I get the same as you for Players and NPC, but not for Resources.
You have application to prove your point (assuming from the images posted), as have I.
Since both work, I can only assume we are using 2 different lists.
One is sequential, other is not.
Would also explain why vuduy said with him NPC and Resource list is not sequential, while with me NPC are (and resources are not since I'm using his list).
Next step is to compare offsets I guess, to get to the bottom of it.
Mine are:
- Players list (sequential):
base_ptr + 0x8 + 0x20 + x090 + index + player_struct <-- list
base_ptr + 0x8 + 0x20 + x094 <-- player count
- NPCs list (sequential):
base_ptr + 0x8 + 0x24 + 0x50 + index + npc_struct <-- list
base_ptr + 0x8 + 0x24 + 0x54 <-- npcs count
- Resources list (using the one vuduy posted, which works but isn't sequential):
base_ptr + 0x8 + 0x28 + 0x18 + index + 4 + 164 + 0 <-- resource name
base_ptr + 0x8 + 0x28 + 0x14 <-- resource count
* My attempt at finding resource list, which didn't yield results but follows logic above (and should in theory work on sequential list):
base_ptr + 0x8 + 0x28 + 0x10 + index + resource_struct <-- list
Obviously there will be some differences between versions, but it shouldn't be a problem to adjust for that.
hmm ok.. we agreed with some points and your lists is same as mine...
but, let me explain how can i see this:
I'm doing some test regarding this, since I'd really like to get to the bottom of it.
We all agree that Player list is sequential arrray. My tests confirm it.
I must disagree with vuduy about NPC list, my tests shows it is also a sequential list, vuduy if you have additional comments about this one, please share.
However, vuduy is rigth about resource list, tests show it is NOT sequential. As I've seen so far, certain offset always maps to certain resource on map, but I need to conduct some more test to confirm that 100%.
On a side note, I've noticed when you are standing around 2 or more same resources, ie Withered root, address to a name is same for both and address value is rather low. Pointer to a name in database that game has loaded?
Also, names of resources in this case are null terminated, which is rather interesting considering player and npcs names in the list have a fixed size.
asgborges, we do indeed have size of array for all, but it's only usefull when array is sequential (ie. indexes follow in sequential order, 0x4, 0x8, 0xc, 0x10,.etc...), which resource list isn't as we've discovered.
Well, there is one possible use for size of array even on nonsequential arrays:
Break loop when loop count reaches number of resources, since there is no point in going further if you've mapped out all there is already.
I understand that looping trough all will provide me with all resources, but my goals aren't bot making, but only in understanding of why things are the way they are. For that reason I'm trying to find out why resource list in nonsequential among other things.
The real answer is that it depends on which "list" you are looking at. There is the raw list (which is the main pool) which contains all the offsets of a particular type (eg. mob, player, loot, resource).
There is also another list of the same type that indexes the existing (non-zero offsets from the raw list) in a sequential array. My guess is that this indexed list is limited by the view radius (setting to improve lag) in the game.
It looks like that every type of list has both an indexed as well as a raw (non-indexed) lists.
On a side note, I'm currently looking for the quest list (list that contains all the current quests), guild list (list that contains all the current guild names), skill names list (if there is such a list), guild members list, and some more lists...
vuduy, 2 different lists of the same thing would explain inconsistencies between our posts, which is why I said post your offsets.
Comparing mine and asgborges's they would seem to be identical, which in turn would map both on the same list. However, both lists cannot be sequential and non sequential so did I miss read some offsets somewhere or what?
Counts are interesting as well as logical, always located on 0x14.
Makes sense and they seem to be better "placed" then mine.
Same offsets as I'm using, different results.
Index of 0x4 (1*0x4) gives me null pointer, as well as all indexes up to 0xE8 (58*0x4, points to Withered root, granted I haven't moved from the same spot yet), but bottom line is that lower indexes should work as well if the list was sequential.
Resource count only showed 5 resources in vicinity, in sequential list index 0xE8 should be way out there and not point to an actual resource.
But it works sequential for you, so now what's happening here?
Are you starting of with index of 1 (1*0x4) ?
