[Tutorial] Call a function inside Neuz (melee attack example)
Discussion on [Tutorial] Call a function inside Neuz (melee attack example) within the Flyff Hacks, Bots, Cheats, Exploits & Macros forum part of the Flyff category.
Thanks , awsome tutorial (y)
Small question, any idea to how to generate random target ID ? so that to kill monsters which are arround...
Thanks in advance !
I deleted you from skype because of your many "questions"...You don't seem to do any effort so I will not give you tips.
You may get help from other guys here who know hot to make a bot or you could just search in the internet (there is at least 1 complete guide).
Good luck
lool keep your wrong judgements for urself, i've been searching everywhere, but i'm new to that , have passed all last days on CE , you're acting like a kid mate ..., didn't even ask you how to reach my goal, asked you for further guides, which is more than a prove of my working ...
It's okay ... keep your " secrets " for youself , their must be somewhere else where to look
Can you help me find the base address of vPos parameter? I've already tried searching write/access opcodes and also used pointer scan but i can't find that green address. Below is a snippet:
Code:
typedef void (__thiscall * SendDropItem_t)(void * client, int nothing, unsigned int itemid, unsigned int DropNum, unsigned int vPos);
SendDropItem_t pSendDropItem ;
uintptr_t p = 0x1999BC;
vPos = *reinterpret_cast<unsigned int *>(p);;
g_DPlay.SendDropItem( 0, m_pItemElem->m_dwObjId, 1, m_vPos );
pSendDropItem = (SendDropItem_t)((DWORD)g_hExeModule+0x1DE30);
if (GetAsyncKeyState(VK_OEM_MINUS)) //drop item id
{
pSendDropItem((void*)g_DPlay, nothing, itemid , DropNum , vPos );
printf_s("DROPPING ID: %x\n", itemid);
}
I was able to drop items but the problem is, it is not being dropped on my location because my vPos values are wrong. The address 0x1999BC always contain the value of vPos even i reopen clients but it contains a hexadecimal value.
Below is the location of the function @ _Interface\WndField.cpp
Code:
BOOL CWndDropConfirm::OnChildNotify( UINT message, UINT nID, LRESULT* pLResult )
{
if( nID == WIDC_YES || message == EN_RETURN )
{
// add error code so i can find the string in disect CE
Error("CWndDropConfirm::OnChildNotify");
g_DPlay.SendDropItem( 0, m_pItemElem->m_dwObjId, 1, m_vPos );
Destroy();
}
else if( nID == WIDC_NO )
{
Destroy();
}
return CWndNeuz::OnChildNotify( message, nID, pLResult );
}
Can you help me find the base address of vPos parameter? I've already tried searching write/access opcodes and also used pointer scan but i can't find that green address. Below is a snippet:
Code:
typedef void (__thiscall * SendDropItem_t)(void * client, int nothing, unsigned int itemid, unsigned int DropNum, unsigned int vPos);
SendDropItem_t pSendDropItem ;
uintptr_t p = 0x1999BC;
vPos = *reinterpret_cast<unsigned int *>(p);;
g_DPlay.SendDropItem( 0, m_pItemElem->m_dwObjId, 1, m_vPos );
pSendDropItem = (SendDropItem_t)((DWORD)g_hExeModule+0x1DE30);
if (GetAsyncKeyState(VK_OEM_MINUS)) //drop item id
{
pSendDropItem((void*)g_DPlay, nothing, itemid , DropNum , vPos );
printf_s("DROPPING ID: %x\n", itemid);
}
I was able to drop items but the problem is, it is not being dropped on my location because my vPos values are wrong. The address 0x1999BC always contain the value of vPos even i reopen clients but it contains a hexadecimal value.
Below is the location of the function @ _Interface\WndField.cpp
Code:
BOOL CWndDropConfirm::OnChildNotify( UINT message, UINT nID, LRESULT* pLResult )
{
if( nID == WIDC_YES || message == EN_RETURN )
{
// add error code so i can find the string in disect CE
Error("CWndDropConfirm::OnChildNotify");
g_DPlay.SendDropItem( 0, m_pItemElem->m_dwObjId, 1, m_vPos );
Destroy();
}
else if( nID == WIDC_NO )
{
Destroy();
}
return CWndNeuz::OnChildNotify( message, nID, pLResult );
}
I don't know what you are trying to do but if the issue is related to the m_vPos you should make sure this variable has the correct type.
