AutoIT Version Independent Code

[whitea2]

I have had this written for a while but am just getting around to sharing. I wanted to make sure it actually worked after a couple of patches before I posted it and looked like an idiot.

The code includes some sample functions for finding speed, gravity, position etc. in AutoIT. It requires NomadMemory.au3 and a link to that file can be found here ([AutoIt] Diablo 3 Click To Move, Interaction, Actor Handling. (Version 2))

The first couple of regions were written by UnknOwned and are denoted as such in the code. The program can be easily modified to increase/decrease speed, gravity as well as teleportation (requires a server sync if you simply write to x,y,z).

The functions are very straightforward and simple but the main contribution here is that this code is version independent. That is, you do not need to search for new offsets with every patch. The _GetPlayerOffset() function finds the player offset by searching for the function call which sets it. The search is performed by _MemoryPatternSearch() and I did not write that function. I'm uncertain of the author but I included a link to the website of where I found it. Also, I modified the return statement in that function but the original is included and commented out.

I don't know if this will be helpful for anybody but I hope it is. Good luck!

Code:

#include <String.au3>
#include <NomadMemory.au3>

HotKeySet("{END}", "_Quit")

#region -- Make sure we have admin right
;modified from http://www.ownedcore.com/forums/diablo-3/diablo-3-bots-programs/diablo-3-memory-editing/361270-autoit-diablo-3-click-move-interaction-actor-handling-version-2-a.html
;author: UnknOwned
#RequireAdmin
$Admin = IsAdmin()
if $Admin <> 1 Then
	MsgBox(0x30,"ERROR","You need administrative rights")
	Exit
EndIf
#endregion

#region -- Open memory for Gw2 and determine base address
;modified from http://www.ownedcore.com/forums/diablo-3/diablo-3-bots-programs/diablo-3-memory-editing/361270-autoit-diablo-3-click-move-interaction-actor-handling-version-2-a.html
;author: UnknOwned
Opt("WinTitleMatchMode", -1)
SetPrivilege("SeDebugPrivilege", 1)
$Gw2Exefile = "Gw2.exe"
$list = ProcessList()
for $i = 1 to $list[0][0]
	if $list[$i][0] = $Gw2Exefile Then
		Global $ProcessID = $list[$i][1]
		ExitLoop
	EndIf
next
Local $gw2 = _MemoryOpen($ProcessID)
If @Error Then
	MsgBox(4096, "ERROR", "Failed to open memory for process;" & $ProcessID)
    Exit
 EndIf
#endregion

WinActivate("Guild Wars 2")

Global $player_offset
Global $player_physical_x, $player_physical_y, $player_physical_z
Global $player_visual_x, $player_visual_y, $player_visual_z
Global $player_speed
Global $player_gravity
Global $player_heading_A1, $player_heading_B1, $player_heading_A2, $player_heading_B2

_GetPlayerOffset()
_InitPointers()

While 1
  Sleep(100)
WEnd

#region -- various user written functions
Func _isInGame()
	Return _MemoryRead(0x015C5D78, $gw2, 'int')	;0 for no, 1 for yes
EndFunc

Func _GetPlayerOffset()
   ;must be called when player zones
	$pattern = "8B108BC88B4210FFD0D95DF0E8" 									;pattern to find call
	$call = _MemoryPatternSearch($gw2, $pattern, 0x00400000, 0x00600000, 51200) ;read the base address of the call
	$test = _MemoryRead($call-4, $gw2, 'int')									;read the offset for the call
	$player_offset = _MemoryRead($call+$test+1, $gw2, 'int') + 0x20C +0x14		;read the player offset (and add 0x20C)
	Return
EndFunc

Func _InitPointers()
   ;must be called when player zones
	$player_heading_A1 	= _PointerRead($player_offset, 0x44, 0x1C, 0x5C) + 0x94 ;returns Addr
	$player_heading_B1 	= $player_heading_A1 + 4
	$player_heading_A2 	= _PointerRead($player_offset, 0x44, 0x1C, 0x5C) + 0xA4 ;returns Addr
	$player_heading_B2 	= $player_heading_A2 + 4

