Memory addresses help

[the1domo]

hey does anyone have the pointer to the enemy health and location

[tearf]

That's what I'm banging my head with currently! It looks like they're stored in a circular list... I'm trying to find an offset that I can reference, but right now I'm manually doing it by searching for a mob ID in cheatengine that is 0xF8 bytes and then repeats, then the next field after that is the pointer to the next item in the list. I've written a quick-and-dirty program to loop through the list in an effort to help me figure out where to go from here.

This is in VB.Net and assumes you've already connected to the EXE and have the DLLs linked. It then dumps all of the mobs it can find into a csv file with the x, y, z coords. You need to prime intCurrLink as mentioned earlier:

Code:

    Sub FollowChain()
        Dim intCurrLink As Integer = &HCAFE4AF8
        Dim intRead As Integer = 1
        Dim intNextStep As Integer = -1
        Dim intPrevStep As Integer
        Dim intLinkHighID As Integer
        Dim intLinkLowID As Integer
        Dim outTraverseLinks As New System.IO.StreamWriter("c:\moblocations.csv", True)

        Dim sngX As Single = 0
        Dim sngY As Single = 0
        Dim sngZ As Single = 0

        Dim intInitLink As Integer = intCurrLink
        Do While intRead = 1 Or intInitLink <> intCurrLink
            ReadProcessMemory(readHandle, intCurrLink - 8, intLinkHighID, 4, Nothing)
            ReadProcessMemory(readHandle, intCurrLink - 4, intLinkLowID, 4, Nothing)
            ReadProcessMemory(readHandle, intCurrLink, intNextStep, 4, Nothing)
            ReadProcessMemory(readHandle, intCurrLink + 4, intPrevStep, 4, Nothing)
            ReadProcessMemoryFloat(readHandle, intCurrLink + &H24, sngX, 4, Nothing)
            ReadProcessMemoryFloat(readHandle, intCurrLink + &H24, sngY, 4, Nothing)
            ReadProcessMemoryFloat(readHandle, intCurrLink + &H24, sngZ, 4, Nothing)
            Dim strOutLog As String = intRead & "," & intCurrLink.ToString("X") & "," & intLinkHighID.ToString("X") & "," & intLinkLowID.ToString("X") & "," & intPrevStep.ToString("X") & "," & intNextStep.ToString("X") & "," & sngX & "," & sngY & "," & sngZ
            Debug.WriteLine(strOutLog)
            outTraverseLinks.WriteLine(strOutLog)
            intCurrLink = intNextStep
            intRead += 1
        Loop
        outTraverseLinks.Close()
    End Sub

After I get this figured out my next challenge will be linking it to the health, which seems to be in a completely different structure without the mob's ID.

---------- Post added at 02:57 AM ---------- Previous post was at 01:16 AM ----------

The pointer to the mob loop with locations is at [swtor.exe + 0107C8BC] + 40.

So my sub now (with some bug fixes) assuming you've already attached to the EXE and gotten the base address of SWTOR looks like:

Code:

    Sub FollowChain()
        Dim datRunTime As String = Now.ToString
        Dim intCurrLink As Integer
        Dim intAddress As Integer
        ReadProcessMemory(readHandle, intMemBaseSWTOR + &H107C8BC, intAddress, 4, Nothing)
        intCurrLink = intAddress + &H40

        Debug.WriteLine("Priming loop with " & intCurrLink.ToString("X"))
        Dim intRead As Integer = 1
        Dim intNextStep As Integer = -1
        Dim intPrevStep As Integer
        Dim intLinkHighID As Integer
        Dim intLinkLowID As Integer
        Dim outTraverseLinks As New System.IO.StreamWriter("c:\moblocations.csv", True)
        outTraverseLinks.WriteLine("RunTime,#,Address,HighMobID,LowMobID,PrevAddress,NextAddress,MobX,MobY,MobZ")

        Dim sngX As Single = 0
        Dim sngY As Single = 0
        Dim sngZ As Single = 0

        Dim intInitLink As Integer = intCurrLink
        Do While intRead = 1 Or intInitLink <> intCurrLink
            ReadProcessMemory(readHandle, intCurrLink - 8, intLinkHighID, 4, Nothing)
            ReadProcessMemory(readHandle, intCurrLink - 4, intLinkLowID, 4, Nothing)
            ReadProcessMemory(readHandle, intCurrLink, intNextStep, 4, Nothing)
            ReadProcessMemory(readHandle, intCurrLink + 4, intPrevStep, 4, Nothing)
            ReadProcessMemoryFloat(readHandle, intCurrLink + &H14, sngX, 4, Nothing)
            ReadProcessMemoryFloat(readHandle, intCurrLink + &H18, sngY, 4, Nothing)
            ReadProcessMemoryFloat(readHandle, intCurrLink + &H1C, sngZ, 4, Nothing)
            Dim strOutLog As String = datRunTime & "," & intRead & "," & intCurrLink.ToString("X") & "," & intLinkHighID.ToString("X") & "," & intLinkLowID.ToString("X") & "," & intPrevStep.ToString("X") & "," & intNextStep.ToString("X") & "," & sngX & "," & sngY & "," & sngZ
            Debug.WriteLine(strOutLog)
            outTraverseLinks.WriteLine(strOutLog)
            intCurrLink = intNextStep
            intRead += 1
        Loop
        outTraverseLinks.Close()
    End Sub

Next is figuring out how to retrieve the mobs' names and health. Let me know if you have any ideas!

