You can do a script in auto assembler with cheat engine but it is a lot harder i think than doing it in C++ as you would have to write in assembler? or maybe lua?.
I already have a vac hack in my release of Map Fun btw (C# version I think) if you can find wherever that was stored...
Basically you loop through the data you know about monsters/players etc whatever you are targeting.
You then filter, Find ones that are alive and can be considered for attacking.
There are two choices for Vac or Reverse Vac.
VAC is where you bring them to you/near you (Could AOE)
Reverse VAC you goto them (Can only attack 1 at a time for example *Yeah this isnt always the case but still*)
To find the monsters/players/items etc in memory there is something simple you can do here is my method.
If you are wanting to find monsters information stay in town with no monsters around.
Search for 4 byte value 0.
This may take a while so grab a coffee if your on a slow pc.
Next you want to walk towards where you see a monster
Search for 4 byte 1.
Walk back to town and wait for the monster to disappear out of your clients memory, takes about 6~9 sec depending on the last update packet from the server.
Search for a changed value of 0.
Repeat this until you find a value in memory that is 1 when monster is around but 0 when it is not. (Maybe mix it up stay in same place search for unchanged value)
Takes me like 2 minutes to find.
Think of this value as the Active / Not Active value, it is the first value in the X_Entity structure where X is Monster, Player, NPC, Item etc.
You want to find the first occurrence memory address wise, if you can limit the monsters you see to 1 or 2 this will work best.
Once you find the value freeze it to 0 *Make sure you freeze at 1ms this can be configured in cheat engine settings*
If the monster disappears when you are near them you know you found it.
You should know some things,
Usually games store information about things in a structure and they have an array of these structures (Or structure pointer).
To find the size of the structure you want to find the distance in bytes between the first occurrence of the Exist flag and the Second occurrence.
Hint: Use subtraction
By now you have found the Array of monster entity info / monster state info.
And you have found the size of the structure.
You can map out the structure using cheat engines structure mapping tools, or reclass etc.
I have actually already done this with the help of Tri407tiny and a few others.
Once you goto the structure address in the memory viewer look for values that change when your monster #1 moves.
The location direction part goes like this if i remember correctly
byte action
byte state
float frame position
float X,Y,Z,Direction
There is also Xto,Yto,ZTo,DirectionTo
Target index (What monster is attacking or player etc)
Monsters have ID and UniqueID and for some reason another UniqueID.
They have health to.
You will probably want to make a signature to find the memory location again it will be different between running of the game and possibly even maps.
Find what code accesses the Exists flag/4byte/boolean.
Find the pointer.
Make sure its a level 1 pointer? If not find however many pointer levels you need. Hint Cheat engine tutorial. (I like to search for the address as 4Byte Hex)
In your DLL or w/e script.
Loop through the collection of information
Set their X,Y,Z to your X,Y,Z or slightly in front of it. (Pro tip you can find your character state information by searching for your character name as text if you change it and move around it will change above your head. View this address in the memory browser and find the XYZ part of the structure. Your character state will always be the first index in the character states array) (This goes for Troy, TS1, TS2 etc)
So anyway you can figure that stuff out, I will also link you to the information I have on this.
TS2
See the tabs down bottom navigate for structures (INFO IS OLD from old project on TS2 and MapFun Hack)
TS1
See the StatePacket for information maybe
As for reading and writing to pointers in C++ thats easy
Quote:
struct Location {
float x,y,z;
};
Location* playerLocation = (Location*)0xDEADBEEF; // Figure out this adddress use a signature scan btw.
struct MonsterState {
// Put yo state definition here. you could pad for shit you dont care about.
};
|
Loop example
Quote:
for (var i=0;i<10000;i++) {
MonsterState* m = MonsterStates[i];
if (m->health > 0) {
m->location->x = playerLocation->x;
m->location->y = playerLocation->y;
m->location->z = playerLocation->z; // You could use cos and sin to move them slightly away from you.
}
}
|
// There was a trick I noticed for byte padding to get the compiler not to pad to nice memory regions so that the structs you type match game structs byte for byte surround your struct definitions in your header file with this. I seem to have lost it though
im sure you can find it on stack overflow to do with visual studio byte structure padding or something. gl.
For info on making a dll see my topic here:
Anywho, good luck
