|
You last visited: Today at 02:29
Advertisement
Scan Inventory
Discussion on Scan Inventory within the PW Hacks, Bots, Cheats, Exploits forum part of the Perfect World category.
03/15/2011, 02:42
|
#1
|
elite*gold: 0 
Join Date: Feb 2011
Posts: 25
Received Thanks: 8
|
Scan Inventory
Looking for a little help to be able to scan the the character inventory to look for a specific item.. Any help would be great. Thanks.
|
|
|
|
03/15/2011, 07:23
|
#2
|
elite*gold: 0
Join Date: Mar 2011
Posts: 1
Received Thanks: 1
|
GA(PWI=0xAD60C4)+30+C68+C+[I*4] ----- I=1-(GA+30+C68+10)
+8 = Item Id
+10 = Item Count
+40+0 = Description only shows after has been mouse overed .... find source from id instead < sry havent found yet
|
|
|
|
|
03/15/2011, 11:28
|
#3
|
elite*gold: 0
Join Date: Feb 2011
Posts: 25
Received Thanks: 8
|
Thank you so much!
|
|
|
|
|
03/15/2011, 12:09
|
#4
|
elite*gold: 0
Join Date: Mar 2010
Posts: 862
Received Thanks: 575
|
Quote:
Originally Posted by PhilMeBeer
GA(PWI=0xAD60C4)+30+C68+C+[I*4] ----- I=1-(GA+30+C68+10)
+8 = Item Id
+10 = Item Count
+40+0 = Description only shows after has been mouse overed .... find source from id instead < sry havent found yet
|
name from id is dependant on the type of item and is generally stored in hash lists (or for some items also somewhere in the item structure). It's easiest to inject a function that updates description as if you hovered over it with mouse.
For example:
itemAddress[i] = [[[player + 0xC68] + 0xC] + i * 4]
funcAddress[i] = [[itemAddress[i] + 0] + 0x34]
pushad
mov ECX, itemAddress[i]
mov EAX, funcAddress[i]
call EAX
popad
then itemdesc[i]= [[[itemAddress[i] + 0x40] + 0]
|
|
|
|
|
08/15/2011, 23:23
|
#5
|
elite*gold: 0
Join Date: Aug 2011
Posts: 16
Received Thanks: 1
|
bit of a necro, but I've been trying to get this to work but to no avail.
PHP Code:
public unsafe static List<ITEM> getInventory()
{
List<ITEM> items = new List<ITEM>();
uint pointer = Mem.ReadUInt(process_handle, baseaddress + 48);
pointer = Mem.ReadUInt(process_handle, pointer + 3176);
pointer = Mem.ReadUInt(process_handle, pointer + 12);
for(int i=0; i < 40; i++)
{
//itemAddress[i] = [[[player + 0xC68] + 0xC] + i * 4]
uint item_addr = Mem.ReadUInt(process_handle, pointer + (uint)(i * 4));
ITEM item = new ITEM();
byte* lpitem = &item.bytes[0];
int sizeofitem = Marshal.SizeOf(item);
Mem.ReadBytesToStruct(process_handle, item_addr, lpitem, sizeofitem);
items.Add(item);
}
return items;
}
[StructLayout(LayoutKind.Explicit, Pack = 1)]
public unsafe struct ITEM
{
// Overlay array of bytes like in a C Union to allow faster updating of the whole structure
[FieldOffset(0)]
public fixed byte bytes[20];
[FieldOffset(8)]
public uint id;
[FieldOffset(16)]
public uint sn;
}
I know the code is probably not the most efficient but I'm trying to keep it contained until I've got it working. On a similar note I've also been trying to find nearby items using the code from  but no luck there either :/.
Last question is about structs; I was reading that a struct passed as a param to a function duplicates the struct. Would I be correct in assuming that if I make the struct an instance variable of a class and then pass the class around it wouldn't have to duplicate the struct if its accessed through the class?
Any other general c# suggestions are welcome as I've just recently made the jump from autoit after reading some posts by interest07 and dumbfck.
