United Hackprogrammers Front(UHF)-CO2 Memory Tables

[nTL3fTy]

Quote:

Originally Posted by *DiDo*

THANKS ANYWAYS :P

I find the virus in your signature interesting.

[-iIIi-]

Quote:

Originally Posted by joek

Not really the right thread for this question!
*M*'s tool uses this table for many things but not all.
Sadly hes no longer updating his stuff so theres nothing that can be done,
unless hes comes back or gives his work to someone else for updating.

Ah ok, cause I've been using the same M Multi Hack thing and I been using your tables they all worked fine, up untill 5022, Thanks anyways =D.

[fridaykw]

Quote:

Originally Posted by joek

If your talking about the arrow reloader in co2m8, then you need to wait for next version of it, its almost cooked.
BTW that point should have been posted in the co2m8 development thread(if thats what you meant)

EDIT:The new version of co2m8(1.44) is now out.


NOTE: I will do a r2 table with the correction to the AccountID address, I'm still waiting on the conclusion to the X/Y coordinates tho, which addresses should be in the table for these?
Any other problems found?

Thanks.. and keep up the good work..
it was the arrow reload
THANKS!

[Jalan_Jalan]

Can someone check please if this works?

Memory Adress for lucky time:

0x00570484 + 0x20 + 0x14 + 0x24

(Pointer with 3 offsets)

Maybe this would be useful to implement a "lucky time" check in Co2m8, I alsoways find it annoying when I have 1 char sitting in LT, playing on another, forgetting the first, and when I check back the lucky time is gone lol.

[warriorchamp]

Quote:

Originally Posted by Jalan_Jalan

Can someone check please if this works?

Memory Adress for lucky time:

0x00570484 + 0x20 + 0x14 + 0x24

(Pointer with 3 offsets)

Maybe this would be useful to implement a "lucky time" check in Co2m8, I alsoways find it annoying when I have 1 char sitting in LT, playing on another, forgetting the first, and when I check back the lucky time is gone lol.

Yes, this works perfectly
It is 0 when the character dont have lucky time, other way it tells that the character how many LT have (in seconds).

[blinksta]

Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1

File to upload & scan:
Service
Service load: 0% 100%

File: CO2m8_144.rar
Status: INFECTED/MALWARE
MD5: 963a8fbd081720a5551471e54410bcb4
Packers detected: -
Bit9 reports:

Scanner results
Scan taken on 10 May 2008 11:41:32 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found PUA.Packed.Themida <--??
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found BehavesLikeWin32.ExplorerHijack <--??
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found Sus/ComPack (probable variant) <---??
VirusBuster Found nothing
VBA32 Found nothing

Powered by

Disclaimer
This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, We cannot and will not be held responsible for any damage caused by results presented by this non-profit online service.

Also, we are aware of the implications of a setup like this. We are sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). We are aware, in spite of efforts to proactively counter these, false positives might occur, for example. We do not consider this a very big issue, so please do not e-mail us about it. This is a simple online scan service, not the university of Wichita.

Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware.

Virus definitions are updated every hour. There is a 10Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample.

Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception. Read more about this in our privacy policy. If you do not want your files to be distributed, please do not send them at all.

Sponsored by HotelScraper.com.
--------------------------------------------------------------------------------


Statistics
Last file scanned at least one scanner reported something about: TibiaAutoSetup_1_16_2.exe (MD5: 10aba2492843764e05decec0c157e8d5, size: 883240 bytes), detected by:

Scanner Malware name
A-Squared X
AntiVir X
ArcaVir Worm.Golwa.Fha
Avast X
AVG Antivirus X
BitDefender Backdoor.Bifrose.ZZQ
ClamAV Trojan.Bifrose-2792
CPsecure X
Dr.Web X
F-Prot Antivirus X
F-Secure Anti-Virus X
Fortinet X
Ikarus X
Kaspersky Anti-Virus X
NOD32 X
Norman Virus Control X
Panda Antivirus Bck/Bifrose.AKL
Sophos Antivirus Mal/Generic-A
VirusBuster X
VBA32 X


You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
We are not affiliated with any third parties that conduct tests using this service.





Frequently asked questions - Feedback - Privacy policy



Page generated by JTPL

© 2004-2008 Jordi Bosveld <>
dude i love your program but wtf is this ?
i been useing it for like as long as its been out, i ono maybe its a mistake ??
let us know.

[warriorchamp]

@blinksta

Did you see here ppl saying "OMG, this is a virus, i've loosed my gear!!!"?
Joek, will not publish any trojan/worm. All of his tools was scanned by Mods, and nobody found any suspicious thing in it...

