hellow,
i was looking to figure out how containers(backpacks and other shit) are working, there is small writeup for the community that might help you a bit since tibia 15 memory botting is dead. This is just small info as i don't have it properly reversed but...
so here is the small writeup i came across
maybe theory at first, so:
-every container is dynamically allocated so you won't find shit in memory scanning most of the time for things like strings or itemids or you will end up in qt framework bullshit that leads nowhere
-there is something like ContainerManager that holds info about containers creating/closing them and holding in a std::map
to get on the right track you need to do following:
*open ONE backpack, put 8 items there, scan memory for this value (8) as int32
*increase amount, scan for that value again, decrease bla bla bla
*you want to end up with 2 addresses
*take second address
*breakpoint on access on it
*add some item to ur backpack
*breakpoint triggered.
*first address that is accessing it should be an end of a function that increases ContainerSlotsTaken or whatever you want to name it
*breakpoint on that function (on her start preferably)
*function that triggered that breakpoint -> you will land in a function that takes ContainerManager as 'this'pointer (ECX register) that holds info about containers
from here you need to reverse, preferably take ContainerManager address and dump its memory to figure out how it looks in some program like reclass or debugger whatever
about creature list: what i did was memory scan for x location of a dog, breakpoint on it, check what function accesses it like tree hundred times per second, go to that function (i don't remember if it was exactly like that) and i hooked it (there was CurrentEntity passed in one of the registers in a loop). Based on that i built my own entity list because battlelist is a fooking mess.
if you aren't injecting then you are cooked. You need to reverse properly and figure out the battlelist and ContainerManager and how the game converts world/window coordinates but that will be painful (no wonder why all these bots are pixel based)
note about detections:
-simulating input without real hardware/spoofing is detectable (having two different input HID is detected as hell too, basically inputs is why all those pixelbots are detected all the time) both on windows and linux
-sending packets without intent (i named them intents but idk how to properly name them but there is one big dispatch [not even used by a game, honeypot probably?] where are intents are listed, example on screenshot) seems to be detected
-if you are internal you can call the intents but you need to reverse a lot most of the time (for moving character it's not needed because you can literally steal legit intent and just change the opcode) but for things like npcbuy, useWith and other shit you need to reverse much more probably)
-eventually you can make trick that i figured out two days ago and the game will do all the encryption, refcounting and whatever else it does, for you and the server will be thankful for your clear packet) but its up to you to figure it out
tl:dr
pixelbots are just way simplier these days, so again no wonder all those paid bots are pixel based
i was looking to figure out how containers(backpacks and other shit) are working, there is small writeup for the community that might help you a bit since tibia 15 memory botting is dead. This is just small info as i don't have it properly reversed but...
so here is the small writeup i came across
maybe theory at first, so:
-every container is dynamically allocated so you won't find shit in memory scanning most of the time for things like strings or itemids or you will end up in qt framework bullshit that leads nowhere
-there is something like ContainerManager that holds info about containers creating/closing them and holding in a std::map
to get on the right track you need to do following:
*open ONE backpack, put 8 items there, scan memory for this value (8) as int32
*increase amount, scan for that value again, decrease bla bla bla
*you want to end up with 2 addresses
*take second address
*breakpoint on access on it
*add some item to ur backpack
*breakpoint triggered.
*first address that is accessing it should be an end of a function that increases ContainerSlotsTaken or whatever you want to name it
*breakpoint on that function (on her start preferably)
*function that triggered that breakpoint -> you will land in a function that takes ContainerManager as 'this'pointer (ECX register) that holds info about containers
from here you need to reverse, preferably take ContainerManager address and dump its memory to figure out how it looks in some program like reclass or debugger whatever
about creature list: what i did was memory scan for x location of a dog, breakpoint on it, check what function accesses it like tree hundred times per second, go to that function (i don't remember if it was exactly like that) and i hooked it (there was CurrentEntity passed in one of the registers in a loop). Based on that i built my own entity list because battlelist is a fooking mess.
if you aren't injecting then you are cooked. You need to reverse properly and figure out the battlelist and ContainerManager and how the game converts world/window coordinates but that will be painful (no wonder why all these bots are pixel based)
note about detections:
-simulating input without real hardware/spoofing is detectable (having two different input HID is detected as hell too, basically inputs is why all those pixelbots are detected all the time) both on windows and linux
-sending packets without intent (i named them intents but idk how to properly name them but there is one big dispatch [not even used by a game, honeypot probably?] where are intents are listed, example on screenshot) seems to be detected
-if you are internal you can call the intents but you need to reverse a lot most of the time (for moving character it's not needed because you can literally steal legit intent and just change the opcode) but for things like npcbuy, useWith and other shit you need to reverse much more probably)
-eventually you can make trick that i figured out two days ago and the game will do all the encryption, refcounting and whatever else it does, for you and the server will be thankful for your clear packet) but its up to you to figure it out
tl:dr
pixelbots are just way simplier these days, so again no wonder all those paid bots are pixel based
