Run the 64 bit version of CE6. If you run 32 bit, the game freezes and crashes eventually. 32 bit can't detect/read 64 bit apps but 64 bit can detect/read 32 bit

Thx, vuduy. Is the base offset for coordinates same as character's structure for the coordinates? Cause the character name is a different pointer from character's. I tried to find the pets but apparently, the ID is generated every time the pet is summon, even if it's the same pet. So I think we need to find the pointer or op code that execute 'call pet' and get the ID and pet stats from there.

All player's offsets are the same as character's offsets including name and coordinates.
If you have something different, then yours is not correct.

This is what I have from CE.

Character name: "game.exe"+00937BE4

common Character structure start:

"game.exe"+0093B5C0 + 0x24

the final offset is same as yours.

ID 0x220
Gold coins 0x22c
Soul coins 0x234
level 0x588
etc..

I know they're right because after game/system restart, it always shows the correct values.

"- the tool can be downloaded from the attachment and it works for all PWE games."

i can't see anything as an attachment in your post.... do you mind re-upping it? this is kinda interesting :3

Guys use cheat Engine 5.1 and it works!. .me now using speedhack in CE and really help alot in questing just use old version. Cheat Engine 5.1.. . hope this helps!

Even if I use CE 6 64 bit, when I do what accesses this address, it pops some opcodes then the game crashes. Like I can find the offset for current MP or HP, but I can't dig to find the base address plus offset for char structure.

How are you finding the base pointer address? After I find the interested address, I just do 'pointer scan' with default 5 pointers. Once I have the base pointer for the character structure, the reset is just a matter of final offset. Don't bother attaching the debugger. If your the game crashes, do you have UAC enabled? UAC is more trouble than it's worth. Just curious, what's your Data Execution Prevention (DEP) setting? You can find this at System Properties > Performance Settings > Data Execution Prevention tab.

Not sure if one would call them hacks... two of my own personal Forsaken World projects, both now completed and functional.

1). fwlauncher - loads game.exe outside of job object, terminates initial game.exe process, and patches DbgUiRemoteBreakin so debugger can attach successfully, and injects other anti-anti-debug code.

2). speed hack - via 'a proxy.dll' -- very simple detour of timeGetTime and QueryPerformanceCounter, makes toon in game run fast (adjustable via multiplier), when I press a certain key.

No plans to release either, but would be interested in working with any others who are trying to pick apart the fw client.

-Fyyre

It's at ''Turn on DEP for essential windows programs and services''.

I had never used pointer scans before. So for example, I search for my mp value, then narrow it down to 10 results. Then, I do a pointer scan for the first one but it gives me tons of results. Gonna have to make some testing with this because I haven't found a [BASE + 0x20] + 0x24 yet. Thanks for the heads up m8.

10? IIRC, there should be like 11 addresses. Only one that stands out is the real one. The others are very close to each other and I never could get the right pointer for.

Pointer scanning gave me this result for current MP value.
[[["game.exe"+0093B5C0] +24] + 594]
or
[[00D3B5C0 +24] + 594]

Yup, that's what I have.

new offsets since new patch, now i have player structure to 0x14
xxx + 14]+594] for MP

Thx for the info themule. I'll test it out with CE.