Looking for a little help to be able to scan the the character inventory to look for a specific item.. Any help would be great. Thanks.
Scan Inventory
03/15/2011 02:42
kerosene69#1
03/15/2011 07:23
PhilMeBeer#2
GA(PWI=0xAD60C4)+30+C68+C+[I*4] ----- I=1-(GA+30+C68+10)
+8 = Item Id
+10 = Item Count
+40+0 = Description only shows after has been mouse overed .... find source from id instead < sry havent found yet
+8 = Item Id
+10 = Item Count
+40+0 = Description only shows after has been mouse overed .... find source from id instead < sry havent found yet
03/15/2011 11:28
kerosene69#3
Thank you so much!
03/15/2011 12:09
Interest07#4
name from id is dependant on the type of item and is generally stored in hash lists (or for some items also somewhere in the item structure). It's easiest to inject a function that updates description as if you hovered over it with mouse.Quote:
GA(PWI=0xAD60C4)+30+C68+C+[I*4] ----- I=1-(GA+30+C68+10)
+8 = Item Id
+10 = Item Count
+40+0 = Description only shows after has been mouse overed .... find source from id instead < sry havent found yet
For example:
itemAddress[i] = [[[player + 0xC68] + 0xC] + i * 4]
funcAddress[i] = [[itemAddress[i] + 0] + 0x34]
pushad
mov ECX, itemAddress[i]
mov EAX, funcAddress[i]
call EAX
popad
then itemdesc[i]= [[[itemAddress[i] + 0x40] + 0]
08/15/2011 23:23
novicehacker#5
bit of a necro, but I've been trying to get this to work but to no avail.
I know the code is probably not the most efficient but I'm trying to keep it contained until I've got it working. On a similar note I've also been trying to find nearby items using the code from [Only registered and activated users can see links. Click Here To Register...] but no luck there either :/.
Last question is about structs; I was reading that a struct passed as a param to a function duplicates the struct. Would I be correct in assuming that if I make the struct an instance variable of a class and then pass the class around it wouldn't have to duplicate the struct if its accessed through the class?
Any other general c# suggestions are welcome as I've just recently made the jump from autoit after reading some posts by interest07 and dumbfck.
PHP Code:
public unsafe static List<ITEM> getInventory()
{
List<ITEM> items = new List<ITEM>();
uint pointer = Mem.ReadUInt(process_handle, baseaddress + 48);
pointer = Mem.ReadUInt(process_handle, pointer + 3176);
pointer = Mem.ReadUInt(process_handle, pointer + 12);
for(int i=0; i < 40; i++)
{
//itemAddress[i] = [[[player + 0xC68] + 0xC] + i * 4]
uint item_addr = Mem.ReadUInt(process_handle, pointer + (uint)(i * 4));
ITEM item = new ITEM();
byte* lpitem = &item.bytes[0];
int sizeofitem = Marshal.SizeOf(item);
Mem.ReadBytesToStruct(process_handle, item_addr, lpitem, sizeofitem);
items.Add(item);
}
return items;
}
[StructLayout(LayoutKind.Explicit, Pack = 1)]
public unsafe struct ITEM
{
// Overlay array of bytes like in a C Union to allow faster updating of the whole structure
[FieldOffset(0)]
public fixed byte bytes[20];
[FieldOffset(8)]
public uint id;
[FieldOffset(16)]
public uint sn;
}
Last question is about structs; I was reading that a struct passed as a param to a function duplicates the struct. Would I be correct in assuming that if I make the struct an instance variable of a class and then pass the class around it wouldn't have to duplicate the struct if its accessed through the class?
Any other general c# suggestions are welcome as I've just recently made the jump from autoit after reading some posts by interest07 and dumbfck.
08/16/2011 01:44
omarranimado#6
thats right, since this is older info...after the last game update use for pw-int:Quote:
+8 = Item Id
+10 = Item Count
+40+0 = Description only shows after has been mouse overed .... find source from id instead < sry havent found yet
0xCA4 then 0xC68 and it works :)
08/16/2011 02:31
Merkada#7
this is Interest07's post in genesis offset topic
and i made some research here because i use your values in CE and i get some strange data, after few searches i find this:
0xAF7464+0x34+0xCA4+0xC+X*0x4+value from interest07 database
of course u can use real base 0xAF6DA4+1C+line above
easyist way how to find and filter every potion in inventory is with
0xAF7464+0x34+0xCA4+0xC+X*0x4+0x4 - if value = 9 then its a potion :handsdown:
and one more thing, powders like VAC, Shadow Binder Powder etc has value = 31 su u can search them too, many of then can heal, but not all so u must filter them before use, or make simple whitelist filter with pwdb ID, everything that is on whitelist put to another array for later use or delete lines which u dont want use (blacklist)
edit: eh thx omarranimado, this forum never sleeps, and i must do refresh page more often :D
edit2: i remake my Auction Hall script for you and [Only registered and activated users can see links. Click Here To Register...]
