;################################################# ###########################
; Refresh AH List function (thx to dumbfck)
;################################################# ###########################
Func refreshAhPage($playerId,$Page)
local $packet, $packetSize
$packet = '25001A00'
$packet &= '00001700'
$packet &= '00002403'
$packet &= '0000'
$packet &= hex($playerId)
$packet &= '0000'
$packet &= '00000000'
$packet &= hex($Page, 8) ; adress to next page items
$packet &= '00000001'
$packet &= '14'
$packetSize = 33
sendPacket($packet, $packetSize, $PROCESS_ID)
EndFunc
|
|
|
|
|
|
03/26/2012, 19:43
|
#308
|
elite*gold: 10
Join Date: Sep 2010
Posts: 400
Received Thanks: 234
|
It's only changed a little bit... The "00000001" at the end seems like it can be anything, but then "14" has changed to "40".
Code:
Func updateAhPage($playerId, $pageOffset, $pid)
local $packet, $packetSize
$packet = '25001A00'
$packet &= '00001700'
$packet &= '00002403'
$packet &= '0000'
$packet &= _hex($playerId)
$packet &= '0000'
$packet &= '00000000'
$packet &= _hex($pageOffset, 8)
$packet &= '00000000'
$packet &= '40'
$packetSize = 33
sendPacket($packet, $packetSize, $pid)
EndFunc
And to update gold listings:
Code:
Func updateGoldListings($playerId, $pid)
$packet = '25002B00'
$packet &= '00000C00'
$packet &= '00009701'
$packet &= '0000'
$packet &= _hex($playerId)
$packet &= '00000000'
$packetSize = 22
sendPacket($packet, $packetSize, $pid)
EndFunc
Enjoy
|
|
|
|
|
03/26/2012, 21:08
|
#309
|
elite*gold: 0
Join Date: Mar 2010
Posts: 862
Received Thanks: 576
|
Thanks dumbfck 
I'm not able to do anything atm, either my MB or HD is dying... busy trying to figure out which 
|
|
|
|
|
03/26/2012, 21:27
|
#310
|
elite*gold: 20
Join Date: May 2009
Posts: 1,290
Received Thanks: 326
|
Quote:
Originally Posted by dumbfck
It's only changed a little bit... The "00000001" at the end seems like it can be anything, but then "14" has changed to "40".
Code:
Func updateAhPage($playerId, $pageOffset, $pid)
local $packet, $packetSize
$packet = '25001A00'
$packet &= '00001700'
$packet &= '00002403'
$packet &= '0000'
$packet &= _hex($playerId)
$packet &= '0000'
$packet &= '00000000'
$packet &= _hex($pageOffset, 8)
$packet &= '00000000'
$packet &= '40'
$packetSize = 33
sendPacket($packet, $packetSize, $pid)
EndFunc
And to update gold listings:
Code:
Func updateGoldListings($playerId, $pid)
$packet = '25002B00'
$packet &= '00000C00'
$packet &= '00009701'
$packet &= '0000'
$packet &= _hex($playerId)
$packet &= '00000000'
$packetSize = 22
sendPacket($packet, $packetSize, $pid)
EndFunc
Enjoy |
Without you and a few other people, this section would be dead. I do not have any use for this, but thanks for always checking around here. Thought i'd say that.
|
|
|
|
|
03/27/2012, 13:46
|
#311
|
elite*gold: 0
Join Date: May 2010
Posts: 220
Received Thanks: 203
|
i think same, dont know exactly how much i coded from the infos i get from you here.
wish u good luck on your hd, interest07.