|
|
|
|
|
08/16/2011, 01:44
|
#6
|
elite*gold: 0
Join Date: Nov 2010
Posts: 59
Received Thanks: 18
|
Quote:
Originally Posted by PhilMeBeer
GA(PWI=0xAD60C4)+30+C68+C+[I*4] ----- I=1-(GA+30+C68+10)
+8 = Item Id
+10 = Item Count
+40+0 = Description only shows after has been mouse overed .... find source from id instead < sry havent found yet
|
thats right, since this is older info...after the last game update use for pw-int:
0xCA4 then 0xC68 and it works 
|
|
|
|
|
08/16/2011, 02:31
|
#7
|
elite*gold: 0
Join Date: Mar 2011
Posts: 44
Received Thanks: 48
|
this is Interest07's post in genesis offset topic
Code:
public struct itemStruct
{
public int uniqueId;
public int generalItemTypeId; //8 = DQ, 9 = Potion, etc
public int itemTypeId;
public int uk0xC;
public int amount;
public int maxAmount;
public int sellPrice;
public int buyPrice;
public int equipTypeId;
public int usableItemTypeId;
public int limitations; //such as droppable, quest item, etc
public int uk0x2C;
public int uk0x30;
public int uk0x34;
public int uk0x38;
public int uk0x3C;
public int descriptionPointer;
public int uk0x44;
public int uk0x48;
public int lvlRequirementEquip;
public int strRequirement;
public int dexRequirement;
public int lvlRequirementUsable;
public int uk0x5C;
public int magRequirement;
public int uk0x64;
public int currentDurability; //= ingameValue * 100
public int maxDurability;
public int uk0x70; //sell price gear again?
public int uk0x74;
public int uk0x78;
public int uk0x7C;
public int uk0x80;
public int upgradeLvl;
public int uk0x88;
public int uk0x8C;
public int socketIdList;
public int nrOfSockets;
public int uk0x98;
public int uk0x9C;
public int uk0xA0;
public int addOnList;
public int nrOfAddOns;
public int uk0xAC;
public int uk0xB0;
public int uk0xB4;
public int uk0xB8;
public int uk0xBC;
public int uk0xC0;
public int uk0xC4;
public int uk0xC8;
public int uk0xCC;
public int uk0xD0;
public int uk0xD4;
public int uk0xD8;
public int uk0xDC;
public int uk0xE0;
public int uk0xE4;
public int uk0xE8;
public int uk0xEC;
public int uk0xF0;
public int uk0xF4;
public int uk0xF8;
public int uk0xFC;
/*
176 phys def for regular equip, phys attack for rings
180 evasion
184 phys def for accessories, +MP for cape oO
190 +HP
194 min Patk / metal def
198 max Patk / wood def
202 min Matk? / water def
206 max Matk? /.fire def
210 weapon speed / earth def
*/
}
and i made some research here because i use your values in CE and i get some strange data, after few searches i find this:
0xAF7464+0x34+0xCA4+0xC+X*0x4+value from interest07 database
of course u can use real base 0xAF6DA4+1C+line above
easyist way how to find and filter every potion in inventory is with
0xAF7464+0x34+0xCA4+0xC+X*0x4+0x4 - if value = 9 then its a potion 
and one more thing, powders like VAC, Shadow Binder Powder etc has value = 31 su u can search them too, many of then can heal, but not all so u must filter them before use, or make simple whitelist filter with pwdb ID, everything that is on whitelist put to another array for later use or delete lines which u dont want use (blacklist)
edit: eh thx omarranimado, this forum never sleeps, and i must do refresh page more often 
edit2: i remake my Auction Hall script for you and
|
|
|
|
|
08/16/2011, 08:22
|
#8
|
elite*gold: 0
Join Date: Mar 2010
Posts: 862
Received Thanks: 575
|
Quote:
Originally Posted by novicehacker
Last question is about structs; I was reading that a struct passed as a param to a function duplicates the struct. Would I be correct in assuming that if I make the struct an instance variable of a class and then pass the class around it wouldn't have to duplicate the struct if its accessed through the class?
|
Yeah it shouldn't duplicate it if you pass a class as parameter.
playerInv offset = 3236 now
So you just might have the wrong offset.
edit: oops others have posted that already lol 
in the post above it lists some examples for "public int generalItemTypeId; //8 = DQ, 9 = Potion, etc" But those aren't exactly correct, 8 is more than just DQ if I recall correctly.
In general if something isn't working, definitely check the offsets first. Luckily they haven't changed much lately, but there's some pretty dated info on these forums.
|
|
|
|
|
08/16/2011, 13:03
|
#9
|
elite*gold: 140
Join Date: Aug 2011
Posts: 5
Received Thanks: 1
|
This information is like a gold mine. I'm looking to read information from Ether Saga Online which is based on same elementclient codebase as perfect world and thanks to Interest07's offset finding post on WQ-Bot thread I was already able to figure out getting character name which I had problems with earlier.
I'm trying to get inventory, equips, items on grounds, mobiles etc. and tried asking for help on my first lil release at but since nobody seems to care for ESO it seems PW is the place to find the info.
