Inventory Pointer

[Cosmo777]

Hello,

I am trying to fix the inventory section in POEHud.

I have the following which is a pattern, the 0x1034EF8 offset is the offset I am trying to get.

When I do the pattern scan this pattern is found and returned as expected. Where I am stuck at is turning this assembly instruction memory address 461EE300 into this offset 0x1034EF8.

Cheat engine is able to do such a thing so it must be possible, the following was copy and pasted from cheat engine and it is showing me PathOfExile_x64.exe + 1034EF8 for the 461EE300 address.

Would anyone willing to be of assistance on how to accomplish this?

//7FF6493530A5 - 90 - nop
//7FF6493530A6 - 48 83 43 50 F8 - add qword ptr[rbx + 50],-08
//7FF6493530AB - 48 8B 0D 461EE300 - mov rcx,[PathOfExile_x64.exe + 1034EF8] <<
//7FF6493530B2 - 4C 8B 05 471EE300 - mov r8,[PathOfExile_x64.exe + 1034F00]
//7FF6493530B9 - 49 3B C8 - cmp rcx, r8
public static readonly Pattern InventoryPattern = new Pattern(new byte[]
{
0x90,
0x48, 0x83, 0x43, 0x50, 0xF8,
0x48, 0x8B, 0x0D, 0x00, 0x00, 0x00, 0x00,
0x4C, 0x8B, 0x05, 0x00, 0x00, 0x00, 0x00,
0x49, 0x3B, 0xC8
}, "xxxxxxxxx????xxx????xxx");

Thank you for any help

[maper]

Hello,

I am trying to fix the inventory section in POEHud.

I have the following which is a pattern, the 0x1034EF8 offset is the offset I am trying to get.

When I do the pattern scan this pattern is found and returned as expected. Where I am stuck at is turning this assembly instruction memory address 461EE300 into this offset 0x1034EF8.

Cheat engine is able to do such a thing so it must be possible, the following was copy and pasted from cheat engine and it is showing me PathOfExile_x64.exe + 1034EF8 for the 461EE300 address.

Would anyone willing to be of assistance on how to accomplish this?

//7FF6493530A5 - 90 - nop
//7FF6493530A6 - 48 83 43 50 F8 - add qword ptr[rbx + 50],-08
//7FF6493530AB - 48 8B 0D 461EE300 - mov rcx,[PathOfExile_x64.exe + 1034EF8] <<
//7FF6493530B2 - 4C 8B 05 471EE300 - mov r8,[PathOfExile_x64.exe + 1034F00]
//7FF6493530B9 - 49 3B C8 - cmp rcx, r8
public static readonly Pattern InventoryPattern = new Pattern(new byte[]
{
0x90,
0x48, 0x83, 0x43, 0x50, 0xF8,
0x48, 0x8B, 0x0D, 0x00, 0x00, 0x00, 0x00,
0x4C, 0x8B, 0x05, 0x00, 0x00, 0x00, 0x00,
0x49, 0x3B, 0xC8
}, "xxxxxxxxx????xxx????xxx");

Thank you for any help

So, if I understand your question correctly, you're looking to extract the pointer relative to the base address of PathofExile_x64.exe from that mov instruction, which in this example is 0x1034EF8? If so, here is what you need to do:

1. The endian order is reversed from what you think it is. The real address in that mov instruction is 0x00E31E46, which is just 0x461EE300 with the bytes reversed. This is important to keep in mind when trying to do the math yourself, but when you read that DWORD from memory using your program, it'll be read in the correct order.

2. In 64-bit mode, the immediate 32-bit displacement value is RIP-relative. This means that the address 0x00E31E46 is relative to the instruction pointer. When this mov instruction is evaluated, the instruction pointer will be pointing at the next instruction, at 0x7FF6493530B2.

3. Knowing that, you add the instruction pointer 0x7FF6493530B2 to the address 0x00E31E46 that we extracted. That gives us 0x7FF64A184EF8.

4. Now we have the absolute address of 0x7FF64A184EF8. You can just use this address, by the way, rather than doing any further math. But since I assume PoeHUD is expecting an offset relative to the base address, you have to subtract the base address of PathOfExile_x64.exe from 0x7FF64A184EF8. That will work out to the offset you want - 0x1034EF8.

If you're ever unsure if you got the right address through math, you can perform some trivial validation on it without knowing PathOfExile_x64.exe's base address. Since we know the offset is supposed to work out to 0x1034EF8, we can subtract that from our result 0x7FF64A184EF8 to get 0x7FF649150000. If this value is evenly divisible by 0x1000 (the default page size), it's a pretty safe assumption that we have the right address, since the Windows loader will always load the executable image on a page boundary.

I hope that answers your question.

[GameHelper]

Hello,

I am trying to fix the inventory section in POEHud.

I have the following which is a pattern, the 0x1034EF8 offset is the offset I am trying to get.

