How to search offset npc base with CE??

06/24/2011 09:24 Aduhn32#1
I saw on some forums and I found a way to get
NPC list. But i confused with code its.

Code:
Func GetNpcList()
	Local $array[1][8], $pointer, $npc_base, $counter
	$pointer = memread(memread(memread(memread(memread($base) + 0x1C) + 0x8) + 0x24) + 0x18)
	For $x=0 To 768
		$npc_base = memread(memread($pointer + $x*0x4) + 0x4)
		If $npc_base<>0 Then
			ReDim $array[$counter+1][8]
			$array[$counter][0] = memread($npc_base, 'byte') ;NPC Type (NPC/MOB/PET)
			$array[$counter][1] = memread($npc_base + 0x11C) ;NPC ID
			$array[$counter][2] = memread(memread($npc_base + 0x254), 'wchar[30]') ;NPC Name
			$array[$counter][3] = memread($npc_base + 0x124) ;NPC Level
			$array[$counter][4] = memread($npc_base + 0x248) ;Special Info
			$array[$counter][5] = (memread($npc_base + 0x3C, 'float')+4000)/10 ;NPC x-position
			$array[$counter][6] = (memread($npc_base + 0x44, 'float')+5500)/10 ;NPC y-position
			$array[$counter][7] = memread($npc_base + 0x40, 'float')/10 ;NPC z-position
			$counter += 1
		EndIf
	Next
	Return $array
EndFunc
how to search this offset?
Code:
0x1C , 0x8 , 0x24, 0x18
06/24/2011 09:40 momomyst#2
can you give me GM Seller 9 cord...???
06/24/2011 11:59 Aduhn32#3
Quote:
Originally Posted by momomyst View Post
can you give me GM Seller 9 cord...???
what you mean
06/24/2011 12:11 Interest07#4
Quote:
Originally Posted by Aduhn32 View Post
I saw on some forums and I found a way to get
NPC list. But i confused with code its.

Code:
Func GetNpcList()
	Local $array[1][8], $pointer, $npc_base, $counter
	$pointer = memread(memread(memread(memread(memread($base) + 0x1C) + 0x8) + 0x24) + 0x18)
	For $x=0 To 768
		$npc_base = memread(memread($pointer + $x*0x4) + 0x4)
		If $npc_base<>0 Then
			ReDim $array[$counter+1][8]
			$array[$counter][0] = memread($npc_base, 'byte') ;NPC Type (NPC/MOB/PET)
			$array[$counter][1] = memread($npc_base + 0x11C) ;NPC ID
			$array[$counter][2] = memread(memread($npc_base + 0x254), 'wchar[30]') ;NPC Name
			$array[$counter][3] = memread($npc_base + 0x124) ;NPC Level
			$array[$counter][4] = memread($npc_base + 0x248) ;Special Info
			$array[$counter][5] = (memread($npc_base + 0x3C, 'float')+4000)/10 ;NPC x-position
			$array[$counter][6] = (memread($npc_base + 0x44, 'float')+5500)/10 ;NPC y-position
			$array[$counter][7] = memread($npc_base + 0x40, 'float')/10 ;NPC z-position
			$counter += 1
		EndIf
	Next
	Return $array
EndFunc
how to search this offset?
Code:
0x1C , 0x8 , 0x24, 0x18

The easiest way to find them is by using cheatengine and searching for the number of npcs/mobs/pets around you, then working your way back. This will be at offset 0x14, where the list is at 0x18.

Another way would be to go for a mob, search his HP, then hit him once, search for new HP value, etcetera until you found a single value. Then trace back from there. (This works exactly the same as when you search for the offsets that lead to your HP for example.)

A different approach would be to simply try out different values for 0x8 and 0x24, in multiples of 0x4. I'd start by changing 0x8 and adding 0x4 until you've found it. This only works if you know the structure to be correct but outdated.
06/25/2011 05:30 Aduhn32#5
Quote:
Originally Posted by Interest07 View Post
The easiest way to find them is by using cheatengine and searching for the number of npcs/mobs/pets around you, then working your way back. This will be at offset 0x14, where the list is at 0x18.

Another way would be to go for a mob, search his HP, then hit him once, search for new HP value, etcetera until you found a single value. Then trace back from there. (This works exactly the same as when you search for the offsets that lead to your HP for example.)

A different approach would be to simply try out different values for 0x8 and 0x24, in multiples of 0x4. I'd start by changing 0x8 and adding 0x4 until you've found it. This only works if you know the structure to be correct but outdated.
I have a problem when searching for offsets using your trick
this my screenshot

1.The first step, I search the offset Mob HP. I get the address that contains the Mob HP
[Only registered and activated users can see links. Click Here To Register...]
then I select "Find out what writes to this address" and get one choice.
[Only registered and activated users can see links. Click Here To Register...]
2.I got offset (12c) and mobbase(21B12178) ($npc_base)

3.I scan "21B12178" then I select "Find out what accessess this address"
[Only registered and activated users can see links. Click Here To Register...]

I am confused on this step
eax is $pointer?
ebx is $x?

please explain in detail:(:(:(:(
06/25/2011 08:31 Interest07#6
Well, there are several npcs in the list. In this case EBX is the index of the mob, so you are looking at the 1Eth mob. In this case EAX would be the pointer to the npcList. The next offset you're looking for will be 0x50 :)
06/25/2011 10:00 Aduhn32#7
Quote:
Originally Posted by Interest07 View Post
Well, there are several npcs in the list. In this case EBX is the index of the mob, so you are looking at the 1Eth mob. In this case EAX would be the pointer to the npcList. The next offset you're looking for will be 0x50 :)
Please explain step by step, I've tried but failed.:handsdown::handsdown:
thanks for the tutorial on 'Sending Packets' was very helpful.