PW Genesis offsets (ver. 493+)

Merkada · 03/22/2011, 23:31

Nobody write here actual offsets after Genesis patch so i give what i found....

PWI:

Code:

Base address -		0xAEA004 (BASE)
Real base address -	0xAE9944 (RBASE)
Unfreeze address -	0xAEA474
Send packet address -	0x653380

-= character info =-

Code:

target			BASE+0x34+0xB28
id			BASE+0x34+0x46C
lvl 			BASE+0x34+0x478
Cultivation 		BASE+0x34+0x47C
Current HP  		BASE+0x34+0x480
Current MP 		BASE+0x34+0x484
Current EXP 		BASE+0x34+0x488
Spirit 			BASE+0x34+0x48C
free stats points 	BASE+0x34+0x490
Current CHI 		BASE+0x34+0x494
ATK lvl 		BASE+0x34+0x498
DEF lvl			BASE+0x34+0x49C
Critical % 		BASE+0x34+0x4A0	Float
Rage Damage + % 	BASE+0x34+0x4A4	Float
Stealth lvl		BASE+0x34+0x4A8
Detection lvl		BASE+0x34+0x4AC
VIT			BASE+0x34+0x4B0
MAG			BASE+0x34+0x4B4
STR			BASE+0x34+0x4B8
DEX			BASE+0x34+0x4BC
Max. HP			BASE+0x34+0x4C0
Max. MP			BASE+0x34+0x4C4
HP regen		BASE+0x34+0x4C8
MP regen		BASE+0x34+0x4CC
Speed - walk		BASE+0x34+0x4D0	Float
Speed - run		BASE+0x34+0x4D4	Float
Speed - swim		BASE+0x34+0x4D8	Float
Speed - fly		BASE+0x34+0x4DC	Float
Accuracy		BASE+0x34+0x4E0
Phys. Atk. Min.		BASE+0x34+0x4E4
Phys. Atk. Max.		BASE+0x34+0x4E8
Atk. Rate = 20/value	BASE+0x34+0x4EC	Float
Range			BASE+0x34+0x4F0	Float
Metal Dmg. Min.		BASE+0x34+0x4F4
Metal Dmg. Max.		BASE+0x34+0x4F8
Wood Dmg. Min.		BASE+0x34+0x4FC
Wood Dmg. Max.		BASE+0x34+0x500
Water Dmg. Min.		BASE+0x34+0x504
Water Dmg. Max.		BASE+0x34+0x508
Fire Dmg. Min.		BASE+0x34+0x50C
Fire Dmg. Max.		BASE+0x34+0x510
Earth Dmg. Min.		BASE+0x34+0x514
Earth Dmg. Max.		BASE+0x34+0x518
Mag. Atk. Min.		BASE+0x34+0x51C
Mag. Atk. Max.		BASE+0x34+0x520
Metal Def.		BASE+0x34+0x524
Wood Def.		BASE+0x34+0x528
Water Def.		BASE+0x34+0x52C
Fire Def.		BASE+0x34+0x530
Earth Def.		BASE+0x34+0x534
Phys. Def.		BASE+0x34+0x538
Evasion			BASE+0x34+0x53C
Max. CHI		BASE+0x34+0x540
Coins			BASE+0x34+0x544
Coins Max.		BASE+0x34+0x548
ID - Weapon		BASE+0x34+0x54C
ID - Head Wear		BASE+0x34+0x550
ID - Necklace		BASE+0x34+0x554
ID - Robe		BASE+0x34+0x558
ID - Body Armor		BASE+0x34+0x55C
ID - Belt		BASE+0x34+0x560
ID - Legs Armor		BASE+0x34+0x564
ID - Shoes Armor	BASE+0x34+0x568
ID - Bracelet Armor	BASE+0x34+0x56C
ID - Ring 1 (left)	BASE+0x34+0x570
ID - Ring 2 (right)	BASE+0x34+0x574
ID - Ammunition		BASE+0x34+0x578
ID - Aerocrafts		BASE+0x34+0x57C
ID - Fashion Body	BASE+0x34+0x580		ID different from PWDB,
ID - Fashion Legwear	BASE+0x34+0x584		probably some calculation for color
ID - Fashion Shoe	BASE+0x34+0x588
ID - Fashion Glove	BASE+0x34+0x58C
ID - Utility Charm	BASE+0x34+0x590
ID - Mystical Tome	BASE+0x34+0x594
ID - Smiley		BASE+0x34+0x598
ID - Guardian Charm	BASE+0x34+0x59C
ID - Spirit Charm	BASE+0x34+0x5A0
ID - Bless Box		BASE+0x34+0x5A4
ID - Genie		BASE+0x34+0x5A8
ID - Vendor License	BASE+0x34+0x5AC
ID - Fashion Head	BASE+0x34+0x5B0
Reputation		BASE+0x34+0x5B4
Name			BASE+0x34+0x628+0x0	Text(Unicode)
Class			BASE+0x34+0x630		0=BM/1=Wiz/2=Psy/3=Veno/4=Barb/5=Sin/6=Archer/7=Cleric/8=Seeker/9=Mystic
Sex			BASE+0x34+0x634		0=male / 1=female