	$player_visual_x 	= _PointerRead($player_offset, 0x44, 0x1C, 0x5C) + 0xB4 ;returns Addr
	$player_visual_y 	= $player_visual_x + 4
	$player_visual_z 	= $player_visual_y + 4

	$player_gravity 	= _PointerRead($player_offset, 0x44, 0x1C, 0x5C) + 0x104 ;returns Addr
	$player_speed 		= _PointerRead($player_offset, 0x44, 0x1C, 0x5C) + 0x114 ;returns Addr

	$player_physical_x 	= _PointerRead($player_offset, 0x44, 0x1C, 0x88) + 0xD0 ;returns Addr
	$player_physical_y 	= $player_physical_x + 4
	$player_physical_z 	= $player_physical_y + 4
EndFunc

Func _PointerRead($StartAddress, $offset1, $offset2, $offset3)
   Local $temp
   $temp = $StartAddress
   $temp = _MemoryRead($temp, $gw2, 'ptr') 			;returns first address
   $temp = _MemoryRead($temp+$offset1, $gw2, 'ptr') ;returns address
   $temp = _MemoryRead($temp+$offset2, $gw2, 'ptr') ;returns address
   $temp = _MemoryRead($temp+$offset3, $gw2, 'ptr') ;returns
   Return $temp
EndFunc

Func _GetHeading()
   Local $return[4]
   $return[0] = _MemoryRead($player_heading_A1, $gw2, 'float')
   $return[1] = _MemoryRead($player_heading_B1, $gw2, 'float')
   $return[2] = _MemoryRead($player_heading_A2, $gw2, 'float')
   $return[3] = _MemoryRead($player_heading_B2, $gw2, 'float')
   Return $return
EndFunc

Func _GetPhysicalPos()
	Local $return[3]
	$return[0] = _MemoryRead($player_physical_x, $gw2, 'float')
	$return[1] = _MemoryRead($player_physical_y, $gw2, 'float')
	$return[2] = _MemoryRead($player_physical_z, $gw2, 'float')
	Return $return
EndFunc

Func _GetVisualPos()
	Local $return[3]
	$return[0] = _MemoryRead($player_visual_x, $gw2, 'float')
	$return[1] = _MemoryRead($player_visual_y, $gw2, 'float')
	$return[2] = _MemoryRead($player_visual_z, $gw2, 'float')
	Return $return
EndFunc

Func _GetSpeed()
	Return _MemoryRead($player_speed, $gw2, 'float')
EndFunc

Func _GetGravity()
	Return _MemoryRead($player_gravity, $gw2, 'float')
EndFunc

Func _Quit()
	Exit
EndFunc
 #endregion


Func _MemoryPatternSearch($ProcessHandle, $Pattern, $StartAddress = 0x00400000, $StopAddress = 0x00600000, $Step = 51200)
;found here: http://www.autoitscript.com/forum/topic/137320-c-memory-pattern-scanner/
;not sure of original author
   If Not IsArray($ProcessHandle) Then
	 SetError(1)
	 Return -1
   EndIf
   $Pattern = StringRegExpReplace($Pattern, '[^0123456789ABCDEFabcdef.]', '')
   If StringLen($Pattern) = 0 Then
	 SetError(2)
	 Return -2
   EndIf
   Local $BufferPattern, $FormatedPattern
   For $i = 0 To ((StringLen($Pattern) / 2) - 1)
	 $BufferPattern = StringLeft($Pattern, 2)
	 $Pattern = StringRight($Pattern, StringLen($Pattern) - 2)
	 $FormatedPattern = $FormatedPattern & $BufferPattern
   Next
   $Pattern = $FormatedPattern
   For $Address = $StartAddress To $StopAddress Step $Step - (StringLen($Pattern) / 2)
	 StringRegExp(_MemoryRead($Address, $ProcessHandle, 'byte[' & $Step & ']'), $Pattern, 1, 2)
	 If Not @error Then
   ;~    Return StringFormat('0x%.8X', $Address + ((@extended - StringLen($Pattern) - 2) / 2)) ;original function
	  Return Floor($Address + ((@extended - StringLen($Pattern) - 2) / 2))
	 EndIf
   Next
   Return -3
EndFunc

