|
You last visited: Today at 17:48
Advertisement
[Release & Source] Flyff Webzen Bow Hack
Discussion on [Release & Source] Flyff Webzen Bow Hack within the Flyff Hacks, Bots, Cheats, Exploits & Macros forum part of the Flyff category.
05/20/2019, 19:10
|
#1
|
elite*gold: 93616
Join Date: Apr 2010
Posts: 13,737
Received Thanks: 14,990
|
[Release & Source] Flyff Webzen Bow Hack
When using this hack you will always attack with charged bow.
Usage:
Hotkeys:
Source:
Code:
bool AlreadyHooked = false;
UINT32 gRWXBuf = NULL;
UINT32 gSendActMsgOrig = NULL;
UINT32 gStrongBowEnabled = NULL;
void BowHack()
{
auto GameBase = GetBaseAddress();
if (!GameBase)
{
return;
}
// SendActMsg: Neuz.exe + 19B780 | 55 8B EC F6 41 08 08 74 ??
// Inject shellcode if not already done
if (!AlreadyHooked)
{
// Get CActionMover Object
UINT32 Ptr1 = *(UINT32*)(GameBase + 0x004FFA94);
if (Ptr1)
{
UINT32 CActionMoverObj = *(UINT32*)(Ptr1 + 0x33C);
if (CActionMoverObj)
{
DbgPrint("CActionMoverObj @ %X\n", CActionMoverObj);
// First 16 Bytes used for Shadow VMT
UINT32 CActionMoverObjVtable = *(UINT32*)CActionMoverObj;
if (CActionMoverObjVtable)
{
DbgPrint("CActionMoverObjVtable: %X\n", CActionMoverObjVtable);
// Allocate space for vmt & shellcode
/*
16 bytes - ShadowVMT
4 bytes - Used for Settings
? bytes - Shellcode
*/
if (gRWXBuf == NULL)
{
SIZE_T RWXBufSize = PAGE_SIZE;
fZwAllocateVirtualMemory(NtCurrentProcess(), (PVOID*)&gRWXBuf, 0, &RWXBufSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
DbgPrint("gRWXBuf @ %X\n", gRWXBuf);
}
memcpy((void*)gRWXBuf, (void*)CActionMoverObjVtable, 16);
// Save SendActMsg
gSendActMsgOrig = *(UINT32*)(CActionMoverObjVtable + 4);
DbgPrint("gSendActMsgOrig @ %X\n", gSendActMsgOrig);
// Save gStrongBowEnabled Ptr
gStrongBowEnabled = (UINT32)(gRWXBuf + 16);
// Setup shellcode
unsigned char Shellcode[] =
{
0x50, // push eax
0x8B, 0x45, 0xDC, // mov eax, [ebp-0x24] | eax now holds dwItemId
0x83, 0xF8, 0x00, // cmp eax, 0
0x75, 0x11, // jne $JMPBACK
0xA1, 0xAA, 0xAA, 0xAA, 0xAA, // mov eax, [StrongBowEnabled]
0x83, 0xF8, 0x01, // cmp eax, 1
0x75, 0x07, // jne $JMPBACK
0xC7, 0x45, 0xDC, 0x04, 0x00, 0x00, 0x00, // mov [ebp-0x24], 4
// $JMPBACK
0x58, // pop eax
0xE9, 0xBB, 0xBB, 0xBB, 0xBB, // jmp [gSendActMsgOrig]
};
*(UINT32*)(Shellcode + 10) = (UINT32)gStrongBowEnabled; // StrongBowEnabled
*(UINT32*)(Shellcode + 28) = (UINT32)(gSendActMsgOrig - (gRWXBuf + 47) - 5); // jmp back
// Copy Shellcode
memcpy((void*)(gRWXBuf + 20), Shellcode, sizeof(Shellcode));
// Patch VMT Ptr
*(UINT32*)(gRWXBuf + 4) = (UINT32)(gRWXBuf + 20);
*(UINT32*)(CActionMoverObj) = gRWXBuf;
DbgPrint("VMT Hook placed :)\n");
AlreadyHooked = true;
}
}
}
}
if (AlreadyHooked)
{
if (gItems.bowAlwaysStrongAttack)
*(UINT32*)gStrongBowEnabled = 1;
else
*(UINT32*)gStrongBowEnabled = 0;
}
}
Thanks to @
I hope you guys learn from my source
|
|
|
05/20/2019, 23:08
|
#2
|
elite*gold: 0
Join Date: Aug 2009
Posts: 15
Received Thanks: 1
|
nicee work! tested and works like a charm!