Quote:
the Resource-Struct have an additional +4 offset to make the correct sequential pointers. (simple as you can see)
For name only, seems it's a "loopback" to game database, a part that contains resource names. That would explain low lying address. Addresses of other values are fairly high (in the range of 0x128560A0), whereas name falls in the ranges of 0x04960404
Can you posts your offsets for Players and NPCs vuduy?
If you are using non sequential list for NPCs, it should differ from offset asgborges and me posted.
Quote:
On a side note, I'm currently looking for the quest list (list that contains all the current quests), guild list (list that contains all the current guild names), skill names list (if there is such a list), guild members list, and some more lists...
Think I have something for skill somewhere, I'll look around. That and party, but party hasn't been modified since 2 patches back.
Guild names I can't work on, as I'm guild less atm. Though honestly, I did some limited work on it back when I was in a guild and I got no results
I'll also get my structs in order (player, NPC and resources) and post those, maybe we can help each other by filling in the blanks.
Same offsets as I'm using, different results.
Index of 0x4 (1*0x4) gives me null pointer, as well as all indexes up to 0xE8 (58*0x4, points to Withered root, granted I haven't moved from the same spot yet), but bottom line is that lower indexes should work as well if the list was sequential.
Resource count only showed 5 resources in vicinity, in sequential list index 0xE8 should be way out there and not point to an actual resource.
But it works sequential for you, so now what's happening here?
Are you starting of with index of 1 (1*0x4) ?
kakaka
sorry.. i forgot to say that is my point of view
my "sequential" type is based on 0 and non-0 adress where:
adress = base_ptr + 0x8 + 0x28 + 0x18 + index*4
-> 0 = Nothing
-> ? = Resource
its seems like be a fixed array but randonly filled, or something like that!
That is weird but works lol
Quote:
Originally Posted by Shareen
For name only, seems it's a "loopback" to game database, a part that contains resource names. That would explain low lying address. Addresses of other values are fairly high (in the range of 0x128560A0), whereas name falls in the ranges of 0x04960404
No.. all adresses are fixed in real-time memory... the loopbacks into DB-Game ocurs only when need to update the memory locations...
The offset +4 points exactly to struct that holds more than the "name".. trust me
Since all above is base_ptr + 20 it falls under player struct defined here but far from complete:
(all definitions are for delphi, but it's pretty self explanatory and easy to convert to language of your choice)
(all fields named ukX are short for unknown, they are all defined as just some value that occupies certain amount of bytes, feel free to change)
(if description says P-> it indicates pointer to something, in most cases another struct)
($ before value is hex notaion in delphi, same as 0x used on forums here and probably in C++)
Usage:
base_ptr + 0x20 + TPlayer struct <-- full player struct
TPlayer.InventoryQuestAddress + 0x0C + index <-- Quest inventory
Quest inventory size is fixed as far as I know
TPlayer.InventoryAddress + 0x0C + index <-- Normal inventory (usable items)
TPlayer.InventoryAddress + 0x10 <-- size of inventory (number of available slots, not number of items in inventory)
TPlayer.PartyAddress + 0x14 + index <-- party list (your character is in here as well)
TPlayer.PartyAddress + 0x18 <-- number of party members (your character is in here as well)
I read whole structs from memory since it limits usage of ReadProcessMemory by A LOT, doesn't take more time and as for memory.. well, I can afford it
But really, doesn't take much more memory at all, reading all this with less than 2M usage (about 500k is UI and delphi classes anyhow).
I also find it's very CPU friendly and as I'm running memory scans in a separate thread, that's always welcomed.
I gives me easy access to unknown stuff in between the known sutff to test, observe and modify. When I'm fairly sure of something, "uk" is renamed to whatever I find that value to be as well as define it as a proper type.
This would take 10 minutes to write if I had my structs in order, as it is it took well over an hour.
Lazines sucks
BTW vuduy, y axis of screen coordinates is giving me values that are not exactly on target, but 40 pixels above and I haven't a clue why.
I assumed that's the top of NPCs bounding box, since it's always consistently 40 pixels above. But I then wondered why x coordinate doesn't land on the edge of bounding box (as y), but rather always dead centre on target.
