Pointer collection

[asgborges]

Quote:

Originally Posted by Shareen

asgborges, calm down

I get the same as you for Players and NPC, but not for Resources.

You have application to prove your point (assuming from the images posted), as have I.
Since both work, I can only assume we are using 2 different lists.
One is sequential, other is not.

Would also explain why vuduy said with him NPC and Resource list is not sequential, while with me NPC are (and resources are not since I'm using his list).

Next step is to compare offsets I guess, to get to the bottom of it.

Mine are:
- Players list (sequential):
base_ptr + 0x8 + 0x20 + x090 + index + player_struct <-- list
base_ptr + 0x8 + 0x20 + x094 <-- player count


- NPCs list (sequential):
base_ptr + 0x8 + 0x24 + 0x50 + index + npc_struct <-- list
base_ptr + 0x8 + 0x24 + 0x54 <-- npcs count


- Resources list (using the one vuduy posted, which works but isn't sequential):
base_ptr + 0x8 + 0x28 + 0x18 + index + 4 + 164 + 0 <-- resource name
base_ptr + 0x8 + 0x28 + 0x14 <-- resource count

* My attempt at finding resource list, which didn't yield results but follows logic above (and should in theory work on sequential list):
base_ptr + 0x8 + 0x28 + 0x10 + index + resource_struct <-- list

Obviously there will be some differences between versions, but it shouldn't be a problem to adjust for that.

hmm ok.. we agreed with some points and your lists is same as mine...
but, let me explain how can i see this:

Players list (sequential):
Player-Struct = base_ptr + 0x8 + 0x20 + 0x90 + index*4
Player-Count = base_ptr + 0x8 + 0x20 + 0x14
Player-ID = Player-Struct + 44C
Player-Name = Player-Struct + 5F0 + 0

NPC/MOB list (sequential):
NPC-Struct = base_ptr + 0x8 + 0x24 + 0x50 + index*4
NPC-Count = base_ptr + 0x8 + 0x24 + 0x14
NPC-ID = Player-Struct + 11C
NPC-Name = Player-Struct + 23c + 0

Resource list (sequential):
Resource-Struct = base_ptr + 0x8 + 0x28 + 0x18 + index*4 + 4
Resource-Count = base_ptr + 0x8 + 0x28 + 0x14
Resource-ID = base_ptr + 0x8 + 0x28 + 0x18 + index*4 + 8
Resource-Name = Resource-Struct + 164 + 0

the Resource-Struct have an aditional +4 offset to make the correct sequential pointers. (simple as you can see)

i hope its help!!

[vuduy]

Quote:

Originally Posted by Shareen

I'm doing some test regarding this, since I'd really like to get to the bottom of it.

We all agree that Player list is sequential arrray. My tests confirm it.

I must disagree with vuduy about NPC list, my tests shows it is also a sequential list, vuduy if you have additional comments about this one, please share.
However, vuduy is rigth about resource list, tests show it is NOT sequential. As I've seen so far, certain offset always maps to certain resource on map, but I need to conduct some more test to confirm that 100%.

On a side note, I've noticed when you are standing around 2 or more same resources, ie Withered root, address to a name is same for both and address value is rather low. Pointer to a name in database that game has loaded?
Also, names of resources in this case are null terminated, which is rather interesting considering player and npcs names in the list have a fixed size.

asgborges, we do indeed have size of array for all, but it's only usefull when array is sequential (ie. indexes follow in sequential order, 0x4, 0x8, 0xc, 0x10,.etc...), which resource list isn't as we've discovered.

Well, there is one possible use for size of array even on nonsequential arrays:
Break loop when loop count reaches number of resources, since there is no point in going further if you've mapped out all there is already.

I understand that looping trough all will provide me with all resources, but my goals aren't bot making, but only in understanding of why things are the way they are. For that reason I'm trying to find out why resource list in nonsequential among other things.

The real answer is that it depends on which "list" you are looking at. There is the raw list (which is the main pool) which contains all the offsets of a particular type (eg. mob, player, loot, resource).

There is also another list of the same type that indexes the existing (non-zero offsets from the raw list) in a sequential array. My guess is that this indexed list is limited by the view radius (setting to improve lag) in the game.

It looks like that every type of list has both an indexed as well as a raw (non-indexed) lists.

On a side note, I'm currently looking for the quest list (list that contains all the current quests), guild list (list that contains all the current guild names), skill names list (if there is such a list), guild members list, and some more lists...

Any help is appreciated.

[Shareen]

vuduy, 2 different lists of the same thing would explain inconsistencies between our posts, which is why I said post your offsets.

Comparing mine and asgborges's they would seem to be identical, which in turn would map both on the same list. However, both lists cannot be sequential and non sequential so did I miss read some offsets somewhere or what?

Counts are interesting as well as logical, always located on 0x14.
Makes sense and they seem to be better "placed" then mine.

Quote:

Player-Count = base_ptr + 0x8 + 0x20 + 0x14
NPC-Count = base_ptr + 0x8 + 0x24 + 0x14
Resource-Count = base_ptr + 0x8 + 0x28 + 0x14

This one however ...

Quote:

Resource-Struct = base_ptr + 0x8 + 0x28 + 0x18 + index*4 + 4

... is starting to cause headaches.

Same offsets as I'm using, different results.
Index of 0x4 (1*0x4) gives me null pointer, as well as all indexes up to 0xE8 (58*0x4, points to Withered root, granted I haven't moved from the same spot yet), but bottom line is that lower indexes should work as well if the list was sequential.
Resource count only showed 5 resources in vicinity, in sequential list index 0xE8 should be way out there and not point to an actual resource.

But it works sequential for you, so now what's happening here?

Are you starting of with index of 1 (1*0x4) ?