know it wen the feeling came "aaaah i can lost all my stuff", its a nightmare
|
|
|
|
|
03/27/2012, 18:58
|
#312
|
elite*gold: 10
Join Date: Sep 2010
Posts: 400
Received Thanks: 234
|
Ami has pointed out that my code was wrong... I had cheated and hardcoded my player ID in because I couldn't be arsed to read it from the client first, and hence I didn't test that bit properly
Sorry, here's the revised code with some parts from Interest07's original program. You should be able to run it as-is - Just comment one of the lines out to test the AH or the Gold listings (only leave one of them uncommented otherwise you'll get a 'service unavailable' message in game from the other one)
Code:
;updateAhPage($playerId, $pid)
updateGoldListings($playerId, $pid)
And the whole test program:
Code:
#include <GUIButton.au3>
#include <GUIToolbar.au3>
#include <GUIConstantsEx.au3>
#include <ProgressConstants.au3>
#include <StaticConstants.au3>
#include <WindowsConstants.au3>
#include <EditConstants.au3>
#include <NomadMemory.au3>
#include <Array.au3>
Global $kernel32 = DllOpen('kernel32.dll')
Global $pid = ProcessExists('elementclient.exe')
global $realBaseAddress = 0x00A521C0
global $sendPacketFunction = 0x0063AA80
Global $idOffsetList[4] = [0, 0x1C, 0x34, 0x480]
$processHandle = _MemoryOpen($pid)
Global $playerId = _MemoryPointerRead($realBaseAddress, $processHandle, $idOffsetList)
ConsoleWrite(Hex($playerId[1]))
$playerId = $playerId[1]
_MemoryClose($processHandle)
updateAhPage($playerId, $pid)
;updateGoldListings($playerId, $pid)
DllClose($kernel32)
Func updateAhPage($playerId, $pid)
local $packet, $packetSize
$packet = '25001A00'
$packet &= '00001700'
$packet &= '00002403'
$packet &= '0000'
$packet &= hex($playerId)
$packet &= '0000'
$packet &= '00000000'
$packet &= '00000000'
$packet &= '00000000'
$packet &= '40'
ConsoleWrite(@CRLF & $packet)
$packetSize = 33
sendPacket($packet, $packetSize, $pid)
EndFunc
Func updateGoldListings($playerId, $pid)
$packet = '25002B00'
$packet &= '00000C00'
$packet &= '00009701'
$packet &= '0000'
$packet &= hex($playerId)
$packet &= '00000000'
$packetSize = 22
sendPacket($packet, $packetSize, $pid)
EndFunc
Func sendPacket($packet, $packetSize, $pid)
;//Declare local variables
Local $pRemoteThread, $vBuffer, $loop, $result, $OPcode, $processHandle, $packetAddress
;//Open process for given processId
$processHandle = memopen($pid)
;//Allocate memory for the OpCode and retrieve address for this
$functionAddress = DllCall($kernel32, 'int', 'VirtualAllocEx', 'int', $processHandle, 'ptr', 0, 'int', 0x46, 'int', 0x1000, 'int', 0x40)
;//Allocate memory for the packet to be sent and retrieve the address for this
$packetAddress = DllCall($kernel32, 'int', 'VirtualAllocEx', 'int', $processHandle, 'ptr', 0, 'int', $packetSize, 'int', 0x1000, 'int', 0x40)
;//Construct the OpCode for calling the 'SendPacket' function
$OPcode &= '60' ;//PUSHAD
$OPcode &= 'B8'&_hex($sendPacketFunction) ;//MOV EAX, sendPacketAddress
$OPcode &= '8B0D'&_hex($realBaseAddress) ;//MOV ECX, DWORD PTR [revBaseAddress]
$OPcode &= '8B4920' ;//MOV ECX, DWORD PTR [ECX+20]
$OPcode &= 'BF'&_hex($packetAddress[0]) ;//MOV EDI, packetAddress //src pointer
$OPcode &= '6A'&_hex($packetSize,2) ;//PUSH packetSize //size
$OPcode &= '57' ;//PUSH EDI
$OPcode &= 'FFD0' ;//CALL EAX
$OPcode &= '61' ;//POPAD
