[RELEASE] Pet Hack, Auto Pet Attack, Auto Loot + Update Tutorial

[AngelAhmad1]

I don't know where to put those codes any help? I just need auto loot.

[Dudu1995]

No more DK hacks ? It came to an end ?

[Naniooooo]

[nonash321]

guys im new here, how do i use this cheat? auto loot to be exact

[Naniooooo]

You cant ... you have to update it

[kgostosa]

hello nanio ... can you help me with pet arrogance ?

[Naniooooo]

update adress ( its not really that fast but it works )

[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)

newmem: //this is allocated memory, you have read,write,execute access
//place your code here

originalcode:
mov [esp+20],00000006

exit:
jmp returnhere

"dekaron.exe"+7A9A6B:
jmp newmem
nop 3
returnhere:




[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"dekaron.exe"+7A9A6B:
mov [esp+20],00000006
//Alt: db C7 44 24 20 06 00 00 00

[kgostosa]

This is mine, need another line
(dekaron.exe"+7A9A6B: C7 44 24 20 04 00 00 00 - mov [esp+20],00000004)(code:
mov [esp+20],00000007
jmp return),
but it doesn't work with arrogance =/

{ Game : dekaron.exe
Version:
Date : 2020-04-02
Author : zezin

This script does blah blah blah
}

[ENABLE]

aobscanmodule(INJECT,dekaron.exe,C7 44 24 20 06 00 00 00) // should be unique
alloc(newmem,$1000)

label(code)
label(return)

newmem:

code:
mov [esp+20],00000007
jmp return

INJECT:
jmp newmem
nop 3
return:
registersymbol(INJECT)

[DISABLE]

INJECT:
db C7 44 24 20 06 00 00 00

unregistersymbol(INJECT)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "dekaron.exe"+7A9B44

"dekaron.exe"+7A9B2A: 6A 00 - push 00
"dekaron.exe"+7A9B2C: FF 50 34 - call dword ptr [eax+34]
"dekaron.exe"+7A9B2F: 8B 06 - mov eax,[esi]
"dekaron.exe"+7A9B31: 8B CE - mov ecx,esi
"dekaron.exe"+7A9B33: 89 7C 24 14 - mov [esp+14],edi
"dekaron.exe"+7A9B37: FF 50 10 - call dword ptr [eax+10]
"dekaron.exe"+7A9B3A: 8B CE - mov ecx,esi
"dekaron.exe"+7A9B3C: 8B 00 - mov eax,[eax]
"dekaron.exe"+7A9B3E: 89 44 24 18 - mov [esp+18],eax
"dekaron.exe"+7A9B42: 8B 06 - mov eax,[esi]
// ---------- INJECTING HERE ----------
"dekaron.exe"+7A9B44: C7 44 24 20 06 00 00 00 - mov [esp+20],00000006
// ---------- DONE INJECTING ----------
"dekaron.exe"+7A9B4C: FF 50 0C - call dword ptr [eax+0C]
"dekaron.exe"+7A9B4F: 8B C8 - mov ecx,eax
"dekaron.exe"+7A9B51: 8B 10 - mov edx,[eax]
"dekaron.exe"+7A9B53: FF 52 78 - call dword ptr [edx+78]
"dekaron.exe"+7A9B56: 8B 0D 28 79 60 01 - mov ecx,[dekaron.exe+1207928]
"dekaron.exe"+7A9B5C: 8D 54 24 14 - lea edx,[esp+14]
"dekaron.exe"+7A9B60: 89 44 24 1C - mov [esp+1C],eax
"dekaron.exe"+7A9B64: 8A 44 24 34 - mov al,[esp+34]
"dekaron.exe"+7A9B68: 88 44 24 24 - mov [esp+24],al
"dekaron.exe"+7A9B6C: 8B 01 - mov eax,[ecx]
}

[blinktwice]

can i get any help how can i update them?

[ngetzzzz]

anyone with free vac hack dekaron papaya helion?

[ozdemir50]

{ Game : dekaron.exe
Version:
Date : 2019-03-31
Author : nan

This script does blah blah blah
}

[ENABLE]

aobscanmodule(VAC,dekaron.exe,8B 42 04 89 41 08 8B 42)
alloc(newmem,$1000)

label(code)
label(return)

