Researching and Documentations on SkillIDs and ClassIDs

03/29/2016 18:45 [P2933]Step29#1

Seems like we still need a lot of work figuring this game out.

Skill IDs:

Class IDs:

I posted this in hopes for anyone here to cooperate and provide or share your findings, this is my research so far, please correct me if I said something wrong.

03/31/2016 04:11 rpm23#2

Hook the mouse-over tooltip in the UI, and then you can go into your skill-points menu, and hover over the skill you want to get the ID from. Thats how i did it.

03/31/2016 09:54 cabal3#3

Quote:

Originally Posted by [P2933]Step29

Seems like we still need a lot of work figuring this game out.

Skill IDs:

Spoiler

Your Skill IDs can be found by xml.dat/skill3_contextscriptdata_[class].xml
However, the problem with this is it will only show the value of the ID, the file itself make sense but
because there is no comments or no other file that shows what defines the Skill ID, you would still, assuming you know your class, have to figure it out yourself.

So for example, lets open Summoner.

<result cmd-key-double-left="65011" cmd-key-double-right="65012" cmd-key-down="26125" context-1="26101" context-2="26107" control-mode="bns" skillbar-1="26105" skillbar-2="26106" skillbar-3="26111" skillbar-4="26112" skillbar-5="26314" skillbar-6="26304" stance="26100"/>

65011 and 65012 is those unreleased Evade Left/Evade Right
26101 is Rosethron
26107 is RumbleBees or Sunflower

26105 is Grasping Roots
26106 is Trone Strike
26111 is Petal Storm
26112 is Seed Shrod
26314 is Huzzah
26304 is True Friend
26100 ??? (Doom n Bloom?)

But again ^ This is all assuming based on the class I've been playing. I don't know if my Skill IDs are correct, because there is no Documentations that defines the Skill IDs, nor have I found a Skill Handler in the client's code.
If anyone has documentations or would like to test something out it would be gladly appreciated.

Class IDs:

Spoiler

Hook up a Tracer and go target/attack a monster, look at the 8-byte pointer.
8A 86 7C 07 00 00 3C 0A 75 3C @ Client.exe
mov al,[esi+0000077C]

00= ???
01= ???
02= ???
03= ???
04= ???
05= ???
06= ???
07= ???
08= ???
09= ???
0A= Summoner
0B= Warlock
0C= ??
0D= ??
0E= ??
0F= ??

I posted this in hopes for anyone here to cooperate and provide or share your findings, this is my research so far, please correct me if I said something wrong.

support for u :
mov ecx,[edi+ecx*8+04]
cmp [ebp+0C],ecx

mov byte ptr [ebx+00003D70],01 support target

Inbox me if need suport

mov [eax],00000001 support ultra low settings

03/31/2016 20:28 orlyowlz#4

Your skill IDs are correct, but there's more information in the data files. Take a look under contents/Local/NCWEST/ENGLISH/data as well. All the information needed to connect any english skill name to its ID is contained in local.dat and the xml.dat you are looking at.

04/01/2016 14:49 israel1423#5

what about money id some one can broke it?

04/02/2016 03:19 Izeliae#6

Quote:

Originally Posted by israel1423

what about money id some one can broke it?

money is skill id DEADBEEF

04/02/2016 08:09 [P2933]Step29#7

Quote:

Originally Posted by rpm23

Hook the mouse-over tooltip in the UI, and then you can go into your skill-points menu, and hover over the skill you want to get the ID from. Thats how i did it.

You are a fucking genius, holy shit!
Now all I need to do is find out how the skills are being executed for me and my cat, and see if my Cat's AI is editible hardcoded...Pretty sure if I hook one of those TSingletons I should be able to find the function easily, Thanks a lot man.

Quote:

Originally Posted by cabal3

support for u :
mov ecx,[edi+ecx*8+04]
cmp [ebp+0C],ecx

mov byte ptr [ebx+00003D70],01 support target

Inbox me if need suport
[Only registered and activated users can see links. Click Here To Register...]

mov [eax],00000001 support ultra low settings

I'm not sure what this is for...
"mov byte ptr [ebx+00003D70],01 " was unfindable anywhere on Client.exe & BSEngine_Shipping.dll
Nor was "mov ecx,[edi+ecx*8+04]". (2 Instances of mov ecx,[edi+ecx*8+04] was found on pathengine.dll

Thank you for providing however.

Quote:

Originally Posted by orlyowlz

Your skill IDs are correct, but there's more information in the data files. Take a look under contents/Local/NCWEST/ENGLISH/data as well. All the information needed to connect any english skill name to its ID is contained in local.dat and the xml.dat you are looking at.

Yeah but the issue is that I can't find a decompiler for local.dat, I've been google searching around but to no avil. Apparently there's an asian version that will only work for asian related files (China's local.dat) but not for the US, at least that's the best to my knowledge.

