please can u make it connect to private server instead of official?
[CODE]Ingame Functions( POST YOUR FINDINGS HERE )
03/08/2014 17:03
pureleech#106
03/09/2014 02:31
Thr!ce#107
Pointer to Camera Struct
Cam Functions:
The Struct:
I am too lazy to further analyze the struct.. it also includes position.
Code:
0x00F3B21C
Cam Functions:
Code:
0x006809B0 (zoom in) 0x006809E0 (zoom out)
Code:
struct SCamera
{
BYTE unk[0x30];
float rotationUnk; //0x30 Cam Rotation ?
float rotationUnk2; //0x34 Cam Rotation ?
float offsetX; //0x38 Cam Offset X
float offsetY; //0x3C Cam Offset Y
float offsetZ; //0x40 Cam Offset Z
BYTE unk2[0xC];
float zoomLimitNear; //0x50 Nearest Zoom
float zoomLimitFar; //0x54 Farthest Zoom // Modify this value for zoom hack
BYTE unk3[0x2C];
float zoom; //0x84 Current Zoom
};
I am too lazy to further analyze the struct.. it also includes position.
03/09/2014 06:29
RanOnlineSukZ#108
still cant make it work my other 2 pc's. i tried all the method :(
03/10/2014 03:06
Oriya9#109
Edit:
Sorry, I'll edit later.
Sorry, I'll edit later.
03/14/2014 09:42
RanOnlineSukZ#110
Waiting for it to work again :3
03/15/2014 10:54
LetsPlayPixelz#111
I said i will update the pointer for the target so here u go.
Pointer for Target
0x00B3D990
Offsets for the HP
{ 0xC, 0x8 } (int)
Offsets for the Name
{ 0xC, 0x100 } (string)
[Only registered and activated users can see links. Click Here To Register...]
Pointer for Target
0x00B3D990
Offsets for the HP
{ 0xC, 0x8 } (int)
Offsets for the Name
{ 0xC, 0x100 } (string)
[Only registered and activated users can see links. Click Here To Register...]
03/18/2014 23:13
Thr!ce#112
Ok I feel kinda stupid... I rereversed something already reversed:
At least I did add some stuff :P
There's lots of more stuff to add to this struct, but it's fucking huge.
Code:
DWORD GetCharacterStatsStruct(char c)
{
DWORD dwRes = ((int(WINAPI*)(char))0x00762C10)(c)
return dwRes;
}
struct SCharacterStats
{
int unk_0x0; // Some pointer
int unk_0x4;
int currentHP; // 0x8
int cash; // 0x0C IN SILVER
int level; // 0x10
float moveSpeed; // 0x14
int moveSpeedDisplay; // 0x18
int crit; //0x1C
int speed; //0x20
int maxHP; //0x24
int defense; //0x28
int evasion; //0x2C
int critdmg; //0x30
int accuracy; //0x34
int heal; //0x38
int unk_0x3C;
int unk_0x40;
int unk_0x44;
int dmg; // 0x48
BYTE unk_[0x24];
int currentEXP; //0x68
BYTE unk2[0x94];
char charName[38]; // 0x100
char guildName[38]; // 0x138 - not sure about size here
//int maxHPBonusPercentageViaEquipAndStuff; //0x2A8
//int mailCount; //0x3A4
};
There's lots of more stuff to add to this struct, but it's fucking huge.
03/19/2014 01:55
pureleech#113
i really wanted to use these codes on a different server can u guys post a tutorial on how to use this using cheat engine?
03/19/2014 22:08
ntKid#114
Awesome finding, If the ( char c ) argument does what i think it does i will cut my wrist for wasting alot of hours in my life.Quote:
Ok I feel kinda stupid... I rereversed something already reversed:
At least I did add some stuff :PCode:DWORD GetCharacterStatsStruct(char c) { DWORD dwRes = ((int(WINAPI*)(char))0x00762C10)(c) return dwRes; } struct SCharacterStats { int unk_0x0; // Some pointer int unk_0x4; int currentHP; // 0x8 int cash; // 0x0C IN SILVER int level; // 0x10 float moveSpeed; // 0x14 int moveSpeedDisplay; // 0x18 int crit; //0x1C int speed; //0x20 int maxHP; //0x24 int defense; //0x28 int evasion; //0x2C int critdmg; //0x30 int accuracy; //0x34 int heal; //0x38 int unk_0x3C; int unk_0x40; int unk_0x44; int dmg; // 0x48 BYTE unk_[0x24]; int currentEXP; //0x68 BYTE unk2[0x94]; char charName[38]; // 0x100 char guildName[38]; // 0x138 - not sure about size here //int maxHPBonusPercentageViaEquipAndStuff; //0x2A8 //int mailCount; //0x3A4 };
There's lots of more stuff to add to this struct, but it's fucking huge.
The number of offsets in the project is getting out of control we do need a byte pattern scan in future =P
nice work, Thr!ce.
03/19/2014 22:14
Thr!ce#115
I do have byte patterns for some off this stuff.
03/19/2014 23:08
kautot090#116
nTkid any update on your Afkloldermacro?