newmem:
mov [edx+04],63 //DwExploreRange
mov eax,[edx+04]
mov [ecx+08],eax
mov [edx+04],63 //DwSight
mov eax,[edx+08]
mov [ecx+0C],eax
mov [edx],63 //DwPersuitRange
mov eax,[edx]
mov [ecx+04],eax
mov [edx+0c],0 //DwAvoidRange
mov eax,[edx+0C]
mov [ecx+10],eax
mov [edx+10],0 //DwExploreStandDelay
mov eax,[edx+10]
mov [ecx+14],eax
mov [edx+14],0 //DwExploreMoveDelay
mov eax,[edx+14]
mov [ecx+18],eax
mov [edx+18],0 //DwStandDelay
mov eax,[edx+18]
mov [ecx+1C],eax
mov [edx+1C],1 //DwMoveDelay
mov eax,[edx+1C]
mov [ecx+20],eax
mov [edx+20],0 //DwFollowMyMasterRange
mov eax,[edx+20]
mov [ecx+24],eax
mov [edx+24],0 //DwStopMasterNear
mov eax,[edx+24]
mov [ecx+28],eax
mov [edx+28],0 //DwWarpMyMasterRange
mov eax,[edx+28]
mov [ecx+2C],eax
Mov [edx+2C],0 //DwCallTeamPossibelHP
mov eax,[edx+2C]
mov [ecx+30],eax
mov [edx+30],63 //DwCallTeamCount
mov eax,[edx+30]
mov [ecx+34],eax
mov [edx+34],0 //DwBlockNFirstAttack
mov eax,[edx+34]
mov [ecx+38],eax
mov [edx+38],63 //dwCallTeamCell
mov al,[edx+38]
mov [ecx+3C],al
mov [edx+3C],9999 //dwFollowTarget
mov eax,[edx+3C]
mov [ecx+40],eax
mov [edx+40],0 //dwSpecialAttackStartHP
mov eax,[edx+40]
mov [ecx+44],eax
mov [edx+44],0 //dwSpecialMeleeAttackRate
mov eax,[edx+44]
mov [ecx+48],eax
mov [edx+48],0 //dwSpecialRangeAttackRate
mov eax,[edx+48]
mov [ecx+4C],eax
mov [edx+4C],0 //dwSpecialAttackRate
mov eax,[edx+4C]
mov [ecx+50],eax
mov [edx+50],0 //dwSpecialAttackTargetType
mov eax,[edx+50]
mov [ecx+54],eax
mov [edx+54],0 //dwSpecialAttackTargetValue
mov eax,[edx+54]
mov [ecx+58],eax
mov [edx+58],0 //dwSpecialDelayTime
mov eax,[edx+58]
mov [ecx+5C],eax
mov [edx+5C],0 //DwPowerAttackStartHP
mov eax,[edx+5C]
mov [ecx+60],eax
mov [edx+60],0 //dwPowerMeleeAttackProbable
mov eax,[edx+60]
mov [ecx+64],eax
mov [edx+64],0 //dwPowerRangeAttackProbable
mov eax,[edx+64]
mov [ecx+68],eax
mov [edx+68],0 //dwPowerRate
mov eax,[edx+68]
mov [ecx+6C],eax
mov [edx+6C],0 //dwPowerAttackTargetType
mov eax,[edx+6C]
mov [ecx+70],eax
mov [edx+70],0 //dwPowerAttackTargetValue
mov eax,[edx+70]
mov [ecx+74],eax
mov [edx+74],0 //dwPowerDelayTime
mov eax,[edx+74]
mov [ecx+78],eax
mov [edx+78],0 //dwAttack1_Rate
mov eax,[edx+78]
mov [ecx+7C],eax
mov [edx+7C],0 //dwAttack1_TargetType
mov eax,[edx+7C]
mov [ecx+00000080],eax
mov [edx+80],0 //dwAttack1_TargetValue
mov eax,[edx+00000080]
mov [ecx+00000084],eax
mov [edx+84],0 //dwAttack2_Rate
mov eax,[edx+00000084]
mov [ecx+00000088],eax
mov [edx+88],0 //dwAttack2_TargetType
mov eax,[edx+00000088]
mov [ecx+0000008C],eax
mov [edx+8C],0 //dwAttack2_TargetValue
mov eax,[edx+0000008C]
mov [ecx+00000090],eax
mov [edx+90],0 //dwAttack3_Rate
mov eax,[edx+00000090]
mov [ecx+00000094],eax
mov [edx+94],0 //dwAttack3_TargetType
mov eax,[edx+00000094]
mov [ecx+00000098],eax
mov [edx+98],0 //dwAttack3_TargetValue
mov eax,[edx+00000098]
mov [ecx+0000009C],eax
mov [edx+9C],0 //dwAttack4_Rate
mov eax,[edx+0000009C]
mov [ecx+000000A0],eax
mov [edx+A0],0 //dwAttack4_TargetType
mov eax,[edx+000000A0]
mov [ecx+000000A4],eax
mov [edx+A4],0 //dwAttack4_TargetValue
mov eax,[edx+000000A4]
mov [ecx+000000A8],eax
mov [edx+A8],63 //dwMaxSummonsMonsterCount
mov eax,[edx+000000A8]
mov [ecx+000000AC],eax
mov [edx+AC],1 //dwReSummonsMonsterTick
mov eax,[edx+000000AC]
mov [ecx+000000B0],eax
mov [edx+B0],0 //dwMaxSummonsMonsterRange
mov eax,[edx+000000B0]
mov [ecx+000000B4],eax
mov [edx+B4],1 //dwSummonsStartPcCount
mov eax,[edx+000000B4]
mov [ecx+000000B8],eax

code:
mov eax,[edx+04]
mov [ecx+08],eax
jmp return

VAC:
jmp newmem
nop
return:
registersymbol(VAC)

[DISABLE]

