Wonderland

[CeifadorX]

Hello all
I localized any offsets for new version Wonderland (1.5.7), but i donot can fix anys functions.
Working Offsets

Base Address = 0xF76734
send packet = 0x898A70
gatheting = 0x4D9690
Cast Skill = 0x4E8BB0
Regular Atak = 0x4D38F0
Freeze = 0xF39EA4
Console = 0xF3A238
InFlag Game = 0xF5C494

Skill Base = 0x17AC
Skill Count = 0x4
Skill ID = 0x8

World Item Base = 0x24

player structure
[[[BA] + 0x0] + 0x3c]

player name
[[[[[BA] + 0x0] + 0x3c] + 0x810] + 0x0]

World Item
[[[[BA] + 0x0] + 0x24] + 0x1c]

NPC Base
[[[BA] + 0x0] + 0x20]

Instance
[[[[BA] + 0x0] + 0x24] + 0x94]

Quest
[[[[[BA] + 0x0] + 0x3c] + 1788] + 0x8]

Buffs
[[[BA] + 0x0] + 0x3c] + 0x398]


I hav offset for moveto function
Walk1 = 0x4EC320
Walk2 = 0x4F1A80
Walk3 = 0x4ED430

but my function donot work (crash client), i utilize this function from post
autopath function worked but now crash client too, but compare offset address and a function is correct.

any can help me in fix moveto function and sendpacket ( I use c language for develop.

PS: Sendpacket and autopath working in neverfall version (1.5.6), moveto aways crash.
PS2: i donot can find DC flag too

And Sry Admins for another post in wrong forum!

[Stark77]

Looks all pretty good - you might want to check your BaseAddress again - mine is 0xF39878

And the playerActionStruct/OFFSET_ACTIONBASE in the move funtion is 0x1780

[CeifadorX]

Very Thanks!!!

And, yeah, Sendpacket autopath and anothers injectino work now!!

BA = F39878, but char structure is = neverfall

[[[BA] + 0x1C] +0x34]

[BigStorms]

does anyone have the new base adresses/offsets? or can anyone tell me a way to find them?

[CeifadorX]

Stark, all working, except my moveto function, i put new offset, but client crash on execute.

I try 4 versions moveto, including russians versions, but all crash client at execution.

this is a version from elitepvpers forums, whats is wrong?

public void moveto(float x, float y, float z, int FlyMode = 0)
{
ASM asm = new ASM();

asm.Pushad();
asm.Mov_EAX(this.off.BaseADD); // BaseAddress
asm.Mov_EAX_DWORD_Ptr_EAX();
asm.Mov_EAX_DWORD_Ptr_EAX_Add(this.off.Strutur); //0x1c
asm.Mov_ESI_DWORD_Ptr_EAX_Add(this.off.Playstrut); //0x34
asm.Mov_ECX_DWORD_Ptr_ESI_Add(this.off.ActBase); //0x1780
asm.Push6A(1);
asm.Mov_EDX(this.off.Walk1); //walk1
asm.Call_EDX();
asm.Mov_EDI_EAX();
asm.Lea_EAX_DWORD_Ptr_ESP_Add(0x18); // I try 0x18 and 0x1c
asm.Push_EAX();
asm.Mov_EDX(FlyMode);
asm.Push_EDX();
asm.Mov_ECX_EDI();
asm.Mov_EDX(this.off.Walk2); //walk2
asm.Call_EDX();
asm.Mov_ECX_DWORD_Ptr_ESI_Add(this.off.ActBase); //0x1780
asm.Mov_EAX(x);
asm.Mov_EDX_EDI();
asm.Add_EDX(this.off.OfX); // offset X pos, 0x3c
asm.Mov_DWORD_Ptr_EDX_EAX();
asm.Mov_EAX(z);
asm.Mov_EDX_EDI();
asm.Add_EDX(this.off.OfZ); // offset Z pos, 0x40
asm.Mov_DWORD_Ptr_EDX_EAX();
asm.Mov_EAX(y);
asm.Mov_EDX_EDI();
asm.Add_EDX(this.off.OfY); // offset Y pos, 0x44
asm.Mov_DWORD_Ptr_EDX_EAX();
asm.Push6A(0);
asm.Push6A(1);
asm.Push_EDI();
asm.Push6A(1);
asm.Mov_EDX(this.off.Walk3); // walk3
asm.Call_EDX();
asm.Popad();
asm.Ret();
asm.Run();
}

I checked the commands with the forum's moveto function, and the opcode is ok, my regular attack, cast skill, gather, and autopath function is working.

thanks!

