Hi guys, here is how to send a Skill using SkillId ( not using a keyboard press )
Code:
//Retrieves the skill ID from the actual slotbar
ULONG myGetSkillIdFromSlotBar( ULONG lpSlot, ULONG lpBase = 0x0179D9B0 )
{
ULONG dwDelta = ( lpSlot - 1 ) * 4, dwRes = NULL;
__asm
{
mov eax, lpBase;
mov eax, [ eax ];
mov edi, dwDelta;
mov eax, [ eax + 0x00000004 ];
mov eax, [ eax + 0x0000000C ];
mov eax, [ eax + 0x00000604 ];
mov eax, [ eax + 0x00000004 ];
mov eax, [ eax + edi ];
mov dwRes, eax;
}
return dwRes;
}
//Send skill by Id
VOID mySendSkillID( ULONG lpSkillId, ULONG lpBase = 0x0179D87C, ULONG lpFunction = 0x006F1DA0 )
{
__asm
{
mov edi, lpBase;
mov edi, [ edi ];
mov edi, [ edi + 0x000000A0 ];
mov edi, [ edi + 0x00000010 ];
mov eax, 0x00000000;
mov esi, lpSkillId;
push eax;
push eax;
mov eax, [ esi + 0x00000008 ];
shr eax, 0x0C;
and eax, 0x0000FFFF;
push eax;
mov ecx, edi;
call lpFunction;
}
}
//here is an example for sending the skill that is on your number 1 key using game engine.
mySendSkillID( myGetSkillIdFromSlotBar( 1 ) );
Here is how you can query your current target agro information, can be tweaked to index the treasures drops or index the nearest monster on your Field of Vision. ( Usefull to stop using the tab key aswell just need to get select target function )
/*
Sometimes the monsters are in your field of vision but they are so far away
that you cannot tab it for selection just change the maximum view distance.
Dont forget to VirtualProtect it to PAGE_EXECUTE_READWRITE
before writting, or just use cheat engine on address
00E07C78 ( FLOAT ) and set it to ur needs.
*/
*( PFLOAT )0x00E07C78 = 3600;
a simple LUA editable bot and source code example using Thr!ce AFKLoader and these functions.
If this is usefull for you please credit me and press thanks button( this will keep me happy enough to make some of my research public in the future )
Here is some suggestions to have a look at:
-
-
-
CODE SHARES:
-
You are welcome to post your findings on this thread aswell.
Thank you so much for the release! but im quite unsure how to add these codes. Should i just copy and paste into the LUA and run the afkloader or is there any other methods for this?
// Size = 0x140 bytes
// First slot is 0x280 bytes, but somehow only contains the second item (first slot is ommited)
// Size = 0x140 bytes
// First slot is 0x280 bytes, but somehow only contains the second item (first slot is ommited)
struct InventorySlot
{
int amount; //0x0
int hasItem; //0x4
BYTE unk1[0x18];
// Connection to .dds file (icon?)
int itemType; //0x20 -- Gaia Crystal = 0x00340030
int itemID; //0x24 -- Large Experience Crystal = 0x00390036
BYTE unk2[0x64];
int anotherItemID; //0x8C
BYTE unk3[0x98];
int isTooltipOpen; //0x128
BYTE unk4[0x14];
};
I wrote a small hack... to get the base address. Maybe someone else finds a better way:
Code:
DWORD dwInventoryBase = 0;
DWORD WINAPI hk_GetInventoryBase(DWORD a, DWORD b) // a is a pointer to InventoryWnd
{
DWORD res = o_GetInventoryBase(a, b);
if (!dwInventoryBase)
{
std::cout << "InventoryBase: " << ToHex(res) << std::endl; // this is just for debugging
dwInventoryBase = res;
}
return res;
}
First of all great work Thr!ce i have been researching with your detoured function and this appears to be a linked list, i still did not reverse the struct, here is a "cheated" linked list for the same job.
