Some structures and static pointers

[Wrongusername]

Here's a link to cheatengine CT with some usefull stuff i've found

Offsets for Client 0.10g
poe.CT

Some examples of what's inside

Player struct: maxhp, hp, mana, nshield, much more where this comes from for sure...

Code:

        <Description>"static playerstruct ptr"</Description>
          <ShowAsHex>1</ShowAsHex>
          <VariableType>4 Bytes</VariableType>
          <Address>"Client.exe"+AADFB8-400000</Address>
          <Offsets>
            <Offset>8F0</Offset>
            <Offset>150</Offset>
            <Offset>10</Offset>
            <Offset>144</Offset>
            <Offset>94</Offset>
            <Offset>104</Offset>
          </Offsets>

<Description>"currhp"</Description>
          <VariableType>4 Bytes</VariableType>
          <Address>"Client.exe"+6ADFB8</Address>
          <Offsets>
            <Offset>24</Offset>
            <Offset>8F0</Offset>
            <Offset>150</Offset>
            <Offset>10</Offset>
            <Offset>144</Offset>
            <Offset>94</Offset>
            <Offset>104</Offset>
          </Offsets>


          <Description>"maxhp"</Description>
          <VariableType>4 Bytes</VariableType>
          <Address>"Client.exe"+6ADFB8</Address>
          <Offsets>
            <Offset>28</Offset>
            <Offset>8F0</Offset>
            <Offset>150</Offset>
            <Offset>10</Offset>
            <Offset>144</Offset>
            <Offset>94</Offset>
            <Offset>104</Offset>
          </Offsets>

Current cursor position in Clientrect-relative coords and transformed position in world coords

Code:

<Description>"baseFrame"</Description>
          <ShowAsHex>1</ShowAsHex>
          <VariableType>4 Bytes</VariableType>
          <Address>"Client.exe"+6ADFB8</Address>
          <Offsets>
            <Offset>94</Offset>
            <Offset>7C</Offset>
            <Offset>4</Offset>
          </Offsets>

          <Description>"resolutionW"</Description>
          <VariableType>4 Bytes</VariableType>
          <Address>"Client.exe"+6ADFB8</Address>
          <Offsets>
            <Offset>1360</Offset>
            <Offset>94</Offset>
            <Offset>7C</Offset>
            <Offset>4</Offset>
          </Offsets>

         <Description>"XCursorWorld"</Description>
          <VariableType>Float</VariableType>
          <Address>"Client.exe"+6ADFB8</Address>
          <Offsets>
            <Offset>1584</Offset>
            <Offset>94</Offset>
            <Offset>7C</Offset>
            <Offset>4</Offset>
          </Offsets>

Object you're currently hovering your mouse over

Code:

<Description>"MouseOverEntityPtr"</Description>
          <ShowAsHex>1</ShowAsHex>
          <VariableType>4 Bytes</VariableType>
          <Address>"Client.exe"+6ADFB8</Address>
          <Offsets>
            <Offset>15A4</Offset>
            <Offset>94</Offset>
            <Offset>7C</Offset>
            <Offset>4</Offset>
          </Offsets>

          <Description>"MouseOverEntityID"</Description>
          <ShowAsHex>1</ShowAsHex>
          <VariableType>4 Bytes</VariableType>
          <Address>"Client.exe"+6ADFB8</Address>
          <Offsets>
            <Offset>18</Offset>
            <Offset>15A4</Offset>
            <Offset>94</Offset>
            <Offset>7C</Offset>
            <Offset>4</Offset>
          </Offsets>

Player position info : current, last, current movement action destination
Oh yes, surprisingly after WoW reversing scene spoon-feeding, it aint that hard to find coordinates on your own just by moving around and searching for increased/decreased value... Too bad no tp hack or even speedhack here.

