Some Pointer for Player Data

[mazer]

Guild Wars 2 Version 1.0.0.1 Build 15.518 (Sep. 14th 2012)

Code:

BASE -> Gw2.exe + 011B0A3C + 44 + 1C + 5C

PLAYER_VISUAL_X -> BASE + B4
PLAYER_VISUAL_Y -> BASE + B8
PLAYER_VISUAL_Z -> BASE + BC
PLAYER_GRAVITY -> BASE + 104
PLAYER_CUR_SPEED -> BASE + 110
PLAYER_MAX_SPEED -> BASE + 114 
PLAYER_Z_MOMENTUM -> BASE + 7C

PLAYER_HEADING_A1 -> BASE + 94
PLAYER_HEADING_B1 -> BASE + 98
PLAYER_HEADING_A2 -> BASE + A4
PLAYER_HEADING_B2 -> BASE + A8

PLAYER_TARGET_ID -> Gw2.exe + 1281750 (4 bytes) OUTDATED
PLAYER_INTERACT_TARGET -> Gw2.exe + 1281720 (4 bytes) OUTDATED


BASE_TELE -> Gw2.exe + 011B1A0C + 44 + 1C + 88

PLAYER_X -> BASE_TELE + D0
PLAYER_Y -> BASE_TELE + D4
PLAYER_Z -> BASE_TELE + D8

PLAYER_TARGET_ID -> writing to this works, but does not change the health/info bar at the top of the screen - target arrow appears above new target and attacks are directed to it too

PLAYER_INTERACT_TARGET -> ("Talk [F]" or "Use x [F]" visibilty for target with this id -> NPC, station, bank, TP, is 0 if not in range, else target id) there is a second check for this (didn't found a pointer but adress can be found easy. same value as player interact target)
HINT: can be used to interact with stuff around you, without actually standing near it (use crafting station near the TP guy)

Heres a bit of what i collected when messing with that, might not be accurate.
This is the structure used for a moving entity (including local player, so changing speed affects speed, same with de-acceleration (gravity))

Code:

ECX+C0 = Location (quternion)
ECX+D0 = Velocity (in normal units, relative to speed 9.1875 ex)
ECX+E0 = Velocity Related (small number, 0.x, perhaps used to normalize the velocity?)
ECX+F0 = Rotation
ECX+100 = Rotation as well (Copy it seems)
ECX+110 = Location again (quaternion)
ECX+160 = Velocity De-acceleration
ECX+170 - 4 = Current Velocity (running) 
ECX+170 = Speed
ECX+180 = Location again (quternion)
ECX+1B0 = Changes when walking(i think rotation?)

[Maddin1803]

First of all, as you maybe already guessed, this are structs, do yourself a favor and make some structs out of your infos

For the headding pairs, if you ever stumple across something like that, think about why would you implement something this way, didnt looked it up as you dont need to know yet, but i guess this a
a) headding of your character and headding of your minimap
or
b) your true headding and your visual headding

If you look at the floats within your headding variables, you see they change from -1 to 1 both while you are turning, so you know you have 4 peaks, north south east and west will be something like 1 0 , -1 0 etc.
So you know you have 4 quadrants and a value indicating where in the quadrant you are.
You could now implement the math behind it, or you will be clever and use an atan function which is provided by nearly every math libary in ever language :P

Sorry, dont have anything here to look up how exactly i did it but it should be something like

"No real code"

a = math.atan2(heada, headb)
if a < 0
{
a = a + pi *2
}

b = a * 180
c = b / PI

headding in degree = c + 90

if headding in degree > 360
{
headding in degree = headding in degree - 360
}

You dont need to split it up that much, but i think its better as an example.

[mazer]

thanks for that info.
just start to remember the whole quaternion stuff and looking at some old code (did this some time ago for object facing in wow).

as for the struct. your right, i will clean up the listing later this day

[JuJuBoSc]

Code:

        public static float QuaternionsToRadian(float HeadingX, float HeadingY)
        {

            return (float)Math.Atan2(HeadingY, HeadingX);

        }

        public static void RadianToQuaternions(float Radian, ref float HeadingX, ref float HeadingY)
        {

            HeadingX = (float)Math.Cos(Radian);
            HeadingY = (float)Math.Sin(Radian);

        }

You're welcome

[Net07]

Heres a bit of what i collected when messing with that, might not be accurate.
This is the structure used for a moving entity (including local player, so changing speed affects speed, same with de-acceleration (gravity))

Code:

ECX+C0 = Location (quternion)
ECX+D0 = Velocity (in normal units, relative to speed 9.1875 ex)
ECX+E0 = Velocity Related (small number, 0.x, perhaps used to normalize the velocity?)
ECX+F0 = Rotation
ECX+100 = Rotation as well (Copy it seems)
ECX+110 = Location again (quaternion)
ECX+160 = Velocity De-acceleration
ECX+170 - 4 = Current Velocity (running) 
ECX+170 = Speed
ECX+180 = Location again (quternion)
ECX+1B0 = Changes when walking(i think rotation?)