It looks like it is a structure so it could be defined like this:
It is better that you put all this in the same struct, something like in this dirty code (I am not sure it will compile even taken part by part but I am sure you understand the idea):
Code:
__inline float ReadFloatPointer(ULONG_PTR* PointerBase, int PointerOffset)
{
if(!IsBadReadPtr((void*)PointerBase, 4))
{
if(!IsBadReadPtr((void*)((*(ULONG_PTR*)PointerBase) + PointerOffset), 4))
{
return *(float*)((*(ULONG_PTR*)PointerBase) + PointerOffset);
}
}
return 0;
}
//.......
unsigned long * LocalPlayer;
const unsigned long ul_PlayerBase = 0x12345678;
const unsigned long ul_XOffset = 0x160;
const unsigned long ul_YOffset = ul_XOffset + 0x4;
const unsigned long ul_ZOffset = ul_XOffset + 0x4 + 0x4;
const unsigned long ulModbase = 0x400000;
//.........
LocalPlayer = (unsigned long*) (ulModbase +ul_PlayerBase);
typedef struct D3DXVECTOR3 {
FLOAT x;
FLOAT y;
FLOAT z;
void readVpos()
{
x = ReadFloatPointer((ULONG_PTR*)LocalPlayer, ul_XOffset) + 10.0;
y = ReadFloatPointer((ULONG_PTR*)LocalPlayer, ul_YOffset);
z = ReadFloatPointer((ULONG_PTR*)LocalPlayer, ul_ZOffset) + 10.0;
}
} D3DXVECTOR3, *LPD3DXVECTOR3;
D3DXVECTOR3 m_vPos;
m_vpos.readVpos();
// TODO call your hack function
//......
Hello, first of all, great guide, really liked
I'm just having one issue that i'd like you to help me if you have the time and if you want to of course
I was unable to find the target ID in a private server called clockworks flyff, i tried really hard to do it with cheat engine, WpePro and wireshark and I just couldn't, wireshark it's too messy to play with and WpePro doesn't send or receive any packages from this flyff, don't particular know why. Could you help me out to find the target ID in this flyff if possible? Or I am a noob that just couldn't do it?
Thank's already.
Hello, first of all, great guide, really liked
I'm just having one issue that i'd like you to help me if you have the time and if you want to of course
I was unable to find the target ID in a private server called clockworks flyff, i tried really hard to do it with cheat engine, WpePro and wireshark and I just couldn't, wireshark it's too messy to play with and WpePro doesn't send or receive any packages from this flyff, don't particular know why. Could you help me out to find the target ID in this flyff if possible? Or I am a noob that just couldn't do it?
Thank's already.
You are not noob because in CW server my method described in the first page will not work..
But, you can use other ways like pointer scan
By the way, why do you need a packet editor/viewer to find the target id?? (you could use a proxy to get the target id from the packet of course but it is too much work for a simple need).
Just use CE the right way, if you don't know that you can use Pointer Scan feature in CE then imo you should train more on this subject than starting coding in c++...
Just find the target id in CE (target id can be found as i described by putting a break-point on the function start --> see first page) and use "Pointer scan" with 2 levels offsets max.
Thanks for the reply, actually i do program in C, C++ and C#, I do computer science college haha, just never actually tried to hack anything, always had the interest though, u know? And i saw your guide and thought: Love flyff and this bot may be of great help in my gameplay so why not try it out, never programmed in PHP also.
Just have a dumb question. At the visual studio, u start a project for PHP Console? I'm so lost in this stuff unfortunately
I tryed now for NoFlyff and I got a little problem.. for sword it's working, but for knux or knight axe.. I get only "Please wait a moment before attacking again". I thought the issue is the "weapon speed", so I checked with "movss xmm0,[edx+00000130]", but values was correct..
Any ideea what issue can be?
I tryed now for NoFlyff and I got a little problem.. for sword it's working, but for knux or knight axe.. I get only "Please wait a moment before attacking again". I thought the issue is the "weapon speed", so I checked with "movss xmm0,[edx+00000130]", but values was correct..
Any ideea what issue can be?
