SolarStrike Software

Posted: **Sat Jan 12, 2013 8:11 am**

My first simple test worked.

keyboardPress(key.VK_ENTER) 
yrest(100) 
keyboardPress(key.VK_DIVIDE) 
yrest(100) 
keyboardType("select euvano") 
yrest(1000) 
keyboardPress(key.VK_ENTER)

But the timing has to be right or it would press the enter key before all the characters were typed.

I found that I could enter the text into memory. A bit hard to test because CE doesn't write unicode text and neither does MM. But basically I should be able to do

Code: Select all

keyboardPress(key.VK_ENTER) 
--write command directly into memory
keyboardPress(key.VK_ENTER)

That should be a lot more reliable and faster.

@Administrator, is it possible to have a memory write function that writes in Unicode as part of MM? It seems the right place for it. You have one for reading Unicode. Otherwise I will have to make a bot level function, that would probably be slower too.

Posted: **Sat Jan 12, 2013 11:23 am**

rock5 wrote:@Administrator, is it possible to have a memory write function that writes in Unicode as part of MM? It seems the right place for it. You have one for reading Unicode. Otherwise I will have to make a bot level function, that would probably be slower too.

There's a problem with that. Despite the name, Unicode isn't very unified. There's countless variants for different things. You can't even rely on each character occupying the same number of bytes. In some variants, there are 2 bytes per character while in others you need 4. There are even a few that use 2 bytes for some characters and 4 for certain other characters.

I have no problem with supporting Unicode. Deciding which variant to use is the hard part. There's really no way to tell what the target process is using short of trial and error.

Posted: **Sat Jan 12, 2013 11:48 am**

Ok. I guess I'll make my own function for Aion then. It just seems to be regular characters separated by null bytes.

Posted: **Sat Jan 12, 2013 12:21 pm**

Also I find myself needing to initialise the memory area I edit for typing, by "typing" 255 characters first. I noticed some strange behavior and was wondering if you could shed some light on it. If I type

Code: Select all

Command> keyboardType("123456789012345678901234567890123456789012345678901234567
89012345678901234567890123456789012345678901234567890123456789012345678901234567
89012345678901234567890123456789012345678901234567890123456789012345678901234567
89012345678901234567890123456789012345")

It takes about 24s but the function returns about half way through that. I tried changing the typing delay but it made little difference to the total time it takes for all the characters to be typed.

Now 24s / 255characters = 94ms. If I set the typing delay to 90 then the characters are typed at that speed and the function returns about when it finishes typing. If I halve the delay, the typing seems to be going at the same speed, the function returns about half way through, then the rest of the characters appear really fast. As I reduce the delay further, the typing goes slower and slower and the typing function returns sooner. But always, at some point, the rest of the characters appear really quick. If I set the typing delay to 0, the typing function immediately returns. In the game nothing happens for a long while then suddenly the characters start appearing really fast and finishes, again, roughly 24s.

I'm assuming there is some sort of buffer and I don't expect you will be able to help me make it go faster but I was just hoping to understand it a bit better. One thing I noticed is if I press and hold a key, it will fill in about 10 seconds so I wonder why typing from MM seems to have to take 24s.

Posted: **Sat Jan 12, 2013 1:00 pm**

I'm not really sure what that's all about. The keyboardType() function just iterated through each character, looks up the virtual key code for it, then calls keyboardPress() for that character. I never found it to be very reliable. Since it is resting between characters, it doesn't make any sense that it would return before it finished. If it did, the rest of the characters would never be sent. I think what you're experiencing may be a result of something with how this game handles input or something.

Posted: **Sat Jan 12, 2013 1:59 pm**

Yeah, by buffer I meant buffer in the game. I didn't think MM was doing that.

Ok, thanks anyway. I'll just have to put up with it.

Posted: **Sat Jan 12, 2013 2:15 pm**

rock5 wrote:
nightclaw wrote:thats not true you type in a command with a name and target i do it all time with macro 4 crafting for the crafting NPC ya just type it in the chat
Are you talking about entering directly into chat? So from the bot you would send the keypresses "[ENTER]/select sam[ENTER]"? I don't know how reliable it would be but worth a try.

yep

Posted: **Mon Jan 14, 2013 4:28 am**

sorry, seems I have less self control than I want lol

I am sure you will know what to do with this, hope it works for you =)
If it fails in MM, test it in CE to make sure it isn't just MM failing to read.

