|
You last visited: Today at 21:11
Advertisement
Need help to understand long range waithack
Discussion on Need help to understand long range waithack within the Metin2 forum part of the Popular Games category.
02/10/2021, 02:46
|
#1
|
elite*gold: 0 
Join Date: Sep 2020
Posts: 30
Received Thanks: 10
|
Need help to understand long range waithack
Hi I'm trying to increase waithack range.
I currently attack mobs around using the sendbattle function I know there is a distance check function in server side so I tried send move packet with attack but this only affects the observers. Can anyone help me please ?
Also this empty area is my waithack range
|
|
|
|
02/10/2021, 23:47
|
#2
|
elite*gold: 0
Join Date: Dec 2020
Posts: 47
Received Thanks: 25
|
Quote:
Originally Posted by sad666
Hi I'm trying to increase waithack range.
I currently attack mobs around using the sendbattle function I know there is a distance check function in server side so I tried send move packet with attack but this only affects the observers. Can anyone help me please ?
Also this empty area is my waithack range
|
Can u post some code?
|
|
|
|
|
02/11/2021, 00:01
|
#3
|
elite*gold: 0
Join Date: Feb 2021
Posts: 1
Received Thanks: 0
|
.
|
|
|
|
|
02/11/2021, 00:42
|
#4
|
elite*gold: 0
Join Date: Apr 2009
Posts: 747
Received Thanks: 184
|
Quote:
Originally Posted by sad666
Hi I'm trying to increase waithack range.
I currently attack mobs around using the sendbattle function I know there is a distance check function in server side so I tried send move packet with attack but this only affects the observers. Can anyone help me please ?
Also this empty area is my waithack range
|
Do you directly send the packet or do you invoke the function by a function pointer?
|
|
|
|
|
02/11/2021, 02:01
|
#5
|
elite*gold: 0
Join Date: Sep 2020
Posts: 30
Received Thanks: 10
|
Quote:
Originally Posted by MrCrisp
Do you directly send the packet or do you invoke the function by a function pointer?
|
I am calling SendAttackPacket function in CPythonNetworkManager class.I checked TPacketCGAttack structure but I couldn't see important variable to change.Doesn't that packet define with arguments from the SendAttackPacket function ?
Code:
auto mobList = Entity::GetMobList();
for (Instance* mob : mobList)
{
CPythonNetworkManager::GetInstance()->SendAttackPacket(0, mob->GetVid());
}
|
|
|
|
|
02/11/2021, 02:17
|
#6
|
elite*gold: 0
Join Date: Dec 2020
Posts: 47
Received Thanks: 25
|
Quote:
Originally Posted by sad666
I am calling SendAttackPacket function in CPythonNetworkManager class.I checked TPacketCGAttack structure but I couldn't see important variable to change.Doesn't that packet define with arguments from the SendAttackPacket function ?
Code:
auto mobList = Entity::GetMobList();
for (Instance* mob : mobList)
{
CPythonNetworkManager::GetInstance()->SendAttackPacket(0, mob->GetVid());
}
|
you have to teleport to the mob before attacking
|
|
|
|
|
02/11/2021, 02:42
|
#7
|
elite*gold: 0
Join Date: Sep 2020
Posts: 30
Received Thanks: 10
|
Sorry guys I think I messed up move position on my first try. Now its working correctly using state packet
|
|
|
|
|
02/11/2021, 03:08
|
#8
|
elite*gold: 0
Join Date: Dec 2020
Posts: 47
Received Thanks: 25
|
Quote:
Originally Posted by sad666
I saw this video from xAdr1an Multihack topic
It seems like doesn't teleport at least client side and I tried SendStatePacket for move but nothing change. |
*It seems like doesn't teleport at least client side* it doesn't thats correct, check with second character - aslong as
Code:
inline float DISTANCE_SQRT(long dx, long dy) {
return sqrt((float)dx * dx + (float)dy * dy);
}
is less then 40 when you're on a mount or 25 when not
Code:
NEW_GetPixelPosition(main_instance, &main_pos);
NEW_GetPixelPosition(target, &dest_pos);
float xDiff = dest_pos.x - main_pos.x;
float yDiff = dest_pos.y - main_pos.y;
float fDist = DISTANCE_SQRT((main_pos.x - dest_pos.x) / 100, (main_pos.y - dest_pos.y) / 100);
if ((ChrMgr::i().IsMounted() && fDist < 40.f) || fDist < 25.f) {
SendCharacterStatePacket(dest_pos, 10.f, 0, 0);
SendAttackPacket(target);
SendCharacterStatePacket(main_pos, 10.f, 0, 0);
}
|
|
|
|
|
02/11/2021, 03:25
|
#9
|
elite*gold: 0
Join Date: Sep 2020
Posts: 30
Received Thanks: 10
|
Thank you for helping me I just realized I made a mistake sending position info now working correctly
|
|
|
|
|
02/13/2021, 21:24
|
#10
|
elite*gold: 0
Join Date: Mar 2012
Posts: 29
Received Thanks: 2
|
hello how can I put the codes given above in the targetdamag, can you help me?