-= pet stats =-

Code:

Pet Current HP	BASE+0x34+0x1028+((pet slot - 1)*4+0x10)+0x3C
Pet Current EXP	BASE+0x34+0x1028+((pet slot - 1)*4+0x10)+0x2C
Pet lvl		BASE+0x34+0x1028+((pet slot - 1)*4+0x10)+0x24
Pet hunger	BASE+0x34+0x1028+((pet slot - 1)*4+0x10)+0x8		0=Full/1=High/2=Peckish/4=Hunger/5=Starving
Pet loyalty	BASE+0x34+0x1028+((pet slot - 1)*4+0x10)+0x4

-= coordinate =-

Code:

X	BASE+0x34+0x3C		(400+X/10)	Float
Y	BASE+0x34+0x44		(550+Y/10)	Float
Z	BASE+0x34+0x40		(Z/10)		Float

-= action structures for attack, pick, talk, gather =-

Code:

Action Struct.		RBASE+0x1C+0x34+0x1010
Action List		RBASE+0x1C+0x34+0x1010+0x30
Interact With Action	RBASE+0x1C+0x34+0x1010+0x30+0x8
-action finished	RBASE+0x1C+0x34+0x1010+0x30+0x8+0x8
-action start		RBASE+0x1C+0x34+0x1010+0x30+0x8+0x14
-action not start	RBASE+0x1C+0x34+0x1010+0x30+0x8+0x24
-object id		RBASE+0x1C+0x34+0x1010+0x30+0x8+0x20
-X coord of object 	RBASE+0x1C+0x34+0x1010+0x30+0x8+0x28
-Z coord of object	RBASE+0x1C+0x34+0x1010+0x30+0x8+0x2C
-Y coord of object	RBASE+0x1C+0x34+0x1010+0x30+0x8+0x30
-type of action		RBASE+0x1C+0x34+0x1010+0x30+0x8+0x38
-set error		RBASE+0x1C+0x34+0x1010+0x30+0x8+0x34
-skill pointer		RBASE+0x1C+0x34+0x1010+0x30+0x8+0x50
-new action type	RBASE+0x1C+0x34+0x1010+0xC
-set next action	RBASE+0x1C+0x34+0x1010+0x18
-set new action type	RBASE+0x1C+0x34+0x1010+0x14

-= action structures for move =-

Code:

Action Struct.		RBASE+0x1C+0x34+0x1010
Action List		RBASE+0x1C+0x34+0x1010+0x30
Interact With Action	RBASE+0x1C+0x34+0x1010+0x30+0x4
-action finished	RBASE+0x1C+0x34+0x1010+0x30+0x4+0x8
-action start		RBASE+0x1C+0x34+0x1010+0x30+0x4+0x14
-X			RBASE+0x1C+0x34+0x1010+0x30+0x4+0x20
-Z			RBASE+0x1C+0x34+0x1010+0x30+0x4+0x24
-Y			RBASE+0x1C+0x34+0x1010+0x30+0x4+0x28
-heigh			RBASE+0x1C+0x34+0x1010+0x30+0x4+0x68
-???			RBASE+0x1C+0x34+0x1010+0x30+0x4+0x64
-???			RBASE+0x1C+0x34+0x1010+0x30+0x4+0x6C
-move type		RBASE+0x1C+0x34+0x1010+0x30+0x4+0x2C
-new action type	RBASE+0x1C+0x34+0x1010+0xC
-set next action	RBASE+0x1C+0x34+0x1010+0x18
-set new action type	RBASE+0x1C+0x34+0x1010+0x14

for using this try do some research and watch what game writes here at different actions

-= NPC/mob/pet list (sorted) =-

Code:

