Periklis

Nice decision there malu05. Things that can be abused will eventually turn Blizzard against us ... but as long as we fool around i don't believe they will care about this thread. Could you pls send me your AutoIt code for item/players scanning. Working on a small DirectX program like the TeamSpeak overlay that gives you information in the game ... You can PM or put it on the Behead.de forums since the discussion on it will be geared towards C# and imo such discussion is out of the scope of AutoIt forums. BR /P .

Ofc i could. BR /P .

I have used the same variable names that malu05 is using in his code so you will recognise things. First Create a class file in C# and insert the following code. Name the file MemoryReader.cs //------------------------------------------------------------------------------ // <copyright from='2004' to='2005' company='WoWSharp.NET'> // Copyright (c) WoWSharp.NET. All Rights Reserved. // // Please look in the accompanying license.htm file for the license that // applies to this source code. (a copy can also be found at: // http://www.wowsharp.net/license.htm) // </copyright> //------------------------------------------------------------------------------- using System; using System.Diagnostics; using System.Runtime.InteropServices; using System.IO; using System.Collections; using System.Text; // Changed namespace name. namespace Hermes { /// <summary> /// Summary description for MemoryReader. /// </summary> public class MemoryReader { /// <summary> /// Constants information can be found in [winnt.h] /// </summary> private const uint PROCESS_TERMINATE = 0x0001; private const uint PROCESS_CREATE_THREAD = 0x0002; private const uint PROCESS_SET_SESSIONID = 0x0004; private const uint PROCESS_VM_OPERATION = 0x0008; private const uint PROCESS_VM_READ = 0x0010; private const uint PROCESS_VM_WRITE = 0x0020; private const uint PROCESS_DUP_HANDLE = 0x0040; private const uint PROCESS_CREATE_PROCESS = 0x0080; private const uint PROCESS_SET_QUOTA = 0x0100; private const uint PROCESS_SET_INFORMATION = 0x0200; private const uint PROCESS_QUERY_INFORMATION = 0x0400; private const uint TH32CS_SNAPHEAPLIST = 0x00000001; private const uint TH32CS_SNAPPROCESS = 0x00000002; private const uint TH32CS_SNAPTHREAD = 0x00000004; private const uint TH32CS_SNAPMODULE = 0x00000008; private const uint TH32CS_SNAPMODULE32 = 0x00000010; private const uint TH32CS_SNAPALL = (TH32CS_SNAPHEAPLIST | TH32CS_SNAPPROCESS | TH32CS_SNAPTHREAD | TH32CS_SNAPMODULE); private const uint TH32CS_INHERIT = 0x80000000; private const int SE_PRIVILEGE_ENABLED = 0x00000002; private const int TOKEN_ADJUST_PRIVILEGES = 0x00000020; private const int TOKEN_QUERY = 0x00000008; [StructLayout(LayoutKind.Sequential)] private struct PROCESSENTRY32 { public uint dwSize; public uint cntUsage; public uint th32ProcessID; // this process public IntPtr th32DefaultHeapID; public uint th32ModuleID; // associated exe public uint cntThreads; public uint th32ParentProcessID; // this process's parent process public uint pcPriClassBase; // Base priority of process's threads public uint dwFlags; [MarshalAs(UnmanagedType.ByValTStr, SizeConst = 260)] public string szExeFile; // Path } /// <summary> /// Open a process /// </summary> /// <param name="dwDesiredAccess">Access flag</param> /// <param name="bInheritHandle">Handle inheritance options</param> /// <param name="dwProcessId">Process identifier</param> /// <returns>Success</returns> [DllImport("kernel32.dll")] private static extern IntPtr OpenProcess(UInt32 dwDesiredAccess, Int32 bInheritHandle, UInt32 dwProcessId); /// <summary> /// Terminate a (open) process /// </summary> /// <param name="dwProcessId">Handle</param> /// <param name="dwExitCode">Exit code</param> /// <returns>Success</returns> [DllImport("kernel32.dll")] private static extern Int32 TerminateProcess(UInt32 dwProcessId, UInt32 dwExitCode); /// <summary> /// Close a handle /// </summary> /// <param name="hObject">Handle to object</param> /// <returns>Success</returns> [DllImport("kernel32.dll")] private static extern Int32 CloseHandle(IntPtr hObject); /// <summary> /// Read from the memory of a process /// </summary> /// <param name="hProcess">Handle to the process</param> /// <param name="lpBaseAddress">Base of memory area</param> /// <param name="buffer">Data buffer</param> /// <param name="size">Number of bytes to read</param> /// <param name="lpNumberOfBytesRead">Number of bytes read</param> /// <returns>Success</returns> [DllImport("kernel32.dll")] private static extern Int32 ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, IntPtr buffer, int size, ref IntPtr lpNumberOfBytesRead); /// <summary> /// Write to the memory of a process /// </summary> /// <param name="hProcess">Handle to the process</param> /// <param name="lpBaseAddress">Base