New Containers Structure

**Puterin** · 04-06-2013, 04:45 PM

yep, same here.. i got that yesterday while trying to get how the structure worked... but the problem appears when you open the 4th bp, 5th, and so on.... they will just got to sooooooomwehere else.
I think they have to be linked in some way, the last bp has to say "yooo, if you want to open here is your new address!!" but haven't find it cause I'm still a nub =(

**Wesker** · 04-06-2013, 05:43 PM

i just have 2 questions

wtf is bluebot ?

whats the url ?

**Blequi** · 04-06-2013, 11:38 PM

Originally Posted by DarkstaR

This is wrong. Try it with more than 3 backpacks and you'll see if fail miserably :P

Originally Posted by klusbert

Try to open 4 bps and read all, this will only work if you have 1-3 containers open.

yesterday when I tried, I just tried exactly 3 containers and thought: "what the fuck? So easy!"

after reading these posts I went try with >= 4 containers: "what the fuck? So hard!"

fighting against this to find a reasonable path, btw, I guess I already know a "not optimal" way to accomplish this to obtain the bp "tree".

**Puterin** · 04-07-2013, 12:05 AM

Originally Posted by Blequi

yesterday when I tried, I just tried exactly 3 containers and thought: "what the fuck? So easy!"

after reading these posts I went try with >= 4 containers: "what the fuck? So hard!"

fighting against this to find a reasonable path, btw, I guess I already know a "not optimal" way to accomplish this to obtain the bp "tree".

lol, that was when you said you had already found it? xDDD
so you mean bruteforcing it? :O

well, I tried with 1, then 2, then 3..etc
open 1st bp, it takes the index 0,1,2
you open 2nd bp & it takes the index 2
open the 3rd bp & it takes the index 2, while the 2nd bp goes to the index 1
now if you open a 4th bp (last bp opened) will take the index 2, and the 3rd bp will go soooooooomewheeeeere oooover the raaaaaaainbow

yea, I just found out how to use colours, pardon me xD

**DarkstaR** · 04-07-2013, 12:25 AM

The structure is actually quite elegant once you know what it is. 8 lines of code to traverse it.

**Puterin** · 04-07-2013, 01:37 AM

yea.... I see, well, enough for today. Tomorrow I'll try again :/
btw Dark, I know that right know you were the only bot in the market with the container structure completely updated... I was gonna read your forum this afternoon and saw it offline due to DDoS, and also your webpage... kk, no doubt now it's from the competence :O
Anyway, I checked that you were using CloudFlare against the DDoS, it's okay then but you should also post your bot in some site else, not yours lol (http://xenobot.net/downloads/setup.msi) because if your site gets DDoS'ed ppl can't download the bot :/ ((( try some big entreprise: Mega.co as an example, let's see if they can with that XD)))

**Wesker** · 04-07-2013, 02:51 AM

Pages\v1.0\

**MeNi** · 04-07-2013, 09:18 AM

Well it looks like i am sooo close:

but then everything fucks up and i am soo far:

=/

looks like i must chceck my code ONE MORE time, maybe there is something fucked up in there, not in my way of getting it...

**MeNi** · 04-07-2013, 11:53 AM

Okay, i am giving out what i got (keep in mind this DON'T WORK IN 100%, even if it reads more that 3 containers, and this needs an update):

at(addr) = Memory.ReadUint(addr)

PHP Code:


        public static Dictionary<String, Object> getContainer(int contId)

        {

            uint X1;



            uint EAX;

            uint ESI;

            uint ECX;

            uint EDX;

            uint EDI;



            EAX = at(0x9E28D0);

            ESI = EAX;

            ECX = ESI + 0x04;

            ESI = ECX;

            EDX = X1 = at(ESI + 0x04);

            ECX = at(EDX + 0x04);



            EDI = (uint)contId;

            

            while (at(ECX + 0x19) == 0)

            {

                uint temp = at(ECX + 0x0C);



                if (at(ECX + 0x0C) < EDI)

                {

                    ECX = at(ECX + 0x08);

                }

                else

                {

                    EDX = ECX;

                    ECX = at(ECX);

                }

            }

            

            ECX = at(ESI + 0x04); // = X1



            if (EDX != ECX)

            {

                ESI = (uint)contId;

                if (ESI >= at(EDX + 0x0C))

                {

                    ECX = EDX;

                }

            }



            EAX = ECX;

            EAX = at(EAX + 0x10);



            int bpId = TibiaControl.Client.Memory.ReadInt32(EAX + 0x0C);