When I do the pattern scan this pattern is found and returned as expected. Where I am stuck at is turning this assembly instruction memory address 461EE300 into this offset 0x1034EF8.

Cheat engine is able to do such a thing so it must be possible, the following was copy and pasted from cheat engine and it is showing me PathOfExile_x64.exe + 1034EF8 for the 461EE300 address.

Would anyone willing to be of assistance on how to accomplish this?

//7FF6493530A5 - 90 - nop
//7FF6493530A6 - 48 83 43 50 F8 - add qword ptr[rbx + 50],-08
//7FF6493530AB - 48 8B 0D 461EE300 - mov rcx,[PathOfExile_x64.exe + 1034EF8] <<
//7FF6493530B2 - 4C 8B 05 471EE300 - mov r8,[PathOfExile_x64.exe + 1034F00]
//7FF6493530B9 - 49 3B C8 - cmp rcx, r8
public static readonly Pattern InventoryPattern = new Pattern(new byte[]
{
0x90,
0x48, 0x83, 0x43, 0x50, 0xF8,
0x48, 0x8B, 0x0D, 0x00, 0x00, 0x00, 0x00,
0x4C, 0x8B, 0x05, 0x00, 0x00, 0x00, 0x00,
0x49, 0x3B, 0xC8
}, "xxxxxxxxx????xxx????xxx");

Thank you for any help

sorry for the noob question,
but why do you need inventorypattern when there is already a inventory plugin in poehud?
I mean if that plugin can work without using inventory pattern why can't your plugin work like that...

[Cosmo777]

sorry for the noob question,
but why do you need inventorypattern when there is already a inventory plugin in poehud?
I mean if that plugin can work without using inventory pattern why can't your plugin work like that...

Not a noob question, as far as I can tell which I might be wrong, that uses the UI panels to work. If that is not the case then what I am doing is pretty useless. I want access without using the UI panels. There is an inventory list in hud, that is broken, its what I am trying to fix. It used to be reachable from the offsets we have. I don't think that is the case anymore.

[GameHelper]

Not a noob question, as far as I can tell which I might be wrong, that uses the UI panels to work. If that is not the case then what I am doing is pretty useless. I want access without using the UI panels. There is an inventory list in hud, that is broken, its what I am trying to fix. It used to be reachable from the offsets we have. I don't think that is the case anymore.

Yes ur right, it's accessing it from ui

[Cosmo777]

This can be condensed but for readability I kept each step as a separate line. This worked. Thank you very much Vendrick.

Hopefully this helps anyone else looking to how sig scans can help you make offsets more durable.

//Match the pattern finding its location relative to the module start address
var matches = MemoryTool.FindPatterns(MemoryTool.GetProcessId(), MemoryTool.InventoryPattern);
Process proc = Process.GetProcessesByName("PathOfExile_x64")[0];
IntPtr startOffset = proc.MainModule.BaseAddress;
var processStart = startOffset.ToInt64(); ;
//use the match plus the offset to the memory location to read the address I was trying to translate
var memoryValueOffset = matches[0] + 9;
//Read the value of the memory address
var memoryValue = _poeInterface.Memory.ReadInt(processStart + memoryValueOffset);
//Find the offset memory address of the next assembly function
var nextInstructionOffset = matches[0] + 13;
//find the full address value of that address in memory
var nextAddressFull = nextInstructionOffset + processStart;
//add the next address full value to the relative offset address value from earlier
var nextAddressPlusOffset = nextAddressFull + memoryValue;
//Win... this is our offset
_inventoryOffset = nextAddressPlusOffset;
//if you do need the relative address then minus the process start from the full offset
var valueIWasLookingFor = _inventoryOffset - processStart;

[Cosmo777]

Yes ur right, it's accessing it from ui

You can use what I posed to directly scan inventory without iterating UI panels. Its more efficient.I will try and update the HUD code at some point to use this.

From _inventoryOffset each different item category is offset starting with 0, then add 8 each time.

Flasks +0
Helmet +8
Etc.

Then 0x410, 0x5E8, 0x20 will get you to the inventory list that can be iterated as 8 byte addresses to lead to a poe entity representing the items.

[GameHelper]

You can use what I posed to directly scan inventory without iterating UI panels. Its more efficient.I will try and update the HUD code at some point to use this.

From _inventoryOffset each different item category is offset starting with 0, then add 8 each time.

Flasks +0
Helmet +8
Etc.

Then 0x410, 0x5E8, 0x20 will get you to the inventory list that can be iterated as 8 byte addresses to lead to a poe entity representing the items.

if you incorporate this into poehud (here: PoEHUD/Offsets.cs at x64 * TehCheat/PoEHUD * GitHub) I will use it in my flask manager, currently I have applied breath first search for searching flasks from the UI, which isn't slow but this one is even better.