Quote:
Originally Posted by d4mmed
Thank you for explaining lucid. Could you pls explain how to get the right value for "TargetEntityDataPointer, both 0x254 and 0x1D4 are not working for me. Maybe i am doing something wrong.
If anyone els got the right value, share it also pls so others knows what the right value is.
TargetEntityBase = 0x87B52C
TargetEntityDataPointer = 0x87B534 + (0x254) ?
|
Immons - I think you're a step ahead of him
d4mmed - (TargetEntityBase + 0x254) will contain the
address to the data for that entity, it won't actually contain the data. This means you must read the address, take the value and go to that new address, then you'll be in the right area to find HP.
Also, based upon your example values, it looks like you aren't adding Game.dll to the TargetPointerOffset in step 1. Each place I pass values into a pseudo "Read()" function you must evaluate what is inside the parenthesis and then use that value as an address.
Let's assume the following:
- Game.dll's base value is 0x4 (ridiculously low, but keeps our example simple)
- HPDataOffset is 0x8
- Your HP is 1099
Here's a simple example with addresses on top and values down bottom:
00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17
-----------------------------------------------------------------------
05 A2 D1 45 90 01 E4 03 00 00 00 00 10 00 00 00 4B 04 00 00 CD CD CD CD
In this case, the steps might look like this:
- TargetHPAddress = Read(Game.dll + HPDataOffset)
- HP = Read(TargetHPAddress)
Let's take step 1 slowly... we are assuming Game.dll has a base value of 0x4 for our purposes, but in a real-world example you will need to use the Windows API in your program to determine the base address of Game.dll (WinAPI docs:
).
Game.dll + HPDataOffset
(is really)
0x4 + 0x8
(which equals)
0xC
Now we Read() the value at address 0xC. Since we're reading the value as an address (because it is a pointer), we will read 4 bytes.
00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17
-----------------------------------------------------------------------
05 A2 D1 45 90 01 E4 03 00 00 00 00 10 00 00 00 4B 04 00 00 CD CD CD CD
Values are little endian, so 10 00 00 00 must be reversed: 00 00 00 10
Note that "10" does not become "01"! The order of the bytes is reversed, but each individual byte is unchanged.
So TargetHPAddress = 0x10
Now for step 2... we will read the HP value at 0x10 (HP is also 4-bytes):
00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17
-----------------------------------------------------------------------
05 A2 D1 45 90 01 E4 03 00 00 00 00 10 00 00 00 4B 04 00 00 CD CD CD CD
We read 4B 04 00 00, reverse byte order... 00 00 04 4B or 0x44B. 0x44B converted to decimal is 1099, your HP value.
This is not exactly how it works in Aion, but should help you understand the general idea.
The 0x1D4/0x254 value can be determined by measuring distance to the top the page, or just browsing memory if you are experience. You can read up about how
computer memory paging works on Wikipedia for some information that might help you. Not all values are page-aligned. Similarly,
most addresses are 4-byte aligned (address is evenly divisible by 4). Understanding these kinds of things helps leap to conclusions that are correct without checking them first. The value you're looking for is definitely between 0x1C0 and 0x260; it isn't too much to check and certainly some of that region will be values which are obviously not pointers (at least to the trained eye).
Hope this helps!