World Of Warcraft Development

[malu05]

Ohh Sry.

And how is it done, malu05 ?

a ) Adress finding, how do you search for it o_O ?

B ) The Packet reading, you have to "see" the packets, 100% AutoIT ? Or some Dll's in use?

c ) The Packet Editing, Do you edit the send packets or the ones you get,,?

a )

I use the same UDF as ThermoPrime does.

It is like making a file finder... just for memory locations.

The values i use to find the location is acturally a really stupid mistake by Blizzard making static parts in a variable pointer (hard to explain without the intire code)

B ) personally i use a DLL im not sure if AutoIT can handle it "out of the box"

But i made a little UDF myself for the purpose... an example;

;;================================================================================
;;ForwardW
;;================================================================================
func ForwardW()
$Value = GUICtrlRead($valueInput)
WinActivate($ProcessID)
sleep(100)
$CurrentLocX = _MemoryRead($memoryx , $DllInformation, 'float')
while _IsPressed ( 57 , 'user32.dll') = 1 
;Process_memory
$CurrentLocX = _MemoryRead($memoryx , $DllInformation, 'float')
$CurrentLocX = ($CurrentLocX+$addX)
;Process_memory_convert
$posInput = _FloatToBin($CurrentLocX,1)
$posInput2 = _FloatToBin($CurrentLocX,2)
$posInput3 = _FloatToBin($CurrentLocX,3)
$posInput4 = _FloatToBin($CurrentLocX,4)
;process_packets
_MemoryWrite($memoryX , $DllInformation, $CurrentLocX  , 'float')
_MemoryWrite($memoryX2 , $DllInformation,$CurrentLocX  , 'float')
_PacketOpen($ProcessID, , "80.239.149.121:3724", $PacType)
_PacketStopTransf($ProcessID, 'recv')
_PacketReplace($ProcessID, "15", "17", $posInput, 'send')
_PacketReplace($ProcessID, "22", "23", $posInput2, 'send')
_PacketReplace($ProcessID, "22", "23", $posInput3, 'send')
;for secure
_PacketReplace($ProcessID, "4", "5", $posInput4, 'recv')
_PacketClose($ProcessID, , "80.239.149.121:3724", $PacType)
WEnd
EndFunc ;==>ForwardW

This function makes me teleport forward with $addX as offset.

This gives some sort of "Blink Effect"(mage abillity).

c )

Send...

[J0ker]

So your saying that you are able to teleport yourself while this is supposed to be fixed? I remember me using a teleport hack a few month ago but Blizzard fixed it.

[malu05]

So your saying that you are able to teleport yourself while this is supposed to be fixed? I remember me using a teleport hack a few month ago but Blizzard fixed it.

Seems so, doenst it?

[Snarg]

Seems so, doenst it?

Previous teleport hacks were done by editing client memory. Yours seems to work through 'modifying' sent packets. Is this correct?

[Jon]

That travel bot is very nice. Travelling around can be such a time-sink.

[Snarg]

That travel bot is very nice. Travelling around can be such a time-sink.

Off Topic: Didn't know you were a WoW addict.

[malu05]

Previous teleport hacks were done by editing client memory. Yours seems to work through 'modifying' sent packets. Is this correct?

Correct

[Kickassjoe]

So... Programming for WoW is just a hobby? I would love to see how good you are at other things. (because, IMO, you're amazing)

[Busti]

Ohh Sry.

a )

I use the same UDF as ThermoPrime does.

It is like making a file finder... just for memory locations.

The values i use to find the location is acturally a really stupid mistake by Blizzard making static parts in a variable pointer (hard to explain without the intire code)

B ) personally i use a DLL im not sure if AutoIT can handle it "out of the box"

But i made a little UDF myself for the purpose... an example;

