|
You last visited: Today at 01:48
Advertisement
Let's talk about the recent patch and changes
Discussion on Let's talk about the recent patch and changes within the CO2 Programming forum part of the Conquer Online 2 category.
05/21/2009, 22:12
|
#16
|
elite*gold: 20 
Join Date: Aug 2007
Posts: 1,749
Received Thanks: 2,199
|
Quote:
Originally Posted by high6
No, the moblist is at like 0x64XXXX. It is around "ClientInfo".
There is 2 easy ways to find it.
1 You use a multiclient. You have a second character move around while you search the coords. Then you trace back from there.
2 You breakpoint the receive mob packet and go from there.
|
Why would you need a multi-client when you only need two characters for option number 1? Lol  .
Ps. anyone got any updates on what the connection between Target/MobBaseAddress and Target/MobNameAddress is? 
|
|
|
|
05/22/2009, 00:17
|
#17
|
elite*gold: 0
Join Date: Jun 2006
Posts: 965
Received Thanks: 576
|
You guys are lazy :P.
All I am going to say is that the name has a start ptr followed by an end ptr in the Role structure.
|
|
|
|
|
05/22/2009, 01:24
|
#18
|
elite*gold: 0
Join Date: Mar 2009
Posts: 427
Received Thanks: 479
|
Quote:
Originally Posted by high6
No, the moblist is at like 0x64XXXX. It is around "ClientInfo".
There is 2 easy ways to find it.
1 You use a multiclient. You have a second character move around while you search the coords. Then you trace back from there.
2 You breakpoint the receive mob packet and go from there.
|
kk thx ^_^ i'll use the first method see if i get any success
Quote:
Originally Posted by high6
You guys are lazy :P.
All I am going to say is that the name has a start ptr followed by an end ptr in the Role structure.
|
being lazy and just simply not knowing are 2 diff things XD... like i didn't know how to find the mob structure... didn't mean i didn't want to do it :-P
|
|
|
|
|
05/22/2009, 01:42
|
#19
|
elite*gold: 0
Join Date: Jun 2006
Posts: 965
Received Thanks: 576
|
Quote:
Originally Posted by ookamocka
kk thx ^_^ i'll use the first method see if i get any success
being lazy and just simply not knowing are 2 diff things XD... like i didn't know how to find the mob structure... didn't mean i didn't want to do it :-P |
You think I knew how to find it at first?
|
|
|
|
|
05/22/2009, 04:08
|
#20
|
elite*gold: 0
Join Date: Nov 2005
Posts: 44
Received Thanks: 7
|
I have a question I find that this thread seems to be appropriate...
I am new to finding values in memory in regards to games but I have been a C# programmer for a few years now, so please bare with me as I am learning a lot of things...
I have spent the last 3 hours getting new memory addresses and I have gotten to a challenge trying to find the Char Name address... So far I have been able to find it for any character besides my ninja which leads me to believe that it is not a dynamic address, so, could anyone enlighten me as to what I am doing wrong here? PLEASE!! Do NOT give me that fricken address lol, I want to learn how to get it myself!
I have tried looking up my ninja chars name through text, a byte array, and even snooping around the other values thinking i might find it... major fail.
Btw, I am using CheatEngine and i have found Char name at address 0x013A8468 but it seems to work for only non-ninja chars...
Any clues or help is greatly appreciated and if anyone wants other addresses please let me know and i'll be glad to share.
|
|
|
|
|
05/22/2009, 04:13
|
#21
|
elite*gold: 20
Join Date: Oct 2008
Posts: 976
Received Thanks: 668
|
SwiftWeapon@
player's character name has changed to Dynamic
it used to be around 0x64xxxx (any results that is above 0xffffff is not static, it changes every time u open another client)
but now, at that spot, it is blank
all the XY coordinates are also changed to Dynamic except the real map coordinate
|
|
|
|
|
05/22/2009, 04:28
|
#22
|
elite*gold: 0
Join Date: Nov 2005
Posts: 44
Received Thanks: 7
|
Quote:
Originally Posted by Evan Lim
SwiftWeapon@
player's character name has changed to dramatic
it used to be around 0x64xxxx (any results that is above 0xffffff is not static, it changes every time u open another client)
but now, at that spot, it is blank
all the XY coordinates are also changed to dramatic except the real map coordinate
|
I have opened 10 clients and each one i can find the character name for my water tao.. same address everytime and when I change it, it also changes on CO for my character... it cannot be dynamic.
However, when I try that same thing for my Ninja.. it is blank.. are you saying that the Ninja class has a dynamic Character name ? lol
Also, you have your addresses wrong I think... they used to be at 005D**** and now they are around 013A****
|
|
|
|
|
05/22/2009, 04:30
|
#23
|
elite*gold: 0
Join Date: Mar 2006
Posts: 44
Received Thanks: 9
|
Quote:
I have a question I find that this thread seems to be appropriate...
