|
You last visited: Today at 14:19
Advertisement
Nostale function address for attackwalk
Discussion on Nostale function address for attackwalk within the Nostale forum part of the MMORPGs category.
06/08/2024, 13:30
|
#1
|
elite*gold: 0 
Join Date: Jul 2019
Posts: 20
Received Thanks: 1
|
Nostale function address for attackwalk
I tried finding the adress of the function that walks to a monster given its monsterId and attacks it (similar to spamming the space button)
I used cheat engine but i didnt manage to find it (tried to see which function is executed with code filter tool but this gives me an abstract error on nostale)
like attackmonster(uint32 monster_id)
{
... asm stuff{
}
}
i dont know how to find it
I wanna inject it to farm automatically in c/c++ using dll injection
My first idea was to just make a script thats spams space bar but i wanna be able to use the pc normally as well so ... yeah
I tried with packet logger way, with u_s or something but i got banned so i guess i preferred the function way
my first idea what to space space bar but with multiple client it's
|
|
|
|
06/08/2024, 15:59
|
#2
|
elite*gold: 115
Join Date: May 2016
Posts: 89
Received Thanks: 69
|
take a look here: 
|
|
|
|
|
06/08/2024, 18:27
|
#3
|
elite*gold: 0
Join Date: Jul 2019
Posts: 20
Received Thanks: 1
|
Hey Panda, ty for your answer
i'm already using this one ! the walk function works fine but
AttackRun doesn't work i get crashed when i call it (i get monster ids from packet logger and called this one)
...some code
AttackRun(closestMonsterId) crashes for me
but Walking to a monster like that works for me :
uint pos = monsters[closestMonsterId].y * 65536 + monsters[closestMonsterId].x;
MoveTo(pos);
so i think the address changed, i've seen from the thread that it's not updated, or i have a mistake in my code ?
|
|
|
|
|
06/09/2024, 10:47
|
#4
|
elite*gold: 0
Join Date: Dec 2011
Posts: 43
Received Thanks: 19
|
Hey,
if I remember correctly, you find the correct function via TSceneManager. And you have to pass UnitManager, SkillAddress and MonsterAddress pointer or address. It looks like you miss the first two.
wojtas99 called UnitManager [lpvAttackThis] in his AttackMonster function.
Keep in mind, you need another function to run to enemy to use skill and another to select enemy. You find them boot via TSceneManager - like almost any other function you need.
Yes, there is a function you run and attack, but you can only use the default attack skill with it.
There is a NostaleSDK from at0mos somewhere in this Forum, the TSceneManager Pattern from there should work.
|
|
|
|
|
06/09/2024, 16:16
|
#5
|
elite*gold: 0
Join Date: Jul 2019
Posts: 20
Received Thanks: 1
|
Quote:
Originally Posted by JONNST4R
Hey,
if I remember correctly, you find the correct function via TSceneManager. And you have to pass UnitManager, SkillAddress and MonsterAddress pointer or address. It looks like you miss the first two.
wojtas99 called UnitManager [lpvAttackThis] in his AttackMonster function.
Keep in mind, you need another function to run to enemy to use skill and another to select enemy. You find them boot via TSceneManager - like almost any other function you need.
Yes, there is a function you run and attack, but you can only use the default attack skill with it.
There is a NostaleSDK from at0mos somewhere in this Forum, the TSceneManager Pattern from there should work.
|
Hey ty for your answer
i found it
but looks outdated, i saw the TScenemanager but i didnt find anything like a Unitmanager maybe it was on his forum that is discontinued ?
also i dont know how to use his sdk, the .rar there looks outdated too ? i'm not sure
|
|
|
|
|
06/09/2024, 16:42
|
#6
|
elite*gold: 0
Join Date: Dec 2011
Posts: 43
Received Thanks: 19
|
Yes, a lot changed over time, but the overall game structure is the same. Somewhere you find the Pattern: (...."8B15????????8B123B4230??????C3", 0x02,....)
You have to scan for "8B15????????8B123B4230??????C3" and add 2 bytes to the found address. If I remember correctly, you have to uncheck the Writable checkbox in Cheat Engine to find the pattern.
Pattern scan in Cheat Engine:
Add this new address to Memory dissect and you should see TSceneManager somewhere.
I'm sorry I can't show you - the Cheat Engine installation is not working on Windows 11 it seems.
|
|
|
|
|
06/10/2024, 23:54
|
#7
|
elite*gold: 0
Join Date: Jul 2019
Posts: 20
Received Thanks: 1
|
Quote:
Originally Posted by JONNST4R
Yes, a lot changed over time, but the overall game structure is the same. Somewhere you find the Pattern: (...."8B15????????8B123B4230??????C3", 0x02,....)
