Func cek_rep($PROCESS_ID)
;Declare local variables
Local $pRemoteThread, $vBuffer, $loop, $result, $OPcode, $processHandle, $packetAddress, $functionSize, $QuestFunctionAddress, $PlayerOffSet, $QuestFunctionOffset, $QuestId, $returnValue
$functionSize = '100'
$QuestFunctionAddress = '0x0073D780'
$QuestFunctionOffset = '0x1058'
$PlayerOffSet = '0x34'
$QuestId = '53762'
;Open process for given processId
$processHandle = $PROCESS_INFORMATION[1]
;Allocate memory for the OpCode and retrieve address for this
$functionAddress = DllCall($KERNEL32, 'int', 'VirtualAllocEx', 'int', $processHandle, 'int', 0, 'int', 0x4, 'int', 0x1000, 'int', 0x40)
;Allocate memory for the packet to be sent and retrieve the address for this
$packetAddress = DllCall($KERNEL32, 'VirtualAllocEx', 'int', $processHandle, 'int', 0, 'int', $functionSize, 'int', 0x1000, 'int', 0x40)
$OPcode &= '60' ;PUSHAD
$OPcode &= 'B8'&_hex($QuestFunctionAddress) ;MOV EAX, questFunction
$OPcode &= '8B0D'&_hex($APP_BASE_ADDRESS) ;MOV ECX, DWORD PTR [baseAddress]
$OPcode &= '8B491C' ;MOV ECX, DWORD PTR [ECX+1C]
$OPcode &= '8B49'&_hex($PlayerOffSet) ;MOV ECX, DWORD PTR [ECX+playerOffSet]
$OPcode &= '8B89'&_hex($QuestFunctionOffset) ;MOV ECX, DWORD PTR [ECX+questFuncOffset]
$OPcode &= '68'&_hex($QuestId) ;PUSH questId
$OPcode &= 'FFD0' ;CALL NEAR EAX
$OPcode &= 'A3'&_hex($functionAddress) ;MOV DWORD PTR [returnAddress], EAX
$OPcode &= '61' ;POPAD
$OPcode &= 'C3' ;RET
;Put the OpCode into a struct for later memory writing
$vBuffer = DllStructCreate('byte[' & StringLen($OPcode) / 2 & ']')
For $loop = 1 To DllStructGetSize($vBuffer)
DllStructSetData($vBuffer, 1, Dec(StringMid($OPcode, ($loop - 1) * 2 + 1, 2)), $loop)
Next
;Write the OpCode to previously allocated memory
DllCall($KERNEL32, 'int', 'WriteProcessMemory', 'int', $processHandle, 'int', $functionAddress[0], 'int', DllStructGetPtr($vBuffer), 'int', $functionSize, 'int *', 0)
;Create a remote thread in order to run the OpCode
$hRemoteThread = DllCall($KERNEL32, 'int', 'CreateRemoteThread', 'int', $processHandle, 'int', 0, 'int', 0, 'int', $functionAddress, 'int', 0, 'int', 0, 'int', 0)
;Wait for the remote thread to finish
Do
$result = DllCall('kernel32.dll', 'int', 'WaitForSingleObject', 'int', $hRemoteThread[0], 'int', 50)
;"WaitForSingleObject", int,hThrd, int,50
Until $result[0] <> 258
;Close the handle to the previously created remote thread
DllCall($KERNEL32, 'int', 'CloseHandle', 'int', $hRemoteThread[0])
;Free the previously allocated memory
DllCall($KERNEL32, 'ptr', "VirtualFreeEx", "int", $processHandle, "int", $functionAddress, "int", 0, "int", 0x8000)
$returnValue = _MemoryRead($functionAddress, $PROCESS_ID)
Return $returnValue
EndFunc
_________
These functions using procedures adopted from checkQuestPresentWQBOT function. I tried to check whether the quest with id:53762 active or not. But when I try to run the function that happens is elementclient going crash.
Did I forget something.?
Btw, that quest id is only in private servers (ko2w-Ultimate and h2w-Revo) .
