Aion 4.0 offsets

[Storb]

To oversimplify, a target, or entitie's data is never in a static place thus you have to search using pointers.

If I simplified the addresses down it would look like this

Read Target Pointer
Target Pointer points to Mob ID
Read Mob ID and add on mob ID pointer
Read Mob ID and add on mob HP pointer
Now you have the mobs HP

Every single time you change targets you have to find the targets ID and then its' HP

Quote:

Originally Posted by illegible

I find it with cheat engine easy with the blueprint I've saved.
Just search for this array of bytes.
For 32-bit Process:
"4E 6F 6E 65 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 0F 00 00 00 01 00 00 00 00 00 00 00 50 6C 61 79 65 72 00 00 00 00 00 00 00 00 00 00 06 00 00 00 0F 00 00 00 02 00 00 00 00 00 00 00 55 73 65 72 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 0F 00 00 00 03 00 00 00 00 00 00 00 4E 50 43 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 0F 00 00 00 04 00 00 00 00 00 00 00 47 61 6D 65 4F 62 6A 65 63 74"
(Note: In scan settings "MEM_IMAGE" must be checked)

The result is almost the right offset.
To get the right offset you must do:
"The found offset" - "constant 0x38"
Currently 32-bit NA: 0x10ACF80 - 0x38 = 0x10ACF48

So I was able to find the entity map using your method, It was very easy thank you for that.

However I suppose pointers have changed since the time the walkthroughs I had been using.

Quote:

int basePtr = Process.Modules.Game;
int entityMap = Memory.ReadInt(Process.handle, basePtr + 0x8ef138);
int entityArray = Memory.ReadInt(Process.handle, entityMap + 0x48);
int entityArrayCount = Memory.ReadInt(Process.handle, entityMap + 0x58);

for (int i = 0; i < entityArrayCount; i++)
{
int struct1Node = Memory.ReadInt(Process.handle, entityArray + (i * 4));
TraverseNode(struct1Node);
}

I have the entity array as

game.dll + 10ACF48
and then a pointer of +48

and the entity array count as
game.dll + 10ACF48
and a pointer of +58

the array count doesn't seem to be working properly or I have a bad pointer. The counter appears to be a reasonable number but never changes properly. If I go into my studio apartment one would expect the array count to be well under 10 since their are hardly any entities in that zone, but it is around 600.


May I ask what pointers you add to the entitymap in order to get the array & array count? From that snipit of code it appears that you use the entity array itself as the first node. Is that correct? At that point would i use +254 and +3a to get the target name from that node?

This is what I am trying in my CE. I am trying to return the name of the first entity node.

Text unicode 32
game.dll + 10ACF48
pointer 48
pointer 254
pointer 3a

This isn't returning a name


Thank you in advance

[sweetlady]

Could it'd be ?:

Code:

// LocalPlayer game.dll +
#define HAVE_TARGET	        0xB46EBC
#define PLAYER_ROTATION	        0xFB3A5C
#define	PLAYER_X	        0xFB3E80
#define	PLAYER_Y	        0xFB3E7C
#define	PLAYER_Z	        (PLAYER_X + 0x4)
#define PLAYER_NAME	        0xFB429C
#define PLAYER_LEGION           0xFB434C	
#define PLAYER_XP	        0xFB44C8
#define PLAYER_MAXXP	        0xFB44B8
#define	PLAYER_LEVEL		0xFBC188    //**Not updated*
#define	PLAYER_HEALTH		0XFB44D4				
#define	PLAYER_MAXHEALTH	(PLAYER_HEALTH + 0x4)
#define	PLAYER_MANA		0XFB44DC				
#define	PLAYER_MAXMANA	        (PLAYER_MANA + 0x4)		

//Entity Linked List	game.dll +
#define ENTITYLIST	         0xFBE5D8
#define ENTITY_ARRAY	         0x48
#define ENTITY_SIZE	         0x58

For EU client

[maxxzapp]

****** I don't believe the entity counter actually works anymore. The entry is still right at 48. Also if you take a look thru the entity map you will notice that everything is in there not just NPC (eg signs, region banners, etc). You're going to need to go a few entities through the linkedlist before you hit something with an actual name. Best to traverse through the LL until you get to a terminating value, eg 0xCDCDCDCD

[Storb]

Re-did the op with my CE table. Probably easier to understand

I did figure out how to get data out of the entity array

Quote:

<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
<CheatEntries>
<CheatEntry>
<ID>44</ID>
<Description>"Entity Array"</Description>
<Color>80000008</Color>
<VariableType>String</VariableType>
<Length>10</Length>
<Unicode>1</Unicode>
<ZeroTerminate>1</ZeroTerminate>
<Address>game.dll + 10ACF48</Address>
<Offsets>
<Offset>3A</Offset>
<Offset>254</Offset>
<Offset>C</Offset>
<Offset>0</Offset>
<Offset>0</Offset>
<Offset>0</Offset>
<Offset>0</Offset>
<Offset>48</Offset>
</Offsets>
</CheatEntry>
</CheatEntries>
</CheatTable>

