malu05 Posted May 6, 2007 Author Posted May 6, 2007 Ohh Sry. And how is it done, malu05 ? a ) Adress finding, how do you search for it o_O ? B ) The Packet reading, you have to "see" the packets, 100% AutoIT ? Or some Dll's in use? c ) The Packet Editing, Do you edit the send packets or the ones you get,,? a ) I use the same UDF as ThermoPrime does. It is like making a file finder... just for memory locations. The values i use to find the location is acturally a really stupid mistake by Blizzard making static parts in a variable pointer (hard to explain without the intire code) B ) personally i use a DLL im not sure if AutoIT can handle it "out of the box" But i made a little UDF myself for the purpose... an example; ;;================================================================================ ;;ForwardW ;;================================================================================ func ForwardW() $Value = GUICtrlRead($valueInput) WinActivate($ProcessID) sleep(100) $CurrentLocX = _MemoryRead($memoryx , $DllInformation, 'float') while _IsPressed ( 57 , 'user32.dll') = 1 ;Process_memory $CurrentLocX = _MemoryRead($memoryx , $DllInformation, 'float') $CurrentLocX = ($CurrentLocX+$addX) ;Process_memory_convert $posInput = _FloatToBin($CurrentLocX,1) $posInput2 = _FloatToBin($CurrentLocX,2) $posInput3 = _FloatToBin($CurrentLocX,3) $posInput4 = _FloatToBin($CurrentLocX,4) ;process_packets _MemoryWrite($memoryX , $DllInformation, $CurrentLocX , 'float') _MemoryWrite($memoryX2 , $DllInformation,$CurrentLocX , 'float') _PacketOpen($ProcessID, , "80.239.149.121:3724", $PacType) _PacketStopTransf($ProcessID, 'recv') _PacketReplace($ProcessID, "15", "17", $posInput, 'send') _PacketReplace($ProcessID, "22", "23", $posInput2, 'send') _PacketReplace($ProcessID, "22", "23", $posInput3, 'send') ;for secure _PacketReplace($ProcessID, "4", "5", $posInput4, 'recv') _PacketClose($ProcessID, , "80.239.149.121:3724", $PacType) WEnd EndFunc ;==>ForwardW This function makes me teleport forward with $addX as offset. This gives some sort of "Blink Effect"(mage abillity). c ) Send... [center][u]WoW Machinima Tool[/u] (Tool for Machinima Artists) [/center]
J0ker Posted May 6, 2007 Posted May 6, 2007 So your saying that you are able to teleport yourself while this is supposed to be fixed? I remember me using a teleport hack a few month ago but Blizzard fixed it.
malu05 Posted May 6, 2007 Author Posted May 6, 2007 So your saying that you are able to teleport yourself while this is supposed to be fixed? I remember me using a teleport hack a few month ago but Blizzard fixed it.Seems so, doenst it? [center][u]WoW Machinima Tool[/u] (Tool for Machinima Artists) [/center]
Snarg Posted May 6, 2007 Posted May 6, 2007 Seems so, doenst it?Previous teleport hacks were done by editing client memory. Yours seems to work through 'modifying' sent packets. Is this correct? A little reading goes a long way. Post count means nothing.
Administrators Jon Posted May 6, 2007 Administrators Posted May 6, 2007 That travel bot is very nice. Travelling around can be such a time-sink. Deployment Blog:Â https://www.autoitconsulting.com/site/blog/ SCCM SDK Programming:Â https://www.autoitconsulting.com/site/sccm-sdk/
Snarg Posted May 6, 2007 Posted May 6, 2007 That travel bot is very nice. Travelling around can be such a time-sink.Off Topic: Didn't know you were a WoW addict. A little reading goes a long way. Post count means nothing.
malu05 Posted May 6, 2007 Author Posted May 6, 2007 Previous teleport hacks were done by editing client memory. Yours seems to work through 'modifying' sent packets. Is this correct?Correct [center][u]WoW Machinima Tool[/u] (Tool for Machinima Artists) [/center]
Kickassjoe Posted May 6, 2007 Posted May 6, 2007 So... Programming for WoW is just a hobby? I would love to see how good you are at other things. (because, IMO, you're amazing) What goes around comes around... Payback's a bitch.
