Nostale function address for attackwalk

Page 1 of 2 1 2
06/08/2024 13:30 Sehac#1
I tried finding the adress of the function that walks to a monster given its monsterId and attacks it (similar to spamming the space button)

I used cheat engine but i didnt manage to find it (tried to see which function is executed with code filter tool but this gives me an abstract error on nostale)

like attackmonster(uint32 monster_id)
{
... asm stuff{

}
}

i dont know how to find it
I wanna inject it to farm automatically in c/c++ using dll injection



My first idea was to just make a script thats spams space bar but i wanna be able to use the pc normally as well so ... yeah

I tried with packet logger way, with u_s or something but i got banned so i guess i preferred the function way
my first idea what to space space bar but with multiple client it's
06/08/2024 15:59 Panda~#2
take a look here: [Only registered and activated users can see links. Click Here To Register...]
06/08/2024 18:27 Sehac#3
Hey Panda, ty for your answer
i'm already using this one ! the walk function works fine but

AttackRun doesn't work i get crashed when i call it (i get monster ids from packet logger and called this one)

...some code
AttackRun(closestMonsterId) crashes for me
but Walking to a monster like that works for me :

uint pos = monsters[closestMonsterId].y * 65536 + monsters[closestMonsterId].x;
MoveTo(pos);

so i think the address changed, i've seen from the thread that it's not updated, or i have a mistake in my code ?
06/09/2024 10:47 JONNST4R#4
Hey,

if I remember correctly, you find the correct function via TSceneManager. And you have to pass UnitManager, SkillAddress and MonsterAddress pointer or address. It looks like you miss the first two.

wojtas99 called UnitManager [lpvAttackThis] in his AttackMonster function.

Keep in mind, you need another function to run to enemy to use skill and another to select enemy. You find them boot via TSceneManager - like almost any other function you need.

Yes, there is a function you run and attack, but you can only use the default attack skill with it.

There is a NostaleSDK from at0mos somewhere in this Forum, the TSceneManager Pattern from there should work.
06/09/2024 16:16 Sehac#5
Quote:
Originally Posted by JONNST4R View Post
Hey,

if I remember correctly, you find the correct function via TSceneManager. And you have to pass UnitManager, SkillAddress and MonsterAddress pointer or address. It looks like you miss the first two.

wojtas99 called UnitManager [lpvAttackThis] in his AttackMonster function.

Keep in mind, you need another function to run to enemy to use skill and another to select enemy. You find them boot via TSceneManager - like almost any other function you need.

Yes, there is a function you run and attack, but you can only use the default attack skill with it.

There is a NostaleSDK from at0mos somewhere in this Forum, the TSceneManager Pattern from there should work.

Hey ty for your answer

i found it
[Only registered and activated users can see links. Click Here To Register...]

but looks outdated, i saw the TScenemanager but i didnt find anything like a Unitmanager maybe it was on his forum that is discontinued ?

also i dont know how to use his sdk, the .rar there looks outdated too ? i'm not sure
06/09/2024 16:42 JONNST4R#6
Yes, a lot changed over time, but the overall game structure is the same. Somewhere you find the Pattern: (...."8B15????????8B123B4230??????C3", 0x02,....)

You have to scan for "8B15????????8B123B4230??????C3" and add 2 bytes to the found address. If I remember correctly, you have to uncheck the Writable checkbox in Cheat Engine to find the pattern.

Pattern scan in Cheat Engine:

Add this new address to Memory dissect and you should see TSceneManager somewhere.

I'm sorry I can't show you - the Cheat Engine installation is not working on Windows 11 it seems.
06/10/2024 23:54 Sehac#7
Quote:
Originally Posted by JONNST4R View Post
Yes, a lot changed over time, but the overall game structure is the same. Somewhere you find the Pattern: (...."8B15????????8B123B4230??????C3", 0x02,....)

You have to scan for "8B15????????8B123B4230??????C3" and add 2 bytes to the found address. If I remember correctly, you have to uncheck the Writable checkbox in Cheat Engine to find the pattern.

Pattern scan in Cheat Engine: [Only registered and activated users can see links. Click Here To Register...]

Add this new address to Memory dissect and you should see TSceneManager somewhere.

I'm sorry I can't show you - the Cheat Engine installation is not working on Windows 11 it seems.

So i tried again i was mistaken for using wojtas function i was using the id from ncif packet but actually it needed the monster base adress (tmapobject)

even with that in mind i gave an hardcoded monster address (yes it was good i could print the monsters x,y and id from c++)

but calling the attack run not working still

i tried finding in cheat engine the function did some _asm function by putting the same hard coded edx eax etc... nothing worked


i tried your pattern scanning got an adress, added +2 and disscet
i got a struct like :
byte
byte
pointer
Pointer

but ive no idea what to do with that and if it's even right :kappa:
also i dont know where you got the pattern that it's the scene manager
and i dont even know if the scene manager has a function to attackrun a monster ??