$OPcode &= 'C3' ;//RET
;//Put the OpCode into a struct for later memory writing
$vBuffer = DllStructCreate('byte[' & StringLen($OPcode) / 2 & ']')
For $loop = 1 To DllStructGetSize($vBuffer)
DllStructSetData($vBuffer, 1, Dec(StringMid($OPcode, ($loop - 1) * 2 + 1, 2)), $loop)
Next
;//Write the OpCode to previously allocated memory
DllCall($kernel32, 'int', 'WriteProcessMemory', 'int', $processHandle, 'int', $functionAddress[0], 'int', DllStructGetPtr($vBuffer), 'int', DllStructGetSize($vBuffer), 'int', 0)
;//Put the packet into a struct for later memory writing
$vBuffer = DllStructCreate('byte[' & StringLen($packet) / 2 & ']')
For $loop = 1 To DllStructGetSize($vBuffer)
DllStructSetData($vBuffer, 1, Dec(StringMid($packet, ($loop - 1) * 2 + 1, 2)), $loop)
Next
;//Write the packet to previously allocated memory
DllCall($kernel32, 'int', 'WriteProcessMemory', 'int', $processHandle, 'int', $packetAddress[0], 'int', DllStructGetPtr($vBuffer), 'int', DllStructGetSize($vBuffer), 'int', 0)
;//Create a remote thread in order to run the OpCode
$hRemoteThread = DllCall($kernel32, 'int', 'CreateRemoteThread', 'int', $processHandle, 'int', 0, 'int', 0, 'int', $functionAddress[0], 'ptr', 0, 'int', 0, 'int', 0)
;//Wait for the remote thread to finish
Do
$result = DllCall('kernel32.dll', 'int', 'WaitForSingleObject', 'int', $hRemoteThread[0], 'int', 50)
Until $result[0] <> 258
;//Close the handle to the previously created remote thread
DllCall($kernel32, 'int', 'CloseHandle', 'int', $hRemoteThread[0])
;//Free the previously allocated memory
DllCall($kernel32, 'ptr', 'VirtualFreeEx', 'hwnd', $processHandle, 'int', $functionAddress[0], 'int', 0, 'int', 0x8000)
DllCall($kernel32, 'ptr', 'VirtualFreeEx', 'hwnd', $processHandle, 'int', $packetAddress[0], 'int', 0, 'int', 0x8000)
;//Close the Process
memclose($processHandle)
Return True
EndFunc
Func memopen($pid)
Local $mid = DllCall($kernel32, 'int', 'OpenProcess', 'int', 0x1F0FFF, 'int', 1, 'int', $pid)
Return $mid[0]
EndFunc
Func memclose($mid)
DllCall($kernel32, 'int', 'CloseHandle', 'int', $mid)
EndFunc
Func _hex($Value, $size=8)
Local $tmp1, $tmp2, $i
$tmp1 = StringRight("000000000" & Hex($Value),$size)
For $i = 0 To StringLen($tmp1) / 2 - 1
$tmp2 = $tmp2 & StringMid($tmp1, StringLen($tmp1) - 1 - 2 * $i, 2)
Next
Return $tmp2
EndFunc
Have fun
Oh and good luck wth your computer, Interest07 >.< - Hope you had backups!
I know all too well how fecking annoying it is losing everything... I managed to accidentally format my backup drive once lol. Was re-installing Windows and had left my USB hard drive plugged in - Windows very helpfully identified the external hard drive as drive C: so I chose that one for the format. Epic double facepalm headdesk.
|
|
|
|
|
03/27/2012, 19:05
|
#313
|
elite*gold: 0
Join Date: Mar 2010
Posts: 862
Received Thanks: 576
|
Quote:
Originally Posted by dumbfck
Oh and good luck wth your computer, Interest07 >.< - Hope you had backups!
I know all too well how fecking annoying it is losing everything... I managed to accidentally format my backup drive once lol. Was re-installing Windows and had left my USB hard drive plugged in - Windows very helpfully identified the external hard drive as drive C: so I chose that one for the format. Epic double facepalm headdesk.
|
Thanks, and lmao ouch!!