Code:
public struct itemStruct
{
public int uniqueId;
public int generalItemTypeId; //8 = DQ, 9 = Potion, etc
public int itemTypeId;
public int uk0xC;
public int amount;
public int maxAmount;
public int sellPrice;
public int buyPrice;
public int equipTypeId;
public int usableItemTypeId;
public int limitations; //such as droppable, quest item, etc
public int uk0x2C;
public int uk0x30;
public int uk0x34;
public int uk0x38;
public int uk0x3C;
public int descriptionPointer;
public int uk0x44;
public int uk0x48;
public int lvlRequirementEquip;
public int strRequirement;
public int dexRequirement;
public int lvlRequirementUsable;
public int uk0x5C;
public int magRequirement;
public int uk0x64;
public int currentDurability; //= ingameValue * 100
public int maxDurability;
public int uk0x70; //sell price gear again?
public int uk0x74;
public int uk0x78;
public int uk0x7C;
public int uk0x80;
public int upgradeLvl;
public int uk0x88;
public int uk0x8C;
public int socketIdList;
public int nrOfSockets;
public int uk0x98;
public int uk0x9C;
public int uk0xA0;
public int addOnList;
public int nrOfAddOns;
public int uk0xAC;
public int uk0xB0;
public int uk0xB4;
public int uk0xB8;
public int uk0xBC;
public int uk0xC0;
public int uk0xC4;
public int uk0xC8;
public int uk0xCC;
public int uk0xD0;
public int uk0xD4;
public int uk0xD8;
public int uk0xDC;
public int uk0xE0;
public int uk0xE4;
public int uk0xE8;
public int uk0xEC;
public int uk0xF0;
public int uk0xF4;
public int uk0xF8;
public int uk0xFC;
/*
176 phys def for regular equip, phys attack for rings
180 evasion
184 phys def for accessories, +MP for cape oO
190 +HP
194 min Patk / metal def
198 max Patk / wood def
202 min Matk? / water def
206 max Matk? /.fire def
210 weapon speed / earth def
*/
}
0xAF7464+0x34+0xCA4+0xC+X*0x4+value from interest07 database
of course u can use real base 0xAF6DA4+1C+line above
easyist way how to find and filter every potion in inventory is with
0xAF7464+0x34+0xCA4+0xC+X*0x4+0x4 - if value = 9 then its a potion :handsdown:
and one more thing, powders like VAC, Shadow Binder Powder etc has value = 31 su u can search them too, many of then can heal, but not all so u must filter them before use, or make simple whitelist filter with pwdb ID, everything that is on whitelist put to another array for later use or delete lines which u dont want use (blacklist)
edit: eh thx omarranimado, this forum never sleeps, and i must do refresh page more often :D
edit2: i remake my Auction Hall script for you and [Only registered and activated users can see links. Click Here To Register...]
08/16/2011 08:22
Interest07#8
Yeah it shouldn't duplicate it if you pass a class as parameter.Quote:
Last question is about structs; I was reading that a struct passed as a param to a function duplicates the struct. Would I be correct in assuming that if I make the struct an instance variable of a class and then pass the class around it wouldn't have to duplicate the struct if its accessed through the class?
playerInv offset = 3236 now
So you just might have the wrong offset.
edit: oops others have posted that already lol :o
in the post above it lists some examples for "public int generalItemTypeId; //8 = DQ, 9 = Potion, etc" But those aren't exactly correct, 8 is more than just DQ if I recall correctly.
In general if something isn't working, definitely check the offsets first. Luckily they haven't changed much lately, but there's some pretty dated info on these forums.
08/16/2011 13:03
MessyIO#9
This information is like a gold mine. I'm looking to read information from Ether Saga Online which is based on same elementclient codebase as perfect world and thanks to Interest07's offset finding post on WQ-Bot thread I was already able to figure out getting character name which I had problems with earlier.