Quote:

the Resource-Struct have an additional +4 offset to make the correct sequential pointers. (simple as you can see)

For name only, seems it's a "loopback" to game database, a part that contains resource names. That would explain low lying address. Addresses of other values are fairly high (in the range of 0x128560A0), whereas name falls in the ranges of 0x04960404

Can you posts your offsets for Players and NPCs vuduy?
If you are using non sequential list for NPCs, it should differ from offset asgborges and me posted.

Quote:

On a side note, I'm currently looking for the quest list (list that contains all the current quests), guild list (list that contains all the current guild names), skill names list (if there is such a list), guild members list, and some more lists...

Think I have something for skill somewhere, I'll look around. That and party, but party hasn't been modified since 2 patches back.

Guild names I can't work on, as I'm guild less atm. Though honestly, I did some limited work on it back when I was in a guild and I got no results

I'll also get my structs in order (player, NPC and resources) and post those, maybe we can help each other by filling in the blanks.

[asgborges]

Quote:

Originally Posted by Shareen

Same offsets as I'm using, different results.
Index of 0x4 (1*0x4) gives me null pointer, as well as all indexes up to 0xE8 (58*0x4, points to Withered root, granted I haven't moved from the same spot yet), but bottom line is that lower indexes should work as well if the list was sequential.
Resource count only showed 5 resources in vicinity, in sequential list index 0xE8 should be way out there and not point to an actual resource.

But it works sequential for you, so now what's happening here?

Are you starting of with index of 1 (1*0x4) ?

kakaka
sorry.. i forgot to say that is my point of view

my "sequential" type is based on 0 and non-0 adress where:
adress = base_ptr + 0x8 + 0x28 + 0x18 + index*4
-> 0 = Nothing
-> ? = Resource

its seems like be a fixed array but randonly filled, or something like that!
That is weird but works lol

Quote:

Originally Posted by Shareen

For name only, seems it's a "loopback" to game database, a part that contains resource names. That would explain low lying address. Addresses of other values are fairly high (in the range of 0x128560A0), whereas name falls in the ranges of 0x04960404

No.. all adresses are fixed in real-time memory... the loopbacks into DB-Game ocurs only when need to update the memory locations...

The offset +4 points exactly to struct that holds more than the "name".. trust me

[Shareen]

Quote:

Originally Posted by asgborges

kakaka
sorry.. i forgot to say that is my point of view

my "sequential" type is based on 0 and non-0 adress where:
adress = base_ptr + 0x8 + 0x28 + 0x18 + index*4
-> 0 = Nothing
-> ? = Resource

its seems like be a fixed array but randonly filled, or something like that!
That is weird but works lol

Right
But that than means you need to loop all 768 indexes or break when number of items limit is reached.

Quote:

Originally Posted by asgborges

The offset +4 points exactly to struct that holds more than the "name".. trust me

Coordinates, image to use for resource, etc,.. I can imagine.


Here what I said I'll post, lots of text, hopefully some of it useful

The skills I mentioned vuduy, It was stuff you have on you atm.

base_ptr + 20 + 358 <-- number of "things" you have on you (buffs, debuffs, hots ..., whatever shows as icon)

base_ptr + 20 + 354 + index <-- either icon id or skills id (don't have skills db so I'm guessing), 2 bytes in length

Since icon id is 2 bytes in length, index is: index * 0x2

This one I had under suspicion as max number of icons per row, but I've never went back to test it
base_ptr + 20 + 360

************************************************** ********

Since all above is base_ptr + 20 it falls under player struct defined here but far from complete:
(all definitions are for delphi, but it's pretty self explanatory and easy to convert to language of your choice)
(all fields named ukX are short for unknown, they are all defined as just some value that occupies certain amount of bytes, feel free to change)
(if description says P-> it indicates pointer to something, in most cases another struct)
($ before value is hex notaion in delphi, same as 0x used on forums here and probably in C++)

************************************************** ****************************

Code:

const
	BasePointer = $0095BAA4;

// We're using this one to fill in large spaces of undefined parts in different types
// Takes less time to type while still provides easy access as in example: MyVariant.uk1
type
	TMyVariant = record
		uk1: Cardinal;
		uk2: Cardinal;
		uk3: Cardinal;
		uk4: Cardinal;
	end;

// See where it's used, self explanatory
type
	TBounds = record
		Curr: Cardinal;
		Max: Cardinal;
	end;

// See where it's used, self explanatory
type
	TVitals = record
		HPCurr: Cardinal; // ~ current health points
		MPCurr: Cardinal; // ~ current mana points
		HPMax: Cardinal; // ~ maximum health points
		MPMax: Cardinal; // ~ maximum mana points
	end;

// See where it's used, self explanatory
type
	TLocation = record
		X: Single;
		Z: Single;
		Y: Single;
	end;

// See where it's used, self explanatory
type
	TOrientation = record
		Angle1: Single;
		uk1: Single;
		Angle2: Single;
	end;

// This one I use for items in inventory and quest inventory, will most likely used it in resource list as well as it seems to match. It will however need to be expanded.
type
	TItem = record
		ID: Cardinal; // $08 ~ unique item id
		uk1: Cardinal; // $0C
		uk2: Cardinal; // $10
		Quantity: TBounds; // $14 / $18 ~ quantity expressed as current and maximum
		Price: Cardinal; // $1C ~ price
		uk4: Cardinal; // $20
		uk5: Cardinal; // $24
		uk6: Cardinal; // $28
		uk7: Cardinal; // $2C
		uk8: Cardinal; // $30
		uk9: Cardinal; // $34
		uk10: Cardinal; // $38
		uk11: Cardinal; // $3C
		uk12: Cardinal; // $40
		DescAddress: Cardinal; // $44 - P->pointer to description
		uk13: Cardinal; // $48
		GearLevelRequirement: Cardinal; // $4C ~ required level to wear if item is gear (armor, weapon, jewelery)
		StrRequirement: Cardinal; // $50 ~ strength requirement
		AgiRequirement: Cardinal; // $54 ~ agility requirement
		ItemLevelRequirement: Cardinal; // $58 ~ required level to use if item is not gear
		ConRequirement: Cardinal; // $5C ~ constitution requirement
		IntRequirement: Cardinal; // $60 ~ inteligence requirement
		Durability: TBounds; // $64 / 68 ~ durability expressed as current and maximum
	end;