NPC count	RBASE+0x1C+0x1C+0x24+0x14
NPC pointer	RBASE+0x1C+0x1C+0x24+0x50+(X*0x4)	X=NPC number (0 ... NPC count)
NPC X coord.	RBASE+0x1C+0x1C+0x24+0x50+(X*0x4)+0x3C	(400+X/10)	Float
NPC Y coord.	RBASE+0x1C+0x1C+0x24+0x50+(X*0x4)+0x44	(550+Y/10)	Float
NPC Z coord.	RBASE+0x1C+0x1C+0x24+0x50+(X*0x4)+0x40	(Z/10)		Float
NPC id		RBASE+0x1C+0x1C+0x24+0x50+(X*0x4)+0x11C
NPC pwdb id	RBASE+0x1C+0x1C+0x24+0x50+(X*0x4)+0x120
NPC current HP	RBASE+0x1C+0x1C+0x24+0x50+(X*0x4)+0x12C
NPC max. HP	RBASE+0x1C+0x1C+0x24+0x50+(X*0x4)+0x16C
NPC name	RBASE+0x1C+0x1C+0x24+0x50+(X*0x4)+0x254+0x0	Text (Unicode)
NPC spec. feat.	RBASE+0x1C+0x1C+0x24+0x50+(X*0x4)+0x248

-= PPL list (sorted) =-

Code:

PPL count	RBASE+0x1C+0x1C+0x20+0x14
PPL pointer	RBASE+0x1C+0x1C+0x20+0x88+(X*0x4)	X=PPL number (0 ... PPL count)
PPL X coord.	RBASE+0x1C+0x1C+0x20+0x88+(X*0x4)+0x3C	(400+X/10)	Float
PPL Y coord.	RBASE+0x1C+0x1C+0x20+0x88+(X*0x4)+0x44	(550+Y/10)	Float
PPL Z coord.	RBASE+0x1C+0x1C+0x20+0x88+(X*0x4)+0x40	(Z/10)		Float
PPL id		RBASE+0x1C+0x1C+0x20+0x88+(X*0x4)+0x46C
PPL lvl		RBASE+0x1C+0x1C+0x20+0x88+(X*0x4)+0x478
PPL cultivation	RBASE+0x1C+0x1C+0x20+0x88+(X*0x4)+0x47C
PPL current HP	RBASE+0x1C+0x1C+0x20+0x88+(X*0x4)+0x480
PPL current MP	RBASE+0x1C+0x1C+0x20+0x88+(X*0x4)+0x484
PPL max. HP	RBASE+0x1C+0x1C+0x20+0x88+(X*0x4)+0x4C0
PPL max. MP	RBASE+0x1C+0x1C+0x20+0x88+(X*0x4)+0x4C4
PPL name	RBASE+0x1C+0x1C+0x20+0x88+(X*0x4)+0x628+0x0	Text (Unicode)
PPL HP charm	RBASE+0x1C+0x1C+0x20+0x88+(X*0x4)+0x59C
PPL MP charm	RBASE+0x1C+0x1C+0x20+0x88+(X*0x4)+0x5A0
PPL cathop name	RBASE+0x1C+0x1C+0x20+0x88+(X*0x4)+0x724+0x0	Text (Unicode)

u can use as last pointer variable from "character info" for this list, for example for fashion ID's etc.., but not all info's server share so most of that will be 0

-= Resource/Loot list (unsorted) =-

Code:

Resource count		RBASE+0x1C+0x1C+0x28+0x14
Resource pointer	RBASE+0x1C+0x1C+0x28+0x18+(X*0x4)	X=Resource number (0 ... 768)
Resource X coord.	RBASE+0x1C+0x1C+0x28+0x18+(X*0x4)+0x4+0x3C	(400+X/10)	Float
Resource Y coord.	RBASE+0x1C+0x1C+0x28+0x18+(X*0x4)+0x4+0x44	(550+Y/10)	Float
Resource Z coord.	RBASE+0x1C+0x1C+0x28+0x18+(X*0x4)+0x4+0x40	(Z/10)		Float
Resource ID		RBASE+0x1C+0x1C+0x28+0x18+(X*0x4)+0x4+0x10C
Resource name		RBASE+0x1C+0x1C+0x28+0x18+(X*0x4)+0x4+0x164+0x0	Text (Unicode)

-= Chat list =-

Code:

Chat base -		0xAEEA88 (CHBASE)
Max Chat msg. -		0xAEEA94		X=Msg. number (0 ... 199)
Msg. type		CHBASE+(X*0x1C+0x4)	Byte	0=Normal/1=World/2=Squad/3=Faction/4=Whisper/5=Damage/6=Combat/7=Trade/8=Notification/9=System/10=Other/12=Horn
Smiley set		CHBASE+(X*0x1C+0x4)	Byte
Msg. data		CHBASE+(X*0x1C+0x8)+0x0	Text (Unicode)
Linked object ID	CHBASE+(X*0x1C+0xC)

willow74 · 03/23/2011, 18:07

What's the base adress of jump and how could I use it with cheat engine to set jump amount more than 2 please? Anyway great work , thank you .

