[Tutorial+Tool] find other's hp mini tool + CE tutorial to find the Base Addresses
Discussion on [Tutorial+Tool] find other's hp mini tool + CE tutorial to find the Base Addresses within the Archlord forum part of the MMORPGs category.
[Tutorial+Tool] find other's hp mini tool + CE tutorial to find the Base Addresses
[tools is attached at the end of the thread! for those who dont like to read..]
this thread contains a videos of how to find you hp and ur target's hp base address using cheat engine in Archlord, along with a mini-simple tool written in C# that uses this info to find ur hp and ur target's hp by reading the process memory also the source code (for whom ever wants to use it in his own bot possibly!) ---> finding base address isnt always easy, it has try-and-error, interacting with the client to gather more info using CE... the initial 1098 value of the target mob could be replaced by another char (like open another client and use another char of urs which u know its hp, that is if u dont have the mobs list with their ids and hp vals -- or could be approximated into a range by dealing damage and approximating the value... -)
base address along with the right offsets are the only way to obtain the right values from external programming langauges or scipting langauges.
i saw few threads about similar topic before, and they either contain (finding the address each time u use a bot for example) or they tell you that they have a similar tool but they dont want to share it... so i i checked this out yesterday, found the base addresses and created the tool for whom ever wants.
(the tool is simple but many like to have a tool like this whether to check possible glitchers.. or what ever)
these videos can be a useful tutorial of how to find base address manually using CE (you can check CE forums for more specialized info about similar topics)
vid1: find targets HP base address and offsets (tutorial)
vid2: find you hp base address and offsets (tutorial)
vid3: mini tool that uses the info from the previous two tests
(dont tell me why i didnt add thread or a better UI.... i just made it on the fly)
source code(in C#): for the mini tool
Code:
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Runtime.InteropServices;
using System.Diagnostics;
namespace ALFindMemoryLocations
{
public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();
}
[DllImport("kernel32.dll", SetLastError = true)]
static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress,
byte[] lpBuffer, uint nSize, out int lpNumberOfBytesWritten);
[DllImport("Kernel32.dll")]
public static extern bool ReadProcessMemory
(
IntPtr hProcess,
IntPtr lpBaseAddress,
byte[] lpBuffer,
UInt32 nSize,
ref UInt32 lpNumberOfBytesRead
);
private void button1_Click(object sender, EventArgs e)
{
try
{
Process[] processList = null;
Process targetProcess = null;
String processName = "alefclient";
processList = Process.GetProcessesByName(processName);
if (processList == null || processList.Length == 0)
{
MessageBox.Show("target program not running");
return;
}
else
{
targetProcess = processList[0];
//OUR WINDOW handle is the mainwindow handle in this case
byte[] buffer = new byte[4];
uint bytesRead = 0;
System.Console.WriteLine();
int address = Convert.ToInt32("0089afb8", 16);
//base address for target hp is 0x0089afb8
/* so using cheat engine u can track the target hp into the base address manually
* you will get these offsets
* baseAddress=0x0089afb8
* to get the target value from that address u need to see the value of each pointer tell the final
* hp value
* (baseaddress+0x4a4)->(address1)
* address1+0x5c->(address2)
* address2+0x36->(address3)
* address3+0x74->(address4)
* address4+0x720->address5
* address5-> the target value
*
* only base address is fixed, all other addresses are dynamically allocated and change their values
**/
ReadProcessMemory(targetProcess.Handle, (IntPtr)address, buffer, 4, ref bytesRead);
address = BitConverter.ToInt32(buffer, 0) + 1188; //0x4a4 == 1188 (int)
ReadProcessMemory(targetProcess.Handle, (IntPtr)address, buffer, 4, ref bytesRead);
address = BitConverter.ToInt32(buffer, 0) + 92; //0x5c == 92
ReadProcessMemory(targetProcess.Handle, (IntPtr)address, buffer, 4, ref bytesRead);
address = BitConverter.ToInt32(buffer, 0) + 36; //0x9*4 == 36(int)
ReadProcessMemory(targetProcess.Handle, (IntPtr)address, buffer, 4, ref bytesRead);
address = BitConverter.ToInt32(buffer, 0) + 116; //0x74 == 116
ReadProcessMemory(targetProcess.Handle, (IntPtr)address, buffer, 4, ref bytesRead);
address = BitConverter.ToInt32(buffer, 0) + 1824; //0x720 == 1824
ReadProcessMemory(targetProcess.Handle, (IntPtr)address, buffer, 4, ref bytesRead);
txtTargetHP.Text = "" + BitConverter.ToInt32(buffer, 0);
}
}
catch (Exception ex)
{
MessageBox.Show("something went wrong somewhere, try again");
}
}
private void btnFindMyHP_Click(object sender, EventArgs e)
{
try
{
Process[] processList = null;
Process targetProcess = null;
String processName = "alefclient";
processList = Process.GetProcessesByName(processName);
if (processList == null || processList.Length == 0)
{
MessageBox.Show("target program not running");