Sorry for wall of text, I get to the point, I can adapt all info I get about PWI to ESO, I'm just a bit lost on how to find the right stuff. I'm new to memory reading, disassembling and whatnot but I'm eager to learn.
So I assume "GA(PWI=0xAD60C4)+30+C68+C" is the pointer to the start of an array of inventory item pointers and each pointer at +[I*4] brings you to an itemStruct? If that's true I can get a lot further with what I'm doing but I still have one question. How do you find out the pointer? Is base+30+C68 pointer to playerbase? So am I totally wrong if I start searching by putting a stack of items in first inventory slot and search for amount until I find the address and reverse from there until I get an offset from playerbase?
|
|
|
|
|
08/16/2011, 14:58
|
#10
|
elite*gold: 0
Join Date: Mar 2010
Posts: 862
Received Thanks: 575
|
Quote:
Originally Posted by MessyIO
This information is like a gold mine. I'm looking to read information from Ether Saga Online which is based on same elementclient codebase as perfect world and thanks to Interest07's offset finding post on WQ-Bot thread I was already able to figure out getting character name which I had problems with earlier.
I'm trying to get inventory, equips, items on grounds, mobiles etc. and tried asking for help on my first lil release at but since nobody seems to care for ESO it seems PW is the place to find the info.
Sorry for wall of text, I get to the point, I can adapt all info I get about PWI to ESO, I'm just a bit lost on how to find the right stuff. I'm new to memory reading, disassembling and whatnot but I'm eager to learn.
So I assume "GA(PWI=0xAD60C4)+30+C68+C" is the pointer to the start of an array of inventory item pointers and each pointer at +[I*4] brings you to an itemStruct? If that's true I can get a lot further with what I'm doing but I still have one question. How do you find out the pointer? Is base+30+C68 pointer to playerbase? So am I totally wrong if I start searching by putting a stack of items in first inventory slot and search for amount until I find the address and reverse from there until I get an offset from playerbase? |
Yeah, pretty much correct. Although right now PWI player base is baseAddress + 0x1C + 0x34
Then you go to inventory with CA4, in there you have the inv size at +0x10, and the list of pointers to inventory items at +0xC. From there you indeed do +0x4 * i to find item i.
You can use different methods of finding this pointer, but searching for stack size for example should work. You could also search for description for example. Best is to place it in the first slot in my opinion, usually makes it easier for me at least, considering you already know what the structures look like.
|
|
|
|
|
08/17/2011, 05:25
|
#11
|
elite*gold: 0
Join Date: Aug 2011
Posts: 16
Received Thanks: 1
|
Thanks a bunch to everyone that helped out .
Nothing special, but for any other novices starting out the inventory can be accessed using dumbfck's mem class's resolveNestedPointer
using
PHP Code:
Mem.resolveNestedPointer(process_handle, baseaddress, new uint[] {52, 3236, 12, 0});
and for an easy way to look at structs via the console
PHP Code:
static void struct_dump(Object o)
{
System.Reflection.FieldInfo[] fields = o.GetType().GetFields(System.Reflection.BindingFlags.Instance | System.Reflection.BindingFlags.Public);
foreach (System.Reflection.FieldInfo field in fields)
{
if(!field.Name.Equals("bytes"))
Console.WriteLine("\t" + strpad(field.Name, 15) + field.GetValue(o).ToString());
}
}
static String strpad(String input, int length)
{
while (input.Length < length)
{
input += " ";
}
return input;
}
might want to update it to return a string instead of using console.writeline directly, but that's up to you.
|
|
|
|
|
05/04/2012, 19:33
|
#12
|
elite*gold: 0
Join Date: May 2010
Posts: 220
Received Thanks: 203
|
Quote:
Originally Posted by Interest07
name from id is dependant on the type of item and is generally stored in hash lists (or for some items also somewhere in the item structure). It's easiest to inject a function that updates description as if you hovered over it with mouse.
For example:
itemAddress[i] = [[[player + 0xC68] + 0xC] + i * 4]
funcAddress[i] = [[itemAddress[i] + 0] + 0x34]
pushad
mov ECX, itemAddress[i]
mov EAX, funcAddress[i]
call EAX
popad
then itemdesc[i]= [[[itemAddress[i] + 0x40] + 0]
|
--- problem solved ---
|
|
|
|
|
04/15/2013, 23:18
|
#13
|
elite*gold: 0
Join Date: Jul 2011
Posts: 145
Received Thanks: 97
|
I'm going to have to bump this because I can't quite figure out how to get this to work.
I'm looking through the memory in OllyDbg just to see if I can follow the offsets to the Item struct but I'm doing something wrong.
I'm using the offsets from here: (are these verified?)
