Quote:
Originally Posted by ibonehj15
i was trying to put a new thread about this..
well, i actually wanted to find base address for cabal ph..
thing is there is no such tut..though zeke's vid and by the help of sir k9crow, it shown some light but yet it got dimmer a little coz i dunno how to use offsets and such !!
anyways..if u guys can explain it a little more..
it will be just great..pls pls hehe..well if u cant then thats fine with me as well :)
|
[Only registered and activated users can see links. Click Here To Register...]
Just pause the video and go over it a few times, It would probably help'd if you could see my mouse, but anyway just find whatever address you want for a certain function, best to choose was level as in the video as its pretty straight foward, Click What writes this address, then level up so that your level changes while the debugger is attached and the opcode is being displayed for the level address. After you get the opcodes when you level up, the offset is shown mov [eax+00004264],ecx
You know that 4264 is the offset for the pointer "00A483A0" for that dynamic address "0657C2AC", so you
double click "0657C2AC" and then Checkbox "pointer" paste pointer address "00A483A0" then in offset type 4264. The pointer address "00A483A0" has a bunch of pointers listed besides the "mov [eax+00004264],ecx", which you could see if you had taken the address that "mov [eax+00004264],ecx" is located at and browsing memory, in this case in the opcode window that displays the offset right after I level up in the video "006135a0". Once you browse the memory region of that offset you can see there is a bunch of offsets listed there all for that one pointer address "00A483A0".
[Only registered and activated users can see links. Click Here To Register...]
This screenshot is not from the video, but a separate time when I was looking for the pointer and offset for level, You can see the offsets in yellow/green, all for the same pointer in pink. To open and change the dynamic address you scanned, double click it then Check the pointer box as mentioned above, about "base" address, I don't know what you mean, base for what? This one pointer acts like a base address for a bunch of offsets that point to the dynamic addresses that changes everytime you start the client. once added to pointer successfully it changed from "0657C2AC" to "P->0657C2AC".
Cant really explain much else, I don't understand much of the ASM either, I just figured I'd explain what I do understand, I went through and added each offset for that one pointer, most of the functions I already had found before but its good to add the pointer so I won't ever have to scan back for them unless theres some updates/content changes to the .exe.
"An offset usually denotes the number of address locations added to a base address in order to get to a specific absolute address"
I'm assuming your pointer+offset would be very similiar, if not the same in the case for the offset (4264) for level.. have you tried browsing memory in the "007dbdf5" area in CE, scroll up/down looking for the same opcode displayed above where it shows this same pointer and a bunch of different offsets for that same pointer. Your pointer might be different but not that much, for example the pointer for NA was 00A493A0 while the EU pointer was 00A483A0, both had the same offsets for all the functions like combo, no skill delay(dance), level, ect ect ect..
There is probably some different pointers for GM/AOE though, because I added every offset I could find for that one pointer, lol xD. I attached a cheattable file with all the pointer/offset for NA version from that one pointer "00A493A" that I could find anyway, maybe there is more in a different region, open it and then you will browse memory at 007DBDF5 then find your pointer which would look like "00A483A0" or "00A493A0", might be a little different but in that general region you should see it pretty quickly, take that new address whatever the PH version is, and double click the Level address thats already saved in the cheat table, you can see the offset and base address added that are for NA, just change the base addy to whatever you can find around "007DBDF5" that resembles the EU/NA variant for level pointer, n the other common functions.
I guess if your level/walkspeed and all those dynamic addresses that are in the same memory region are 06500000 or higher, the further the base address would be from NA/EU, but these two versions are pretty close, assuming that since the offsets for the functions are the same.
edit: added EU table, so you can see the difference in pointer base addy, but similarity in offsets by double clicking the P-> addys. CabalMain.rar = NA, CabalMainEU = EU.
edit#2: updated CabalMainEU.rar file to include pointers for basic map addresses, will do NA later when I get time.
edit#3: Wrong cabalmain.ct file uploaded for NA, sorry got so many .ct files named cabalmain in diff folders, That one wasn't related to the pointers at all, please re-dl, lmao.