PWI - Resources/Loot Structure

Page 1 of 2

04/23/2012 23:24 Subzero12#1

Hi all,

Been working on a small project, so far with 2h of coding and reading I'm already able to read all the NPC's info and player info.

But can't seem to be able to read any resources info :/

I think I found the resource count at: baseCall + 0x1C + 0x1C + 0x28 + 0x18 + 0x4 + 0x4

Can anyone give me some insight off the loot struct offsets?

(To see if i can pass to the 2nd stage of my project -> do stuff lol)

Thx :)

04/24/2012 00:24 dumbfck#2

Unfortunately there is no sorted list of resources, so you need to scan all 768 entries in the list:

Code:

[[[[[[[baseCall]+0x1C]+0x1C]+0x28]+0x18]+i*4]+0x4]

where i is 0 to 767.

Here's a little C# demo:
Form1.cs

Spoiler

Code:

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Diagnostics;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;

namespace nearbyItems
{
    public partial class Form1 : Form
    {
        public uint baseCall = 0xA521C0;
        
        static Process[] processes = System.Diagnostics.Process.GetProcessesByName("elementclient");
        static int pid;
        //open process
        public static IntPtr pr_processHandle = MemFunctions.OpenProcess(pid);
        
        public Form1()
        {
            InitializeComponent();
        }

        private void Form1_Load(object sender, EventArgs e)
        {
            if (processes.Length == 0)
            {
                MessageBox.Show("No elementclients were found");
                Application.Exit();
            }
            else
            {
                pid = processes[0].Id;
                //open process
                pr_processHandle = MemFunctions.OpenProcess(pid);
            }
            timer1.Start();
        }

        private void button1_Click(object sender, EventArgs e)
        {
            
        }

        private void getNearbyItemList()
        {
            IntPtr p = pr_processHandle;    // Just a shorter name
            uint bytesRead = 0;
            
            // Pointer is the base of the nearby item list
            uint pointer = MemFunctions.MemReadUInt(p, MemFunctions.resolveNestedPointer(p, baseCall, 0x1C, 0x1C, 0x28, 0x18));

            for (uint i = 0; i < 768; i++)
            {
                uint itemBase = MemFunctions.MemReadUInt(p, MemFunctions.resolveNestedPointer(p, pointer + (i * 0x4), 0x4));
                if (itemBase != 0)
                {
                    uint itemTypeID = MemFunctions.MemReadUInt(p, itemBase + 0x110);
                    uint itemUniqueID = MemFunctions.MemReadUInt(p, itemBase + 0x10C);
                    string itemName = MemFunctions.MemReadUnicode(p, MemFunctions.MemReadUInt(p, itemBase + 0x168), 64, ref bytesRead);
                    textBox1.AppendText(itemBase.ToString("X8") + "\t" + itemName + "\r\n");
                }
            }
        }

        private void timer1_Tick(object sender, EventArgs e)
        {
            textBox1.Clear();
            getNearbyItemList();
        }
    }
}

MemFunctions.cs

Spoiler

Code:

using System;
using System.Collections.Generic;
using System.Text;
using System.Runtime.InteropServices;
using System.Diagnostics;


public class MemFunctions
{
    public delegate int ThreadProc(IntPtr param);
    
    public enum EncodingType
    {
        ASCII,
        Unicode,
        UTF7,
        UTF8,
        GBK
    }

    [Flags]
    public enum FreeType
    {
        Decommit = 0x4000,
        Release = 0x8000,
    }

    const UInt32 INFINITE = 0xFFFFFFFF;
    const UInt32 WAIT_ABANDONED = 0x00000080;
    const UInt32 WAIT_OBJECT_0 = 0x00000000;
    const UInt32 WAIT_TIMEOUT = 0x00000102;

    [DllImport("kernel32.dll")]
    private static extern IntPtr OpenProcess(
        UInt32 dwDesiredAccess,
        Int32 bInheritHandle,
        UInt32 dwProcessId
        );