You have to scan for "8B15????????8B123B4230??????C3" and add 2 bytes to the found address. If I remember correctly, you have to uncheck the Writable checkbox in Cheat Engine to find the pattern.
Pattern scan in Cheat Engine:
Add this new address to Memory dissect and you should see TSceneManager somewhere.
I'm sorry I can't show you - the Cheat Engine installation is not working on Windows 11 it seems. |
So i tried again i was mistaken for using wojtas function i was using the id from ncif packet but actually it needed the monster base adress (tmapobject)
even with that in mind i gave an hardcoded monster address (yes it was good i could print the monsters x,y and id from c++)
but calling the attack run not working still
i tried finding in cheat engine the function did some _asm function by putting the same hard coded edx eax etc... nothing worked
i tried your pattern scanning got an adress, added +2 and disscet
i got a struct like :
byte
byte
pointer
Pointer
but ive no idea what to do with that and if it's even right 
also i dont know where you got the pattern that it's the scene manager
and i dont even know if the scene manager has a function to attackrun a monster ??
Kinda noob and lost ahah
|
|
|
|
|
06/11/2024, 01:31
|
#8
|
elite*gold: 0
Join Date: Dec 2011
Posts: 43
Received Thanks: 19
|
Quote:
Originally Posted by Sehac
So i tried again i was mistaken for using wojtas function i was using the id from ncif packet but actually it needed the monster base adress (tmapobject)
even with that in mind i gave an hardcoded monster address (yes it was good i could print the monsters x,y and id from c++)
but calling the attack run not working still
i tried finding in cheat engine the function did some _asm function by putting the same hard coded edx eax etc... nothing worked
i tried your pattern scanning got an adress, added +2 and disscet
i got a struct like :
byte
byte
pointer
Pointer
but ive no idea what to do with that and if it's even right
also i dont know where you got the pattern that it's the scene manager
and i dont even know if the scene manager has a function to attackrun a monster ??
Kinda noob and lost ahah |
Hey, I managed to install Cheat Engine I remembered some steps wrong obviously.
1. Scan for the Pattern make sure Writeable is unchecked.
2. Add the 2 Bytes to the found Address.
3. Change address to Pointer - I missed this step before sorry
4. Add the Address from there. Its the pointer Value or the Address the pointer points to. And click on OK.
5. Then open some under windows and you see this.
Then close the under window and you should understand what i meant with: the overall structure is the same.
6. If u want to find game functions follow this steps:
Click on the red one:
Now click on start and you find aloooooooot. If the game laggs its correct.
Keep in mind, you will crash a lot if u dont understand assembly and how pointer work.
Ty @ for you help 
And thank you @ for your sdk and Pattern:
|
|
|
|
|
06/11/2024, 11:23
|
#9
|
elite*gold: 110
Join Date: Jun 2016
Posts: 568
Received Thanks: 190
|
Quote:
Originally Posted by JONNST4R
Hey, I managed to install Cheat Engine I remembered some steps wrong obviously.
1. Scan for the Pattern make sure Writeable is unchecked.
[img] [/img]
2. Add the 2 Bytes to the found Address.
[img] [/img]
3. Change address to Pointer - I missed this step before sorry
[img] [/img]
4. Add the Address from there. Its the pointer Value or the Address the pointer points to. And click on OK.
[img] [/img]
5. Then open some under windows and you see this.
[img] [/img] Then close the under window and you should understand what i meant with: the overall structure is the same.
6. If u want to find game functions follow this steps:
[img] [/img]
Click on the red one:
[img] [/img]
Now click on start and you find aloooooooot. If the game laggs its correct.
[img] [/img]
Keep in mind, you will crash a lot if u dont understand assembly and how pointer work.
And now you see images, but you don't because epvp said no. Now someone will repost it to get free thanks for my work. I set it to url because else you see nothing i think.
maybe i dont understand how to add image...