of memory area</param> /// <param name="buffer">Data buffer</param> /// <param name="size">Number of bytes to read</param> /// <param name="lpNumberOfBytesWritten">Number of bytes read</param> /// <returns>Success</returns> [DllImport("kernel32.dll")] private static extern Int32 WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, IntPtr buffer, int size, ref IntPtr lpNumberOfBytesWritten); [DllImport("kernel32.dll")] private static extern IntPtr CreateToolhelp32Snapshot(uint dwFlags, uint th32ProcessID); [DllImport("kernel32.dll")] private static extern Int32 Process32First(IntPtr hSnapshot, ref PROCESSENTRY32 lppe); [DllImport("kernel32.dll")] private static extern Int32 Process32Next(IntPtr hSnapshot, ref PROCESSENTRY32 lppe); [StructLayout(LayoutKind.Sequential, Pack = 1)] private struct TOKEN_PRIVILEGES { public int PrivilegeCount; public long Luid; public int Attributes; } [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)] private static extern int OpenProcessToken(int ProcessHandle, int DesiredAccess, ref int tokenhandle); [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern int GetCurrentProcess(); [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)] private static extern int LookupPrivilegeValue(string lpsystemname, string lpname, ref long lpLuid); [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)] private static extern int AdjustTokenPrivileges(int tokenhandle, int disableprivs, ref TOKEN_PRIVILEGES Newstate, int bufferlength, int PreivousState, int Returnlength); [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)] private static extern int GetSecurityInfo(int HANDLE, int SE_OBJECT_TYPE, int SECURITY_INFORMATION, int psidOwner, int psidGroup, out IntPtr pDACL, IntPtr pSACL, out IntPtr pSecurityDescriptor); [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)] private static extern int SetSecurityInfo(int HANDLE, int SE_OBJECT_TYPE, int SECURITY_INFORMATION, int psidOwner, int psidGroup, IntPtr pDACL, IntPtr pSACL); private bool isOpen = false; private IntPtr eightBytes = IntPtr.Zero; private IntPtr hProcess = IntPtr.Zero; private Process readProcess = null; private EventHandler ExitedEvent = null; private Hashtable _parentids = new Hashtable(); /// <summary> /// Returns the process handle of the open process /// </summary> public IntPtr Handle { get { return hProcess; } } /// <summary> /// A hashtable containing the process id's as key and the parent process id's as value /// </summary> public Hashtable ParentIds { get { return _parentids; } } /// <summary> /// Gets a list of processes by executable name /// </summary> /// <param name="ExeName">ExeName</param> /// <returns>List of processes</returns> public Process[] GetProcessesByExe(string ExeName) { ArrayList procs = new ArrayList(); IntPtr hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); if (hSnapshot == IntPtr.Zero) return null; PROCESSENTRY32 pe = new PROCESSENTRY32(); pe.dwSize = 296;// sizeof( pe); // Clear the parent id's _parentids.Clear(); int retval = Process32First(hSnapshot, ref pe); while (retval != 0) { if (pe.szExeFile.ToLower() == ExeName.ToLower()) { try { Process proc = Process.GetProcessById((int)pe.th32ProcessID); procs.Add(proc); } catch { } } _parentids.Add(pe.th32ProcessID, pe.th32ParentProcessID); retval = Process32Next(hSnapshot, ref pe); } CloseHandle(hSnapshot); return (Process[])procs.ToArray(typeof(Process)); } /// <summary> /// This closes a process using TerminateProcess (this is immediate!) /// </summary> public void CloseProcess() { TerminateProcess((uint)hProcess, 0); Close(); } /// <summary> /// Process from which to read /// </summary> public Process ReadProcess { get { return readProcess; } } /// <summary> /// Is the current process opened /// </summary> public bool IsOpen { get { return isOpen; } } internal void EnableDebuggerPrivileges() { int token = 0; TOKEN_PRIVILEGES tp = new TOKEN_PRIVILEGES(); tp.PrivilegeCount = 1; tp.Luid = 0; tp.Attributes = SE_PRIVILEGE_ENABLED; // We just assume this works if (OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref token) == 0) throw (new Exception("OpenProcessToken failed")); if (LookupPrivilegeValue(null, "SeDebugPrivilege", ref tp.Luid) == 0) throw (new Exception("LookupPrivilegeValue failed")); if (AdjustTokenPrivileges(token, 0, ref tp, Marshal.SizeOf(tp), 0, 0) == 0) throw (new Exception("AdjustTokenPrivileges failed")); } /// <summary> /// Open a process /// </summary> /// <remarks> /// Only use this for special occasions, normally use 'Start' from the WoW object /// </remarks> public void Open(Process process) { if (isOpen) throw (new Exception("Process already opened")); readProcess = process; hProcess = OpenProcess(PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ | PROCESS_TERMINATE, 0, (uint)readProcess.Id); if (hProcess == IntPtr.Zero) { IntPtr pDACL, pSecDesc; GetSecurityInfo((int)Process.GetCurrentProcess().Handle, /*SE_KERNEL_OBJECT*/ 6, /*DACL_SECURITY_INFORMATION*/ 4, 0, 0, out pDACL, IntPtr.Zero, out pSecDesc); hProcess = OpenProcess(0x40000, 0, (uint)process.Id); SetSecurityInfo((int)hProcess, /*SE_KERNEL_OBJECT*/ 6, /*DACL_SECURITY_INFORMATION*/ 4 | /*UNPROTECTED_DACL_SECURITY_INFORMATION*/ 0x20000000, 0, 0, pDACL, IntPtr.Zero); CloseHandle(hProcess); hProcess = OpenProcess(PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ | PROCESS_TERMINATE, 0, (uint)readProcess.Id); } isOpen = (hProcess != IntPtr.Zero); if (isOpen) readProcess.Exited += (ExitedEvent = new EventHandler(ProcessExited)); } /// <summary> /// Close the process /// </summary> /// <remarks> /// Only use this for special occasions, normally use 'Stop' from the WoW object /// </remarks> public void Close() { if (hProcess == IntPtr.Zero) throw (new Exception("Process already closed")); int iRetValue; iRetValue = CloseHandle(hProcess); if (iRetValue == 0) throw new Exception("CloseHandle failed"); hProcess = IntPtr.Zero; isOpen = false; readProcess.Exited -= ExitedEvent; } /// <summary> /// Initialize the memory reader class /// </summary> internal MemoryReader() { eightBytes = Marshal.AllocHGlobal(8); } /// <summary> /// Free the memory reader class /// </summary> ~MemoryReader() { if (isOpen) Close(); Marshal.FreeHGlobal(eightBytes); } /// <summary> /// Read an integer from the currently opened process /// </summary> /// <param name="Address">Address to read from</param> /// <returns>Integer read</returns> public int ReadInteger(int Address) { IntPtr readedBytes = IntPtr.Zero; ReadProcessMemory(hProcess, new IntPtr(Address), eightBytes, 4, ref readedBytes); return Marshal.ReadInt32(eightBytes); } /// <summary> /// Read a long from the currently opened process /// </summary> /// <param name="Address">Address to read from</param> /// <returns>Long read</returns> public long ReadLong(int Address) { IntPtr readedBytes = IntPtr.Zero; ReadProcessMemory(hProcess, new IntPtr(Address), eightBytes, 8, ref readedBytes); return Marshal.ReadInt64(eightBytes); } /// <summary> /// Read a float from the currently opened process /// </summary> /// <param name="Address">Address to read from</param> /// <returns>Float read</returns> public float ReadFloat(int Address) { IntPtr readedBytes = IntPtr.Zero; ReadProcessMemory(hProcess, new IntPtr(Address), eightBytes, 4, ref readedBytes); byte[] buffer = new byte[4]; Marshal.Copy(eightBytes, buffer, 0, 4); return BitConverter.ToSingle(buffer, 0); } /// <summary> /// Read a buffer from the currently opened process /// </summary> /// <param name="Address">Address to read from</param> /// <param name="bytes">Number of bytes to read</param> /// <returns>Buffer read</returns> public byte[] ReadBuffer(int Address, int bytes) { IntPtr ptr = Marshal.AllocHGlobal(bytes); IntPtr readedBytes = IntPtr.Zero; ReadProcessMemory(hProcess, new IntPtr(Address), ptr, bytes, ref readedBytes); byte[] ret = new byte[bytes]; Marshal.Copy(ptr, ret, 0, bytes); Marshal.FreeHGlobal(ptr); return ret; } /// <summary> /// Read a [null-terminated] string from the currently opened process /// </summary> /// <param name="Address">Address to read from</param> /// <param name="bytes">Maximum size</param> /// <returns>String read</returns> public string ReadString(int Address, int bytes) { IntPtr ptr = Marshal.AllocHGlobal(bytes); IntPtr readedBytes = IntPtr.Zero; ReadProcessMemory(hProcess, new IntPtr(Address), ptr, bytes, ref readedBytes); byte[] buffer = new byte[bytes]; Marshal.Copy(ptr, buffer, 0, bytes); Marshal.FreeHGlobal(ptr); UTF8Encoding utf8 = new UTF8Encoding(); string result = utf8.GetString(buffer); int nullpos = result.IndexOf(""); if (nullpos != -1) result = result.Remove(nullpos, result.Length - nullpos); return result; } /// <summary> /// Write an float to the currently opened process /// </summary> /// <param name="Address">Address to write to</param> /// <param name="value">Value to write</param> public void WriteFloat(int Address, float value) { byte[] buffer = BitConverter.GetBytes(value); IntPtr writtenBytes = IntPtr.Zero; Marshal.Copy(buffer, 0, eightBytes, 4); WriteProcessMemory(hProcess, new IntPtr(Address), eightBytes, 4, ref writtenBytes); } /// <summary> /// Write an integer to the currently opened process /// </summary> /// <param name="Address">Address to write to</param> /// <param name="value">Value to write</param> public void WriteInteger(int Address, int value) { byte[] buffer = BitConverter.GetBytes(value); IntPtr writtenBytes = IntPtr.Zero; Marshal.Copy(buffer, 0, eightBytes, 4); WriteProcessMemory(hProcess, new IntPtr(Address), eightBytes, 4, ref writtenBytes); } /// <summary> /// Write a long to the currently opened process /// </summary> /// <param name="Address">Address to write to</param> /// <param name="value">Value to write</param> public void WriteLong(int Address, long value) { byte[] buffer = BitConverter.GetBytes(value); IntPtr writtenBytes = IntPtr.Zero; Marshal.Copy(buffer, 0, eightBytes, 8); WriteProcessMemory(hProcess, new IntPtr(Address), eightBytes, 8, ref writtenBytes); } /// <summary> /// Write a string to the currently opened process /// </summary> /// <param name="Address">Address to write to</param> /// <param name="value">Value to write</param> public void WriteString(int Address, string value) { byte[] buffer = System.Text.ASCIIEncoding.Default.GetBytes(value + ''); IntPtr writtenBytes = IntPtr.Zero; IntPtr mBuffer = Marshal.AllocHGlobal(buffer.Length); Marshal.Copy(buffer, 0, mBuffer, buffer.Length); WriteProcessMemory(hProcess, new IntPtr(Address), mBuffer, buffer.Length, ref writtenBytes); Marshal.FreeHGlobal(mBuffer); } private void ProcessExited(object sender, EventArgs e) { if (sender == ReadProcess) isOpen = false; } } } Create a another class in C# and insert the code below. Name it whatever you want. using System; using System.Diagnostics; namespace Hermes { public class MundusBellatorius { private MemoryReader m_Memory; private Process[] m_Process; private int m_Interval = 125; private bool m_IsStarted = false; public int Interval { get { return m_Interval; } set { m_Interval = value; } } public MemoryReader MBMemory { get { return m_Memory; } } public MundusBellatorius() { m_Memory = new MemoryReader(); } ~MundusBellatorius() { if (m_IsStarted) Stop(); } public bool IsStarted { get { return m_IsStarted; } } public bool Start() { if (m_IsStarted) Stop(); try { m_Process = m_Memory.GetProcessesByExe("wow.exe"); if (m_Process.Length == 0) throw new Exception("Unable to locate Mundus Bellatorius."); } catch (Exception E) { throw E; } try { if (m_Memory.IsOpen) m_Memory.Close(); m_Memory.Open(m_Process[0]); if ((int)m_Memory.Handle == 0) throw new Exception("Unknown"); } catch (Exception E) { throw E; } m_IsStarted = true; return true; } public void Stop() { if (!m_IsStarted) return; if (m_Memory.IsOpen) m_Memory.Close(); m_IsStarted = false; } } } In a form within the same namespace add . MundusBellatorius MB = new MundusBellatorius(); For player position create a button in a form and add the following code in the On_Clik event. DateTime timer = DateTime.Now; int startsearchX = 0x00400B88; int startsearchY, startsearchZ, startsearchRot; // NOT USED int offset = 0x1000; int knownX = 0x00CD6760; if (!MB.IsStarted) MB.Start(); float CurrentLocationX = MB.MBMemory.ReadFloat(knownX); float valueSS = MB.MBMemory.ReadFloat(startsearchX); while (CurrentLocationX != valueSS) { startsearchX = startsearchX + offset; valueSS = MB.MBMemory.ReadFloat(startsearchX); } startsearchY = startsearchX + 0x4; startsearchZ = startsearchX + 0x8; startsearchRot = startsearchX + 0xC; int type = MB.MBMemory.ReadInteger(startsearchX + 0x10); float x = MB.MBMemory.ReadFloat(startsearchX); float y = MB.MBMemory.ReadFloat(startsearchY); float z = MB.MBMemory.ReadFloat(startsearchZ); float rot = (MB.MBMemory.ReadFloat(startsearchRot) / (float)(Math.PI / 180)); DateTime end = DateTime.Now; long diff = end.Ticks - timer.Ticks; MessageBox.Show("Player X,Y,Z,Rot found in " + diff.ToString() + " nanoseconds !!!!!!"); if (MB.IsStarted) MB.Stop(); For the mob search Add a datagridview control to your Form and another button. In the new button On_Click event method add the following code. System.Windows.Forms.Timer UT = new System.Windows.Forms.Timer(); if (!MB.IsStarted) MB.Start(); int valueSS = MB.MBMemory.ReadInteger(StartMemory); while (EndMemory != valueSS) { StartMemory = StartMemory + value; valueSS = MB.MBMemory.ReadInteger(StartMemory + 0x8); } UT.Interval = MB.Interval; UT.Tick += new EventHandler(UT_Tick); UT.Start(); In the event UT_Tick add the following code. dataGridView1.Rows.Clear(); mobcount = -1; searchAddress = StartMemory + 0x8; Extcho = MB.MBMemory.ReadInteger(searchAddress); while (Extcho != 0x00) { mobcount++; searchAddress += 0x001788; Extcho = MB.MBMemory.ReadInteger(searchAddress); } KnownX = StartMemory + 0xB88; for (int i = 0; i <= mobcount; i++) { dataGridView1.Rows.Add(Math.Floor(MB.MBMemory.ReadFloat(KnownX)), Math.Floor(MB.MBMemory.ReadFloat(KnownX + 0x4)), Math.Floor(MB.MBMemory.ReadFloat(KnownX + 0x8)), Math.Floor(MB.MBMemory.ReadFloat(KnownX + 0xC) / (float)(Math.PI / 180))); KnownX = KnownX + 0x1788; } Ofc dont forget to have variables declared int startsearchX = 0x00400B88; int startsearchY, startsearchZ, startsearchRot; int offset = 0x1000; int knownX = 0x00CD6760; int searchAddress = 0; int Extcho = 0; int KnownX = 0; int mobcount = -1; int StartMemory = 0x00400000; int EndMemory = 0x007CF4A8; int value = 0x010000;