You having same "deal" or did I picked wrong offsets?
EDIT:
Forgot, I also got this offsets for tool bars, but I haven't gotten around to construct tool slot struct
Banks offsets are: BDC, BE0, BE4, BE8, BF0 .. and one more. Seems I forgot to write it down but it's most likely BF4 or possibly BD8. EDIT: or BEC just noticed it's missing. Try and see.
Slot offsets start from 0 to x*0x04 (where x is number of slots for current tool bar, which is probably defined somewhere near these offsets, I didn't bother to look, sorry )
Might prove useful for bot makers if you can find pots, skills, etc.. on tool bar and use em without having user defined binds.
Slot struct will however have to be defined before that happens
At a quick glance (which may be way off ):
above + 0x08 should give you id of action if slot contains shortcut to action (ie, fly). If it's linked to emoticons it's set to 12 all the time.. I think
above + 0x10 should give you item id if slot contains shortcut to inventory items item (ie, hp/mp pots)
im working in the same away as you in delphi... except for CARDINAL that i change to INTEGER some times, that holds only 4 byte in memory to be correct max as possible with the game.
* and some times the adress can hold a SINGLE value too! (thats suck to check 1 by 1)
and thx for Item and Quest-Items.. it will be usefull for me!
Back to what I said about a raw list and an indexed (sequential) list. Here is an example:
For the sequential NPC list, the offsets are: base, 0x8, 0x24, 0x50, [0-count]*4
For the raw NPC list, the offsets are: base, 0x8, 0x24, 0x18, [0-768]*4, 0x4
For the sequential PC list, they are: base, 0x8, 0x20, 0x90, [0-count]*4
For the raw PC list, I didn't bother to find, but my guess would be: base, 0x8, 0x20, XXX, [0-768]*4, 0x4
Note: (XXX should be in the range of 0x10 to 0x30 - most likely 0x18)
The same can be applied to resource list and loots list.
Quote:
Originally Posted by Shareen
Here what I said I'll post, lots of text, hopefully some of it useful
The skills I mentioned vuduy, It was stuff you have on you atm.
base_ptr + 20 + 358 <-- number of "things" you have on you (buffs, debuffs, hots ..., whatever shows as icon)
base_ptr + 20 + 354 + index <-- either icon id or skills id (don't have skills db so I'm guessing), 2 bytes in length
Since icon id is 2 bytes in length, index is: index * 0x2
This one I had under suspicion as max number of icons per row, but I've never went back to test it
base_ptr + 20 + 360
That's the buff list; you can also get similar buff list structure for the party member list as well.
Quote:
BTW vuduy, y axis of screen coordinates is giving me values that are not exactly on target, but 40 pixels above and I haven't a clue why.
I assumed that's the top of NPCs bounding box, since it's always consistently 40 pixels above. But I then wondered why x coordinate doesn't land on the edge of bounding box (as y), but rather always dead centre on target.
You having same "deal" or did I picked wrong offsets?
The X,Y coordinates are correct when the camera view is top down (ie: 2D view instead of 3D - without the Z plane). When the Z-plane exists, the view is different, and the Y coordinate is a bit off. The X coordinate is correct however since it is not affected by the Z-plane of the camera view. You can calculate mathematically the offset position of the Y coordinate using the X-Y-Z camera angles; but I don't see a need for it.
Perhaps, a joint effort can be made to find the current quests list and guild-names list, and skill-names list (not the learned skill list - this is easy to get), and other hard to find lists.
Back to what I said about a raw list and an indexed (sequential) list. Here is an example:
For the sequential NPC list, the offsets are: base, 0x8, 0x24, 0x50, [0-count]*4
...
The same can be applied to resource list and loots list.
Guess I'll keep trying to find sequential resoruce list then, I prefer it over the other one.
Quote:
Originally Posted by vuduy
The X,Y coordinates are correct when the camera view is top down (ie: 2D view instead of 3D - without the Z plane). When the Z-plane ...