return;
}
else
{
targetProcess = processList[0];
byte[] buffer = new byte[4];
uint bytesRead = 0;
System.Console.WriteLine();
int address = Convert.ToInt32("0089afb8", 16);
ReadProcessMemory(targetProcess.Handle, (IntPtr)address, buffer, 4, ref bytesRead);
address = BitConverter.ToInt32(buffer, 0) + 1184; //0x4a0 == 1184 (int)
ReadProcessMemory(targetProcess.Handle, (IntPtr)address, buffer, 4, ref bytesRead);
address = BitConverter.ToInt32(buffer, 0) + 92; //0x5c == 92
ReadProcessMemory(targetProcess.Handle, (IntPtr)address, buffer, 4, ref bytesRead);
address = BitConverter.ToInt32(buffer, 0) + 260; //0x41*4 == 260(int)
ReadProcessMemory(targetProcess.Handle, (IntPtr)address, buffer, 4, ref bytesRead);
address = BitConverter.ToInt32(buffer, 0) + 116; //0x74 == 116
ReadProcessMemory(targetProcess.Handle, (IntPtr)address, buffer, 4, ref bytesRead);
address = BitConverter.ToInt32(buffer, 0) + 1824; //0x720 == 1824
ReadProcessMemory(targetProcess.Handle, (IntPtr)address, buffer, 4, ref bytesRead);
txMyHP.Text = "" + BitConverter.ToInt32(buffer, 0);
}
}
catch (Exception ex)
{
MessageBox.Show("something went wrong somewhere, try again");
}
}
}
}
@Fischi if i checked the game two years ago i might had more time to find a way to do everything in this game, but im new this game's knowledge base.
@Newbb you can use what ever u like from this Thread (tools or code), its a free knowledge.....
update: to find the base address of the current location (this one is too easy): just use /fps command in the game (in the chat window) which will give u debug info about current coordinates in Float in the game window, search for the match of these numbers in Cheat Engine(truncated is fastest) and you'll get immediate base addresses for the Current Coordinates without any offsets (you can do a similar process to get the target's coords too by simply using two clients and selecting another char of urs and using /fps on the target client.....):
X (east west) longitude coords at: 008B16E8
Y (north south) latitude coords at: 008B16E0
Z (vertical depth) coords at: 008B16E4
ofcourse in a real application (u should put all these mini scripts in one exteral thread and allow the choosing of the Process ID instead of just taking the first one and keep pulling the vals every 200ms for example...)
knowing the coords can be importat for bots (like define the grinding rectangle, so that the bot doesnt exceed it -- defining paths -- protection against GM incase of sudden Teleportion into an unknow Region).
(P.S i tried to find an ID(i mean class) for the target mob, but failed after few attempts today (i used the TIDs like --> 13 for Big Boar ... only got one base that seems to refer only to the latest mob class entering the view range -for rendering purpose i assume- also tried using the mob's Name like ( "Big Boar" to find the relevant addresses which i found but couldnt track them to the base address ... even found some dangling pointers on the way lol...)
if anybody has similar base addresses and the relevant offsets, please share it with everyone, its more useful that way and helps more people to learn by example.
i found a way around obtaining the base address of the target mob class-name, its not a very effecient way, but at least its ok for any end user in town.
so basically: i checked the archlord memory and found dynamic locations that refer to the currently selected target (by mouse or by tab selection) (two copycat locations)
after trying it out i found that the region always have this format:
<C16744448>Targets name <C16777215>5<C1674448>Lv36<C16777215> (when the target is of a higher lvl)
<C65280>Targets name <C16777215> < C65280>Lv26<C16777215> (target of a lower lvl)
< C16777215>Targets name < C16777215> < C16777215>Lv30<C16777215> (target of same lvl)
and found out that by searching the memory looking for a binary array of the values: Targets name <C16777215> i can get the right and only need location (there is no direct pointer to the name of the target since that can change by 3 byte offsets after several tests), but once you lock on the target that you need (for example; Flame Bear) the address you obtain will
always refer to that name or it would refer to something else(which means that the current selected mob isnt the class you need)
this is extremely useful for a bot if you want to farm for unis (you can lock you mob on a single ele mob like Flame Bear)...
to get this work around done, i had to create my own mini memory scanner in C# which scanns for the right byte array tell he finds the address that points to the target Class Name (which you locked on) ----> i came up with this today and coded all immediately on the fly including the scanner, so if you look for a real performance from a similar scanner you should at least parallel it to use two threads (for two cpus) or write it in c++ for ultimate scanning speed usig pointers only----- either ways, this script i wrote, finds the target address in 5 secs by scanning the game's memory ---------->on my laptop (2GHz), 5 secs is ok and the scrip allows end users who have no pc knowledge to do it with a button click.
