HP and Mana Memory Offsets?

[xxsinz]

I was wondering if anyone knew the Memory Offsets for HP / Mana, and if they are Bytes, Int, etc...

Thank You

[Administrator]

Code: Select all

staticcharbase_address = 0x88EF20;
charPtr_offset = 0x580;
castbar_offset = 0x248;
charX_offset = 0x2C;
charY_offset = 0x30;
charZ_offset = 0x34;
charAlive_offset = 0x210;
charHP_offset = 0x344;
charMaxHP_offset = 0x34C;
charMP_offset = 0x350;
charMaxMP_offset = 0x354;
charMP2_offset = 0x358;
charMaxMP2_offset = 0x35C;
charLevel_offset = 0x37C;
charLevel2_offset = 0x384;
charName_offset = 0x278;
charTargetPtr_offset = 0x260;
pawnAttackable_offset = 0x3F6;
inBattle_offset = 0x572;
camUVec1_offset = 0x38;
camUVec2_offset = 0x40;

They are double pointers. First, read the address (4 byte, int) from staticcharbase_address + charPtr_offset. Now read address + charHP_offset to get HP. Almost everything in the list above is 4 bytes.

[xxsinz]

Thank you very much. For reading staticcharbase_address and charPtr_offset would I use memoryReadIntPtr?

[Administrator]

Yes, you would.

Code: Select all

playerAddress = memoryReadIntPtr(romProcess, staticcharbase_address, charPtr_offset);
playerHP = memoryReadInt(romProcess, playerAddress + charHP_offset);

[xxsinz]

That's what I was missing, I was trying to + the first two offsets with the HP one in a var before I did memoryReadInt, going to give it a try now, see what happens.

Update**
Awesome, got it working, now just have to figure out how to make it into a percent, and then press a key.

Thank You Again!

[srounet]

I have found Player current gold on static address : 0x89EB00 if it can helps.

Actually here is what i got from the game :

Player name : <Removed to protect the user>
Player class lvl 1 : 13
Player class lvl 2 : 0
Player position : (-1017133707.1097680790.-976346039)
Player hp : (483/483)
Player mp : (100/100)
Player mp2 : (0/0)
Player gold : 7496

Target name : Wolf
Target class lvl 1 : 4
Target class lvl 2 : 0
Target position : (-1024886700.1107867816.-975891738)
Target hp : (232/232)
Target mp : (0/0)
Target mp2 : (0/0)

[Administrator]

Thanks for the input. I removed your character name for you. Are you sure those positions are right? They seem kind of awkward to me... What type are you reading? Int? Float?

[srounet]

I'm not sure of the position it's kinda weird but when i compare the Target position and the Player position it was more or less possible.

Anyway i'm reading int on 4 byte, and it's (x.y.z).

[srounet]

I'm not sure of the position it's kinda weird but when i compare the Target position and the Player position it was more or less possible.
Anyway I'm reading int on 4 byte, and it's (x.y.z).

I was wondering about how to get informations about radar and how to hook casts to send information to the server.

[3cmSailorfuku]

I was wondering about how to get informations about radar and how to hook casts to send information to the server.

Map Positions:
You can definately detour this and log the parameters being sent to the function that displays the position on the minimap or via a codecave, but there is an issue which I will talk about in the next one. But if you use this method, you can also create new minimap icons that might be NPC's, Monsters, Players, Minerals, Loot, Chests etc.

Casting Spells without sending keystrokes: (if I assume that is what you meant with casts)
You need to find the original function for casting spells. I would recommend you looking for a String that is being displayed eg. "Casting..." and look for that if its possible,
then you gotta find out if its the right function. You can do that by setting up breakpoints to see if the rights parameters are being passed on. Often you would have to go actually deeper than that to find the original function for casting spells. If you know the adress and the parameters that are passed on, you can write a hook with a bit of inline asm (Providing that you don't know the calling convention, this is easier).

[srounet]

Well actually I do not use any API (as I'm writting a small C# library).
So I will have to find offsets by myself, it's really new for me so i will try my best and I may return with some new Questions.

I'm using Cheat Engine and Art*Money to find offsets and address.

[3cmSailorfuku]

Well actually I do not use any API (as I'm writting a small C# library).
So I will have to find offsets by myself, it's really new for me so i will try my best and I may return with some new Questions.

I'm using Cheat Engine and Art*Money to find offsets and address.

I rather suggest you using ollydbg for finding function pointers. Cheat engine and ArtMoney can be really akward when you try looking at the stack.

[S3v3n11]

So has anyone tried changing a characters x,y loc on the client? Does it cause the character to "warp" to a new location in the game? Or are there server side protections against that?

[SkilledWaffle]

i need some pointers (no pun intended ;P)

so.. i try to read some addresses ( the current hp ) with delphi and i ran in some problems with the pointers.

like you said these are double pointers eg : [[staticcharbase_address]+charPtr_offset]+charHP_offset
so i have to read the addresses like this (in pseudocode)

Code: Select all

first = read value from address (staticcharbase_address)
first = first + charPtr_offset
second =  read value from address (first)
second = second + charHP_offset
finalHP = read value from address (second)

did i got this right? i'm just asking because i get crazy values with this code

[droppen]

Code: Select all

first = read value from address (staticcharbase_address + charPtr_offset)
first = first + charHP_offset
finalHP =  read value from address (first)

is more like it

[Administrator]

Handling double-(or tripple, quadruple, ...) pointers can be a bit annoying to debug. I'd suggest printing out your current address at each step and and comparing it to a chain that you know works (use, say, Cheat Engine).

Here's some pseudo-code:

Code: Select all

printf("Read: 0x%X + 0x%X\n", staticbase, offset1);
address = readMemory(process, staticbase + offset1);
printf("Address (step1): 0x%X\n\n", address);

printf("Read: 0x%X + 0x%X\n", address, offset2);
address = readMemory(process, address + offset2);
printf("Address (step2): 0x%X\n\n", address);

value = readMemory(process, address);
printf("Value: %d\n", value);

I haven't used Delphi/Pascal in years. It will be up to you to figure out the actual function calls that are needed.

Now, if you double-click the address section of the pointer in Cheat Engine, you should see something like this:

Hopefully, you can match up the "This pointer points to address XXXX" with your results from the code printed above. It will help to figure out where you're going wrong.