I guess they adjusted the EULA in some way that allows them to; I didn't check.

Removing Winlicence seems to be a breeze though, Cheak out Dillodie and simular tools.
You cannot attach standard CE , since it detects CE's kernelmode driver. Compile your own CE, and it will suceed.

Well, I guess I'm a dumbass because the only breeze I see here are my farts lol. Hmm, that's not funny. Anyhow, tried Dillodie 1.6 and it doesn't seem to do much. Well it didn't dump anything.

Anyway, thank you for your help. But I guess I'm a lost cause.

Dillodie won't remove Nanomites.
Sorry, I cant help you much either, since I have absolutly no interest in this game (I haven't even downloaded it).

Cheers

@sweetlady, are you trying to find the addresses/offsets for the game?

@all, has anyone manage to find the coordinates or the target name? I can't seem to find the coordinates in any type: byte, short, int, long (? 8 byte), float/single, double... can't figure it out. All other PWE games uses float or double for coordinates, IIRC.

Thanks.

Actually, I am.

You don't need to use break points to find offsets. Most of the offsets are similar to other PWE titles.

Player, NPC and Loots coordinates are still floats at 3c, 40, 44.

Noticeable differences are quest structure and list structures (ie. bag, storage, pet).

Remember in FW, all unique Ids are 64-bit ulong.

If anyone finds the offsets for pet's max HP (or HP ratio), and pet's belly, please let me know.

Thank you all for the help. I know Vuduy provided us with the base adress and offsets and with the send packet adress. But I still wanted to find them on my own. But since I can't use CE debugger, it's a b...

Plus Dillodie, I'm not sure but I think it's not up to date with armadillo 1.71 because it doesn't find anything for me. All it dumped was: ?-Not Armadillo protected.

i'm kind of new here, but i was wondering if anyone figured out a bot or hack for FW yet..

i've been playing with CE 6.0 (yes, new to hacking too) and i haven't had any problems with the game locking up or anything. i found codes for current hp, max hp, exp bar, hell, i even gave my 21 vampire like 9k def.. problem is, these things were merely cosmetic.. nothing actually DID anything. when i modded the exp she had and killed something, it reverted back to it's actual position.. tho i did find the code for it, no prob. again, with the defense, i gave her a huge number, but it didn't actually effect the char's stats, it just showed a huge number in the char stats window. i gave her an insane amount of attk, but it did nothing. same with hp, did nothing.. i'm assuming these things aren't hackable?

i did notice that when i changed the char's hp for all the addresses i managed to get, it would slightly glitch. it would sit at the number (value) i set it at, but every second or so for maybe 100 ms it would revert to it's actual number, then back to my set value.

mainly i've just been trying to find the attack speed address. if i can do that, i can build a decent hack for some friends and i to use. i know it's got some kind of invisible, end user... anti-hack.. plutonium powered hyperdrive or some random garble..
(which i'm starting to think these developers are just making random stuff up lol)
but anyway, they say it's unhackable, but nothing's unhackable.. anything with digital info IS indeed hackable. (period) :P

so i guess in short, i was wondering if anyone could help me a little with trying to figure it out.
any help would be appreciated :)
thanks, JP

All values in FW and every PWE game server version 1.3.6+ are serversided, hence all your changes you can do with CE are merely cosmetic.

Hi guys im happy to see a very great thread like this...ill try to help too..currently downloading the game. .Good Luck to us. .

Did you try the ''what accessed this adress'' once you found the adresses for your hp to get the offsets?

If my memory is good, last time I checked I think the offset was 10

10 as in 0x10 or 0xA?

Both are useless data.

Do you even know the pet list offsets?

0x10

No, I would need more than 1 pet to retrieve the pet list then, which is not the case, since I don't play much

Well, if you don't even know the pet list offsets, then how do you even come up with 0x10?

And no, the structure is nothing like PWI.

Forsaken World game.exe dies when debugger is attached for simple reason: the function start of DbgUiRemoteBreakin (ntdll.dll) is patched with retn 0ch

Restore function start to the default bytes, and OllyDbg (what I use) attaches without problem. LoadLibraryA and ExitProcess also are hooked.