Func cek_rep($PROCESS_ID)
;Declare local variables
Local $pRemoteThread, $vBuffer, $loop, $result, $OPcode, $processHandle, $packetAddress, $functionSize, $QuestFunctionAddress, $PlayerOffSet, $QuestFunctionOffset, $QuestId, $returnValue
$functionSize = '100'
$QuestFunctionAddress = '0x0073D780'
$QuestFunctionOffset = '0x1058'
$PlayerOffSet = '0x34'
$QuestId = '53762'
;Open process for given processId
$processHandle = $PROCESS_INFORMATION[1]
;Allocate memory for the OpCode and retrieve address for this
$functionAddress = DllCall($KERNEL32, 'int', 'VirtualAllocEx', 'int', $processHandle, 'int', 0, 'int', 0x4, 'int', 0x1000, 'int', 0x40)
;Allocate memory for the packet to be sent and retrieve the address for this
$packetAddress = DllCall($KERNEL32, 'VirtualAllocEx', 'int', $processHandle, 'int', 0, 'int', $functionSize, 'int', 0x1000, 'int', 0x40)
$OPcode &= '60' ;PUSHAD
$OPcode &= 'B8'&_hex($QuestFunctionAddress) ;MOV EAX, questFunction
$OPcode &= '8B0D'&_hex($APP_BASE_ADDRESS) ;MOV ECX, DWORD PTR [baseAddress]
$OPcode &= '8B491C' ;MOV ECX, DWORD PTR [ECX+1C]
$OPcode &= '8B49'&_hex($PlayerOffSet) ;MOV ECX, DWORD PTR [ECX+playerOffSet]
$OPcode &= '8B89'&_hex($QuestFunctionOffset) ;MOV ECX, DWORD PTR [ECX+questFuncOffset]
$OPcode &= '68'&_hex($QuestId) ;PUSH questId
$OPcode &= 'FFD0' ;CALL NEAR EAX
$OPcode &= 'A3'&_hex($functionAddress) ;MOV DWORD PTR [returnAddress], EAX
$OPcode &= '61' ;POPAD
$OPcode &= 'C3' ;RET
;Put the OpCode into a struct for later memory writing
$vBuffer = DllStructCreate('byte[' & StringLen($OPcode) / 2 & ']')
For $loop = 1 To DllStructGetSize($vBuffer)
DllStructSetData($vBuffer, 1, Dec(StringMid($OPcode, ($loop - 1) * 2 + 1, 2)), $loop)
Next
;Write the OpCode to previously allocated memory
DllCall($KERNEL32, 'int', 'WriteProcessMemory', 'int', $processHandle, 'int', $functionAddress[0], 'int', DllStructGetPtr($vBuffer), 'int', $functionSize, 'int *', 0)
;Create a remote thread in order to run the OpCode
$hRemoteThread = DllCall($KERNEL32, 'int', 'CreateRemoteThread', 'int', $processHandle, 'int', 0, 'int', 0, 'int', $functionAddress, 'int', 0, 'int', 0, 'int', 0)
;Wait for the remote thread to finish
Do
$result = DllCall('kernel32.dll', 'int', 'WaitForSingleObject', 'int', $hRemoteThread[0], 'int', 50)
;"WaitForSingleObject", int,hThrd, int,50
Until $result[0] <> 258
;Close the handle to the previously created remote thread
DllCall($KERNEL32, 'int', 'CloseHandle', 'int', $hRemoteThread[0])
;Free the previously allocated memory
DllCall($KERNEL32, 'ptr', "VirtualFreeEx", "int", $processHandle, "int", $functionAddress, "int", 0, "int", 0x8000)
$returnValue = _MemoryRead($functionAddress, $PROCESS_ID)
Return $returnValue
EndFunc
_________
These functions using procedures adopted from checkQuestPresentWQBOT function. I tried to check whether the quest with id:53762 active or not. But when I try to run the function that happens is elementclient going crash.
Did I forget something.?
Btw, that quest id is only in private servers (ko2w-Ultimate and h2w-Revo) .
You appear to be passing strings instead of numbers here:
Its value is correct, a function to handle the NPC and take the quest goes well. I took it directly from the offset wqbot "FlyWQ 2.7" is going well on private server ("ko2w-utimate" and "h2w-Revo"). The bottom line is I want to take a few functions to create a bot that take a quest that has a certain time limit, while waiting for the timeout, the bot will do the hunting. Initially I used a timer but it becomes a problem because I often start the bot while the deadline is already running. That is why I try to use the functionality that the bot will only take a new quest if the quest is complete length of the deadline..
Hi Interest07,
I need your help.
I have problem with buyitem function.It can't buy anything from NPC.
I read at page 7 that buyitem function have something wrong? Can you check this func again?
