Memory Address's Update

Page 13 of 16

03/22/2007 16:43 blinko#181

Quote:

Originally posted by giacometti@Mar 22 2007, 14:04
Does anyone have an address for Itens in area (on ground)? I dont know if there is really this info on memory, but i believe so, just like we have mobs in area... (I am trying to find the structure of items droped on ground)

i think thats a wonderful idea i'll drop some items and have a go at it :P

03/22/2007 21:02 giacometti#182

well, i found in this static address 00517850 (2 bytes) a number related to the amount of items in ground. Everytime an item is added (dropped) it sums 4, and everytime and item is removed (picked up or goes away) it lower in 4. But the initial value seems to be random.. everytime you load the game or dc it does change.

04/02/2007 05:28 chasezero#183

memory address for mana would be awesome

04/02/2007 07:34 blinko#184

havent been able to find mana yet, i'll get to that here in a few

04/04/2007 07:28 cobotok#185

Normail name's Address

04/04/2007 07:28 cobotok#186

Redname's Address:

<hr>Append on Apr 4 2007, 08:14<hr>

Quote:

Originally posted by giacometti+Jan 12 2007, 11:23--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (giacometti @ Jan 12 2007, 11:23)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin--giacometti@Jan 11 2007, 17:55
I got it. The offset is 81 of the char name. 1 byte, 01 when flashing, and 00 when normal, just like I predict... ;) :D?btw, char names seem to be not static... diferents ones goes in diferent places when reloading conquer..

So now how could we make a disconnect funtion? I dont know if writing to memory could help us (or me! ;) ). Maybe learn how to hook winsock connection and close from there...

My mistake here! the offset is not for flashing names... its just the action=attck that triggs that. They stop at same time (flash and the action), so that cheated me. =p. [/b][/quote]
TO:giacometti
1# I found the Player action is offset 88 of charactername.
08= run
11=defence
14=walk
15=stand
17=be attacked
19=jump
1F= attack monster

2# But there is 00 on offset 81 in Redname and normal.
Pls give me some advice on it?
3# The playerid is static according to the player. I guess the ID is more than 00 10 00 00. Because the monster and NPC ID is 00 0* ** **(we found more than 10 monster and NPC).
Can we judge is it a player or monster/NPC according to the PlayerID??

04/04/2007 19:21 giacometti#187

Quote:

Originally posted by giacometti@Jan 12 2007, 08:02
Well, the correct offset for flash bluename is -104 from charname (above it). I the next byte you can check for red/blackname and in the next for cyclone, superman, fly etc.

and about the check for monster/npc you can, but it may fail this way. You need more checks to have sure. just look a player structure and compare with npcs, guard, monsters. tip: Monsters have life in the structure, and the others dont.

04/11/2007 23:48 DM2000#188

#un-pinned - included in Linklist

04/14/2007 03:15 inSertCoiN#189

Anyone know/can find out a way to bypass GameGuard so that we can use Postmsg or Sendmsg APIs?
Or maybe someone knows another way to send keypresses and mouse actions on inactive windows?

04/14/2007 14:12 anantasia#190

Quote:

Originally posted by inSertCoiN@Apr 14 2007, 09:15
Anyone know/can find out a way to bypass GameGuard so that we can use Postmsg or Sendmsg APIs?
Or maybe someone knows another way to send keypresses and mouse actions on inactive windows?

You may need to try study about injection.

You can inject DLL to any execution file and forge process thread to handle keyboard/mouse and send what ever postmsg/sendmsg API to exe game ,program or inactive windows.

Some post from gunz forum,
[Only registered and activated users can see links. Click Here To Register...]
Inject DLL before gameguard or Nprotect load.

Here is guide psudo code DLL.

Main DLL{
DisableThreadLibraryCalls;
CreateThread(LPSECURITY_ATTRIBUTES lpThreadAttributes,DWORD dwStackSize,LPTHREAD_START_ROUTINE lpStartAddress,LPVOID lpParameter,DWORD dwCreationFlags,LPDWORD lpThreadId);
}

lpStartAddress{
If GetAsyncKeyState{
Do procedure you want or run reuse call procedure in exe game if you know;
}
sleep
}

04/27/2007 23:50 ZeRo-ToLeRaNcE#191

Hello People!

the new patch from TQ 4346 the memory adresses are changed!!!

Here are some new memory adresses i have found yet:

CHARACTERNAME=&H5120BC

ACCOUNTID=&H518478

SPOUSE=&H5128B8

SERVER=&H518374

CHARACTERLEVEL=&H512C00

STRENGTH=&H5128C8

AGILITY=&H5128D0

VITALITY=&H5128D4

SPIRIT=&H5128E8

PING=&H515CAC

MONEY=&H512E24

VPPOINTS=&H512C4C

CPS=&H512E28

The others im still busy with that, maby some help from you all, then we are going all further :-)

Greets,

DyNy

04/28/2007 21:50 carbin2k4#192

The new mem address for Zoom is '&H518CFC'
i know that works in VB6 Bacause thats what i use.

04/28/2007 23:01 blinko#193

i'll have the rest of the memory address's up by tonight.

hopefully the rest all using prog4mers multiclient of course

04/29/2007 00:12 ZeRo-ToLeRaNcE#194

Quote:

Originally posted by blinko@Apr 28 2007, 23:01
i'll have the rest of the memory address's up by tonight.

hopefully the rest all using prog4mers multiclient of course

He Blinko!

that's a long time ago :-)
i still busy olso with the addressen but i don't can find the Arrow adress and HP

i hope you can find them.

greets,

DyNy

04/29/2007 05:23 blinko#195

Added new address's for patch 4346 ^^.
HP and how to inject HP using VB6.0 examples coming as soon as i find it ^^.

Page 13 of 16

« First

Last »