Hope you reply soon.

madara100 · 03/23/2011, 18:40

ummmmm......... How do i use these?

Sᴡoosh · 03/23/2011, 19:06

@ willow : jumphack is I M P O S S I B L E on PWI. How many times do people have to stress this.

@mardara : CE/Programming language

AEBus · 03/24/2011, 11:00

Quote:

Originally Posted by 2981611

@ willow : jumphack is I M P O S S I B L E on PWI.

you're wrong, jump, though limited but it works

Interest07 · 03/24/2011, 11:37

Quote:

Originally Posted by AEBus

you're wrong, jump, though limited but it works

That's only because when jumping you don't actually tell the server you jump, simply that you move from x to y to z with a jump type movement. Therefore the server doesn't keep track of how many times you have jumped, but simply how far. This in return causes the rubber banding when jumping; the distance how far you've jumped is calculated in some misguided way. So jumping is just as limited as wall hacking is, so you might as well just wall hack instead of jump hack :P

AEBus · 03/24/2011, 12:45

Interested07, try jump on walls or sloping surfaces

Smurfin · 03/25/2011, 17:01

but now after the mermaid patch (the patch episode/name for tideborn skill n weapons+tw system in PW Indo) they managed to reduce the usage for up and down movement in KaZpa's WH from twice to once only.

KaZpa's WH is awesome though, it's old but it's still working though it's limited by now, also the offsets auto finder is always there, only need to input base address everytime new patch is applied.

I look into the source and it's too complicated for me lol. Not quite understand how it works. Does anyone ever doing any research on the codes ? the offsets are encrypted though, but can also be decrypted, what offsets are those, and what else can they be used for ?

Quote:

Originally Posted by Interest07

That's only because when jumping you don't actually tell the server you jump, simply that you move from x to y to z with a jump type movement. Therefore the server doesn't keep track of how many times you have jumped, but simply how far. This in return causes the rubber banding when jumping; the distance how far you've jumped is calculated in some misguided way. So jumping is just as limited as wall hacking is, so you might as well just wall hack instead of jump hack :P

do they put any timer for moving by jump or wh or etc, because if a char gets stucked in the air, like after went up using WH, then got lagged like 3000ms response time, there is no way to go down, I once got lagged badly and my char stucked in the air, I couldn't drop down, it stucked in standing position, I've tried unequipping wing at that time but also no luck, but after the lag was gone, I could go down.

the same thing happens like if we drop down from a height using fly action, sometimes the rubber banding occurs too and keeps repeating falling from one position before finally drop down as it should.

xspeedx · 03/26/2011, 00:14

whatcha gonna do without the source code which is autoit "place your name here"? And btw PWGTM is still working on twice....
That's for the OP above.

Sᴡoosh · 03/26/2011, 12:14

There are autoit decompilers.

kerosene69 · 03/28/2011, 01:15

Does anyone know the offset for the sequential list for items?

Sᴡoosh · 03/28/2011, 01:23

There is no sequential item list.

Smurfin · 03/28/2011, 03:38

Can we check on other player's str dex vit mag build ? Should they use the same offsets as our player base's offsets accordingly ?
I can list their nickname, xyz positions, unique ID, but can't list their stats

I tried using these pointers below for checking other player's stats, but they only showed 0 , which means wrong

or maybe the information for what we can retrieve from surrounding players is limited, so those stats information is simply not there, or I used the wrong pointers and offsets to pinpoint each stat's memory address ?

$pointer = memread(memread(memread(memread(memread($base) + 0x1C) + 0x8) +0x20) + 0x18)
$otherplayer_base = memread(memread($pointer + $x*0x4) + 0x4) ; $x=0 to 768

$array[$counter][6] = (memread($otherplayer_base + 0x4ac)) ;str
$array[$counter][7] = (memread($otherplayer_base + 0x4b0)) ;dex
$array[$counter][8] = (memread($otherplayer_base + 0x4a4)) ;con
$array[$counter][9] = (memread($otherplayer_base + 0x4a8)) ;int

* Pw Indo is still on older version than pwi, just after tideborn skills,weapons and new tw system patch.

ptdk · 03/28/2011, 04:01

i see no reason to have other players stats in ur memory... besides their hp, mana, buffs, and looks(like what type of gear/fashion)

idk when u press player info/examine equipment, maybe its not asked from server but its in ur memory anyway. in that case u could read that, and make a calculation from their gear about what stats they must have, and how many points left

Smurfin · 03/28/2011, 04:58

yea, could be, even info from eye of observation item doesn't show target's str dex vit mag built. I'll try the other info then, so I can peek other player's char info without using that item.