[Tutorial] Call a function inside Neuz (melee attack example)
Discussion on [Tutorial] Call a function inside Neuz (melee attack example) within the Flyff Hacks, Bots, Cheats, Exploits & Macros forum part of the Flyff category.
sorry for this hard necro but this post is still relevant til this day.
@ i managed to compile everything found all ID's needed to use with the source, but once i started the bot it crashes maybe the server im playing with has protection against it or i don't know if the dwAtkMsg value is wrong i might be wrong on this one though but how do you find its value?
sorry for this hard necro but this post is still relevant til this day.
@ i managed to compile everything found all ID's needed to use with the source, but once i started the bot it crashes maybe the server im playing with has protection against it or i don't know if the dwAtkMsg value is wrong i might be wrong on this one though but how do you find its value?
It is hard to guess what is wrong in your code or if the server has a protection!
You have a big chance that flyff source is leaked and every noob person can create a local serevr to make tests..
Try to do it in a server you own or a simple serevr without protections and see what is wrong.
You should debug your code to find out what is crashing it.
I've managed to make something out of it, but one thing that bugs me is that it could find the target but won't lock it. I'm still trying to figure this one out hope you could help me on this as this is the only thing that I'm missing.
I will try to make a server without protection, will get back to you as soon as i have findings. thank you for the quick response it means alot to me as im trying to learn as much as I could.
When i toggle the breakpoint and hit a target, the dword gives me the same results as the
ECX and EBX values. I also tried to scan it once, but when I clicked on 'find out what accsesses this adress' it only gave me bs. the EDX ECX etc. values are still the same so i cant find these two static adresses. Please Help!
I think i messed up at the Breakpoint part
When i toggle the breakpoint and hit a target, the dword gives me the same results as the
ECX and EBX values. I also tried to scan it once, but when I clicked on 'find out what accsesses this adress' it only gave me bs. the EDX ECX etc. values are still the same so i cant find these two static adresses. Please Help!
what flyff server?
I could make better explanation and give a whole working bot but I don't want to spoon feed and pserevrs are different so I can not make an example that works for all the servers..
For the class pointer (ECX), basically you can even get it automatically if you know how to hook the function. You can just hook the Function (SendMeleeAttack) and save the ECX in a variable when it is called.
For the target ID, it is not hard to find, just use CE and search for changed/unchanged values: so when you target a mob/player/npc then the value changes into memory, when you dont target anything value=0,...
what flyff server?
I could make better explanation and give a whole working bot but I don't want to spoon feed and pserevrs are different so I can not make an example that works for all the servers..
For the class pointer (ECX), basically you can even get it automatically if you know how to hook the function. You can just hook the Function (SendMeleeAttack) and save the ECX in a variable when it is called.
For the target ID, it is not hard to find, just use CE and search for changed/unchanged values: so when you target a mob/player/npc then the value changes into memory, when you dont target anything value=0,...
I would like to do it in Eclipse Flyff.
I also tried the thing with the static values but they just didnt changed.
Just a quick overview of what ive done.
-Linked the Game.
-Killed a Mob
-Went into Memory view
-Found 'DoAttackMelee'
-Found the Client Adress
-Went back up and searched for the call function that starts the action
-F5, Attacked a Mob, back into CE, F5, F9
Then I opened Full Stack and got stuck.
Tried already many dword's (hoped that ill maybe get it with luck) but nah.
Dont know if the Image appears so heres the link, just in case:
Heres something that I found:
Neuz.exe+27FB40 Send Melee Attack adress
Neuz.exe+71E380 client adress
Dont know if it is correct (Im pretty bad with CE)
I would like to do it in Eclipse Flyff.
I also tried the thing with the static values but they just didnt changed.
Just a quick overview of what ive done.
-Linked the Game.
-Killed a Mob
-Went into Memory view
-Found 'DoAttackMelee'
-Found the Client Adress
-Went back up and searched for the call function that starts the action
-F5, Attacked a Mob, back into CE, F5, F9
Then I opened Full Stack and got stuck.
Tried already many dword's (hoped that ill maybe get it with luck) but nah.
Dont know if the Image appears so heres the link, just in case:
Heres something that I found:
Neuz.exe+27FB40 Send Melee Attack adress
Neuz.exe+71E380 client adress
Dont know if it is correct (Im pretty bad with CE)
Best regards
Just as information: you've written that you are not very experienced. You should try another server that is not protected at all first. Simply take <InputAnyRandomPinoyServerHere> to learn and not a server like EclipseFlyff. EclipseFlyff has some protection(s) to prevent this. In case you would call the function correctly the char would instantly get dropped and you will get the "Disconnected from Server" message.
I already tried to make a bot with AHK, AutoIt and Python.
The game only blocks AHK and AutoIt, but Python worked for me so I dont know about that.
Oh and I don't want to try it on other servers because it's my favorite one and I don't want to start all over again.