    [DllImport("Kernel32.dll")]
    private static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress,
        [In, Out] byte[] lpBuffer, UInt32 nSize, ref UInt32 lpNumberOfBytesRead);

    [DllImport("kernel32.dll")]
    private static extern Int32 CloseHandle(
        IntPtr hObject
        );

    [DllImport("kernel32.dll")]
    private static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress,
            byte[] lpBuffer, UInt32 nSize, ref UInt32 lpNumberOfBytesWritten);

    [DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true)]
    private static extern bool VirtualFreeEx(IntPtr hProcess, IntPtr lpAddress,
       int dwSize, FreeType dwFreeType);

    [DllImport("kernel32.dll", SetLastError = true)]
    private static extern UInt32 WaitForSingleObject(IntPtr hHandle, UInt32 dwMilliseconds);


    [DllImport("kernel32.dll")]
    private static extern IntPtr CreateRemoteThread(IntPtr hProcess,
       IntPtr lpThreadAttributes, uint dwStackSize, IntPtr
       lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId);


    [DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true)]
    private static extern IntPtr VirtualAllocEx(IntPtr hProcess, IntPtr lpAddress,
       uint dwSize, UInt32 flAllocationType, UInt32 flProtect);

    [DllImport("kernel32.dll")]
    private static extern UInt32 GetLastError();


    public static int AllocateMemory(IntPtr processHandle, int memorySize)
    {
        return (int)VirtualAllocEx(processHandle, (IntPtr)0, (uint)memorySize, 0x1000, 0x40);
    }

    public static IntPtr CreateRemoteThread(IntPtr processHandle, int address)
    {

        return CreateRemoteThread(processHandle, (IntPtr)0, 0, (IntPtr)address, (IntPtr)0, 0, (IntPtr)0);
    }

    public static void WaitForSingleObject(IntPtr threadHandle)
    {
        if (WaitForSingleObject(threadHandle, INFINITE) != WAIT_OBJECT_0)
        {
            Debug.WriteLine("Failed waiting for single object");
        }
    }

    public static void FreeMemory(IntPtr processHandle, int address)
    {
        bool result;
        result = VirtualFreeEx(processHandle, (IntPtr)address, 0, FreeType.Release);
    }

    public static UInt32 GetError()
    {
        return GetLastError();
    }

    // constants information can be found in <winnt.h>
    [Flags]
    public enum ProcessAccessType
    {
        PROCESS_TERMINATE = (0x0001),
        PROCESS_CREATE_THREAD = (0x0002),
        PROCESS_SET_SESSIONID = (0x0004),
        PROCESS_VM_OPERATION = (0x0008),
        PROCESS_VM_READ = (0x0010),
        PROCESS_VM_WRITE = (0x0020),
        PROCESS_DUP_HANDLE = (0x0040),
        PROCESS_CREATE_PROCESS = (0x0080),
        PROCESS_SET_QUOTA = (0x0100),
        PROCESS_SET_INFORMATION = (0x0200),
        PROCESS_QUERY_INFORMATION = (0x0400)
    }

    public static IntPtr OpenProcess(int pId)
    {
        ProcessAccessType access;
        access = ProcessAccessType.PROCESS_VM_READ
                | ProcessAccessType.PROCESS_VM_WRITE
                | ProcessAccessType.PROCESS_VM_OPERATION;
        return OpenProcess(2035711, 0, (UInt32)pId);
        //return OpenProcess((uint)access, 0, (UInt32)pId);
    }

    public static void CloseProcess(IntPtr handle)
    {
        Int32 result = CloseHandle(handle);
    }

    public static void MemWriteBytes(IntPtr processHandle, int address, byte[] value)
    {
        bool success;
        UInt32 nBytesRead = 0;
        success = WriteProcessMemory(processHandle, (IntPtr)address, value, (uint)value.Length, ref nBytesRead);
    }