Base Address = 12306892 (0XBBC9CC)
In OllyDbg I see 00BBC9CC B0 9E 2A 0A
Since that's reverse hex that means base addr is 0x0A2A9EB0
the player offset from this is 0x34 (same as CHARSTRUCT1_OffSet=52 in that offset post?)
So 0x0A2A9EB0 + 0x34 = 0xA2A9EE4
At 0xA2A9EE4 I see 0x1780e220 in reverse hex
0x1780E220 + 3360(dec offset of inventory struct) = 0x1780EF40
At 0x1780EF40 I see 0xBAADF000 in reverse hex
That's a memory address that hasn't been allocated so I'm stuck!
Where did I go wrong? D:
My ultimate goal is to make a bot that can refine an item while buying refinement aids bought from the event boutique depending on the refinement level of the item and stops once it reaches a certain refinement level.
I have made auto-it code that can issue refine packets and buys the tisha's / tienkang (I used a breakpoint in the send packet function to figure out the format for those) but I am stuck when it comes to reading the refinement level of an item in my inventory and can use any help.
If someone has auto-it code that shows how to read item information from inventory that would help.
|
|
|
|
|
04/16/2013, 01:27
|
#14
|
elite*gold: 0
Join Date: Mar 2013
Posts: 17
Received Thanks: 3
|
Quote:
Originally Posted by jasty
If someone has auto-it code that shows how to read item information from inventory that would help.
|
For the Autoit Code take a look in the Prophet Bot Source Code.
I use this to see how most things can be done, so i can use what i learn in Delphi.
Heres the Code for the Inventory:
Code:
Func BuildInventoryArray()
Local $array[1][7], $pointer, $inventory_base, $counter, $inventorysize
$inventorysize = _MemoryRead(_MemoryRead($CHAR_DATA_BASE + $OFFSET_INVENTORYBASE[1], $PROCESS_INFORMATION) + 0x10, $PROCESS_INFORMATION) ;[CHAR_DATA_BASE + 0xC50] + 0x10] ;or 0x14, not sure if both work, might be different with extended inventory
$pointer = _MemoryRead(_MemoryRead($CHAR_DATA_BASE + $OFFSET_INVENTORYBASE[1], $PROCESS_INFORMATION) + 0xC, $PROCESS_INFORMATION)
For $i=0 To $inventorysize - 1
$inventory_base = _MemoryRead($pointer + $i * 0x4, $PROCESS_INFORMATION)
ReDim $array[$i + 1][7]
$array[$i][0] = _MemoryRead($inventory_base, $PROCESS_INFORMATION) ;ID
$array[$i][1] = _MemoryRead($inventory_base + $OFFSET_INVENTORYID, $PROCESS_INFORMATION) ;ID
$array[$i][2] = _MemoryRead($inventory_base + $OFFSET_INVENTORYSTACKAMOUNT, $PROCESS_INFORMATION) ;Stack Amount
$array[$i][3] = _MemoryRead($inventory_base + $OFFSET_INVENTORYMAXSTACKAMOUNT, $PROCESS_INFORMATION) ;MAX Stack Amount
$array[$i][4] = _MemoryRead($inventory_base + $OFFSET_INVENTORYSELLPRICE, $PROCESS_INFORMATION) ;Sell Price
$array[$i][5] = _MemoryRead($inventory_base + $OFFSET_INVENTORYBUYPRICE, $PROCESS_INFORMATION) ;Buy Price
$array[$i][6] = _MemoryRead(_MemoryRead($inventory_base + $OFFSET_INVENTORYDESCRIPTION, $PROCESS_INFORMATION), $PROCESS_INFORMATION, 'wchar[30]') ;Name
Next
If $array[$inventorysize - 1][0] <> "" Then
$PACKFULL = True
Else
$PACKFULL = False
EndIf
;_ArrayDisplay($array,$x)
Global $InventoryArray = $array, $InventoryArraySize = $inventorysize - 1
EndFunc ;==>
But better look in the Code for all the Variables.
The Offsets from your link are not all working for the actual Game, so heres the actual PWI Inventory Struct Offset: 0xdc0
Happy coding 
|
|
|
|
|
04/16/2013, 02:03
|
#15
|
elite*gold: 0
Join Date: Jul 2011
Posts: 145
Received Thanks: 97
|
Quote:
Originally Posted by Afro-Head
For the Autoit Code take a look in the Prophet Bot Source Code.
I use this to see how most things can be done, so i can use what i learn in Delphi.