|
Thank you for your work, about the images, use
Code:
[IMG=expandable: 1]url[/IMG]
with your link ending by .png, for instance : =>
example :
|
|
|
|
|
06/11/2024, 17:20
|
#10
|
elite*gold: 0
Join Date: Jul 2019
Posts: 20
Received Thanks: 1
|
Ok i tried again i think i found the function that calls the attack run
Address: NostaleClientX.exe+170464 : call NostaleClientX.exe + 16FEDC
I replaced it with code that does nothing (NOP) and i couldnt attack run anymore in Nostale so i guess it's the right place
So i tried with hard coded values for monster address and registers : i got this
thats my c++ code that is injected :
std::vector<int> offsets{0,0};
DWORD m_eax = ReadPointer(0x3631F0, offsets);
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, GetCurrentProcessId());
HMODULE hModule = GetModuleHandle(NULL);
DWORD nostaleX = (DWORD)hModule;
DWORD function_offset = 0x16FEDC;
DWORD function = nostaleX + function_offset;
DWORD mob_pointer = 0x210736D0;
DWORD m_edi = 0x2101C270;
//17B810
while (!GetAsyncKeyState(VK_F12))
{
std::cout << "TRY CALL FUNCTION ONE TIME" << std::endl;
std::cout << "m_eax = " << m_eax << std::endl;
Sleep(10000);
_asm
{
MOV EDI, m_edi
MOV EBX, 0X0
MOV ECX, 0X001A0000
MOV EDX, 0X0048F238
MOV ESI, mob_pointer
MOV[m_eax + 0x48], ESI
MOV EAX, EDI
call function
}
}
but it didnt attack run to the mob so yeah
(i'm new to hacking/asm stuff so i'm probably doing mistakes)
any idea ?
doesnt show because i didn't post enough it seems
i found this thanks to your steps JONNST4R but yeah still dont manage to make it work
|
|
|
|
|
06/11/2024, 19:06
|
#11
|
elite*gold: 0
Join Date: Dec 2011
Posts: 43
Received Thanks: 19
|
I dont understand where you get this assembly code from. Its wrong I think.
Ah I see if u put breakpoint on it it calls the function i found. If u click on the right box you see the function i found.
I found this:
You can call it in cheat engine via auto assembler like this:
Quote:
Originally Posted by JONNST4R
I dont understand where you get this assembly code from. Its wrong I think.
Ah I see if u put breakpoint on it it calls the function i found. If u click on the right box you see the function i found.
I found this:
You can call it in cheat engine via auto assembler like this:
|
This is full working code for cheat engines auto assembler. The pattern from before is wrong because it points to the address where the opcode for call and address is stored. But it has to point to the called address...
I have to use a pointer for PlayerObjManager because the given Pattern from atom0s points to writable memory and aobscanmodule wont work there.
You have to change the MapMonsterObj address to a working one. Its not helpful to make pattern to - for example: first mob on map.
Code:
[ENABLE]
aobscanmodule(function, NostaleClientX.exe, 55 8B EC 51 53 56 57 88 4D FF 8B F2 8B F8)
aobscanmodule(PlayerObjManager, NostaleClientX.exe, 50 49 8F 00 8B 40 20 33 DB 8A 5D 08 83 FB 0E 7F)
alloc(thread,248)
createthread(thread)
thread:
push 01
mov ecx, 001A0000 // (default) Skill
mov edx, 156F13D0 // MapMonsterObj
mov eax, PlayerObjManager
mov eax, [eax]
mov eax, [eax]
call function
ret
[DISABLE]
|
|
|
|
|
06/13/2024, 02:06
|
#12
|
elite*gold: 0
Join Date: Mar 2019
Posts: 165
Received Thanks: 26
|
Quote:
Originally Posted by Sehac
Ok i tried again i think i found the function that calls the attack run
Address: NostaleClientX.exe+170464 : call NostaleClientX.exe + 16FEDC
I replaced it with code that does nothing (NOP) and i couldnt attack run anymore in Nostale so i guess it's the right place
So i tried with hard coded values for monster address and registers : i got this
thats my c++ code that is injected :
std::vector<int> offsets{0,0};
DWORD m_eax = ReadPointer(0x3631F0, offsets);
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, GetCurrentProcessId());
HMODULE hModule = GetModuleHandle(NULL);
DWORD nostaleX = (DWORD)hModule;
DWORD function_offset = 0x16FEDC;
DWORD function = nostaleX + function_offset;
DWORD mob_pointer = 0x210736D0;
DWORD m_edi = 0x2101C270;
//17B810
while (!GetAsyncKeyState(VK_F12))
{
std::cout << "TRY CALL FUNCTION ONE TIME" << std::endl;
std::cout << "m_eax = " << m_eax << std::endl;
Sleep(10000);
_asm
{
MOV EDI, m_edi
MOV EBX, 0X0
MOV ECX, 0X001A0000
MOV EDX, 0X0048F238
MOV ESI, mob_pointer
MOV[m_eax + 0x48], ESI
MOV EAX, EDI
call function
}
}
but it didnt attack run to the mob so yeah
(i'm new to hacking/asm stuff so i'm probably doing mistakes)
any idea ?
doesnt show because i didn't post enough it seems
i found this thanks to your steps JONNST4R but yeah still dont manage to make it work |
WTF are you doing? This is a Assembler Code. You cant write a Assembler Script with C++.