Code: Select all

array = {}
for i = 0, 10 do
	table.insert(array, memoryReadRepeat("ustringptr",proc, mainOffset + 0xFAC8B8, {0x270,0x2F8,0x400,0xE0,0x0 + (i*4),0x254, 0x3A}))
end
table.print(array)

It survived many game restarts for me, no idea on how to get size of the array just yet, I could do it with a batch read but since that isn't included in MM just yet I didn't want to add it in.
That is just for the names, which I figured you would work out.

Code: Select all

table: 007A8DA8
1:      *charname*
2:      Rakelaw Slink
3:      Smallhorn Kerub
4:      Brownbristle Brax
5:      Brownbristle Brax
6:      Brownbristle Brax
7:      Brownbristle Brax
8:
9:
10:
11:

Code: Select all

table: 00762350
1:
2:      Feira
3:      Ben
4:      Pinkbeak Airon
5:      Pinkbeak Airon
6:      *charname*
7:      Pinkbeak Airon
8:      Pinkbeak Airon
9:      *somerandochar*
10:
11:

Posted: **Mon Jan 14, 2013 4:57 am**

Code: Select all

local array = {}
for i = 0, 7 do
	local name = memoryReadRepeat("ustringptr",proc, mainOffset + 0xFAC8B8, {0x270,0x2F8,0x400,0xE0,0x0 + (i*4),0x254, 0x3A})
	if name then	
		table.insert(array, name)
	end
end
table.print(array)

Little more investigating and this array is the field of view, I guess you could call it the stuff that shows on minimap. So turn character and it changes.

Posted: **Mon Jan 14, 2013 12:18 pm**

Thanks and well done. I'll look into it. I'm assuming it just shows mobs but if it works it might provide clues on how to find other tables. It's a shame about the in view limitation.

Posted: **Mon Jan 14, 2013 9:35 pm**

rock5 wrote: I'm assuming it just shows mobs

Seems to be anything that you can click, mob/npc/resource/quest item

rock5 wrote:It's a shame about the in view limitation

Yeah the game itself has a "field of view" on the minimap, so you can't see mobs sneak up behind you lol

rock5 wrote: it might provide clues on how to find other tables

Here is what I have found, if you take the address of the name for the object and then - 3A, the last offset. Then do a CE hex search for that value you usually get 4 results.
Last result is usually the one that you will find in that array I posted, the other 3 always have the same value after that address.
ie.
address of name is F793A43A, CE search for F793A400 gets 4 results that look like this in memory view, they also have the same value before it aswell, which probably varies each log in.

Code: Select all

2FDB9838 F793A400 00000008
2FDB9838 F793A400 00000005
2FDB9838 F793A400 00000002
              F793A400

so the last is in the array that I posted, 1 of the other 3 will probably be the mob array.

Posted: **Mon Jan 14, 2013 11:12 pm**

lisa wrote:Here is what I have found, if you take the address of the name for the object and then - 3A, the last offset.

So the base of the pawns extra info, ok.

lisa wrote:Then do a CE hex search for that value you usually get 4 results.

I even get only one result which is from the pawn obviously. So that didn't work.

But it sounds like you are saying the array you posted is an array of what I call extra info addresses but it's not. It's an array of pawn base addresses. Hm...

I think there has to be an array of mobs around you including behind you because if you spin around quickly the dots appear instantly so they are not coming from the server. I think I need to find somewhere where the array around me doesn't change. I had the idea of going into an instance. The lowest level instance I've found is in Verteron lvl18. I just levelled to 15 yesterday. Maybe I'll level to 18 and try that.

Posted: **Tue Jan 15, 2013 3:27 am**

i used to use a app called z radar, which would show me all around me, gatherables, asmos, elyos, and mobs, so yes, it should be there, how else could that app show me all that

oh wait, i could decompile it, its autoit, perhaps you can use it ^^

Botje

Posted: **Tue Jan 15, 2013 4:28 am**

If it is for current game version I should be able to translate it to a format we can understand.

ie.
"Game.dll" + BE2018
supposedly if the text of that address is "/" then the game version is
__ncsoft_na_2712_907_104_5114 which all of the addresses are based on, NA version.

they have player name at "Game.dll" + C47908
can't test any of this as I am at home, if anyone can confirm those as working I should be able to do the rest tonight.

