Target Pointer (lack thereof)

For any other game that doesn't have its own section.
Post Reply
Message
Author
User avatar
MiesterMan
Posts: 543
Joined: Tue Jul 06, 2010 9:15 pm
Location: Between the Second and Third Circles of Hell

Target Pointer (lack thereof)

#1 Post by MiesterMan » Tue Dec 13, 2011 12:57 pm

It looks like the big obstacle of a target pointer was never solved for this game. I think I might have found something, I actullay did find an object with coords, the ID, and a last target ID as well as offsets to a shared reference address. The problem is that it's pointed to by a table in static memory and there are several variations of pointer types within the table. The paths for the different types of pointers is different and I'm going to have to map each one.

But hey, I found the table first this time so woot for that! :lol:

User avatar
MiesterMan
Posts: 543
Joined: Tue Jul 06, 2010 9:15 pm
Location: Between the Second and Third Circles of Hell

Re: Target Pointer (lack thereof)

#2 Post by MiesterMan » Wed Dec 14, 2011 2:11 pm

Ok, here's what I've found so far.

There is a group of "group pointers" starting at (currently) 0x0085787C. In 20 byte groups with 5 4 byte values. First value is the group identifier, counting in increments of 4. Second value is 4byte 0. Third value is the absolute pointer value, which will always point to the group. The fourth value is the "indicator", which if not 0 means there are objects in the group nearby being updated. And the fifth value seems to change to adjust to something (If looking at the value, it changes to something of identical data type so I think it's the updat"er").

From what I've seen, what these point to are groups of 10 objects. The problem is the paths to the objects is different based on what kind of object (NPC, Player, Loot, and Monster) as well as the offsets to values and object sizes. These groups of objects are always close to each other. I've yet to actually identify a loot pointer.

If you need help finding groups I can give this advice here. First, setup you cheat engine to give you the value of your target ID.
Currently the base player pointer is at 0x00859F3C, the offset from the pointed to value is 0x16C to the target ID's 4byte integer.
So under Change address set the pointer check box, Address of pointer: 859F3C, Offset (hex): 16C.
From there do a search for the targetid value. Keep iterating through targets until you get an ID value that only returns a few hundred (or less). Browse the memory regions looking for float values close to your own physical location.

Similar to the player target ID pointer above, offsets for X: 0x10, Y: 0x14, Z: 0x18.

Something else to note. These groups don't change. While the target ID values may change, the targets will show up in the same groups. At least that's how it appears as I've run all over the map, close the client, and opened them back up to run back to the location and have the same targets update in the same pointer values in the same groups (groups that moved to different memory locations).

Edit: I take back part of what I said. They all point to the same table from this group table. It's the path after that that seems to be skewed by something.

Edit2: Ok, reviewing the different paths I found there really wasn't any variance in paths... They just went around in circles... Love that pointer scanner.

User avatar
MiesterMan
Posts: 543
Joined: Tue Jul 06, 2010 9:15 pm
Location: Between the Second and Third Circles of Hell

Re: Target Pointer (lack thereof)

#3 Post by MiesterMan » Wed Dec 14, 2011 3:42 pm

Yep, that was completely wrong. It's just an object list. No group list. The first value is the type. If the fourth value isn't 0 then the third value points to a pointer to the object's pointer.

Funny funny, the first existing object points back to the player. :D

User avatar
MiesterMan
Posts: 543
Joined: Tue Jul 06, 2010 9:15 pm
Location: Between the Second and Third Circles of Hell

Re: Target Pointer (lack thereof)

#4 Post by MiesterMan » Wed Dec 14, 2011 4:38 pm

This is as much as I got so far. Will work on it again later, have to go.

Code: Select all

objGroup = {};
startGroups = 0x85787C;
proc = openProcess(findProcessByWindow(findWindow("Shaiya")));

for i=0,494,1 do
	objGroup[i+1] = {};
	objGroup[i+1].baseAddress = startGroups + (i * 0x14);
end

v = 1;
for i=1,495,1 do
	isValue = memoryReadInt(proc,objGroup[i].baseAddress + 0xC);
	if isValue ~= 0 then
		printf("0x%x, ",isValue)
		v = v+1;
	end
	if math.ceil(v/7) == math.floor(v/7) then printf("\n"); v=v+1;end;
end
printf("\n");

v = 1;
for i=1,495,1 do
	isValue = memoryReadInt(proc,objGroup[i].baseAddress + 0xC);
	if isValue ~= 0 then
		printf("0x%x, ",memoryReadInt(proc,objGroup[i].baseAddress))
		v = v+1;
	end
	if math.ceil(v/7) == math.floor(v/7) then printf("\n"); v=v+1;end;
end
printf("\n");

v = 1;
for i=1,495,1 do
	isValue = memoryReadInt(proc,objGroup[i].baseAddress + 0xC);
	if isValue ~= 0 then
		printf("0x%x, ",memoryReadInt(proc,objGroup[i].baseAddress + 0x8))
		v = v+1;
	end
	if math.ceil(v/7) == math.floor(v/7) then printf("\n"); v=v+1;end;
end
printf("\n");

v = 1;
for i=1,495,1 do
	isValue = memoryReadInt(proc,objGroup[i].baseAddress + 0xC);
	if isValue ~= 0 then
		chkValue = memoryReadUByte(proc,objGroup[i].baseAddress)
		if ((chkValue >= 0x80) and (chkValue <= 0x90)) then
			printf("0x%x, ",memoryReadInt(proc,memoryReadInt(proc,memoryReadInt(proc,objGroup[i].baseAddress + 0x8)) + 0x10))
			v = v+1;
		elseif chkValue > 0x90 then
			printf("0x%x, ",memoryReadInt(proc,memoryReadInt(proc,memoryReadInt(proc,objGroup[i].baseAddress + 0x8)) + 0x8))
			v = v+1;
		end
	end
	if math.ceil(v/7) == math.floor(v/7) then printf("\n"); v=v+1;end;
end
printf("\n");

Post Reply

Who is online

Users browsing this forum: Google [Bot] and 1 guest