Register for your free account! | Forgot your password?

Go Back   elitepvpers > Guild Wars 2 > GW2 Main - Discussions / Questions
You last visited: Today at 15:14

  • Please register to post and access all features, it's quick, easy and FREE!

 

Memory reading - How is target HP hid?

Reply
 
Old   #1
 
elite*gold: 0
Join Date: Dec 2007
Posts: 5
Received Thanks: 0
Memory reading - How is target HP hid?

I was going to make a DPS meter for the game but found out that I can't even find any proper presentation for target HP value.

Tried searching all the value types and played with decreasing/increasing values even in reverse order but found nothing that would follow the changes properly in the end.

So, does anyone happen to know how to read target HP value in Guild Wars 2?



14422 is offline  
Old   #2
 
elite*gold: 0
Join Date: Sep 2011
Posts: 11
Received Thanks: 2
The targetAgent is located in AsContext. Find the ChCliCharacter this belongs to(there's probably pointer in agchar to character or iterate through character array) and get health value from the ChCliHealth. Health offset can be easily found by searching for m_health assert.

A better way to calculate dps would be to use
Code:
AsCombatEventManager::DisplayDamage

//found using this assert "type < AGENT_STATUS_COMBAT_EVENT_TYPE"
const static BYTE PATTERN[] = { 
	0x83, 0xEC, 0x2C, //sub esp, 0x2C(stack size)
	0x83, 0x7D, 0x08, 0x2F, //cmp [ebp+arg_0], 2Fh(AGENT_STATUS_COMBAT_EVENT_TYPES)
	0x53, //push ebx
	0x56, //push esi
	0x57, //push edi
	0x8B, 0xF1, //mov esi, ecx
	0x7C, 0x14, //jl 0x14(offset)
	0x68, '?', 0x00, 0x00, 0x00 }; //pushes line number to assertion function. Line numbers usually change often, so it's ignored.
It shows damage numbers on the screen. This way you can calculate your own dps and seperate condition damage.


merphz is offline  
Thanks
1 User
Old   #3
 
elite*gold: 0
Join Date: Dec 2015
Posts: 11
Received Thanks: 2
thanks Good Work :]
endgame003 is offline  
Old   #4
 
elite*gold: 0
Join Date: Dec 2007
Posts: 5
Received Thanks: 0
Haven't done that level memory reading yet but I guess it's time to learn!


14422 is offline  
Old   #5
 
elite*gold: 0
Join Date: Dec 2007
Posts: 5
Received Thanks: 0
Apparently people start by reverse engineering the client with some compiler and then mixing in hex editor and so on to find the "getCliContext" for the known offsets but I was wondering can this be done somehow with Cheat Engine alone?

At least following hp changes of target and then showing it on disassembler leads me close to AsContext stuff () but I do not know how to continue this as none of the guides did this with cheat engine.

So, any knowledge of how the process goes with Cheat Engine?
14422 is offline  
Old   #6
 
elite*gold: 0
Join Date: Sep 2011
Posts: 11
Received Thanks: 2
Quote:
Originally Posted by 14422 View Post
Apparently people start by reverse engineering the client with some compiler and then mixing in hex editor and so on to find the "getCliContext" for the known offsets but I was wondering can this be done somehow with Cheat Engine alone?

At least following hp changes of target and then showing it on disassembler leads me close to AsContext stuff () but I do not know how to continue this as none of the guides did this with cheat engine.

So, any knowledge of how the process goes with Cheat Engine?
I use IDA as disassembler.

You could do this using CE too. You could find it using CE pointer scan by doing pointer scan for address that is located somewhere in cliContext(e.g controlledPlayer) You can easily find out information about the object by looking at the vtable.

Vtable of the ascontext ends where the assert stuff begins. Usually first entry of the vtable is referenced in the constructor. Constructor usually contains a lot of juicy stuff.

Why do you want to limit yourself by using only CE?

asContext & cliContext
merphz is offline  
Thanks
1 User
Old   #7
 
elite*gold: 0
Join Date: Apr 2009
Posts: 793
Received Thanks: 365
Any polymorphic object is always layouted as:

Code:
Base1_VftablePtr (only if Base1 is polymorhpic)
Base1_member1
Base1_member2
...
Base2_VftablePtr (only if Base2 is polymorhpic)
Base2_member1
...
Child_VftablePtr (only if Child is polymorphic)
Child_member1
...
Virtual calls usually look something like this:
Code:
mov eax, [ecx + offset] // eax contains the vftable ptr
mov eax, [eax + funcOffset] // on 32bit funcOffset = n * 4, on 64bit n*8 respectively, where n indexes the n-firstly declared virtual function
push ...
push ...
call eax
To find about the layout of a class its usually sufficient to look out for the actual virtual calls. If you need the actual vftable pointers its usually sufficient to simply break on any code part where an object of a class you are interessted in is used and just inspect the object at runtime.
Xereon is offline  
Thanks
1 User
Old   #8
 
elite*gold: 0
Join Date: Dec 2007
Posts: 5
Received Thanks: 0
Quote:
Originally Posted by merphz View Post
Why do you want to limit yourself by using only CE?
At first I'd like to thank you for info!

About CE, I just thought it would be the easiest way for me as I'm only trying to make a DPS meter here and nothing else. I don't have any experience of disassemblers.

Gotta try this stuff when I manage to get more time. Cheers o/
14422 is offline  
Old   #9
 
elite*gold: 0
Join Date: Dec 2007
Posts: 5
Received Thanks: 0
So yeah, no chances. This stuff can't be just figured out with IDA and CE.

Why there's no guides about using reverse engineering as a part of memory reading? People seem like they are trying to hide it unlike pointer scanning which has so many guides, tutorials and so one available around net. Of course there's stuff about learning assembly but nothing past that.

Is GW2 some kind of special case where reverse engineering is needed for memory reading? Before this I've managed to do all the memory reading just with CE without going into assembly level.


14422 is offline  
Reply



« Previous Thread | Next Thread »

Similar Threads
[Help] reading memory c++
Hello Epvpers! I have a little problem with my simple and stupid farm bot for a game. The bot need to read current Hp and the map ID. These...
5 Replies - C/C++
[Vb.NET] WoW Memory Reading
Hallo, Ist es irgendwie möglich mit VB.NET die Memory von WoW auszulesen wie bei C# mit der BlackMagic.dll Danke m vorraus
1 Replies - WoW Ask the Experts
VB 08 Memory Reading
Hallo, Ich wollte in einem Spiel die HP auslesen lasse, dabei bin ich aber auf ein Problem gestoßen. Das Problem ist, das die Pointer Adresse...
2 Replies - .NET Languages
Reading wep type of target
is there a way i can get injection to find the object type of the weapon held in the targets hand?
1 Replies - General Gaming Discussion
Memory reading help...
Hi, I need to read the amount of arrows on an archer (0-500). I have the pointer and offset, and i can get the right number in cheat engine,...
1 Replies - CO2 Main - Discussions / Questions



All times are GMT +2. The time now is 15:14.


Powered by vBulletin®
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.

Support | Contact Us | FAQ | Advertising | Privacy Policy
Copyright ©2017 elitepvpers All Rights Reserved.