Pointer+offsets lol

[VisionEP1]

Hallo,
Ich arbeite gerade an einem Tool für lol welches einem im Spiel helfen soll,
Auto timer etc items vorschlagen Fokus usw
Ich habe nur ein Problem es sind so viele Werte und bei manchen Pointen komme ich auf keinen grünen Zweig. Vor allem die respawn zeit

Kann mal wer die Base Pointer +offsets posten
Tjx im voraus

[Pwnyhofpl0x]

kannste knicken... habe da auch paar sachen versucht nach jeden neustart des spiels brauchste nen anderen pointer.

[HackTec]

 Spoiler

Quote:

League of Legends Data & Offset

League of Legends v1.0.0.141 2012/07/11
Base Address
"League of Legends.exe"+009E5568
"League of Legends.exe"+ 009E5568 +68
"League of Legends.exe"+ 009E5568 +14C
"League of Legends.exe"+ 009E5568 +168

Mouse Select Target Info(Base Address+F0)
Data Type：4bytes (No Target the default value is 0)
+E4 = Current HP
+E8 = Max HP
+EC = Current MP
+F0 = Max MP
+F4 = Level
Example："League of Legends.exe"+009E5568+F0+E4=Mosue Select Target Current HP

Data Type：float (No Target the default value is -100)
+548 = Ability Power
+54C = Armor
+550 = Attack Damage
+554 = Attack Speed
+55C = Magic Resist
+560 = Movement Speed
Example："League of Legends.exe"+009E5568+F0+548=Mosue Select Target Ability Power

Personal Info(Base Address+E0)
Data Type：float
+1C = Ability Power
+24 = Attack Damage
+28 =Attack Speed
+34 = Movement Speed
Example："League of Legends.exe"+009E5568+E0+1C = Personal Ability Power

Personal Info(Base Address+E4)
Data Type：4bytes
+58 = Current HP
+5C = Max HP
+60 = HP Regen
+64 = Current MP
+68 = Max MP
+6C = MP Regen
+70 = Level
Example："League of Legends.exe"+009E5568+E4+58 = Personal Current HP

Position Base
"League of Legends.exe"+02B19A18
Data Type：float
+10 = Camera X (Min 300 Max 14000)
+18 = Camera Y (Min 300 Max 14200)
+1F4 = Player X
+1F8 = Player Z
+1FC = Player Y
+200 = Mouse Pos X
+204 = Mouse Pos Z
+208 = Mouse Pos Y
Example："League of Legends.exe"+02B19A18+10 = Camera X

Game Time
Data Type：4bytes
"League of Legends.exe"+00DFE568+00414004=Game Time Second
"League of Legends.exe"+001212580+00414004=Game Time Second

//----------------------------------------------------------------------
Make simple last hit bot
Minion Move Speed = 325
Minion Level = 1
Minion Attack Damage = 12 + 1*(Game Time/180)

void AutoHit()
{
if (GetKeyState(VK_LBUTTON)&(GetMouseTargetMoveSpeed( )==325)){
MouseClickTime = GetTickCount();
if ((MouseClickTime-CamaraMoveTime)>400){
Mouse_POS_X=ReadPointer(LPDWORD(InfoBase+PositionO ffset), 0x200);
Mouse_POS_Y=ReadPointer(LPDWORD(InfoBase+PositionO ffset), 0x208);
}
if ((float)GetMouseTargetCurrentHP()<(((GetMyStateAtt ackDamage()*100)/(100+GetMouseTargetArmor()))+12+(GetGameTime()/180))){
CamaraMoveTime = GetTickCount();
WritePointer(InfoBase+PositionOffset, 0x10, Mouse_POS_X);//Camera X
WritePointer(InfoBase+PositionOffset, 0x18, Mouse_POS_Y);//Camera Y
SetCursorPos(GetSystemMetrics(0)/2,GetSystemMetrics(1)/2);
mouse_event (MOUSEEVENTF_RightDOWN, 0, 0, 0, 0 );
mouse_event (MOUSEEVENTF_RightUP, 0, 0, 0, 0 );
}
}
}


odule info:
LoL.exe = 00400000

Player:
LoL+009ECF64 (00DECF64) offset E4
Player Offsets:
0 = header 4bytes = 10964540 (you can easily find that player struct by just searching this instead of using pointers)
+148 = current hp
+14A = max hp
+14C = current mana
+14E = max mana



Selected Target (right click mouse anything):
LoL+009ECF64, offset F0
Offsets:
0 = header 4bytes = 10967060
I dont remember rest, but if you browse memory region you can easily find hp and mana, so not much.