            String name;

            byte test = TibiaControl.Client.Memory.ReadByte(EAX + 0x10 + 0x03);

            if (test < 0x20 && test > 0x00)

            {

                uint namePtr = TibiaControl.Client.Memory.ReadUInt32(EAX + 0x10);

                name = TibiaControl.Client.Memory.ReadString(namePtr);

            }

            else

                name = TibiaControl.Client.Memory.ReadString(EAX + 0x10);



            int volume = TibiaControl.Client.Memory.ReadInt32(EAX + 0x30);

            int amount = TibiaControl.Client.Memory.ReadInt32(EAX + 0x34);

            uint ptr_items = TibiaControl.Client.Memory.ReadUInt32(EAX + 0x3C);



            byte[] buffer = TibiaControl.Client.Memory.ReadBytes(ptr_items + 0x04, (uint)amount * TibiaCore.Addresses.Container.StepSlot);



            List<Object> items = new List<Object>();



            for (int i = 0; i < amount; i++)

            {

                int stack = buffer[i * TibiaCore.Addresses.Container.StepSlot + TibiaCore.Addresses.Container.DistanceItemCount];

                int id = BitConverter.ToInt32(buffer, i * (int)TibiaCore.Addresses.Container.StepSlot + (int)TibiaCore.Addresses.Container.DistanceItemId);



                Dictionary<String, Object> item = new Dictionary<string, object>()

                {

                    {"id", id},

                    {"stack", stack}

                };



                items.Add(item);

            }



            Dictionary<String, Object> container = new Dictionary<string, object>()

            {

                {"index", contId},

                {"id", bpId},

                {"name", name},

                {"max", volume},

                {"amount", amount},

                {"items", items},

            };



            return container;

        }

and here goes the ASM trace log form Tibia container's address getting function from witch my function is riped off:

Code:

Address  Thread   Command                                   ; Registers and comments

004282A3 Main     MOV EAX,DWORD PTR DS:[9E28D0]             ; EAX=034DDDF0
0041E9C0 Main     MOV ESI,EAX                               ; Tibia.00523B60; ESI=034DDDF0

<func_magicLoop>  PUSH EBP
00584161 Main     MOV EBP,ESP                               ; EBP=0018F388
00584163 Main     PUSH ECX
00584164 Main     PUSH EBX
00584165 Main     LEA ECX,DWORD PTR DS:[ESI+4]              ; ECX=034DDDF4
00584168 Main     LEA EBX,DWORD PTR SS:[EBP+8]              ; EBX=0018F390
0058416B Main     LEA EAX,DWORD PTR SS:[EBP-4]              ; EAX=0018F384
0058416E Main     CALL <Tibia.func_magicLoop1>
<func_magicLoop1> PUSH EBP
00584311 Main     MOV EBP,ESP                               ; EBP=0018F378
00584313 Main     SUB ESP,8
00584316 Main     PUSH ESI
00584317 Main     MOV ESI,ECX                               ; ESI=034DDDF4
00584319 Main     MOV EDX,DWORD PTR DS:[ESI+4]              ; EDX=034DDE20
0058431C Main     MOV ECX,DWORD PTR DS:[EDX+4]              ; ECX=035A3670
0058431F Main     CMP BYTE PTR DS:[ECX+19],0
00584323 Main     JNZ SHORT Tibia.0058433D
00584325 Main     PUSH EDI
00584326 Main     MOV EDI,DWORD PTR DS:[EBX]                ; EDI=00000000 // EDI = CONTAINER INDEX

00584328 Main     CMP DWORD PTR DS:[ECX+C],EDI
0058432B Main     JGE SHORT Tibia.00584332
00584332 Main     MOV EDX,ECX                               ; EDX=035A3670
00584334 Main     MOV ECX,DWORD PTR DS:[ECX]                ; ECX=027B3BB0
00584336 Main     CMP BYTE PTR DS:[ECX+19],0
0058433A Main     JE SHORT Tibia.00584328

00584328 Main     CMP DWORD PTR DS:[ECX+C],EDI
0058432B Main     JGE SHORT Tibia.00584332
00584332 Main     MOV EDX,ECX                               ; EDX=027B3BB0
00584334 Main     MOV ECX,DWORD PTR DS:[ECX]                ; ECX=034DDE20
00584336 Main     CMP BYTE PTR DS:[ECX+19],0
0058433A Main     JE SHORT Tibia.00584328

