[1.0.1] Memory addresses

[zhiyaobai]

I tried to find the player level offset, I spent a long time, but haven't found, someone can help me?

[ITAUTO]

Still having some trouble... So I find the address for x, I know it is x because if I freeze it and experience the rubber band effect. I "Find out what accesses this address"(also tried what writes to this address) in cheat engine. I get the value of that and try to do a hex search for the pointer... But there are no results, am I doing something wrong?

[Nomoko]

i posted the X already before, it is still the same. Can anyone help me with HP / MP Offsets? My bot is working perfectly, navigation and combat is completed and it is pretty nice working. Right now im checking for the health with checking the pixels. Thanks in advance

[tearf]

Anyone have any info on the whereabouts/structure of the list of active objects/mobs?

Has anyone figured this out yet? I've been spending far too much time looking through hex codes over the last couple days with no luck. I still can't figure out how to get a list of what mobs/chests/nodes are around me and their positions. I guess I'm just not sure how to find the beginning of the DOM or Array structure in memory and iterate through it...

I'm an intermediate cheatengine user -- I can scan for changes and have just recently started dealing with pointers and offsets. But this thing has me beat. Anyone have any good sites or tutorials they can point me towards if they don't have the answers? I'm not afraid to do legwork and I love learning new things!

[dook123]

[[[[[ MemoryMan.dll + 00027E8C ] + 798 ] + 504 ] + 14 ] + 8 ] = PB. Player Base
[ PB + 28 ] = last target, int64
[ PB + 40 ] = health, float, 0-100 (Only after your health has decreased at least once )
[ PB + 80 ] = Distance to target/10, float
[ PB + 100 ] = X/10, float
[ PB + 104 ] = Y/10, float
[ PB + 108 ] = Z/10, float
[ PB + 114 ] = Angle degrees, float.

[ swtor.exe + 01083E00 ] = Player identifier, int64

[ PB + 44 ] = companion health, float, 0-100 (Only after its health has decreased at least once )

Im curious as to how you found the playerbase. Let me know if you dont mind. I am also looking for info on the obj list.

[QKdefus]

first of all, thanks luthien23 for your offsets

this is however addresses based on swtor.exe, although memoryman might not change as often ?

Code:

[[[[[ swtor.exe+0107E654 ] + 260] + 460] + 0 ] + 14 ] + 8 ] = PB. Player Base

[ PB + 28 ] = last target, int64
[ PB + 40 ] = health, float, 0-100 (Only after your health has decreased at least once) 
[ PB + 80 ] = Distance to target/10, float
[ PB + 100 ] = X/10, float
[ PB + 104 ] = Y/10, float
[ PB + 108 ] = Z/10, float
[ PB + 114 ] = Angle degrees, float

Code:

X = swtor.exe+1080AC4
Y = swtor.exe+1080ACC
Z = swtor.exe+F73DEC

[thebluefish]

first of all, thanks luthien23 for your offsets

this is however addresses based on swtor.exe, although memoryman might not change as often ?

Code:

[[[[[ swtor.exe+0107E654 ] + 260] + 460] + 0 ] + 14 ] + 8 ] = PB. Player Base

[ PB + 28 ] = last target, int64
[ PB + 40 ] = health, float, 0-100 (Only after your health has decreased at least once) 
[ PB + 80 ] = Distance to target/10, float
[ PB + 100 ] = X/10, float
[ PB + 104 ] = Y/10, float
[ PB + 108 ] = Z/10, float
[ PB + 114 ] = Angle degrees, float

Code:

X = swtor.exe+1080AC4
Y = swtor.exe+1080ACC
Z = swtor.exe+F73DEC

Well MemoryMan is actually used to alloc/dealloc memory, so really everything would be based off that module rather than swtor.exe base address, even though the module shouldn't change address it would be more "proper" for memory reading.

[QKdefus]

thanks, i did not know that


edit:
string value holding mission timer for active companion / latency when not running missions ?