I hate living in the dark, so i'd like to ask a few things. Its all about Memory Addresses. Seeing the adresses used by malu05 im getting a little bit confused ... not on the actual addreses but most on where they come from. I believe i have a pretty good idea on what is happening. Variables declared by malu05 dim $knownX = 0x00CD6760 dim $startsearchX = 0x00400B88 Global $offset = 0x1000 oÝ÷ Ù°¨uëh~)ݶ¦zj+ɧ]­ë,¶­ríj)춦"¶*'¡ûazZÉêÿm«­¢+Ø(ÀÌØí ÕÉɹÑ1½`ô}5µ½ÉåI ÀÌØí­¹½Ý¹`°ÀÌØí±±%¹½ÉµÑ¥½¸°Ìäí±½ÐÌäì¤(ìM½µ½Ñ¡È½¹Ñ¡¸¸¸¸(ÀÌØíÙ±ÕMLô}5µ½ÉåI ÀÌØíÍÑÉÑÍÉ¡`°ÀÌØí±±%¹½ÉµÑ¥½¸°Ìäí±½ÐÌäì¤)Ý¡¥±ÀÌØí ÕÉɹÑ1½`±ÐìÐìÀÌØíÙ±ÕML(ÀÌØíÍÑÉÑÍÉ¡`ôÀÌØíÍÑÉÑÍÉ¡`¬ÀÌØí½ÍÐ(ÀÌØíÙ±ÕMLô}5µ½ÉåI ÀÌØíÍÑÉÑÍÉ¡`°ÀÌØí±±%¹½ÉµÑ¥½¸°Ìäí±½ÐÌäì¤)]¹ I can understand that because of DMA this procedure must be executed since the memory addresses change with every relog. What i don't get is $knownX, $startsearchX and $offset. Why is the X position in the memory address of $knownX? Why are we start searching for $startSearchX with an initial value of 0x00400B88? Why is our offset jump 0x1000 (4096 in decimal)? That's the first bunch of questions. Imagine this is the memory and we found $startSearchX. 1 Position X 2 (Position X) 3 (Position X) 4 (Position X) 5 Position Y 6 7 8 9 Position Z 10 11 12 13 Rotation 14 So far so good. IIRC from a post made by malu05 the addresses in between contain the value for the same attribute (in parenthesis). Checking the Mob Scanner code one Wow Object is 0x1788 (6024 Decimal) long. So does that mean that it spans over 6024 consecutive addresses in memory ? For example from address 0 to 6023. malu05 claims it is 1788 bytes long. Am i missing something here ? 0x1788 is not 1788. Next question must sound stupid to some of you. Is every address containing 1 Byte ? And how many Words long is this Byte ? Are all Objects identical in how they are stored in memory ? Explaination. Base Memory address = X position. Add 0x4 = Y Position Add 0x8 = Z Position Add 0xC = Rotation And so on. If an attribute in the Object structure is not applicable like speed for a Chest, what value does the memory address contain? 0? Why i ask all this is because id like to create a library for offset handling. Would anyone mind clarifying a procedure for looking for offsets ? And what were look for as inittial memory address? BR /P .