Quote:

Originally Posted by Izeliae

money is skill id DEADBEEF

I prefer DEADC0DE, dupes items and crashes the server for lulz ecksdee

04/02/2016 10:58 cabal3#8

Quote:

Originally Posted by [P2933]Step29

You are a fucking genius, holy shit!
Now all I need to do is find out how the skills are being executed for me and my cat, and see if my Cat's AI is editible hardcoded...Pretty sure if I hook one of those TSingletons I should be able to find the function easily, Thanks a lot man.

I'm not sure what this is for...
"mov byte ptr [ebx+00003D70],01 " was unfindable anywhere on Client.exe & BSEngine_Shipping.dll
Nor was "mov ecx,[edi+ecx*8+04]". (2 Instances of mov ecx,[edi+ecx*8+04] was found on pathengine.dll

Thank you for providing however.

Yeah but the issue is that I can't find a decompiler for local.dat, I've been google searching around but to no avil. Apparently there's an asian version that will only work for asian related files (China's local.dat) but not for the US, at least that's the best to my knowledge.

I prefer DEADC0DE, dupes items and crashes the server for lulz ecksdee

mov byte ptr [ebx+00003D70],01
Client.exe+252FC3 (vesion old)

04/05/2016 03:24 orlyowlz#9

Quote:

Originally Posted by [P2933]Step29

Yeah but the issue is that I can't find a decompiler for local.dat, I've been google searching around but to no avil. Apparently there's an asian version that will only work for asian related files (China's local.dat) but not for the US, at least that's the best to my knowledge.

[Only registered and activated users can see links. Click Here To Register...]

This tool works for me.

04/05/2016 17:19 [P2933]Step29#10

Quote:

Originally Posted by orlyowlz

[Only registered and activated users can see links. Click Here To Register...]

This tool works for me.

That only works for xml.dat, config.dat, and datafile.bin, I don't think it works for local.dat.

04/05/2016 18:53 ApocDev#11

You can pull all the IDs + names from the client itself. Just use their data table stuff.

Code:

#pragma pack(push, 4)
struct Skill3Record // skill3 [CF4E2C] - Fields: 54
{
	char _pad0[0x8];
	int Id; // EA: CF13E8 Offset: 8 - Type: 3 [Size: 4] Length: 1 
	BYTE VariationId; // EA: CF1428 Offset: C - Type: 1 [Size: 1] Length: 1 
	char _padD[0x3];
	wchar_t* Alias; // EA: CF1468 Offset: 10 - Type: 7 [Size: 4] Length: 1 
	wchar_t* Name; // EA: CF14A8 Offset: 14 - Type: 7 [Size: 4] Length: 1 
	TextId Name2; // EA: CF14E8 Offset: 18 - Type: 10 [Size: 8] Length: 1 
	char /* localized enum */ UiStance[0x3]; // EA: CF1528 Offset: 20 - Type: 23 [Size: 1] Length: 3 EnumListing EA: F5A5C8
	char _pad23[0x1];
	WORD /*enum*/ ShortCutKey; // EA: CF1568 Offset: 24 - Type: 9 [Size: 2] Length: 1 EnumListing EA: D8D248
	WORD /*enum*/ ShortCutKeyClassic; // EA: CF15A8 Offset: 26 - Type: 9 [Size: 2] Length: 1 EnumListing EA: D8D248
	char /*enum*/ UiCategory; // EA: CF15E8 Offset: 28 - Type: 8 [Size: 1] Length: 1 EnumListing EA: 0
	char UiIsShowContextCombo; // EA: CF1628 Offset: 29 - Type: 6 [Size: 1] Length: 1 BOOLEAN
	char UiIsShowContextKeyChange; // EA: CF1668 Offset: 2A - Type: 6 [Size: 1] Length: 1 BOOLEAN
	char UiIsShowContextImmuneBreak; // EA: CF16A8 Offset: 2B - Type: 6 [Size: 1] Length: 1 BOOLEAN
	char UseDuelObserverHistory; // EA: CF16E8 Offset: 2C - Type: 6 [Size: 1] Length: 1 BOOLEAN
	char /*enum*/ Systematization[0x8]; // EA: CF1728 Offset: 2D - Type: 8 [Size: 1] Length: 8 EnumListing EA: D8D248
	char InvokeFxMsg; // EA: CF1768 Offset: 35 - Type: 6 [Size: 1] Length: 1 BOOLEAN
	char _pad36[0x2];
	wchar_t* CastDecalComponent; // EA: CF17A8 Offset: 38 - Type: 7 [Size: 4] Length: 1 
	wchar_t* DecalComponent; // EA: CF17E8 Offset: 3C - Type: 7 [Size: 4] Length: 1 
	wchar_t* DecalOutOfRangeComponent; // EA: CF1828 Offset: 40 - Type: 7 [Size: 4] Length: 1 
	char StopExecShow; // EA: CF1868 Offset: 44 - Type: 6 [Size: 1] Length: 1 BOOLEAN
	char WeaponProperty; // EA: CF18A8 Offset: 45 - Type: 6 [Size: 1] Length: 1 BOOLEAN
	char AutoCasting; // EA: CF18E8 Offset: 46 - Type: 6 [Size: 1] Length: 1 BOOLEAN
	char _pad47[0x1];
	TextId IconTexture; // EA: CF1928 Offset: 48 - Type: 10 [Size: 8] Length: 1 
	WORD IconIndex; // EA: CF1968 Offset: 50 - Type: 2 [Size: 2] Length: 1 
	char _pad52[0x2];
	char Icon[0xC]; // EA: CF19A8 Offset: 54 - Type: 28 [Size: C] Length: 1 
	TextId MainInfo1; // EA: CF19E8 Offset: 60 - Type: 10 [Size: 8] Length: 1 
	TextId MainInfo2; // EA: CF1A28 Offset: 68 - Type: 10 [Size: 8] Length: 1 
	TextId SubInfo; // EA: CF1A68 Offset: 70 - Type: 10 [Size: 8] Length: 1 
	TextId MainInfo1Diff; // EA: CF1AA8 Offset: 78 - Type: 10 [Size: 8] Length: 1 
	TextId MainInfo2Diff; // EA: CF1AE8 Offset: 80 - Type: 10 [Size: 8] Length: 1 
	TextId SubInfoDiff; // EA: CF1B28 Offset: 88 - Type: 10 [Size: 8] Length: 1 
	TextId MainTooltip1[0x5]; // EA: CF1B68 Offset: 90 - Type: 10 [Size: 8] Length: 5 
	TextId MainTooltip2[0x5]; // EA: CF1BA8 Offset: B8 - Type: 10 [Size: 8] Length: 5 
	TextId SubTooltip[0xA]; // EA: CF1BE8 Offset: E0 - Type: 10 [Size: 8] Length: 10 
	TextId StanceTooltip[0x5]; // EA: CF1C28 Offset: 130 - Type: 10 [Size: 8] Length: 5 
	TextId ConditionTooltip[0x5]; // EA: CF1C68 Offset: 158 - Type: 10 [Size: 8] Length: 5 
	TextId UiCombo; // EA: CF1CA8 Offset: 180 - Type: 10 [Size: 8] Length: 1 
	char ModifyCombatPose; // EA: CF1CE8 Offset: 188 - Type: 6 [Size: 1] Length: 1 BOOLEAN
	char ShowCastBar; // EA: CF1D28 Offset: 189 - Type: 6 [Size: 1] Length: 1 BOOLEAN
	char ShowExecBar; // EA: CF1D68 Offset: 18A - Type: 6 [Size: 1] Length: 1 BOOLEAN
	char ShowRepeatBar; // EA: CF1DA8 Offset: 18B - Type: 6 [Size: 1] Length: 1 BOOLEAN
	int SkillAttackPowerMin; // EA: CF1DE8 Offset: 18C - Type: 3 [Size: 4] Length: 1 
	int SkillAttackPowerMax; // EA: CF1E28 Offset: 190 - Type: 3 [Size: 4] Length: 1 
	int SkillAttackSubPowerMin; // EA: CF1E68 Offset: 194 - Type: 3 [Size: 4] Length: 1 
	int SkillAttackSubPowerMax; // EA: CF1EA8 Offset: 198 - Type: 3 [Size: 4] Length: 1 
	char IgnoreParentTooltip; // EA: CF1EE8 Offset: 19C - Type: 6 [Size: 1] Length: 1 BOOLEAN
	char _pad19D[0x3];
	TextId Quest; // EA: CF1F28 Offset: 1A0 - Type: 10 [Size: 8] Length: 1 
	BYTE Mission; // EA: CF1F68 Offset: 1A8 - Type: 1 [Size: 1] Length: 1 
	BYTE Caseindex; // EA: CF1FA8 Offset: 1A9 - Type: 1 [Size: 1] Length: 1 
	BYTE Forwardingtype; // EA: CF1FE8 Offset: 1AA - Type: 1 [Size: 1] Length: 1 
	char DieKnockback; // EA: CF2028 Offset: 1AB - Type: 6 [Size: 1] Length: 1 BOOLEAN
	char CastLastAnimPause; // EA: CF2068 Offset: 1AC - Type: 6 [Size: 1] Length: 1 BOOLEAN
	char FilterGroup1; // EA: CF20A8 Offset: 1AD - Type: 6 [Size: 1] Length: 1 BOOLEAN
	char FilterGroup2; // EA: CF20E8 Offset: 1AE - Type: 6 [Size: 1] Length: 1 BOOLEAN
	char FilterGroup3; // EA: CF2128 Offset: 1AF - Type: 6 [Size: 1] Length: 1 BOOLEAN
};
#pragma pack(pop)

That record is a bit old, and incomplete (There's actually an extra 500ish fields within sub-elements that aren't shown there)

04/06/2016 01:03 orlyowlz#12

Quote:

Originally Posted by [P2933]Step29

That only works for xml.dat, config.dat, and datafile.bin, I don't think it works for local.dat.

I've been using it on local.dat and the localfile.bin and it works fine for me.

04/12/2016 04:23 ApocDev#13

Just as another aside post since I'm dumping some of the info already.

Here's a quick dump of the data that's loaded in my current client instance (things are demand-loaded, so not everything is here)

[Only registered and activated users can see links. Click Here To Register...]