I am new to finding values in memory in regards to games but I have been a C# programmer for a few years now, so please bare with me as I am learning a lot of things...
I have spent the last 3 hours getting new memory addresses and I have gotten to a challenge trying to find the Char Name address... So far I have been able to find it for any character besides my ninja which leads me to believe that it is not a dynamic address, so, could anyone enlighten me as to what I am doing wrong here? PLEASE!! Do NOT give me that fricken address lol, I want to learn how to get it myself!
I have tried looking up my ninja chars name through text, a byte array, and even snooping around the other values thinking i might find it... major fail.
Btw, I am using CheatEngine and i have found Char name at address 0x013A8468 but it seems to work for only non-ninja chars...
Any clues or help is greatly appreciated and if anyone wants other addresses please let me know and i'll be glad to share.
|
I was trying that too , but each client get a different address >.< , i dunno what are happening
|
|
|
|
|
05/22/2009, 04:36
|
#24
|
elite*gold: 20
Join Date: Oct 2008
Posts: 976
Received Thanks: 668
|
SwiftWeapon@
0x5dxxxx, i think that was previous
anyhow, 0x64xxxx is what the current location is, just that it shows blank now
but the stats, coordinates are still there under the blank
|
|
|
|
|
05/22/2009, 04:40
|
#25
|
elite*gold: 0
Join Date: Nov 2005
Posts: 44
Received Thanks: 7
|
Quote:
Originally Posted by Evan Lim
SwiftWeapon@
0x5dxxxx, i think that was previous
anyhow, 0x64xxxx is what the current location is, just that it shows blank now
but the stats, coordinates are still there under the blank
|
I just checked again and you are correct; Character name's are Dynamic... However, ALL addresses above 0xffffff are not dynamic...
Character HP is at 0x013A9920
Also, server time is in the 013A*** range and also not dynamic.. but most other values in there are now dynamic... hmmm... now I must learn how to get values from pointers in memory shouldn't be too hard...
|
|
|
|
|
05/22/2009, 05:18
|
#26
|
elite*gold: 0
Join Date: Jun 2006
Posts: 965
Received Thanks: 576
|
If the address is not inside a module (IE Conquer.exe in the process is 0x400000-0x678000) it is dynamic.
Anyways... Just searching for the name wont get you very far.
|
|
|
|
|
05/22/2009, 05:28
|
#27
|
elite*gold: 0
Join Date: Nov 2005
Posts: 44
Received Thanks: 7
|
Quote:
Originally Posted by high6
If the address is not inside a module (IE Conquer.exe in the process is 0x400000-0x678000) it is dynamic.
Anyways... Just searching for the name wont get you very far.
|
Do you have any insight to what I should be searching for then? Thank you for the info about where the dynamics are, it should help me in my quest.
|
|
|
|
|
05/22/2009, 06:31
|
#28
|
elite*gold: 0
Join Date: Feb 2007
Posts: 348
Received Thanks: 2,175
|
I haven't found the dequeEx yet... about to try a new method of finding it... gonna write a funcition for scanning the conquer memory for all 32 byte consecutive value... then apply that to the formula for the number of mobs in the DequeEx and see if it returns the correct value. If it does, then that the most probable location of the Deque.
From high6 the scan should be from 640000 64FFFF, thats only 64K values to search through.
anyway, i believe i know the real beginning of the mob structs (using the attack function)
char* mobName = mobBaseAddr + 0xE4
int mobXCoord = mobBaseAddr + 0x0298
int mobYCoord = mobBaseAddr + 0x029C
i know its different from the top of the thread, but this works every time for me (when using the first param of the attack function as a pointer to the mob structure)
Edit Notice the mob name is no longer a static string, but a pointer to a string. That must be why we dont see the name of the mob in the mob structure.
|
|
|
|
|
05/22/2009, 07:12
|
#29
|
elite*gold: 0
Join Date: Jun 2006
Posts: 965
Received Thanks: 576
|
Quote:
Originally Posted by clintonselke
Edit Notice the mob name is no longer a static string, but a pointer to a string. That must be why we dont see the name of the mob in the mob structure.
|
This has been said :P.
+E8 is the ptr to the end of the string.
Also I think it is either a CString or a std::string in the structure. Will check it out more later.
|
|
|
|
|
05/22/2009, 07:27
|
#30
|
elite*gold: 0
Join Date: Feb 2007
Posts: 348
Received Thanks: 2,175
|
Alright, i wiped up a program to search from 640000 to 64FFFF to find the mob deque... no luck yet.
Has the formula for the size of the DequeEx changed?
