Thank you so much for the release! but im quite unsure how to add these codes. Should i just copy and paste into the LUA and run the afkloader or is there any other methods for this?Quote:
Hi guys, here is how to send a Skill using SkillId ( not using a keyboard press )
Here is how you can query your current target agro information, can be tweaked to index the treasures drops or index the nearest monster on your Field of Vision. ( Usefull to stop using the tab key aswell just need to get select target function )Code://Retrieves the skill ID from the actual slotbar ULONG myGetSkillIdFromSlotBar( ULONG lpSlot, ULONG lpBase = 0x0179D9B0 ) { ULONG dwDelta = ( lpSlot - 1 ) * 4, dwRes = NULL; __asm { mov eax, lpBase; mov eax, [ eax ]; mov edi, dwDelta; mov eax, [ eax + 0x00000004 ]; mov eax, [ eax + 0x0000000C ]; mov eax, [ eax + 0x00000604 ]; mov eax, [ eax + 0x00000004 ]; mov eax, [ eax + edi ]; mov dwRes, eax; } return dwRes; } //Send skill by Id VOID mySendSkillID( ULONG lpSkillId, ULONG lpBase = 0x0179D87C, ULONG lpFunction = 0x006F1DA0 ) { __asm { mov edi, lpBase; mov edi, [ edi ]; mov edi, [ edi + 0x000000A0 ]; mov edi, [ edi + 0x00000010 ]; mov eax, 0x00000000; mov esi, lpSkillId; push eax; push eax; mov eax, [ esi + 0x00000008 ]; shr eax, 0x0C; and eax, 0x0000FFFF; push eax; mov ecx, edi; call lpFunction; } } //here is an example for sending the skill that is on your number 1 key using game engine. mySendSkillID( myGetSkillIdFromSlotBar( 1 ) );
//Here is an example of selecting the nearest target using the game engineCode:ULONG myGetMonsterTargetbyID( ULONG lpMonsterId, ULONG lpBase = 0x0179D9D8 ) { ULONG dwTargetId = NULL; __asm { mov ecx, lpBase; mov ecx, [ ecx ]; mov esi, ecx; Search: mov eax, [ esi + 0x00000008 ]; mov ebx, [ eax + 0x00000178 ]; cmp ebx, lpMonsterId; je FoundId; mov esi, [ esi ]; cmp esi, ecx; je Finnished; jmp Search; FoundId: mov ebx, [ eax + 0x00000170 ]; mov dwTargetId, ebx; Finnished: ; } return dwTargetId; }
//Camera View DistanceCode:VOID mySelectNearestTarget( ULONG lpBase = 0x00F38224, ULONG lpFunction = 0x0068DB50 ) { __asm { mov esi, lpBase; mov esi, [ esi ]; push 0x00000001; mov ecx, esi; call lpFunction; } } //most basic multiclient bot example. mySelectNearestTarget( ); mySendSkillID( myGetSkillIdFromSlotBar( 1 ) );
[Only registered and activated users can see links. Click Here To Register...] a simple LUA editable bot and source code example using Thr!ce AFKLoader and these functions.Code:/* Sometimes the monsters are in your field of vision but they are so far away that you cannot tab it for selection just change the maximum view distance. Dont forget to VirtualProtect it to PAGE_EXECUTE_READWRITE before writting, or just use cheat engine on address 00E07C78 ( FLOAT ) and set it to ur needs. */ *( PFLOAT )0x00E07C78 = 3600;
If this is usefull for you please credit me and press thanks button( this will keep me happy enough to make some of my research public in the future )
Here is some suggestions to have a look at:
-[Only registered and activated users can see links. Click Here To Register...]
-[Only registered and activated users can see links. Click Here To Register...]
-[Only registered and activated users can see links. Click Here To Register...]
CODE SHARES:
-[Only registered and activated users can see links. Click Here To Register...]
You are welcome to post your findings on this thread aswell.