I already tried to make a bot with AHK, AutoIt and Python.
The game only blocks AHK and AutoIt, but Python worked for me so I dont know about that.
Oh and I don't want to try it on other servers because it's my favorite one and I don't want to start all over again.
You found the correct function and class pointer
Just put a break point on the call and you will see in the stack trace the 5 params of the function.
For the target ID, you can proceed as I mentioned:
search for 4Bytes type with "exact value=0", select a mob and hit next scan with "value changed", change target and search for "value changed", don't change mob and search for "value unchanged", repeat...until you find 3 values.
Then test them one by one, use "find out what writes to this address" until it breaks and shows the opcode with offset "x20" [ebx+20]
Then copy the EBX value (186591F0) and search for Hex value (4bytes) and you will find the 2 static target addresses (it is like it is always 2 static addresses in flyff).
Then take the first pointer and add a manual pointer-address in CR like below:
Now you can check: if you change targets then it would change in CE. when you unselect the target it show "0"
Do the same for Target Id, just add an offset "2F8":
EBX is also the mob pointer (target Ptr) and "2F8" is its ID offset:
I didn't test it but basically this is what you need to find the required params.
I hope it works for you now, Eclipse may have some securities like Aiden said, I have no idea about their security as I stopped making bots/cheats of this kind since a moment.
I have not tested to send direct attacks using that call, might be worth a try but my guess is same as Aiden, you will most likely get disconnected. Let us know what happened
You found the correct function and class pointer
Just put a break point on the call and you will see in the stack trace the 5 params of the function.
For the target ID, you can proceed as I mentioned:
search for 4Bytes type with "exact value=0", select a mob and hit next scan with "value changed", change target and search for "value changed", don't change mob and search for "value unchanged", repeat...until you find 3 values.
Then test them one by one, use "find out what writes to this address" until it breaks and shows the opcode with offset "x20" [ebx+20]
Then copy the EBX value (186591F0) and search for Hex value (4bytes) and you will find the 2 static target addresses (it is like it is always 2 static addresses in flyff).
Then take the first pointer and add a manual pointer-address in CR like below:
Now you can check: if you change targets then it would change in CE. when you unselect the target it show "0"
Do the same for Target Id, just add an offset "2F8":
EBX is also the mob pointer (target Ptr) and "2F8" is its ID offset:
I didn't test it but basically this is what you need to find the required params.
I hope it works for you now, Eclipse may have some securities like Aiden said, I have no idea about their security as I stopped making bots/cheats of this kind since a moment.
So I tried it and came a bit further. But I cant find 3 values, I only found 2.
Anyway I tried to find the ofset but nothing came out.
I foudnd these 3 EBX values but they are worthless I think.
6D013A00
427201D4
427201C4
I really dont know why i cant find those 3 adresses, i mean I did it like you said.
So I tried it and came a bit further. But I cant find 3 values, I only found 2.
Anyway I tried to find the ofset but nothing came out.
I foudnd these 3 EBX values but they are worthless I think.
6D013A00
427201D4
427201C4
I really dont know why i cant find those 3 adresses, i mean I did it like you said.
I don't know what you were missing but it worked for me and there is no security in eclipse about that (it works like a charm).
The source code and the DLL are attached inside the following zip file.
After injecting the DLL, just click on "Install the hook" button and kill 1 mob.
After that you can hit any mob from distance by using the "Hit target 4 times" button.
Enjoy and you may enhance the tool by implementing a pattern scan for the offsets so you don't need to auto update it at every client patch and you are free to do what you want with the source
Hello sir cookie69, I used your released src code and I successfully make it work to the flyff I am playing with. I am wondering if it is possible to make it work with other melee weapons such as knuckle or yo-yo?
[TOOL] 1.5-2x attack speed 4 melee s 06/05/2010 - RFO Hacks, Bots, Cheats, Exploits & Guides - 15 Replies because i play with warior char n envious with launcher 10x hack attack speed
here is attack speed for melee weapon
altough just 1.5-2x but really helpful for me
this file already edited with pot hack too
extract this file to datatable in your rf folder
Download: Item.edf.rar | xup.in
no virus: here
[release]1.5-2x attack speed for melee 11/24/2008 - RFO Hacks, Bots, Cheats, Exploits & Guides - 155 Replies because i play with warior char n envious with launcher 10x hack attack speed
here is attack speed for melee weapon :D
altough just 1.5-2x but really helpful for me
this file already edited with pot hack too :cool:
extract this file to datatable in your rf folder
RapidShare: 1-Click Webhosting
sory for my bad english :p
press thanx button ^^
10x Melee attack sped or any better speed attack than 2x 05/27/2008 - RF Online - 5 Replies I tested All Guides of melee Speed attack, and nothing work correctly ...
Maybe i cant setup or This dont function -_-''
So... SomeBody can explain the correctly type to Get 10x Speed melee Attack
, YaRFBOT get 1.5~2x speed...