(i know that some people found better ways to do it few years ago, but no one posted how, so please to further my and other's knowledge share it on this thread, [ like the real base addresses and how to obtain the names or the target ids so they can be used by a bot for instance, or ........ )
having these mini scripts (ur hp, target's hp, location, target's name) it should be possible for some of you guys to build a Uinque farmer bots with GM protection in no time!...
code script of find the target's name without using the base address (you need to set the target's name in targetName variable(like from a text bos first i.e "Flame Bear" case sensitive ofc)
Code:
if (txtTargetName.Text == "")
{
MessageBox.Show("you have to enter the name of the mob first(Case Sensetive)");
return;
}
DateTime beginTime = DateTime.Now;
try
{
Process[] processList = null;
Process targetProcess = null;
String processName = "alefclient";
processList = Process.GetProcessesByName(processName);
if (processList == null || processList.Length == 0)
{
MessageBox.Show("target program not running");
return;
}
else
{
targetProcess = processList[0];
String targetName = txtTargetName.Text;
IntPtr currentAddress= (IntPtr)0x00400000;
int maxAddress =0x7FFFFFFF;
//TargetName<C16777215> (Tname 3C 43 31 36 37 37 37 32 31 35 3E 20)
//the above concatenation was obtained from observing the Archlord Game's memory
//and its fixed in any pc or system as i checked
byte[] extensionBuffer = new byte[] { 60, 67, 49, 54, 55, 55, 55, 50, 49, 53, 62, 32 }; // <C16777215> converted to bytes
byte[] LockBuffer = new byte[targetName.Length + extensionBuffer.Length+1]; //1 for end of name (32)
const int maxBufferSize = 1048576; //the bigger this value is the better the results are
byte[] buffer = new byte[maxBufferSize]; //max buffer read is 1mb
int idx = 0;
for (int i = 0; i < targetName.Length; i++)
{
LockBuffer[idx] = (byte)targetName[i];
idx++;
}
LockBuffer[targetName.Length] = (byte)32;
idx++;
for (int i = 0; i < extensionBuffer.Length; i++)
{
LockBuffer[idx] = extensionBuffer[i];
idx++;
}
uint bytesRead = 0;
bool found = false;
uint LockBufferSize = (uint)LockBuffer.Length;
//////////////////////to debug only
for (int x = 0; x < LockBuffer.Length; x++)
{
Console.Write(Convert.ToString(LockBuffer[x],16)+" ");
}
//////////////////////
/*
* typically you should add another stop conditions which is controlled by the user
* and run the memory scan in a different thread
*/
while (!found)
{
ReadProcessMemory(targetProcess.Handle, (IntPtr)currentAddress, buffer, maxBufferSize, ref bytesRead);
// currentAddress = (IntPtr)(currentAddress.ToInt32()+1);
if ((currentAddress.ToInt32() >= maxAddress)/*||(bytesRead<=LockBufferSize)*/)
{
Console.WriteLine("end of the tunnel honey:" + Convert.ToString(currentAddress.ToInt32(), 16) + " " + Convert.ToString(maxAddress, 16));
break;
}
//iterate through the temporary buffer to match the array we got
for (int k = 0; k < maxBufferSize; k++)
{ //search internal buffer
found = true;
for (int j = 0; j < LockBufferSize; j++)
{
if (buffer[j+k] != LockBuffer[j])
{
found = false;
break;
}
}
if (found)
{
currentAddress = (IntPtr)(currentAddress.ToInt32() + k);
break;
}
if ((maxBufferSize - k) <= LockBufferSize)
{
currentAddress = (IntPtr)(currentAddress.ToInt32() + k);
break;
}
}
}
if (found) //currentAddress should contain the pointer we need
{
Console.WriteLine("found at:" + Convert.ToString(currentAddress.ToInt32(), 16));
labelTargtPointer.Text = "targer pointer:"+Convert.ToString(currentAddress.ToInt32(), 16);
}
else
Console.WriteLine("not found");
}
}
catch (Exception ex)
{
MessageBox.Show("something went wrong somewhere, try again");
}
DateTime endTime = DateTime.Now;
TimeSpan executionTime = endTime - beginTime;
Console.WriteLine(executionTime);
and the updated sample source code is added as attachment (VS.NET 2008) (u can use it how ever u like)
target mouse pointer click coordinates base pointers:
0089af60 with offset of 558 for x axis
0089af60 with offset of 560 for y axis
0089af60 with offset of 55C for z axis
(idea of how to follow a path using screen clicks: create a mapping between the screen coords and the world coords in F10 camera view, calc the scale ration once, calc the camera orientation (by programatically issuing a sample 20pixels with 45degree in screen coords and see whats the relative degree in game(by saving the prev point location and the final point location.. and doing some math) the orientation would be the world angle-45 degrees
use that (knowign that the y axis of the game matches that of the screen from top to buttom, and the x axis is flipped ingame compared to screen coords...)