    public static void MemWriteStruct(IntPtr processHandle, int address, object value)
    {
        bool success;
        byte[] buffer = RawSerialize(value);
        UInt32 nBytesRead = 0;
        success = WriteProcessMemory(processHandle, (IntPtr)address, buffer, (uint)buffer.Length, ref nBytesRead);
    }

    public static void MemWriteInt(IntPtr processHandle, int address, int value)
    {
        bool success;
        byte[] buffer = BitConverter.GetBytes(value);
        UInt32 nBytesRead = 0;
        success = WriteProcessMemory(processHandle, (IntPtr)address, buffer, 4, ref nBytesRead);
    }

    public static void MemWriteFloat(IntPtr processHandle, int address, float value)
    {
        bool success;
        byte[] buffer = BitConverter.GetBytes(value);
        UInt32 nBytesRead = 0;
        success = WriteProcessMemory(processHandle, (IntPtr)address, buffer, 4, ref nBytesRead);
    }

    public static void MemWriteShort(IntPtr processHandle, int address, short value)
    {
        bool success;
        byte[] buffer = BitConverter.GetBytes(value);
        UInt32 nBytesRead = 0;
        success = WriteProcessMemory(processHandle, (IntPtr)address, buffer, 2, ref nBytesRead);
    }

    public static void MemWriteByte(IntPtr processHandle, int address, byte value)
    {
        bool success;
        byte[] buffer = BitConverter.GetBytes(value);
        UInt32 nBytesRead = 0;
        success = WriteProcessMemory(processHandle, (IntPtr)address, buffer, 1, ref nBytesRead);
    }

    public static byte[] MemReadBytes(IntPtr processHandle, int address, int size)
    {
        bool success;
        byte[] buffer = new byte[size];
        UInt32 nBytesRead = 0;
        success = ReadProcessMemory(processHandle, (IntPtr)address, buffer, (uint)size, ref nBytesRead);
        return buffer;
    }

    public unsafe static bool MemReadBytesToStruct(IntPtr processHandle, uint address, byte* pBytes, int size)
    {
        bool success;
        byte[] buffer = new byte[size];
        UInt32 nBytesRead = 0;
        success = ReadProcessMemory(processHandle, (IntPtr)address, buffer, (uint)size, ref nBytesRead);

        for (int i = 0, j = buffer.Length; i < j; i++)
        {
            *pBytes++ = buffer[i];
        }
        return success;
    }

    public static int MemReadInt(IntPtr processHandle, int address)
    {
        bool success;
        byte[] buffer = new byte[4];
        UInt32 nBytesRead = 0;
        success = ReadProcessMemory(processHandle, (IntPtr)address, buffer, 4, ref nBytesRead);
        return BitConverter.ToInt32(buffer, 0);
    }


    public static uint MemReadUInt(IntPtr processHandle, uint address)
    {
        bool success;
        byte[] buffer = new byte[4];
        UInt32 nBytesRead = 0;
        success = ReadProcessMemory(processHandle, (IntPtr)address, buffer, 4, ref nBytesRead);
        return BitConverter.ToUInt32(buffer, 0);
    }

    // Returns the data referenced by a nested pointer, i.e., [[[[someAddress]+24]+28]+4]
    public static uint MemReadUIntNested(IntPtr processHandle, uint firstAddr, params uint[] p)
    {
        uint val = MemReadUInt(processHandle, firstAddr);

        for (int i = 0; i < p.Length; i++)
        {
            val = MemReadUInt(processHandle, val + p[i]);
        }

        return val;
    }

    // Resolves a nested pointer, i.e., [[[[someAddress]+24]+28]+4]
    // To return the data referenced by the pointer (uint only) use 0 as the last param.
    public static uint resolveNestedPointer(IntPtr processHandle, uint firstAddr, params uint[] p)
    {
        uint val = MemReadUInt(processHandle, firstAddr);

