Aion 4.0 offsets

[Storb]

Not releasing my bot just yet, but I will give the offsets that I use.

Quote:

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
<CheatEntries>
<CheatEntry>
<ID>24</ID>
<Description>"Player Name"</Description>
<Color>80000008</Color>
<VariableType>String</VariableType>
<Length>32</Length>
<Unicode>1</Unicode>
<ZeroTerminate>1</ZeroTerminate>
<Address>Game.dll+10A284C</Address>
<CheatEntries>
<CheatEntry>
<ID>15</ID>
<Description>"Player HP"</Description>
<Color>80000008</Color>
<VariableType>4 Bytes</VariableType>
<Address>Game.dll+10ABA00</Address>
</CheatEntry>
<CheatEntry>
<ID>16</ID>
<Description>"Player Max HP"</Description>
<Color>80000008</Color>
<VariableType>4 Bytes</VariableType>
<Address>Game.dll+10A2A84</Address>
</CheatEntry>
<CheatEntry>
<ID>25</ID>
<Description>"Player MP"</Description>
<Color>80000008</Color>
<VariableType>4 Bytes</VariableType>
<Address>Game.dll+10ABA08</Address>
</CheatEntry>
<CheatEntry>
<ID>18</ID>
<Description>"Player Max MP"</Description>
<Color>80000008</Color>
<VariableType>4 Bytes</VariableType>
<Address>Game.dll+10A2A8C</Address>
</CheatEntry>
<CheatEntry>
<ID>14</ID>
<Description>"XP"</Description>
<Color>80000008</Color>
<VariableType>8 Bytes</VariableType>
<Address>Game.dll+10AB9F0</Address>
</CheatEntry>
<CheatEntry>
<ID>13</ID>
<Description>"Max XP"</Description>
<Color>80000008</Color>
<VariableType>8 Bytes</VariableType>
<Address>Game.dll+10AB9E0</Address>
</CheatEntry>
<CheatEntry>
<ID>34</ID>
<Description>"Player Level"</Description>
<Color>80000008</Color>
<VariableType>Byte</VariableType>
<Address>game.dll + 10A2A60</Address>
</CheatEntry>
<CheatEntry>
<ID>19</ID>
<Description>"Is Flying"</Description>
<Color>80000008</Color>
<VariableType>Byte</VariableType>
<Address>Game.dll+10A2AA0</Address>
</CheatEntry>
<CheatEntry>
<ID>20</ID>
<Description>"Flight Time"</Description>
<Color>80000008</Color>
<VariableType>4 Bytes</VariableType>
<Address>Game.dll+10ABA14</Address>
</CheatEntry>
<CheatEntry>
<ID>21</ID>
<Description>"Max Flight Time"</Description>
<Color>80000008</Color>
<VariableType>4 Bytes</VariableType>
<Address>Game.dll+10ABA10</Address>
</CheatEntry>
<CheatEntry>
<ID>23</ID>
<Description>"Autorun 4 run 0 stop"</Description>
<Color>80000008</Color>
<VariableType>4 Bytes</VariableType>
<Address>Game.dll+10A1FE8 </Address>
</CheatEntry>
<CheatEntry>
<ID>26</ID>
<Description>"Auto Rev"</Description>
<Color>80000008</Color>
<VariableType>Float</VariableType>
<Address>Game.dll+1120210</Address>
</CheatEntry>
</CheatEntries>
</CheatEntry>
<CheatEntry>
<ID>3</ID>
<Description>"Has target 1/0"</Description>
<Color>80000008</Color>
<VariableType>4 Bytes</VariableType>
<Address>Game.dll+C2C5E8</Address>
<CheatEntries>
<CheatEntry>
<ID>6</ID>
<Description>"Target Name"</Description>
<Color>80000008</Color>
<VariableType>String</VariableType>
<Length>32</Length>
<Unicode>1</Unicode>
<ZeroTerminate>1</ZeroTerminate>
<Address>"Game.dll"+C2C5E0</Address>
<Offsets>
<Offset>3A</Offset>
<Offset>254</Offset>
</Offsets>
</CheatEntry>
<CheatEntry>
<ID>27</ID>
<Description>"Target HP"</Description>
<Color>80000008</Color>
<VariableType>4 Bytes</VariableType>
<Address>"Game.dll"+C2C5E0</Address>
<Offsets>
<Offset>1228</Offset>
<Offset>254</Offset>
</Offsets>
</CheatEntry>
<CheatEntry>
