Evan
01-18-2013, 05:27 PM
I am very new to this stuff, I have followed ManInTheCave's short tutorial on creating your first program.
First of all, I apologize if this is not the right place to post, I could not find any support board anywhere.
So, I was able to create a program that prints the player's health, mana, and position:
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using System.Runtime.InteropServices;
using System.Diagnostics;
namespace playerPosition
{
public partial class MainForm : Form
{
/* These two variables are very important to reading memory. You've probably seen the word "BasedAddress" a
* lot if you've been trying to program recently, and the variable "Base" is what will store this address
* as an integer. In order to obtain the BaseAddress we will use a variable to store information on the
* Tibia Client, making it a little easier to do. */
public static UInt32 Base = 0;
public static Process Tibia = null;
/* These are the integer variables which will store our characters information, such as health, mana,
* experience, magic level, level, capacity, coordinates, and exp to level. */
public int hp;
public int mp;
public int xp;
public int ml;
public int lvl;
public int cap;
public int xpos;
public int ypos;
public int zpos;
public int xpup;
/* In these we will store some information in a string format, such as our name, first quest in the quest log. */
public string name;
public string quest;
/* Here comes a list of our addresses which we will read. Note that I posted each address twice, once just an
* address, and once the address + 0x400000. If you're using Windows XP or have ASLR disabled for some miscallanious
* reason, you should use the address with L on the end. For instance for the Exp Address, use XpAdrL, not XpAdr.
* You'll also then need to remove the other ASLR related material from this, we'll get to that in a while though. */
// XOR Address
UInt32 Pxor = 0x3B6EF0;
// EXP Address
UInt32 XpAdr = 0x286F00;
UInt32 XpAdrL = 0x286F00 + 0x400000;
// Mana Address
UInt32 MpAdr = 0x3B6F44;
UInt32 MpAdrL = 0x3B6F44 + 0x400000;
// Health Address
UInt32 HpAdr = 0x54C000;
UInt32 HpAdrL = 0x54C000 + 0x400000;
// Cap Address
UInt32 CapAdr = 0x578E94;
UInt32 CapAdrL = 0x578E94 + 0x400000;
// Level Address
UInt32 LvlAdr = 0x3ABFC8;
UInt32 LvlAdrL = 0x3ABFC8 + 0x400000;
// Magic Address
UInt32 MlAdr = 0x3ABFD0;
UInt32 MlAdrL = 0x3ABFD0 + 0x400000;
// Name Address
UInt32 NameAdr = 0x54C00C;
UInt32 NameAdrL = 0x54C00C + 0x400000;
//XPos Address
UInt32 XAdr = 0x583EA8;
UInt32 XAdrL = 0x583EA8 + 0x400000;
//YPos Address
UInt32 YAdr = 0x583EAC;
UInt32 YAdrL = 0x583EAC + 0x400000;
//ZPos Address
UInt32 ZAdr = 0x583EB0;
UInt32 ZAdrL = 0x583EB0 + 0x400000;
//First Quest Address
UInt32 QstAdr = 0x3AD0D5;
UInt32 QstAdrL = 0x3AD0D5 + 0x400000;
// Import WindowsAPI Function to read process memory without using unmanaged code directly.
[DllImport("kernel32.dll")]
public static extern Int32 ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress,
[In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesRead);
/* Read bytes from address - This is a function, effectively, which takes X, Y, and Z input, and uses it to get A output.
* It will take an window handle, in form of an IntPtr, an address, in form of a 64 bit Int, and BytesToRead, in form of a tiny int. */
public static byte[] ReadBytes(IntPtr Handle, Int64 Address, uint BytesToRead)
{
IntPtr ptrBytesRead;
// Declare a buffer, this is the no mans land in which the information travels to get from the memory address to our programs memory.
byte[] buffer = new byte[BytesToRead];
// Call to the windows function to get the information.