And while im at it ... thinking of dumping the memory area into a file to read binary if i wanna work offline (while at work) ... Will post links to the C# code for the ppl that are hungry for knowledge BR /P .

$valueSS = _MemoryRead($StartMemory , $DllInformation, 'float') while hex($EndMemory) <> $valueSS $StartMemory = $StartMemory+$value $valueSS = hex(_MemoryRead( $StartMemory+0x8, $DllInformation, 'int')) ;if $StartMemory > 0x18700000 then ConsoleWrite(" " & hex($StartMemory+0x8) & " " & $valueSS) WEndoÝ÷ ØÞu©§yØj,¶Øk{ ²r©¢{a{¥«­¢+ØÀÌØíÙ±ÕMLô}5µ½ÉåI ÀÌØíMÑÉÑ5µ½Éä°ÀÌØí±±%¹½ÉµÑ¥½¸°Ìäí±½ÐÌäì¤oÝ÷ Ú·­º¹ìiùhjØ^­è­Á«¢jZ­çpØZ)íz«jëh×6while hex($EndMemory) <> $valueSSoÝ÷ Ù»­¬¶)ݶzØZ¶)íì!W¥¢r¢èZ½ëaz¸ ×Zµ«r¥ëºÚ"µÍÌÍÝ[YTÔÈH^ ÓY[[ÜTXY ÌÍÔÝY[[ÜJÌ ÌÍÑ[ÜX][Û ÌÎNÚ[ ÌÎNÊJ But still ... what if the first try is the correct one what will happen then ? BR /P .

