Announcement

Collapse
No announcement yet.

[OTClient] Equipment Structure on Medivia

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • [OTClient] Equipment Structure on Medivia

    Finding equipment address


    1. Run Cheat Engine and attached to client.



    2. Select Unknown initial value, 4 bytes and click First Scan


    3. Dequip your helmet and search for Extract value: 0


    4. Equip helmet and search for Increased value.


    5. Repeat step 3 and 4 until you get you this result. Try dequip helmet, equip helmet and search for Changed value.


    6. Finally your list should contains 2 adressess. Select with CTRL and click arrow to add into our list.


    7. Now our target is find pointer to this addresses. I suggest searching for second adress but it may depent on your client memory. If you cant find pointer for second adress then scan for first.


    8. Make sure that pointer setting are equal to this here.


    9. Pointer scan will found one address but if find more select address with the lower offset value and double click Left mouse button. We add this pointer into our list. After that close pointer table.


    10. Double clicking left mouse button on a new added pointerscan result we can see values of our pointer and address:

    Code:
    Local $addrContainerStart = Medivia_D3D.exe + 0x545A94
    Local $offset = 0x264

    Discover adress value

    1. Select pointerscan result and click button Memory view.


    2. Photo below show how it's store value of our address in memory. As we can see the value isn't our head slot id or head slot quantity. But...
    The value is address to this values.

    Code:
    Memory view: F8 4B B7 07
    Local $addrMemoryView = 0x07B74BF8    ;==> reverse Hex

    3. Now we click right mouse button on this byte and Goto address. In new small window write 07B74BF8 but you will have other value. then Hit OK


    4. Let's look at stack and find interesting values:

    Code:
    Color: BLACK = id slot head
    Color: BLUE = quantity slot head

    How to make a function
    Since i never used C++, C# i post it in Autoit language i hope that you can easy convert it into your language.

    Code:
    ;===========================================================================================================
    ; Function:         _Self_Slot ($slot_nr)
    ;
    ; Description:      Read memory for slot id and quantity.
    ;
    ; Parameter(s):     $slot_nr - Integer [0-9].
    ;			[0] - Head		[1] - Necklace
    ;			[2] - Backpack          [3] - Armor
    ;			[4] - RightHand         [5] - LeftHand
    ;			[6] - Legs		[7] - Feet
    ;			[8] - Ring		[9] - Ammo
    ;
    ; Return Value(s):  On Success - Returns Array:
    ;			[0] - Slot id.
    ;			[1] - Slot quantity.
    ;                   On Failure - Returns Array:
    ;			[0] - 0.
    ;			[1] - 0.
    ;
    ; Author(s):        Ascer
    ;===========================================================================================================
    
    Local $base_address = _ModuleGetBaseAddress('Medivia_D3D.exe')
    Local $handle = _MemoryOpen(WinGetProcess(['CLASS:SDL_app]'))
    Local $eq_address = 0x545A94
    Local $offset_head = 0x264
    
    
    Func _Self_Slot ($slot_nr)
    
            ; create array with slot id & quantity default 0,0 
    	Local $array[2] = [0, 0]
    
            ; set offset value default 0x264 but if i wanna read backpack slot it will be 0x264 + 0x8
    	Local $offset_slot = [$offset_head + (0x4*$slot_nr)]
    
            ; read memory for address to searching slot. I dont know how this function look in C++ but u need to get value of pointer
    	Local $slot_address = _MemoryPointerRead($base_address + $eq_address, $handle, $offset_slot)[1]
    
            ; check if value of pointer is equal 0 then return [id=0, quantity=0]
    	If $slot_address = 0 Then
    		Return $array
    	EndIf
    
            ; now we need to set addresses for slot id and slot quantity
    	Local $slot_id = '0x' & StringRight(Hex($slot_address + 0x1A), 8)    ;==> 0x07B74BF8 + 0x1A = 0x07B74C12
    	Local $slot_quantity = '0x' & StringRight(Hex($slot_address + 0x1E), 8)    ==> 0x07B74BF8 + 0x1E = 0x07B74C16
    
            ; create new array to store slot values
    	Local $array[2]
    		$array[0] = _MemoryRead($slot_id, $handle, 'short')    ;==> read only 2byte
    		$array[1] = _MemoryRead($slot_quantity, $handle, 'byte')    ;==> read only 1byte
    
    	Return $array
    
    EndFunc
    Simple example how its working:

    Code:
    For $i = 0 To 9
    	Local $slot = _Self_Slot($i)
    	ConsoleWrite('Slot[' & $i & ']: id = ' & $slot[0] & ', quantity = ' & $slot[1] & @CRLF)
    Next

    Thanks for read!
    Ascer
    Last edited by Ascer; 29-03-2017, 06:25 PM.

  • #2
    Once again, excellent guide. Thanks bud. <3

    Comment


    • #3
      includes

      Hi, please, what is your autoit version? And what is your includes exactly, because i have other includes nomadmemoryPF, etc with incompatible functions, especially "_ModuleGetBaseAddress". If possible send me link of your includes or pm with you functions. Thanks.

      Comment


      • #4
        Very nice guide!
        I want to point out that the pointer you find is the same one that you use for getting player attributes such as exp, lvl, hp & mana.
        Also the same one you use for GG/Light hack.

        Comment

        Working...
        X