if u could add range hack it would be awesome ^^
|
|
|
05/20/2019, 23:11
|
#3
|
elite*gold: 0
Join Date: Apr 2009
Posts: 47
Received Thanks: 15
|
-
|
|
|
05/23/2019, 23:15
|
#4
|
elite*gold: 93616
Join Date: Apr 2010
Posts: 13,737
Received Thanks: 14,990
|
Please note:
You will not be able to use the Hotkey if Flyff is started in Fullscreen (Switch to Desktop or press F10 before you start Flyff).
To avoid BSOD you should update to the most recent Win10 version. This is a Proof of Concept so feel free to port this to usermode (probably more stable). Source is available, should be rather easy to port.
|
|
|
05/25/2019, 01:02
|
#5
|
elite*gold: 0
Join Date: May 2019
Posts: 25
Received Thanks: 1
|
What this douse exactly?
|
|
|
05/25/2019, 04:39
|
#6
|
elite*gold: 0
Join Date: Jun 2010
Posts: 9
Received Thanks: 1
|
will this work in playpark flyff? hoping you will make one for playpark flyff if its not working thanks though
|
|
|
06/04/2019, 10:27
|
#7
|
elite*gold: 0
Join Date: Nov 2014
Posts: 4
Received Thanks: 0
|
I try to do it on the official flyff but I have this error, I have Windows 7
|
|
|
06/04/2019, 14:25
|
#8
|
elite*gold: 0
Join Date: Nov 2009
Posts: 627
Received Thanks: 686
|
@ is there any reason to go ring0 for gg? You can use manual mapping to inject at process suspended status and resume.
|
|
|
06/04/2019, 15:02
|
#9
|
elite*gold: 93616
Join Date: Apr 2010
Posts: 13,737
Received Thanks: 14,990
|
Quote:
Originally Posted by cookie69
@ is there any reason to go ring0 for gg? You can use manual mapping to inject at process suspended status and resume.
|
I just went ring0 as a PoC, there is actually in this case no reason to do so. You could also most likely manual map into lsass.exe and use its handle to the game process instead to allocate & write to it.
|
|
|
06/04/2019, 19:48
|
#10
|
elite*gold: 0
Join Date: Dec 2015
Posts: 6
Received Thanks: 2
|
Thank you for your work!
To be comprehensive, are there any other pservers that this has been tested to work on?
|
|
|
06/04/2019, 22:18
|
#11
|
elite*gold: 0
Join Date: Nov 2009
Posts: 627
Received Thanks: 686
|
Quote:
Originally Posted by itatchi42
Thank you for your work!
To be comprehensive, are there any other pservers that this has been tested to work on?
|
If you ask the question that means you did not understand what he did...
Of course this would work in all/most pservers (but you need to find the addresses and offsets) because he hooked a virtual method that is present in all flyff sources.
It is just another way of hooking the in-game functions that seems to be not detected by GG.
Code:
virtual int SendActMsg( OBJMSG dwMsg, int nParam1 = 0, int nParam2 = 0, int nParam3 = 0, int nParam4 = 0, int nParam5 = 0 );
You can hook with Microsoft Detours or any other hooking method (check google for that) but I guess @ used the VMT hook because it is not detected by gg (I may be wrong about the real reason for using VMT hook).
|
|
|
06/04/2019, 23:10
|
#12
|
elite*gold: 93616
Join Date: Apr 2010
Posts: 13,737
Received Thanks: 14,990
|
Quote:
Originally Posted by cookie69
If you ask the question that means you did not understand what he did...
