[CODE]Ingame Functions( POST YOUR FINDINGS HERE )

krory · 02/12/2015, 11:14

All these scripts and addresses I've seen, I'm trying to make sense of them.
If I search for the address 00B37994 will it bring me to the movement speed pointer?
I'm just getting into this memory editing stuff and I'd like to start collaborating with other member to create hacks.
I already have a fishing macro that only fishes for Alpaca crabs (Around 300g a night)
But I'm hoping to get into the more serious hacking, so shoot me a message (:

Professor Linebeck · 02/12/2015, 22:39

Quote:

Originally Posted by krory

All these scripts and addresses I've seen, I'm trying to make sense of them.
If I search for the address 00B37994 will it bring me to the movement speed pointer?
I'm just getting into this memory editing stuff and I'd like to start collaborating with other member to create hacks.
I already have a fishing macro that only fishes for Alpaca crabs (Around 300g a night)
But I'm hoping to get into the more serious hacking, so shoot me a message (:

Macro = Hack?!

krory · 02/13/2015, 01:14

Quote:

Originally Posted by Professor Linebeck

Macro = Hack?!

No, well, I mean in a way it's somewhat like a bot. But no, I'm not saying a macro = hack.
It doesn't alter the game in anyway, it only does a specific function that I instruct it to do by simulating keystrokes and mouse clicks.

So do you have something constructive to say this time that might point me in the right direction?
Or are you just going to facepalm at me again because I'm new to memory editing?

Daifoku · 02/13/2015, 13:32

Quote:

Originally Posted by krory

No, well, I mean in a way it's somewhat like a bot. But no, I'm not saying a macro = hack.
It doesn't alter the game in anyway, it only does a specific function that I instruct it to do by simulating keystrokes and mouse clicks.

So do you have something constructive to say this time that might point me in the right direction?
Or are you just going to facepalm at me again because I'm new to memory editing?

This Thread is to advanced for you.
You have to start at the start and not at the end. If you read a book, you probably dont read it from the last page to the first.

learn the basics first. Start playing with Cheat Engine and find any values with Pointers. Get to know what pointers are and how thery are represented in x86 Intel Assembler.

Daifoku · 02/14/2015, 18:21

Just for you

This is how you would get a function in general.

I wanted to get the autoWalk function... but to be true.. I'm not sure if this really is the autoWalk function XD could also be the text of the Map.
But I don't care at all

This should just be the general idea

Part 01:

Part 02:
get the correct parameter
get "this" (ECX)
creating a DLL and testing the function

not sure if I will do a Part 02 at all... depends if there is a need and if I have some more spare time.

PS: this was my first attempt to get the autoWalk function. Never did this before for AK since I was working mainly with packets ~

AlainProvist · 02/14/2015, 18:57

Nice idea

even if I still prefer written tuto rather than video tuto, but this seem to not be shared by yougster anymore

.

Anyway, thanks for taking the time to do this

Daifoku · 02/14/2015, 19:14

Quote:

Originally Posted by AlainProvist

Nice idea even if I still prefer written tuto rather than video tuto, but this seem to not be shared by yougster anymore .

Anyway, thanks for taking the time to do this

I thought about a written one but a lot of people don't know how to use olly and taking a screenshot of each step for those people is frustrating

Part 2 Testing
Calling the function with ollyDBG (no need for an injection/DLL/whatsoever)

not sure how everyone else is testing their functions, but I like to use ODbgScript. It's simple, fast and does not require any injection

PS: Seems like I found the correct function in part 1

lucky me

Izuhina · 02/15/2015, 03:24

How to use this ?

AlainProvist · 02/15/2015, 11:09

Quote:

Originally Posted by Daifoku

I thought about a written one but a lot of people don't know how to use olly and taking a screenshot of each step for those people is frustrating

Part 2 Testing
Calling the function with ollyDBG (no need for an injection/DLL/whatsoever)

not sure how everyone else is testing their functions, but I like to use ODbgScript. It's simple, fast and does not require any injection

PS: Seems like I found the correct function in part 1 lucky me

Hehe loved the moment you crashed the game ^^

I personnaly prefer using VS debugger since I can debug my bot code with sources and the game code with disassembly code at the same time. When I come to test my functions newly written, I generally trigger it either with a specific key press code detection or simply with a static bool changed on the fly with the debugger. If something goes wrong I'm still able to prevent the crash by returning all functions of the stack one by one by setting the next instruction to any return code. And since I work with the french client that don't even care if you attach a debugger or inject a dll while running in game, I can easilly attach the debugger, inject my dll, debug, eject the dll, recompile, reinject, and debug again. This makes iterations very fast

.

ken12 · 02/16/2015, 01:23

I know too much use of that function causes the game to crash. But great job!

There are other 2 walk function. Hehe.

vans48 · 07/18/2015, 00:49

Hi guys, sorry that I revive this thread but Im looking into making a bot that can execute my own asm code in one of the x-legend games process. Most of their games have very similar functions so i've figured this might a nice place to ask for information. I made a few bots here and there using memory reading/writing to another process in autoit, but I want to take to the next level.

