memory hook

[baumner465]

im looking for the addresses for player health, pet health, player damage, and address to hook for movement. having trouble finding these in cheat engine. im aware i cant change these values but i can make useful info addons

[i33ELYTE]

Player health can be parsed from SGameWorld->SGameSystem->SPlayerInfoMgr (which derives from SPlayerInfo)->m_nHP (long)

SGameWorld static address is different for every client, easiest way to get it is to scan for your coordinates, see what accesses it, look for code that calls SGameWorld->AddGameInput() (for example), then scan that address to get your static pointer

SGameSystem is usually lives at SGameWorld + 0x3D0 offset (checked on 4 different servers), SPlayerInfoMgr is on 0x6C, health offset may vary but it's usually 0x18 or 0x10
Although I don't recommend it since it's desynced from real server value (if you need it to be exact while fighting mobs)

If you want more synced version get SCommandSystem (World+0x3D4)->m_svPlayerObject->SGameAvatarEx->SAvatarProperty(0x38C)->0x38 (may be different) but this property is "encrypted" with c_hidint< int, 1828 > and pretty cool brain gymnastics to reverse it yourself also leaks other people's HP\MP

Player damage is on SPlayerInfoMgr too, if you meant raw stats damage, not the total output cause this one is being calculated on the server afaik didn't check it

Pet's health can be parsed with both SGameAvatarEx and SCreatureInfo which can be parsed from SGameSystem->SCreatureSlotMgr (0x74) -> m_vecCreatureList - SCreatureSlot -> SCreatureInfo

[baumner465]

is there one that shows nearby player or gms? especially invisible. i have a pretty big script im building
(over 35k lines). i know i can utilize memory reading and using the values but finding them is my proble. im going through everything i can to find what youre stating. i found this in memory view 00cd01co 53 47 61 6D 65 57 6F 72 6C 64 40 40 00 00 00 00 sgameworld##....



.

the address ive found seems to return the right value im looking for as for health but it resets when i relog because i assume its not a pointer.

it be ******* to have these values in my script so i can track hp in realtime and assign that hp to the appropriate variable per party member or pet and gather the mob ids within a certain radius using ingame coordinates and basically creat a gui with a mob list that shows there coordinates, hp in real time and names.

ive already created a cript that can auto run any dungeon in the game, repeatedly. clicking doors, activating nodes. killing mobs. teleporting. i want to do it all lol

[i33ELYTE]

Quote:

Originally Posted by baumner465

is there one that shows nearby player or gms? especially invisible.

SCommandSystem (World+0x3D4)->m_svPlayerObject
It's a std::vector so it's 16 bytes size in memory where:
struct vector {
T *begin; // vector::begin() probably returns this value
T *end; // vector::end() probably returns this value
T *end_capacity; // First non-valid address
// Allocator state might be stored here (most allocators are stateless)
};

In other words you need to take vector+0x0 read it, read vector+0x4 and iterate it until you meet vector+0x4 address
svPlayerObject are vector of pointers so each cell is 4 bytes long pointer

I'm not sure if it leaks invisible GM's but it should leak invisible players

[baumner465]

im crashing when running then debugger on certain addresses to see what writes or accesses

ive tried changing debugger settings and not having much luck

[i33ELYTE]

Quote:

Originally Posted by baumner465

im crashing when running then debugger on certain addresses to see what writes or accesses

ive tried changing debugger settings and not having much luck

If you do it on retail then it's because of GameGuard, if not then try Windows Debugger and Int3 breakpoints in cheatengine settings

[baumner465]

tried that and all crashes. this is a pserver. veh debugging seems to work on int 3 until i seem to get to a certain point then it crashes when asking what writes to pointer to the address that shows coords.

what accesses it is empty

but its not that green value that im looking for

i can easily get the non pointer address everytime i load the game but then id have to do that for multiple clients every time

[i33ELYTE]

Quote:

Originally Posted by baumner465

tried that and all crashes. this is a pserver. veh debugging seems to work on int 3 until i seem to get to a certain point then it crashes when asking what writes to pointer to the address that shows coords.

what accesses it is empty

but its not that green value that im looking for

i can easily get the non pointer address everytime i load the game but then id have to do that for multiple clients every time

If that's a Gambit-like client\server then use Hardware Breakpoints + VEH debugger

Also gambit's like SFrame build SGameWorld should be still at SFrame.exe+0x8543FC so good luck

[baumner465]

it wasnt gambit but i found the static addresses for both x and y values and was able to create a gui that gives live feedback of what address im on. Eureka!
now id like something that shows mob id's and maybe mob distance from player? then i can creat a mob window with listed mobs and click a mob on mob window and all my clients target that same mob or even implement that further into having a lead dps and check for targetted mob id and send that id to all other cliens to target rather than using the assist button. can be janky with clicks that im not able to monitor.
player health is a big one for heals so i can see who needs healed before the gui shows me. sometimes it bugs out

an ultimate goal of mine would be to make a navmesh but i have no idea how lol
then at the click of a button i could travel anywhere in the world

[i33ELYTE]

Quote:

Originally Posted by baumner465

it wasnt gambit but i found the static addresses for both x and y values and was able to create a gui that gives live feedback of what address im on. Eureka!
now id like something that shows mob id's and maybe mob distance from player? then i can creat a mob window with listed mobs and click a mob on mob window and all my clients target that same mob or even implement that further into having a lead dps and check for targetted mob id and send that id to all other cliens to target rather than using the assist button. can be janky with clicks that im not able to monitor.
player health is a big one for heals so i can see who needs healed before the gui shows me. sometimes it bugs out

an ultimate goal of mine would be to make a navmesh but i have no idea how lol
then at the click of a button i could travel anywhere in the world

Follow my advice to retrieve pointer of m_svPlayerObject vector, every SGameAvatarEx (SGameObject) has their coordinates at 0x10, 0x14, 0x18 (XYZ) offsets

Mob name lives at SAvatarProperty -> 0x04 which is std::string so you should google C++ std::string memory layout

When you figure how to work and find memory classes and their offsets rest should be easy for you, reversing game classes is not a quick task for someone who is not familliar with reversing structures\asm code so expect yourself to spend a good month on that passion of yours

For faster approach I recommend you to take a look at 9.5.2\9.9 SFrame source code
Also take a look at Cheat Engines Dissect Code tool (memory viewer -> Tools -> Dissect Code), cause after you dissected the code you can do View -> Referenced Strings to quickly find some obvious portions of assembly with these strings

[baumner465]

excellent! thank you so much! youve been a great help! alt assist was my first little bought with coding. its blown up big time. ive created things now i didnt know where possible and its to the point im kinda afraid to release to public because it would litterally destroy the game xDDD might keep alot of these functions personal

[i33ELYTE]

Quote:

Originally Posted by baumner465

excellent! thank you so much! youve been a great help! alt assist was my first little bought with coding. its blown up big time. ive created things now i didnt know where possible and its to the point im kinda afraid to release to public because it would litterally destroy the game xDDD might keep alot of these functions personal

There's so much you can do in this game which is not server protected, I'm thinking about releasing it as well with high price tag later just to minimize cheating footprint in this already dead game

[Burner12345d]

At this point the game has been flooded with modified CE bots for years now. If they dont do nothing regarding packet protection the game is ****** either way.

Releasing ready made scripts may encourage the Devs to actually do something but thats just my guess.

[ernpilot]

Hey, contact with me.
AHK working on offical server.
I think we can work together for offical version
Discord:ernpilot