[CODE]Ingame Functions( POST YOUR FINDINGS HERE )

Page 1 of 15 1 2311 Last »
02/14/2014 15:18 ntKid#1
Hi guys, here is how to send a Skill using SkillId ( not using a keyboard press )

Code:
//Retrieves the skill ID from the actual slotbar
ULONG myGetSkillIdFromSlotBar( ULONG lpSlot, ULONG lpBase = 0x0179D9B0 )
{
	ULONG dwDelta = ( lpSlot - 1 ) * 4, dwRes = NULL;

	__asm
	{
		mov eax, lpBase;
		mov eax, [ eax ];
		mov edi, dwDelta;
		mov eax, [ eax + 0x00000004 ];
		mov eax, [ eax + 0x0000000C ];
		mov eax, [ eax + 0x00000604 ];
		mov eax, [ eax + 0x00000004 ];
		mov eax, [ eax + edi ];
		mov dwRes, eax;
	}
	return dwRes;
}

//Send skill by Id
VOID mySendSkillID( ULONG lpSkillId, ULONG lpBase = 0x0179D87C, ULONG lpFunction = 0x006F1DA0 )
{
	__asm
	{
		mov edi, lpBase;
		mov edi, [ edi ];
		mov edi, [ edi + 0x000000A0 ];
		mov edi, [ edi + 0x00000010 ];
		mov eax, 0x00000000;
		mov esi, lpSkillId;
		push eax;
		push eax;
		mov eax, [ esi + 0x00000008 ];
		shr eax, 0x0C;
		and eax, 0x0000FFFF;
		push eax;
		mov ecx, edi;
		call lpFunction;
	}
}

//here is an example for sending the skill that is on your number 1 key using game engine.
mySendSkillID( myGetSkillIdFromSlotBar( 1 ) );
Here is how you can query your current target agro information, can be tweaked to index the treasures drops or index the nearest monster on your Field of Vision. ( Usefull to stop using the tab key aswell just need to get select target function )
Code:
ULONG myGetMonsterTargetbyID( ULONG lpMonsterId, ULONG lpBase = 0x0179D9D8 )
{
	ULONG dwTargetId = NULL;

	__asm
	{
		mov ecx, lpBase;
		mov ecx, [ ecx ];
		mov esi, ecx;
Search:
		mov eax, [ esi + 0x00000008 ];
		mov ebx, [ eax + 0x00000178 ];
		cmp ebx, lpMonsterId;
		je FoundId;
		mov esi, [ esi ];
		cmp esi, ecx;
		je Finnished;
		jmp Search;
FoundId:
		mov ebx, [ eax + 0x00000170 ];
		mov dwTargetId, ebx;
Finnished:
		;
	}

	return dwTargetId;
}
Here is an example of selecting the nearest target using the game engine
Code:
VOID mySelectNearestTarget( ULONG lpBase = 0x00F38224, ULONG lpFunction = 0x0068DB50 )
{
	__asm
	{
		mov esi, lpBase;
		mov esi, [ esi ];
		push 0x00000001;
		mov ecx, esi;
		call lpFunction;
	}
}

//most basic multiclient bot example.
mySelectNearestTarget( );
mySendSkillID( myGetSkillIdFromSlotBar( 1 ) );
Camera View Distance
Code:
/*
Sometimes the monsters are in your field of vision but they are so far away 
that you cannot tab it for selection just change the maximum view distance.
Dont forget to VirtualProtect it to PAGE_EXECUTE_READWRITE 
before writting, or just use cheat engine on address 
00E07C78 ( FLOAT ) and set it to ur needs.
*/
*( PFLOAT )0x00E07C78 = 3600;
Based on Thr!ce research this ( linked list ) will index the items on your inventory you can get the SlotBase structure [Only registered and activated users can see links. Click Here To Register...] ( thx Thr!ce )
Code:
ULONG dwSlotArray = *( PULONG )( *( PULONG )( *( PULONG )( ( *( PULONG )0x0179D920 ) + 0x00000214 ) + 0x000000F0 ) + 0x00000038 ) + 0x00000010;

while( dwSlotArray )
{
	PULONG dwSlotBase = *( PULONG )( dwSlotArray + 0x0000000C );
	
//dwSlotBase = EAX from GetInventoryBase ( Thr!ce ) - CODE GOES HERE


	dwSlotArray = *( PULONG )dwSlotArray;//next slot

}
Walk to Position( X, Y )
Code:
//This will allow you to move to a specific position, usefull for melee classes return back to spot
when botting.
INT MoveToPosition( FLOAT lpX, FLOAT lpY, ULONG lpFunction = 0x00885CB0 )
{
	ULONG dwRes = NULL;