Code:

swtor.exe+F2D600

[ambintx]

funny, i was wondering why i couldnt get any of these memory addresses to ever work, and now i know why, stupid 2x swtor.exe's and ive been picking the wrong one.

i actually found x/y addresses in the swtor.exe window too.

one thing i noticed with the addresses i found, and the ones posted here... sometimes it seems the game bugs out and incorrect values are listed 2 examples: the huttball respawn point ive found to be y=-4.xxx (its a float) but sometimes reads as 0, and sometimes when running around y stays at 0 and doesnt change o_O

[the1domo]

[[[[[ MemoryMan.dll + 00027E8C ] + 798 ] + 504 ] + 14 ] + 8 ] = PB. Player Base
[ PB + 28 ] = last target, int64
[ PB + 40 ] = health, float, 0-100 (Only after your health has decreased at least once )
[ PB + 44 ] = Partner health, float, 0-100 (Only after your health has decreased at least once )
[ PB + 80 ] = Distance to target/10, float
[ PB + 100 ] = X/10, float
[ PB + 104 ] = Y/10, float
[ PB + 108 ] = Z/10, float
[ PB + 114 ] = Angle degrees, float.
[ PB + 120 ] = PartnerX_Cord/10, float.
[ PB + 124 ] = PartnerY_Cord/10, float.
[ PB + 128 ] = PartnerZ_Cord/10, float.

[Distiny]

did anyone perhaps find some addresses regarding dmg ? like last hit dmg etc, tried to find in text, double, float, 4byte but no luck always searched for last hit value.

[luthien23]

I've updated the opening post for 1.0.2d. Adding some new addresses.

The mob array requires a bit more explanation.
[ [ swtor.exe + 107BE0 ] + 62C ] points to the start of the array. A large one.
Every 4 bytes you have a "potential pointer" to a mob info structure. Which is why I have 4*<mob number>.
When following the addresses you have to check that the pointers are valid in order to verify that it really holds a mob.

[QKdefus]

Z = swtor.exe+F73DEC i knew this one looked fishy, friend of mine mentioned it could be shadow's ?
consider there's quite a few xyz value's almost but not identical to 1080AC4 1080AC8 1080ACC

[zzj]

thanks alot for you discoveries guys (esp luthien and tearf)

trying to code this into a class atm

[tearf]

Some string locations for pulling out the names of mobs, gathering nodes, and missions:

Mobs: [[[[[swtor.exe + 00F03AB0] + 148] + 3C8] + 128] + 0]
Objects (Gathering nodes, other interactables..): [[[[[swtor.exe + 00F03AB0] + 148] + 3E8] + 688] + 0]
Missions: [[[[[swtor.exe + 00F03AB0] + 148] + 3E8] + 7E0] + 0]

Once you're at that base location (SB), the in32 at SB+3 contains the number of strings.

Then to cycle through the index it's:
SB + x0B + (x1A * (String# - 1)) + 0A = String Length (int32)
SB + x0B + (x1A * (String# - 1)) + 0E = Offset of string from base (int32)
SB + x0B + (x1A * (String# - 1)) + 12 = String Length (int32) -- same as +0A

So to retrieve the string you grab "String Length" characters from the location: "Offset" + SB...

So to find the SBs:

Code:

        Dim intObjectStringBase As Integer
        ReadProcessMemory(readHandle, (intMemBaseSWTOR + &HF03AB0), intObjectStringBase, 4, Nothing)
        ReadProcessMemory(readHandle, intObjectStringBase + &H148, intObjectStringBase, 4, Nothing)
        ReadProcessMemory(readHandle, intObjectStringBase + &H3E8, intObjectStringBase, 4, Nothing)
        ReadProcessMemory(readHandle, intObjectStringBase + &H688, intObjectStringBase, 4, Nothing)
        GetStrings("Objects", intObjectStringBase)

        Dim intMobMissionsStringBase As Integer
        ReadProcessMemory(readHandle, (intMemBaseSWTOR + &HF03AB0), intMobMissionsStringBase, 4, Nothing)
        ReadProcessMemory(readHandle, intMobMissionsStringBase + &H148, intMobMissionsStringBase, 4, Nothing)
        ReadProcessMemory(readHandle, intMobMissionsStringBase + &H3E8, intMobMissionsStringBase, 4, Nothing)
        ReadProcessMemory(readHandle, intMobMissionsStringBase + &H7E0, intMobMissionsStringBase, 4, Nothing)
        GetStrings("Missions", intMobMissionsStringBase)