[UPDATE]( 1 ) ( CHECK FIRST POST )
-Added SelectNearestTarget function using game engine( without sending tab key ) to my research
-Linked AlainProvist research on post #19 to first post.
[UPDATE]( 2 ) ( CHECK FIRST POST )
-Added basic editable LUA multiclient bot example using AFKLoader and the published functions.
[UPDATE]( 3 ) ( CHECK FIRST POST )
-Added Camera ViewDistance variable
-Added Source Code of CLua
[UPDATE]( 4 ) ( CHECK FIRST POST )
-Added Thr!ce research on GetInventoryBase.
-Added my research on Thr!ce function to perform a linked list.
-Added LetsPlayPixelz research on target information.
Thank you all for testing, debugging, sharing and being this friendly.
Keep it comming
Thanks for the magnificent work. Would you mind implementing a error.log?
My game tend to freeze (not crash) after X amount of cycles. Where X can be 1 or 10 or any number (but tend to happen before 5 mins) and i really dont know why. It just freezes, then when i click on the screen of the game win7 says 'not responding' so i have to close the game and re open.
It doesnt happen in any particular situation. Sometimes it happens when im alt tabbed doing something else. Sometimes it happens when the game is opened and im not doing anything else.
Its wierd, i dont know if the macro goes throw an infinit loop or what, but an error.log would be nice. Anyways i believe its cause the developers of the game sucks and didnt do a good job protecting memory being used by the game and its been overwritten, but who knows.
Im using Win 7 64 Bits with AFK Loader and ur lua macro with the following code
Code:
lpVal = lpVal or 1
local dwWait = os.time( ) + lpVal
while os.time( ) < dwWait do end
end
IsTarget = CGetPlayerTarget( )
if IsTarget == 0 then
CSelectNearestTarget( )
else
if CGetPlayerTarget( ) then
CSendSlotBarSkill( 9 )
myWaitSecond( 1 )
end
if CGetPlayerTarget( ) then
CSendSlotBarSkill( 11 )
myWaitSecond( 1 )
end
if CGetPlayerTarget( ) then
CSendSlotBarSkill( 12 )
myWaitSecond( 1 )
end
if CGetPlayerTarget( ) then
CSendSlotBarSkill( 1 )
myWaitSecond( 1 )
end
if CGetPlayerTarget( ) then
CSendSlotBarSkill( 2 )
myWaitSecond( 1 )
end
if CGetPlayerTarget( ) then
CSendSlotBarSkill( 3 )
myWaitSecond( 1 )
end
if CGetPlayerTarget( ) then
CSendSlotBarSkill( 4 )
myWaitSecond( 1 )
end
end
Well, I felt useless after all the work everyone else is doing so I spent a little time tracing the pointers for the X, Y and Z coords for the player. I've checked these to the best of my puny abilities and am hoping that they're good. I have NO idea exactly which format to post this in so I'll just do something that makes sense (I used CE to get them).
Code:
X axis
"game.bin"+00B37964
offset 0 +14
offset 1 +64
offset 2 +10
offset 3 +10
offset 4 +154
Y axis
offset 4 +158
Z
offset 4 +15c
Seems you can teleport freely in this game without any rubber banding. Hope this helps, and more to the point I hope it's actually correct info that works (I restarted the game many times and rebooted etc, only thing I was unable to do is test on another system). Apologies if this is wrong...
I uploaded a table for cheatengine. Here's some instructions on how to work it.
1.Unrar .ct file and put it somewhere safe.
2.Load Cheatengine (as admin of course).
3.File menu, open file, load the .ct file.
4.Press the "Select a process to open" button while running the game and choose "Game.dat"
5.In the bottom part of CE you should see three rows, one for X, one for Y etc etc. The "Value" part is your current in game coordinates and will update on CE as you run around. To move your character in game, simply change the value of whichever coordinate you want, obviously you'll need to know where you're going first though.