I'm trying to get inventory, equips, items on grounds, mobiles etc. and tried asking for help on my first lil release at [Only registered and activated users can see links. Click Here To Register...] but since nobody seems to care for ESO it seems PW is the place to find the info.
Sorry for wall of text, I get to the point, I can adapt all info I get about PWI to ESO, I'm just a bit lost on how to find the right stuff. I'm new to memory reading, disassembling and whatnot but I'm eager to learn.
So I assume "GA(PWI=0xAD60C4)+30+C68+C" is the pointer to the start of an array of inventory item pointers and each pointer at +[I*4] brings you to an itemStruct? If that's true I can get a lot further with what I'm doing but I still have one question. How do you find out the pointer? Is base+30+C68 pointer to playerbase? So am I totally wrong if I start searching by putting a stack of items in first inventory slot and search for amount until I find the address and reverse from there until I get an offset from playerbase?
I'm trying to get inventory, equips, items on grounds, mobiles etc. and tried asking for help on my first lil release at [Only registered and activated users can see links. Click Here To Register...] but since nobody seems to care for ESO it seems PW is the place to find the info.
Sorry for wall of text, I get to the point, I can adapt all info I get about PWI to ESO, I'm just a bit lost on how to find the right stuff. I'm new to memory reading, disassembling and whatnot but I'm eager to learn.
So I assume "GA(PWI=0xAD60C4)+30+C68+C" is the pointer to the start of an array of inventory item pointers and each pointer at +[I*4] brings you to an itemStruct? If that's true I can get a lot further with what I'm doing but I still have one question. How do you find out the pointer? Is base+30+C68 pointer to playerbase? So am I totally wrong if I start searching by putting a stack of items in first inventory slot and search for amount until I find the address and reverse from there until I get an offset from playerbase?
08/16/2011 14:58
Interest07#10
Yeah, pretty much correct. Although right now PWI player base is baseAddress + 0x1C + 0x34Quote:
I'm trying to get inventory, equips, items on grounds, mobiles etc. and tried asking for help on my first lil release at [Only registered and activated users can see links. Click Here To Register...] but since nobody seems to care for ESO it seems PW is the place to find the info.
Sorry for wall of text, I get to the point, I can adapt all info I get about PWI to ESO, I'm just a bit lost on how to find the right stuff. I'm new to memory reading, disassembling and whatnot but I'm eager to learn.
So I assume "GA(PWI=0xAD60C4)+30+C68+C" is the pointer to the start of an array of inventory item pointers and each pointer at +[I*4] brings you to an itemStruct? If that's true I can get a lot further with what I'm doing but I still have one question. How do you find out the pointer? Is base+30+C68 pointer to playerbase? So am I totally wrong if I start searching by putting a stack of items in first inventory slot and search for amount until I find the address and reverse from there until I get an offset from playerbase?
Then you go to inventory with CA4, in there you have the inv size at +0x10, and the list of pointers to inventory items at +0xC. From there you indeed do +0x4 * i to find item i.
You can use different methods of finding this pointer, but searching for stack size for example should work. You could also search for description for example. Best is to place it in the first slot in my opinion, usually makes it easier for me at least, considering you already know what the structures look like.
08/17/2011 05:25
novicehacker#11
Thanks a bunch to everyone that helped out :).
Nothing special, but for any other novices starting out the inventory can be accessed using dumbfck's mem class's resolveNestedPointer
[Only registered and activated users can see links. Click Here To Register...] using
and for an easy way to look at structs via the console
might want to update it to return a string instead of using console.writeline directly, but that's up to you.
Nothing special, but for any other novices starting out the inventory can be accessed using dumbfck's mem class's resolveNestedPointer
[Only registered and activated users can see links. Click Here To Register...] using
PHP Code:
Mem.resolveNestedPointer(process_handle, baseaddress, new uint[] {52, 3236, 12, 0});
PHP Code:
static void struct_dump(Object o)
{
System.Reflection.FieldInfo[] fields = o.GetType().GetFields(System.Reflection.BindingFlags.Instance | System.Reflection.BindingFlags.Public);
foreach (System.Reflection.FieldInfo field in fields)
{
if(!field.Name.Equals("bytes"))
Console.WriteLine("\t" + strpad(field.Name, 15) + field.GetValue(o).ToString());
}
}
static String strpad(String input, int length)
{
while (input.Length < length)
{
input += " ";
}
return input;
}
05/04/2012 19:33
amineurin#12
--- problem solved ---Quote:
For example:
itemAddress[i] = [[[player + 0xC68] + 0xC] + i * 4]
funcAddress[i] = [[itemAddress[i] + 0] + 0x34]
pushad
mov ECX, itemAddress[i]
mov EAX, funcAddress[i]
call EAX
popad
then itemdesc[i]= [[[itemAddress[i] + 0x40] + 0]
04/15/2013 23:18
jasty#13
I'm going to have to bump this because I can't quite figure out how to get this to work.