        for (int i = 0; i < p.Length - 1; i++)
        {
            val = MemReadUInt(processHandle, val + p[i]);
        }

        return (uint)(val + p[p.Length - 1]);
    }


    public static float MemReadFloat(IntPtr processHandle, int address)
    {
        bool success;
        byte[] buffer = new byte[4];
        UInt32 nBytesRead = 0;
        success = ReadProcessMemory(processHandle, (IntPtr)address, buffer, 4, ref nBytesRead);
        return BitConverter.ToSingle(buffer, 0);
    }

    public static string MemReadUnicode(IntPtr processHandle, uint address, uint maxSize, ref uint _bytesRead)
    {
        bool success;
        byte[] buffer = new byte[maxSize];
        UInt32 nBytesRead = 0;
        success = ReadProcessMemory(processHandle, (IntPtr)address, buffer, maxSize, ref nBytesRead);
        _bytesRead = nBytesRead;
        return ByteArrayToString(buffer, EncodingType.Unicode);
    }

    // This one will be a bit slower, but will hopefully eliminate returning empty strings where 
    // the address + size is not in accessible memory, resulting in a failure from ReadProcessMemory.
    // Bytes are read in chunks of [chunkSize] size and chunks are scanned for 0x00, 0x00 (i.e., 
    // end of string). If this is not found, we read another chunk, repeating until the string 
    // terminator is found.
    // This might also help with reading enormous strings (e.g., complete chat listing) until I find 
    // a better solution for working around the maximum memory size that can be read
    public static string MemReadUnicodeToEnd(IntPtr processHandle, uint address, uint maxSize, uint chunkSize, ref uint _bytesRead, bool doubleTerminator = false)
    {
        bool success;
        byte[] buffer = new byte[chunkSize];
        byte[] bigString = new byte[maxSize];
        UInt32 nBytesRead = 0;
        bool exit = false;
        uint i, j, currLength = 0;
        do
        {
            success = ReadProcessMemory(processHandle, (IntPtr)(address + currLength), buffer, chunkSize, ref nBytesRead);
            _bytesRead = nBytesRead;

            System.Buffer.BlockCopy(buffer, 0, bigString, (int)currLength, (int)chunkSize);
            currLength += chunkSize;
            if (!doubleTerminator)
            {
                for (i = 0, j = chunkSize - 2; i < j; i++)
                {
                    if (buffer[i] == 0 && buffer[i + 1] == 0)
                    {
                        // We found the string terminator
                        exit = true;
                        break;
                    }
                }
            }
            else    // Full chat listing can contain more than two consecutive 0x00 bytes because of item links.
            {
                for (i = 0, j = chunkSize - 3; i < j; i++)
                {
                    if (buffer[i] == 0 && buffer[i + 1] == 0 && buffer[i + 2] == 0)
                    {
                        // We found the string terminator
                        exit = true;
                        break;
                    }
                }
            }
        } while (!exit && currLength < maxSize);
        _bytesRead = currLength - chunkSize + i;
        return ByteArrayToString(bigString, EncodingType.Unicode);
    }

    public static object MemReadStruct(IntPtr processHandle, int address, Type anyType)
    {
        int rawsize = Marshal.SizeOf(anyType);
        bool success;
        byte[] buffer = new byte[rawsize];
        UInt32 nBytesRead = 0;
        success = ReadProcessMemory(processHandle, (IntPtr)address, buffer, (UInt32)rawsize, ref nBytesRead);
        return RawDeserialize(buffer, 0, anyType);
    }


    private static object RawDeserialize(byte[] rawData, int position, Type anyType)
    {
        int rawsize = Marshal.SizeOf(anyType);
        if (rawsize > rawData.Length)
            return null;
        IntPtr buffer = Marshal.AllocHGlobal(rawsize);
        Marshal.Copy(rawData, position, buffer, rawsize);
        object retobj = Marshal.PtrToStructure(buffer, anyType);
        Marshal.FreeHGlobal(buffer);
        return retobj;
    }