[CODE]Ingame Functions( POST YOUR FINDINGS HERE )
02/16/2014 16:32
sannoh2#46
02/16/2014 17:58
Thr!ce#47
Inventory:
I wrote a small hack... to get the base address. Maybe someone else finds a better way:
Code:
// Size = 0x140 bytes
// First slot is 0x280 bytes, but somehow only contains the second item (first slot is ommited)
// Size = 0x140 bytes
// First slot is 0x280 bytes, but somehow only contains the second item (first slot is ommited)
struct InventorySlot
{
int amount; //0x0
int hasItem; //0x4
BYTE unk1[0x18];
// Connection to .dds file (icon?)
int itemType; //0x20 -- Gaia Crystal = 0x00340030
int itemID; //0x24 -- Large Experience Crystal = 0x00390036
BYTE unk2[0x64];
int anotherItemID; //0x8C
BYTE unk3[0x98];
int isTooltipOpen; //0x128
BYTE unk4[0x14];
};
I wrote a small hack... to get the base address. Maybe someone else finds a better way:
Code:
DWORD dwInventoryBase = 0;
DWORD WINAPI hk_GetInventoryBase(DWORD a, DWORD b) // a is a pointer to InventoryWnd
{
DWORD res = o_GetInventoryBase(a, b);
if (!dwInventoryBase)
{
std::cout << "InventoryBase: " << ToHex(res) << std::endl; // this is just for debugging
dwInventoryBase = res;
}
return res;
}
Code:
typedef DWORD(WINAPI * t_GetInventoryBase)(DWORD a, DWORD b); o_GetInventoryBase = (t_GetInventoryBase)DetourFunction((PBYTE)0x8A1880, (PBYTE)hk_GetInventoryBase);
02/16/2014 18:07
TheStupidDog#48
Hot Thr!ce, totally hot :P
Looks like inventory manipulation might be on it's way soon ;)
Looks like inventory manipulation might be on it's way soon ;)
02/16/2014 21:45
pureleech#49
even though i don't know how to use these codes im so happy, everyday theres a progress on this project, thank you :)
02/17/2014 00:20
ntKid#50
First of all great work Thr!ce i have been researching with your detoured function and this appears to be a linked list, i still did not reverse the struct, here is a "cheated" linked list for the same job.Quote:
Code:
ULONG dwSlotArray = *( PULONG )( *( PULONG )( *( PULONG )( ( *( PULONG )0x0179D920 ) + 0x00000214 ) + 0x000000F0 ) + 0x00000038 ) + 0x00000010;
while( dwSlotArray )
{
PULONG dwSlotBase = *( PULONG )( dwSlotArray + 0x0000000C );
//dwSlotBase = EAX from GetInventoryBase ( Thr!ce ) - CODE GOES HERE
dwSlotArray = *( PULONG )dwSlotArray;//next slot
}
dwItemType = 0x00340030;
dwItemID = 0x00360037;
02/17/2014 01:02
LetsPlayPixelz#51
Maybe someone of you need it.
Pointer for the Target:
00B3A98C
Offsets for the HP
{ 0xC, 0x8 } (int)
Offsets for the Name
{ 0xC, 0x100 } (string)
I will Update them if they are not up to date
Pointer for the Target:
00B3A98C
Offsets for the HP
{ 0xC, 0x8 } (int)
Offsets for the Name
{ 0xC, 0x100 } (string)
I will Update them if they are not up to date
02/17/2014 01:42
ntKid#52
[UPDATE]( 1 ) ( CHECK FIRST POST )
-Added SelectNearestTarget function using game engine( without sending tab key ) to my research
-Linked AlainProvist research on post #19 to first post.
[UPDATE]( 2 ) ( CHECK FIRST POST )
-Added basic editable LUA multiclient bot example using AFKLoader and the published functions.
[UPDATE]( 3 ) ( CHECK FIRST POST )
-Added Camera ViewDistance variable
-Added Source Code of CLua [Only registered and activated users can see links. Click Here To Register...]
[UPDATE]( 4 ) ( CHECK FIRST POST )
-Added Thr!ce research on GetInventoryBase.
-Added my research on Thr!ce function to perform a linked list.
-Added LetsPlayPixelz research on target information.
Thank you all for testing, debugging, sharing and being this friendly.
Keep it comming :)
-Added SelectNearestTarget function using game engine( without sending tab key ) to my research
-Linked AlainProvist research on post #19 to first post.