Assembler is a own language. Look on Google. You learn it by a informatik study.
Or you can use/write LUA Scripts on Cheat Engine, if you know the language LUA.
But you cant use C++ in a Assemble Code. This must be written in assemble language.
|
|
|
|
|
06/13/2024, 06:45
|
#13
|
elite*gold: 0
Join Date: Dec 2011
Posts: 43
Received Thanks: 19
|
Quote:
Originally Posted by Feuerdrachenzauber
WTF are you doing? This is a Assembler Code. You cant write a Assembler Script with C++.
Assembler is a own language. Look on Google. You learn it by a informatik study.
Or you can use/write LUA Scripts on Cheat Engine, if you know the language LUA.
But you cant use C++ in a Assemble Code. This must be written in assemble language.
|
Hey,
the code is perfect valide C++ code the asm code is just not correct. And you can even use C++ code the other way around if u want.
|
|
|
|
|
06/13/2024, 12:59
|
#14
|
elite*gold: 0
Join Date: Jul 2019
Posts: 20
Received Thanks: 1
|
Quote:
Originally Posted by Feuerdrachenzauber
WTF are you doing? This is a Assembler Code. You cant write a Assembler Script with C++.
Assembler is a own language. Look on Google. You learn it by a informatik study.
Or you can use/write LUA Scripts on Cheat Engine, if you know the language LUA.
But you cant use C++ in a Assemble Code. This must be written in assemble language.
|
Ahahah yeah it's possible to call asm from c++ , you should look on google yourself 
but the address were hardcoded here just for test, i need to find the right way
It's working now thanks to you JONNST4R, i was actually one function deeper ! TYSM
|
|
|
|
|
06/14/2024, 03:53
|
#15
|
elite*gold: 0
Join Date: Mar 2019
Posts: 165
Received Thanks: 26
|
Quote:
Originally Posted by Sehac
Ahahah yeah it's possible to call asm from c++ , you should look on google yourself
but the address were hardcoded here just for test, i need to find the right way
It's working now thanks to you JONNST4R, i was actually one function deeper ! TYSM |
But you cant the use the same commands like "while" or "std::cout" in a AA Script.
|
|
|
|
 |
|
Similar Threads
|
You can help me GM == Address ? AOE == Address ? RANGE == Address ?
01/12/2016 - Cabal Online - 3 Replies
Dumped Cabal
GM == Address ?
AOE == Address ?
RANGE == Address ?
download Dumped Cabal == http://www.elitepvpers.com/forum/attachment.php?at tachmentid=247210&stc=1&d=1452193708
|
std::function of a function returning an std::function
11/11/2013 - C/C++ - 19 Replies
Nun muss ich nach langer Zeit auch mal wieder einen Thread erstellen, weil mir Google nicht mehr weiterhelfen kann.
Ich verzweifle an Folgendem Vorhaben:
#include <Windows.h>
#include <string>
#include <iostream>
using namespace std;
|
Running Function 2 after Function 1 finished
09/15/2013 - AutoIt - 3 Replies
Hey, its me again.
Im stuck on a problem since yesterday and as much as i hate to ask for help, i really dont know what else to try. I want Function 2 to run after Function 1 has finished. I tried GuiCtrlSetOnEvent and MsgLoop, but i dont really understand it. I tried to read tutorials but they didnt help at all.
The line that are underline is what im talking about. I want gamestart() to run first and when its finished, i want iniviteteam() to run.
#AutoIt3Wrapper_UseX64=n...
|
[VIP-function] ToxicSYS [VIP-function]
08/14/2010 - WarRock Hacks, Bots, Cheats & Exploits - 1 Replies
heeeey E-pvpers :pimp:
this is a new hack by TSYS
Status : UNDETECTED
Functions (VIDEO) :
YouTube - WarRock - Bikini event VIP hack
|
finding a function's address...
01/20/2010 - General Coding - 1 Replies
currently im trying to find notepad.exe function to create a new file!
ok so i've loaded notepad.exe into ida and it disassembeled it but to the left in my function window it has no function names.....and i dont understand assembly so i cant interpret which one is the create a new file function for notepad....how am i able to find the function's address in ollyDBG or possibly IDA without knowing assembly....or do i have to know it either way to find the function if its not posted explicitly...
|
All times are GMT +1. The time now is 14:23.
|
|