    private static byte[] RawSerialize(object anything)
    {
        int rawSize = Marshal.SizeOf(anything);
        IntPtr buffer = Marshal.AllocHGlobal(rawSize);
        Marshal.StructureToPtr(anything, buffer, false);
        byte[] rawDatas = new byte[rawSize];
        Marshal.Copy(buffer, rawDatas, 0, rawSize);
        Marshal.FreeHGlobal(buffer);
        return rawDatas;
    }

    public unsafe static string fixedByteArrayToString(byte* bytes, uint maxLength)
    {
        return fixedByteArrayToString(bytes, maxLength, EncodingType.Unicode);
    }

    public unsafe static string fixedByteArrayToString(byte* bytes, uint maxLength, EncodingType enc)
    {
        byte[] temp = new byte[maxLength];
        for (int i = 0; i < maxLength; i++)
        {
            temp[i] = *(bytes + i);
        }
        return ByteArrayToString(temp, enc);
    }

    public static string ByteArrayToString(byte[] bytes)
    {
        return ByteArrayToString(bytes, EncodingType.Unicode);
    }

    public static string ByteArrayToString(byte[] bytes, EncodingType encodingType)
    {
        int arraySize = bytes.Length;
        // Redim array to be 2 bytes bigger and fill the last two bytes with 0x00
        Array.Resize(ref bytes, arraySize + 2);
        bytes[arraySize - 1] = 0;
        bytes[arraySize - 2] = 0;

        System.Text.Encoding encoding = null;
        string result = "";
        switch (encodingType)
        {
            case EncodingType.ASCII:
                encoding = new System.Text.ASCIIEncoding();
                break;
            case EncodingType.Unicode:
                encoding = new System.Text.UnicodeEncoding();
                break;
            case EncodingType.UTF7:
                encoding = new System.Text.UTF7Encoding();
                break;
            case EncodingType.UTF8:
                encoding = new System.Text.UTF8Encoding();
                break;
            case EncodingType.GBK:
                encoding = Encoding.GetEncoding("GBK"); ;
                break;
        }

        for (int i = 0; i < bytes.Length; i += 2)
        {
            if (bytes[i] == 0 && bytes[i + 1] == 0)
            {
                result = encoding.GetString(bytes, 0, i);
                break;
            }
        }

        return result;
    }

    public unsafe static string ByteArrayToStringByRef(byte* bytes, int maxSize, EncodingType encodingType)
    {
        byte[] bArray = new byte[maxSize];
        int count = 0;


        while (!(*bytes == 0 && *(bytes + 1) == 0) && count < maxSize - 2)
        {
            byte x = *bytes;
            byte y = *(bytes + 1);

            bArray[count] = *bytes;
            bArray[count + 1] = *(bytes + 1);
            bytes += 2;
            count += 2;
        }

        return ByteArrayToString(bArray, encodingType);
    }



    public static byte[] StringToByteArray(string str, EncodingType encodingType)
    {
        System.Text.Encoding encoding = null;
        switch (encodingType)
        {
            case EncodingType.ASCII:
                encoding = new System.Text.ASCIIEncoding();
                break;
            case EncodingType.Unicode:
                encoding = new System.Text.UnicodeEncoding();
                break;
            case EncodingType.UTF7:
                encoding = new System.Text.UTF7Encoding();
                break;
            case EncodingType.UTF8:
                encoding = new System.Text.UTF8Encoding();
                break;
        }
        return encoding.GetBytes(str);
    }
}

Form1.Designer.cs

Spoiler

Code:

namespace nearbyItems
{
    partial class Form1
    {
        /// <summary>
        /// Required designer variable.
        /// </summary>
        private System.ComponentModel.IContainer components = null;