PHP Code:
#include <windows.h>
#include <Tlhelp32.h>
#include <stdint.h>
#include <iostream>
#include <iomanip>
#include <string>
#include <conio.h>
using namespace std;
uint32_t const START_ADDR = 0x640000;
uint32_t const END_ADDR = 0x64FFFF;
int main()
{
PROCESSENTRY32 pe32;
pe32.dwSize = sizeof(PROCESSENTRY32);
HANDLE hTool32 = CreateToolhelp32Snapshot(TH32CS_SNAPALL, 0);
if (!Process32First(hTool32, &pe32)) {
cerr << "ERROR: Failed to retrieve first running process info." << endl;
return 1;
}
bool conquerFound = false;
do {
if (strcmp(pe32.szExeFile, "Conquer.exe") == 0) {
conquerFound = true;
break;
}
} while (Process32Next(hTool32, &pe32));
if (!conquerFound) {
cerr << "ERROR: Could not find running process of Conquer.exe." << endl;
return 1;
}
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID);
bool foundDequeEx = false;
uint32_t addr;
for (addr = START_ADDR; addr < END_ADDR; ++addr) {
// From the genius that is high6 ^_^
// unsafe public int GetSize()
// {
// byte[] data = ReadBytes(Handle, Address, 0x20);
//
// fixed (byte* b = data)
// {
// return (((*(int*)(b + 0x1C) - *(int*)(b + 0xC) >> 2) << 5) +
// (*(int*)(b + 0x10) - *(int*)(b + 0x14) >> 2)) +
// (*(int*)(b + 0x8) - *(int*)(b + 0x0) >> 2) - 0x20;
// }
// }
char b[0x20];
ReadProcessMemory(hProcess, (void*)addr, b, 0x20, NULL);
uint32_t size = (((*(int*)(b + 0x1C) - *(int*)(b + 0xC) >> 2) << 5) +
(*(int*)(b + 0x10) - *(int*)(b + 0x14) >> 2)) +
(*(int*)(b + 0x8) - *(int*)(b + 0x0) >> 2) - 0x20;
//if (size < 100) {
if (size < 20) {
foundDequeEx = true;
cout << "DequeEx might be located at " << uppercase << hex << addr << "." << endl;
getch();
// Just test it first.
cout << "TESTING" << endl;
while (!kbhit()) {
char b[0x20];
ReadProcessMemory(hProcess, (void*)addr, b, 0x20, NULL);
uint32_t size = (((*(int*)(b + 0x1C) - *(int*)(b + 0xC) >> 2) << 5) +
(*(int*)(b + 0x10) - *(int*)(b + 0x14) >> 2)) +
(*(int*)(b + 0x8) - *(int*)(b + 0x0) >> 2) - 0x20;
cout << "Number of mobs on screen is " << dec << size << "." << endl;
Sleep(1000);
}
if (getch() == 'n') {
continue;
} else {
break;
}
}
}
if (!foundDequeEx) {
cerr << "ERROR: Could not find DequeEx." << endl;
CloseHandle(hProcess);
return 1;
}
// Test it until keypress.
cout << "DequeEx might be located at " << uppercase << hex << addr << "." << endl;
cout << "Final test run." << endl;
while (!kbhit()) {
char b[0x20];
ReadProcessMemory(hProcess, (void*)addr, b, 0x20, NULL);
uint32_t size = (((*(int*)(b + 0x1C) - *(int*)(b + 0xC) >> 2) << 5) +
(*(int*)(b + 0x10) - *(int*)(b + 0x14) >> 2)) +
(*(int*)(b + 0x8) - *(int*)(b + 0x0) >> 2) - 0x20;
cout << "Number of mobs on screen is " << dec << size << "." << endl;
Sleep(1000);
}
getch();
CloseHandle(hProcess);
return 0;
}
EDIT: WOOT FOUND IT!!! xD @ 6502D4.... i swear that works for me 
EDIT: Hang on, thats reporting twice as many mobs (exactly x 2)... i know im close atleast. xD
|
|
|
|
 |
|
Similar Threads
|
Q>about d recent patch offset setting thx.
07/29/2009 - Perfect World - 5 Replies
helow i'm ussing MHS-Bot-PW v2.3 nd i'm playing at phil, d old offset setting doesnt work anymore on d new patch, can anyone kind enaf can give me d new setting thx, sory for d wrong spelling coz i'm using my phone, thank you
|
Question about recent patch
07/18/2009 - Grand Chase Philippines - 13 Replies
so yeah NAGC was down for a little early today. i successfully used ZID and got hacks and junk that was fine. but when i reloaded the game again with the same addresses they didnt work so i found new ones.
Main point:do we have to find new addresses again every time we log on >.<?
|
Patch 4354 all come and talk about it
04/29/2008 - Conquer Online 2 - 3 Replies
does anyone here know how to fix the 4354 patch problem if anyone here know how to fix the log in problem then we stil lcould bot again
|
Massive Reduction in Metdoves after Recent Patch
07/28/2006 - Conquer Online 2 - 5 Replies
Has anyone else noticed this? I bot metzone like 5-6 hours a day, and today I log on to do it again, and I quickly realize that there is probably 1/2 the ammount of Doves as there has been in the past. Did TQ remove a majority of them after the patch or what? Because currently metzone looks empty as hell compared to how it used to be.
|
All times are GMT +1. The time now is 01:49.
|
|