Code:

<Description>"player movementinfo struct ptr"</Description>
          <Address>"Client.exe"+6ADFB8</Address>
          <Offsets>
            <Offset>24</Offset>
            <Offset>49C</Offset>
            <Offset>B4</Offset>
            <Offset>94</Offset>
            <Offset>7C</Offset>
            <Offset>4</Offset>
          </Offsets>

          <Description>"playerWorldXCurr"</Description>
          <VariableType>Float</VariableType>
          <Address>"Client.exe"+6ADFB8</Address>
          <Offsets>
            <Offset>28</Offset>
            <Offset>24</Offset>
            <Offset>49C</Offset>
            <Offset>B4</Offset>
            <Offset>94</Offset>
            <Offset>7C</Offset>
            <Offset>4</Offset>
          </Offsets>

Also a couple most interesting functions

ScreenToWorld - performs conversion of cursor coordinates to world coordinates

Code:

.text:005416B0 
.text:00541B67                 mov     eax, [ebx+0B8h] 
.text:00541B6D                 mov     ecx, [ebx+1584h] use by movement functions
.text:00541B73                 pop     edi
.text:00541B74                 pop     esi
.text:00541B75                 mov     [eax+1C34h], ecx -- stores current cursor world coordinates for later 
.text:00541B7B                 mov     edx, [ebx+1588h]
.text:00541B81                 pop     ebp
.text:00541B82                 mov     [eax+1C38h], edx

Another highly interesting function is at

.text:006F7250 SendMoveTo
This function is way down the call chain and actually sends some usefull packets.
Despite my poor naming choice it doesn't only handle movement, also item pickup, interaction with area exits, use of skills...

Code:

.text:006F7279                 test    ecx, 8000h      ; some movement/interaction inhibiting flag
.text:006F727F                 jnz     loc_6F7355
.text:006F7285                 mov     edx, [eax+1Ch]  ;   ; mouseover entityPTR
.text:006F7288                 test    edx, edx
.text:006F728A                 jz      short loc_6F72D1 ; MoveToPosition
.text:006F728C                 mov     [esp+30h+var_24], 0Dh ; Opcode?
.text:006F7291                 mov     [esp+30h+var_28], offset DataStore?
.text:006F7299                 mov     [esp+30h+var_4], 0
.text:006F72A1                 mov     edi, [eax+8]
.text:006F72A4                 mov     di, [edi]       ;0266 for areaexits, item pickup, movetonpc, 2909 normal move, 08 attack with skil
.text:006F72A7                 mov     al, [eax+17h]   ;  08 areaexits, item interact, movetonpc? 00 normal move; not critical
.text:006F72AA                 mov     word ptr [esp+30h+var_1C+2], cx ;dunno what's this
.text:006F72AF                 mov     ecx, [edx+18h]  ; ; get entity id from entity ptr
.text:006F72B2                 mov     edx, [esi+1A0Ch]
.text:006F72B8                 mov     [esp+30h+var_20], ecx ;  ; store entity id
.text:006F72BC                 push    edx

.text:006F72D1 moveToPosition:                         ; CODE XREF: SendMoveTo+3Aj
.text:006F72D1                 movss   xmm1, dword ptr [esi+1C2Ch] // Get dest world position coords
.text:006F72D9                 mulss   xmm1, dword_AA089C //scale by constant
.text:006F72E1                 cvttss2si edx, xmm1
.text:006F72E5                 movss   xmm1, dword ptr [esi+1C28h]
.text:006F72ED                 mulss   xmm1, dword_AA089C
.text:006F72F5                 cvttss2si edi, xmm1
.text:006F72F9                 mov     [eax+20h], edi
.text:006F72FC                 mov     [eax+24h], edx
.text:006F72FF                 mov     [esp+30h+var_24], 0Eh

[appudda]

whoa nice job. I was trying to find mana/hp regen memory today. Have you found those? Too bad hp and mana stuff is client side changes

[Wrongusername]

Nope dunno where hp regen is...
That player structure is not the only structure with player stats like mana, hp, that values are duplicated in some other structs, the particular struct to which i found pointers and offsets doesn't contain ALL extended player info (i've done a quick search for armor just now and that seems to be in another struct altogether), i chose to search for static pointer to this particular one because it also contains max values unlike other structs.

[Xel]

Great work Wrongusername. Have some +rep

[chemicalvamp]

This is exactly what i need.. And its outdated. Can you bring it up to date, or even better make a CT using its pattern scan?