// CAUTION: This one hasn't been updated for a while now, least since 2 patches ago, may be wrong
type
	TPartyPlayer = record
		uk1: Cardinal; // $00
		uk2: Cardinal; // $04
		uk3: Cardinal; // $08
		ID: Cardinal; // $0C
		Level: Cardinal; // $10
		uk4: Cardinal; // $14
		uk5: Cardinal; // $18
		Vitals: TVitals; // $1C / $20 / $24 / $28
		uk6: Cardinal; // $2C
		uk7: Cardinal; // $30
		Location: TLocation; // $34 / $38 / $3C
		ClassId: Cardinal; // $40
	end;

// This one I try to maintain up to date with every patch, please note TRY :)
type
	TPlayer = record
		uk1: Cardinal; // $0 - $3
		uk2: Cardinal; // $4 - $7
		uk3: Cardinal; // $8 - $B
		Orientation: TOrientation; // $C, $10, $14 - $17 ~ orientation, (angle2 is offset by 90° from angle1)
		uk4: Cardinal; // $18 - $1B
		uk5: Cardinal; // $1C - $1F
		uk6: Cardinal; // $20 - $23
		uk7: Cardinal; // $24 - $27
		uk8: Cardinal; // $28 - $2B
		uk9: Cardinal; // $2C - $2F
		uk10: Cardinal; // $30 - $33
		uk11: Cardinal; // $34 - $37
		uk12: Cardinal; // $38 - $3B
		Location: TLocation; // $3C, $40, $44 - $47 ~ location, expressed as x, z, and y coordinate
		uk13: TMyVariant; // $48, $4C, $50, $54 - $57
		uk14: TMyVariant; // $58, $5C, $60, $64 - $67
		uk15: TMyVariant; // $68, $6C, $70, $74 - $77
		uk16: TMyVariant; // $78, $7C, $80, $84 - $87
		uk17: TMyVariant; // $88, $8C, $90, $94 - $97
		uk18: TMyVariant; // $98, $9C, $A0, $A4 - $A7
		uk19: TMyVariant; // $A8, $AC, $B0, $B4 - $B7
		uk20: TMyVariant; // $B8, $BC, $C0, $C4 - $C7
		uk21: TMyVariant; // $C8, $CC, $D0, $D4 - $D7
		uk22: TMyVariant; // $D8, $DC, $E0, $E4 - $E7
		uk23: TMyVariant; // $E8, $EC, $F0, $F4 - $F7
		uk24: TMyVariant; // $F8, $FC, $100, $104 - $107
		uk25: TMyVariant; // $108, $10C, $110, $114 - $117
		uk26: TMyVariant; // $118, $11C, $120, $124 - $127
		uk27: TMyVariant; // $128, $12C, $130, $134 - $137
		uk28: TMyVariant; // $138, $13C, $140, $144 - $147
		uk29: TMyVariant; // $148, $14C, $150, $154 - $157
		uk30: TMyVariant; // $158, $15C, $160, $164 - $167
		uk31: TMyVariant; // $168, $16C, $170, $174 - $177
		uk32: TMyVariant; // $178, $17C, $180, $184 - $187
		uk33: TMyVariant; // $188, $18C, $190, $194 - $197
		uk34: TMyVariant; // $198, $19C, $1A0, $1A4 - $1A7
		uk35: TMyVariant; // $1A8, $1AC, $1B0, $1B4 - $1B7
		uk36: TMyVariant; // $1B8, $1BC, $1C0, $1C4 - $1C7
		uk37: TMyVariant; // $1C8, $1CC, $1D0, $1D4 - $1D7
		uk38: TMyVariant; // $1D8, $1DC, $1E0, $1E4 - $1E7
		uk39: TMyVariant; // $1E8, $1EC, $1F0, $1F4 - $1F7
		uk40: TMyVariant; // $1F8, $1FC, $200, $204 - $207
		uk41: TMyVariant; // $208, $20C, $210, $214 - $217
		uk42: TMyVariant; // $218, $21C, $220, $224 - $227
		uk43: TMyVariant; // $228, $22C, $230, $234 - $237
		uk44: TMyVariant; // $238, $23C, $240, $244 - $247
		uk45: TMyVariant; // $248, $24C, $250, $254 - $257
		uk46: TMyVariant; // $258, $25C, $260, $264 - $267
		uk47: TMyVariant; // $268, $26C, $270, $274 - $277
		uk48: TMyVariant; // $278, $27C, $280, $284 - $287
		uk49: TMyVariant; // $288, $28C, $290, $294 - $297
		uk50: TMyVariant; // $298, $29C, $2A0, $2A4 - $2A7
		uk51: TMyVariant; // $2A8, $2AC, $2B0, $2B4 - $2B7
		uk52: TMyVariant; // $2B8, $2BC, $2C0, $2C4 - $2C7
		uk53: TMyVariant; // $2C8, $2CC, $2D0, $2D4 - $2D7
		uk54: TMyVariant; // $2D8, $2DC, $2E0, $2E4 - $2E7
		uk55: TMyVariant; // $2E8, $2EC, $2F0, $2F4 - $2F7
		uk56: TMyVariant; // $2F8, $2FC, $300, $304 - $307
		uk57: TMyVariant; // $308, $30C, $310, $314 - $317
		uk58: TMyVariant; // $318, $31C, $320, $324 - $327
		uk59: TMyVariant; // $328, $32C, $330, $334 - $337
		uk60: TMyVariant; // $338, $33C, $340, $344 - $347
		uk61: TMyVariant; // $348, $34C, $350, $354 - $357 // $354 would be list of stuff on me, detailed above
		uk62: TMyVariant; // $358, $35C, $360, $364 - $367 // $358 would be number of "things" you have on you, detailed above like $360 as well.
		uk63: TMyVariant; // $368, $36C, $370, $374 - $377
		uk64: Cardinal; // $378 - $37B
		uk65: Cardinal; // $37C - $37F
		uk66: Cardinal; // $380 - $383
		uk230: Cardinal; // Fill in, used to be P->Player list, but isn't anymore.
		uk67: TMyVariant; // $388, $38C, $390, $394 - $397
		uk68: TMyVariant; // $398, $39C, $3A0, $3A4 - $3A7
		uk69: TMyVariant; // $3A8, $3AC, $3B0, $3B4 - $3B7
		uk70: TMyVariant; // $3B8, $3BC, $3C0, $3C4 - $3C7
		uk71: TMyVariant; // $3C8, $3CC, $3D0, $3D4 - $3D7
		uk72: TMyVariant; // $3D8, $3DC, $3E0, $3E4 - $3E7
		uk73: TMyVariant; // $3E8, $3EC, $3F0, $3F4 - $3F7
		uk74: TMyVariant; // $3F8, $3FC, $400, $404 - $407
		uk75: TMyVariant; // $408, $40C, $410, $414 - $417
		uk76: TMyVariant; // $418, $41C, $420, $424 - $427
		uk77: TMyVariant; // $428, $42C, $430, $434 - $437
		uk78: TMyVariant; // $438, $43C, $440, $444 - $447
		uk79: Cardinal; // $448 - $44B
		uk80: Cardinal; // $44C - $44F
		ID: Cardinal; // $450 - $453 ~ unique server id of your character (never changes)