Busti Posted May 6, 2007 Posted May 6, 2007 Ohh Sry. a ) I use the same UDF as ThermoPrime does. It is like making a file finder... just for memory locations. The values i use to find the location is acturally a really stupid mistake by Blizzard making static parts in a variable pointer (hard to explain without the intire code) B ) personally i use a DLL im not sure if AutoIT can handle it "out of the box" But i made a little UDF myself for the purpose... an example; ;;================================================================================ ;;ForwardW ;;================================================================================ func ForwardW() $Value = GUICtrlRead($valueInput) WinActivate($ProcessID) sleep(100) $CurrentLocX = _MemoryRead($memoryx , $DllInformation, 'float') while _IsPressed ( 57 , 'user32.dll') = 1 ;Process_memory $CurrentLocX = _MemoryRead($memoryx , $DllInformation, 'float') $CurrentLocX = ($CurrentLocX+$addX) ;Process_memory_convert $posInput = _FloatToBin($CurrentLocX,1) $posInput2 = _FloatToBin($CurrentLocX,2) $posInput3 = _FloatToBin($CurrentLocX,3) $posInput4 = _FloatToBin($CurrentLocX,4) ;process_packets _MemoryWrite($memoryX , $DllInformation, $CurrentLocX , 'float') _MemoryWrite($memoryX2 , $DllInformation,$CurrentLocX , 'float') _PacketOpen($ProcessID, , "80.239.149.121:3724", $PacType) _PacketStopTransf($ProcessID, 'recv') _PacketReplace($ProcessID, "15", "17", $posInput, 'send') _PacketReplace($ProcessID, "22", "23", $posInput2, 'send') _PacketReplace($ProcessID, "22", "23", $posInput3, 'send') ;for secure _PacketReplace($ProcessID, "4", "5", $posInput4, 'recv') _PacketClose($ProcessID, , "80.239.149.121:3724", $PacType) WEnd EndFunc ;==>ForwardW This function makes me teleport forward with $addX as offset. This gives some sort of "Blink Effect"(mage abillity). c ) Send... Blizzard IP : _PacketClose($ProcessID, , "80.239.149.121:3724", $PacType) ???????? And,wich DLL do you use? And nice how youve done this My UDF's : Startet on : 06.06.2006_CaseSearchOrReplaceStr();~> Searches OR Replaces a String,;~> With or Without Casesensivity
Snarg Posted May 7, 2007 Posted May 7, 2007 CorrectAny chance you will post the contents of this variable: $DllInformationAlso, what are the odds of us seeing the code for this function: _PacketReplace A little reading goes a long way. Post count means nothing.
malu05 Posted May 7, 2007 Author Posted May 7, 2007 (edited) Blizzard IP : _PacketClose($ProcessID, , "80.239.149.121:3724", $PacType) ????????And,wich DLL do you use?And nice how youve done this Some homemade stuff.I tho "stole" most of the code, ill post you a link if i can find it again.Anyway.I think ill take some weeks off, all of these new suddent new exiting projects seem to take most of my time.So.... adios for now! Edited May 7, 2007 by malu05 [center][u]WoW Machinima Tool[/u] (Tool for Machinima Artists) [/center]
Snarg Posted May 7, 2007 Posted May 7, 2007 I think ill take some weeks off, all of these new suddent new exiting projects seem to take most of my time.So.... adios for now!Ack! Please, post some more code before you leave! At least an update to your travel bot... A little reading goes a long way. Post count means nothing.
malu05 Posted May 7, 2007 Author Posted May 7, 2007 (edited) Ack! Please, post some more code before you leave! At least an update to your travel bot...hmm...I might grap something up o' my sleeve tomorrow.(that "something" will include a scrapped version of the pointerscanner)But if no new from me tomorrow.. then i have changed my mind.(since its "something" that i originally intended to keep for myself) Edited May 7, 2007 by malu05 [center][u]WoW Machinima Tool[/u] (Tool for Machinima Artists) [/center]
Zephir Posted May 7, 2007 Posted May 7, 2007 Any chance you will post the contents of this variable: $DllInformation Also, what are the odds of us seeing the code for this function: _PacketReplace Hey Snarg, $DllInformation is the handle that is returned by _MemoryOpen: $id = WinGetProcess('World of Warcraft') $DllINformation = _MemoryOpen($id) The second thing i would love to see too
Administrators Jon Posted May 7, 2007 Administrators Posted May 7, 2007 Off Topic: Didn't know you were a WoW addict.Yeah, I had it bad for the first year of release. Down to 1 or 2 hours a week for casual PVP now. Lvl 70 Undead mage - 90k kills Deployment Blog:Â https://www.autoitconsulting.com/site/blog/ SCCM SDK Programming:Â https://www.autoitconsulting.com/site/sccm-sdk/
Periklis Posted May 7, 2007 Posted May 7, 2007 I did some test runs during the weekend. Came up with some smal problems but not unsolvable. Pathfinding in fine granularity takes a while ... but thats relative ... finding a path from Top-Left to Bottom-Right of Kalimdor cannot be done in milliseconds. Here is what i thought of: Every Pathfinding grid should have predefined paths: Ex. Grid 1,1 will have the following ones to speed up cross-blp travelling. (I use blp as term to signify a square in the 64,64 map) PREDEF_NORTH_TO_SOUTH PREDEF_NORTH_TO_EAST PREDEF_NORTH_TO_WEST .... PREDEF_SOUTH_TO NORTH Having those paths precalculated let us call them prefered paths will cut Pathfinding calculation time significally. So travelling from Top-Left to Bottom-Right will only need 2 fine path calulations. One for the starting grid to prefered path for the direction we wish to travel, and for on the destination grid from the grid entry point to the fine granularity destination point Kinda hard to explain without pictures but when im done i will show you what i mean. BR /P . P.S. Nice teleport Hack malu05 ... do we need pathfinding ?