If you understand why there are 0's in there, then you will know how to make that usefull

[illegible]

32 bit NA offsets:

Code:

        internal enum EntityList
        {
            Pointer = 0x10acf48,
            EntityArrayFirstItem = 0x48,
        }

        internal enum EntityArrayItem
        {
            NextArrayItem = 0x0,
            PreviousArrayItem = 0x4,
            EntityNode = 0xC
        }

        internal enum EntityNode
        {
            IsDead = 0x4,
            X = 0x34,
            Y = X + 0x4,
            Z = X + 0x8,
            Type = 0x13E,
            Entity = 0x254,
        }

        internal enum Entity
        {
            EntityNode = 0x4,
            Attitude = 0x1C,
            ObjectId = 0x24,
            Level = 0x36,
            HealthPercent = 0x38,
            Name = 0x3A,
            Type = 0x1CC,
            Class = 0x214,
            Stance = Class + 0x8C,
            Movement = Stance + 0x4,
            TargetObjectId = Stance + 0x98,
            Health = 0x1228,
            MaxHealth = Health + 0x4
        }

        internal enum LocalPlayer
        {
            TargetEntityNode = 0xC2C5E0,
            HasTarget = TargetEntityNode + 0x8,

            CamX = X - 0x420,
            CamY = CamX - 0x8,

            Movement = X - 0x43C,
            X = Name - 0x428,
            Y = X + 0x4,
            Z = X + 0x8,

            ObjectId = Name - 0x4,
            Name = Level - 0x214,
            Legion = Name + 0xB0,
            Level = 0x10A2A60,

            MaxHealth = Level + 0x24,
            Health = MaxHealth + 0x4,
            MaxMana = Level + 0x2C,
            Mana = MaxMana + 0x4,
            Class = Level + 0x9C,
            Experience = Level + 0x18,
            MaxExperience = Experience - 0x10,
            RecoverableExperience = MaxExperience + 0x8,
            MaxDivinePower = Level + 0x34,
            DivinePower = MaxDivinePower + 0x2,

            MaxFlight = Level + 0x8FB0,
            FlightRemainder = MaxFlight + 0x4,
            FlightType = MaxFlight + 0x8,
            FlightCooldown = FlightRemainder + 0x100
        }

[sweetlady]

Quote:

Originally Posted by illegible

32 bit NA offsets:

Code:

        internal enum EntityList
        {
            Pointer = 0x10acf48,
            EntityArrayFirstItem = 0x48,
        }

Entity pointer is not game.dll + 0xFBE5D8?
Edit: Sorry I guess it's for EU client!

[Storb]

so a while back i misplaced a character when I was doing my offsets and caused my character to rapidly jump. Problem is I have no idea what I broke to make it happen. But Now I have a need to make my character jump when Aion is minimized, so there must be an offset somewhere.

Anyone know what the offset is or pointers for jumping?

[naifter]

i can use codes for cheat engine?
O:

[Cicciolo79]

Quote:

Originally Posted by naifter

i can use codes for cheat engine?
O:

Yes. You can specify as address "Game.dll"+0x10A2A60 for your PG level, etc... Dont forgot to set "unicode" in string values like name, target name, etc..

[Cathalea]

how to use this ?

[Immons]

Quote:

Originally Posted by Cathalea

how to use this ?

[Storb]

Anyone know how to select a target using writememory?

I have tried clearing my target in game, writing the nodeID i want to target directly to the player target address. Cheat engine and my bot will update with that nodes name and HP and location and whatnot, but in game my character is still not targeting anything.

Basically I have a list of all the mobs and players around my in the entity array, I want to click an entity in the list and have my player target that entity in game.

[lostDev]

Here are my 64bit NA offsets that I've found so far. If anyone has others, please post. I am still trying to figure out some offsets before releasing my bot too. If anyone knows the entity Type values that would be of great help.

Code:

#define PLAYER_HEALTH     0x1746320
#define PLAYER_MAX_HEALTH (PLAYER_HEALTH - 0x4)
#define PLAYER_MANA       (PLAYER_HEALTH + 0x8)
#define PLAYER_MAX_MANA   (PLAYER_MANA - 0x4)
#define PLAYER_XP         (PLAYER_HEALTH - 0x10)
#define PLAYER_MAX_XP     (PLAYER_XP - 0x10)
#define HAS_TARGET        0x1315324
#define TARGET_PTR        0x1315318
#define TARGET_OFF1       0x368
#define TARGET_HP         0x1364
#define TARGET_MAX_HP     (TARGET_HP + 0x04)

[¥Zinged™]

i dont have language

[dranz248]

Can someone make the exact bot of this please and please update this as always