i've tried it several times and the results gave me around 1000+ addresses all the time.
1. I put 9941820 [pw id's base address], then tick [v] fast scan, change scan type to [bigger than...] , 4 bytes. then I click [First Scan]
2. execute teleport portal
3. while still executing teleport portal, i search for changed value.
4. cancel skill, search changed value.
5. run around a bit, stand in a spot, then search unchanged value
6. i repeat 2-5 many times and still got 1000+ results.
around how many addresses should i expect ?
Then move around then stand in 1 spot (stand, not sit, not meditate), and search for "Unchanged Value"
Do this a lot to remove the excess.
Basically, when you are standing in one spot, I call that Idle state - this is one action pointer.
The other action pointer you want to search for is casting skills. For this, there are two. One is queuing skill action pointer; the 2nd is current skill action pointer.
By using CE, you can find the current skill action pointer because you are searching for it while the skill is STILL casting.
Anyway, keep trying to get the offsets, once you get one, you can get all the other action pointers easily.
A list of action pointers:
- moving
- looting
- queuing skill
- current skill
- following
- idling
that's great, i've been wanting a [following] pointer for so long, should be able to make my chars always follow my main without using mouseclick macro, it'll also be useful for pk using multi chars lol.
ok, instead of redoing from the start, i kept trying to reduce the excess and managed to reduce it to 361, but then it won't change no matter what i do, i even teleported to many areas and the results won't go down further. I also used other long casting skill like revive pet, heal hp, heal mp for variation, but it's still the same.
btw why should the first search's value begin from value bigger than base address ? aren't we usually using unknown initial value to start a search, while base address is already an address and its value is weird to use as a starting value.
i'm confused, it's the pointer that's always greater than the base address, but why we use base address for comparing value to find another pointer/memory address.
isn't in ce we search memory address based on a value, not pointer ? for example the pointer for HP will always greater than base address, but we input the ingame value to search for it, not the base address.
or maybe i don't follow the steps correctly and should set pointer search, but i don't see the option.
i get it now, if we use [hex] search in ce, it'll search pointer, while i used base add in decimal previously
ok then i'll try it on my own atm, i'll post result if i found something
-edit-
ok, i got 8 addresses now, now need to do step. 7
7. Once you get the address, do a complete trace back to get all the "offsets" until you hit the base address.
how to do a complete trace back to get all offsets.
what i found look like this, am i in the right direction ?
That means the pointer [[[base] + 0x20] + 0xc70] is the action structure.
From here, it becomes easy.
0x8 = current active mode flag (1 = on, 0 = off)
0xc = current active mode copy (used by the game to indicate start/stop of an action)
0x14 = current active mode (found by Megamorph)
0x18 = current active mode flag (1 is for on, 0 is for off)
0x30 = action mode types (all the action pointers are under here)
Here's a list of them:
[0x30] + 0x0 = idle mode (when doing nothing)
[0x30] + 0x4 = normal movement mode
[0x30] + 0x8 = queue skill mode
[0x30] + 0xc = normal attack mode (you still need to lock target first before using this)
[0x30] + 0x10 = current executing skill mode
[0x30] + 0x1c = follow mode
Note each action mode pointer is an actual structure to the action. Play around with the offsets to find the parameters of those action modes. An example for queue skill mode is:
0x8 = done flag
0x20 = target id
0x38 = type (usually the same number but might be different for a specific skill)
0x4c = skill error (must set this to 0)
0x50 = skill address (you must find the skill list and use the address of each skill in here)
Another example for normal movement mode:
0x8 = done flag (bool)
0x20 = X (float)
0x24 = Z (float)
0x28 = Y (float)
0x2c = type (int) (movement by mouse click = one type, movement by WASD is another type)
So let's say you want to move your character to coordinate (1,2,3) then you would do:
1. Write int 0 to done flag: [[[[[base] + 0x20] + 0xc70] + 0x30] + 0x4] + 0x8
2. Write float value 1 to X: [[[[[base] + 0x20] + 0xc70] + 0x30] + 0x4] + 0x20
3. Write float value 2 to Y: [[[[[base] + 0x20] + 0xc70] + 0x30] + 0x4] + 0x28
4. Write float value 3 to Z: [[[[[base] + 0x20] + 0xc70] + 0x30] + 0x4] + 0x24
5. Write int 0 to type: [[[[[base] + 0x20] + 0xc70] + 0x30] + 0x4] + 0x2c
6. Write int 1 to current action mode flag: [[[base] + 0x20] + 0xc70] + 0x8
7. Read normal movement mode pointer to: value = [[[[base] + 0x20] + 0xc70] + 0x30] + 0x4
8. Write value above to current action mode: [[[base] + 0x20] + 0xc70] + 0x14
9. Write same value to current action mode copy: [[[base] + 0x20] + 0xc70] + 0x8
sounds complicated, i guess it's not for a noob, it's enough just to look at how it works at the moment.
btw about follow mode, does it work like this :
01. select target (passing char id value to target offset)
02. write value to [[[[[base] + 0x20] + 0xc70] + 0x30] + 0x1c] (should check what's the value on this one when using ingame's follow button first)
i'd like to make use of it to make a script for pk using several chars, so my chars will always follow my main chars and if i click a target they will attack the same target i click (i already have the script for auto aim my main char's target and attack, still using keypress macro) but after one kill i have to use mouseclick macro to make them follow me which takes time. If somehow I can utilize your method to make autofollow for my other chars it'll be perfect! I'll be able to just focus on controlling one main char.
i'll just give it up if the steps above won't work, because that's all i can think with what i already know.
collection wod 03/08/2011 - RFO Hacks, Bots, Cheats, Exploits & Guides - 3 Replies tv dvd
dvd collection
p90x
Buy high quality DVD collection online store .
TV DVD COLLECTION
Welcome to select any classic TV series what you want
High quality DVD selling at a best price !
P90X
[TUT] Video How to hack with CE und Pointer+Pointer mit SKill-Lvl und Kingdom-Hack 10/25/2010 - 4Story Hacks, Bots, Cheats & Exploits - 135 Replies Also ich habe auch mal ein How to do Video gemacht. Wie man mit Cheat Engine und einem Pointer hackt da es viele Leute immer noch nicht wissen. Den 3. Teil kann man sich ja bestimmt denken, wenn nicht der 3. Teil kommt am Dienstag denke ich mal weil ich heute in Urlaub fahre. Solange müsstet ihr euch dann noch gedulden. Unten steht der Link für Cheat Engine, der Link von Superx321 Skill Liste für den Skill-Hack und der Bypass von St0rmBl4de.
Also:
How to do Video 1. Teil:
YouTube - How to...
Pointer collection 11/09/2009 - General Gaming Discussion - 9 Replies Hi guys,
Let’s collect useful information like pointers and other data (if it’s possible) for coding own bots
Next list is a base address and offsets for Russian server:
Char stats 1: + $354 +
$A4 - HP current (4 Bytes)
$A8 - HP max (4 Bytes)
$AC - MP current (4 Bytes)
$B0 - MP max (4 Bytes)