I knew you're an Evil, evil man I almost peed on me ... woke upp the kids in the process because of my ROFL. BR /P .

Made the program in C#. Time to retrieve values is .... Drumroll ........ between 4.2 and 5.5 million nanoseconds Just to understand ... 1 nanosecond is 1/1000000000 second so it something between 0,0042 and 0,0055 seconds. Much faster imho. BR /P .

Well let me tell you this .... the info provided in the MSDN version is more than enough. LOL wont help us much ... well fyi you actually carry this thread BR /P .

I checked my source code ... i believe there is a way to make things easier. I will compile a dll and leave it on and see if i get a ban. Hopefully not since i only read the memory. But i have money to burn so ... BR /P .

Love it. But we have to convince the main bulk that follows this thread but also remember to update this thread too since such information benefits the entire AutoIt <---- (Spelled correctly) community. Games like WoW will come and go but actual botting remains the same. BR /P .

For me that would be the best solution with reservations. Positive. Secure as you mentioned. More flexible. Very good memory reading. Safeguards against abuse. Ex. Add level cap hardcoded into the dll if the we discover the bot is abused for ex. imba PvP. Personally im against such measures but ppl tend to exceed some limits. We don't blacken the name of AutoIT as a tool for creating Bots (Some might see it as such). Negative. Can be subject to banning spree if released to public and Blizzard puts it into Warden detection patterns. C# is not the prime language of this board and never will be i guess and mods will ban us if we talk too much microsoft in here. Cannot be distibuted the same way as malu05's code since it will be more malicius and i guess this thread that malu started has developed more as a learning spot on how to create bots for MMO games and "learn a few things on the way there" rather than "OMG free imba botzzors for download here". Can't do it alone. Will need assistance. I can tell you right now it is going to be BIIIIG. That's all i can come up with BR /P . In my opinion we (that contribute and others with higher post rating in this thread) can have a small discussion on what track we choose to go for. Mentioning the pros and cons.

