[Help] Finding current target in monster array

04/16/2013 02:55 iktov2#1
Hey,

I have been trying to work out the skill attack packets in Waren Story the last couple of days. I have finally figured out the entire packet, but I need to update the current target ID in order to make it work.

I looked at where the game calls the function to attack and traced up a little bit and found this:

Code:
004F5748  |.  D95C24 44     

FSTP DWORD PTR SS:[ESP+44]
004F574C  |.  8B4424 48     

MOV EAX,DWORD PTR SS:[ESP

+48]
004F5750  |.  D980 2C152F02 

FLD DWORD PTR DS:[EAX

+22F152C]
004F5756  |.  8D4C24 28     

LEA ECX,DWORD PTR SS:[ESP

+28]
004F575A  |.  D84424 44     

FADD DWORD PTR SS:[ESP+44]
004F575E  |.  8D80 94022F02 

[B]LEA EAX,DWORD PTR DS:[EAX

+22F0294][/B]
0x22F0294 is the first Monster struct in the Array for mobs, somewhere in here when I put a breakpoint I get the address 0x6349C10, this address is about 100bytes away from the "Target" address witch is simply an address that reads 0xFFFFFFFF when no target(invalid target) and 1 when a valid target is selected(also has the current targets HP here).

If I put a breakpoint on the instruction in bold above, I instantly get the address of the current mob I have targeted.

Now given the information I have found above, anybody have any ideas how I can do this myself in C++, take the current target and find its placement in the monster array so that I can grab its ID and update my attack packets with them.

Any help would be greatly appreciated as always.
04/16/2013 13:16 Rumil12#2
You could do a code cave, and just move eax into a variable that you created. That would probably work, then just add the +100 or whatever and you should have your address.
04/17/2013 22:28 iktov2#3
Ah well, at this point in the code the game is only accessing it after the hit is completed. So the only way I would retrieve the ID of the target from this is by hitting the target first.

I need to match the Current Target to its position in the Monster array and grab its Unique ID before I hit it, so I can send its ID in the hit packet to make an auto-attacker(auto attack skills) using packets.

Basically what I am trying to figure out is the C++ equivalent of what is happening the ASM code above. I know its doing a loop through the Monster array here, what I can't figure out is what its comparing from the current target info to the monster array to find witch monster in the array is actually targeted. If you get my meaning.
04/17/2013 23:16 Rumil12#4
Quote:
Originally Posted by iktov2 View Post
Ah well, at this point in the code the game is only accessing it after the hit is completed. So the only way I would retrieve the ID of the target from this is by hitting the target first.

I need to match the Current Target to its position in the Monster array and grab its Unique ID before I hit it, so I can send its ID in the hit packet to make an auto-attacker(auto attack skills) using packets.

Basically what I am trying to figure out is the C++ equivalent of what is happening the ASM code above. I know its doing a loop through the Monster array here, what I can't figure out is what its comparing from the current target info to the monster array to find witch monster in the array is actually targeted. If you get my meaning.
Could you post more of the code before and after? If this code is only executed after a mob is hit, then I think it would be fair to say that the target info was grabbed before this, and so is simply pointing back to the location in the mob array for the id at this point given that this code is only loading pointers. So I assume what you would then want to do is make your own pointer point to the same thing, correct?
04/18/2013 00:42 iktov2#5
Quote:
Originally Posted by Rumil12 View Post
Could you post more of the code before and after? If this code is only executed after a mob is hit, then I think it would be fair to say that the target info was grabbed before this, and so is simply pointing back to the location in the mob array for the id at this point given that this code is only loading pointers. So I assume what you would then want to do is make your own pointer point to the same thing, correct?
I found another instance in the game client where it accesses the mob array for drawing the information for the Current Target Frame. In this instance I could do as you suggested with a code cave, but damn I would really like to figure out what the game is using to compare data with the current target and the mob array to decide witch entry in the mob array is the current target.

Something like:

Code:
for(int i = 0; i < 50; i++) //assuming 50 mobs in array
{
       int ID = mobarray[i].MobID;
       Target[ID]
}
I did something like the above with my loot filter for 12sky2 because the dropped item struct does not contain an entry for Rarity, so you had to compare the item on the ground to the ItemList to determine its Rarity. Just not certain how to do it in this case.
04/18/2013 01:29 Rumil12#6
It is possible that when the mob is targeted, a flag is set inside the Mob array.

Look around in that new instance you were talking about for a cmp to 1 or 0.
04/18/2013 01:57 softuserz#7
when I need to find target adresses I search what the mouse sees in text eg. (leave mouse over item in gear slot search that name value in CE move to next peice of gear see if the name value in CE changes to the new name value if it does browse mem region of that adress) hope that helps.
04/19/2013 01:44 Rumil12#8
Idol why I didn't think of this earlier, but are you able to find the element that id should be at in the array? As in array[x], where x is the element.
04/19/2013 01:46 iktov2#9
Well anyways, there is a static address in the game client that holds the ID of the current target. So now if I want to find the current targets position in the array just compare that to the ID of the mob in the array and I have it. Thanks again to Wazzup for that info.
04/19/2013 04:42 softuserz#10
its all chineese to me -_-
04/19/2013 06:05 iktov2#11
Quote:
Originally Posted by softuserz View Post
its all chineese to me -_-
Believe me, most of it is to me as well. When I look a lot of the client bots for FPS and such and more complex application code I just about pass out trying to make sense of a lot of it. When I start looking at more complex shit I start to think I never even scratched the surface in anything I ever did and get flustered ha ha.

Anyways, your idea with the 0, 1 flag in the mob structure was right rumil and that method worked as well.

Code:
int ID = 0;
for(int i = 0; i < 50; i++)
{
    if(mobs[i].Flag == 1)
    {
       ID = mobs[i].ID;
    }
}
Once I looked at my mob struct again in re-class I saw that value down at the bottom of the struct just before the name, mob type ID. Added it to my struct and a for loop through the array returned the correct ID of the mob I had targeted. But after Wazzup told me there was a static adress for the current mobs ID its a lot more efficient to just use that.
04/19/2013 06:13 Rumil12#12
Haha yep sure would be :D. Good to know I knew what i was talking about though lol