I'm looking through the memory in OllyDbg just to see if I can follow the offsets to the Item struct but I'm doing something wrong.
I'm using the offsets from here: [Only registered and activated users can see links. Click Here To Register...] (are these verified?)
Base Address = 12306892 (0XBBC9CC)
In OllyDbg I see 00BBC9CC B0 9E 2A 0A
Since that's reverse hex that means base addr is 0x0A2A9EB0
the player offset from this is 0x34 (same as CHARSTRUCT1_OffSet=52 in that offset post?)
So 0x0A2A9EB0 + 0x34 = 0xA2A9EE4
At 0xA2A9EE4 I see 0x1780e220 in reverse hex
0x1780E220 + 3360(dec offset of inventory struct) = 0x1780EF40
At 0x1780EF40 I see 0xBAADF000 in reverse hex
That's a memory address that hasn't been allocated so I'm stuck!
Where did I go wrong? D:
My ultimate goal is to make a bot that can refine an item while buying refinement aids bought from the event boutique depending on the refinement level of the item and stops once it reaches a certain refinement level.
I have made auto-it code that can issue refine packets and buys the tisha's / tienkang (I used a breakpoint in the send packet function to figure out the format for those) but I am stuck when it comes to reading the refinement level of an item in my inventory and can use any help.
If someone has auto-it code that shows how to read item information from inventory that would help.
I'm looking through the memory in OllyDbg just to see if I can follow the offsets to the Item struct but I'm doing something wrong.
I'm using the offsets from here: [Only registered and activated users can see links. Click Here To Register...] (are these verified?)
Base Address = 12306892 (0XBBC9CC)
In OllyDbg I see 00BBC9CC B0 9E 2A 0A
Since that's reverse hex that means base addr is 0x0A2A9EB0
the player offset from this is 0x34 (same as CHARSTRUCT1_OffSet=52 in that offset post?)
So 0x0A2A9EB0 + 0x34 = 0xA2A9EE4
At 0xA2A9EE4 I see 0x1780e220 in reverse hex
0x1780E220 + 3360(dec offset of inventory struct) = 0x1780EF40
At 0x1780EF40 I see 0xBAADF000 in reverse hex
That's a memory address that hasn't been allocated so I'm stuck!
Where did I go wrong? D:
My ultimate goal is to make a bot that can refine an item while buying refinement aids bought from the event boutique depending on the refinement level of the item and stops once it reaches a certain refinement level.
I have made auto-it code that can issue refine packets and buys the tisha's / tienkang (I used a breakpoint in the send packet function to figure out the format for those) but I am stuck when it comes to reading the refinement level of an item in my inventory and can use any help.
If someone has auto-it code that shows how to read item information from inventory that would help.
04/16/2013 01:27
Afro-Head#14
For the Autoit Code take a look in the Prophet Bot Source Code.Quote:
I use this to see how most things can be done, so i can use what i learn in Delphi.