[tanelipe]

[Offtopic]

If anyone is intrested in how to read pointer with offsets in C#, here you go (You need to invoke ReadProcessMemory from kernel32) :

Code:

// Basic reading, insert value to Buffer;
public static void ReadMemory(IntPtr pID, IntPtr mAddress, ref byte[] Buffer, byte Size)
    {
        Buffer = new byte[Size];
        IntPtr BytesWritten = IntPtr.Zero;
        ReadProcessMemory(pID, mAddress, Buffer, (UIntPtr)Size, out BytesWritten);
    }
// Follow pointers through pointers.
public static byte[] ReadPointer(IntPtr pID, IntPtr BaseAddress, byte[] Offsets)
    {
        byte[] Ptr = new byte[4];
        ReadMemory(pID, BaseAddress, ref Ptr, 4);
        for (byte i = 0; i < Offsets.Length; i++)
        {
            int Offset = BitConverter.ToInt32(Ptr, 0) + Offsets[i];
            ReadMemory(pID, new IntPtr(Offset), ref Ptr, 4);
        }
        return Ptr;
    }

Example usage : (LuckyTime from above)

Code:

            IntPtr HWND = Process.GetProcessesByName("Conquer")[0].Handle;
            IntPtr BaseAddress = new IntPtr(0x570484);
            byte[] Offsets = new byte[] { 0x20, 0x14, 0x24 };

            byte[] Pointer = ReadPointer(HWND, BaseAddress, Offsets);
            int LuckyTime = BitConverter.ToInt32(Pointer, 0);
            Console.WriteLine("You have " + LuckyTime + " seconds LT left.");

[/Offtopic]

P.S Sorry to interupt :P

[joek]

@blinksta
thank you for your input, but in the future please post to the appropriate thread,
your post is about co2m8 and so belongs in the m8 dev thread and you will notice this subject has already been addressed there.

Since this thread deals with text only tables that really can't be infected in any way I
guess your just trying to undermine my reputation upto you but your wasting your time.

[lwl1991]

Can someone tell me how to do this in C++?



PS: dun ask me why i want it in C++...

[ephe]

Following, are my findings about Y coord (suppose the X is pretty much similar, but this evening I decided to play with Y axis )
-observations appear to be consistent 100% to me-

0056FF84 Realtime Y (even during jumps)

0056BD14 Destination Y (either by running/walking or jumping, it's the Y coord of where you clicked or ctrl-clicked; becomes 0 after sitting; this is the value that address above will have when destination is reached)

0056A338 Destination Y (only by running/walking, if you jump to somewhere by ctrl-clicking it will stay unchanged)

0056A330 Same as above (at least couldn't find different behaviours from above)

0056A328 Y coord where you came from (ONLY if by running/walking, remains unchanged if jumping)

EDIT: from a quick verification (didn't dig up much into it though), exact same rules apply to X coord, being X address = Y address - 4 (realtime X would be 0056FF80)


EDIT
More on the same topic:

Coordinates of the monsters attacking you (more appropriately, coordinates of origin of the attack you are receiving):

X: 0012C4D4
Y: 0012C4D6

(These get updated at each attack; example, the instant you get hit by a Mob, they show the coords of the mob, right after that they report either 0 or a 10000+ value, then at the next attack they are back to the coords of the attacking monster; if you have 3 monsters around you attacking, they get updated to the coords of the monster which is attacking in that moment; for some weird reason, when you jump these addresses store for a short while the coords of the spot you jumped from, then go back to an unrelevant value).

HP: 011695F8 (I get a constantly correct value at this address, even after client restart)

Kills counter: 031FB844

I also found the memory addresses (4 bytes offset from each other) of a random onscreen monster, they usually had unrelevant values, but when they did have a "usable" value, they pointed to an onscreen monster... even after it was dead for quite a while. But after a client restart, they always had no set value, so it's obvious they were the result of a pointer/offset addressing, which I am yet far from finding


And after this, I don't want to hear about memory addresses for the rest of the day :P

[warriorchamp]

@ephe
A lot of these addresses are not static addresses. So these values will be on another addresses on other PCs.
Only the 0056xxxx addresses are static addresses (so they can be used) from the listed addresses

Im close to find the monsters' coords addresses

[ephe]

You are right about the kills counter. But for the origin of attack coords I am getting consistent results after several client restarts... maybe the address will still be different on a different PC (even if I don't see a reason why). Did you check that origin of attack coords and HP addresses are different on your pc?

And well... I did find the region where monsters coords are dinamically stored... too.... I only need to determine base address and offsets

[warriorchamp]

Quote:

Originally Posted by ephe

You are right about the kills counter. But for the origin of attack coords I am getting consistent results after several client restarts... maybe the address will still be different on a different PC (even if I don't see a reason why). Did you check that origin of attack coords and HP addresses are different on your pc?

And well... I did find the region where monsters coords are dinamically stored... too.... I only need to determine base address and offsets

The HP address is totally wrong... The coords give an ***.*** value...
I figured it out that every day is a method with we can check the HP...
So on day1 is method1, day2 is method2,....,dayn is methodn. I found 4 methods... And already 1 method repeated So maybe we can find the HP if we know when starts and ends a "day". (not at 0:00)

[joek]

Its not unusual to get back the same slice of dma memory if you shutdown and restart a client.
To ensure static locations you need to run something that likes to chew memory after exiting and before restarting the client again.
Or restart the PC.