	__asm
	{
		mov eax, lpFunction;
		call eax;
		cmp eax, dwRes;
		je Finnish;
		mov ecx, eax;
		mov eax, [ eax ];
		mov eax, [ eax + 0x00000014 ];
		push lpY;
		push lpX;
		call eax;
		mov dwRes, eax;
Finnish:
		;
	}

	return dwRes;
}
//usage
MoveToPosition( 800, 500 );//will make your character walk to position 800,500 of current map
Warp to position
Code:
/*
This is usefull to warp directly into bosses on dungeons, by clicking the boss name on the
quest list.
006E1E63 ( BYTE ) and set it to 0xD8 = On, 0xD9 = Off
*/
*( PBYTE )0x006E1E63 = 0xD8;// D8 On/ D9 Off
[Only registered and activated users can see links. Click Here To Register...] a simple LUA editable bot and source code example using Thr!ce AFKLoader and these functions.

If this is usefull for you please credit me and press thanks button( this will keep me happy enough to make some of my research public in the future )

Here is some suggestions to have a look at:

-[Only registered and activated users can see links. Click Here To Register...]

-[Only registered and activated users can see links. Click Here To Register...]

-[Only registered and activated users can see links. Click Here To Register...]

-[Only registered and activated users can see links. Click Here To Register...]

-[Only registered and activated users can see links. Click Here To Register...]



-[Only registered and activated users can see links. Click Here To Register...]

CODE SHARES:
-[Only registered and activated users can see links. Click Here To Register...]

-[Only registered and activated users can see links. Click Here To Register...]

-[Only registered and activated users can see links. Click Here To Register...]

-[Only registered and activated users can see links. Click Here To Register...]

-[Only registered and activated users can see links. Click Here To Register...]

-[Only registered and activated users can see links. Click Here To Register...]

-[Only registered and activated users can see links. Click Here To Register...]

-[Only registered and activated users can see links. Click Here To Register...]

-[Only registered and activated users can see links. Click Here To Register...]

-[Only registered and activated users can see links. Click Here To Register...]

-[Only registered and activated users can see links. Click Here To Register...]

You are welcome to post your findings on this thread aswell.
02/14/2014 15:38 AlainProvist#2
Thanks for sharing ;).

I know this is supposed to be the basics but how did you find your lpBase ? On which client version are you using this ?
02/14/2014 15:44 ntKid#3
Quote:
Originally Posted by AlainProvist View Post
Thanks for sharing ;).

I know this is supposed to be the basics but how did you find your lpBase ? On which client version are you using this ?
Thanks for feedback Alain this is working with the current client ( Katar Update ), i just searched for the shortest pointer i could find and rescanned it ( closing and starting the game several times ) since it was returning valid values for every session i just assumed these are correct and are not DMA.
02/14/2014 16:44 TheStupidDog#4
Great work ntKid :) Hopefully more bots will surface soon. Personally, I'm only looking for a way to just spam keys without doing anything else (basically to speed up AFK farming a little). Appreciate you sharing your findings bud :) Thanks pressed!
02/14/2014 16:47 lensur13#5
What programming language? STEP TO USE THAT?
02/14/2014 18:38 TheStupidDog#6
No offense, but if you can't tell what language that is I doubt you'll be able to use it ;) But to answer your question it's assembler I believe.
02/14/2014 19:14 errorlog2#7
what tools do you use?
02/14/2014 19:48 Thr!ce#8
Nice find, bye bye VM :D.
02/14/2014 20:11 Omdi#9
Why not using packets :O?
02/14/2014 21:20 Shane¸#10
Quote:
Originally Posted by Omdihar View Post
Why not using packets :O?
the client has some weird encryption thus it's easier for now
02/14/2014 21:21 pureleech#11
are you guys gonna make a bot for this game or just using those code for personal use?
02/14/2014 21:33 Shane¸#12
Quote:
Originally Posted by pureleech View Post
are you guys gonna make a bot for this game or just using those code for personal use?
you're pretty impatient
02/14/2014 22:27 Omdi#13
Quote:
Originally Posted by Shane¸ View Post
the client has some weird encryption thus it's easier for now
I'll have a look at the encryption later, gonna release something like a packet sniffer then ;)

Quote:
Originally Posted by pureleech View Post
are you guys gonna make a bot for this game or just using those code for personal use?
After my current projects are finished, I'll try my best to create a clientless bot :)
02/14/2014 22:34 Oriya9#14
Quote:
Originally Posted by Omdihar View Post
I'll have a look at the encryption later, gonna release something like a packet sniffer then ;)
That'd be a game-changing event. would damn love to see the encryption algorithm released.
will you also release the source of such packet sniffer?
02/14/2014 23:02 Omdi#15
Quote:
Originally Posted by Oriya9 View Post
That'd be a game-changing event. would damn love to see the encryption algorithm released.
will you also release the source of such packet sniffer?
Sure if you want :o
Page 1 of 15 1 2311 Last »