No, the moblist is at like 0x64XXXX. It is around "ClientInfo".
There is 2 easy ways to find it.
1 You use a multiclient. You have a second character move around while you search the coords. Then you trace back from there.
2 You breakpoint the receive mob packet and go from there.
kk thx ^_^ i'll use the first method see if i get any success
Quote:
Originally Posted by high6
You guys are lazy :P.
All I am going to say is that the name has a start ptr followed by an end ptr in the Role structure.
being lazy and just simply not knowing are 2 diff things XD... like i didn't know how to find the mob structure... didn't mean i didn't want to do it :-P
kk thx ^_^ i'll use the first method see if i get any success
being lazy and just simply not knowing are 2 diff things XD... like i didn't know how to find the mob structure... didn't mean i didn't want to do it :-P
I have a question I find that this thread seems to be appropriate...
I am new to finding values in memory in regards to games but I have been a C# programmer for a few years now, so please bare with me as I am learning a lot of things...
I have spent the last 3 hours getting new memory addresses and I have gotten to a challenge trying to find the Char Name address... So far I have been able to find it for any character besides my ninja which leads me to believe that it is not a dynamic address, so, could anyone enlighten me as to what I am doing wrong here? PLEASE!! Do NOT give me that fricken address lol, I want to learn how to get it myself!
I have tried looking up my ninja chars name through text, a byte array, and even snooping around the other values thinking i might find it... major fail.
Btw, I am using CheatEngine and i have found Char name at address 0x013A8468 but it seems to work for only non-ninja chars...
Any clues or help is greatly appreciated and if anyone wants other addresses please let me know and i'll be glad to share.
SwiftWeapon@
player's character name has changed to Dynamic
it used to be around 0x64xxxx (any results that is above 0xffffff is not static, it changes every time u open another client)
but now, at that spot, it is blank
all the XY coordinates are also changed to Dynamic except the real map coordinate
SwiftWeapon@
player's character name has changed to dramatic
it used to be around 0x64xxxx (any results that is above 0xffffff is not static, it changes every time u open another client)
but now, at that spot, it is blank
all the XY coordinates are also changed to dramatic except the real map coordinate
I have opened 10 clients and each one i can find the character name for my water tao.. same address everytime and when I change it, it also changes on CO for my character... it cannot be dynamic.
However, when I try that same thing for my Ninja.. it is blank.. are you saying that the Ninja class has a dynamic Character name ? lol
Also, you have your addresses wrong I think... they used to be at 005D**** and now they are around 013A****
I have a question I find that this thread seems to be appropriate...
I am new to finding values in memory in regards to games but I have been a C# programmer for a few years now, so please bare with me as I am learning a lot of things...
I have spent the last 3 hours getting new memory addresses and I have gotten to a challenge trying to find the Char Name address... So far I have been able to find it for any character besides my ninja which leads me to believe that it is not a dynamic address, so, could anyone enlighten me as to what I am doing wrong here? PLEASE!! Do NOT give me that fricken address lol, I want to learn how to get it myself!
I have tried looking up my ninja chars name through text, a byte array, and even snooping around the other values thinking i might find it... major fail.
Btw, I am using CheatEngine and i have found Char name at address 0x013A8468 but it seems to work for only non-ninja chars...
Any clues or help is greatly appreciated and if anyone wants other addresses please let me know and i'll be glad to share.
I was trying that too , but each client get a different address >.< , i dunno what are happening
SwiftWeapon@
0x5dxxxx, i think that was previous
anyhow, 0x64xxxx is what the current location is, just that it shows blank now
but the stats, coordinates are still there under the blank
SwiftWeapon@
0x5dxxxx, i think that was previous
anyhow, 0x64xxxx is what the current location is, just that it shows blank now
but the stats, coordinates are still there under the blank
I just checked again and you are correct; Character name's are Dynamic... However, ALL addresses above 0xffffff are not dynamic...
Character HP is at 0x013A9920
Also, server time is in the 013A*** range and also not dynamic.. but most other values in there are now dynamic... hmmm... now I must learn how to get values from pointers in memory shouldn't be too hard...
I haven't found the dequeEx yet... about to try a new method of finding it... gonna write a funcition for scanning the conquer memory for all 32 byte consecutive value... then apply that to the formula for the number of mobs in the DequeEx and see if it returns the correct value. If it does, then that the most probable location of the Deque.
From high6 the scan should be from 640000 64FFFF, thats only 64K values to search through.
anyway, i believe i know the real beginning of the mob structs (using the attack function)
char* mobName = mobBaseAddr + 0xE4
int mobXCoord = mobBaseAddr + 0x0298
int mobYCoord = mobBaseAddr + 0x029C
i know its different from the top of the thread, but this works every time for me (when using the first param of the attack function as a pointer to the mob structure)
Edit Notice the mob name is no longer a static string, but a pointer to a string. That must be why we dont see the name of the mob in the mob structure.