        /// <summary>
        /// Clean up any resources being used.
        /// </summary>
        /// <param name="disposing">true if managed resources should be disposed; otherwise, false.</param>
        protected override void Dispose(bool disposing)
        {
            if (disposing && (components != null))
            {
                components.Dispose();
            }
            base.Dispose(disposing);
        }

        #region Windows Form Designer generated code

        /// <summary>
        /// Required method for Designer support - do not modify
        /// the contents of this method with the code editor.
        /// </summary>
        private void InitializeComponent()
        {
            this.components = new System.ComponentModel.Container();
            this.button1 = new System.Windows.Forms.Button();
            this.textBox1 = new System.Windows.Forms.TextBox();
            this.timer1 = new System.Windows.Forms.Timer(this.components);
            this.SuspendLayout();
            // 
            // button1
            // 
            this.button1.Location = new System.Drawing.Point(236, 309);
            this.button1.Name = "button1";
            this.button1.Size = new System.Drawing.Size(75, 23);
            this.button1.TabIndex = 0;
            this.button1.Text = "button1";
            this.button1.UseVisualStyleBackColor = true;
            this.button1.Click += new System.EventHandler(this.button1_Click);
            // 
            // textBox1
            // 
            this.textBox1.Location = new System.Drawing.Point(11, 16);
            this.textBox1.Multiline = true;
            this.textBox1.Name = "textBox1";
            this.textBox1.Size = new System.Drawing.Size(299, 280);
            this.textBox1.TabIndex = 1;
            // 
            // timer1
            // 
            this.timer1.Interval = 300;
            this.timer1.Tick += new System.EventHandler(this.timer1_Tick);
            // 
            // Form1
            // 
            this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F);
            this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
            this.ClientSize = new System.Drawing.Size(323, 344);
            this.Controls.Add(this.textBox1);
            this.Controls.Add(this.button1);
            this.Name = "Form1";
            this.Text = "Form1";
            this.Load += new System.EventHandler(this.Form1_Load);
            this.ResumeLayout(false);
            this.PerformLayout();

        }

        #endregion

        private System.Windows.Forms.Button button1;
        private System.Windows.Forms.TextBox textBox1;
        private System.Windows.Forms.Timer timer1;
    }
}

Good luck :D

04/24/2012 09:41 Subzero12#3

Thx :D I had a mistake in my item base pointer :o

I will try to correct it later and its time to start sending packets :)

04/24/2012 10:15 Interest07#4

Good luck :)

It's nice to see people programming their own stuff :D Your questions will be answered promptly if you have any I'm sure ;)

04/24/2012 20:03 Subzero12#5

The problem was:
uint pointer = MemFunctions.MemReadUInt(p, MemFunctions.resolveNestedPointer(p, baseCall, 0x1C, 0x1C, 0x28, 0x18));
uint itemBase = MemFunctions.MemReadUInt(p, MemFunctions.resolveNestedPointer(p, pointer + (i * 0x4), 0x4));

It continues to be in the move action, because I'm having an hard time figuring out when to use a MemRead or a resolveNestedPointer, any guide/tutorial that i can read in order to better understand this?
Or this knowledge comes from using CE and browsing the memory for the game?

04/24/2012 21:16 dumbfck#6

You would use a MemRead to just read a single memory location, e.g.,

Code:

MemRead(processHandle, 0x123456);

resolveNestedPointer is a little function I made up to make searching for nested pointers a bit easier. You literally just feed it a base and any number of offsets and it automagically recurses through a bunch of MemReads.
Say for example, you had (in the notation you'll see around these forums)

Code:

[[[[[[baseCall]+0x1C]+0x1C]+0x28]+0x4]0x4]

You'd simple call it like:

Code:

uint baseCall = 0xA521C0;
MemFunctions.resolveNestedPointer(processHandle, baseCall, 0x1C, 0x1C, 0x28, 0x4, 0x4);