[lookaway]

Thanks for this! I prefer AutoIT as my go to language so this is interesting to see released. Question,

Code:

$pattern = "8B108BC88B4210FFD0D95DF0E8" ;pattern to find call

What is that string related to? Is that something that needs to be changed on a patch-by-patch basis?

And forgive my ignorance but even after using AutoIT for so long i've never worked with Addresses. After pulling the address with _MemoryRead can one simply write a new value to that location using _MemoryWrite with no issue?

[lolkittens]

Thanks for this! I prefer AutoIT as my go to language so this is interesting to see released. Question,

Code:

$pattern = "8B108BC88B4210FFD0D95DF0E8" ;pattern to find call

What is that string related to? Is that something that needs to be changed on a patch-by-patch basis?

That's the pattern for the data you are looking for, it should get you the newest address between patches but it may change occasionally.

This was an interesting snippet, although I use Java not AutoIT, this was interesting, thanks.

[whitea2]

I'm glad somebody is interested in this :) The pattern that is being searched is to find the address of the call that sets the base address for the player.


As you can see, the pattern starts at address Gw2.exe+0x127103 in this figure. The call we're interested in is the one previous to this pattern. Therefore, we read the 4 preceeding bytes to determine the offset of that call. Following the call yields

which is obviously difficult to find through a pattern search (especially since the static value of 11D3A08 changes each patch). Now, we simply read (from call + offset + 1) to get that static value (Intel CPU's use little-endian order (least-signifcant byte stored first)). The +1 is so we don't read the opcode (B8) as part of our player address. Single-stepping through the code eventually leads to a part where 0x20C+0x14 is added to the player offset. About a month ago, only 0x20C was added. But, 2-3 patches ago, it changed to 0x20C+0x14. It's probably possible to find what value is added through another pattern search but I abandoned this a while ago.

I'm glad you 2 appreciated the work as I was worried it was maybe too 'low-level' for this forum. I've since swapped to C++ and have been working on a packet logger (very close to finished) :) I'll be glad to upload the AutoIT code I currently use for Speed/Gravity modification if you're interested. It's simply this code plus some hotkeys and routines for increasing/decreasing speed/gravity. It can also be used for teleportation (which I did successfully) but it requires a 'sync' after teleporting and isn't 100% reliable (tough to bot with).

Lastly, that's correct about _MemoryRead/Write as long as you use _MemoryOpen. AutoIT is a great tool and often underappreciated due to its simplicity (which is why I like it). I'm tired of seeing .lib file missing etc. errors in C++. Good luck and let me know if you have more questions!

[lolkittens]

I have a question, what is $Step for in your _MemoryPatternSearch function? I'm trying to translate it to java but dunno what that is.

[whitea2]

I have a question, what is $Step for in your _MemoryPatternSearch function? I'm trying to translate it to java but dunno what that is.

The '$' denotes a variable. $Step is the parameter passed for how many bytes are checked at once. It's simply the amount 'incremented' in each iteration. 'Step' is a keyword in AutoIT.

In AutoIT:

Code:

For $i = $0 To $10 Step 2

is the syntax for

Code:

for(i = 0; i < 10; i+=2)

[Trollzr]

Thank you very much for this. I wanted to start a project on C++ bot (I will eventually ^^) but now I will play around with autoit again for a while :3

[Trollzr]

Correct me if i am wrong. heading_A1 returns cos and B1 sin of players angle of direction and A2 and B2 are for minimap