[Stark77]

As I am currently super busy I will just post you the function I use currently and the offsets used for it:

Offsets:
global realBaseAddress := 0xF39878
global ADDRESS_ACTION1 := 0x4EC320
global ADDRESS_ACTION2 := 0x4F1A80
global ADDRESS_ACTION3 := 0x4ED430
global playerOffSet := 0x34
global playerActionStructOffset := 0x1780

Function:

 Spoiler

normalMoveTo(X,Y,Z=0,flyflag=0)
{
if (X < 1000)
{
X := floattohex((X*10)-4000)
Y := floattohex((Y*10)-5500)
Z := floattohex(Z*10)
}

revHex(revX, X)
revHex(revY, Y)
revHex(revZ, Z)
revHex(revBaseAddress, realbaseAddress)
revHex(revPlayerOffSet, playerOffSet,2)
revHex(revADDRESS_ACTION1, ADDRESS_ACTION1)
revHex(revADDRESS_ACTION2, ADDRESS_ACTION2)
revHex(revADDRESS_ACTION3, ADDRESS_ACTION3)
revHex(OFFSET_ACTIONBASE, playerActionStructOffset)
revHex(FLYMODE, flyflag)

func =
func = %func%60
func = %func%B8%revBaseAddress%
func = %func%8B00
func = %func%8B401C
func = %func%8B70%revPlayerOffSet%
func = %func%8B8E%OFFSET_ACTIONBASE%
func = %func%6A01
func = %func%BA%revADDRESS_ACTION1%
func = %func%FFD2
func = %func%8BF8
func = %func%8D442418
func = %func%50
func = %func%BA%FLYMODE%
func = %func%52
func = %func%8BCF
func = %func%BA%revADDRESS_ACTION2%
func = %func%FFD2
func = %func%8B8E%OFFSET_ACTIONBASE%
func = %func%B8%revX%
func = %func%8BD7
func = %func%83C220
func = %func%8902
func = %func%B8%revZ%
func = %func%8BD7
func = %func%83C224
func = %func%8902
func = %func%B8%revY%
func = %func%8BD7
func = %func%83C228
func = %func%8902
func = %func%6A00
func = %func%6A01
func = %func%57
func = %func%6A01
func = %func%BA%revADDRESS_ACTION3%
func = %func%FFD2
func = %func%61
func = %func%C3

injectCode(func)
}

Maybe you forgot to reverse something like the ActBase?

[CeifadorX]

thank you very much for your response, but unfortunately the function does not work for me.

and the offsets of the positions, which in yours is like 20, 24, and 28, would not currently be 3c, 40, and 44? Or are not numbers the offsets?

I checked my assembly class and it is correctly converting the numbers, including doing the reverse, I made the system send an msgbox of the sent opcodes:



you can see that all the codes are correctly reversed.

Well, if anyone has any other code for a moveto, I'll thank you!

[Stark77]

The offsets for X,Y, and Z are 3c, 44, and 40. However, you do not put the offsets in there but the values of the coordinates where you want to move.

You have two times 00000000 in your code; I wonder where this comes from.

[CeifadorX]

I'm sorry, I was trying to debug the function, now I executed the following command:

Char.Acao.MoverSe(1423, 876, 480, 1); // is floats X, Y, Z, and int mode

I'm using the position without being calculated

and we have this opcode

[jasty]

I mentioned this in the other thread but is anyone able to extract PCKs?

There's a ton of data in configs.pck I need.

[Stark77]

@: Sadly I dont ... sorry. @: It might be that this move function is not working on windows 10 ... other than that I cannot really see a mistake

[CeifadorX]

Very thanks for reply Stark!

I had a , that worked the function here, but it has no source available, I had to find out how they managed to make such a feat.
but I'll keep trying ^^

[CeifadorX]

Hello everyone!!

Finally I was able to correct the error of the script for movement and I arranged the scritp to follow players.

Very thanks to Stark, I used your script making some minor corrections to the Inter Neverfall / Wonderland v1 / Wonderland v2 and PW BR Neverfall.