This is function, copy from your #1 post
Func buyItem($itemTypeId,$shopIndex,$amount, $pid) ;//Buy $amount of items of type itemTypeId, located at shopIndex ;//shopIndex is calculated as follows: ;//Each tab in the shop has 32 available spaces, index of each space ;//starts at 0, index of each tab starts at 0. $shopIndex would then be ;//shopIndex = tabIndex * 32 + spaceIndex ;//This function could be expanded to include buying multiple items ;//simultaneously. This would require setting nBytes equal to ;//8 + 12 * nDifferent items. Add the extra items on the same way ;//as the first item. local $packet, $packetSize
The packets are encrypted before sent to the server as far as I know, so WPE pro won't help. I view the packets by settings a breakpoint at the sendPacket function (so before encryption) using MHS and displaying whats in the stack. YOu can automatically edit the packets here if you wish, but the above methods shouldn't be possible though, as you send a packet to the server saying "Please refine this n that item" instead of "I refined this item, update it please"
This is result for buying a sword with $itemTypeId=41, $shopIndex = 0, $amount=1
I'm not familiar with MHS , i can't see what look like packet in these stack
That's your game specific version number. I am talking about the Client/Server version, which is a constant accross all servers/frenchises.
PWI runs 1.4.6 (or 1.4.5 still? did they change version with latest expansion?), Indo/mylasia 1.4.4, Brazil 1.4.5, And most private servers are now 1.4.4 , with the exception of the rich ones which can afford 1.4.5.
1.4.5 server version's buy packet is 12 bytes longer then the older ones. I hate this packet, it seems they change it for fun with every new version. The 12 new bytes are 00 .... so I think the chinese are laughing at bot creators.
Edit: I found it, Buy packet of Interest07 is 30 bytes, Sᴡoosh is 50 bytes, and according to your word: "12 bytes longer". I guess that there is a packet with 38 bytes. And yes, it's working
1.4.5 server version's buy packet is 12 bytes longer then the older ones. I hate this packet, it seems they change it for fun with every new version. The 12 new bytes are 00 .... so I think the chinese are laughing at bot creators.
I just know what does those longer bytes mean.
It use to store Merit points for Guild (from 30-38 bytes), and 3 merit points of 3 Orders (from 38-50) when you buy item need merit point
I hope this help buy packet get away from your "hate" , Swoosh!
Hi all,
I'm not back, just popping in briefly :P
Anyone know if they've fixed the charm dropping glitch? Just updated my dropper tool and now it comes up "unable to discard item". It would make sense that they have, but just wondering lol.
Cheers.
Edit: Nevermind, just found it in the cabbage patch notes lol.
"Fixed an exploit to drop bound-equipment/items"
Help with sending packets in autoit 08/16/2010 - AutoIt - 1 Replies ive been lookin around different sites for ways to send packets to the game server. the only examples i see is to create a server and a client which i dont need, i think. well to the point now, can someone lead me in a direction or tell me how to send packets to a game? also if i send packets then that means i dont need the game to be active, correct? Because in autoit when u use keys u need to have the game active, and control send does not work. ty
Sending Packets !!! 09/07/2008 - Kal Online - 14 Replies now i know how to sniff / analyse packets ... but what then ? :)
how can i send packets ?? to pimp or mix weapon for example
i just need the way to send , and then i can depend on myself :D
Sending Packets (need advice) 03/20/2008 - Conquer Online 2 - 7 Replies OK well im finaly trying to stop leaching off of everybodys work its been great n all download n play :D But im tired of being a begger n the past couple months ive been learning as much as i can about macros memery add blah blah you know ...
After playing around with ce and ahk the past couple months i stumbled across wpe pro, theres not alot of tuturals and its hard to find good help.
Well heres what ive been doing so far, open my CO then i attach it to my sniffer.
I change my...
Scamming by sending packets??? 04/15/2006 - Conquer Online 2 - 1 Replies Well my friend and i came up with the idea to send packets to the server to show a certain item in the trade window. We want to use this as a type of scam. I didnt see this in any other threads and was wondering if anyone knew if this is possible and if they could point use in the right direction. My friend was pretty good with packets in CO 1.0 but we arent really sure to go about doing it. If anyone one could please lend a helping hand?
P.S.- Before I get flamed for this because i know i...
Sending packets 10/12/2005 - Conquer Online 2 - 10 Replies I've a question. Is it possible to send 1 packet multiple times at the exact same time?