ReadProcessMemory(Handle, new IntPtr(Address), buffer, BytesToRead, out ptrBytesRead);
// The result of this function will be the contents of buffer. Any information which was stored at the memory address passed in, is now in the buffer.
return buffer;
}
// This should convert the contents of "buffer" - or any other byte variable - to a usable Int32.
public static int ReadInt32(IntPtr Handle, long Address)
{
return BitConverter.ToInt32(ReadBytes(Handle, Address, 4), 0);
}
public MainForm()
{
InitializeComponent();
}
private void MainForm_Load(object sender, EventArgs e)
{
Process[] TibiaProcess = Process.GetProcessesByName("Tibia");
Tibia = TibiaProcess[0];
Base = Convert.ToUInt32(Tibia.MainModule.BaseAddress.ToIn t32());
DateTime theDate = DateTime.Now;
label8.Text = (theDate.ToString());
label7.Text = ASCIIEncoding.Default.GetString(ReadBytes(Tibia.Ha ndle, (NameAdr + Base) + (1299 * 5), 32));
healthBox.Text = (Convert.ToString(ReadInt32(Tibia.Handle, (HpAdr + Base)) ^ ReadInt32(Tibia.Handle, (Pxor + Base))));
manaBox.Text = (Convert.ToString(ReadInt32(Tibia.Handle, (MpAdr + Base)) ^ ReadInt32(Tibia.Handle, (Pxor + Base))));
posXBox.Text = (Convert.ToString(ReadInt32(Tibia.Handle, (XAdr + Base))));
posYBox.Text = (Convert.ToString(ReadInt32(Tibia.Handle, (YAdr + Base))));
posZBox.Text = (Convert.ToString(ReadInt32(Tibia.Handle, (ZAdr + Base))));
listView1.Items.Clear();
var items = listView1.Items;
items.Add("Bob");
items.Add("Joe");
items.Add("Kim");
}
private void updateBtn_Click(object sender, EventArgs e)
{
this.MainForm_Load(this, null);
}
}
}
I apologize if this is not the right tag, if not, someone point me to the right tags for this code.
Note, the listview items are just there to show that I have a working table, I can certainly loop the names into the table.
Anyways, let's say I want to loop all the names from the battle list into the table, how do I do that?
What I am specifically confused about is reading the memory for the names.
I am getting all of the addresses from BlackD's collection: http://www.blackdtools.com/forum/showthread.php?59833-9-81-Blackd-Tibia-addresses-9-81
I assume adrNameStart=&H94C008 is the start address (battleListAddress).
Now what I don't understand is the rest of DarkstaR's formula:
battleListAddress + (battleListSize * index) + nameOffset
Can someone point me to the right direction?
First of all, I apologize if this is not the right place to post, I could not find any support board anywhere.
So, I was able to create a program that prints the player's health, mana, and position:
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using System.Runtime.InteropServices;
using System.Diagnostics;
namespace playerPosition
{
public partial class MainForm : Form
{
/* These two variables are very important to reading memory. You've probably seen the word "BasedAddress" a
* lot if you've been trying to program recently, and the variable "Base" is what will store this address
* as an integer. In order to obtain the BaseAddress we will use a variable to store information on the
* Tibia Client, making it a little easier to do. */
public static UInt32 Base = 0;
public static Process Tibia = null;
/* These are the integer variables which will store our characters information, such as health, mana,
* experience, magic level, level, capacity, coordinates, and exp to level. */
public int hp;
public int mp;
public int xp;
public int ml;
public int lvl;
public int cap;
public int xpos;
public int ypos;
public int zpos;
public int xpup;
/* In these we will store some information in a string format, such as our name, first quest in the quest log. */
public string name;
public string quest;
/* Here comes a list of our addresses which we will read. Note that I posted each address twice, once just an
* address, and once the address + 0x400000. If you're using Windows XP or have ASLR disabled for some miscallanious
* reason, you should use the address with L on the end. For instance for the Exp Address, use XpAdrL, not XpAdr.