		uk81: Cardinal; // $454 - $457
		uk82: Cardinal; // $458 - $45B
		Level: Cardinal; // $45C - $45F ~ current level
		uk83: Cardinal; // $460 - $463
		HPCurr: Cardinal; // $464 - $467 ~ current health points
		MPCurr: Cardinal; // $468 - $46B ~ current mana points
		XPCurr: Cardinal; // $46C - $46F ~ current experience points
		SP: Cardinal; // $470 - $473 ~ available skill points
		uk84: Cardinal; // $474 - $477
		Fury: Cardinal; // $478 - $47B ~ no fury point = 0-99, 1 fury point = 100-199, 2 fury points = 200-299
		uk85: Cardinal; // $47C - $47F
		AttrPoints: Cardinal; // $480 - $483 ~ available attribute points
		AttrCon: Cardinal; // $484 - $487 ~ attribute points assigned to constitution
		AttrInt: Cardinal; // $488 - $48B ~ attribute points assigned to inteligence
		AttrStr: Cardinal; // $48C - $48F ~ attribute points assigned to strength
		AttrAgi: Cardinal; // $490 - $493 ~ attribute points assigned to agility
		HPMax: Cardinal; // $494 - $497 ~ max health points
		MPMax: Cardinal; // $498 - $49B ~ max mana points
		uk86: Cardinal; // $49C - $49F
		uk87: Cardinal; // $4A0 - $4A3
		uk88: Cardinal; // $4A4 - $4A7
		SpeedGround: Single; // $4A8 - $4AB ~ speed on ground
		uk89: Cardinal; // $4AC - $4AF
		uk90: Cardinal; // $4B0 - $4B3
		Accuracy: Cardinal; // $4B4 - $4B7 ~ accuracy
		PhysAttMin: Cardinal; // $4B8 - $4BB ~ min physical attack
		PhysAttMax: Cardinal; // $4BC - $4BF ~ max physical attack
		uk91: Cardinal; // $4C0 - $4C3
		uk92: Cardinal; // $4C4 - $4C7
		uk93: Cardinal; // $4C8 - $4CB
		uk94: TMyVariant; // $4CC, $4D0, $4D4, $4D8 - $4DB
		uk95: TMyVariant; // $4DC, $4E0, $4E4, $4E8 - $4EB
		uk96: Cardinal; // $4EC - $4EF
		uk97: Cardinal; // $4F0 - $4F3
		uk98: Cardinal; // $4F4 - $4F7
		DefMetal: Cardinal; // $4F8 - $4FB ~ metal defense (Magic)
		DefWood: Cardinal; // $4FC - $4FF ~ wood defense (Magic)
		DefWater: Cardinal; // $500 - $503 ~ water defense (Magic)
		DefFire: Cardinal; // $504 - $507 ~ fire defense (Magic)
		DefEarth: Cardinal; // $508 - $50B ~ earth defense (Magic)
		DefPhys: Cardinal; // $50C - $50F ~ physical defense
		Dodge: Cardinal; // $510 - $513 ~ dodge rate
		uk99: Cardinal; // $514 - $517
		Money: Cardinal; // $518 - $51B
		uk100: TMyVariant; // $51C, $520, $524, $528 - $52B
		uk101: TMyVariant; // $52C, $530, $534, $538 - $53B
		uk102: TMyVariant; // $53C, $540, $544, $548 - $54B
		uk103: TMyVariant; // $54C, $550, $554, $558 - $55B
		uk104: TMyVariant; // $55C, $560, $564, $568 - $56B
		uk105: TMyVariant; // $56C, $570, $574, $578 - $57B
		uk106: Cardinal; // $57C - $57F
		Reputation: Cardinal; // $580 - $583 ~ reputation
		TransformationState: Cardinal; // $584 - $587 ~ humanoid = 0, animal transform = 1 (tested only with WB)
		uk107: Cardinal; // $588 - $58B
		uk108: TMyVariant; // $58C, $590, $594, $598 - $59B
		uk109: TMyVariant; // $59C, $5A0, $5A4, $5A8 - $5AB
		uk110: TMyVariant; // $5AC, $5B0, $5B4, $5B8 - $5BB
		uk111: TMyVariant; // $5BC, $5C0, $5C4, $5C8 - $5CB
		uk112: TMyVariant; // $5CC, $5D0, $5D4, $5D8 - $5DB
		uk113: TMyVariant; // $5DC, $5E0, $5E4, $5E8 - $5EB
		uk114: Cardinal; // $5EC - $5EF
		NameAddress: Cardinal; // $5F0 - $5F3 ~ P->Name
		uk115: Cardinal; // $5F4 - $5F7
		ClassId: Cardinal; // $5F8 - $5FB
		Gender: Cardinal; // $5FC - $5FF
		uk116: Cardinal; // $600 - $603
		TransportMode: Cardinal; // $604 - $607 ~ ground = 0, swimmming = 1, flying = 2
		uk117: Cardinal; // $608 - $60B
		uk118: Cardinal; // $60C - $60F
		uk119: Cardinal; // $610 - $613
		uk120: TMyVariant; // $614, $618, $61C, $620 - $623
		uk121: TMyVariant; // $624, $628, $62C, $630 - $633
		uk122: TMyVariant; // $634, $638, $63C, $640 - $643
		uk123: TMyVariant; // $644, $648, $64C, $650 - $653
		uk124: Cardinal; // $654 - $657
		uk125: Cardinal; // $658 - $65B
		uk126: Byte; // $65C - $65C
		Selected: Byte; // $65D - $65D ~ is this player selected by us (for the time being this type is also used with players in vicinity, I'm lazy :))
		uk127: Word; // $65E - $65F
		uk128: TMyVariant; // $660, $664, $668, $66C - $66F
		uk129: TMyVariant; // $670, $674, $678, $67C - $67F
		uk130: TMyVariant; // $680, $684, $688, $68C - $68F
		PartyAddress: Cardinal; // $690 - $693 ~ P->party (CAUTION: This one hasn't been updated for a while now, least since 2 patches ago, may be wrong)
		uk131: TMyVariant; // $694, $698, $69C, $6A0 - $6A3
		uk132: TMyVariant; // $6A4, $6A8, $6AC, $6B0 - $6B3
		uk133: TMyVariant; // $6B4, $6B8, $6BC, $6C0 - $6C3
		uk134: TMyVariant; // $6C4, $6C8, $6CC, $6D0 - $6D3
		uk135: TMyVariant; // $6D4, $6D8, $6DC, $6E0 - $6E3
		uk136: TMyVariant; // $6E4, $6E8, $6EC, $6F0 - $6F3
		uk137: TMyVariant; // $6F4, $6F8, $6FC, $700 - $703
		uk138: TMyVariant; // $704, $708, $70C, $710 - $713
		uk139: TMyVariant; // $714, $718, $71C, $720 - $723
		uk140: Cardinal; // $724 - $727
		uk141: Cardinal; // $728 - $72B