Something on offsets Every Object in memory has a basepointer? Every Object has a lenght? Example. PLAYER_STRUCTURE_LENGTH = 0x1788 PLAYER_STORAGE_START = 0x1001AB34 PLAYER_STORAGE_END = PLAYER_STORAGE_START + PLAYER_STRUCTURE_LENGTH PLAYER_X_OFFSET = PLAYER_STORAGE_START + 0x0C ;X Position PLAYER_Y_OFFSET = PLAYER_STORAGE_START + 0x10 ;Y Position PLAYER_Z_OFFSET = PLAYER_STORAGE_START + 0x14 ;Z Position PLAYER_R_OFFSET = PLAYER_STORAGE_START + 0x18 ;Rotation orelse Facing PLAYER_S_OFFSET = PLAYER_STORAGE_START + ??? ;Speed PLAYER_N_OFFSET = PLAYER_STORAGE_START + ??? ;Name So what im thinking of is to create a module that loads the above information where applicable into a structure in memory and refreshing it in "real time" Any comments ? BR /P .

Decided to bust my a$$ (sorry mods) and do a smal library collection. Functions in it. Pseudocode. FLOAT GetTurnRadian(FLOAT flTargetRadian, BOOL blFaceAwayFromTarget, <OUT>BOOLEAN blTurnLeft) --- Used by FaceTarget, FaceAway, FaceAwayFrom2 VOID FaceTarget(FLOAT flTargetX, FLOAT flTargetY) VOID FaceAway(FLOAT flTargetX, FLOAT flTargetY) VOID FaceAwayFrom2(FLOAT flTargetOneX, FLOAT flTargetOneY, FLOAT flTargetTwoX, FLOAT flTargetTwoY) VOID MoveTo(FLOAT flTargetX, FLOAT flTargetY, FLOAT flDistance, BOOL blRunning, BOOL blStopOnDamage) While im still on it ... if any of you can supply me with offsets i can create library with structures that can hold the Mobs (mobile ojects), Iobs (immobile objects), Pobs (player objects). I can't seem to find my printouts on WoW offset scanning but i have a desent idea on how to proceed. IIRC (im almost 100% sure) it is possible to extract practically every single piece of information from objects in memory. Ex. Mob type like Unknown, Item, Container, Unit, Player, GameObject, Dynamic, Corpse There are alot of stuff out there to read from memory, practically everything even the speed that a mobs is moving. If you want to keep your offsets kinda private from the public you can PM them to me ... i wont post them. BR /P . P.S. Functions are practically ready ... will rewrite them to AutoIT script from C#. Please give feedback on the function definitions ... is there anything else you would like me to implement ? Practically i have everything ready since i have a working Bot of known origin (It has Sharp in its name) that i rewrote. Don't want to give links to the source since i don't want people compiling it just to find themselves banned. I will ofc post any AutoIT code i write (not 100% of it if it contains offsets ppl don't want to publish) just to give you a hunch. The complete code can be released in some kind of module where full source listing is not available. Anyone believes that COM (dll:s) writtern in another language would increase speed ?

I'm aware of the range scan but still i saw that it can scan for objects like 200+ distance units away. Lol you don't annoy anyone ... not me .... try annoying malu05. And some DMA questions. If i got it right. Do all offsets change on relog or when you zone ? Or is it only player data that does ? BR /P . P.S. Nice code for rotation towards target BTW. No need for me to reinvent things