I've been able to move the most important files to an alternate drive. Luckily it didn't always crash on startup, but sometimes took 0-60 minutes
I plugged ina different HD now to see if its the HD or the MB that's causing the crashing. Problem is... I replaced this HD for a reason, but I can't recall what it was, so it might be faulty as well
|
|
|
|
|
03/28/2012, 10:34
|
#314
|
elite*gold: 0
Join Date: May 2010
Posts: 220
Received Thanks: 203
|
Thanks again dumbfck
heres the one which updated a specific page, were $Page is the amount of auctions.
every page has 16 auctions, so lets say we want to see page 10 then $Page=160
or to get every page from 1 to end....
first run:
$Page=15 ;(auctions 0-15)
updateAhPage....
;next page:
$Page +=16
updateAhPage....
....
Quote:
Func updateAhPage($playerId,$Page, $pid)
local $packet, $packetSize
$packet = '25001A00'
$packet &= '00001700'
$packet &= '00002403'
$packet &= '0000'
$packet &= hex($playerId)
$packet &= '0000'
$packet &= '00000000'
$packet &= hex($Page, 8) ; adress to next page items
$packet &= '00000000'
$packet &= '40'
ConsoleWrite(@CRLF & $packet)
$packetSize = 33
sendPacket($packet, $packetSize, $pid)
EndFunc
|
|
|
|
|
|
04/06/2012, 01:31
|
#315
|
elite*gold: 0
Join Date: May 2009
Posts: 32
Received Thanks: 4
|
Just to share with you guys, i converted AutoIt code for ActionStruct to Delphi
Code:
function FloatToHex(const X: double): string; overload;
type
tBA = array [0 .. SizeOf(X) - 1] of byte;
var
Buf: tBA;
i: Integer;
begin
For i := 0 to high(tBA) do
Buf[ high(tBA) - i] := tBA(X)[i];
Buf[0] := Buf[0] xor $80;
SetLength(result, SizeOf(Buf) * 2);
BinToHex(@Buf, PChar(result), SizeOf(Buf));
end;
Function HexToFloat(const s: string): extended;
{ Converts hex of floating point with sign flipped to float value. }
type
tBA = packed array [0 .. SizeOf(result) - 1] of byte;
var
t: string;
Buf1: tBA;
i: Integer;
BufR: packed record case n: Integer of 0: (BA: tBA);
4: (pad4: array [1 .. 6] of byte; sgl: Single);
8: (pad8: array [1 .. 2] of byte; dbl: double);
10: (ext: extended);
end;
begin
t := LowerCase(s);
BufR.n := HexToBin(PChar(t), @Buf1, SizeOf(Buf1));
Buf1[0] := Buf1[0] xor $80;
For i := 0 to high(tBA) do
BufR.BA[ high(tBA) - i] := Buf1[i];
Case BufR.n of
4:
result := BufR.sgl;
8:
result := BufR.dbl;
10:
result := BufR.ext;
else
raise Exception.Create('HexToFloat conversion error');
end;
end;
procedure MoveTo(X, Y, Z, Height: Single);
var
H, TI, PI, W, rw: DWORD;
pointer, ActionStruct, ActionList, MoveAction: DWORD;
Tmp: DWORD;
walkmode: Integer;
Hei: Single;
begin
XGo := X;
YGo := Y;
ZGo := Z;
//
H := FindWindow(nil, PWideChar(PW_TITLE));
if (H <= 0) then
begin
Showmessage('PW Window?');
exit;
end;
TI := GetWindowThreadProcessId(H, @PI);
W := OpenProcess(PROCESS_ALL_ACCESS, False, PI);
ReadProcessMemory(W, ptr(PW_BASE_ADDRESS), @pointer, 4, rw);
// ReadProcessMemory(W, ptr(Pointer + $1C), @Pointer, 4, rw);
ReadProcessMemory(W, ptr(pointer + $34), @pointer, 4, rw);
ReadProcessMemory(W, ptr(pointer + $1050), @ActionStruct,
SizeOf(ActionStruct), rw);
ReadProcessMemory(W, ptr(ActionStruct + $30), @ActionList,
SizeOf(ActionList), rw);
ReadProcessMemory(W, ptr(ActionList + $4), @MoveAction, SizeOf(MoveAction),
rw);
Tmp := 0;
WriteProcessMemory(W, ptr(MoveAction + $8), @Tmp, SizeOf(Tmp), rw);
WriteProcessMemory(W, ptr(MoveAction + $14), @Tmp, SizeOf(Tmp), rw);
WriteProcessMemory(W, ptr(MoveAction + $18), @Tmp, SizeOf(Tmp), rw);
