Defeat DMA For Health

Page 5 of 6 « First 34 5 6
11/23/2005 15:00 fallenStar#61
About the hp_offset: 0x10860 and mana_offset: 0x10864, I've notice if i read that address without running the script you have provide using TSearch, it will always gives 0 instead of giving current hp value or current mana value.

Btw, the inventory pointer works great. :D
11/23/2005 23:06 Hojo#62
Quote:
Originally posted by fallenStar@Nov 23 2005, 15:00
About the hp_offset: 0x10860 and mana_offset: 0x10864, I've notice if i read that address without running the script you have provide using TSearch, it will always gives 0 instead of giving current hp value or current mana value.

Btw, the inventory pointer works great. :D
Yes...

Thats right

Becuase health is dynamic, were converting it to static by inserting some ASM, that writes the health value to those memory spots, so if you dont insert this health will still remain dynamic, therefore leaving that spot to give readings of 0's
11/25/2005 15:07 fallenStar#63
Quote:
Originally posted by Hojo+Nov 23 2005, 23:06--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (Hojo @ Nov 23 2005, 23:06)</td></tr><tr><td id='QUOTE'><!--QuoteBegin--fallenStar@Nov 23 2005, 15:00
About the hp_offset: 0x10860 and mana_offset: 0x10864, I've notice if i read that address without running the script you have provide using TSearch, it will always gives 0 instead of giving current hp value or current mana value.

Btw, the inventory pointer works great. :D
Yes...

Thats right

Becuase health is dynamic, were converting it to static by inserting some ASM, that writes the health value to those memory spots, so if you dont insert this health will still remain dynamic, therefore leaving that spot to give readings of 0's[/b][/quote]
Okie, basically i understand how it works now. But pardon me for another noob question, is there anyway to convert the dynamic into static by using programming language such as VB or C++ instead of using TSearch ?

Have been looking into code hijack and hooking, from what i understand, those method can't really insert ASM code the way TSearch did. I'm not too sure, hope someone can give some pointer for me to move on. :ops:
11/25/2005 16:19 unknownone#64
You can insert code using a high level language, but you need the [Only registered and activated users can see links. Click Here To Register...] to write into memory.
T-Search gives us the opcodes in hex, if you open the easywrite window and click Tmk, then check. It'll show
Poke [address] [opcodes].
You can insert these values into memory using a high level language vis the WriteProcessMemory function.
11/26/2005 03:08 fallenStar#65
Quote:
Originally posted by unknownone@Nov 25 2005, 16:19
You can insert code using a high level language, but you need the [Only registered and activated users can see links. Click Here To Register...] to write into memory.
T-Search gives us the opcodes in hex, if you open the easywrite window and click Tmk, then check. It'll show
Poke [address] [opcodes].
You can insert these values into memory using a high level language vis the WriteProcessMemory function.
Thanks a lot, :D It is very helpful and i got it working already. Now i can try other stuff. :cool:
12/21/2005 22:26 abitofboth#66
This would only work for a specific version of the co2 client right ? so you gotta keep that static with the blacknull thingie. Untill next 'forced' version upgrade.
Personally just patch the exe .. if you find the place where it decides wich memory location to use, you'll see alot of other dynamic allocations too .. i just je -> jmp on the first case on all of them.
03/02/2006 09:13 meoso#67
Could this be done in AutoIt?
possibly via dll call?
04/14/2006 11:08 elementary#68
Well...more patches more trouble...i don't have a clue where to find mem locations of code (or the hex string to search for) which modify life :(
04/15/2006 01:14 meoso#69
Quote:
Originally posted by unknownone+Nov 23 2005, 09:26--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (unknownone @ Nov 23 2005, 09:26)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin--Appolyon@Nov 22 2005, 15:32
needing memory addreses for* CO2 life ...anyone has them?
HP and Mana on Co2 client.

Poke 108A0 89 08 89 0D 60 08 01 00 50 8B CE
Poke 108AB E9 84 77 4E 00
Poke 4F802F E9 6C 88 B1 FF
Poke 108C0 8B D8 A3 64 08 01 00 8B 06 8B CE
Poke 108CB E9 A3 A1 4B 00
Poke 4CAA6D E9 4E 5E B4 FF 90

hp_offset: 0x10860
mana_offset: 0x10864 [/b][/quote]
Is this still accurate for latest version of client2.0 (April 2006)?
04/15/2006 01:21 unknownone#70
Quote:
Originally posted by meoso+Apr 15 2006, 00:14--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (meoso @ Apr 15 2006, 00:14)</td></tr><tr><td id='QUOTE'>
Quote:
Originally posted by -unknownone@Nov 23 2005, 09:26
<!--QuoteBegin--Appolyon
Quote:
@Nov 22 2005, 15:32
needing memory addreses for* CO2 life ...anyone has them?

HP and Mana on Co2 client.

Poke 108A0 89 08 89 0D 60 08 01 00 50 8B CE
Poke 108AB E9 84 77 4E 00
Poke 4F802F E9 6C 88 B1 FF
Poke 108C0 8B D8 A3 64 08 01 00 8B 06 8B CE
Poke 108CB E9 A3 A1 4B 00
Poke 4CAA6D E9 4E 5E B4 FF 90

hp_offset: 0x10860
mana_offset: 0x10864
Is this still accurate for latest version of client2.0 (April 2006)? [/b][/quote]
no.
04/15/2006 09:59 meoso#71
Could someone share the new opcodes and adresses?
04/17/2006 08:54 elementary#72
last version hp_procedure overwrite with jmp @ addr: 004fcf47, ret addr: 004fcf4c
code from Tsearch :

Poke 108A0 89 08 89 0D 60 08 01 00 50 8B CE
Poke 108AB E9 9C C6 4E 00
Poke 4FCF47 E9 54 39 B1 FF

(ty unknownone for making me curious about assembly language again)
04/18/2006 22:14 meoso#73
Thanks to all the elitepvpers, especially this thread, i am able to read HP from memory. I have much to learn and better bots to write! Thank you!!!
04/19/2006 07:40 meoso#74
SORRY GUYS THIS NO LONGER WORKS.
UNLESS NEW CODE or ADDRESES ARE SHARED I WILL NOT ATTEMPT TO FIX.
__________________________________________________ ________


attached: defeat dma with autoit3 beta

This includes some memory functions written by "wRouter" in AutoIt3 Beta automation tool and some defeat DMA opcode offered by "elementary" written into an inject script and a read test script.

Learn to program in AutoIt to make some slow-ass bots, lol.
_________
you can install Scite editor and AutoIt3 automation tool, enable the beta:
[Only registered and activated users can see links. Click Here To Register...]

if it does not work on that particular version, then download the latest beta:
[Only registered and activated users can see links. Click Here To Register...]

_________
I have had issues with the reading of health. Technically the code worked, but i'm wondering if address 10860 isnt being corrupted, because i have found it to read erratic numbers occasionally. for me 606 health is reported sometimes when not true and there fore my health function gets triggerred in error.
04/23/2006 23:29 Seether#75
What file would I place this in?
Page 5 of 6 « First 34 5 6