        Dim intMobStringBase As Integer
        ReadProcessMemory(readHandle, (intMemBaseSWTOR + &HF03AB0), intMobStringBase, 4, Nothing)
        ReadProcessMemory(readHandle, intMobStringBase + &H148, intMobStringBase, 4, Nothing)
        ReadProcessMemory(readHandle, intMobStringBase + &H3C8, intMobStringBase, 4, Nothing)
        ReadProcessMemory(readHandle, intMobStringBase + &H128, intMobStringBase, 4, Nothing)
        GetStrings("Mobs", intMobStringBase)

And to parse the strings:

Code:

    Sub GetStrings(ByVal strType As String, ByVal intBaseAddress As Integer)
        Dim datRunTime As String = Now.ToString

        Dim intRead As Integer = 1
        Dim outMobNames As New System.IO.StreamWriter("c:\SWTORStrings.csv", True)
        outMobNames.WriteLine("RunTime,Type,#,Address,int1int32,int2int16,int3int16,int4int32,StringLength,OffsetFromBase,int8int32,StringAddress,String")

        Dim intStringsToRead As Integer
        ReadProcessMemory(readHandle, intBaseAddress + 3, intStringsToRead, 4, Nothing)

        Dim int1int32 As Integer
        Dim int2int16 As Integer
        Dim int3int16 As Integer
        Dim int4int32 As Integer
        Dim int5StringLength As Integer
        Dim int6OffsetFromBase As Integer
        Dim int7StringLength As Integer
        Dim int8int32 As Integer = 0
        Dim intString As Integer
        Dim strString As String

        For intRead = 1 To intStringsToRead
            ReadProcessMemory(readHandle, &HB + (&H1A * (intRead - 1)) + intBaseAddress, int1int32, 4, Nothing)
            ReadProcessMemory(readHandle, &HB + (&H1A * (intRead - 1)) + intBaseAddress + 4, int2int16, 1, Nothing)
            ReadProcessMemory(readHandle, &HB + (&H1A * (intRead - 1)) + intBaseAddress + 5, int3int16, 1, Nothing)
            ReadProcessMemory(readHandle, &HB + (&H1A * (intRead - 1)) + intBaseAddress + 6, int4int32, 4, Nothing)
            ReadProcessMemory(readHandle, &HB + (&H1A * (intRead - 1)) + intBaseAddress + 10, int5StringLength, 4, Nothing)
            ReadProcessMemory(readHandle, &HB + (&H1A * (intRead - 1)) + intBaseAddress + 14, int6OffsetFromBase, 4, Nothing)
            ReadProcessMemory(readHandle, &HB + (&H1A * (intRead - 1)) + intBaseAddress + 18, int7StringLength, 4, Nothing)
            ReadProcessMemory(readHandle, &HB + (&H1A * (intRead - 1)) + intBaseAddress + 22, int8int32, 4, Nothing)

            Dim intNameLoop As Integer
            strString = ""
            For intNameLoop = 0 To int5StringLength - 1
                ReadProcessMemory(readHandle, intBaseAddress + int6OffsetFromBase + intNameLoop, intString, 1, Nothing)
                strString &= Chr(intString)
            Next
            strString = Replace(strString, ",", " ")
            strString = Replace(strString, vbCr, " ")
            strString = Replace(strString, vbLf, " ")

            Dim strOutLog As String = datRunTime & "," & strType & "," & intRead & "," & (&HB + (&H1A * (intRead - 1)) + intBaseAddress).ToString("X") & "," & int1int32.ToString("X").PadLeft(4, "0") & "," & int2int16.ToString("X").PadLeft(2, "0") & "," & int3int16.ToString("X").PadLeft(2, "0") & "," & int4int32.ToString("X").PadLeft(4, "0") & "," & int5StringLength & "," & int6OffsetFromBase.ToString("X").PadLeft(4, "0") & "," & int7StringLength & "," & int4int32.ToString("X").PadLeft(4, "0") & "," & (intBaseAddress + int6OffsetFromBase).ToString("X").PadLeft(4, "0") & "," & strString
            Debug.WriteLine(strOutLog)
            outMobNames.WriteLine(strOutLog)
        Next
        outMobNames.Close()
    End Sub

I'm hoping the other values in the index are some sort of ID that references back to the actual mob, node, mission... So I've dumped them all to CSV (using that code) to see if I can figure out what they are.

And thanks for posting the pointer array, luthien, that's awesome!