To get the address of that last pointer. If you wanted to read data in that last pointer, as long as you want it in uint form, you can just add a 0 to the end of that list.
If what you want to eventually read is not a uint, you'll need one of the other read functions to read the final address you get from resolveNestedPointer.
So, say for example, that pointer chain pointed to a float, you could do something like:

Code:

MemFunctions.MemReadFloat(p, MemFunctions.resolveNestedPointer(p, baseCall, , 0x1C, 0x1C, 0x28, 0x4, 0x4));

Which would be the equivalent of this if you broke it into two steps with an intermediate variable:

Code:

uint pointerToFloat = MemFunctions.resolveNestedPointer(p, baseCall, , 0x1C, 0x1C, 0x28, 0x4, 0x4);
float derp = MemFunctions.MemReadFloat(p, pointerToFloat);

If you were to look at that offset chain in CE, it would look like:
[Only registered and activated users can see links. Click Here To Register...][Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]
What language are you actualy using anyway? C#?
If you're using C#, you could try fiddling with it and setting breakpoints after your reads, then seeing if they match up with the values in CE. If your value matches one of the intermediate memory values shown in the CE window (see above) then you need another offset at the end of the chain.
Hope I'm making sense lol

04/25/2012 11:08 Interest07#7

Quote:
Originally Posted by dumbfck
You would use a MemRead to just read a single memory location, e.g.,
Code:
MemRead(processHandle, 0x123456);
resolveNestedPointer is a little function I made up to make searching for nested pointers a bit easier. You literally just feed it a base and any number of offsets and it automagically recurses through a bunch of MemReads.
Say for example, you had (in the notation you'll see around these forums)
Code:
[[[[[[baseCall]+0x1C]+0x1C]+0x28]+0x4]0x4]
You'd simple call it like:
Code:
uint baseCall = 0xA521C0;
MemFunctions.resolveNestedPointer(processHandle, baseCall, 0x1C, 0x1C, 0x28, 0x4, 0x4);
To get the address of that last pointer. If you wanted to read data in that last pointer, as long as you want it in uint form, you can just add a 0 to the end of that list.
If what you want to eventually read is not a uint, you'll need one of the other read functions to read the final address you get from resolveNestedPointer.
So, say for example, that pointer chain pointed to a float, you could do something like:
Code:
MemFunctions.MemReadFloat(p, MemFunctions.resolveNestedPointer(p, baseCall, , 0x1C, 0x1C, 0x28, 0x4, 0x4));
Which would be the equivalent of this if you broke it into two steps with an intermediate variable:
Code:
uint pointerToFloat = MemFunctions.resolveNestedPointer(p, baseCall, , 0x1C, 0x1C, 0x28, 0x4, 0x4);
float derp = MemFunctions.MemReadFloat(p, pointerToFloat);
If you were to look at that offset chain in CE, it would look like:
[Only registered and activated users can see links. Click Here To Register...][Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]
What language are you actualy using anyway? C#?
If you're using C#, you could try fiddling with it and setting breakpoints after your reads, then seeing if they match up with the values in CE. If your value matches one of the intermediate memory values shown in the CE window (see above) then you need another offset at the end of the chain.
Hope I'm making sense lol

In the end, if the nested pointer stuff confuses you, you don't have to use it.
using a pattern of:

Code:

uint basePointer = readMem(realBaseAddress);
uint pStructures = readMem(basePointer + 0x1C);
uint pPlayer = readMem(pStructures + 0x34);
uint hp = readMem(pPlayer+ 0xXXX);

works just as well, as that's what the resolve nested pointer does internally anyway (as far as i know :p)

It's the way I personally do it, as I have my classes structured in the same way as PW does, so it ends up doing one or two mem read calls in each class.

04/25/2012 11:42 Subzero12#8

Hmmm I see.