VAC:
db 8B 42 04 89 41 08

unregistersymbol(VAC)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "dekaron.exe"+746136

"dekaron.exe"+746129: CC - int 3
"dekaron.exe"+74612A: CC - int 3
"dekaron.exe"+74612B: CC - int 3
"dekaron.exe"+74612C: CC - int 3
"dekaron.exe"+74612D: CC - int 3
"dekaron.exe"+74612E: CC - int 3
"dekaron.exe"+74612F: CC - int 3
"dekaron.exe"+746130: 55 - push ebp
"dekaron.exe"+746131: 8B EC - mov ebp,esp
"dekaron.exe"+746133: 8B 55 08 - mov edx,[ebp+08]
// ---------- INJECTING HERE ----------
"dekaron.exe"+746136: 8B 42 04 - mov eax,[edx+04]
"dekaron.exe"+746139: 89 41 08 - mov [ecx+08],eax
// ---------- DONE INJECTING ----------
"dekaron.exe"+74613C: 8B 42 08 - mov eax,[edx+08]
"dekaron.exe"+74613F: 89 41 0C - mov [ecx+0C],eax
"dekaron.exe"+746142: 8B 02 - mov eax,[edx]
"dekaron.exe"+746144: 89 41 04 - mov [ecx+04],eax
"dekaron.exe"+746147: 8B 42 0C - mov eax,[edx+0C]
"dekaron.exe"+74614A: 89 41 10 - mov [ecx+10],eax
"dekaron.exe"+74614D: 8B 42 10 - mov eax,[edx+10]
"dekaron.exe"+746150: 89 41 14 - mov [ecx+14],eax
"dekaron.exe"+746153: 8B 42 14 - mov eax,[edx+14]
"dekaron.exe"+746156: 89 41 18 - mov [ecx+18],eax
}

[nemesisysf]

is there any free bypass avaible ?

[iidagger]

still waiting for the update tutorial on auto loot

[iCraziE]

Quote:

Originally Posted by bulgasal

still waiting for the update tutorial on auto loot

Better late than never. I might make an official post, but otherwise here ya go:

 Spoiler

First we need to find the right address to inject our cheat.

When an item is on the ground, there is a packet sent to your client from the server. We want to find where this packet is handled, and then inject our cheat right after that packet is received.

If you have a packet monitor for dekaron, you can easily see packets being sent and received.
@ posted one somewhere, as well some others.


The packet ID for dil on the ground is 05030002


So we will search an array of bytes for this packet ID

Use CE, search for: 02 00 03 05 (this is just the packet id backwards)
as an array of bytes.

You will find code similar to "cmp eax,05030002" at that address.
The next line will be a jump instruction.

Follow the jump to that address, and that is where the packet is handled.
We will use the address of the last 5 bytes of this instruction to inject our code.

The last 5 bytes will be similar to:

pop edi
pop esi
ret 4


Do the same thing for the item packet id: 05020000.


Now you have the right injection address for both scripts.

Just need to update a couple more addresses to finish.

Using the same method to read packets, we can gather that picking up dil from the ground is packet ID: 05030003

We will search for this packet now, using the same methods in CE.

Once you found it, you will see code similar to:

mov [eax+0C],05030003

this is how you know you are at the right place.
A little below this line of code you will find code similar to:

mov ecx,[00B5CC64] <--- first address
push eax
call 004D8390 <--- second address

this is the two addresses you need to update in the scripts as well.
It is the same for both auto loot item and auto loot dil.

Good luck, and enjoy.

[iamlegend93]

Quote:

Originally Posted by iCraziE

Better late than never. I might make an official post, but otherwise here ya go:

 Spoiler

First we need to find the right address to inject our cheat.

When an item is on the ground, there is a packet sent to your client from the server. We want to find where this packet is handled, and then inject our cheat right after that packet is received.

If you have a packet monitor for dekaron, you can easily see packets being sent and received.
@ posted one somewhere, as well some others.


The packet ID for dil on the ground is 05030002


So we will search an array of bytes for this packet ID

Use CE, search for: 02 00 03 05 (this is just the packet id backwards)
as an array of bytes.

You will find code similar to "cmp eax,05030002" at that address.
The next line will be a jump instruction.

Follow the jump to that address, and that is where the packet is handled.
We will use the address of the last 5 bytes of this instruction to inject our code.

The last 5 bytes will be similar to:

pop edi
pop esi
ret 4


Do the same thing for the item packet id: 05020000.


Now you have the right injection address for both scripts.

Just need to update a couple more addresses to finish.

Using the same method to read packets, we can gather that picking up dil from the ground is packet ID: 05030003

We will search for this packet now, using the same methods in CE.

Once you found it, you will see code similar to:

mov [eax+0C],05030003

this is how you know you are at the right place.
A little below this line of code you will find code similar to:

mov ecx,[00B5CC64] <--- first address
push eax
call 004D8390 <--- second address

this is the two addresses you need to update in the scripts as well.
It is the same for both auto loot item and auto loot dil.

Good luck, and enjoy.

You are a Legend

And TUTs coming out on how to bypass EAC on global?