Well this was just a fast little bot I made for the current tutor test server:

Memory module...





'//All API declarations we will need to make these functions useful:

'Thanks to Robert Meffe for pointing out this API line because he didn't get it
'to work properly in his Win XP. Greets!
Private Const PROCESS_ALL_ACCESS As Long = &H1F0FFF

Private Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, ByVal lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal Classname As String, ByVal WindowName As String) As Long
Private Declare Function ReadProcessMem Lib "kernel32" Alias "ReadProcessMemory" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, ByRef lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long

'||-------------------------------------------------------------------------------------------------||
'|| The two next functions read\write LONG values. ||
'|| LONG is a 32-bit(4 byte) datatype and can store values from -2,147,483,648 to 2,147,483,647 ||
'||-------------------------------------------------------------------------------------------------||

Public Function ReadLong(Offset As Long, WindowName As String) As Long

Dim hwnd As Long
Dim ProcessID As Long
Dim ProcessHandle As Long
Dim value As Long

'Try to find the window that was passed in the variable WindowName to this function.
hwnd = FindWindow(vbNullString, WindowName)

If hwnd = 0 Then

'This is executed if the window cannot be found.
'You can add or write your own code here to customize your program.

MsgBox "Run The Game First!", vbOKOnly, "Error Reading Game"

Exit Function

End If

'Get the window's process ID.
GetWindowThreadProcessId hwnd, ProcessID

'Get a process handle
ProcessHandle = OpenProcess(PROCESS_ALL_ACCESS, False, ProcessID)

If ProcessHandle = 0 Then

'This is executed if a process handle cannot be found.
'You can add or write your own code here to customize your program.

MsgBox "Could not get a process handle!", vbCritical, "Read error"

Exit Function

End If

'Read a LONG from the specified memory offset.
ReadProcessMem ProcessHandle, Offset, value, 4, 0&

'Return the found memory value.
ReadLong = value

'It is important to close the current process handle.
CloseHandle ProcessHandle

End Function

Public Function WriteLong(Offset As Long, WindowName As String, value As Long) As Boolean

Dim hwnd As Long
Dim ProcessID As Long
Dim ProcessHandle As Long

'Try to find the window that was passed in the variable WindowName to this function.
hwnd = FindWindow(vbNullString, WindowName)

If hwnd = 0 Then

'This is executed if the window cannot be found.
'You can add or write your own code here to customize your program.

MsgBox "Run The Game First!", vbOKOnly, "Write error"

Exit Function

End If

'Get the window's process ID.
GetWindowThreadProcessId hwnd, ProcessID

'Get a process handle
ProcessHandle = OpenProcess(PROCESS_ALL_ACCESS, False, ProcessID)

If ProcessHandle = 0 Then

'This is executed if a process handle cannot be found.
'You can add or write your own code here to customize your program.

MsgBox "Could not get a process handle!", vbCritical, "Write error"

Exit Function

End If

'Read a LONG from the specified memory offset.
WriteProcessMemory ProcessHandle, Offset, value, 4, 0&

'It is important to close the current process handle.
CloseHandle ProcessHandle

End Function



in a timer



Dim manavalue As Long
Dim hpvalue As Long
Dim thehpadress As Long

Dim thempadress As Long
'///////
Dim refillatmana As Long
Dim healathealth As Long

refillatmana = 1500
healathealth = 1300
'//////////
thehpadress = "&H635F0C"

thempadress = "&H635EF0"
manavalue = ReadLong(thempadress, "Tibia Testserver")
hpvalue = ReadLong(thehpadress, "Tibia Testserver")
lblmana.Caption = "Mana: " & manavalue
lblhealth.Caption = "Health: " & hpvalue
If manavalue < refillatmana Then
SendKeys ("{F10}")
End If
If hpvalue < healathealth Then
SendKeys ("{F11}")
End If


All this does is send my hotkeys to the game when my mana or health drops below a value. Its kind of a cheap mans auto heal / mana restore made for test server :P.

But it got me to thinking , if this was implemented into a bot like blackd (using postmessage api instead of send keys so it worked when tibia was out of focus) then surely no bot detector can see this.It is simulating a human 100% by pressing the hotkey and not changing any data at all within tibia.

Of course with massive progs like blackd theres other methods that can get you banned but i see no disadvantage to this code , on test server I have been to poi , pharoes , demons and all sorts with this little bot running , it works fine I feel just as safe as blackds auto heal (with the exception of it not working out of focus due to my own lazyness in using sendkeys and not postmessage)

could you please use the code tags? It's very hard to see..