;;================================================================================
;;ForwardW
;;================================================================================
func ForwardW()
$Value = GUICtrlRead($valueInput)
WinActivate($ProcessID)
sleep(100)
$CurrentLocX = _MemoryRead($memoryx , $DllInformation, 'float')
while _IsPressed ( 57 , 'user32.dll') = 1 
;Process_memory
$CurrentLocX = _MemoryRead($memoryx , $DllInformation, 'float')
$CurrentLocX = ($CurrentLocX+$addX)
;Process_memory_convert
$posInput = _FloatToBin($CurrentLocX,1)
$posInput2 = _FloatToBin($CurrentLocX,2)
$posInput3 = _FloatToBin($CurrentLocX,3)
$posInput4 = _FloatToBin($CurrentLocX,4)
;process_packets
_MemoryWrite($memoryX , $DllInformation, $CurrentLocX  , 'float')
_MemoryWrite($memoryX2 , $DllInformation,$CurrentLocX  , 'float')
_PacketOpen($ProcessID, , "80.239.149.121:3724", $PacType)
_PacketStopTransf($ProcessID, 'recv')
_PacketReplace($ProcessID, "15", "17", $posInput, 'send')
_PacketReplace($ProcessID, "22", "23", $posInput2, 'send')
_PacketReplace($ProcessID, "22", "23", $posInput3, 'send')
;for secure
_PacketReplace($ProcessID, "4", "5", $posInput4, 'recv')
_PacketClose($ProcessID, , "80.239.149.121:3724", $PacType)
WEnd
EndFunc ;==>ForwardW

This function makes me teleport forward with $addX as offset.

This gives some sort of "Blink Effect"(mage abillity).

c )

Send...

Blizzard IP : _PacketClose($ProcessID, , "80.239.149.121:3724", $PacType) ????????

And,wich DLL do you use?

And nice how youve done this

[Snarg]

Correct

Any chance you will post the contents of this variable: $DllInformation

Also, what are the odds of us seeing the code for this function: _PacketReplace

[malu05]

Blizzard IP : _PacketClose($ProcessID, , "80.239.149.121:3724", $PacType) ????????

And,wich DLL do you use?

And nice how youve done this

Some homemade stuff.

I tho "stole" most of the code, ill post you a link if i can find it again.

Anyway.

I think ill take some weeks off, all of these new suddent new exiting projects seem to take most of my time.

So.... adios for now!

Edited May 7, 2007 by malu05

[Snarg]

I think ill take some weeks off, all of these new suddent new exiting projects seem to take most of my time.

So.... adios for now!

Ack! Please, post some more code before you leave! At least an update to your travel bot...

[malu05]

Ack! Please, post some more code before you leave! At least an update to your travel bot...

hmm...

I might grap something up o' my sleeve tomorrow.

(that "something" will include a scrapped version of the pointerscanner)

But if no new from me tomorrow.. then i have changed my mind.

(since its "something" that i originally intended to keep for myself)

Edited May 7, 2007 by malu05

[Zephir]

Any chance you will post the contents of this variable: $DllInformation

Also, what are the odds of us seeing the code for this function: _PacketReplace

Hey Snarg,

$DllInformation is the handle that is returned by _MemoryOpen:

$id = WinGetProcess('World of Warcraft')
$DllINformation = _MemoryOpen($id)

The second thing i would love to see too

[Jon]

Off Topic: Didn't know you were a WoW addict.

Yeah, I had it bad for the first year of release. Down to 1 or 2 hours a week for casual PVP now. Lvl 70 Undead mage - 90k kills

[Periklis]

I did some test runs during the weekend.

Came up with some smal problems but not unsolvable. Pathfinding in fine granularity takes a while ... but thats relative ... finding a path from Top-Left to Bottom-Right of Kalimdor cannot be done in milliseconds.

Here is what i thought of:

Every Pathfinding grid should have predefined paths:

Ex.

Grid 1,1 will have the following ones to speed up cross-blp travelling. (I use blp as term to signify a square in the 64,64 map)

PREDEF_NORTH_TO_SOUTH

PREDEF_NORTH_TO_EAST

PREDEF_NORTH_TO_WEST

....

PREDEF_SOUTH_TO NORTH

Having those paths precalculated let us call them prefered paths will cut Pathfinding calculation time significally.

So travelling from Top-Left to Bottom-Right will only need 2 fine path calulations.

One for the starting grid to prefered path for the direction we wish to travel, and for on the destination grid from the grid entry point to the fine granularity destination point

Kinda hard to explain without pictures but when im done i will show you what i mean.

BR

/P

.

P.S.

Nice teleport Hack malu05 ... do we need pathfinding ?

[Tsabrack]

Heya,

Here comes the AI stuff ( little late, but better late than never ).

Basically there's two approaches for designing IA Robot, reactive or cognitive approach. The reactive approach is ... well one could say close to the way insects behave. There's no plan, what it does is only react to environment stimuli. The other one has more planning but it requires some knowledge of the surrounding environments.