0058433C Main     POP EDI                                   ; EDI=00000DA4
0058433D Main     MOV ECX,DWORD PTR DS:[ESI+4]
00584340 Main     MOV DWORD PTR SS:[EBP-4],EDX
00584343 Main     CMP EDX,ECX
00584345 Main     JE SHORT Tibia.0058435A
00584347 Main     MOV ESI,DWORD PTR DS:[EBX]                ; ESI=00000000
00584349 Main     CMP ESI,DWORD PTR DS:[EDX+C]
0058434C Main     JL SHORT Tibia.0058435A
0058434E Main     LEA ECX,DWORD PTR SS:[EBP-4]              ; ECX=0018F374
00584351 Main     MOV ECX,DWORD PTR DS:[ECX]                ; ECX=027B3BB0
00584353 Main     MOV DWORD PTR DS:[EAX],ECX
00584355 Main     POP ESI                                   ; ESI=034DDDF0
00584356 Main     MOV ESP,EBP
00584358 Main     POP EBP                                   ; EBP=0018F388
00584359 Main     RETN
00584173 Main     MOV EAX,DWORD PTR SS:[EBP-4]              ; EAX=027B3BB0
00584176 Main     POP EBX                                   ; EBX=00000000
00584177 Main     CMP EAX,DWORD PTR DS:[ESI+8]
0058417A Main     JE SHORT Tibia.00584185
0058417C Main     MOV EAX,DWORD PTR DS:[EAX+10]             ; EAX=03592EF8
0058417F Main     MOV ESP,EBP
00584181 Main     POP EBP                                   ; EBP=0018F518
00584182 Main     RETN 4
    Breakpoint at Tibia.0041E9C7 (func_ChangeItem-1+1F7)
0041E9C7 Main     CMP EAX,EBX
0041E9C9 Main     JE SHORT Tibia.0041EA27                   ; EAX=0018F36C, ECX=00000000, EDX=0018F388, EBP=0018F37C
    Breakpoint at Tibia.005833E0 (func_ChangeItem+40)
005833E0 Main     MOV EAX,DWORD PTR SS:[EBP+8]              ; EAX=03592EF8
    Breakpoint at Tibia.005833E3 (func_ChangeItem+43)
005833E3 Main     MOV ESI,DWORD PTR DS:[EAX+38]             ; ESI=00000000
005833E6 Main     XOR EBX,EBX
    Breakpoint at Tibia.00583558 (func_ChangeItem+1B8)
00583558 Main     MOV EDI,DWORD PTR DS:[EAX+3C]             ; EDI=035936E8
    Breakpoint at Tibia.0058355B (func_ChangeItem+1BB)
0058355B Main     MOV ECX,DWORD PTR DS:[EAX+40]             ; ECX=035937CC
0058355E Main     SUB ECX,EDI                               ; EAX=00000013, ECX=00000000, EDX=00000000, EBX=00000003
    Breakpoint at Tibia.0058386A (func_ChangeItem+4CA)
0058386A Main     LEA EAX,DWORD PTR DS:[ECX+ECX*2]          ; EAX=00000000
0058386D Main     MOV ECX,DWORD PTR SS:[EBP+14]             ; ECX=00000DA4
00583870 Main     LEA EAX,DWORD PTR DS:[EDI+EAX*4]          ; EAX=035936E8
00583873 Main     MOV DWORD PTR DS:[EAX+8],ECX			// !!!! WRITE NEW ITEM ID at CONTAINER
00583876 Main     MOV DWORD PTR DS:[EAX+4],EBX			// !!!! WRITE NEW ITEM COUNT at CONTAINER
00583879 Main     MOV DWORD PTR DS:[EAX],EDX
0058387B Main     MOV ECX,DWORD PTR SS:[ESP+E8]             ; ECX=0018F50C
    Breakpoint at Tibia.00583882 (func_ChangeItem+4E2)
00583882 Main     MOV DWORD PTR FS:[0],ECX
00583889 Main     POP ECX
    Run trace closed

i have no idea what to do next, so i will just leave it here.

**Wesker** · 04-07-2013, 01:06 PM

i believe no1 counts the list or the browse field

browse field generates everywhere even when theres nothing on that tittle, so everything is a container that probably explains why u guys are having trouble finding x container

my guess it that is triggered by the list of slots, i could have solve this asap, if olly didnt restart my pc.

however i believe tibia will update it soon, i dont think that they will just let everything be a container while theres nothing at it, you should expect a new update patch soon

Thread: New Containers Structure

Thread Tools

Search Thread

Display

Posting Permissions