Heres the Code for the Inventory:
Code:
Func BuildItemArray()
Local $array[1][8], $pointer, $item_base, $counter
For $i=0 To 768
$pointer = _MemoryRead(_MemoryRead($ITEM_DATA_BASE[1] + $i * 0x4, $PROCESS_INFORMATION) + 0x4 , $PROCESS_INFORMATION)
If $pointer <> 0 Then
ReDim $array[$counter + 1][8]
$array[$counter][0] = _MemoryRead($pointer + $OFFSET_ITEMID, $PROCESS_INFORMATION) ;ID
$array[$counter][1] = _MemoryRead($pointer + $OFFSET_ITEMSN, $PROCESS_INFORMATION) ;SN
$array[$counter][2] = _MemoryRead(_MemoryRead($pointer + $OFFSET_ITEMNAME, $PROCESS_INFORMATION), $PROCESS_INFORMATION, 'wchar[30]') ;Name
$array[$counter][3] = _MemoryRead($pointer + $OFFSET_ITEMX, $PROCESS_INFORMATION, 'float') ;X
$array[$counter][4] = _MemoryRead($pointer + $OFFSET_ITEMY, $PROCESS_INFORMATION, 'float') ;X
$array[$counter][5] = _MemoryRead($pointer + $OFFSET_ITEMZ, $PROCESS_INFORMATION, 'float') ;Y
$array[$counter][6] = GetSlopeDistance(($X + 4000) / 10, ($Y + 5500) / 10, $Z / 10, ($array[$counter][3] + 4000) / 10, ($array[$counter][4] + 5500) / 10, $array[$counter][5] / 10)
$array[$counter][7] = GetSlopeDistance(($HOME_X + 4000) / 10, ($HOME_Y + 5500) / 10, $HOME_Z / 10, ($array[$counter][3] + 4000) / 10, ($array[$counter][4] + 5500) / 10, $array[$counter][5] / 10)
$counter += 1
EndIf
Next
_ArraySort($array, "", "", "", 6)
;_ArrayDisplay($array)
Global $ItemArray = $array, $ItemArraySize = $counter - 1
EndFunc ;==>
But better look in the Code for all the Variables.
The Offsets from your link are not all working for the actual Game, so heres the actual PWI Inventory Struct Offset: 0xdc0
Happy coding |
The item struct being 0xDC0 is what I was failing on. Thanks!
I am finding it easier to use Cheat Engine to search the memory a lot easier than ollydbg
For those coming after me this is how I understand this works:
*address is dereferencing that address (reading the value from that address)
BaseAddress =(currently 0xBBC9CC)
*BaseAddress + 0x34 = playerstruct
*PlayerStruct + 0xDC0 = Inventory
*Inventory + 0xC = ItemList
*ItemList + 4*i for i in 0 to 32/64 gives = item (corresponding to the contents of a space in your inventory)
*item is specified by
|
|
|
|
 |
|
Similar Threads
|
Inventory mod.
03/16/2010 - Mabinogi - 10 Replies
In reply to someones post about inventory coloring, it is possible. One of my guildmates did it, didn't take long...Unless I http://i214.photobucket.com/albums/cc169/drkdragon 777_2007/mabinogi_2010_02_23_003.jpg misunderstood the question.
It all has to do with these files...
data>gfx>gui>interface.dds
data>gfx>gui>gui_window_making.dds
data>gfx>image>npcdialogue2.dds
data>gfx>image>gui_reward.dds
I don't know about pets but you can certainly do things such as egos
|
bug with the inventory
09/20/2009 - CO2 Private Server - 1 Replies
hey i want to know how i can fix the bug of the inventory because when i try to buy something the sistem said your inventory its full how i can fix that?
|
[help]Inventory bug
01/19/2009 - CO2 Private Server - 1 Replies
can someone tell me how to fix the Inventory bug plz
|
[Help]Inventory
01/06/2009 - CO2 Private Server - 18 Replies
Well I have done the LOTF in INI's , And theres One prob.Server Cannot Save Whole Inventory, Means it saves (Packs) it To some Stage , It crashes at 15th Spot , Means It cannot saveh That long lines o.o I have tried many other ways , Failed? Any suggestions?
|
More Inventory
03/30/2007 - General Gaming Discussion - 1 Replies
Get some bags - go to your local bank. Put the bags in your inventory - open one - drag stuff from the bank in it. There you go - put as much clothes and weapons in it as you like.
If you want to equip something just rightclick the opject and it will be exchanged - do this as often as you like.
Hope it wont be fixed today ;)
Taschen kaufen - ins Inventory packen und in die Bank gehen. Sachen von der Bank direkt in diese Tasche ziehen. Klamotten oder Waffen -> Rechtsklick, dann zieht...
|
All times are GMT +2. The time now is 02:29.
|
|
