Need help with coding speed hack [AION]

09/03/2011 00:27 pixellegolas#1
I hope this goes under the rule:

What's allowed
Requests for help making own hacks
Troubleshooting with coding hacks
Troubleshooting with discovering hacks


I know how to get the speed address and lock it, but how do I find the "base value" so I can lock that instead. Becaue the normal value always change when moving to another map or restarting client.

I started reading about game trainers because they often need this address.

Any "pointers"? No pun intended ;)

I can show what I have now:

F5FBC68C <---This is the address I lock for speed, clicking "what is writing to this address" gives me:


Code:
3026AFED - 66 0F2F D1  - comisd xmm2,xmm1
3026AFF1 - F3 0F11 47 30  - movss [edi+30],xmm0
3026AFF6 - F3 0F11 87 8C060000  - movss [edi+0000068C],xmm0 <<
3026AFFE - 76 17 - jna CreateGameInstance+D8F97
3026B000 - 0F5A C8  - cvtps2pd xmm1,xmm0

EAX=30828BCC
EBX=00F95EC8
ECX=F5FBC000
EDX=3026AFB0
ESI=F3A45500
EDI=F5FBC000
ESP=0018DCB8
EBP=0018DCC4
EIP=3026AFFE
This is where my "skills" kind of fails. What to I do next to find the magic address?

Ok, tried with the next step. I took the value from EDI because it seemed right and I also wrote down 68C.

I did a new scan for F5FBC000(EDI) in hex and got around 20 new addresses. 2 of these where green and according to tutorials that should be pointers.

I then added address manually and clicked in pointer. I put F5FBC000 as address and 68C as offset.

Changing type from 4 bytes to float actually made the number equal to the runspeed I saw from beginning. It seems like I found the pointer but when changing map or logging out this value changes

Another thing I see now. The 2 green addresses are always the same:

75474710
75474740


And the offset is always 68C

Should this mean something?
09/03/2011 12:13 Nirasicho#2
As I am too lazy to explain here I'll just link you to my tutorial:
[Only registered and activated users can see links. Click Here To Register...]

In this tutorial you'll learn how to use pointerscan, which is the easiest method in bigger games (because the pointer you are searching for has from 2 - 5 level, which is lots of work if you do it "manually")

Best regards,
Rajin