		uk142: Cardinal; // $72C - $72F
		uk143: Cardinal; // $730 - $733
		CameraOrientation: TOrientation; // $734, $738, $73C - $73F ~ camera orientation (angle2 is offset by 90° from angle1)
		uk144: Cardinal; // $740 - $743
		uk145: Cardinal; // $744 - $747
		uk146: Cardinal; // $748 - $74B
		uk147: Cardinal; // $74C - $74F
		uk148: Cardinal; // $750 - $753
		uk149: Cardinal; // $754 - $757
		uk150: Cardinal; // $758 - $75B
		uk151: Cardinal; // $75C - $75F
		uk152: Cardinal; // $760 - $763
		CameraLocation: TLocation; // $764, $768, $76C - $76F ~ camera location, expressed as x, z, and y coordinate
		uk153: Cardinal; // $770 - $773
		uk154: Cardinal; // $774 - $777
		uk155: TMyVariant; // $778, $77C, $780, $784 - $787
		uk156: TMyVariant; // $788, $78C, $790, $794 - $797
		uk157: TMyVariant; // $798, $79C, $7A0, $7A4 - $7A7
		uk158: TMyVariant; // $7A8, $7AC, $7B0, $7B4 - $7B7
		uk159: TMyVariant; // $7B8, $7BC, $7C0, $7C4 - $7C7
		uk160: TMyVariant; // $7C8, $7CC, $7D0, $7D4 - $7D7
		uk161: TMyVariant; // $7D8, $7DC, $7E0, $7E4 - $7E7
		uk162: TMyVariant; // $7E8, $7EC, $7F0, $7F4 - $7F7
		uk163: TMyVariant; // $7F8, $7FC, $800, $804 - $807
		uk164: TMyVariant; // $808, $80C, $810, $814 - $817
		uk165: TMyVariant; // $818, $81C, $820, $824 - $827
		uk166: TMyVariant; // $828, $82C, $830, $834 - $837
		uk167: TMyVariant; // $838, $83C, $840, $844 - $847
		uk168: TMyVariant; // $848, $84C, $850, $854 - $857
		uk169: TMyVariant; // $858, $85C, $860, $864 - $867
		uk170: TMyVariant; // $868, $86C, $870, $874 - $877
		uk171: TMyVariant; // $878, $87C, $880, $884 - $887
		uk172: TMyVariant; // $888, $88C, $890, $894 - $897
		uk173: TMyVariant; // $898, $89C, $8A0, $8A4 - $8A7
		uk174: TMyVariant; // $8A8, $8AC, $8B0, $8B4 - $8B7
		uk175: TMyVariant; // $8B8, $8BC, $8C0, $8C4 - $8C7
		uk176: TMyVariant; // $8C8, $8CC, $8D0, $8D4 - $8D7
		uk177: TMyVariant; // $8D8, $8DC, $8E0, $8E4 - $8E7
		uk178: TMyVariant; // $8E8, $8EC, $8F0, $8F4 - $8F7
		uk179: TMyVariant; // $8F8, $8FC, $900, $904 - $907
		uk180: TMyVariant; // $908, $90C, $910, $914 - $917
		uk181: TMyVariant; // $918, $91C, $920, $924 - $927
		uk182: TMyVariant; // $928, $92C, $930, $934 - $937
		uk183: TMyVariant; // $938, $93C, $940, $944 - $947
		uk184: TMyVariant; // $948, $94C, $950, $954 - $957
		uk185: TMyVariant; // $958, $95C, $960, $964 - $967
		uk186: TMyVariant; // $968, $96C, $970, $974 - $977
		uk187: TMyVariant; // $978, $97C, $980, $984 - $987
		uk188: TMyVariant; // $988, $98C, $990, $994 - $997
		uk189: TMyVariant; // $998, $99C, $9A0, $9A4 - $9A7
		uk190: TMyVariant; // $9A8, $9AC, $9B0, $9B4 - $9B7
		uk191: TMyVariant; // $9B8, $9BC, $9C0, $9C4 - $9C7
		uk192: TMyVariant; // $9C8, $9CC, $9D0, $9D4 - $9D7
		uk193: TMyVariant; // $9D8, $9DC, $9E0, $9E4 - $9E7
		uk194: TMyVariant; // $9E8, $9EC, $9F0, $9F4 - $9F7
		uk195: TMyVariant; // $9F8, $9FC, $A00, $A04 - $A07
		uk196: TMyVariant; // $A08, $A0C, $A10, $A14 - $A17
		uk197: TMyVariant; // $A18, $A1C, $A20, $A24 - $A27
		uk198: TMyVariant; // $A28, $A2C, $A30, $A34 - $A37
		uk199: TMyVariant; // $A38, $A3C, $A40, $A44 - $A47
		uk200: TMyVariant; // $A48, $A4C, $A50, $A54 - $A57 // A4C is id of current target, didn't get around to break up TMyVariant
		uk201: TMyVariant; // $A58, $A5C, $A60, $A64 - $A67
		uk202: TMyVariant; // $A68, $A6C, $A70, $A74 - $A77
		uk203: TMyVariant; // $A78, $A7C, $A80, $A84 - $A87
		uk204: TMyVariant; // $A88, $A8C, $A90, $A94 - $A97
		uk205: TMyVariant; // $A98, $A9C, $AA0, $AA4 - $AA7
		uk206: TMyVariant; // $AA8, $AAC, $AB0, $AB4 - $AB7
		uk207: TMyVariant; // $AB8, $ABC, $AC0, $AC4 - $AC7
		uk208: TMyVariant; // $AC8, $ACC, $AD0, $AD4 - $AD7
		uk209: TMyVariant; // $AD8, $ADC, $AE0, $AE4 - $AE7
		uk210: TMyVariant; // $AE8, $AEC, $AF0, $AF4 - $AF7
		uk211: TMyVariant; // $AF8, $AFC, $B00, $B04 - $B07
		uk212: TMyVariant; // $B08, $B0C, $B10, $B14 - $B17
		uk213: TMyVariant; // $B18, $B1C, $B20, $B24 - $B27
		uk214: TMyVariant; // $B28, $B2C, $B30, $B34 - $B37
		uk215: Cardinal; // $B38 - $B3B
		JumpState: Cardinal; // $B3C - $B3F ~ no jump = 0, fisrt jump = 1, second jump = 2
		uk216: Cardinal; // $B40 - $B43
		uk217: Cardinal; // $B44 - $B47
		uk218: Cardinal; // $B48 - $B4B
		uk219: Cardinal; // $B4C - $B4F
		uk220: Cardinal; // $B50 - $B53
		uk221: Cardinal; // $B54 - $B57
		uk222: Cardinal; // $B58 - $B5B
		uk223: Cardinal; // $B5C - $B5F
		uk224: Cardinal; // $B60 - $B63
		uk225: TMyVariant; // $B64, $B68, $B6C, $B70 - $B73
		uk226: Cardinal; // $B74 - $B77
		uk227: Cardinal; // $B78 - $B7B
		uk228: Cardinal; // $B7C - $B7F
		InventoryAddress: Cardinal; // $B80 - $B83 ~ P->inventory (contains useable items)
		uk229: Cardinal; // $B84 - $B87 // 2 patches back this was P->equiped items, but I haven't checked that lately
		InventoryQuestAddress: Cardinal; // $B88 - $B8B ~ P->inventory quest (containts quest items)
	end;

