Get list of mobs around player for waithack!

02/26/2021 09:04 Localguest#1
Hello epvpers i want to know how to get the mob list around player in order to sendattackpacket them.
Code:
void SendAttackPacket(const uint8_t mode, const uint32_t vid)
		{
			
			
				typedef bool(__thiscall* tSendAttackPacket)(int, const uint8_t, const uint32_t);
				const auto fSendAttackPacket = reinterpret_cast<tSendAttackPacket>(SendBattle);

				if (fSendAttackPacket)
					fSendAttackPacket(*reinterpret_cast<uintptr_t*>(NetPointer), mode, vid);
			
		}
that's the sendattackpacket function
02/26/2021 10:22 MrCrisp#2
As far as I remember, there is a vector or a map class-member of entities. If you found the memory address of this member, you are basically done.
02/26/2021 10:26 Localguest#3
Quote:
Originally Posted by MrCrisp View Post
As far as I remember, there is a vector or a map class-member of entities. If you found the memory address of this member, you are basically done.
TCharacterInstanceMap m_kAliveInstMap this one maybe?

and if i find the address i replace the targetvid with this?
02/26/2021 10:39 MrCrisp#4
Yes, this looks like the right one. But it not only contains monsters I believe.
The basic idea you would follow is to iterate over the map and only apply the SendAttackPacket to the instances that are of type monster. Keep in mind that you also might have to teleport yourself to the monster first, send the packet, and teleport back, since the server checks the attack range.
02/26/2021 17:37 ones-and-zer0es.mpeg#5
Quote:
Originally Posted by Localguest View Post
TCharacterInstanceMap m_kAliveInstMap this one maybe?

and if i find the address i replace the targetvid with this?
no, its a map of DWORD, void* where void* ist actually a CInstanceBase if you have the source. You have to iterate over ever element in the map, get the dword and pass it to sendattackpacket. additionally, dont forget that you need to send the state packet if you want to attack mobs further away. you can use the CInstanceBase* to get the position of the monster, get the mob type (npc, player, mob, ..), isAlive and so on
02/26/2021 17:59 MrCrisp#6
Quote:
Originally Posted by ones-and-zer0es.mpeg View Post
no, its a map of DWORD, void* where void* ist actually a CInstanceBase if you have the source. You have to iterate over ever element in the map, get the dword and pass it to sendattackpacket. additionally, dont forget that you need to send the state packet if you want to attack mobs further away. you can use the CInstanceBase* to get the position of the monster, get the mob type (npc, player, mob, ..), isAlive and so on
That's the whole guide, described perfectly! :)
02/26/2021 18:08 martinx1#7
There are 3 ways of doing (as far as i know):
1 - Like said before, get the adrress of TCharacterInstanceMap m_kAliveInstMap which is a map of CINstanceBase and then get the offset of the position, keep in mind, you either need to code a map iterator that will handle the version of std::map used in the binary or pray for your compiler std::map to be compatible with the binary one.

2- Hook recive function, find the packet that recive each character and save the positions alongside their vids, keep in mind to use this, you also need convert global positions to local positions.

3- Hook Recive function, find the packet that recive each character and save only the vids, find the address of a function that given a vid returns the position (You can use the C equivalent to GetPixelPosition) and you will be left with a list of vids.


In my opinion, the 3rd option is the best, you don't have to deal with compiler diferences or reverse/code a map iterator.
02/26/2021 18:09 Localguest#8
Quote:
Originally Posted by ones-and-zer0es.mpeg View Post
no, its a map of DWORD, void* where void* ist actually a CInstanceBase if you have the source. You have to iterate over ever element in the map, get the dword and pass it to sendattackpacket. additionally, dont forget that you need to send the state packet if you want to attack mobs further away. you can use the CInstanceBase* to get the position of the monster, get the mob type (npc, player, mob, ..), isAlive and so on
Sorry, i am dumb af and can't properly understand what i need to do, what CInstanceBase i need because i saw like 4 - 5 and when i find the right one i pass it in the function and it will work right?
02/26/2021 18:38 MrCrisp#9
Quote:
Originally Posted by Localguest View Post
Sorry, i am dumb af and can't properly understand what i need to do, what CInstanceBase i need because i saw like 4 - 5 and when i find the right one i pass it in the function and it will work right?
Maybe you should first start with some basics? It doesn't seem like you have enough knowledge to code that. He already explained it well enough.
02/26/2021 18:46 Localguest#10
i only asked how to get the function not rocket science this
Quote:
Originally Posted by MrCrisp View Post
Maybe you should first start with some basics? It doesn't seem like you have enough knowledge to code that. He already explained it well enough.
doesnt help at all
02/26/2021 21:38 MrCrisp#11
Quote:
Originally Posted by Localguest View Post
i only asked how to get the function not rocket science this
doesnt help at all
But if you don't understand what one's-and-zeroes explained, you lack some knowledge. Therefore, you should start with simple things. I doubt that you know how to retrieve all elements in that map without knowing how to access that member at all.
Programming isn't about smashing code and not knowing what the code does and hope for it to work. In particular in reverse engineering (that's not even the case anymore since the source code got leaked a while now. One can just look everything up) you need to know how to access member variables, call or hook functions, know the correct calling conventions etc.
I read some questions here on the forums about how to get either the VIDs, or on how to send attack packets and so on. They all just don't know what they are doing and hope that someone gives them a code snippet. Learning how a program works and what is going under the hood would dismiss all the questions asked here on the forum. But people just want it the easy way.