Here's some tactics:

Vectorial Approch:

This one's clearly suited for navigation, maybe not for pathfinding but for ennemies avoiding. It only requires immediate knowledge of the env.

Field Approach

This one is also nice, but requires more knowledge of your environment.

Now for behavior, that becomes a little more trick.

The easiest technique, called "Subsumption". Basically you have several goal ordered by prioritity and you test one after the other:

You test one goal after the other, the first condition true is executed. (pretty blunt)

Then you can have multiple tasks in competition, each one with a weight, that one beeing evaluated based on stimuli from the environment (or from the robot status, like health, mana ...):

We choose the one with the highest weigth

Afterwards there a plenty of other techniques, depending of what we can know (the "vision" of the bot surrounding), and the time we can spend doing it, we'd choose one or the other.

Hope this helps.

Tsa

Edited May 7, 2007 by Tsabrack

[Busti]

Some homemade stuff.

I tho "stole" most of the code, ill post you a link if i can find it again.

Anyway.

I think ill take some weeks off, all of these new suddent new exiting projects seem to take most of my time.

So.... adios for now!

+#

Thief xD

Why you dont post your code, then you dont have to search the site

[malu05]

I did some test runs during the weekend...

I am really looking forward to see what you come up with.

Really exiting!

Heya,

Here comes the AI stuff ( little late, but better late than never ).

Hehe.. never too late.

As the bot doesn't have the enviromental information yet it is far from "late".

I used the DataStream Manipulator to test input and output packets in autoIT but im still not 100% sure that it is the way i want to go.

I might go for the memory and then have the "enviroment" added into the info too. So much of this AI stuff could be made possible.

+#

Thief xD

Why you dont post your code, then you dont have to search the site

Because there are certain functions that i don't want in the hand of the wrong people. ^^

And the code is lap-over-lap-over-lap so i can't "just" remove a function without ruining the intire structure.

And i don't feel like rewriting it right now, as it was a hell to do in the first place.

Google is you friend!

There is alot of people who have asked me about the packets and what the data i posted here earlier last month was all about.

-When talking about other mobs/npc's and objects data you should look for -34-packets

-When talking about your data look for -38-packets

Here is an example of a -38- packet;

This are 2 unique Heartstone packets for the NightElf start area.

01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 
-----------------------------------------------------------------------------------------------------------------
9E 7F 07 0B 97 92 04 00 00 00 00 00 00 00 27 40 45 63 33 1D 21 46 A2 DD 4F 44 1F CD A5 44 E8 9B 22 40 13 00 00 00
10 E3 07 BA 07 93 04 00 00 00 00 00 00 00 CA 7D 46 63 33 1D 21 46 A2 DD 4F 44 1F CD A5 44 7B 60 6A 40 9F 02 00 00 
                                          [timestamp] [  posY   ] [   posX  ] [   posZ  ]   [rot]


A  B  C  D
19-20-21-22 = PossitionY
23-24-25-26 = PositionX
27-28-29-30 = PositionZ
      33-34 = Rotation

The number is reverse.

So for example the Z position

If you change A +1 value your altitude almost wont change at all

If you change C +1 value your altitude will change quite visibly

and if you change D +1 value you will intially go so far up in the sky that it will take 15sec or more before you come down to the earth and die when hitting the ground.

For thoes who have asked how to change then well... It is hex values... so

FF = Max

00 = Min

So lets say your current X -C-D position is like in the example above "4F 44"

And you want to go North just a small step change the value to "50 44"

And if you want to go North a big step change the value to "FF 44" or even "00 45"

; Note that editing the packets will disconnect you if you change your X and Y position +/- 0.05

; This is the client disconnecting you. So make the client accept your changes.

The -38- packets are used for everything you do.

For example you can change the 38 packet for

-Heartstone (you will be you will be ported to the destination value when used)

-Death (when you die and press (release spirit) you will be ported to the destination value)

-Blink or other teleport abbilities (you will be ported to the destination value when used)

I made a test on the death packet and made a little script that automatticly recorded my position when i died.

When i then clicked "Release Spirit" i was ported right upon my corpse so i could press (ressurect) right away. (very handy^^)

Edited May 9, 2007 by malu05

[Busti]

When i then clicked "Release Spirit" i was ported right upon my corpse so i could press (ressurect) right away. (very handy^^)

rofl, and you still got no ban...^^