Remember, this apply to the second spawned game.exe process, not the first. The second process is target, the first yields nothing useful (from what I observe so far).

edit: Confirmed, the first instance of game.exe may be suspended and terminated, without effecting the second running game.exe

Be well,

so is there any hack?:D CE 6.0 works fine so it will be easy to find dmg hack or other things i think:D

Doesn't work fine for me. IDK if it's because I'm on Windows 7 64.

can you make a bot.. for this game.. that auto skill and auto detect the mobs

i have windows 7 84 and it works fine(ce 6.0) but i dont have any idea how to do dmg hack or other possible cheats using ce...

Run the 64 bit version of CE6. If you run 32 bit, the game freezes and crashes eventually. 32 bit can't detect/read 64 bit apps but 64 bit can detect/read 32 bit

Thx, vuduy. Is the base offset for coordinates same as character's structure for the coordinates? Cause the character name is a different pointer from character's. I tried to find the pets but apparently, the ID is generated every time the pet is summon, even if it's the same pet. So I think we need to find the pointer or op code that execute 'call pet' and get the ID and pet stats from there.

All player's offsets are the same as character's offsets including name and coordinates.
If you have something different, then yours is not correct.

This is what I have from CE.

Character name: "game.exe"+00937BE4

common Character structure start:

"game.exe"+0093B5C0 + 0x24

the final offset is same as yours.

ID 0x220
Gold coins 0x22c
Soul coins 0x234
level 0x588
etc..

I know they're right because after game/system restart, it always shows the correct values.

"- the tool can be downloaded from the attachment and it works for all PWE games."

i can't see anything as an attachment in your post.... do you mind re-upping it? this is kinda interesting :3

Guys use cheat Engine 5.1 and it works!. .me now using speedhack in CE and really help alot in questing just use old version. Cheat Engine 5.1.. . hope this helps!

Even if I use CE 6 64 bit, when I do what accesses this address, it pops some opcodes then the game crashes. Like I can find the offset for current MP or HP, but I can't dig to find the base address plus offset for char structure.

How are you finding the base pointer address? After I find the interested address, I just do 'pointer scan' with default 5 pointers. Once I have the base pointer for the character structure, the reset is just a matter of final offset. Don't bother attaching the debugger. If your the game crashes, do you have UAC enabled? UAC is more trouble than it's worth. Just curious, what's your Data Execution Prevention (DEP) setting? You can find this at System Properties > Performance Settings > Data Execution Prevention tab.

Not sure if one would call them hacks... two of my own personal Forsaken World projects, both now completed and functional.

1). fwlauncher - loads game.exe outside of job object, terminates initial game.exe process, and patches DbgUiRemoteBreakin so debugger can attach successfully, and injects other anti-anti-debug code.

2). speed hack - via 'a proxy.dll' -- very simple detour of timeGetTime and QueryPerformanceCounter, makes toon in game run fast (adjustable via multiplier), when I press a certain key.

No plans to release either, but would be interested in working with any others who are trying to pick apart the fw client.

-Fyyre

It's at ''Turn on DEP for essential windows programs and services''.

I had never used pointer scans before. So for example, I search for my mp value, then narrow it down to 10 results. Then, I do a pointer scan for the first one but it gives me tons of results. Gonna have to make some testing with this because I haven't found a [BASE + 0x20] + 0x24 yet. Thanks for the heads up m8.

10? IIRC, there should be like 11 addresses. Only one that stands out is the real one. The others are very close to each other and I never could get the right pointer for.

Pointer scanning gave me this result for current MP value.
[[["game.exe"+0093B5C0] +24] + 594]
or
[[00D3B5C0 +24] + 594]

Yup, that's what I have.

new offsets since new patch, now i have player structure to 0x14
xxx + 14]+594] for MP

Thx for the info themule. I'll test it out with CE.

That's funny... I got complete new offsets...

xxx+00971EB0+24+584

Can you make a Video Pleas? ;)

is there a way to do no skill delay using CE 6.1? ... like in cabal - "stay, search 1 ... dance, search 0", and stuff like that?

Help search function delete in bag, attack and address send function