type
	TNPC = record
		uk1: Cardinal; // $00
		uk2: Cardinal; // $04
		uk3: Cardinal; // $08
		Orientation: TOrientation; // $0C / $10 / $14
		uk4: Cardinal; // $18
		uk5: Cardinal; // $1C
		uk6: Cardinal; // $20
		uk7: Cardinal; // $24
		uk8: Cardinal; // $28
		uk9: Cardinal; // $2C
		uk10: Cardinal; // $30
		uk11: Cardinal; // $34
		uk12: Cardinal; // $38
		Location: TLocation; // $3C / $40 / $44
		uk13: TMyVariant; // $48
		uk14: TMyVariant; // $58
		uk15: TMyVariant; // $68
		uk16: TMyVariant; // $78
		uk17: TMyVariant; // $88
		uk18: TMyVariant; // $98
		uk19: TMyVariant; // $A8
		uk20: TMyVariant; // $B8
		uk21: TMyVariant; // $C8
		uk22: TMyVariant; // $D8
		uk23: TMyVariant; // $E8
		uk24: TMyVariant; // $F8
		uk25: TMyVariant; // $108
		uk26: Cardinal; // $118
		ID: Cardinal; // $11C
		uk27: Cardinal; // $120
		Level: Cardinal; // $124
		uk28: Cardinal; // $128
		HPCurr: Cardinal; // $12C
		uk29: TMyVariant; // $130
		uk30: TMyVariant; // $140
		uk31: Cardinal; // $150
		uk32: Cardinal; // $154
		uk33: Cardinal; // $158
		HPMax: Cardinal; // $15C
		uk34: TMyVariant; // $160
		uk35: TMyVariant; // $170
		uk36: TMyVariant; // $180
		uk37: TMyVariant; // $190
		uk38: TMyVariant; // $1A0
		uk39: TMyVariant; // $1B0
		uk40: TMyVariant; // $1C0
		uk41: TMyVariant; // $1D0
		uk42: TMyVariant; // $1E0
		uk43: TMyVariant; // $1F0
		uk44: TMyVariant; // $200
		uk45: TMyVariant; // $210
		uk46: TMyVariant; // $220
		SpecialAttributeId: Cardinal; // $230
		uk48: Cardinal; // $234

