You probably need to update the position and name offsets in the "PlayerPacket".Quote:
when i enable auto hunt he doesn't do enything
and i updated it to the last conquer patch
[RELEASE][.NET] Hooking library, take two
08/13/2012 15:46
IAmHawtness#61
08/13/2012 17:17
shitboi#62
for i<-0 to infiniteQuote:
SendPacketFunction = 0x6C8F56
ReceiveLoop = 0x6C9833
This is how I find the addresses:
Recv Loop
1. Search all referenced text strings for "catch error in process msg" without quotes.
2. Trace back until I find "TEST EAX, EAX" followed by "JNZ SHORT <ADDRESS>".
Send Packet Function
1. Search for the binary string "55 8D AC 24 FC DF FF FF B8 04 20 00 00".
Removing the "You can't jump that far." message
1. Search for the constant 186C0.
2. Trace back to the first "JLE <ADDRESS>" command.
3. Replace JLE (7E) with JMP (EB).
*Note: doing this also means that you can attempt to jump further than the server allows (which will disconnect you) so you should validate all jump packets from the client.
Lock client at 60 FPs
1. Search all intermodular calls for Kernel32.Sleep.
2. Trace back and find ADD ECX, 19.
3. Trace back and find LEA EDX, DWORD PTR DS:[ECX+19].
4. Change 19 to another value. The lower the value the higher the FPS and the reverse is true. I use a value of 10 for 60 FPS.
Yes it's very rudimentary as I am as much a noob at this as anyone.
Thanks
end for
I can move on with my project now. //though programmatically you will never see this line.
08/13/2012 22:33
metallica556#63
oh..and how i'm supposed to do that?Quote:
08/13/2012 22:40
InfamousNoone#64
On behalf of Martin:
Ah, let me just get my spoon and bib, just a moment...
Ah, let me just get my spoon and bib, just a moment...
08/14/2012 07:46
© Haydz#65
"Here comes the aeroplane. . . ."Quote:
Ah, let me just get my spoon and bib, just a moment...
08/21/2012 05:58
shitboi#66
just tested this project, it's brilliant
08/21/2012 19:04
kakamankoko#67
can i have the vb library pls ?Quote:
08/27/2012 02:56
shitboi#68
@hawtness
I was trying to add some functionality to the TestBot, then i realized that the magic type interact packet has had its targetID and Position encrypted
current packet structure appears to be
[length][packet type] [time stamp] [char id] [target id] [position] [interact type] [some unknown data field that only exists in magic type interact packets]
can you disclose the details of the current interact packet?
I was trying to add some functionality to the TestBot, then i realized that the magic type interact packet has had its targetID and Position encrypted
current packet structure appears to be
[length][packet type] [time stamp] [char id] [target id] [position] [interact type] [some unknown data field that only exists in magic type interact packets]
can you disclose the details of the current interact packet?
08/27/2012 11:18
IAmHawtness#69
[Only registered and activated users can see links. Click Here To Register...]Quote:
I was trying to add some functionality to the TestBot, then i realized that the magic type interact packet has had its targetID and Position encrypted
current packet structure appears to be
[length][packet type] [time stamp] [char id] [target id] [position] [interact type] [some unknown data field that only exists in magic type interact packets]
can you disclose the details of the current interact packet?
08/27/2012 11:54
shitboi#70
Thanks hawtness, I'll try it out later tonight.
08/27/2012 17:43
kakamankoko#71
what about me ?
08/27/2012 18:52
phize#72
Try his other thread, maybe?Quote:
08/28/2012 00:34
kakamankoko#73
can ou gmme link plsQuote:
08/28/2012 02:46
diedwarrior#74
[Only registered and activated users can see links. Click Here To Register...]Quote:
11/20/2012 15:41
KraHen#75
Lol I just took this out once again and I`m amazed that I`m actually understanding the ASM part now. I wanna thank you again for this. :D