For now I don't see a need for additional calculations either, but then again I'm not making a bot. Guess those who'd like to get clicking, can always adjust offset by those 40 pixels. As far as I've tested, should be about 99% certain lock. Those 1% failure occurs on the edge of the envelope, ie npc is located top left or bottom right.
I'll take a look at possible calculations eventually, but I prefer fidling with memory at the moment.
Quote:
Originally Posted by vuduy
Perhaps, a joint effort can be made to find the current quests list and guild-names list, and skill-names list (not the learned skill list - this is easy to get), and other hard to find lists.
I guess I can take a poke at quest list, again
As for skill names (not the learned ones) only others left I can think of is a full skill list - game database, one that clients loads into memory on startup. That what you were thinking of?
I guess I can take a poke at quest list, again
As for skill names (not the learned ones) only others left I can think of is a full skill list - game database, one that clients loads into memory on startup. That what you were thinking of?
Yup, that's the one... the list of all skill names in the game. The learned skill list only has the skill Ids; it's better to display the skill name instead of Id.
... The learned skill list only has the skill Ids; it's better to display the skill name instead of Id.
Of course.
I reckon it should be slightly easier though if you've already found learned skills list, then you can track ID's back to GDB (game database).
What are the magic offsets for it btw, if you'd care to share?
Might as well look at that on the fly as I can't seem to decide what to do anyhow.
Besides, I have an idea. We know where max xp for levels is and as of our latest discusions, resource names as well, plus some others.
Whatever is (near) in front, between or (near) after is the rest of GDB.
Tell tale signs are obvious (at least from what I got so far), base_ptr + max one offset to struct, if even that.
Anyhow, weekend coming up which frees up time to start doing instead of talking.
Of course.
I reckon it should be slightly easier though if you've already found learned skills list, then you can track ID's back to GDB (game database).
What are the magic offsets for it btw, if you'd care to share?
Might as well look at that on the fly as I can't seem to decide what to do anyhow.
Besides, I have an idea. We know where max xp for levels is and as of our latest discusions, resource names as well, plus some others.
Whatever is (near) in front, between or (near) after is the rest of GDB.
Tell tale signs are obvious (at least from what I got so far), base_ptr + max one offset to struct, if even that.
Anyhow, weekend coming up which frees up time to start doing instead of talking.
I haven't played PW for almost 2 years so I don't have the learned skills offset to share. However, I do have one for Zhu Xian if you are interested. The avatar's structure is different in ZX than PW; so this offset is guaranteed not to be the same as PW.
ZX learned-skill-list offset: base, avatar offset (in this case it's 0x28), 0x1064
Count is +4 from the list as usual.
collection wod 03/08/2011 - RFO Hacks, Bots, Cheats, Exploits & Guides - 3 Replies tv dvd
dvd collection
p90x
Buy high quality DVD collection online store .
TV DVD COLLECTION
Welcome to select any classic TV series what you want
High quality DVD selling at a best price !
P90X
[TUT] Video How to hack with CE und Pointer+Pointer mit SKill-Lvl und Kingdom-Hack 10/25/2010 - 4Story Hacks, Bots, Cheats & Exploits - 135 Replies Also ich habe auch mal ein How to do Video gemacht. Wie man mit Cheat Engine und einem Pointer hackt da es viele Leute immer noch nicht wissen. Den 3. Teil kann man sich ja bestimmt denken, wenn nicht der 3. Teil kommt am Dienstag denke ich mal weil ich heute in Urlaub fahre. Solange müsstet ihr euch dann noch gedulden. Unten steht der Link für Cheat Engine, der Link von Superx321 Skill Liste für den Skill-Hack und der Bypass von St0rmBl4de.
Also:
How to do Video 1. Teil:
YouTube - How to...
Pointer collection 11/09/2009 - General Gaming Discussion - 9 Replies Hi guys,
Let’s collect useful information like pointers and other data (if it’s possible) for coding own bots
Next list is a base address and offsets for Russian server:
Char stats 1: + $354 +
$A4 - HP current (4 Bytes)
$A8 - HP max (4 Bytes)
$AC - MP current (4 Bytes)
$B0 - MP max (4 Bytes)
