[Request] Wallclimb Tutorial

Page 1 of 4 1 23 Last »
06/30/2009 18:46 pabsto#1
Hey Leute,

wie der Titel schon sagt wäre nett wenn hier jmd. mal ein Tutorial erstellt das erklärt wie man Wallclimb hinbekommt. Mit CE oder was auch immer.
Hoffe ihr nehmt euch "kurz" Zeit, danke im vorraus.

mfg
06/30/2009 20:43 Nachtwesen2#2
Ja das fände ich ebenfalls ganz toll!
06/30/2009 21:39 run32.dll#3
wallclimb for dummies

1. start Runes of Magic
2. start Cheat Engine ([Only registered and activated users can see links. Click Here To Register...])
3. press the flashing button with a computer symbol
A "Process List" window pops up
4. scroll throu the list and select "Client.exe"
5. press "Open"
5. press "Add address manually
A "Add address" window pops up
6. in "Address" enter this: 84b46C
7. change "Type" to "Float"
8. Press "OK"
9. doubleclick on "4" under value
A "Value" window pops up
10. enter "0.2"
11. press OK

PLZ SHOOT YOURSELF IF THIS IS TO HARD FOR U! THX! :facepalm:
(this post may contain retarded english, hell I dont care)

edit: updated addr.
06/30/2009 22:15 Nachtwesen2#4
Yes, this it is!!! I don´t know the adress 84b464. I only read other in the forums. How could I found out the right adress if there is an update???
07/01/2009 13:31 run32.dll#5
To find the wc addr atleast some asm knowledge is required!

The hard method / how I found it the first time:
Find your y-playerposition (the real one, not the one in the objectstruct)
for the 1844 build its: [[[[0088FF40]+680]+D4]+8C]+B4
Set a write-BP on the y-position. Find out what writes to this location while your character trys to climb a mountain.

Code:
  _
 / \ <-move against some hill u cant get up / gegen einen Berg laufen wo man nicht hoch kommt
/   \
     \    0
 hill \  /|\
       \_/ \________________
After you have found the instruction trace around until you find some static addr. It should look similar to this: movss xmm0,[0084b464] This may take some time. I cant remember the exact way but it wasnt very hard to find.

The easy way / using searchpatterns
This method requires that you already know the wc addr of an older binary and that you have made some notes. So here are my notes for the old RoM Version 2.0.6.1834:
Code:
[COLOR="SeaGreen"]0044D97B - eb 08                      - jmp 0044d985
0044D97D - f3 0f 10 0d e8 5a 84 00    - movss xmm1,[00845ae8]
0044D985 - d9 44 24 14                - fld dword ptr [esp+14]
0044D989 - f3 0f 10 05 94 5c 84 00    - movss xmm0,[00845c94] // wallclimb addr
0044D991 - dc 0d 60 5a 84 00          - fmul qword ptr [00845a60]
0044D997 - f3 0f 11 4c 24 0c          - movss [esp+0c],xmm1
0044D99D - d9 44 24 0c                - fld dword ptr [esp+0c]
0044D9A1 - db f1                      - fcomi st(0),st(1)[/COLOR]
Now lets take a look at these instructions. Some of them contain static addreses ... like our mc addr. Other instructions contain offsets like +14 or +0C. If the binary gets updated static addreses will probably change and offsets will not. Ofc offsets can change too ... but its unlikely ... maybe on major updates.