03/20/2014 08:28
RanOnlineSukZ#117
Waiting~~
03/20/2014 10:16
ntKid#118
Quote:
we are working on it.Quote:
03/20/2014 11:56
AlainProvist#119
:pQuote:
Thanks for completing it anyway :handsdown:
I made some research about skills cooldown to stop spamming skills stupidly. Even if spamming works well, from a behaviour point of view it is better to only cast one appropriate skill per frame.
Anyway here is what I found (a bit more complex that what we found before) :
The cooldown handling is actually a simple list where a minimalist structure containing the skill id and the current cooldown counter (and few other things) is dynamically allocated and added in the list through a pointer. When the cooldown counter reaches 0, the structure is deallocated and removed from the list.
So basically each time a skill is launched, a new cooldown structure is pushed in the list and lives for the whole duration of the cooldown. The list is apparently preserving initial order (not sorted by cooldown value for example).
Here is the cooldown structure :
Code:
struct SkillCooldownData
{
DWORD unk1;
DWORD skillID;// 0x0000XXXX
DWORD unk2;
DWORD unk3;
float cooldownTimer;//0x10
DWORD unk4;
DWORD unk5;
DWORD unk6;
};
(addresses are the french client's ones and even not updated)
Code:
float GetSkillRemainingTime( DWORD lpSkillId, ULONG lpBase/* = 0x017BD130*/)
{
SkillCooldownData* scd = NULL;
size_t* addr = (size_t*)lpBase;
if(addr)
addr = ThreadSafeReadAddress(addr, 0);
if(addr)
addr = ThreadSafeReadAddress(addr, 0x30);
size_t* startAddr = ThreadSafeReadAddress(addr, 0x8);
size_t* endAddr = ThreadSafeReadAddress(addr, 0xC);
size_t nbElts = (endAddr - startAddr);
if(nbElts == 0)
return 0.0f;
for(size_t i = 0; i < nbElts; ++i)
{
scd = (SkillCooldownData*)ThreadSafeReadAddress(startAdd r, 0x4*i);
if(scd && scd->skillID == lpSkillId)
return scd->cooldownTimer;
}
return 0.0f;
}
addr = ThreadSafeReadAddress(addr, 0x30);
It can sum up to addr = *(addr + 0x30);
I modified a little the previous coded functions from ntKid To return the real skill id and not the pointer containing it :
Code:
DWORD GetSkillIdFromSlotBar( DWORD lpSlot, ULONG lpBase/* = 0x017BB230*/ )
{
DWORD dwDelta = ( lpSlot - 1 ) * 4, dwRes = NULL;
size_t* addr = (size_t*)lpBase;
if(addr)
addr = ThreadSafeReadAddress(addr, 0);
if(addr)
addr = ThreadSafeReadAddress(addr, 0x4);
if(addr)
addr = ThreadSafeReadAddress(addr, 0xC);
if(addr)
addr = ThreadSafeReadAddress(addr, 0x604);
if(addr)
addr = ThreadSafeReadAddress(addr, 0x4);
if(addr)
addr = ThreadSafeReadAddress(addr, dwDelta);
if(addr)
addr = ThreadSafeReadAddress(addr, 0x8);
return ((((DWORD)addr)>>0xC)&0x0000FFFF);
}
VOID SendSkillID( DWORD lpSkillId, ULONG lpBase/* = 0x00F551E4*/, ULONG lpFunction/* = 0x006F1870*/ )
{
size_t* addr = (size_t*)lpBase;
if(addr)
addr = ThreadSafeReadAddress(addr, 0);
if(addr)
addr = ThreadSafeReadAddress(addr, 0x14);
if(addr)
addr = ThreadSafeReadAddress(addr, 0x64);
if(addr)
addr = ThreadSafeReadAddress(addr, 0x10);
if(addr)
{
__asm
{
mov edi, addr;
mov eax, 0x00000000;
push eax;// @ 8D162A
push eax;
mov eax, lpSkillId;
push eax;
mov ecx, edi;
call lpFunction;//6F1870
}
}
}
Code:
bool SendSkill( DWORD slot )
{
DWORD skillID = GetSkillIdFromSlotBar(slot);
float cooldown = GetSkillRemainingTime(skillID);
if(cooldown == 0.0f)
{
SendSkillID(skillID);
return true;
}
return false;
}
//And finally the skill casting behaviour executed from the main loop of the game :
if(elapsed > 0.7f)// 0.7 is the common cooldown between 2 skill cast in the game
{
bool hasSentSkill = false;
if(data.currentHP < (data.HPmax/2))// regen/aoe attack healing
hasSentSkill = SendSkill(5);
if(!hasSentSkill)
{
int tab[8] = {1,2,3,4, 9,10,11,12};// should be ordered by highest cooldown to smallest one
for(int i = 0; i < 8; ++i)
{
hasSentSkill = SendSkill( tab[i] );
if(hasSentSkill)
break;
}
if(!hasSentSkill)// regen/aoe attack healing
hasSentSkill = SendSkill(5);
}
if(hasSentSkill)
elapsed -= 0.7f;
}
03/20/2014 16:12
Thr!ce#120
Wow... so many thanks for just one sentence.Quote:
Nice work Alain!
Once weekend comes I'll have lots of free time aswell.