Inventory slots total is an int at
"Game.dll" + BED564

Posted: **Tue Jan 15, 2013 8:34 pm**

nope the addresses are for an older client.

Posted: **Tue Jan 15, 2013 9:58 pm**

If you can read it maybe you can work out the structure so we can find something similar in the current version.

Edit: I had another look at it. I think I understand it. Each 'node' points to the next node and the pawn address is 12 off from the nodes. I'll have a look for that pattern.

Posted: **Tue Jan 15, 2013 11:27 pm**

This is the part that has the most info for it really.

Code: Select all

	Local $first_node
	Local $next_node
	Local $entity_pointer
	Local $entity_type
	$nodelists_start_address = get_nodelists_start_address()
	$first_node = "0x" & Hex(_memoryread($nodelists_start_address, $client_memory_hndl, "uint"), 8)
	$entity_pointer = "0x" & Hex(_memoryread("0x" & Hex(Int($first_node) + 12, 8), $client_memory_hndl, "uint"), 8)
	$next_node = $first_node
	$entity_dictionary.removeall()
	While True
		If $entity_pointer <> "0x00000000" AND $entity_pointer <> "0xCDCDCDCD" Then
			$entity_type = entity_get_type($entity_pointer)
		Else
			Return
		EndIf
		If $entity_type = "User" OR $entity_type = "NPC" OR $entity_type = "Gather" Then
			If $entity_dictionary.exists($entity_pointer) Then Return
			$entity_dictionary.add($entity_pointer, $entity_type)
			$entity_data[0] = entity_get_name($entity_pointer)
			$entity_data[1] = entity_get_pos_x($entity_pointer)
			$entity_data[2] = entity_get_pos_y($entity_pointer)
			$entity_data[3] = entity_get_pos_z($entity_pointer)
			$entity_data[4] = entity_get_attitude($entity_pointer)
			$entity_data[5] = entity_get_guid($entity_pointer)
			If $entity_type = "User" Then
				$user_data[1] = entity_get_level($entity_pointer)
				$user_data[2] = entity_get_hppercent($entity_pointer)
			EndIf
			draw_entity($entity_type, $entity_data, $player_data)
		EndIf
		$next_node = "0x" & Hex(_memoryread("0x" & Hex(Int($next_node) + 0, 8), $client_memory_hndl, "uint"), 8)
		$entity_pointer = "0x" & Hex(_memoryread("0x" & Hex(Int($next_node) + 12, 8), $client_memory_hndl, "uint"), 8)
	WEnd

the type is defined by this in a function

Code: Select all

	Local $result
	$result = _memoryread("0x" & Hex(Int($param1) + 224, 8), $client_memory_hndl, "char[24]")
	Return $result

"Gather" "Player" "User" "NPC"
I had a look and the new offset for the type is 0x160 and it's not Unicode, that should make things easier for you

--=== Added ===--
there is also a type called
"client_npc" which has no name, no idea what it's story is.

Posted: **Wed Jan 16, 2013 12:56 am**

rock5 wrote: Each 'node' points to the next node and the pawn address is 12 off from the nodes.

With this I was easily able to find the object table and a working pointer. Yay!

I'm not really interested in pawn info because I can always add them later. The 'type' would be useful to speed up searches. Hm... It changed to 0x160.

Hm.. State looks good too. I'm not sure what attitude is but it might mean aggression which is good too.

Hey look, they got the same GUID too.

I think I'm getting to the point that I can start doing more functions for the bot.

Posted: **Wed Jan 16, 2013 1:05 am**

rock5 wrote:With this I was easily able to find the object table and a working pointer. Yay!

grats =)

Posted: **Wed Jan 16, 2013 3:05 am**

whoohoo, i helped xd

SolarStrike Software

Aion Bot

Re: Aion Bot

Re: Aion Bot

Re: Aion Bot

Re: Aion Bot

Re: Aion Bot

Re: Aion Bot

Re: Aion Bot

Re: Aion Bot

Re: Aion Bot

Re: Aion Bot

Re: Aion Bot

Re: Aion Bot

Re: Aion Bot

Re: Aion Bot

Re: Aion Bot

Re: Aion Bot

Re: Aion Bot

Re: Aion Bot

Re: Aion Bot

Re: Aion Bot