Kinda noob and lost ahah
06/11/2024 01:31 JONNST4R#8
Quote:
Originally Posted by Sehac View Post
So i tried again i was mistaken for using wojtas function i was using the id from ncif packet but actually it needed the monster base adress (tmapobject)

even with that in mind i gave an hardcoded monster address (yes it was good i could print the monsters x,y and id from c++)

but calling the attack run not working still

i tried finding in cheat engine the function did some _asm function by putting the same hard coded edx eax etc... nothing worked


i tried your pattern scanning got an adress, added +2 and disscet
i got a struct like :
byte
byte
pointer
Pointer

but ive no idea what to do with that and if it's even right :kappa:
also i dont know where you got the pattern that it's the scene manager
and i dont even know if the scene manager has a function to attackrun a monster ??

Kinda noob and lost ahah
Hey, I managed to install Cheat Engine I remembered some steps wrong obviously.

1. Scan for the Pattern make sure Writeable is unchecked.

2. Add the 2 Bytes to the found Address.

3. Change address to Pointer - I missed this step before sorry

4. Add the Address from there. Its the pointer Value or the Address the pointer points to. And click on OK.

5. Then open some under windows and you see this.
Then close the under window and you should understand what i meant with: the overall structure is the same.

6. If u want to find game functions follow this steps:

Click on the red one:

Now click on start and you find aloooooooot. If the game laggs its correct.

Keep in mind, you will crash a lot if u dont understand assembly and how pointer work.

Ty @[Only registered and activated users can see links. Click Here To Register...] for you help :)

And thank you @[Only registered and activated users can see links. Click Here To Register...] for your sdk and Pattern: [Only registered and activated users can see links. Click Here To Register...]
06/11/2024 11:23 Fizo55#9
Quote:
Originally Posted by JONNST4R View Post
Hey, I managed to install Cheat Engine I remembered some steps wrong obviously.

1. Scan for the Pattern make sure Writeable is unchecked.

2. Add the 2 Bytes to the found Address.

3. Change address to Pointer - I missed this step before sorry

4. Add the Address from there. Its the pointer Value or the Address the pointer points to. And click on OK.

5. Then open some under windows and you see this.
Then close the under window and you should understand what i meant with: the overall structure is the same.

6. If u want to find game functions follow this steps:

Click on the red one:

Now click on start and you find aloooooooot. If the game laggs its correct.


Keep in mind, you will crash a lot if u dont understand assembly and how pointer work.

And now you see images, but you don't because epvp said no. Now someone will repost it to get free thanks for my work. I set it to url because else you see nothing i think.

maybe i dont understand how to add image...
Thank you for your work, about the images, use
Code:
[IMG=expandable: 1]url[/IMG]
with your link ending by .png, for instance : [Only registered and activated users can see links. Click Here To Register...] => [Only registered and activated users can see links. Click Here To Register...]

example :

[Only registered and activated users can see links. Click Here To Register...]
06/11/2024 17:20 Sehac#10
Ok i tried again i think i found the function that calls the attack run

Address: NostaleClientX.exe+170464 : call NostaleClientX.exe + 16FEDC

I replaced it with code that does nothing (NOP) and i couldnt attack run anymore in Nostale so i guess it's the right place

[Only registered and activated users can see links. Click Here To Register...]

So i tried with hard coded values for monster address and registers : i got this
thats my c++ code that is injected :

std::vector<int> offsets{0,0};
DWORD m_eax = ReadPointer(0x3631F0, offsets);


HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, GetCurrentProcessId());
HMODULE hModule = GetModuleHandle(NULL);
DWORD nostaleX = (DWORD)hModule;
DWORD function_offset = 0x16FEDC;
DWORD function = nostaleX + function_offset;

DWORD mob_pointer = 0x210736D0;
DWORD m_edi = 0x2101C270;
//17B810


while (!GetAsyncKeyState(VK_F12))
{
std::cout << "TRY CALL FUNCTION ONE TIME" << std::endl;
std::cout << "m_eax = " << m_eax << std::endl;
Sleep(10000);

_asm
{
MOV EDI, m_edi
MOV EBX, 0X0
MOV ECX, 0X001A0000
MOV EDX, 0X0048F238
MOV ESI, mob_pointer
MOV[m_eax + 0x48], ESI
MOV EAX, EDI
call function
}
}

but it didnt attack run to the mob so yeah :kappa:
(i'm new to hacking/asm stuff so i'm probably doing mistakes)
any idea ? :kappa:

[Only registered and activated users can see links. Click Here To Register...] doesnt show because i didn't post enough it seems
i found this thanks to your steps JONNST4R but yeah still dont manage to make it work
06/11/2024 19:06 JONNST4R#11
I dont understand where you get this assembly code from. Its wrong I think.

Ah I see if u put breakpoint on it it calls the function i found. If u click on the right box you see the function i found.

I found this:

You can call it in cheat engine via auto assembler like this:

Quote:
Originally Posted by JONNST4R View Post
I dont understand where you get this assembly code from. Its wrong I think.