The functions in C Language

Moveto Function:

 Spoiler

public void MoveTo(float x, float y, float z, int FlyMode = 0)
{
ASM asm = new ASM();

asm.Pushad(); // pilha 18
asm.Mov_ECX((Int32)this.off.BaseADD); //Base Address
asm.Mov_ECX_DWORD_Ptr_ECX();
asm.Mov_ECX_DWORD_Ptr_ECX_Add((Int32)this.off.Stru tur); //Structure (0x1c)
asm.Mov_ESI_DWORD_Ptr_ECX_Add((Int32)this.off.Play strut); //Player Structure (0x34)
asm.Mov_ECX_DWORD_Ptr_ESI_Add((Int32)this.off.ActB ase); //Action Base
asm.Push6A(1);
asm.Mov_EDX((Int32)this.off.Walk1); //Walk1 address
asm.Call_EDX();

asm.Mov_EDI_EAX();
asm.Push_EAX();
asm.Mov_EDX(FlyMode);
asm.Push_EDX(); // pilha 20
asm.Mov_ECX_EDI();
asm.Mov_EDX((Int32)this.off.Walk2); //Walk2 address
asm.Call_EDX(); // pilha 18

asm.Mov_ECX_DWORD_Ptr_ESI_Add((Int32)this.off.ActB ase); //Action Base (CX is clean in walk1)
asm.Mov_EAX(x);
asm.Mov_EDX_EDI();
asm.Add_EDX(0x20); //FollowID/X pos address (nova acao)
asm.Mov_DWORD_Ptr_EDX_EAX();
asm.Mov_EAX(z);
asm.Mov_EDX_EDI();
asm.Add_EDX(0x24); //Z pos address (nova acao)
asm.Mov_DWORD_Ptr_EDX_EAX();
asm.Mov_EAX(y);
asm.Mov_EDX_EDI();
asm.Add_EDX(0x28); //Y pos address (nova acao)
asm.Mov_DWORD_Ptr_EDX_EAX();

asm.Push6A(0);
asm.Push6A(1);
asm.Push_EDI();
asm.Push6A(1);
asm.Mov_EDX((Int32)this.off.Walk3); //Walk3 address
asm.Call_EDX();

asm.Pop_EDI();
asm.Popad();
asm.Ret();

asm.RunAsm(this.pr_processHandle);
}

Follow Function:

 Spoiler

public void Seguir(uint Player)
{
ASM asm = new ASM();

asm.Pushad(); // pilha 18
asm.Mov_ECX(this.off.BaseADD); //Base Address
asm.Mov_ECX_DWORD_Ptr_ECX();
asm.Mov_ECX_DWORD_Ptr_ECX_Add(this.off.Strutur); //Structure (0x1c)
asm.Mov_ESI_DWORD_Ptr_ECX_Add(this.off.Playstrut); //Player Structure (0x34)
asm.Mov_ECX_DWORD_Ptr_ESI_Add(this.off.ActBase); //Action Base address
asm.Push_EDI();
asm.Push6A(7);
asm.Mov_EDX(this.off.Walk1); //Walk 1 address
asm.Call_EDX();

asm.Mov_EDI_EAX();
asm.Mov_EBX((Int32)Player);
asm.Push_EBX();
asm.Mov_ECX_EDI();
asm.Mov_EDX(this.off.FollowA); //Follow Address
asm.Call_EDX();

asm.Mov_ECX_DWORD_Ptr_ESI_Add(this.off.ActBase); //Action Base Address
asm.Push6A(0);
asm.Push_EDI();
asm.Push6A(1);
asm.Mov_EDX(this.off.Walk3); //Walk 3 address
asm.Call_EDX();

asm.Pop_EDI();
asm.Popad();

asm.Ret();

asm.RunAsm(this.pr_processHandle);
}

Probably there was some change in the Walk3 structure reading, because what was giving error, was the completion of the script with more items in the stack.

And in the address positions of the moveto, x, y, and z are not avatar offsets.

[the soldire]

Someone found out how to fix the autologin problem now?

[fGravity]

Quote:

Originally Posted by the soldire

Someone found out how to fix the autologin problem now?

someone should just make a program that would ask for your email/password, open arc, start the patcher, close arc and start the game. Doesnt seem to be that hard