Register for your free account! | Forgot your password?

Go Back   elitepvpers > General Gaming > General Gaming Discussion
You last visited: Today at 21:23

  • Please register to post and access all features, it's quick, easy and FREE!

 

[Request] Wallclimb Tutorial

Reply
 
Old   #1
 
elite*gold: 0
Join Date: Dec 2007
Posts: 27
Received Thanks: 0
[Request] Wallclimb Tutorial

Hey Leute,

wie der Titel schon sagt wäre nett wenn hier jmd. mal ein Tutorial erstellt das erklärt wie man Wallclimb hinbekommt. Mit CE oder was auch immer.
Hoffe ihr nehmt euch "kurz" Zeit, danke im vorraus.

mfg



pabsto is offline  
Old   #2
 
elite*gold: 0
Join Date: May 2009
Posts: 41
Received Thanks: 3
Ja das fände ich ebenfalls ganz toll!


Nachtwesen2 is offline  
Old   #3
 
elite*gold: 0
Join Date: Jan 2007
Posts: 126
Received Thanks: 83
wallclimb for dummies

1. start Runes of Magic
2. start Cheat Engine ()
3. press the flashing button with a computer symbol
A "Process List" window pops up
4. scroll throu the list and select "Client.exe"
5. press "Open"
5. press "Add address manually
A "Add address" window pops up
6. in "Address" enter this: 84b46C
7. change "Type" to "Float"
8. Press "OK"
9. doubleclick on "4" under value
A "Value" window pops up
10. enter "0.2"
11. press OK

PLZ SHOOT YOURSELF IF THIS IS TO HARD FOR U! THX!
(this post may contain retarded english, hell I dont care)

edit: updated addr.
run32.dll is offline  
Thanks
3 Users
Old   #4
 
elite*gold: 0
Join Date: May 2009
Posts: 41
Received Thanks: 3
Yes, this it is!!! I don´t know the adress 84b464. I only read other in the forums. How could I found out the right adress if there is an update???


Nachtwesen2 is offline  
Old   #5
 
elite*gold: 0
Join Date: Jan 2007
Posts: 126
Received Thanks: 83
To find the wc addr atleast some asm knowledge is required!

The hard method / how I found it the first time:
Find your y-playerposition (the real one, not the one in the objectstruct)
for the 1844 build its: [[[[0088FF40]+680]+D4]+8C]+B4
Set a write-BP on the y-position. Find out what writes to this location while your character trys to climb a mountain.

Code:
  _
 / \ <-move against some hill u cant get up / gegen einen Berg laufen wo man nicht hoch kommt
/   \
     \    0
 hill \  /|\
       \_/ \________________
After you have found the instruction trace around until you find some static addr. It should look similar to this: movss xmm0,[0084b464] This may take some time. I cant remember the exact way but it wasnt very hard to find.

The easy way / using searchpatterns
This method requires that you already know the wc addr of an older binary and that you have made some notes. So here are my notes for the old RoM Version 2.0.6.1834:
Code:
[COLOR="SeaGreen"]0044D97B - eb 08                      - jmp 0044d985
0044D97D - f3 0f 10 0d e8 5a 84 00    - movss xmm1,[00845ae8]
0044D985 - d9 44 24 14                - fld dword ptr [esp+14]
0044D989 - f3 0f 10 05 94 5c 84 00    - movss xmm0,[00845c94] // wallclimb addr
0044D991 - dc 0d 60 5a 84 00          - fmul qword ptr [00845a60]
0044D997 - f3 0f 11 4c 24 0c          - movss [esp+0c],xmm1
0044D99D - d9 44 24 0c                - fld dword ptr [esp+0c]
0044D9A1 - db f1                      - fcomi st(0),st(1)[/COLOR]
Now lets take a look at these instructions. Some of them contain static addreses ... like our mc addr. Other instructions contain offsets like +14 or +0C. If the binary gets updated static addreses will probably change and offsets will not. Ofc offsets can change too ... but its unlikely ... maybe on major updates.

Code:
[COLOR="SeaGreen"]0044D97B - eb 08                      - jmp 0044d985 // will change
0044D97D - f3 0f 10 0d e8 5a 84 00    - movss xmm1,[00845ae8] // will change
0044D985 - d9 44 24 14                - fld dword ptr [esp+14] // will not change
0044D989 - f3 0f 10 05 94 5c 84 00    - movss xmm0,[00845c94] // wallclimbaddr, will change
0044D991 - dc 0d 60 5a 84 00          - fmul qword ptr [00845a60] // will change
0044D997 - f3 0f 11 4c 24 0c          - movss [esp+0c],xmm1 // will not change
0044D99D - d9 44 24 0c                - fld dword ptr [esp+0c] // will not change
0044D9A1 - db f1                      - fcomi st(0),st(1) // will not change[/COLOR]
So how can this be usefull? You could create a searchpattern and scan the process for it:
Code:
[COLOR="SeaGreen"]EB,08,??,??,??,??,??,??,??,??,D9,44,24,14,??,??,??,??,??,??,??,??,
??,??,??,??,??,??,f3,0f,11,4c,24,0c,d9,44,24,0c,db,f1[/COLOR]
To bad CE does not have a patternscaner ... but it can scan for an array of bytes! Open the memory viewer -> search -> Find Memory -> select array!
Search for: f30f114c240cd944240cdbf1
A good idea would be to start the search at some similar addr. of the old binary to avoid wrong results. So start the search at 44D000. Now press OK.