		// Adding 4 bytes for new patch. See, told you I'm lazy :)
		ukx1: Cardinal;

		NameAddress: Cardinal; // $238 ~ P->Name
		uk49: TMyVariant; // $23C
		uk50: TMyVariant; // $24C
		uk51: TMyVariant; // $25C
		uk52: TMyVariant; // $26C
		uk53: TMyVariant; // $27C
		uk54: TMyVariant; // $28C
		uk55: TMyVariant; // $29C ~ uk1 seems to indicate attact type. 3 = magic casting (specials in bosses), when this is 3 WB better start interrupting boss spell :)
		uk56: TMyVariant; // $2AC ~ uk3 in this type is a timer which starts monster is casting magic attack (ie boss specials), and counts to about 2500-3500 ms. I think it's only used to display casting on screen as times do not always match up to a ms precision. In other words, trigger is not this timer but server.
		// Other things around here besides attacks, like is monster standing idle, running, walking, swimming, etc,.. but I haven't mapped out all of them yet. Got some written down somewhere :)
		// If you are interested in this, the ones of interest I've observed were: uk55.uk1, uk55.uk3 and uk56.uk1.

		uk57: Cardinal; // $2BC
		VictimID: Cardinal; // $2C0 ~ which poor soul monster has targeted for physical attack (ranged or close combat)
		uk58: Cardinal; // $2C4  ~ which poor soul monster has targeted for magic ranged attack
		uk59: Cardinal; // $2C8

		uk60: Cardinal; // $2CC
		Selected: Byte; // $2D0 ~ is this npc selected by us

		// This one I haven't worked with a lot, thus the confusion. I have no idea what below description means, I admit :)
		uk61: Cardinal; // Display Mode: 2 = in range and in view OR out of range OR mouse hovering over - 1 = in range, not in visible view - 0 = out of range

		uk62: Cardinal; // X 2D screen coordinate of NPC (I went hunting for this thanks to vuduy posts)
		uk63: Cardinal; // Y 2D screen coordinate of NPC (I went hunting for this thanks to vuduy posts)
		uk64: Cardinal; // same as above, but 12 pixels lower value, I assumed window title bar is subtracted (I play in window, haven't tested it fullscreen)
		uk65: Cardinal;
		uk66: Cardinal;
		uk67: Cardinal;
		uk68: Cardinal;
	end;

************************************************** ****************************

Usage:
base_ptr + 0x20 + TPlayer struct <-- full player struct

TPlayer.InventoryQuestAddress + 0x0C + index <-- Quest inventory
Quest inventory size is fixed as far as I know

TPlayer.InventoryAddress + 0x0C + index <-- Normal inventory (usable items)
TPlayer.InventoryAddress + 0x10 <-- size of inventory (number of available slots, not number of items in inventory)

TPlayer.PartyAddress + 0x14 + index <-- party list (your character is in here as well)
TPlayer.PartyAddress + 0x18 <-- number of party members (your character is in here as well)

************************************************** ****************************

I read whole structs from memory since it limits usage of ReadProcessMemory by A LOT, doesn't take more time and as for memory.. well, I can afford it
But really, doesn't take much more memory at all, reading all this with less than 2M usage (about 500k is UI and delphi classes anyhow).
I also find it's very CPU friendly and as I'm running memory scans in a separate thread, that's always welcomed.

I gives me easy access to unknown stuff in between the known sutff to test, observe and modify. When I'm fairly sure of something, "uk" is renamed to whatever I find that value to be as well as define it as a proper type.

This would take 10 minutes to write if I had my structs in order, as it is it took well over an hour.
Lazines sucks


BTW vuduy, y axis of screen coordinates is giving me values that are not exactly on target, but 40 pixels above and I haven't a clue why.
I assumed that's the top of NPCs bounding box, since it's always consistently 40 pixels above. But I then wondered why x coordinate doesn't land on the edge of bounding box (as y), but rather always dead centre on target.
You having same "deal" or did I picked wrong offsets?

EDIT:
Forgot, I also got this offsets for tool bars, but I haven't gotten around to construct tool slot struct

Banks offsets are: BDC, BE0, BE4, BE8, BF0 .. and one more. Seems I forgot to write it down but it's most likely BF4 or possibly BD8. EDIT: or BEC just noticed it's missing. Try and see.
Slot offsets start from 0 to x*0x04 (where x is number of slots for current tool bar, which is probably defined somewhere near these offsets, I didn't bother to look, sorry )

base_ptr + 0x20 + bank_offset + 0x0C + slot_offset <-- slot struct

Might prove useful for bot makers if you can find pots, skills, etc.. on tool bar and use em without having user defined binds.
Slot struct will however have to be defined before that happens

At a quick glance (which may be way off ):
above + 0x08 should give you id of action if slot contains shortcut to action (ie, fly). If it's linked to emoticons it's set to 12 all the time.. I think
above + 0x10 should give you item id if slot contains shortcut to inventory items item (ie, hp/mp pots)

I admit I haven't worked at this one bit

[asgborges]

OMFG..
are u spying me Shareen??? hehe jk

im working in the same away as you in delphi... except for CARDINAL that i change to INTEGER some times, that holds only 4 byte in memory to be correct max as possible with the game.

* and some times the adress can hold a SINGLE value too! (thats suck to check 1 by 1)

and thx for Item and Quest-Items.. it will be usefull for me!