Ah I see if u put breakpoint on it it calls the function i found. If u click on the right box you see the function i found.

I found this:

You can call it in cheat engine via auto assembler like this:
This is full working code for cheat engines auto assembler. The pattern from before is wrong because it points to the address where the opcode for call and address is stored. But it has to point to the called address...

I have to use a pointer for PlayerObjManager because the given Pattern from atom0s points to writable memory and aobscanmodule wont work there.

You have to change the MapMonsterObj address to a working one. Its not helpful to make pattern to - for example: first mob on map.

Code:
[ENABLE]

aobscanmodule(function, NostaleClientX.exe, 55 8B EC 51 53 56 57 88 4D FF 8B F2 8B F8)
aobscanmodule(PlayerObjManager, NostaleClientX.exe, 50 49 8F 00 8B 40 20 33 DB 8A 5D 08 83 FB 0E 7F)

alloc(thread,248)
createthread(thread)

thread:
push 01
mov ecx, 001A0000               // (default) Skill
mov edx, 156F13D0               // MapMonsterObj
mov eax, PlayerObjManager
mov eax, [eax]
mov eax, [eax]
call function
ret

[DISABLE]
06/13/2024 02:06 Feuerdrachenzauber#12
Quote:
Originally Posted by Sehac View Post
Ok i tried again i think i found the function that calls the attack run

Address: NostaleClientX.exe+170464 : call NostaleClientX.exe + 16FEDC

I replaced it with code that does nothing (NOP) and i couldnt attack run anymore in Nostale so i guess it's the right place

[Only registered and activated users can see links. Click Here To Register...]

So i tried with hard coded values for monster address and registers : i got this
thats my c++ code that is injected :

std::vector<int> offsets{0,0};
DWORD m_eax = ReadPointer(0x3631F0, offsets);


HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, GetCurrentProcessId());
HMODULE hModule = GetModuleHandle(NULL);
DWORD nostaleX = (DWORD)hModule;
DWORD function_offset = 0x16FEDC;
DWORD function = nostaleX + function_offset;

DWORD mob_pointer = 0x210736D0;
DWORD m_edi = 0x2101C270;
//17B810


while (!GetAsyncKeyState(VK_F12))
{
std::cout << "TRY CALL FUNCTION ONE TIME" << std::endl;
std::cout << "m_eax = " << m_eax << std::endl;
Sleep(10000);

_asm
{
MOV EDI, m_edi
MOV EBX, 0X0
MOV ECX, 0X001A0000
MOV EDX, 0X0048F238
MOV ESI, mob_pointer
MOV[m_eax + 0x48], ESI
MOV EAX, EDI
call function
}
}

but it didnt attack run to the mob so yeah :kappa:
(i'm new to hacking/asm stuff so i'm probably doing mistakes)
any idea ? :kappa:

[Only registered and activated users can see links. Click Here To Register...] doesnt show because i didn't post enough it seems
i found this thanks to your steps JONNST4R but yeah still dont manage to make it work
WTF are you doing? This is a Assembler Code. You cant write a Assembler Script with C++.


Assembler is a own language. Look on Google. You learn it by a informatik study.

Or you can use/write LUA Scripts on Cheat Engine, if you know the language LUA.


But you cant use C++ in a Assemble Code. This must be written in assemble language.
06/13/2024 06:45 JONNST4R#13
Quote:
Originally Posted by Feuerdrachenzauber View Post
WTF are you doing? This is a Assembler Code. You cant write a Assembler Script with C++.


Assembler is a own language. Look on Google. You learn it by a informatik study.

Or you can use/write LUA Scripts on Cheat Engine, if you know the language LUA.


But you cant use C++ in a Assemble Code. This must be written in assemble language.
Hey,
the code is perfect valide C++ code the asm code is just not correct. And you can even use C++ code the other way around if u want.

[Only registered and activated users can see links. Click Here To Register...]
06/13/2024 12:59 Sehac#14
Quote:
Originally Posted by Feuerdrachenzauber View Post
WTF are you doing? This is a Assembler Code. You cant write a Assembler Script with C++.


Assembler is a own language. Look on Google. You learn it by a informatik study.

Or you can use/write LUA Scripts on Cheat Engine, if you know the language LUA.


But you cant use C++ in a Assemble Code. This must be written in assemble language.

Ahahah yeah it's possible to call asm from c++ , you should look on google yourself :p
but the address were hardcoded here just for test, i need to find the right way


It's working now thanks to you JONNST4R, i was actually one function deeper ! TYSM
06/14/2024 03:53 Feuerdrachenzauber#15
Quote:
Originally Posted by Sehac View Post
Ahahah yeah it's possible to call asm from c++ , you should look on google yourself :p
but the address were hardcoded here just for test, i need to find the right way


It's working now thanks to you JONNST4R, i was actually one function deeper ! TYSM
But you cant the use the same commands like "while" or "std::cout" in a AA Script.
Page 1 of 2 1 2