[UPDATE]( 2 ) ( CHECK FIRST POST )
-Added basic editable LUA multiclient bot example using AFKLoader and the published functions.
[UPDATE]( 3 ) ( CHECK FIRST POST )
-Added Camera ViewDistance variable
-Added Source Code of CLua [Only registered and activated users can see links. Click Here To Register...]
[UPDATE]( 4 ) ( CHECK FIRST POST )
-Added Thr!ce research on GetInventoryBase.
-Added my research on Thr!ce function to perform a linked list.
-Added LetsPlayPixelz research on target information.
Thank you all for testing, debugging, sharing and being this friendly.
Keep it comming :)
02/17/2014 02:10
pureleech#53
did u you update AFKLoader[Lua].zip? i wanna try :(
can i request or suggest something too? it's about in pvp
can i request or suggest something too? it's about in pvp
02/17/2014 10:24
anfimixis#54
Thanks for the magnificent work. Would you mind implementing a error.log?
My game tend to freeze (not crash) after X amount of cycles. Where X can be 1 or 10 or any number (but tend to happen before 5 mins) and i really dont know why. It just freezes, then when i click on the screen of the game win7 says 'not responding' so i have to close the game and re open.
It doesnt happen in any particular situation. Sometimes it happens when im alt tabbed doing something else. Sometimes it happens when the game is opened and im not doing anything else.
Its wierd, i dont know if the macro goes throw an infinit loop or what, but an error.log would be nice. Anyways i believe its cause the developers of the game sucks and didnt do a good job protecting memory being used by the game and its been overwritten, but who knows.
Im using Win 7 64 Bits with AFK Loader and ur lua macro with the following code
Thanks again for the awesome work.
My game tend to freeze (not crash) after X amount of cycles. Where X can be 1 or 10 or any number (but tend to happen before 5 mins) and i really dont know why. It just freezes, then when i click on the screen of the game win7 says 'not responding' so i have to close the game and re open.
It doesnt happen in any particular situation. Sometimes it happens when im alt tabbed doing something else. Sometimes it happens when the game is opened and im not doing anything else.
Its wierd, i dont know if the macro goes throw an infinit loop or what, but an error.log would be nice. Anyways i believe its cause the developers of the game sucks and didnt do a good job protecting memory being used by the game and its been overwritten, but who knows.
Im using Win 7 64 Bits with AFK Loader and ur lua macro with the following code
Code:
lpVal = lpVal or 1 local dwWait = os.time( ) + lpVal while os.time( ) < dwWait do end end IsTarget = CGetPlayerTarget( ) if IsTarget == 0 then CSelectNearestTarget( ) else if CGetPlayerTarget( ) then CSendSlotBarSkill( 9 ) myWaitSecond( 1 ) end if CGetPlayerTarget( ) then CSendSlotBarSkill( 11 ) myWaitSecond( 1 ) end if CGetPlayerTarget( ) then CSendSlotBarSkill( 12 ) myWaitSecond( 1 ) end if CGetPlayerTarget( ) then CSendSlotBarSkill( 1 ) myWaitSecond( 1 ) end if CGetPlayerTarget( ) then CSendSlotBarSkill( 2 ) myWaitSecond( 1 ) end if CGetPlayerTarget( ) then CSendSlotBarSkill( 3 ) myWaitSecond( 1 ) end if CGetPlayerTarget( ) then CSendSlotBarSkill( 4 ) myWaitSecond( 1 ) end end
02/18/2014 02:53
TheStupidDog#55
Well, I felt useless after all the work everyone else is doing so I spent a little time tracing the pointers for the X, Y and Z coords for the player. I've checked these to the best of my puny abilities and am hoping that they're good. I have NO idea exactly which format to post this in so I'll just do something that makes sense (I used CE to get them).
Seems you can teleport freely in this game without any rubber banding. Hope this helps, and more to the point I hope it's actually correct info that works (I restarted the game many times and rebooted etc, only thing I was unable to do is test on another system). Apologies if this is wrong...
