Good evening. Lately I have been messing around with trying to read as much information I can from the client without injecting or hooking anything. I am trying to read whatever I can with a simple memory read. To avoid any issues with any protection TQ may have implemented (if any) against cheat engine and olly I decided to download a working 5017 client and source.
I have been searching the forums for any information I can find and it appears the possibility are endless for what can be done, the problem I am having is I can't find anything on how to find these base addresses that are being used. For example [Only registered and activated users can see links. Click Here To Register...], I am able to locate multiple places that contain information on items I drop to the ground but nothing seems to be in an sort of order as suggested by that post.
I think the bigger issue here is I don't think I am using cheat engine properly. The reason I think this is because I can't find the address that contains the pointer to a dynamic allocated value. I have the list of memory addresses for patch 5017 that I found in joek's thread. I have been able to find the static values with no issues. I then tried to find my way to the static addresses that held the pointers to the dynamic addresses but I have had zero luck.
The basic process I have attempted to use is the following:
1. Find the Value wanted, (in this case, inventory count)
2. Find the functions that modify this value
3. This pointed me to something like this: "mov xxx, [esi + 08]"
4. Assuming ESI was the base address I simple searched for 4 bytes that contained the hex value contained in esi
From my understanding when I do step 4 the address that contains esi should be a static address and that is what I would then use for grabbing this value in any instance. I have search this forum multiple times, I have followed external guides and I don't achieve the results I should. I feel like I am doing something fundamentally wrong.
Can anyone point me in the correct direction?
Edit:
I found an article on how to use cheat engines built in pointer scanner to defeat DMA, [Only registered and activated users can see links. Click Here To Register...]. It required you restart the game and perform the pointer scan multiple times to reduce the number of possible combinations. I did it 2 times and it gave me a list of four, I then performed the steps one last time and it removed the remaining paths and showed none. Any idea on what that could be?
I have been searching the forums for any information I can find and it appears the possibility are endless for what can be done, the problem I am having is I can't find anything on how to find these base addresses that are being used. For example [Only registered and activated users can see links. Click Here To Register...], I am able to locate multiple places that contain information on items I drop to the ground but nothing seems to be in an sort of order as suggested by that post.
I think the bigger issue here is I don't think I am using cheat engine properly. The reason I think this is because I can't find the address that contains the pointer to a dynamic allocated value. I have the list of memory addresses for patch 5017 that I found in joek's thread. I have been able to find the static values with no issues. I then tried to find my way to the static addresses that held the pointers to the dynamic addresses but I have had zero luck.
The basic process I have attempted to use is the following:
1. Find the Value wanted, (in this case, inventory count)
2. Find the functions that modify this value
3. This pointed me to something like this: "mov xxx, [esi + 08]"
4. Assuming ESI was the base address I simple searched for 4 bytes that contained the hex value contained in esi
From my understanding when I do step 4 the address that contains esi should be a static address and that is what I would then use for grabbing this value in any instance. I have search this forum multiple times, I have followed external guides and I don't achieve the results I should. I feel like I am doing something fundamentally wrong.
Can anyone point me in the correct direction?
Edit:
I found an article on how to use cheat engines built in pointer scanner to defeat DMA, [Only registered and activated users can see links. Click Here To Register...]. It required you restart the game and perform the pointer scan multiple times to reduce the number of possible combinations. I did it 2 times and it gave me a list of four, I then performed the steps one last time and it removed the remaining paths and showed none. Any idea on what that could be?