<ID>28</ID>
<Description>"Target Max HP"</Description>
<Color>80000008</Color>
<VariableType>4 Bytes</VariableType>
<Address>"Game.dll"+C2C5E0</Address>
<Offsets>
<Offset>122C</Offset>
<Offset>254</Offset>
</Offsets>
</CheatEntry>
</CheatEntries>
</CheatEntry>
<CheatEntry>
<ID>29</ID>
<Description>"Cam"</Description>
<Color>80000008</Color>
<VariableType>4 Bytes</VariableType>
<Address/>
<CheatEntries>
<CheatEntry>
<ID>2</ID>
<Description>"Char X"</Description>
<Color>80000008</Color>
<VariableType>Float</VariableType>
<Address>Game.dll+10A2428</Address>
</CheatEntry>
<CheatEntry>
<ID>1</ID>
<Description>"Char Y"</Description>
<Color>80000008</Color>
<VariableType>Float</VariableType>
<Address>Game.dll+10A2424</Address>
</CheatEntry>
<CheatEntry>
<ID>22</ID>
<Description>"Char Z"</Description>
<Color>80000008</Color>
<VariableType>Float</VariableType>
<Address>Game.dll+10A242C</Address>
</CheatEntry>
<CheatEntry>
<ID>35</ID>
<Description>"Cam X"</Description>
<Color>80000008</Color>
<VariableType>Float</VariableType>
<Address>Game.dll+10A2004</Address>
</CheatEntry>
<CheatEntry>
<ID>36</ID>
<Description>"Cam Y"</Description>
<Color>80000008</Color>
<VariableType>Float</VariableType>
<Address>Game.dll+10a1ffc</Address>
</CheatEntry>
</CheatEntries>
</CheatEntry>
<CheatEntry>
<ID>30</ID>
<Description>"Special Cube 255 = 0"</Description>
<Color>80000008</Color>
<VariableType>4 Bytes</VariableType>
<Address/>
<CheatEntries>
<CheatEntry>
<ID>8</ID>
<Description>"Special Cube 1"</Description>
<Color>80000008</Color>
<VariableType>Byte</VariableType>
<Address>"Game.dll"+01129B3C</Address>
<Offsets>
<Offset>A8</Offset>
<Offset>0</Offset>
<Offset>394</Offset>
<Offset>490</Offset>
</Offsets>
</CheatEntry>
<CheatEntry>
<ID>10</ID>
<Description>"Special Cube 2"</Description>
<Color>80000008</Color>
<VariableType>Byte</VariableType>
<Address>"Game.dll"+01129B3C</Address>
<Offsets>
<Offset>FFFFFF68</Offset>
<Offset>0</Offset>
<Offset>394</Offset>
<Offset>490</Offset>
</Offsets>
</CheatEntry>
<CheatEntry>
<ID>11</ID>
<Description>"Special Cube 3"</Description>
<Color>80000008</Color>
<VariableType>Byte</VariableType>
<Address>"Game.dll"+01129B3C</Address>
<Offsets>
<Offset>FFFFFE28</Offset>
<Offset>0</Offset>
<Offset>394</Offset>
<Offset>490</Offset>
</Offsets>
</CheatEntry>
<CheatEntry>
<ID>12</ID>
<Description>"Special Cube 4"</Description>
<Color>80000008</Color>
<VariableType>Byte</VariableType>
<Address>"Game.dll"+01129B3C</Address>
<Offsets>
<Offset>FFFFFCE8</Offset>
<Offset>0</Offset>
<Offset>394</Offset>
<Offset>490</Offset>
</Offsets>
</CheatEntry>
</CheatEntries>
</CheatEntry>
<CheatEntry>
<ID>41</ID>
<Description>"This address - 0x38 = entity map address"</Description>
<ShowAsHex>1</ShowAsHex>
<Color>80000008</Color>
<VariableType>Array of byte</VariableType>
<ByteLength>138</ByteLength>
<Address>Game.dll+10ACF80</Address>
</CheatEntry>
<CheatEntry>
<ID>42</ID>
<Description>"Entity Map"</Description>
<Color>80000008</Color>
<VariableType>4 Bytes</VariableType>
<Address>game.dll + 10ACF48</Address>
</CheatEntry>
<CheatEntry>
<ID>43</ID>
<Description>"Entity Array"</Description>
<Color>80000008</Color>
<VariableType>4 Bytes</VariableType>
<Address>game.dll + 10ACF48</Address>
<Offsets>
<Offset>48</Offset>
</Offsets>
</CheatEntry>
</CheatEntries>
</CheatTable>