[xindobnix]

I also use delphi
thanks for your knowledge ..

@GT

[vuduy]

Back to what I said about a raw list and an indexed (sequential) list. Here is an example:

For the sequential NPC list, the offsets are: base, 0x8, 0x24, 0x50, [0-count]*4
For the raw NPC list, the offsets are: base, 0x8, 0x24, 0x18, [0-768]*4, 0x4

For the sequential PC list, they are: base, 0x8, 0x20, 0x90, [0-count]*4
For the raw PC list, I didn't bother to find, but my guess would be: base, 0x8, 0x20, XXX, [0-768]*4, 0x4

Note: (XXX should be in the range of 0x10 to 0x30 - most likely 0x18)

The same can be applied to resource list and loots list.

Quote:

Originally Posted by Shareen

Here what I said I'll post, lots of text, hopefully some of it useful

The skills I mentioned vuduy, It was stuff you have on you atm.

base_ptr + 20 + 358 <-- number of "things" you have on you (buffs, debuffs, hots ..., whatever shows as icon)

base_ptr + 20 + 354 + index <-- either icon id or skills id (don't have skills db so I'm guessing), 2 bytes in length

Since icon id is 2 bytes in length, index is: index * 0x2

This one I had under suspicion as max number of icons per row, but I've never went back to test it
base_ptr + 20 + 360

That's the buff list; you can also get similar buff list structure for the party member list as well.

Quote:

BTW vuduy, y axis of screen coordinates is giving me values that are not exactly on target, but 40 pixels above and I haven't a clue why.
I assumed that's the top of NPCs bounding box, since it's always consistently 40 pixels above. But I then wondered why x coordinate doesn't land on the edge of bounding box (as y), but rather always dead centre on target.
You having same "deal" or did I picked wrong offsets?

The X,Y coordinates are correct when the camera view is top down (ie: 2D view instead of 3D - without the Z plane). When the Z-plane exists, the view is different, and the Y coordinate is a bit off. The X coordinate is correct however since it is not affected by the Z-plane of the camera view. You can calculate mathematically the offset position of the Y coordinate using the X-Y-Z camera angles; but I don't see a need for it.

Perhaps, a joint effort can be made to find the current quests list and guild-names list, and skill-names list (not the learned skill list - this is easy to get), and other hard to find lists.

[xindobnix]

how about injection function..?

[Shareen]

Quote:

Originally Posted by vuduy

Back to what I said about a raw list and an indexed (sequential) list. Here is an example:

For the sequential NPC list, the offsets are: base, 0x8, 0x24, 0x50, [0-count]*4
...
The same can be applied to resource list and loots list.

Guess I'll keep trying to find sequential resoruce list then, I prefer it over the other one.

Quote:

Originally Posted by vuduy

The X,Y coordinates are correct when the camera view is top down (ie: 2D view instead of 3D - without the Z plane). When the Z-plane ...

For now I don't see a need for additional calculations either, but then again I'm not making a bot. Guess those who'd like to get clicking, can always adjust offset by those 40 pixels. As far as I've tested, should be about 99% certain lock. Those 1% failure occurs on the edge of the envelope, ie npc is located top left or bottom right.
I'll take a look at possible calculations eventually, but I prefer fidling with memory at the moment.

Quote:

Originally Posted by vuduy

Perhaps, a joint effort can be made to find the current quests list and guild-names list, and skill-names list (not the learned skill list - this is easy to get), and other hard to find lists.

I guess I can take a poke at quest list, again
As for skill names (not the learned ones) only others left I can think of is a full skill list - game database, one that clients loads into memory on startup. That what you were thinking of?

EDIT:

Quote:

Originally Posted by xinodobnix

how about injection function..?

How about a more specific question?

[vuduy]

Quote:

Originally Posted by Shareen

I guess I can take a poke at quest list, again
As for skill names (not the learned ones) only others left I can think of is a full skill list - game database, one that clients loads into memory on startup. That what you were thinking of?

Yup, that's the one... the list of all skill names in the game. The learned skill list only has the skill Ids; it's better to display the skill name instead of Id.

[Shareen]

Quote:

Originally Posted by vuduy

... The learned skill list only has the skill Ids; it's better to display the skill name instead of Id.

Of course.
I reckon it should be slightly easier though if you've already found learned skills list, then you can track ID's back to GDB (game database).

What are the magic offsets for it btw, if you'd care to share?
Might as well look at that on the fly as I can't seem to decide what to do anyhow.
Besides, I have an idea. We know where max xp for levels is and as of our latest discusions, resource names as well, plus some others.
Whatever is (near) in front, between or (near) after is the rest of GDB.
Tell tale signs are obvious (at least from what I got so far), base_ptr + max one offset to struct, if even that.

Anyhow, weekend coming up which frees up time to start doing instead of talking.

[xindobnix]

Sharen = vuduy

[0o0]

why is the Target HP not there? Any way to fix? Need to get that normal attack first.

[vuduy]

Quote:

Originally Posted by Shareen

Of course.
I reckon it should be slightly easier though if you've already found learned skills list, then you can track ID's back to GDB (game database).

What are the magic offsets for it btw, if you'd care to share?
Might as well look at that on the fly as I can't seem to decide what to do anyhow.
Besides, I have an idea. We know where max xp for levels is and as of our latest discusions, resource names as well, plus some others.
Whatever is (near) in front, between or (near) after is the rest of GDB.
Tell tale signs are obvious (at least from what I got so far), base_ptr + max one offset to struct, if even that.

Anyhow, weekend coming up which frees up time to start doing instead of talking.

I haven't played PW for almost 2 years so I don't have the learned skills offset to share. However, I do have one for Zhu Xian if you are interested. The avatar's structure is different in ZX than PW; so this offset is guaranteed not to be the same as PW.

ZX learned-skill-list offset: base, avatar offset (in this case it's 0x28), 0x1064
Count is +4 from the list as usual.