Of course this would work in all/most pservers (but you need to find the addresses and offsets) because he hooked a virtual method that is present in all flyff sources.
It is just another way of hooking the in-game functions that seems to be not detected by GG.
Code:
virtual int SendActMsg( OBJMSG dwMsg, int nParam1 = 0, int nParam2 = 0, int nParam3 = 0, int nParam4 = 0, int nParam5 = 0 );
You can hook with Microsoft Detours or any other hooking method (check google for that) but I guess @ used the VMT hook because it is not detected by gg (I may be wrong about the real reason for using VMT hook).
|
You are correct, VMT hooks are undetected that's why I used them
|
|
|
06/05/2019, 00:05
|
#13
|
elite*gold: 0
Join Date: Dec 2015
Posts: 6
Received Thanks: 2
|
You're right--I'm not yet skilled in this area but am actively learning.
I appreciate your responses, cookie69 and Omdi
|
|
|
06/14/2019, 09:57
|
#14
|
elite*gold: 0
Join Date: Jun 2012
Posts: 68
Received Thanks: 2
|
i need how to find hack value no charger with CE
|
|
|
06/15/2019, 11:13
|
#15
|
elite*gold: 0
Join Date: Feb 2014
Posts: 2
Received Thanks: 0
|
For the noobs.. : How are we supposed to use this?
|
|
|
|
|
Similar Threads
|
[Buying] &&&&&&&&&KAUFE STEAM ACCOUNT! &&&&&&&&&
06/07/2013 - Trading - 1 Replies
Hallo, bin nicht hier um groß zu traden,sondern möchte einen Steam Account kaufen.
Fakten:
Biete maximal 60€ PaySafeCard
Es sollten viele kleine Spiele sowie COD enthalten sein
COD 7-9 sind Pflicht!
Kein VAC/TAC/Valve o.Ä Bann!
|
&&&&&&&&&KAUFE STEAM ACCOUNT! &&&&&&&&&
06/07/2013 - elite*gold Trading - 0 Replies
Hallo, bin nicht hier um groß zu traden,sondern möchte einen Steam Account kaufen.
Fakten:
Biete maximal 60€ PaySafeCard oder kann es auch zu egold machen
Es sollten viele kleine Spiele sowie COD enthalten sein
COD 7-9 sind Pflicht!
Kein VAC/TAC/Valve o.Ä Bann!
|
[Buying] &&&&&&&&&KAUFE STEAM ACCOUNT! &&&&&&&&&
06/07/2013 - Steam Trading - 0 Replies
Hallo, bin nicht hier um groß zu traden,sondern möchte einen Steam Account kaufen.
Fakten:
Biete maximal 60€ PaySafeCard
Es sollten viele kleine Spiele sowie COD enthalten sein
COD 7-9 sind Pflicht!
Kein VAC/TAC/Valve o.Ä Bann!
|
[WEBZEN Star Movie] Ways of Having Fun With Webzen Games (Archlord)
10/16/2010 - Archlord - 15 Replies
Please go to Youtube
Watch it, Press like ( On youtube ) and leave a comment is for a contest
YouTube - Ways of Having Fun With Webzen Games (Archlord)
Por favor vayan a Youtube, en youtube veanlo, denle en gustar y dejen un comentario positivo es para un concurso
|
bow force or bow light or bow cold.. pure str..
05/19/2010 - Silkroad Online - 3 Replies
bow fire force .. more mana ,res,anti debuff,holy ring,and debuffs
bow fire light..speed,parry ratio,ghost walk..
bow fire cold..best phy def,ice shield,ice imbue good at high lvls..
which one would you take and why not the others.. im confused
|
All times are GMT +2. The time now is 17:48.
|
|