Edit Notice the mob name is no longer a static string, but a pointer to a string. That must be why we dont see the name of the mob in the mob structure.
This has been said :P.
+E8 is the ptr to the end of the string.
Also I think it is either a CString or a std::string in the structure. Will check it out more later.
int main() { PROCESSENTRY32 pe32; pe32.dwSize = sizeof(PROCESSENTRY32); HANDLE hTool32 = CreateToolhelp32Snapshot(TH32CS_SNAPALL, 0); if (!Process32First(hTool32, &pe32)) { cerr << "ERROR: Failed to retrieve first running process info." << endl; return 1; } bool conquerFound = false; do { if (strcmp(pe32.szExeFile, "Conquer.exe") == 0) { conquerFound = true; break; } } while (Process32Next(hTool32, &pe32)); if (!conquerFound) { cerr << "ERROR: Could not find running process of Conquer.exe." << endl; return 1; } HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID); bool foundDequeEx = false; uint32_t addr; for (addr = START_ADDR; addr < END_ADDR; ++addr) { // From the genius that is high6 ^_^ // unsafe public int GetSize() // { // byte[] data = ReadBytes(Handle, Address, 0x20); // // fixed (byte* b = data) // { // return (((*(int*)(b + 0x1C) - *(int*)(b + 0xC) >> 2) << 5) + // (*(int*)(b + 0x10) - *(int*)(b + 0x14) >> 2)) + // (*(int*)(b + 0x8) - *(int*)(b + 0x0) >> 2) - 0x20; // } // } char b[0x20]; ReadProcessMemory(hProcess, (void*)addr, b, 0x20, NULL); uint32_t size = (((*(int*)(b + 0x1C) - *(int*)(b + 0xC) >> 2) << 5) + (*(int*)(b + 0x10) - *(int*)(b + 0x14) >> 2)) + (*(int*)(b + 0x8) - *(int*)(b + 0x0) >> 2) - 0x20; //if (size < 100) { if (size < 20) { foundDequeEx = true; cout << "DequeEx might be located at " << uppercase << hex << addr << "." << endl; getch(); // Just test it first. cout << "TESTING" << endl; while (!kbhit()) { char b[0x20]; ReadProcessMemory(hProcess, (void*)addr, b, 0x20, NULL); uint32_t size = (((*(int*)(b + 0x1C) - *(int*)(b + 0xC) >> 2) << 5) + (*(int*)(b + 0x10) - *(int*)(b + 0x14) >> 2)) + (*(int*)(b + 0x8) - *(int*)(b + 0x0) >> 2) - 0x20; cout << "Number of mobs on screen is " << dec << size << "." << endl; Sleep(1000); } if (getch() == 'n') { continue; } else { break; } } } if (!foundDequeEx) { cerr << "ERROR: Could not find DequeEx." << endl; CloseHandle(hProcess); return 1; }
// Test it until keypress. cout << "DequeEx might be located at " << uppercase << hex << addr << "." << endl; cout << "Final test run." << endl; while (!kbhit()) { char b[0x20]; ReadProcessMemory(hProcess, (void*)addr, b, 0x20, NULL); uint32_t size = (((*(int*)(b + 0x1C) - *(int*)(b + 0xC) >> 2) << 5) + (*(int*)(b + 0x10) - *(int*)(b + 0x14) >> 2)) + (*(int*)(b + 0x8) - *(int*)(b + 0x0) >> 2) - 0x20; cout << "Number of mobs on screen is " << dec << size << "." << endl; Sleep(1000); } getch();
CloseHandle(hProcess); return 0; }
EDIT: WOOT FOUND IT!!! xD @ 6502D4.... i swear that works for me EDIT: Hang on, thats reporting twice as many mobs (exactly x 2)... i know im close atleast. xD
Q>about d recent patch offset setting thx. 07/29/2009 - Perfect World - 5 Replies helow i'm ussing MHS-Bot-PW v2.3 nd i'm playing at phil, d old offset setting doesnt work anymore on d new patch, can anyone kind enaf can give me d new setting thx, sory for d wrong spelling coz i'm using my phone, thank you
Question about recent patch 07/18/2009 - Grand Chase Philippines - 13 Replies so yeah NAGC was down for a little early today. i successfully used ZID and got hacks and junk that was fine. but when i reloaded the game again with the same addresses they didnt work so i found new ones.
Main point:do we have to find new addresses again every time we log on >.<?
Patch 4354 all come and talk about it 04/29/2008 - Conquer Online 2 - 3 Replies does anyone here know how to fix the 4354 patch problem if anyone here know how to fix the log in problem then we stil lcould bot again
Massive Reduction in Metdoves after Recent Patch 07/28/2006 - Conquer Online 2 - 5 Replies Has anyone else noticed this? I bot metzone like 5-6 hours a day, and today I log on to do it again, and I quickly realize that there is probably 1/2 the ammount of Doves as there has been in the past. Did TQ remove a majority of them after the patch or what? Because currently metzone looks empty as hell compared to how it used to be.
.