Code:
X axis "game.bin"+00B37964 offset 0 +14 offset 1 +64 offset 2 +10 offset 3 +10 offset 4 +154 Y axis offset 4 +158 Z offset 4 +15c
02/18/2014 03:44
pureleech#56
how can i use this code :( i cant understand it
02/18/2014 04:09
TheStupidDog#57
I uploaded a table for cheatengine. Here's some instructions on how to work it.
1.Unrar .ct file and put it somewhere safe.
2.Load Cheatengine (as admin of course).
3.File menu, open file, load the .ct file.
4.Press the "Select a process to open" button while running the game and choose "Game.dat"
5.In the bottom part of CE you should see three rows, one for X, one for Y etc etc. The "Value" part is your current in game coordinates and will update on CE as you run around. To move your character in game, simply change the value of whichever coordinate you want, obviously you'll need to know where you're going first though.
That'll at least let you teleport around the map, but be warned that if you get seen teleporting you risk your account using this method ;) It's also possible they have some server sided detection that could flag accounts (but also unlikely due to the nature of lag/bad connections).
If this doesn't work for you then it'll mean I screwed up on finding the right pointers (in which case I'll get back on it tomorrow if someone else hasn't already done it).
Have fun and if there are any problems or anything to do with these coords or the CE table then please use PM to contact me and not use this thread please ;)
1.Unrar .ct file and put it somewhere safe.
2.Load Cheatengine (as admin of course).
3.File menu, open file, load the .ct file.
4.Press the "Select a process to open" button while running the game and choose "Game.dat"
5.In the bottom part of CE you should see three rows, one for X, one for Y etc etc. The "Value" part is your current in game coordinates and will update on CE as you run around. To move your character in game, simply change the value of whichever coordinate you want, obviously you'll need to know where you're going first though.
That'll at least let you teleport around the map, but be warned that if you get seen teleporting you risk your account using this method ;) It's also possible they have some server sided detection that could flag accounts (but also unlikely due to the nature of lag/bad connections).
If this doesn't work for you then it'll mean I screwed up on finding the right pointers (in which case I'll get back on it tomorrow if someone else hasn't already done it).
Have fun and if there are any problems or anything to do with these coords or the CE table then please use PM to contact me and not use this thread please ;)
02/18/2014 09:34
AlainProvist#58
Nice finding ;) I'm just misunderstanding why the position is not verified server side... It is just completely crazy. I'll dig for the location of the auto path coordinate when I have some free time. Could me more appropriate to use instead of teleporting :p.
02/18/2014 10:29
Shane¸#59
Currently I'm working with Oriya's Aura Kingdom Extended app, in case he releases it, I'll post my dlls as well.
02/18/2014 10:29
Oriya9#60
I'm not sure if those are the same variables that I have messed with.Quote:
there are quite a few variables that hold the character's coordinates but only one [EDIT: I meant one array (3D Vector) of course] (from what I've seen) can actually impact the game and "teleport" you.
so I assume they are the same. unless of course there are more variables that can "teleport" you.
If they really are the same, it can't be detected, at least not with the way the game is currently working.
changing these values is as good as sending a packet to the server saying: "I want to move from X1, Y1, Z1 to X2, Y2, Z2 please".
if you "teleport" yourself to a very far location you'll see that it's clientsided. but a valid request was actually sent to the server. so it's clientsided (your current location) but you are walking to those coordinates (serversidedly).
how can you see that? 2 easy ways.
1.
First, again, "teleport" yourself far away from the point you're at right now.
try to attack a monster, you'll notice it will not do anything for some time and then it will start attacking the monster.
why? again, because your character wasn't there yet (serversidedly) but once it reached there, the server allowed you to attack the monster.
same goes to player spawns, it seems like monsters will spawn right away and so are Eidolon. players however will take a while to spawn, basically, the same concept, until you "actually" reach those coordinates.
2.
Start a second client, login and stand next to your 1st character.
"teleport" your 1st character to very close coordinates, let's say only -50 of its current X coordinate.
you'll notice the 2nd character is now seeing the 1st character simply running to that place like it would normally do. not actually teleporting.
if you "teleport" to a very far location, you'll notice the 2nd character is now seeing the 1st character start moving and then slowly fading away at the far distance.
Edit:
You figured how to use it on your own? :PQuote:
damn you! hehe
there are some hidden features there though :)