some math is needed, but it should be 100% possible using these addresses to create a path follower code to let you bot follow from a point (like respawn point) to another point(like target grinding location) using a list of predefined points (which are created by the end user and save to a file or save in code by the programmer).
if someone knows how to access the character bag (inventory) programmatically and delete the items there, would you please post it here or PM with a sample code or the outlines of how to do it, im new to this and could learn alot from example.
target base pointer:
base pointer: 0089afb8
first offset: 0x494
second offset: 0x30 (to get the Target ID)
base pointer: 0089afb8
first offset: 0x494
second offset: 0x34
third offset: 0x30 to get the target name (array of text)
(for a bot maker! this info is useful because u can command ur bot to only target certain mobs -- like Flame Bears --- ) also the target pointer is tooo useful to gather all infrmation about ur target (mob or a player)
video(wait few minutes tell Youtube update its HD status):
tutorial
application
code in video:
Code:
try
{
if (targetProcess == null)
{
MessageBox.Show("select process");
return;
}
else
{
byte[] buffer = new byte[4];
byte[] nameBuffer = new byte[30];
uint bytesRead = 0;
System.Console.WriteLine();
int address = Convert.ToInt32("0089afb8", 16);
ReadProcessMemory(targetProcess.Handle, (IntPtr)address, buffer, 4, ref bytesRead);
address = BitConverter.ToInt32(buffer, 0) + 1172; //0x494 == 1172 (int)
ReadProcessMemory(targetProcess.Handle, (IntPtr)address, buffer, 4, ref bytesRead);
address = BitConverter.ToInt32(buffer, 0) + 48; //0x30 == 48
ReadProcessMemory(targetProcess.Handle, (IntPtr)address, buffer, 4, ref bytesRead);
//now we have the TID of the target
int tid = BitConverter.ToInt32(buffer,0);
if (tid == 0)
{
txtTargetID.Text = "no target selected";
}
else
{
//read the target name
address = address+4; //0x34 == 48
ReadProcessMemory(targetProcess.Handle, (IntPtr)address, buffer, 4, ref bytesRead);
address = BitConverter.ToInt32(buffer, 0) + 48; //0x30 == 48
ReadProcessMemory(targetProcess.Handle, (IntPtr)address, nameBuffer, (uint)nameBuffer.Length, ref bytesRead);
string targetName = encode.GetString(nameBuffer);
txtTargetID.Text = "TID=" + tid + " Taget Name=" +targetName ;
}
}
}
catch (Exception ex)
{
MessageBox.Show("something went wrong somewhere, try again");
}
i posted before another method (very slow one in which i created a mini memory scanner to search the memory for a pattern to find the target name, ofcouse that method is too slow... but since it can be useful in some cases, and since the code can be generalized to create ur own memory scanner, ill keep that post)
[Tutorial] Twelve Sky 2 -How To Find Addresses- 10/16/2018 - 12Sky2 Hacks, Bots, Cheats & Exploits - 154 Replies http://i490.photobucket.com/albums/rr269/ChaoticJa pan/12sky2-Logoedit1.png
Twelve Sky 2
TUTORIAL
-How To Find Addresses-
(Updated 12/11/09)
By ChaoticJapan
Note: "This tutorial was aimed at those new to the forums or memory editing in general.
[Tutorial] How to find some addies 03/10/2010 - Combat Arms - 0 Replies Heyho Guys for this Tutorial you'll need:
MHS
At first the download link
MHS= http://www.elitepvpers.com/forum/combat-arms/450855 -combat-arms-mhs-adresses-advanced-tutorial.html
Now the Different Groups:
Im dump to find tutorial 07/17/2008 - Dekaron - 4 Replies im searching for tutorial for data.pak file dont find anything sry can someone help me?