Player information

[enigma32]

Downloading the korean client now just to see if that changes anything :P

[KillerJohn]

[[[0x01726FE4] + 0x04] + 0x9C]
[[[0x017A388C] + 0x04] + 0x9C]
[[[0x017F6874] + 0x10] + 0x9C]

Only the first two is good for me, but none of them is good for my beta testers

Downloading the korean client now just to see if that changes anything :P

we are both using the UK english client

[enigma32]

Only the first two is good for me, but none of them is good for my beta testers

we are both using the UK english client

Korean client broke it! Got it working with 0x017F6874 + 0x10 + 0x9C

I'll try to remember how I first found them and write instructions, and you can try to repeat it where it isn't working.

[KillerJohn]

it seems we found one which works for both of us:
int CharacterManagerPtr = MR.ReadInt(MR.ReadInt(MR.ReadInt(0x800000 + 0xFF6874) + 16) + 0x9C);

[KillerJohn]

Korean client broke it! Got it working with 0x017F6874 + 0x10 + 0x9C

I'll try to remember how I first found them and write instructions, and you can try to repeat it where it isn't working.

LOL we found the same

[enigma32]

How to find the structure (good for when new patches hits also)

1. Start a fresh process (don't want junk, cache etc in our matches)
2. Search for a few of your character seed values and store the addresses.
3. Since the characters are stored sequential, it should be possible to figure out around where the container structure is located.
4. The exact structure of the container is known, so it shouldn't be that hard finding the exact address of it now.
5. Search for that specific address, I get 2 matches. Only near 1 of them could I find a value connected to the number of characters I had. I used this one.
6. Start a pointer scan for that address (I used max offset 512 and max level 4).
7. I got tons of pointers back, then I started a continuous loop where it removed invalid chains, check "Only filter out invalid pointers" and "Repeat rescan until stopped". After clicking around a bit in the game with that running I was left with 3 paths with 3 offsets (and several other with longer path)

[KillerJohn]

How to find the structure (good for when new patches hits also)

1. Start a fresh process (don't want junk, cache etc in our matches)
2. Search for a few of your character seed values and store the addresses.
3. Since the characters are stored sequential, it should be possible to figure out around where the container structure is located.
4. The exact structure of the container is known, so it shouldn't be that hard finding the exact address of it now.
5. Search for that specific address, I get 2 matches. Only near 1 of them could I find a value connected to the number of characters I had. I used this one.
6. Start a pointer scan for that address (I used max offset 512 and max level 4).
7. I got tons of pointers back, then I started a continuous loop where it removed invalid chains, check "Only filter out invalid pointers" and "Repeat rescan until stopped". After clicking around a bit in the game with that running I was left with 3 paths with 3 offsets (and several other with longer path)

Nice, thanks!
Currently I have self-writter trainers for everything because I don't like 3rd party tools, but I like automation much better.
This means that after a patch I have some trainers looking for the well-known structs, patterns, etc, and automatically logs the candidates of new offsets into log files. 99.9999% of the time the nearest value (compared the last known working offset) is the winner.
Now I'll make a trainer for this, which will work somehow you written it, and after the next patch I don't have to get CE and hunt pointers, but it will be automatic an done in 0.5 minutes.

You are very great, thank you very much for your work!

PS: do you have any idea which offset contains a flag about the character's softcore/hardcore status?

[enigma32]

LOL we found the same

Does that mean it works now? I did write [[[0x017F6874] + 0x10] + 0x9C] before, but maybe you missed the change to 0x10 for that one instead of 0x04

[enigma32]

Nice, thanks!
Currently I have self-writter trainers for everything because I don't like 3rd party tools, but I like automation much better.
This means that after a patch I have some trainers looking for the well-known structs, patterns, etc, and automatically logs the candidates of new offsets into log files. 99.9999% of the time the nearest value (compared the last known working offset) is the winner.
Now I'll make a trainer for this, which will work somehow you written it, and after the next patch I don't have to get CE and hunt pointers, but it will be automatic an done in 0.5 minutes.

You are very great, thank you very much for your work!

PS: do you have any idea which offset contains a flag about the character's softcore/hardcore status?

You're welcome Yea, trainers are a good idea. And I'm considering making my own version of CheatEngine to speed the process up, takes so darn long time to figure stuff out in there 0x138 seems to contain some flags, at least it changed when I made a hardcore character die I'll see if I can figure it out.

[KillerJohn]

Does that mean it works now? I did write [[[0x017F6874] + 0x10] + 0x9C] before, but maybe you missed the change to 0x10 for that one instead of 0x04

yeah I missed the 0x10 :|

[enigma32]

0x138: int PlayerFlags

0x0001: Hardcore
0x0002: Female
0x0008: Dead (pretty sure)

TIP: BitVector32 is a nice class, if not using a flag enum that is.

[KillerJohn]

0x138: int PlayerFlags

0x0001: Hardcore
0x0002: Female
0x0008: Dead (pretty sure)

TIP: BitVector32 is a nice class, if not using a flag enum that is.

Thanks!

btw it crossed my mind: are you a HUD user?

[enigma32]

I named 0x138 as dead in the example code yes, but that wasn't entirely true as it contains a lot of other flags. I just forgot to remove it from the code before posting

[KillerJohn]

your PM box is full

[mondmond]

+0x0E8 is 0 when the character is selected and 1 when not. When in select hero this is 1 for all chars.