Magebot_SAFEMODE functions exactly like this and it is a fully featured bot. Give the demo a try and see what you think of it

nice +1!:)

timers are relatively detectable server sided analysing the frequency they receive packets, but its not likely that this is their method.
But its still way safer than hooking tibia's functions or using a proxy imo.

sorry for a bit offtopic,
but can anyone give me a hint how to do the first lines of code in C#?
I mean to get the process ID and that,
I think it's something like DWORD but I can't remember ;/
Im about to make some simple autohealer for an OT.

Magebot_SAFEMODE functions exactly like this and it is a fully featured bot. Give the demo a try and see what you think of it

Have people been complainging about being banned when using Magebot in safe mode?

None so far that im aware of

Im creating a open source vb6 project with this , but adding some advanced heal options too e.g:

Send f9 (my exura key) when health is above 1000(im injured but not badly) and mana is above 1000(I have plenty of mana to spare) but only if my current health is less than 1300 (my max hp is 1.5k so we make sure that a heal is needed and the mana will not be wasted)

Im using this instead of blackds heal for my main char right now, so I will continue working at it and have some source code soon :).

Im creating a open source vb6 project with this , but adding some advanced heal options too e.g:

Send f9 (my exura key) when health is above 1000(im injured but not badly) and mana is above 1000(I have plenty of mana to spare) but only if my current health is less than 1300 (my max hp is 1.5k so we make sure that a heal is needed and the mana will not be wasted)

Im using this instead of blackds heal for my main char right now, so I will continue working at it and have some source code soon :). I also added a lighthack to it (just because blackd was down the past few days this script worked on the new game version with no changes what so ever since the test sever version) but generally its intended to be used along side blackd.

Im also working on randomization ;).

This is still not got me banned on my level 240 paladin , whats more i recently got made a senior tutor , so I doubt they have any cheat logs on me.

gratz man!

Just give more ideas to CipSoft how to find botters.

gratz man!

Just give more ideas to CipSoft how to find botters.

If so they have to ban everyone using Tibia Hotkeys ;)

sorry for a bit offtopic,
but can anyone give me a hint how to do the first lines of code in C#?
I mean to get the process ID and that,
I think it's something like DWORD but I can't remember ;/
Im about to make some simple autohealer for an OT.

here's an exp counter I did (and still is working on), it should give you all the necessary code bits (clientchooser.cs contains getting PID and whatnot) except the sending hotkeys thing, although you just need to import the API through P/Invoke and then call it

it's for 7.4 though:
http://z6.invisionfree.com/classic_tibia/index.php?showtopic=177

Perhaps a functional and safe cavebot method would be by reading the player position in memory and calculating to send the "click"

This was added to the new safeblackd :D (well not exactly he used sendmessage / postmessage as I hinted in my first post).

p.s the offsets used in this that was made for a test server 4 versions ago , still work fine.

Perhaps a functional and safe cavebot method would be by reading the player position in memory and calculating to send the "click"

Probably the only way to do this is either take control of the mouse cursor to mapclick or send api packets to tell the client where to mouse clicked..

or the last option (currently known to me)
is to send a hell of alot arrow keys to the client
which would be alot! and i mean alot of waypoints

The thing is that one can quite easy intectept calls to readprocessmemory/writeprocessmemory and see if your own (tibia.exe) is involved in the call. If Cip aint doing that they suck quite bad when it comes to bot-detection. I would never dare to use a bot which use these calls.

rgds
Stukka

The thing is that one can quite easy intectept calls to readprocessmemory/writeprocessmemory and see if your own (tibia.exe) is involved in the call. If Cip aint doing that they suck quite bad when it comes to bot-detection. I would never dare to use a bot which use these calls.

rgds
Stukka

I have used this now for many levels and on test servers + if you look at tibia.exe with a debugger (I use softice but ollydbg will do) there is no api reading going on. This would be easy to bypass with a ring 0 (http://en.wikipedia.org/wiki/Ring_%28computer_security%29) driver if it happened but it does not.

P.S new client released about 1 minutes ago , new offsets if you are using this and want a bot until blackd updates are as follows (8.56):

thehpadress = "&H63FE8C"

thempadress = "&H63FE70"

It seems the hp amount is always +1C(h) mana address.