Code:
[COLOR="SeaGreen"]0044D97B - eb 08                      - jmp 0044d985 // will change
0044D97D - f3 0f 10 0d e8 5a 84 00    - movss xmm1,[00845ae8] // will change
0044D985 - d9 44 24 14                - fld dword ptr [esp+14] // will not change
0044D989 - f3 0f 10 05 94 5c 84 00    - movss xmm0,[00845c94] // wallclimbaddr, will change
0044D991 - dc 0d 60 5a 84 00          - fmul qword ptr [00845a60] // will change
0044D997 - f3 0f 11 4c 24 0c          - movss [esp+0c],xmm1 // will not change
0044D99D - d9 44 24 0c                - fld dword ptr [esp+0c] // will not change
0044D9A1 - db f1                      - fcomi st(0),st(1) // will not change[/COLOR]
So how can this be usefull? You could create a searchpattern and scan the process for it:
Code:
[COLOR="SeaGreen"]EB,08,??,??,??,??,??,??,??,??,D9,44,24,14,??,??,??,??,??,??,??,??,
??,??,??,??,??,??,f3,0f,11,4c,24,0c,d9,44,24,0c,db,f1[/COLOR]
To bad CE does not have a patternscaner :( ... but it can scan for an array of bytes! Open the memory viewer -> search -> Find Memory -> select array!
Search for: f30f114c240cd944240cdbf1
A good idea would be to start the search at some similar addr. of the old binary to avoid wrong results. So start the search at 44D000. Now press OK.

For the 1844build CE pops up at 44DE47 in the lower part of the window. Now in the upper part of the window go to 44DE47 and scroll up. You should see the mc addr. in the instruction (You may have to disable View->symbols):
0044DE39 - movss xmm0,[0084b464]

If you want to update your offsets as fast as possible - write your own patternscanner or search the net for a good one ... I will not share my scanner. Guess it would be a good idea to post a patternscaner here ... but I'm to lazy to search now ...
07/01/2009 14:55 R4Yx#6
also bei mir is 84b464 = -1,irgendwas
iwas mch ich wohl falsch O.o
07/01/2009 16:13 run32.dll#7
Well Nachtwesen2 asked how to keep track of the wallclimb addr. if there is an update. (A damn good question btw!)

Today the patch changed the version from V2.0.9.1844 to build 1845. Guess what happens if RoM gets patched ... yes! the wallclimb addr. will change! Bad bad Frogster!

the stupid method / brain-afk compatible*:
Take the wallclimb addr. from the last Version and search near this addr ... if your are lucky you will find a float 4.000 not far away.

like this:
Code:
[COLOR="SeaGreen"]0084b45C ... crap
0084b460 ... crap
0084b464 ... old wallclimb addr. ... crap
0084b468 ... crap
0084b46C ... omg a 4.0 float value![/COLOR]
*may not work with major patches
07/01/2009 16:22 R4Yx#8
yeah this one is working for me.
i didn't looked at the asm yet. shame on me -.-
07/01/2009 18:16 Jame#9
Wie geht den Speedhacking mit CE? Dass mit dem Wallclimb krieg ich hin ja, aber das mit Speedhack ned kann mir da wer helfen?
07/02/2009 16:47 Nachtwesen2#10
Ich bekomme es nicht hin. Da Frogster es für nötig hält nun täglich Updates aufzuspielen und die Spieler als Betatester weiterhin zu missbrauchen hat sich der Wallclimb Addr. schon wieder geändert.

Kennt sie jemand? Ich wäre sehr dankbar. Habe auch in der Gegend der alten gesucht, aber leider nirgenwo 4.0 gefunden :((((

DANKE!
07/02/2009 17:22 pabsto#11
Hab mal bisschen rumprobiert hab sie aber nicht gefunden ;D
07/02/2009 17:25 Nachtwesen2#12
Eben, ich habs ja auch selbst probiert. In reichweite +/-20 nix gefunden :(( HELP!
07/02/2009 22:00 rawrgodzilla#13
Think the new address is 84B3E8
07/02/2009 22:34 Nachtwesen2#14
THX!!! Don´t know how found out by myself :(
07/03/2009 13:04 Jame#15
Quote:
Originally Posted by rawrgodzilla View Post
Think the new address is 84B3E8
Hmm funzt bei mir nicht, aber ich denke, ich mache etwas falsch hehe. Ich drücke auf "Add address manually" und dann gib ich bei address 84B3E8 ein und beschreibung "Wallclimb". Dann froze ich das aber dann funktioniert es nicht :( kann mir da wer helfen?
Page 1 of 4 1 23 Last »