Other:

Static Camera Position (lookAt):
Start (X): 02E9BB38 (+4 z +4 y +4 rotation)

Static Player Move Point:
Start (X): 02E9BBE0 (+4 z +4 y +4 rotation)

Static Player Model Position:
Start (X): 02EA9238 (+4 z +4 y +4 rotation)




find that health is at 0x1234 and it's storing the value of 1350 (your health);
then set the scan to hex and scan for 0x1234 and find it's at something like 0x2544

static address --> pointer --> health

ADDRESS: static address --> Address you found
VALUE@ADDRESS: pointer location --> health value

the static address is the "pointer" that points to the dynamic memory location at which the health value is stored.
Sometimes there can be a whole chain of pointers that keep pointing to another pointer. A green address in CE will mean it's static, but it never hurts to find out if a non green doesn't change per game launch too.



So for example when I did that to playerX's memory location I would see something for example like:

mov [register + 200], newVal
(Trivial ASM)

so we know that the register that it is using is the base address, and 200 is the offset from the base address for the data structure.

Currently I haven't yet invested much/any time into this stuff aside from any zoom hack stuff I keep updating, or the little amount of time I spent here, But if I were going to keep using such data, I do highly recommend pattern/signature scanning as you've talked about, so something like this you would want to probably see if you could make a signature around the base address


Edit:

For example I just found the PlayerX Dest, we know how their coordinate system works, with X, Z, Y

Quote:

It tells you the "Probable base pointer" but it is very easy to see what the base pointer is without looking at that,
although as the CE tut teaches you these can get much more complex, in which a powerful knowledge of ASM can assist you.

I also ran across a few weird ones which is probably because I'm in the training map and have the cam locked to my character so I would expect to see player dest, player location, and player cam from the search I was doing since they all correspond.

If you got this down to a science, you could just know what the specific start locations are for the training map, and simply when there is a patch you could load up the training map and search for the specific start locations and you'd have your new memory address that you could easily find the main pointer to.


PS:
Sorry if I rambled or it doesn't make sense some places, I'm running on little sleep and am now seeking to find more
felt like I wanted to respond to keep the flow of this topic going.

Edit2:
from that small snippet of code that the window gave us we can see that it moves the value stored at [ebp+08] onto eax before we use eax as a base pointer to add 2BC to find the location of the 'playerX destination', it could be very likely that the value in ebp is also a higher up base pointer which our current pointer that we've been looking at is being stored in. There could be a possibility that ebp is some kind of master pointer, and the player data pointer is +08 on off of it, who knows maybe there's some awesome pointer stored in ebp+04




Finaly i figured out how to get the EBP value and then the address of my Unit Class
Here how i did it :
Attach CE, find mana or health value address, "Find out what access this address"
You should get something like that :

Quote:

So, we have health @ ebp+58 and probably health regen addition @eax

I decided to make a codecave to grab the EBP value. CodeCave need at least 5bytes to work and @ 0x00AAF6CF we only have 3 avaible.
So i moved to 0x00AAF6D2 where we have 6bytes to inject my codecave.

To do this :

Quote:

The codecave is simple, move ebp to a variable and execute the command we overwrote which is this one :

Quote:

So here is the codecave :

Quote:

That's all!
Just dont forget one thing, we you inject a codecave it must be 5bytes, so if you have 6bytes like in this case, NOP one byte so the game dont crash because of an incorrect bytes sequence, its important.

There is some more thing to do to use it but all the necessary is here.

