[CODE]Ingame Functions( POST YOUR FINDINGS HERE )

~~pureleech~~ · 03/08/2014, 17:03

please can u make it connect to private server instead of official?

Thr!ce · 03/09/2014, 02:31

Pointer to Camera Struct

Code:

0x00F3B21C

Cam Functions:

Code:

0x006809B0 (zoom in)
0x006809E0 (zoom out)

The Struct:

Code:

struct SCamera 
{
	BYTE unk[0x30];

	float rotationUnk; //0x30 Cam Rotation ?
	float rotationUnk2; //0x34 Cam Rotation ?

	float offsetX; //0x38 Cam Offset X
	float offsetY; //0x3C Cam Offset Y
	float offsetZ; //0x40 Cam Offset Z

	BYTE unk2[0xC];

	float zoomLimitNear; //0x50 Nearest Zoom
	float zoomLimitFar; //0x54 Farthest Zoom // Modify this value for zoom hack


	BYTE unk3[0x2C];

	float zoom; //0x84 Current Zoom
};

I am too lazy to further analyze the struct.. it also includes position.

RanOnlineSukZ · 03/09/2014, 06:29

still cant make it work my other 2 pc's. i tried all the method

Oriya9 · 03/10/2014, 03:06

Edit:
Sorry, I'll edit later.

RanOnlineSukZ · 03/14/2014, 09:42

Waiting for it to work again :3

~~LetsPlayPixelz~~ · 03/15/2014, 10:54

I said i will update the pointer for the target so here u go.

Pointer for Target
0x00B3D990

Offsets for the HP
{ 0xC, 0x8 } (int)

Offsets for the Name
{ 0xC, 0x100 } (string)

Thr!ce · 03/18/2014, 23:13

Ok I feel kinda stupid... I rereversed something already reversed:

Code:

DWORD GetCharacterStatsStruct(char c)
{
        DWORD dwRes = ((int(WINAPI*)(char))0x00762C10)(c)
	return dwRes;
}


struct SCharacterStats 
{
	int unk_0x0; // Some pointer
	int unk_0x4;
	int currentHP; // 0x8
	int cash; // 0x0C IN SILVER
	int level; // 0x10
	float moveSpeed; // 0x14
	int moveSpeedDisplay; // 0x18
	int crit; //0x1C
	int speed; //0x20
	int maxHP; //0x24
	int defense; //0x28
	int evasion; //0x2C
	int critdmg; //0x30
	int accuracy; //0x34	
	int heal; //0x38
	int unk_0x3C;
	int unk_0x40;
	int unk_0x44;
	int dmg; // 0x48

	BYTE unk_[0x24];

	int currentEXP; //0x68
	
	BYTE unk2[0x94];

	char charName[38]; // 0x100
	char guildName[38]; // 0x138 - not sure about size here

	//int maxHPBonusPercentageViaEquipAndStuff; //0x2A8

	//int mailCount; //0x3A4

};

At least I did add some stuff :P

There's lots of more stuff to add to this struct, but it's ******* huge.

~~pureleech~~ · 03/19/2014, 01:55

i really wanted to use these codes on a different server can u guys post a tutorial on how to use this using cheat engine?

ntKid · 03/19/2014, 22:08

Quote:

Originally Posted by Thr!ce

Ok I feel kinda stupid... I rereversed something already reversed:

Code:

DWORD GetCharacterStatsStruct(char c)
{
        DWORD dwRes = ((int(WINAPI*)(char))0x00762C10)(c)
	return dwRes;
}


struct SCharacterStats 
{
	int unk_0x0; // Some pointer
	int unk_0x4;
	int currentHP; // 0x8
	int cash; // 0x0C IN SILVER
	int level; // 0x10
	float moveSpeed; // 0x14
	int moveSpeedDisplay; // 0x18
	int crit; //0x1C
	int speed; //0x20
	int maxHP; //0x24
	int defense; //0x28
	int evasion; //0x2C
	int critdmg; //0x30
	int accuracy; //0x34	
	int heal; //0x38
	int unk_0x3C;
	int unk_0x40;
	int unk_0x44;
	int dmg; // 0x48

	BYTE unk_[0x24];

	int currentEXP; //0x68
	
	BYTE unk2[0x94];

	char charName[38]; // 0x100
	char guildName[38]; // 0x138 - not sure about size here

	//int maxHPBonusPercentageViaEquipAndStuff; //0x2A8

	//int mailCount; //0x3A4

};

At least I did add some stuff :P

There's lots of more stuff to add to this struct, but it's ******* huge.

Awesome finding, If the ( char c ) argument does what i think it does i will cut my wrist for wasting alot of hours in my life.

The number of offsets in the project is getting out of control we do need a byte pattern scan in future =P

nice work, Thr!ce.

Thr!ce · 03/19/2014, 22:14

I do have byte patterns for some off this stuff.

kautot090 · 03/19/2014, 23:08

nTkid any update on your Afkloldermacro?

RanOnlineSukZ · 03/20/2014, 08:28

Waiting~~

ntKid · 03/20/2014, 10:16

Quote:

Originally Posted by kautot090

nTkid any update on your Afkloldermacro?

Quote:

Originally Posted by RanOnlineSukZ

Waiting~~

we are working on it.

