Jump to content
Moopler Closing Read more... ×


  • Content Count

  • Joined

  • Last visited

  • Days Won


SunCat last won the day on November 5 2018

SunCat had the most liked content!

Community Reputation

18 Good

About SunCat

  • Rank

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. SunCat

    Question Structured Sniffing Logger

    I've got structured PE that works for current version. Here are the hooks I use: COutPacket_COutPacket CClientSocket_SendPacket CInPacket_Decode1 CInPacket_Decode2 CInPacket_Decode4 CInPacket_Decode8 CInPacket_DecodeStr CInPacket_DecodeBuffer CInPacket_Decode_double COutPacket_Encode1 COutPacket_Encode2 COutPacket_Encode4 COutPacket_Encode8 COutPacket_EncodeStr COutPacket_EncodeBuffer COutPacket_Encode_double And as @Erotica said, you'll still be missing data. What I do is check the current offset in the packet when one of the encode/decode functions gets hit, if there's a gap in data, fill it with raw data as a buffer.
  2. SunCat

    Question GMS v200.3 Item Filter AOB

    Here you go: [ENABLE] alloc(ItemFilter,256) alloc(ItemList,2048) alloc(Mesos,4) alloc(Mode,4) label(Return) label(End) label(FilterMesos) label(RejectOrAccept) label(AcceptFilter) label(RejectFilter) label(Ignore) Mesos: dd #0 // Minimum meso Mode: dd #0 // 0 = Accept, 1 = reject ItemList: //Add filter like below //dd #itemID dd 00 // End of list ItemFilter: push edx mov edx,[Mesos] cmp eax,edx jle FilterMesos mov edx,ItemList jmp RejectOrAccept FilterMesos: mov eax,0 jmp End RejectOrAccept: cmp byte ptr [Mode],0 je AcceptFilter cmp byte ptr [Mode],1 je RejectFilter AcceptFilter: cmp eax,[edx](Mesos) je End cmp dword ptr [edx],0 je Ignore add edx,4 jmp AcceptFilter RejectFilter: cmp eax,[edx] je Ignore cmp dword ptr [edx],0 je End add edx,4 jmp RejectFilter Ignore: cmp eax,#50000 // Added this code otherwise mesos is dropped but not shown in accept mode jle End mov eax,0 End: pop edx mov [ebp-34],eax inc ecx mov eax,939A85C5 jmp Return 0122EFAD: jmp ItemFilter nop nop nop nop Return: [DISABLE] 0122EFAD: // F3 ? ? ? ? ? ? ? F3 ? ? ? ? ? ? ? E8 ? ? ? ? 8B 0D ? ? ? ? 89 ? ? ? B8 below mov [ebp-34],eax inc ecx mov eax,939A85C5 dealloc(ItemFilter) dealloc(ItemList) dealloc(Mesos) dealloc(Mode)
  3. SunCat

    Question Adding delay to script

    Teleporting isn’t stable unless you spam it at intervals of <60ms. So ideally you want it to be continuously spammed every tick, but just update the coordinates when you need to.
  4. SunCat

    Question Getting mob ID

    I've adapted the one from firefly for a trainer I've been making. The CMobPool struct has changed pretty significantly and similarly to player count, the actual count is encrypted now. In the trainer I'm making I've got it all working, but the library he's referring to is extremely lightweight, just a module that gets imported into Terminal's python scripter.
  5. SunCat

    Question Getting mob ID

    There's a whole lot of infrastructure I'd have to build into the library to add mob iteration and that sort of thing. Right now the library is very simple. Your best bet would be to ask the trainer creators to add the feature.
  6. SunCat

    Question Auto Terminate Script

    Here you go, this should do what you're after. I only tested it once, but seems to work. [enable] alloc(hook, 128) Label(Return) Label(return_original) 025EF030: jmp hook Return: hook: pushad mov ecx,[034D0C34] //TSingleton<CUserPool> - 8B 0D ?? ?? ?? ?? 83 ?? ?? ?? 0F 85 lea ecx,[ecx+A8] //m_lUserRemote call 0085A4D0 //TSecType::GetData<long> - E8 ?? ?? ?? ?? 8B ?? ?? 3B ?? 74 ?? C7 [Follow call] cmp eax,#2 popad jle return_original push 0 push ffffffff call TerminateProcess xor eax,eax div eax return_original: push ebp mov ebp,esp push -01 jmp Return [disable] 025EF030: //CUserPool::OnUserEnterField 8D 4D D8 E8 ? ? ? ? 8D 4D D0 E8 ? ? ? ? 8B 4D F4 64 89 0D ? ? ? ? [Function Start] push ebp mov ebp,esp push -01 DeAlloc(hook) Just change the #2 to whatever amount of players you want. Note that it excludes yourself, so it'll be 0 if it's just you on the map.
  7. SunCat

    Question Getting mob ID

    Inside the CMobPool struct you can find the ZList<ZRef<CMob>> object at offset 0x34. Then inside each CMob you can find the ZtlSecurePack<unsigned int> dwMobID at offset 0x288 (unless this offset has changed in the last patch, I haven't had a need for it in a while). Then you call the ZtlSecureFuse<unsigned int> function on it to actually read the data.
  8. The other way to get the loot coordinates is from the CDropPool struct. The data is encrypted though, so you'll have to call the TSecType::GetData functions to actually read them.
  9. SunCat

    Question 198.2 GMS Scripts Can't Assign to Cheat Table

    You need to replace the %arg1, %arg2, etc with actual values.
  10. Check out https://guidedhacking.com/
  11. The last 4 unknown bytes in the open rune are rune type. I'm pretty sure you'll need the right type for it to open the rune. Here are the rune types: enum ERuneStoneType { RST_NONE = 0xFFFFFFFF, RST_UPGRADE_SPEED = 0x0, RST_UPGRADE_DEFENCE = 0x1, RST_DOT_ATTACK = 0x2, RST_THUNDER = 0x3, RST_EARTHQUAKE = 0x4, RST_SUMMON_ELITE_MOB = 0x5, RST_SUMMON_MIMIC = 0x6, RST_INCREASE = 0x7, RST_REDUCE_COOLTIME = 0x8, RST_COUNT = 0x9, }; This might be useful too enum ERuneStoneState { RSS_STAY = 0x0, RSS_APPEAR = 0x1, RSS_DISAPPEAR = 0x2, RSS_COUNT = 0x3, };
  12. SunCat

    Question How to create/update vtables

    Thanks for the response. I’ve since done a lot of reading and have a much better understanding. I wanted to give ReClass a go, but unfortunately I can’t get it to attach to maple, so I’ve been sticking with CE dissector. EDIT: I was using normal ReClass, looks like ReClassEx attaches to maple just fine, thanks!
  13. SunCat

    Question How to create/update vtables

    Hey guys, I've been spending the last few months trying to improve my reversing/hacking and want to keep learning. A while back I found the firefly source and it's been a really useful resource to have. It made me want to learn how to use vtables and I've managed to use the ones from firefly with some level of success, but I'm not sure how to go about updating the ones that are outdated or creating my own. My real question is, how do you find the full structure of the maple classes?