* You'll also then need to remove the other ASLR related material from this, we'll get to that in a while though. */
// XOR Address
UInt32 Pxor = 0x3B6EF0;
// EXP Address
UInt32 XpAdr = 0x286F00;
UInt32 XpAdrL = 0x286F00 + 0x400000;
// Mana Address
UInt32 MpAdr = 0x3B6F44;
UInt32 MpAdrL = 0x3B6F44 + 0x400000;
// Health Address
UInt32 HpAdr = 0x54C000;
UInt32 HpAdrL = 0x54C000 + 0x400000;
// Cap Address
UInt32 CapAdr = 0x578E94;
UInt32 CapAdrL = 0x578E94 + 0x400000;
// Level Address
UInt32 LvlAdr = 0x3ABFC8;
UInt32 LvlAdrL = 0x3ABFC8 + 0x400000;
// Magic Address
UInt32 MlAdr = 0x3ABFD0;
UInt32 MlAdrL = 0x3ABFD0 + 0x400000;
// Name Address
UInt32 NameAdr = 0x54C00C;
UInt32 NameAdrL = 0x54C00C + 0x400000;
//XPos Address
UInt32 XAdr = 0x583EA8;
UInt32 XAdrL = 0x583EA8 + 0x400000;
//YPos Address
UInt32 YAdr = 0x583EAC;
UInt32 YAdrL = 0x583EAC + 0x400000;
//ZPos Address
UInt32 ZAdr = 0x583EB0;
UInt32 ZAdrL = 0x583EB0 + 0x400000;
//First Quest Address
UInt32 QstAdr = 0x3AD0D5;
UInt32 QstAdrL = 0x3AD0D5 + 0x400000;
// Import WindowsAPI Function to read process memory without using unmanaged code directly.
[DllImport("kernel32.dll")]
public static extern Int32 ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress,
[In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesRead);
/* Read bytes from address - This is a function, effectively, which takes X, Y, and Z input, and uses it to get A output.
* It will take an window handle, in form of an IntPtr, an address, in form of a 64 bit Int, and BytesToRead, in form of a tiny int. */
public static byte[] ReadBytes(IntPtr Handle, Int64 Address, uint BytesToRead)
{
IntPtr ptrBytesRead;
// Declare a buffer, this is the no mans land in which the information travels to get from the memory address to our programs memory.
byte[] buffer = new byte[BytesToRead];
// Call to the windows function to get the information.
ReadProcessMemory(Handle, new IntPtr(Address), buffer, BytesToRead, out ptrBytesRead);
// The result of this function will be the contents of buffer. Any information which was stored at the memory address passed in, is now in the buffer.
return buffer;
}
// This should convert the contents of "buffer" - or any other byte variable - to a usable Int32.
public static int ReadInt32(IntPtr Handle, long Address)
{
return BitConverter.ToInt32(ReadBytes(Handle, Address, 4), 0);
}
public MainForm()
{
InitializeComponent();
}
private void MainForm_Load(object sender, EventArgs e)
{
Process[] TibiaProcess = Process.GetProcessesByName("Tibia");
Tibia = TibiaProcess[0];
Base = Convert.ToUInt32(Tibia.MainModule.BaseAddress.ToIn t32());
DateTime theDate = DateTime.Now;
label8.Text = (theDate.ToString());
label7.Text = ASCIIEncoding.Default.GetString(ReadBytes(Tibia.Ha ndle, (NameAdr + Base) + (1299 * 5), 32));
healthBox.Text = (Convert.ToString(ReadInt32(Tibia.Handle, (HpAdr + Base)) ^ ReadInt32(Tibia.Handle, (Pxor + Base))));
manaBox.Text = (Convert.ToString(ReadInt32(Tibia.Handle, (MpAdr + Base)) ^ ReadInt32(Tibia.Handle, (Pxor + Base))));
posXBox.Text = (Convert.ToString(ReadInt32(Tibia.Handle, (XAdr + Base))));
posYBox.Text = (Convert.ToString(ReadInt32(Tibia.Handle, (YAdr + Base))));
posZBox.Text = (Convert.ToString(ReadInt32(Tibia.Handle, (ZAdr + Base))));
listView1.Items.Clear();
var items = listView1.Items;
items.Add("Bob");
items.Add("Joe");
items.Add("Kim");
}
private void updateBtn_Click(object sender, EventArgs e)
{
this.MainForm_Load(this, null);
}
}
}
I apologize if this is not the right tag, if not, someone point me to the right tags for this code.
Note, the listview items are just there to show that I have a working table, I can certainly loop the names into the table.
Anyways, let's say I want to loop all the names from the battle list into the table, how do I do that?
What I am specifically confused about is reading the memory for the names.
I am getting all of the addresses from BlackD's collection: http://www.blackdtools.com/forum/showthread.php?59833-9-81-Blackd-Tibia-addresses-9-81
I assume adrNameStart=&H94C008 is the start address (battleListAddress).
Now what I don't understand is the rest of DarkstaR's formula:
battleListAddress + (battleListSize * index) + nameOffset
Can someone point me to the right direction?