Skill Cast Function

05/15/2009 03:34 griswald#1
Hey,

I'am new to this conquer hacking business, and my first goal is to write a memory based xp caster. I want it to cast a xp skill when xp reaches 100. I have found the offset for the xp skill but i don't understand the skill cast function in CO. if someone would nudge me in the right direction of how to find it or give me pointers i would appreciate it

~griswald
05/15/2009 08:18 IAmHawtness#2
If you were told the skill cast function, would you know how to execute it?
05/15/2009 08:54 ookamocka#3
Quote:
Originally Posted by IAmHawtness View Post
If you were told the skill cast function, would you know how to execute it?
that's the hardest part XD
05/15/2009 09:09 IAmHawtness#4
Quote:
Originally Posted by ookamocka View Post
that's the hardest part XD
Not really since clintonselke converted that VB6 code I found into AutoIt :p.
05/15/2009 09:37 ookamocka#5
Quote:
Originally Posted by IAmHawtness View Post
Not really since clintonselke converted that VB6 code I found into AutoIt :p.
ya, but i mean writing that part, is the hardest part :-P everything else is basic simple programming like you would write any other program :)
05/15/2009 11:14 _fobos_#6
Quote:
Originally Posted by griswald View Post
Hey,

I'am new to this conquer hacking business, and my first goal is to write a memory based xp caster. I want it to cast a xp skill when xp reaches 100. I have found the offset for the xp skill but i don't understand the skill cast function in CO. if someone would nudge me in the right direction of how to find it or give me pointers i would appreciate it

~griswald
What dont you understand from the skillcast function?
05/15/2009 14:56 griswald#7
Quote:
Originally Posted by IAmHawtness View Post
If you were told the skill cast function, would you know how to execute it?
i have no clue about the skill function, im guessing it would be just pushing the arguments into stack then calling the function? I understand if you want to keep the method secret. I just want to learn how to do this, since i see you already have everything figured out in your cooperative >< Thanks for any help bro

Quote:
Originally Posted by _fobos_ View Post
What dont you understand from the skillcast function?
first of all maybe i should learn how to find functions in general. I don't understand the first step you guys used to find functions. Do you just go through the whole assembly to see what everything is doing? Or do you somehow narrow a call down and breakpoint and see if it is the function. If so how do you narrow it down is what im asking.
~griswald
05/15/2009 15:24 _fobos_#8
Quote:
Originally Posted by griswald View Post
i have no clue about the skill function, im guessing it would be just pushing the arguments into stack then calling the function? I understand if you want to keep the method secret. I just want to learn how to do this, since i see you already have everything figured out in your cooperative >< Thanks for any help bro



first of all maybe i should learn how to find functions in general. I don't understand the first step you guys used to find functions. Do you just go through the whole assembly to see what everything is doing? Or do you somehow narrow a call down and breakpoint and see if it is the function. If so how do you narrow it down is what im asking.
~griswald
open StrRes.ini maybe you'll find something like cant cast this spell bla bla convert the number to hex and search push <number> then search from there on :)
05/15/2009 15:26 IAmHawtness#9
Quote:
Originally Posted by griswald View Post
i have no clue about the skill function, im guessing it would be just pushing the arguments into stack then calling the function? I understand if you want to keep the method secret. I just want to learn how to do this, since i see you already have everything figured out in your cooperative >< Thanks for any help bro



first of all maybe i should learn how to find functions in general. I don't understand the first step you guys used to find functions. Do you just go through the whole assembly to see what everything is doing? Or do you somehow narrow a call down and breakpoint and see if it is the function. If so how do you narrow it down is what im asking.
~griswald
The easiest way for finding specific functions inside CO (this is just my opinion) is using Cheat Engine or ollydbg, I prefer Cheat Engine.

If you want to find the skill use function, you could, for example, try finding the address that contains your current selected skill with Cheat Engine, and then find out what instructions that accesses that address when you use a skill in CO.

This is taken directly from my COoperative (written in VB6):

Code:
Private Function UseSkill()
Dim ASM As New clsASM

With ASM
.Pushad
.Push &H0
.Push (targetid)
.Push (skill)
.Mov_ESI &H5DABB8
.Mov_ECX_ESI
.Mov_EAX &H4EACEA
.Call_EAX
.Popad
.Ret
End With
ASM.Run_ASM (pid)
End Function
The "Use skill" function inside Conquer is located at 004966E5 and looks like this:
Code:
004966E5 - 6a 00                      - push 00
004966E7 - ff 77 50                   - push [edi+50] [COLOR="YellowGreen"]'(This pushes the skill ID - e.g. 1095 (Hexadecimal: 0x447) for Stig)[/COLOR]
004966EA - ff b3 4c f3 0a 00          - push [ebx+000af34c] [COLOR="YellowGreen"]'(This pushes the target/player ID)[/COLOR]
004966F0 - 8b ce                      - mov ecx,esi [COLOR="YellowGreen"]'(ESI must be 005DABB8 (for patch 5125 Conquer.exe's))[/COLOR]
004966F2 - e8 f3 45 05 00             - call 004eacea
05/15/2009 15:55 griswald#10
Quote:
Originally Posted by IAmHawtness View Post
The easiest way for finding specific functions inside CO (this is just my opinion) is using Cheat Engine or ollydbg, I prefer Cheat Engine.

If you want to find the skill use function, you could, for example, try finding the address that contains your current selected skill with Cheat Engine, and then find out what instructions that accesses that address when you use a skill in CO.

This is taken directly from my COoperative (written in VB6):

Code:
Private Function UseSkill()
Dim ASM As New clsASM

With ASM
.Pushad
.Push &H0
.Push (targetid)
.Push (skill)
.Mov_ESI &H5DABB8
.Mov_ECX_ESI
.Mov_EAX &H4EACEA
.Call_EAX
.Popad
.Ret
End With
ASM.Run_ASM (pid)
End Function
The "Use skill" function inside Conquer is located at 004966E5 and looks like this:
Code:
004966E5 - 6a 00                      - push 00
004966E7 - ff 77 50                   - push [edi+50] [COLOR="YellowGreen"]'(This pushes the skill ID - e.g. 1095 (Hexadecimal: 0x447) for Stig)[/COLOR]
004966EA - ff b3 4c f3 0a 00          - push [ebx+000af34c] [COLOR="YellowGreen"]'(This pushes the target/player ID)[/COLOR]
004966F0 - 8b ce                      - mov ecx,esi [COLOR="YellowGreen"]'(ESI must be 005DABB8 (for patch 5125 Conquer.exe's))[/COLOR]
004966F2 - e8 f3 45 05 00             - call 004eacea
wow, i can't beleive i didn't think about tracing using the currently selected skill. This is a very good lead, thank you so much for deciding to help i really appreciate it

~griswald