There isnt much source code about league of legends so i hope this will help some people and i want to thank's you again UserNamex32 and Vallz for your help



//----------------------------------------------------------------------
Make simple last hit bot
Minion Move Speed = 325
Minion Level = 1
Minion Attack Damage = 12 + 1*(Game Time/180)

void AutoHit()
{
if (GetKeyState(VK_LBUTTON)&(GetMouseTargetMoveSpeed( )==325)){
MouseClickTime = GetTickCount();
if ((MouseClickTime-CamaraMoveTime)>400){
Mouse_POS_X=ReadPointer(LPDWORD(InfoBase+PositionO ffset), 0x200);
Mouse_POS_Y=ReadPointer(LPDWORD(InfoBase+PositionO ffset), 0x208);
}
if ((float)GetMouseTargetCurrentHP()<(((GetMyStateAtt ackDamage()*100)/(100+GetMouseTargetArmor()))+12+(GetGameTime()/180))){
CamaraMoveTime = GetTickCount();
WritePointer(InfoBase+PositionOffset, 0x10, Mouse_POS_X);//Camera X
WritePointer(InfoBase+PositionOffset, 0x18, Mouse_POS_Y);//Camera Y
SetCursorPos(GetSystemMetrics(0)/2,GetSystemMetrics(1)/2);
mouse_event (MOUSEEVENTF_RightDOWN, 0, 0, 0, 0 );
mouse_event (MOUSEEVENTF_RightUP, 0, 0, 0, 0 );
}
}
}



Auoit Lasthit bot

Quelle : D3Scence

[Gotoxy]

League of Legends v1.0.0.141 2012/07/11
Kannst du nicht lesen?

Und wenn sich deine "pointer" ändern hast du noch nicht den statischen pointer gefunden sondern nur einen dynamischen,also den falschen.


Die Pointer lassen sich sehr einfach finden und dananch mit nem patternscan auch nach (fast) jedem patch in sekundenschnelle neu scannen.

[VisionEP1]

danke schon mal für die Hilfe,
wie gesagt ich brauch die base pointer,

beim der anzahl der tower die der gegner verloren hat ist das z.b. kein problem
(level 1 pointer ist die static adress).

Die von letztem Jahr sind denke ich nicht mehr aktuell oder?

ps:
base adresse von lol auslesen ist wie gesagt kein problem alles schon integriert

danke nochmals

[HackTec]

Quote:

Originally Posted by Gotoxy

League of Legends v1.0.0.141 2012/07/11
Kannst du nicht lesen?

Kannst du nicht Denken ? Es geht nicht um die Aktuellen adressen bei mir sondern Die methode wie man sie findet

[『 』]

Bevor man damit anfängt nach Pointern zu suchen würde ich mich erstmal
grundlegend mit CE beschäftigen.

Was für dich eine möglichkeit wäre was sogar oben erklärt wird wäre ein Pattern
das die die jeweiligen offsets bei einem Update etc liefert.

Versuch das ganze doch einfach per ReClass, dort findest du die Offsets die du für
die jeweiligen Values brauchst. Somit brauchst du am ende auch keine Pointer sondern nur die Base <.<

[d4rk0ne]

i handled to get pretty much all values, however im not able to find the correct pointer for the time, could anyone help me?
im searching for the time as string first e.g: "01:10"
then i get 2 addresses, but when i click "what accesses this address" i dont get any usefull pointer/offset.
so i tried to browse the memory region of the time address, set a breakpoint and get the pointers this way, but i dont know which address/values to take there...
here some screens:

[LeStyle]

for what do you need this "pointer" what can you do with thiss?

[Gotoxy]

String (computer science) - Wikipedia, the free encyclopedia

read it and then use it with brain.exe
maybe not all addr. are strings?*lol*

and cuz you need a lot of basics, read in this forum:

[d4rk0ne]

Quote:

Originally Posted by Gotoxy

String (computer science) - Wikipedia, the free encyclopedia

read it and then use it with brain.exe
maybe not all addr. are strings?*lol*

and cuz you need a lot of basics, read in this forum:

sorry but ur post does not help at all...
i couldnt manage to find the time searching for 4byte or float, thats why i tried to find the text -.-
i think i know the basics, else i wasnt able to find all the other addresses/pointers i guess

[VisionEP1]

still seach