Heres the Code for the Inventory:
Code:
Func BuildInventoryArray() Local $array[1][7], $pointer, $inventory_base, $counter, $inventorysize $inventorysize = _MemoryRead(_MemoryRead($CHAR_DATA_BASE + $OFFSET_INVENTORYBASE[1], $PROCESS_INFORMATION) + 0x10, $PROCESS_INFORMATION) ;[CHAR_DATA_BASE + 0xC50] + 0x10] ;or 0x14, not sure if both work, might be different with extended inventory $pointer = _MemoryRead(_MemoryRead($CHAR_DATA_BASE + $OFFSET_INVENTORYBASE[1], $PROCESS_INFORMATION) + 0xC, $PROCESS_INFORMATION) For $i=0 To $inventorysize - 1 $inventory_base = _MemoryRead($pointer + $i * 0x4, $PROCESS_INFORMATION) ReDim $array[$i + 1][7] $array[$i][0] = _MemoryRead($inventory_base, $PROCESS_INFORMATION) ;ID $array[$i][1] = _MemoryRead($inventory_base + $OFFSET_INVENTORYID, $PROCESS_INFORMATION) ;ID $array[$i][2] = _MemoryRead($inventory_base + $OFFSET_INVENTORYSTACKAMOUNT, $PROCESS_INFORMATION) ;Stack Amount $array[$i][3] = _MemoryRead($inventory_base + $OFFSET_INVENTORYMAXSTACKAMOUNT, $PROCESS_INFORMATION) ;MAX Stack Amount $array[$i][4] = _MemoryRead($inventory_base + $OFFSET_INVENTORYSELLPRICE, $PROCESS_INFORMATION) ;Sell Price $array[$i][5] = _MemoryRead($inventory_base + $OFFSET_INVENTORYBUYPRICE, $PROCESS_INFORMATION) ;Buy Price $array[$i][6] = _MemoryRead(_MemoryRead($inventory_base + $OFFSET_INVENTORYDESCRIPTION, $PROCESS_INFORMATION), $PROCESS_INFORMATION, 'wchar[30]') ;Name Next If $array[$inventorysize - 1][0] <> "" Then $PACKFULL = True Else $PACKFULL = False EndIf ;_ArrayDisplay($array,$x) Global $InventoryArray = $array, $InventoryArraySize = $inventorysize - 1 EndFunc ;==>
The Offsets from your link are not all working for the actual Game, so heres the actual PWI Inventory Struct Offset: 0xdc0
Happy coding :mofo:
04/16/2013 02:03
jasty#15
The item struct being 0xDC0 is what I was failing on. Thanks!Quote:
I use this to see how most things can be done, so i can use what i learn in Delphi.
Heres the Code for the Inventory:
But better look in the Code for all the Variables.Code:Func BuildItemArray() Local $array[1][8], $pointer, $item_base, $counter For $i=0 To 768 $pointer = _MemoryRead(_MemoryRead($ITEM_DATA_BASE[1] + $i * 0x4, $PROCESS_INFORMATION) + 0x4 , $PROCESS_INFORMATION) If $pointer <> 0 Then ReDim $array[$counter + 1][8] $array[$counter][0] = _MemoryRead($pointer + $OFFSET_ITEMID, $PROCESS_INFORMATION) ;ID $array[$counter][1] = _MemoryRead($pointer + $OFFSET_ITEMSN, $PROCESS_INFORMATION) ;SN $array[$counter][2] = _MemoryRead(_MemoryRead($pointer + $OFFSET_ITEMNAME, $PROCESS_INFORMATION), $PROCESS_INFORMATION, 'wchar[30]') ;Name $array[$counter][3] = _MemoryRead($pointer + $OFFSET_ITEMX, $PROCESS_INFORMATION, 'float') ;X $array[$counter][4] = _MemoryRead($pointer + $OFFSET_ITEMY, $PROCESS_INFORMATION, 'float') ;X $array[$counter][5] = _MemoryRead($pointer + $OFFSET_ITEMZ, $PROCESS_INFORMATION, 'float') ;Y $array[$counter][6] = GetSlopeDistance(($X + 4000) / 10, ($Y + 5500) / 10, $Z / 10, ($array[$counter][3] + 4000) / 10, ($array[$counter][4] + 5500) / 10, $array[$counter][5] / 10) $array[$counter][7] = GetSlopeDistance(($HOME_X + 4000) / 10, ($HOME_Y + 5500) / 10, $HOME_Z / 10, ($array[$counter][3] + 4000) / 10, ($array[$counter][4] + 5500) / 10, $array[$counter][5] / 10) $counter += 1 EndIf Next _ArraySort($array, "", "", "", 6) ;_ArrayDisplay($array) Global $ItemArray = $array, $ItemArraySize = $counter - 1 EndFunc ;==>
The Offsets from your link are not all working for the actual Game, so heres the actual PWI Inventory Struct Offset: 0xdc0
Happy coding :mofo:
I am finding it easier to use Cheat Engine to search the memory a lot easier than ollydbg
For those coming after me this is how I understand this works:
*address is dereferencing that address (reading the value from that address)
BaseAddress =(currently 0xBBC9CC)
*BaseAddress + 0x34 = playerstruct
*PlayerStruct + 0xDC0 = Inventory
*Inventory + 0xC = ItemList
*ItemList + 4*i for i in 0 to 32/64 gives = item (corresponding to the contents of a space in your inventory)
*item is specified by [Only registered and activated users can see links. Click Here To Register...]