Then if I need the action struct addresses:

PHP Code:


			
uint addr1 = MemFunctions.MemReadUInt(pr_processHandle, 0x00A521C0);
uint addr2 = MemFunctions.MemReadUInt(pr_processHandle, addr1 + 0x1C);
uint addr3 = MemFunctions.MemReadUInt(pr_processHandle, addr2 + 0x34);
uint actionStruct = MemFunctions.MemReadUInt(pr_processHandle, addr3 + 0x109c);
uint actionList = MemFunctions.MemReadUInt(pr_processHandle, actionStruct + 0x30);
uint moveAction = MemFunctions.MemReadUInt(pr_processHandle, actionList + 0x8);

And then to move to X,Y,Z I just need:

PHP Code:


			
MemFunctions.MemWriteInt(pr_processHandle, (int) moveAction + 0x8, 0); 
MemFunctions.MemWriteInt(pr_processHandle, (int) moveAction + 0x14, 1);
MemFunctions.MemWriteFloat(pr_processHandle, (int) moveAction + 0x28, X);
MemFunctions.MemWriteFloat(pr_processHandle, (int) moveAction + 0x2C, Y);
MemFunctions.MemWriteFloat(pr_processHandle, (int) moveAction + 0x30, Z);
MemFunctions.MemWriteInt(pr_processHandle, (int) moveAction + 0x38, 0);
MemFunctions.MemWriteInt(pr_processHandle, (int)actionStruct + 0xC, (int) moveAction);
MemFunctions.MemWriteInt(pr_processHandle, (int)actionStruct + 0x18, 1);
MemFunctions.MemWriteInt(pr_processHandle, (int)actionStruct + 0x14, (int) moveAction);

Or I need to write any other value? (My char won't move xD)

Btw, Yes I'm using C# :) Trying to learn something more about it (so far seems very similar to C++/Java).

04/25/2012 11:50 dumbfck#9

I've never actually used action structs for moving, so I'm not sure about the process of doing so... However, check you don't have your Z and Y co-ordinates swapped. They're stored in X,Z,Y order, not X,Y,Z.

04/25/2012 11:53 Interest07#10

Quote:

Originally Posted by dumbfck

I've never actually used action structs for moving, so I'm not sure about the process of doing so... However, check you don't have your Z and Y co-ordinates swapped. They're stored in X,Z,Y order, not X,Y,Z.

>.> They ARE stored in X, Y, Z order. It's a good idea to check you are using the CORRECT order though :p

04/25/2012 11:56 Sᴡoosh#11

Everybody seems to have a knack with not accepting that Z is the "real" Y here, and Y is height. This is usual in d3d coordinate systems - even though I , for some reason, hate Y being height. No clue why. In my code internals, Y is always Z, and Z is height :D

04/25/2012 11:56 dumbfck#12

Quote:

Originally Posted by Interest07

>.> They ARE stored in X, Y, Z order.

Ok, they're not stored how normal people think of X,Y,Z lol. Your brain works in mysterious ways... Brilliant... but mysterious :p

04/25/2012 12:01 Interest07#13

You people are hopeless :(

I'll have to send for the people with the nice white jackets that lets you hug yourself. Maybe they can teach you the error of your ways. The smart ones are always the craziest. Looking to see if the OP put the X Y Z values in the correct order was a good tip though, I'll give you that. Shame you're all so misguided in what correct means though.

04/25/2012 12:07 Sᴡoosh#14

For me :
X = X coordinate, 2D
Y = Y coordinate, 2D
Z = Height

Will always be manifested in my brain :D Probably from when I still played pw, people refered to it as X/Y to.

Interest, do pass me one of those fluffy, white jackets though, will you? :D

04/25/2012 12:20 Subzero12#15

Quote:

Originally Posted by Sᴡoosh

For me :
X = X coordinate, 2D
Y = Y coordinate, 2D
Z = Height

To me too :D
Almost had forgotten about the time I used OpenGl and used the Y and Z switched.

But even switching Y and Z the small test char won't move :S

Page 1 of 2