[Tutorial] Call a function inside Neuz (melee attack example)

Quote:

Originally Posted by blaster21 sorry for this hard necro but this post is still relevant til this day. @[Only registered and activated users can see links. Click Here To Register...] i managed to compile everything found all ID's needed to use with the source, but once i started the bot it crashes maybe the server im playing with has protection against it or i don't know if the dwAtkMsg value is wrong i might be wrong on this one though but how do you find its value?

Quote:

Originally Posted by sumbat Hi guys how can I find the g_DPlay address?

DWORD g_DPlay = 0x0; // Pointer to our client (for Krona, it is Neuz.exe+9FDA70) => it can be found at ECX register at the function start

Quote:

Originally Posted by Boiking1 When i toggle the breakpoint and hit a target, the dword gives me the same results as the ECX and EBX values. I also tried to scan it once, but when I clicked on 'find out what accsesses this adress' it only gave me bs. the EDX ECX etc. values are still the same so i cant find these two static adresses. Please Help!:feelsbadman:

Quote:

Originally Posted by cookie69 what flyff server? I could make better explanation and give a whole working bot but I don't want to spoon feed and pserevrs are different so I can not make an example that works for all the servers.. For the class pointer (ECX), basically you can even get it automatically if you know how to hook the function. You can just hook the Function (SendMeleeAttack) and save the ECX in a variable when it is called. For the target ID, it is not hard to find, just use CE and search for changed/unchanged values: so when you target a mob/player/npc then the value changes into memory, when you dont target anything value=0,...

Quote:

Originally Posted by Boiking1 I would like to do it in Eclipse Flyff. I also tried the thing with the static values but they just didnt changed. Just a quick overview of what ive done. -Linked the Game. -Killed a Mob -Went into Memory view -Found 'DoAttackMelee' -Found the Client Adress -Went back up and searched for the call function that starts the action -F5, Attacked a Mob, back into CE, F5, F9 Then I opened Full Stack and got stuck. Tried already many dword's (hoped that ill maybe get it with luck) but nah. [Only registered and activated users can see links. Click Here To Register...] Dont know if the Image appears so heres the link, just in case:[Only registered and activated users can see links. Click Here To Register...] Heres something that I found: Neuz.exe+27FB40 Send Melee Attack adress Neuz.exe+71E380 client adress Dont know if it is correct (Im pretty bad with CE) Best regards

Quote:

Originally Posted by Boiking1 I already tried to make a bot with AHK, AutoIt and Python. The game only blocks AHK and AutoIt, but Python worked for me so I dont know about that. Oh and I don't want to try it on other servers because it's my favorite one and I don't want to start all over again.

Quote:

Originally Posted by cookie69 You found the correct function and class pointer :awesome: Just put a break point on the call and you will see in the stack trace the 5 params of the function. [Only registered and activated users can see links. Click Here To Register...] For the target ID, you can proceed as I mentioned: search for 4Bytes type with "exact value=0", select a mob and hit next scan with "value changed", change target and search for "value changed", don't change mob and search for "value unchanged", repeat...until you find 3 values. Then test them one by one, use "find out what writes to this address" until it breaks and shows the opcode with offset "x20" [ebx+20] [Only registered and activated users can see links. Click Here To Register...] Then copy the EBX value (186591F0) and search for Hex value (4bytes) and you will find the 2 static target addresses (it is like it is always 2 static addresses in flyff). [Only registered and activated users can see links. Click Here To Register...] Then take the first pointer and add a manual pointer-address in CR like below: [Only registered and activated users can see links. Click Here To Register...] Now you can check: if you change targets then it would change in CE. when you unselect the target it show "0" Do the same for Target Id, just add an offset "2F8": [Only registered and activated users can see links. Click Here To Register...] EBX is also the mob pointer (target Ptr) and "2F8" is its ID offset: [Only registered and activated users can see links. Click Here To Register...] I didn't test it but basically this is what you need to find the required params. I hope it works for you now, Eclipse may have some securities like Aiden said, I have no idea about their security as I stopped making bots/cheats of this kind since a moment.

Quote:

Originally Posted by Boiking1 So I tried it and came a bit further. But I cant find 3 values, I only found 2. Anyway I tried to find the ofset but nothing came out. I foudnd these 3 EBX values but they are worthless I think. 6D013A00 427201D4 427201C4 I really dont know why i cant find those 3 adresses, i mean I did it like you said.:confused::(:confused: [Only registered and activated users can see links. Click Here To Register...]