It seems to be the correct reason.
What value of knux speed you see when you put a break point on function start and hit manually a mob?
It could be rounded in CE and it may be the reason that this value is not accepted so try to find the full float value.
Also you could call the ingame function getcurrenthanditem() or something like that. To find it, it must be called before the instruction that uses the xmm0 and offset of weapon speed is 0x130 like you said
I will check it tonight if you still need help.
(Written from my smartphone)
Hey Cookie thanks for the guide, I was very interested but the server I'm playing closes its client the moment I open CE. Could you please advise me on what possible steps I could take to get things going? Cheers!
It seems to be the correct reason.
What value of knux speed you see when you put a break point on function start and hit manually a mob?
It could be rounded in CE and it may be the reason that this value is not accepted so try to find the full float value.
Also you could call the ingame function getcurrenthanditem() or something like that. To find it, it must be called before the instruction that uses the xmm0 and offset of weapon speed is 0x130 like you said
I will check it tonight if you still need help.
(Written from my smartphone)
The value from knux I see in the eax+130 (this server have eax instead of edx) is the same as the one you written (0.0700000003). Hmm.. maybe the value is still rounded.. I see it's shorter with 1 digit than sword.. but can't get it.
The value from knux I see in the eax+130 (this server have eax instead of edx) is the same as the one you written (0.0700000003). Hmm.. maybe the value is still rounded.. I see it's shorter with 1 digit than sword.. but can't get it.
I found it!! LOL you have to pass a hex value as a weapon attack speed instead of a float...
This will not work
Neuz.CDPClient::SendMeleeAttack(0x0000001D, 0x00013F26, 0x00000000, 0x00010000, 0.07)
but this will work:
Neuz.CDPClient::SendMeleeAttack(0x0000001D, 0x00013F26, 0x00000000, 0x00010000, 0x3d8f5c29)
=> convert float to hex:
And yes it is 0.07 for the knux but if you want a better float value: 0.070000000298023224 (Just hook the function to get the value -> windows detours)
More info about the function in NoFlyFF:
SendMeleeAttack address : 0x00559100
Class pointer: ECX=0x00A0A318
Function call is at address: Neuz.exe + 0x31CFC1
Nevermind.. it wasn't working because I was really blind -.- I forget to check your entire source. Calling this function with float works just fine.. I just messed up with variables.
So I was trying to do Mazey but I wasn't able to find anything when trying to search DoAttackMelee (both on referenced string and all string) what does this mean?
So I was trying to do Mazey but I wasn't able to find anything when trying to search DoAttackMelee (both on referenced string and all string) what does this mean?
Find another way
hints: target id, find out what access this address.
[TOOL] 1.5-2x attack speed 4 melee s 06/05/2010 - RFO Hacks, Bots, Cheats, Exploits & Guides - 15 Replies because i play with warior char n envious with launcher 10x hack attack speed
here is attack speed for melee weapon
altough just 1.5-2x but really helpful for me
this file already edited with pot hack too
extract this file to datatable in your rf folder
Download: Item.edf.rar | xup.in
no virus: here
[release]1.5-2x attack speed for melee 11/24/2008 - RFO Hacks, Bots, Cheats, Exploits & Guides - 155 Replies because i play with warior char n envious with launcher 10x hack attack speed
here is attack speed for melee weapon :D
altough just 1.5-2x but really helpful for me
this file already edited with pot hack too :cool:
extract this file to datatable in your rf folder
RapidShare: 1-Click Webhosting
sory for my bad english :p
press thanx button ^^
10x Melee attack sped or any better speed attack than 2x 05/27/2008 - RF Online - 5 Replies I tested All Guides of melee Speed attack, and nothing work correctly ...
Maybe i cant setup or This dont function -_-''
So... SomeBody can explain the correctly type to Get 10x Speed melee Attack
, YaRFBOT get 1.5~2x speed...
![[Tutorial] Call a function inside Neuz (melee attack example)](https://www.elitepvpers.com/forum/iconimages/flyff-hacks-bots-cheats-exploits-macros/tutorial-call-function-inside-neuz-melee-attack-example_ltr.gif){kind=small}
..., didn't even ask you how to reach my goal, asked you for further guides, which is more than a prove of my working ...