That'll at least let you teleport around the map, but be warned that if you get seen teleporting you risk your account using this method It's also possible they have some server sided detection that could flag accounts (but also unlikely due to the nature of lag/bad connections).
If this doesn't work for you then it'll mean I screwed up on finding the right pointers (in which case I'll get back on it tomorrow if someone else hasn't already done it).
Have fun and if there are any problems or anything to do with these coords or the CE table then please use PM to contact me and not use this thread please
Nice finding I'm just misunderstanding why the position is not verified server side... It is just completely crazy. I'll dig for the location of the auto path coordinate when I have some free time. Could me more appropriate to use instead of teleporting .
That'll at least let you teleport around the map, but be warned that if you get seen teleporting you risk your account using this method It's also possible they have some server sided detection that could flag accounts (but also unlikely due to the nature of lag/bad connections).
I'm not sure if those are the same variables that I have messed with.
there are quite a few variables that hold the character's coordinates but only one [EDIT: I meant one array (3D Vector) of course] (from what I've seen) can actually impact the game and "teleport" you.
so I assume they are the same. unless of course there are more variables that can "teleport" you.
If they really are the same, it can't be detected, at least not with the way the game is currently working.
changing these values is as good as sending a packet to the server saying: "I want to move from X1, Y1, Z1 to X2, Y2, Z2 please".
if you "teleport" yourself to a very far location you'll see that it's clientsided. but a valid request was actually sent to the server. so it's clientsided (your current location) but you are walking to those coordinates (serversidedly).
how can you see that? 2 easy ways.
1.
First, again, "teleport" yourself far away from the point you're at right now.
try to attack a monster, you'll notice it will not do anything for some time and then it will start attacking the monster.
why? again, because your character wasn't there yet (serversidedly) but once it reached there, the server allowed you to attack the monster.
same goes to player spawns, it seems like monsters will spawn right away and so are Eidolon. players however will take a while to spawn, basically, the same concept, until you "actually" reach those coordinates.
2.
Start a second client, login and stand next to your 1st character.
"teleport" your 1st character to very close coordinates, let's say only -50 of its current X coordinate.
you'll notice the 2nd character is now seeing the 1st character simply running to that place like it would normally do. not actually teleporting.
if you "teleport" to a very far location, you'll notice the 2nd character is now seeing the 1st character start moving and then slowly fading away at the far distance.
Edit:
Quote:
Originally Posted by Shane¸
Currently I'm working with Oriya's Aura Kingdom Extended app, in case he releases it, I'll post my dlls as well.
You figured how to use it on your own? :P
damn you! hehe
there are some hidden features there though
Python Functions von Mt2 per C++ Code Inject ausführen? 12/02/2011 - C/C++ - 5 Replies Hallo, wollte fragen, ob mir eventuell jemand beantworten kann, wie man Python Functions nützt, welche in den Metin2 - pack Files gespeichert sind.
Und ob das überhaupt so wie ich mir das vorstelle möglich ist.
[Code / C++] Basic hooking of API Functions 07/19/2010 - Coding Tutorials - 2 Replies Global:
typedef BOOL (__stdcall * ReadProcessMemory_t)(HANDLE hProcess,LPVOID lpBaseAddress,LPCVOID lpBuffer,SIZE_T nSize,SIZE_T *lpNumberOfBytesRead);
ReadProcessMemory_t pReadProcessMemory;
Functions:
//Credits to GD ; You can do it manually, too.
SOX findings, place ur sox findiings here 06/04/2007 - Silkroad Online - 8 Replies place ur sox finds here :D
i just found a sos lvl 8 glaive =P
<hr>Append on Jun 4 2007, 01:11<hr> 20 mins later i find another sos chest.. lvl 13
![[CODE]Ingame Functions( POST YOUR FINDINGS HERE )](https://www.elitepvpers.com/forum/iconimages/aura-kingdom/code-ingame-functions-post-your-findings-here_ltr.gif){kind=small}
a simple LUA editable bot and source code example using Thr!ce AFKLoader and these functions.
.