AlainProvist · 03/20/2014, 11:56

Quote:

Originally Posted by Thr!ce

Ok I feel kinda stupid... I rereversed something already reversed:

Thanks for completing it anyway

I made some research about skills cooldown to stop spamming skills stupidly. Even if spamming works well, from a behaviour point of view it is better to only cast one appropriate skill per frame.

Anyway here is what I found (a bit more complex that what we found before) :

The cooldown handling is actually a simple list where a minimalist structure containing the skill id and the current cooldown counter (and few other things) is dynamically allocated and added in the list through a pointer. When the cooldown counter reaches 0, the structure is deallocated and removed from the list.

So basically each time a skill is launched, a new cooldown structure is pushed in the list and lives for the whole duration of the cooldown. The list is apparently preserving initial order (not sorted by cooldown value for example).

Here is the cooldown structure :

Code:

struct SkillCooldownData
{
    DWORD unk1;
    DWORD skillID;// 0x0000XXXX

    DWORD unk2;
    DWORD unk3;

    float cooldownTimer;//0x10

    DWORD unk4;
    DWORD unk5;
    DWORD unk6;
};

Here is a function I made too read any current cooldown of any skill from its skill id :

(addresses are the french client's ones and even not updated)

Code:

float GetSkillRemainingTime( DWORD lpSkillId, ULONG lpBase/* = 0x017BD130*/)
{
    SkillCooldownData* scd = NULL;

    size_t* addr = (size_t*)lpBase;
    if(addr)
        addr = ThreadSafeReadAddress(addr, 0);
    if(addr)
        addr = ThreadSafeReadAddress(addr, 0x30);

    size_t* startAddr = ThreadSafeReadAddress(addr, 0x8);
    size_t* endAddr = ThreadSafeReadAddress(addr, 0xC);
    size_t nbElts = (endAddr - startAddr);
    if(nbElts == 0)
        return 0.0f;

    for(size_t i = 0; i < nbElts; ++i)
    {
        scd = (SkillCooldownData*)ThreadSafeReadAddress(startAdd r, 0x4*i);
        if(scd && scd->skillID == lpSkillId)
            return scd->cooldownTimer;
    }

    return 0.0f;
}

Don't question yourself too much about
addr = ThreadSafeReadAddress(addr, 0x30);
It can sum up to addr = *(addr + 0x30);

I modified a little the previous coded functions from ntKid To return the real skill id and not the pointer containing it :

Code:

DWORD GetSkillIdFromSlotBar( DWORD lpSlot, ULONG lpBase/* = 0x017BB230*/ )
{
    DWORD dwDelta = ( lpSlot - 1 ) * 4, dwRes = NULL;
    size_t* addr = (size_t*)lpBase;
    if(addr)
        addr = ThreadSafeReadAddress(addr, 0);
    if(addr)
        addr = ThreadSafeReadAddress(addr, 0x4);
    if(addr)
        addr = ThreadSafeReadAddress(addr, 0xC);
    if(addr)
        addr = ThreadSafeReadAddress(addr, 0x604);
    if(addr)
        addr = ThreadSafeReadAddress(addr, 0x4);
    if(addr)
        addr = ThreadSafeReadAddress(addr, dwDelta);
    if(addr)
        addr = ThreadSafeReadAddress(addr, 0x8);

    return ((((DWORD)addr)>>0xC)&0x0000FFFF);
}

VOID SendSkillID( DWORD lpSkillId, ULONG lpBase/* = 0x00F551E4*/, ULONG lpFunction/* = 0x006F1870*/ )
{
    size_t* addr = (size_t*)lpBase;
    if(addr)
        addr = ThreadSafeReadAddress(addr, 0);
    if(addr)
        addr = ThreadSafeReadAddress(addr, 0x14);
    if(addr)
        addr = ThreadSafeReadAddress(addr, 0x64);
    if(addr)
        addr = ThreadSafeReadAddress(addr, 0x10);
    if(addr)
    {
        __asm
        {
            mov edi, addr;
            mov eax, 0x00000000;
            push eax;// @ 8D162A
            push eax;
            mov eax, lpSkillId;
            push eax;
            mov ecx, edi;
            call lpFunction;//6F1870
        }
    }
}

And finally here is an example of a smart use of this :

Code:

bool SendSkill( DWORD slot )
{
    DWORD skillID = GetSkillIdFromSlotBar(slot);
    float cooldown = GetSkillRemainingTime(skillID);
    if(cooldown == 0.0f)
    {
        SendSkillID(skillID);
        return true;
    }

    return false;
}


//And finally the skill casting behaviour executed from the main loop of the game :

if(elapsed > 0.7f)// 0.7 is the common cooldown between 2 skill cast in the game
{
    bool hasSentSkill = false;
    if(data.currentHP < (data.HPmax/2))// regen/aoe attack healing
        hasSentSkill = SendSkill(5);
    if(!hasSentSkill)
    {
        int tab[8] = {1,2,3,4, 9,10,11,12};// should be ordered by highest cooldown to smallest one
        for(int i = 0; i < 8; ++i)
        {
            hasSentSkill = SendSkill( tab[i] );
            if(hasSentSkill)
                break;
        }
        if(!hasSentSkill)// regen/aoe attack healing
            hasSentSkill = SendSkill(5);
    }
    if(hasSentSkill)
        elapsed -= 0.7f;
}

Thr!ce · 03/20/2014, 16:12

Quote:

Originally Posted by ntKid

we are working on it.

Wow... so many thanks for just one sentence.

Nice work Alain!
Once weekend comes I'll have lots of free time aswell.