I've never coded anything using WIN32 api but Im thinking making a project like this could be a good learning experience. My goal is to code it in C. I've been reading a few tutorials online on code injection but information seems rather old/not trustworthy. Can you guys point me to a decent source of information on this aspect? if its related to game hacking, even better.

Thanks!

Daifoku · 07/18/2015, 10:47

Don't know about c# but c++.
Here is a small guide. Be kind with any mistakes.. I just wrote this down ~

You need
- Visual Studio Express 2013
- Perx x1nject

with Perx x1nject you can load your created DLL into the memory of another process (e.g. a game)

In VS Express:
new Project -> VisualC++ -> Win32 (console)-> OK -> Next
Select "DLL" as type

Code:

// dllmain.cpp : Definiert den Einstiegspunkt für die DLL-Anwendung.
#include "stdafx.h"

BOOL APIENTRY DllMain( HMODULE hModule,
                       DWORD  ul_reason_for_call,
                       LPVOID lpReserved
					 )
{
	switch (ul_reason_for_call)
	{
	case DLL_PROCESS_ATTACH:
	case DLL_THREAD_ATTACH:
	case DLL_THREAD_DETACH:
	case DLL_PROCESS_DETACH:
		break;
	}
	return TRUE;
}

DLL_PROCESS_ATTACH gets called on load.
Your detours will be placed here.

DLL_PROCESS_DETACH
undo your detours here

e.g. this is my packet sender dllmain.cpp

Code:

// dllmain.cpp : Definiert den Einstiegspunkt für die DLL-Anwendung.
#include "stdafx.h"
#include "encHook.h"
#include "w32hooks.h"
#include "console.h"
#include "GUIConfig.h"
packet o_encryption = nullptr;


BOOL APIENTRY DllMain( HMODULE hModule,
                       DWORD  ul_reason_for_call,
                       LPVOID lpReserved
					 )
{
	switch (ul_reason_for_call)
	{
	case DLL_PROCESS_ATTACH:
		constants::gui::hInstance = hModule;
		
		createConsole();
		cout << "DLL_PROCESS_ATTACH" << endl;
		o_encryption = (packet)DetourFunction((PBYTE)constants::addresses::encryption, (PBYTE)encHook);
		game::NPCs.reserve(1000); 
		game::newItems.reserve(1000); 
		game::soldItemBlockList.reserve(100);
	case DLL_THREAD_ATTACH:
	case DLL_THREAD_DETACH:
	case DLL_PROCESS_DETACH:
		break;
		DetourRemove((PBYTE)o_encryption, (PBYTE)encHook);
		break;
	}
	return TRUE;
}

you must not create a Thread in DLL_PROCESS_ATTACH. This will lead to an error. Create a Thread in an detoured function.. that's the easiest way ;D

running custom ASM is pretty easy ~

Code:

INT functions::openNPCbyInternalID(DWORD internalNPCid)
{

	ULONG lpFunction = 0x0046AF20;
	ULONG lpthis = 0x00C22194;
	ULONG dwRes = NULL;
	__asm
	{
		/* Pointer to this Offset1 = 0*/
		mov edi, lpthis;
		mov edi, [edi];
		mov ecx, edi;

		push internalNPCid;
		call lpFunction;
		mov dwRes, eax;
	}

	return dwRes;
}

edit:
if you don't know what a detour is. A detour basically hooks into the specified position. When the game calls this position, you can execute your own code and then forward the call to the original funcion.

Creating a detour of a function.
Let's hook o_setsockopt

Code:

DLL_PROCESS_ATTACH:
o_setsockopt = (t_setsockopt)DetourFunction((PBYTE)GetProcAddress(GetModuleHandle(L"ws2_32.dll"), "setsockopt"), (PBYTE)&hook_setsockopt);

print out the used socket and forward to the original function.

Code:

typedef int (WINAPI* t_setsockopt)(SOCKET, int, int, const char *, int);
int WINAPI hook_setsockopt(SOCKET s, int level, int optname, const char *optval, int optlen)
{
	cout << dec << "Socket :: " << s << endl;
	return o_setsockopt(s, level, optname, optval, optlen);
}

hope this helped. feel free to ask more here - no pn pls . i won't read them :P

AlainProvist · 07/18/2015, 11:49

Nice sharing

.

About creating a thread from DLL_PROCESS_ATTACH, it's exactly what I do in Skandia

. My hooks are set from this thread and GUI is then updated through this thread.

vans48 · 07/18/2015, 15:10

Thanks a lot man! time to have some fun coding.

Broland · 07/19/2015, 08:34

Hey Guys!
I want to make a Video for our Guild.
So how exactly can i make the camera move "free" and zoom in / out like i want.
The LUA bot dont work for me, maybe because im playing on German Servers q-q
Im happy for any help!

Omdihar wrote this:
"To unlock the camera from the player:
00682623 - jp 0068263F

Patch to

00682623 - jmp 0068263F"

but how do i "patch" it x.x