Quote:
Originally Posted by ones-and-zer0es.mpeg
*It seems like doesn't teleport at least client side* it doesn't thats correct, check with second character - aslong as
Code:
inline float DISTANCE_SQRT(long dx, long dy) {
return sqrt((float)dx * dx + (float)dy * dy);
}
is less then 40 when you're on a mount or 25 when not
Code:
NEW_GetPixelPosition(main_instance, &main_pos);
NEW_GetPixelPosition(target, &dest_pos);
float xDiff = dest_pos.x - main_pos.x;
float yDiff = dest_pos.y - main_pos.y;
float fDist = DISTANCE_SQRT((main_pos.x - dest_pos.x) / 100, (main_pos.y - dest_pos.y) / 100);
if ((ChrMgr::i().IsMounted() && fDist < 40.f) || fDist < 25.f) {
SendCharacterStatePacket(dest_pos, 10.f, 0, 0);
SendAttackPacket(target);
SendCharacterStatePacket(main_pos, 10.f, 0, 0);
}
|
// dllmain.cpp : Defines the entry point for the DLL application.
#include "stdafx.h"
#include <Windows.h>
bool SendBattleAttack(int vId)
{
DWORD NetPointer = *(DWORD*)0x09738F0;
DWORD BattleCall = 0x05D2850;
__asm
{
mov ecx, NetPointer
push vId
push 0
call BattleCall
}
return 0;
}
void Target()
{
while (true)
{
DWORD GetTargetVID = (*(DWORD*)(*(DWORD*)0x0973994 + 0x00198C4));
SendBattleAttack(GetTargetVID);
Sleep(30);
}
}
BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
CreateThread(NULL, 0, reinterpret_cast<LPTHREAD_START_ROUTINE>(Target), hModule, 0, NULL);
}
return TRUE;
}
|
|
|
|
|
02/14/2021, 01:37
|
#11
|
elite*gold: 0
Join Date: Dec 2020
Posts: 47
Received Thanks: 25
|
Quote:
Originally Posted by baba4507
hello how can I put the codes given above in the targetdamag, can you help me?
// dllmain.cpp : Defines the entry point for the DLL application.
#include "stdafx.h"
#include <Windows.h>
bool SendBattleAttack(int vId)
{
DWORD NetPointer = *(DWORD*)0x09738F0;
DWORD BattleCall = 0x05D2850;
__asm
{
mov ecx, NetPointer
push vId
push 0
call BattleCall
}
return 0;
}
void Target()
{
while (true)
{
DWORD GetTargetVID = (*(DWORD*)(*(DWORD*)0x0973994 + 0x00198C4));
SendBattleAttack(GetTargetVID);
Sleep(30);
}
}
BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
CreateThread(NULL, 0, reinterpret_cast<LPTHREAD_START_ROUTINE>(Target), hModule, 0, NULL);
}
return TRUE;
}
|
I can't really help you, you have to reverse these functions, that's nothing i can do for you. Get a public client source and search for the function defintions by searching for the names used in my snippet.
|
|
|
|
|
02/17/2021, 17:08
|
#12
|
elite*gold: 0
Join Date: Feb 2021
Posts: 4
Received Thanks: 0
|
Quote:
Originally Posted by ones-and-zer0es.mpeg
I can't really help you, you have to reverse these functions, that's nothing i can do for you. Get a public client source and search for the function defintions by searching for the names used in my snippet.
|
can we dump functions like SendCharacterStatePacket in python and convert them to c ++ for using without python sdk ?
|
|
|
|
|
02/21/2021, 15:30
|
#13
|
elite*gold: 0
Join Date: Jun 2009
Posts: 70
Received Thanks: 149
|
Quote:
Originally Posted by oatuh998
can we dump functions like SendCharacterStatePacket in python and convert them to c ++ for using without python sdk ?
|
There is no SendCharacterStatePacket in python sdk, you have to find the function in the binary, to makes things easy, i will give you the pattern for oficial game servers:
Pattern: "\x55\x8b\xec\x83\xec\x00\x89\x4d\x00\xc6\x45\x00\ x00\x8d\x45\x00\x50\x8b\x4d\x00\xe8\x00\x00\x00\x0 0\x0f\xb6\x00\x85\xc9\x75\x00\x32\xc0\xe9\x00\x00\ x00\x00\x8b\x4d\x00\xe8\x00\x00\x00\x00\x0f\xb6\x0 0\x85\xd2\x75\x00\xb0\x00\xe9\x00\x00\x00\x00\xd9\ x45"
Mask: "xxxxx?xx?xx??xx?***?x????xx?***?***????xx?x????xx ?***?x?x????xx"
In order to call this function you need to also find the NetworkClassPointer, and pass it in the ECX register, i will let you figure out this part 
|
|
|
|
 |
Similar Threads
|
Long, long, long ago...
08/24/2012 - Rappelz Private Server - 17 Replies
... A young Roflcopter just wanted to play Rappelz in peace, with no other people to distract him. He wanted nothing more than a private server where he could play by himself, just himself, no interference. This was a time when there weren't any private servers, and he was frustrated by this. He told his friends that if he could have a private server, all he'd do was level from scratch, no buffs, no cheating, no free pets, no cash shop items (maybe a piece of deco or two)...
and today is the...
|
I need help about long range bot
06/06/2012 - Browsergames - 5 Replies
hi my friends i need help about long rage bot . This bot work every server but dont work global europa 4 but the enemies have found one way for work. how can i remedy this program pls help me :confused:
|
Need help with long range-hack
01/14/2008 - Kal Online - 12 Replies
Long Range Hack:
Long Range Hack is Awsome for sin.. or Better low for Monsters.
Get the weapon you want to make Long range and take to merch.. get sell price..(must be clean buy a clean version if aint got)
Now Search the sellin price and edit all the values untill u find the one that changes ur price..
Find the Address of one that changed it.. and use the 1st 4 numbers / letters in From / To in Mem Scan Options
Now Put 0000 on end of From and FFFF on end of To..
Now look at ur wep and...
|
All times are GMT +1. The time now is 21:12.
|
|