[mazer]

thanks JuJuBoSc for the code and Net07 for the info.


was anyone able to get a closer look at the object/entity manager?


had some fun with the "player z momentum" (as i call it) yesterday.
set it to like 5 or higher and freeze it. jump in game and you will float upwards. set it to 3.375 to hold the current height. now you are able to roam around freely.
your char is still is in the falling state, so attacks wont work (couldn't find the flag or a function to patch (beside the model/animation flag))
good enough for a small and quick exploration. and faster than finding and patching swim state i guess (haven't tried tho)

[mazer]

updated for Version 1.0.0.1 Build 15.502 (Sep. 12th 2012)

[skull905]

Mazer, i noticed that with your pointers for the xyz cords for the September 9th build were the visual cordnets (when you change these your visual player model will move but only show on your client and will not move your player ent on the server) there are another set of adresses containing your player entity xyz cordnets with roughly the same values as the visual xyz. The player ent xyz will allow you to teleport your actuall charater but it will not show that you moved untill you actually tab back in game and move your charater and then you will jump positions. What i do is i have assigned keys on my keyboard to incriment or deincriment both X adresses and Y adresses by about 2 to counter rubber banding and also it will show your player model move in unison with your player entity.

[mazer]

Mazer, i noticed that with your pointers for the xyz cords for the September 9th build were the visual cordnets (when you change these your visual player model will move but only show on your client and will not move your player ent on the server) there are another set of adresses containing your player entity xyz cordnets with roughly the same values as the visual xyz. The player ent xyz will allow you to teleport your actuall charater but it will not show that you moved untill you actually tab back in game and move your charater and then you will jump positions. What i do is i have assigned keys on my keyboard to incriment or deincriment both X adresses and Y adresses by about 2 to counter rubber banding and also it will show your player model move in unison with your player entity.

ah, ok.
did not check that, but saw the other coords adresses there. will update this in the main post. thanks for pointing that out
(so basically to countermeasure the tabbing, i would use my teleporter script to change both adresses - never tried to teleport tbh)

edit: adresses for actual pos are still wrong but found the right ones just this moment. figuring out if i need another pointer...
edit2: done

[whitea2]

Hey mazer and thanks for the info.

I've been following this section for a while now (as well as the D3 mem. editing) and decided to try and start learning. I teach a course on microcontrollers so I have a good foundation of understanding about number systems, memory space, registers, assembly etc. but am a complete noob to this stuff.

Using OllyDbg, I'm able to locate the addresses you specified in your post. I believe my "GW2.exe" starts at address 0x400000 so I calculated the base using your information as:
400000 + 011B1A3C + 44 + 1C + 5C = 015B1AF8
However, at Base + offset (the ones you provided) I have all 0.0 as the values and they never change. I even tried setting breakpoints on 'writes' to these locations and they're never written to.

I have followed the advice in the 'CE Help' thread and was able to find my Player X,Y,Z values in Ascalon Catacombs but the address changes upon zoning so I'm not sure how to work with that information.

As stated, I'm a complete noob with all of this as I have just started but am looking forward to learning more to possibly incorporate this information into a simple bot. Thanks in advance for any help and if I'm too far lost with what I have stated, feel free to ignore me

[mazer]

hi whitea2,

are you sure you are using multi level pointer?
read my adresses like this:

Code:

BASE = [[[[Gw2.exe + 011B1A3C] +44] + 1C] + 5C]
X = [BASE + B4]

don't know how olly does this, but here is a screen of cheat engine.
the picture describes this really good.

[whitea2]

I was definitely not reading that correctly. I assumed there was a reason for the +44 +1C etc. and that we probably shouldn't just add them together. Thanks so much for the help. I'll be sure to check out cheat engine and thank you very much for the picture.

Edit: Got it working perfectly through CE. Thanks again for the info.

[an1337]

Anyone found the new pointer to PLAYER_INTERACT_TARGET (see post#1)?

Using CE you can find the memory address by searching this exact value while standing next to an NPC: 19113888
Your Interact Window should say: Talk [F]

cheers,
an1337

[QKdefus]

GW2 Build 15572

Code:

BASE -> [[[[Gw2.exe+011B3BFC] + 44] + 1C] + 5C]

PLAYER_VISUAL_X -> BASE + B4
PLAYER_VISUAL_Y -> BASE + B8
PLAYER_VISUAL_Z -> BASE + BC
PLAYER_GRAVITY -> BASE + 104
PLAYER_CUR_SPEED -> BASE + 110
PLAYER_MAX_SPEED -> BASE + 114 
PLAYER_Z_MOMENTUM -> BASE + 7C

PLAYER_HEADING_A1 -> BASE + 94
PLAYER_HEADING_B1 -> BASE + 98
PLAYER_HEADING_A2 -> BASE + A4
PLAYER_HEADING_B2 -> BASE + A8

enjoy

[SSlisa]

Ok So first post for me =)

I found some of the info you posted useful so I thought I would pitch in aswell.

Game Version 15,572

Code:

PLAYER_INTERACT_TARGET -> Gw2.exe + 12838C0 (4 bytes)

That is either 0 or the same value as this when you have the object targeted.

Code:

PLAYER_TARGET -> Gw2.exe + 12838F0  (4 bytes)

I can find the actual Text displayed for the interaction easily but finding reliable pointer/offsets has eluded me.



For loading screen I have this

Code:

[[[[[Gw2.exe + 11B0A90] C8] + 4] + 0]  + 3BC] (4 bytes)

1 if in loading screen and 0 if not.

For in combat I have

Code:

Gw2.exe + 11B3A50

The "incombat" is misleading, if you take damage or you do damage then you are concidered in combat, you can't switch any elite or utility skills when "incombat".
So you could have a mob trying to attack you but doing no damage and the game doesn't concider you to be in combat.

I have it all set up with patterns and such for updates after patches, so getting the new addresses is very easy.
Hope it helps someone =)