For the 1844build CE pops up at 44DE47 in the lower part of the window. Now in the upper part of the window go to 44DE47 and scroll up. You should see the mc addr. in the instruction (You may have to disable View->symbols):
0044DE39 - movss xmm0,[0084b464]

If you want to update your offsets as fast as possible - write your own patternscanner or search the net for a good one ... I will not share my scanner. Guess it would be a good idea to post a patternscaner here ... but I'm to lazy to search now ...
run32.dll is offline  
Thanks
2 Users
Old   #6
 
elite*gold: 0
Join Date: Oct 2007
Posts: 159
Received Thanks: 65
also bei mir is 84b464 = -1,irgendwas
iwas mch ich wohl falsch O.o
R4Yx is offline  
Old   #7
 
elite*gold: 0
Join Date: Jan 2007
Posts: 126
Received Thanks: 83
Well Nachtwesen2 asked how to keep track of the wallclimb addr. if there is an update. (A **** good question btw!)

Today the patch changed the version from V2.0.9.1844 to build 1845. Guess what happens if RoM gets patched ... yes! the wallclimb addr. will change! Bad bad Frogster!

the stupid method / brain-afk compatible*:
Take the wallclimb addr. from the last Version and search near this addr ... if your are lucky you will find a float 4.000 not far away.

like this:
Code:
[COLOR="SeaGreen"]0084b45C ... ****
0084b460 ... ****
0084b464 ... old wallclimb addr. ... ****
0084b468 ... ****
0084b46C ... omg a 4.0 float value![/COLOR]
*may not work with major patches
run32.dll is offline  
Thanks
1 User
Old   #8
 
elite*gold: 0
Join Date: Oct 2007
Posts: 159
Received Thanks: 65
yeah this one is working for me.
i didn't looked at the asm yet. shame on me -.-
R4Yx is offline  
Old   #9
 
elite*gold: 0
Join Date: Jan 2008
Posts: 354
Received Thanks: 138
Wie geht den Speedhacking mit CE? Dass mit dem Wallclimb krieg ich hin ja, aber das mit Speedhack ned kann mir da wer helfen?
Jame is offline  
Old   #10
 
elite*gold: 0
Join Date: May 2009
Posts: 41
Received Thanks: 3
Ich bekomme es nicht hin. Da Frogster es für nötig hält nun täglich Updates aufzuspielen und die Spieler als Betatester weiterhin zu missbrauchen hat sich der Wallclimb Addr. schon wieder geändert.

Kennt sie jemand? Ich wäre sehr dankbar. Habe auch in der Gegend der alten gesucht, aber leider nirgenwo 4.0 gefunden (((

DANKE!
Nachtwesen2 is offline  
Thanks
1 User
Old   #11
 
elite*gold: 0
Join Date: Dec 2007
Posts: 27
Received Thanks: 0
Hab mal bisschen rumprobiert hab sie aber nicht gefunden ;D
pabsto is offline  
Old   #12
 
elite*gold: 0
Join Date: May 2009
Posts: 41
Received Thanks: 3
Eben, ich habs ja auch selbst probiert. In reichweite +/-20 nix gefunden ( HELP!
Nachtwesen2 is offline  
Old   #13
 
elite*gold: 0
Join Date: Jun 2009
Posts: 203
Received Thanks: 21
Think the new address is 84B3E8
rawrgodzilla is offline  
Old   #14
 
elite*gold: 0
Join Date: May 2009
Posts: 41
Received Thanks: 3
THX!!! Don´t know how found out by myself
Nachtwesen2 is offline  
Old   #15
 
elite*gold: 0
Join Date: Jan 2008
Posts: 354
Received Thanks: 138
Quote:
Originally Posted by rawrgodzilla View Post
Think the new address is 84B3E8
Hmm funzt bei mir nicht, aber ich denke, ich mache etwas falsch hehe. Ich drücke auf "Add address manually" und dann gib ich bei address 84B3E8 ein und beschreibung "Wallclimb". Dann froze ich das aber dann funktioniert es nicht kann mir da wer helfen?


Jame is offline  
Reply



« Previous Thread | Next Thread »

Similar Threads
[EMU] Speedhack and wallclimb
Lots of people have asked, so I thought it was finally time to make a general WoW hacking guide with Cheat Engine. First off, THIS MIGHT GET YOUR...
4 Replies - WoW PServer Exploits, Hacks & Tools
[Wallclimb] Auf Unterstadt
Es ist wieder / immer noch möglich! Was du brauchst: Möglichkeit 1 (finde ich persönlich besser): - 1 Hexer - 1 Deathknight - Beliebig viele...
2 Replies - WoW Exploits, Hacks, Tools & Macros
wallclimb
0x008420EC - 4Bytes float - Standardwert 4.0 -> zu 0.1 ändern Unreleased content findet man nördlich von Silverspring, am besten auf die Map...
2 Replies - General Gaming Discussion
WallClimb for 2.4.1
code address: 005fb75c jne 005fb8a9 you can modify code -> jmp 005fb8a9 Hex Edit: 005fb7bc 0f,85,47,01,00,00 -> e9,48,01,00,00,90
5 Replies - WoW Exploits, Hacks, Tools & Macros



All times are GMT +1. The time now is 21:23.


Powered by vBulletin®
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.

Support | Contact Us | FAQ | Advertising | Privacy Policy | Abuse
Copyright ©2017 elitepvpers All Rights Reserved.