[Tutorial] Call a function inside Neuz (melee attack example)

Quote:

Originally Posted by ButtBoobies Well developed Bot. Tested it on C# and C++ Works Fine with FlyForSky / Insanity and SoD flyff. Keep developing! ^^

It is working in Insanity, Yes.
So Hellz has fixed it?? :facepalm:

hey man, does that allow to hit mobs all around me? I'm trying to gather mobs at this point

thanks for your great tutorial i am learning a bit :)

I made one for Insanity as a PoC based on my initial source but I added some dialog buttons and also the weapon attack speed is now auto-computed so you can equip a sword or knux...

Executables are in the first page.

Have fun.



VT:
[Only registered and activated users can see links. Click Here To Register...]

Looks good..
I have some questions, how do you find the client address? Becouse from your screenshots i can tell that the function SendAttack address is the line after the Move ecx,"Client Address here". But how do i find that?
And for the bot, this is not an aoe-like, right? that doesnt attack multiples mobs on every attack, just one at a time right?

can you make Neuz file for Mazey flyff please

Quote:

Originally Posted by slver26 can you make Neuz file for Mazey flyff please

If you are asking for a bypassed Neuz for Mazey then you could simply bypass the protection by killing the 2 threads below (using "Process hacker" for example) and you can use Cheat Engine without problems.
[Only registered and activated users can see links. Click Here To Register...]

Quote:

Originally Posted by cookie69 If you are asking for a bypassed Neuz for Mazey then you could simply bypass the protection by killing the 2 threads below (using "Process hacker" for example) and you can use Cheat Engine without problems. [Only registered and activated users can see links. Click Here To Register...]

Thank you ! :handsdown:
now i am working on how to melee attack :bandit:

@[Only registered and activated users can see links. Click Here To Register...]

How will I find the value of "dwAtkMsg" is it always 0x1d or 29 ?

If there's a function that calls for "find target" then make a bot from it.

Quote:

Originally Posted by slayer12 @[Only registered and activated users can see links. Click Here To Register...] How will I find the value of "dwAtkMsg" is it always 0x1d or 29 ?

Use the debugger. Put Breakpoint on the function start on CE and hit a monster and watch the stack frame you will see all the parameters of the function. I will add this later to the guide..

Quote:

Originally Posted by killzone If there's a function that calls for "find target" then make a bot from it.

There is something like that. If you hit 'Tab' when you are in GS or flying then you will select the. Nearest target.
You can use this function but you need to modify your client to Nop all the checks (that you are flying, that you are in GS...)

@[Only registered and activated users can see links. Click Here To Register...]

[Only registered and activated users can see links. Click Here To Register...]

I set breakpoint at SendMeleeAttackaddress Neuz.exe+1836B0 then client freezes upon attacking the Aibatt which means breakpoint is correct. Is sending neuz functions working on server with tom's antihack/?

Found these parameters on stack trace.

00B4E8CC, 0000001D, 00000000, 00000000,...

Are these the parameters for the function:

#ifdef __HACK_1023
void CDPClient::SendMeleeAttack( OBJMSG dwAtkMsg, OBJID objid, int nParam2, int nParam3, FLOAT fVal )
#else // __HACK_1023
void CDPClient::SendMeleeAttack( OBJMSG dwAtkMsg, OBJID objid, int nParam2, int nParam3 )
#endif // __HACK_1023

Quote:

Originally Posted by slayer12 @[Only registered and activated users can see links. Click Here To Register...] [Only registered and activated users can see links. Click Here To Register...] I set breakpoint at SendMeleeAttackaddress Neuz.exe+1836B0 then client freezes upon attacking the Aibatt which means breakpoint is correct. Found these parameters on stack trace. 00B4E8CC, 0000001D, 00000000, 00000000,... Are these the parameters for the function: #ifdef __HACK_1023 void CDPClient::SendMeleeAttack( OBJMSG dwAtkMsg, OBJID objid, int nParam2, int nParam3, FLOAT fVal ) #else // __HACK_1023 void CDPClient::SendMeleeAttack( OBJMSG dwAtkMsg, OBJID objid, int nParam2, int nParam3 ) #endif // __HACK_1023 It seems that OBJMSG is on parameter 1 and OBJID on parameter 0 on my neuz. And, both parameter 2 and 3 should be 0.

Yep, it depends on the flyff version. By the way, in the stack frame right click and select "full stack" for better display of the parameters.
And the client address (aldo called class pointer in Object oriented programming) is stored in the register ECX when the BP is hit.
This is because Microsoft decided to save the class pointer in ECX for their compiler and has no other explanations

@[Only registered and activated users can see links. Click Here To Register...]

i have basic knowledge in c++. thanks anyways :)

Quote:

Originally Posted by slayer12 @[Only registered and activated users can see links. Click Here To Register...] i have basic knowledge in c++. thanks anyways :)

You already have good basics because you found the right address of the target using the right way ;)
To make it faster in CE, when you are not targeting any entity, the address value is 0.
What you need, is to train with CE (youtube has more than what you need to learn how to search for a static pointer with multi offsets).

You can also check my little guide about finding the target address and target id in this post (Example with Insanity Flyff) [Only registered and activated users can see links. Click Here To Register...]

Thanks , awsome tutorial (y)
Small question, any idea to how to generate random target ID ? so that to kill monsters which are arround...
Thanks in advance !