[Bagasen]

Thanks for the offsets.
I assume the base is Game.dll as always?

[chopstixan]

does it matter if you found:

maxhp:=0x10A2A84

and i found:

maxhp:=0x10AB9FC

it gives the same values

[Serux37]

Quote:

Originally Posted by chopstixan

does it matter if you found:

maxhp:=0x10A2A84

and i found:

maxhp:=0x10AB9FC

it gives the same values

Oh my, stop the presses! Gamebreaking exploit found! Good job!

[Storb]

I am having problems locating the entity map.

I have found many a thread on what to do with an entity map once you find it, but how do you find it?

[illegible]

Quote:

Originally Posted by ******/strong>

I am having problems locating the entity map.

I have found many a thread on what to do with an entity map once you find it, but how do you find it?

I find it with cheat engine easy with the blueprint I've saved.
Just search for this array of bytes.
For 32-bit Process:
"4E 6F 6E 65 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 0F 00 00 00 01 00 00 00 00 00 00 00 50 6C 61 79 65 72 00 00 00 00 00 00 00 00 00 00 06 00 00 00 0F 00 00 00 02 00 00 00 00 00 00 00 55 73 65 72 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 0F 00 00 00 03 00 00 00 00 00 00 00 4E 50 43 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 0F 00 00 00 04 00 00 00 00 00 00 00 47 61 6D 65 4F 62 6A 65 63 74"
(Note: In scan settings "MEM_IMAGE" must be checked)

The result is almost the right offset.
To get the right offset you must do:
"The found offset" - "constant 0x38"
Currently 32-bit NA: 0x10ACF80 - 0x38 = 0x10ACF48

[lngdrgn]

targethpoff1:=0xC2C5E0
targethpoff2:=0x254
targethpoff3:=0x38

I would like to keep track of target Hp. How do you use these offsets? Can you give me a script that would output these data to an actual HP number? Been searching for weeks with no results. Please help.

[Immons]

then you suck in searching.

read value of 0xC2C5E0

this will be ur next address called address1

read address1 + 0x254 this will give u address2

read address2 + 0x38 this will give you value of target HP

[lngdrgn]

No, not suck in searching. I SUCK in understanding what I read. I'm new in programming. Thanks so much IMMONS. I hope I can pick your brain some more.

This Code is not working for me. Can some one smart like IMMONS help? I'm trying to get the target HP with these offsets: targethpoff1:=0xC2C5E0 targethpoff2:=0x254 targethpoff3:=0x38



Global $dll = "Game.dll"
Global $PID = ProcessExists("AION.bin")
Global $Offset1 = Dec("C2C5E0")
Global $Offset2 = Dec("254")
Global $Offset3 = Dec("38")

While 1
$nMsg = GUIGetMsg()
Switch $nMsg
Case $GUI_EVENT_CLOSE
Exit
EndSwitch
AionMemoryRead()
WEnd

Func AionMemoryRead()
$dllbase = _MemoryModuleGetBaseAddress($PID, $dll)
$address1 = "0x" & Hex($dllbase + $Offset1)
$address2 = "0x" & Hex($address1 + $Offset2)
$address3 = "0x" & Hex($address2 + $Offset3)
$MemOpen = _MemoryOpen($PID)
$MemRead = _MemoryRead($address3, $MemOpen)
_MemoryClose($MemOpen)
$b = Hex($dllbase)
GUICtrlSetData($Hp, $MemRead)
EndFunc ;==>AionMemoryRead

[Immons]

don't know that language.

targetCurrentHP - 0x1228 - 4byte
targetMaxHP - 0x122c - 4byte

the one you use is HP percent and it is byte value.

[lngdrgn]

do you have a simple script that would output target HP percent in any language?

[Storb]

In order to read offsets you have to read the memory each time you add an offset.

for target HP it would look like this


gamedllbase := GetDllBase(DllName, PID)
targetbase:= 0xC2C5E0
targethpoff2:= 0x254
targethpoff3:= 0x1228

targethpraw:= gamedllbase + targetbase
targethpraw:=ReadMemory4byte(targethpraw,"AION")

targethpraw:= targethpraw + targethpoff2
targethpraw:=ReadMemory4byte(targethpraw,"AION")

targethpadd:= targethpraw + targethpoff3
targethp:=ReadMemory4byte(targethpadd,"AION")

So every time you add an offset you must re-read the memory address you are left with. That is how a pointer works, you add a small amount to an address, and the value of that address, when read, is a different address.

I hope that helps

[lngdrgn]

Thank so much. What language is this example?

[Storb]

That is autohotkey. you wont be able to just take it and run with it as you do not have the functions for "ReadMemory4byte" in your code

That is just an example of how you need to add and re-read address to get what you were looking for.

[lngdrgn]

I'm using Autoit. I was able to get my HP with your posted offsets hp:= 0x10ABA00. Everything was fine until i tried to plug in the TargetHP offsets. I did try to add the offsets like you and IMMONS had instructed, but it gives me very long numbers. Why do I need to deal with 4bytes data with TargetHP and did not need it with My HP?