Tsabrack Posted May 7, 2007 Posted May 7, 2007 (edited) Heya,Here comes the AI stuff ( little late, but better late than never ).Basically there's two approaches for designing IA Robot, reactive or cognitive approach. The reactive approach is ... well one could say close to the way insects behave. There's no plan, what it does is only react to environment stimuli. The other one has more planning but it requires some knowledge of the surrounding environments. Here's some tactics:Vectorial Approch:This one's clearly suited for navigation, maybe not for pathfinding but for ennemies avoiding. It only requires immediate knowledge of the env.Field ApproachThis one is also nice, but requires more knowledge of your environment.Now for behavior, that becomes a little more trick. The easiest technique, called "Subsumption". Basically you have several goal ordered by prioritity and you test one after the other:You test one goal after the other, the first condition true is executed. (pretty blunt)Then you can have multiple tasks in competition, each one with a weight, that one beeing evaluated based on stimuli from the environment (or from the robot status, like health, mana ...):We choose the one with the highest weigthAfterwards there a plenty of other techniques, depending of what we can know (the "vision" of the bot surrounding), and the time we can spend doing it, we'd choose one or the other. Hope this helps.Tsa Edited May 7, 2007 by Tsabrack
Busti Posted May 7, 2007 Posted May 7, 2007 Some homemade stuff.I tho "stole" most of the code, ill post you a link if i can find it again.Anyway.I think ill take some weeks off, all of these new suddent new exiting projects seem to take most of my time.So.... adios for now! +#Thief xDWhy you dont post your code, then you dont have to search the site My UDF's : Startet on : 06.06.2006_CaseSearchOrReplaceStr();~> Searches OR Replaces a String,;~> With or Without Casesensivity
malu05 Posted May 7, 2007 Author Posted May 7, 2007 (edited) I did some test runs during the weekend... I am really looking forward to see what you come up with. Really exiting! Heya, Here comes the AI stuff ( little late, but better late than never ). Hehe.. never too late. As the bot doesn't have the enviromental information yet it is far from "late". I used the DataStream Manipulator to test input and output packets in autoIT but im still not 100% sure that it is the way i want to go. I might go for the memory and then have the "enviroment" added into the info too. So much of this AI stuff could be made possible. +# Thief xD Why you dont post your code, then you dont have to search the site Because there are certain functions that i don't want in the hand of the wrong people. ^^ And the code is lap-over-lap-over-lap so i can't "just" remove a function without ruining the intire structure. And i don't feel like rewriting it right now, as it was a hell to do in the first place. Google is you friend! There is alot of people who have asked me about the packets and what the data i posted here earlier last month was all about. -When talking about other mobs/npc's and objects data you should look for -34-packets -When talking about your data look for -38-packets Here is an example of a -38- packet; This are 2 unique Heartstone packets for the NightElf start area. 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 ----------------------------------------------------------------------------------------------------------------- 9E 7F 07 0B 97 92 04 00 00 00 00 00 00 00 27 40 45 63 33 1D 21 46 A2 DD 4F 44 1F CD A5 44 E8 9B 22 40 13 00 00 00 10 E3 07 BA 07 93 04 00 00 00 00 00 00 00 CA 7D 46 63 33 1D 21 46 A2 DD 4F 44 1F CD A5 44 7B 60 6A 40 9F 02 00 00 [timestamp] [ posY ] [ posX ] [ posZ ] [rot] A B C D 19-20-21-22 = PossitionY 23-24-25-26 = PositionX 27-28-29-30 = PositionZ 33-34 = Rotation The number is reverse. So for example the Z position If you change A +1 value your altitude almost wont change at all If you change C +1 value your altitude will change quite visibly and if you change D +1 value you will intially go so far up in the sky that it will take 15sec or more before you come down to the earth and die when hitting the ground. For thoes who have asked how to change then well... It is hex values... so FF = Max 00 = Min So lets say your current X -C-D position is like in the example above "4F 44" And you want to go North just a small step change the value to "50 44" And if you want to go North a big step change the value to "FF 44" or even "00 45" ; Note that editing the packets will disconnect you if you change your X and Y position +/- 0.05 ; This is the client disconnecting you. So make the client accept your changes. The -38- packets are used for everything you do. For example you can change the 38 packet for -Heartstone (you will be you will be ported to the destination value when used) -Death (when you die and press (release spirit) you will be ported to the destination value) -Blink or other teleport abbilities (you will be ported to the destination value when used) I made a test on the death packet and made a little script that automatticly recorded my position when i died. When i then clicked "Release Spirit" i was ported right upon my corpse so i could press (ressurect) right away. (very handy^^) Edited May 9, 2007 by malu05 [center][u]WoW Machinima Tool[/u] (Tool for Machinima Artists) [/center]
Busti Posted May 7, 2007 Posted May 7, 2007 When i then clicked "Release Spirit" i was ported right upon my corpse so i could press (ressurect) right away. (very handy^^)rofl, and you still got no ban...^^ My UDF's : Startet on : 06.06.2006_CaseSearchOrReplaceStr();~> Searches OR Replaces a String,;~> With or Without Casesensivity
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now