WriteProcessMemory(W, ptr(MoveAction + $38), @Tmp, SizeOf(Tmp), rw);
Tmp := 1;
WriteProcessMemory(W, ptr(MoveAction + $14), @Tmp, SizeOf(Tmp), rw);
//
WriteProcessMemory(W, ptr(MoveAction + $20), @X, SizeOf(X), rw);
WriteProcessMemory(W, ptr(MoveAction + $24), @Z, SizeOf(Z), rw);
WriteProcessMemory(W, ptr(MoveAction + $28), @Y, SizeOf(Y), rw);
// Just for fix some delphi shits -.-
Hei := HexToFloat(FloatToHex(Height));
WriteProcessMemory(W, ptr(MoveAction + $68), @Hei, SizeOf(Hei), rw);
//
if (Height > 0) then
begin
Tmp := 26625;
WriteProcessMemory(W, ptr(MoveAction + $64), @Tmp, SizeOf(Tmp), rw);
Tmp := 256;
WriteProcessMemory(W, ptr(MoveAction + $6C), @Tmp, SizeOf(Tmp), rw);
end
else
begin
Tmp := 26624;
WriteProcessMemory(W, ptr(MoveAction + $64), @Tmp, SizeOf(Tmp), rw);
Tmp := 65536;
WriteProcessMemory(W, ptr(MoveAction + $6C), @Tmp, SizeOf(Tmp), rw);
end;
WriteProcessMemory(W, ptr(ActionStruct + $C), @MoveAction,
SizeOf(MoveAction), rw);
WriteProcessMemory(W, ptr(ActionStruct + $2C), @walkmode, SizeOf(walkmode),
rw);
Tmp := 1;
WriteProcessMemory(W, ptr(ActionStruct + $18), @Tmp, SizeOf(Tmp), rw);
WriteProcessMemory(W, ptr(ActionStruct + $14), @MoveAction,
SizeOf(MoveAction), rw);
end;
I hope this helps someone.
|
|
|
|
 |
|
Similar Threads
|
Help with sending packets in autoit
08/16/2010 - AutoIt - 1 Replies
ive been lookin around different sites for ways to send packets to the game server. the only examples i see is to create a server and a client which i dont need, i think. well to the point now, can someone lead me in a direction or tell me how to send packets to a game? also if i send packets then that means i dont need the game to be active, correct? Because in autoit when u use keys u need to have the game active, and control send does not work. ty
|
Sending Packets !!!
09/07/2008 - Kal Online - 14 Replies
now i know how to sniff / analyse packets ... but what then ? :)
how can i send packets ?? to pimp or mix weapon for example
i just need the way to send , and then i can depend on myself :D
|
Sending Packets (need advice)
03/20/2008 - Conquer Online 2 - 7 Replies
OK well im finaly trying to stop leaching off of everybodys work its been great n all download n play :D But im tired of being a begger n the past couple months ive been learning as much as i can about macros memery add blah blah you know ...
After playing around with ce and ahk the past couple months i stumbled across wpe pro, theres not alot of tuturals and its hard to find good help.
Well heres what ive been doing so far, open my CO then i attach it to my sniffer.
I change my...
|
Scamming by sending packets???
04/15/2006 - Conquer Online 2 - 1 Replies
Well my friend and i came up with the idea to send packets to the server to show a certain item in the trade window. We want to use this as a type of scam. I didnt see this in any other threads and was wondering if anyone knew if this is possible and if they could point use in the right direction. My friend was pretty good with packets in CO 1.0 but we arent really sure to go about doing it. If anyone one could please lend a helping hand?
P.S.- Before I get flamed for this because i know i...
|
Sending packets
10/12/2005 - Conquer Online 2 - 10 Replies
I've a question. Is it possible to send 1 packet multiple times at the exact same time?
|
All times are GMT +1. The time now is 03:28.
|
|
