I deleted you from skype because of your many "questions"...You don't seem to do any effort so I will not give you tips.Quote:
Thanks , awsome tutorial (y)
Small question, any idea to how to generate random target ID ? so that to kill monsters which are arround...
Thanks in advance !
typedef void (__thiscall * SendDropItem_t)(void * client, int nothing, unsigned int itemid, unsigned int DropNum, unsigned int vPos);
SendDropItem_t pSendDropItem ;
uintptr_t p = 0x1999BC;
vPos = *reinterpret_cast<unsigned int *>(p);;
g_DPlay.SendDropItem( 0, m_pItemElem->m_dwObjId, 1, m_vPos );
pSendDropItem = (SendDropItem_t)((DWORD)g_hExeModule+0x1DE30);
if (GetAsyncKeyState(VK_OEM_MINUS)) //drop item id
{
pSendDropItem((void*)g_DPlay, nothing, itemid , DropNum , vPos );
printf_s("DROPPING ID: %x\n", itemid);
}
BOOL CWndDropConfirm::OnChildNotify( UINT message, UINT nID, LRESULT* pLResult )
{
if( nID == WIDC_YES || message == EN_RETURN )
{
// add error code so i can find the string in disect CE
Error("CWndDropConfirm::OnChildNotify");
g_DPlay.SendDropItem( 0, m_pItemElem->m_dwObjId, 1, m_vPos );
Destroy();
}
else if( nID == WIDC_NO )
{
Destroy();
}
return CWndNeuz::OnChildNotify( message, nID, pLResult );
}
I don't know what you are trying to do but if the issue is related to the m_vPos you should make sure this variable has the correct type.Quote:
Can you help me find the base address of vPos parameter? I've already tried searching write/access opcodes and also used pointer scan but i can't find that green address. Below is a snippet:
I was able to drop items but the problem is, it is not being dropped on my location because my vPos values are wrong. The address 0x1999BC always contain the value of vPos even i reopen clients but it contains a hexadecimal value.Code:typedef void (__thiscall * SendDropItem_t)(void * client, int nothing, unsigned int itemid, unsigned int DropNum, unsigned int vPos); SendDropItem_t pSendDropItem ; uintptr_t p = 0x1999BC; vPos = *reinterpret_cast<unsigned int *>(p);; g_DPlay.SendDropItem( 0, m_pItemElem->m_dwObjId, 1, m_vPos ); pSendDropItem = (SendDropItem_t)((DWORD)g_hExeModule+0x1DE30); if (GetAsyncKeyState(VK_OEM_MINUS)) //drop item id { pSendDropItem((void*)g_DPlay, nothing, itemid , DropNum , vPos ); printf_s("DROPPING ID: %x\n", itemid); }
Below is the location of the function @ _Interface\WndField.cpp
Code:BOOL CWndDropConfirm::OnChildNotify( UINT message, UINT nID, LRESULT* pLResult ) { if( nID == WIDC_YES || message == EN_RETURN ) { // add error code so i can find the string in disect CE Error("CWndDropConfirm::OnChildNotify"); g_DPlay.SendDropItem( 0, m_pItemElem->m_dwObjId, 1, m_vPos ); Destroy(); } else if( nID == WIDC_NO ) { Destroy(); } return CWndNeuz::OnChildNotify( message, nID, pLResult ); }
typedef struct D3DXVECTOR3 {
FLOAT x;
FLOAT y;
FLOAT z;
} D3DXVECTOR3, *LPD3DXVECTOR3;
D3DXVECTOR3 m_vPos;
m_vPos.x = playerX; m_vPos.y = playerY; m_vPos.z = playerZ;
__inline float ReadFloatPointer(ULONG_PTR* PointerBase, int PointerOffset)
{
if(!IsBadReadPtr((void*)PointerBase, 4))
{
if(!IsBadReadPtr((void*)((*(ULONG_PTR*)PointerBase) + PointerOffset), 4))
{
return *(float*)((*(ULONG_PTR*)PointerBase) + PointerOffset);
}
}
return 0;
}
//.......
unsigned long * LocalPlayer;
const unsigned long ul_PlayerBase = 0x12345678;
const unsigned long ul_XOffset = 0x160;
const unsigned long ul_YOffset = ul_XOffset + 0x4;
const unsigned long ul_ZOffset = ul_XOffset + 0x4 + 0x4;
const unsigned long ulModbase = 0x400000;
//.........
LocalPlayer = (unsigned long*) (ulModbase +ul_PlayerBase);
typedef struct D3DXVECTOR3 {
FLOAT x;
FLOAT y;
FLOAT z;
void readVpos()
{
x = ReadFloatPointer((ULONG_PTR*)LocalPlayer, ul_XOffset) + 10.0;
y = ReadFloatPointer((ULONG_PTR*)LocalPlayer, ul_YOffset);
z = ReadFloatPointer((ULONG_PTR*)LocalPlayer, ul_ZOffset) + 10.0;
}
} D3DXVECTOR3, *LPD3DXVECTOR3;
D3DXVECTOR3 m_vPos;
m_vpos.readVpos();
// TODO call your hack function
//......
You are not noob because in CW server my method described in the first page will not work..Quote:
I'm just having one issue that i'd like you to help me if you have the time and if you want to of course
I was unable to find the target ID in a private server called clockworks flyff, i tried really hard to do it with cheat engine, WpePro and wireshark and I just couldn't, wireshark it's too messy to play with and WpePro doesn't send or receive any packages from this flyff, don't particular know why. Could you help me out to find the target ID in this flyff if possible? Or I am a noob that just couldn't do it?
Thank's already.
I tryed now for NoFlyff and I got a little problem.. for sword it's working, but for knux or knight axe.. I get only "Please wait a moment before attacking again". I thought the issue is the "weapon speed", so I checked with "movss xmm0,[edx+00000130]", but values was correct..Quote:
Hello sexy cheaters :D
...
It seems to be the correct reason.Quote:
Any ideea what issue can be?
The value from knux I see in the eax+130 (this server have eax instead of edx) is the same as the one you written (0.0700000003). Hmm.. maybe the value is still rounded.. I see it's shorter with 1 digit than sword.. but can't get it.Quote:
What value of knux speed you see when you put a break point on function start and hit manually a mob?
It could be rounded in CE and it may be the reason that this value is not accepted so try to find the full float value.
Also you could call the ingame function getcurrenthanditem() or something like that. To find it, it must be called before the instruction that uses the xmm0 and offset of weapon speed is 0x130 like you said :)
I will check it tonight if you still need help.
(Written from my smartphone)
I found it!! LOL you have to pass a hex value as a weapon attack speed instead of a float...Quote:
Find another way ;)Quote:
So I was trying to do Mazey but I wasn't able to find anything when trying to search DoAttackMelee (both on referenced string and all string) what does this mean?