Thanks for that z0m.
Regarding what I mentioned with CharacterArray being zero, that was my own problem (I'd commented it for some reason). Also, this seems to have fixed some issues with the character name offsets, though it still cuts off the last two letters of my character's name. Also, I noticed that places that try to access ChCliPlayer are not working (throws exceptions for some members/doesn't have quite the right offsets it seems).
On another note, can I get you guys to confirm I'm updating TlsIndex and AsContext offsets correctly?
For TlsIndex I'm setting a breakpoint after the call to getTLS in getCliContext and grabbing the value of eax (before the +30h happens). For AsContext I'm doing the same thing but in getAsContext on the retn line.
I seem to get very different TlsIndex offsets than what I've seen here (0x06xxxxxx or 0x07xxxxxx instead of 0x16xxxxxx). That said, they seem to have sort of the right data anyhow.
The help is very much appreciated guys.
Oh I had another question, which is how to find the InGame offset and the Loading offset. I've tried just searching 0/1 when in character select/in game for the InGame offset but didn't turn anything up.
Anyway, I'm going to be posting some of my work on a Trading Post automater (C#) soon, hopefully you guys will find it interesting
for (int i = 0; i < 4*8; i += 2)
Increment it to the right length.
You can just open IDA and find it in seconds. Look for the function that was mentioned in the topic start, or search for textor bytes:Code:"..\\..\\..\\Game\\Ui\\Scenes\\Gameplay\\GpMous"...
sub_AF6560 ==> GetAsContextCode:.text:0045AFDF 0F 84 84 00 00 00 jz loc_45B069 .text:0045AFE5 E8 76 B5 69 00 call sub_AF6560 .text:0045AFEA 8B 10 mov edx, [eax] .text:0045AFEC 8B C8 mov ecx, eax .text:0045AFEE 8B 42 04 mov eax, [edx+4] .text:0045AFF1 53 push ebx .text:0045AFF2 FF D0 call eax .text:0045AFF4 85 C0 test eax, eax .text:0045AFF6 74 7F jz short loc_45B077 .text:0045AFF8 E8 63 B5 69 00 call sub_AF6560 .text:0045AFFD 8B 10 mov edx, [eax] .text:0045AFFF 8B C8 mov ecx, eax .text:0045B001 8B 42 58 mov eax, [edx+58h] .text:0045B004 53 push ebx .text:0045B005 FF D0 call eax .text:0045B007 C7 46 60 01 00 00 00 mov dword ptr [esi+60h], 1 .text:0045B00E 83 7F 18 02 cmp dword ptr [edi+18h], 2 .text:0045B012 75 63 jnz short loc_45B077 .text:0045B014 E8 F7 CB 6C 00 call sub_B27C10 .text:0045B019 8B 10 mov edx, [eax] .text:0045B01B 8B C8 mov ecx, eax .text:0045B01D 8B 42 1C mov eax, [edx+1Ch] .text:0045B020 FF D0 call eax .text:0045B022 8B F8 mov edi, eax .text:0045B024 85 FF test edi, edi .text:0045B026 75 14 jnz short loc_45B03C .text:0045B028 68 51 02 00 00 push 251h .text:0045B02D BA 20 6D 21 01 mov edx, offset a______GameUi_9 ; "..\\..\\..\\Game\\Ui\\Scenes\\Gameplay\\GpMous"... .text:0045B032 B9 04 1B 21 01 mov ecx, offset aPlayer ; "player" .text:0045B037 E8 C4 2C 21 00 call sub_66DD00
sub_B27C10 ==> GetCliContext
sub_AF6560:
dword_16B3570 is what you want, aka GW2.exe + 0x12B3570 at this point.Code:.text:00AF6560 .text:00AF6560 sub_AF6560 proc near ; CODE XREF: sub_411440+41p .text:00AF6560 ; .text:00412BE3p ... .text:00AF6560 B8 70 35 6B 01 mov eax, offset dword_16B3570 .text:00AF6565 C3 retn .text:00AF6565 sub_AF6560 endp
Well I have no problem finding them (been using that method after I realized what you were referring to in your earlier post about an easy way to find them all on the first post, as I hadn't noticed it was there at the time), I was just wondering if the TlsIndex is indeed in the eax register after the call to getTLS in the getCliContext sub.
Good to know about AsContext though, I was doing that wrong. Thanks
Never tried it tbh. I usually dumped the addresses with a very small C++ program.
Toyed around a bit to see what it's like to find it with your method.
In the Memory Viewer you go to the address of getCliContext:
Put your breakpoint at the return point:
Get the current value of the EAX register:
Perform a scan for it's value:
And the ChCliContext's address is shown as a static address:
So testing it out now, it all appears to be correct
Any tips on locating InGame and Loading addresses?
Use IDA and diff 2 binary