[Neoneas]

Can someone tell me the steps for getting the HP? It just doesn't work.

[Mrfo]

I've been able to find what I think is the memory location of the current target. Whats weird though, is that on some set interval (like 50ms or something) it seems to change to another X,Y,Z. It almost seems like it cycles between the current target and the last target. It ONLY changes when my companion is out though, which is even more confusing. The second I remove the companion then it stops cycling. The location I've found seems to be separate from the mob struct list. Anyone run into anything like this?

[dook123]

That's what I'm banging my head with currently! It looks like they're stored in a circular list... I'm trying to find an offset that I can reference, but right now I'm manually doing it by searching for a mob ID in cheatengine that is 0xF8 bytes and then repeats, then the next field after that is the pointer to the next item in the list. I've written a quick-and-dirty program to loop through the list in an effort to help me figure out where to go from here.

This is in VB.Net and assumes you've already connected to the EXE and have the DLLs linked. It then dumps all of the mobs it can find into a csv file with the x, y, z coords. You need to prime intCurrLink as mentioned earlier:

Code:

    Sub FollowChain()
        Dim intCurrLink As Integer = &HCAFE4AF8
        Dim intRead As Integer = 1
        Dim intNextStep As Integer = -1
        Dim intPrevStep As Integer
        Dim intLinkHighID As Integer
        Dim intLinkLowID As Integer
        Dim outTraverseLinks As New System.IO.StreamWriter("c:\moblocations.csv", True)

        Dim sngX As Single = 0
        Dim sngY As Single = 0
        Dim sngZ As Single = 0

        Dim intInitLink As Integer = intCurrLink
        Do While intRead = 1 Or intInitLink <> intCurrLink
            ReadProcessMemory(readHandle, intCurrLink - 8, intLinkHighID, 4, Nothing)
            ReadProcessMemory(readHandle, intCurrLink - 4, intLinkLowID, 4, Nothing)
            ReadProcessMemory(readHandle, intCurrLink, intNextStep, 4, Nothing)
            ReadProcessMemory(readHandle, intCurrLink + 4, intPrevStep, 4, Nothing)
            ReadProcessMemoryFloat(readHandle, intCurrLink + &H24, sngX, 4, Nothing)
            ReadProcessMemoryFloat(readHandle, intCurrLink + &H24, sngY, 4, Nothing)
            ReadProcessMemoryFloat(readHandle, intCurrLink + &H24, sngZ, 4, Nothing)
            Dim strOutLog As String = intRead & "," & intCurrLink.ToString("X") & "," & intLinkHighID.ToString("X") & "," & intLinkLowID.ToString("X") & "," & intPrevStep.ToString("X") & "," & intNextStep.ToString("X") & "," & sngX & "," & sngY & "," & sngZ
            Debug.WriteLine(strOutLog)
            outTraverseLinks.WriteLine(strOutLog)
            intCurrLink = intNextStep
            intRead += 1
        Loop
        outTraverseLinks.Close()
    End Sub

After I get this figured out my next challenge will be linking it to the health, which seems to be in a completely different structure without the mob's ID.

---------- Post added at 02:57 AM ---------- Previous post was at 01:16 AM ----------

The pointer to the mob loop with locations is at [swtor.exe + 0107C8BC] + 40.

So my sub now (with some bug fixes) assuming you've already attached to the EXE and gotten the base address of SWTOR looks like:

Code:

    Sub FollowChain()
        Dim datRunTime As String = Now.ToString
        Dim intCurrLink As Integer
        Dim intAddress As Integer
        ReadProcessMemory(readHandle, intMemBaseSWTOR + &H107C8BC, intAddress, 4, Nothing)
        intCurrLink = intAddress + &H40

        Debug.WriteLine("Priming loop with " & intCurrLink.ToString("X"))
        Dim intRead As Integer = 1
        Dim intNextStep As Integer = -1
        Dim intPrevStep As Integer
        Dim intLinkHighID As Integer
        Dim intLinkLowID As Integer
        Dim outTraverseLinks As New System.IO.StreamWriter("c:\moblocations.csv", True)
        outTraverseLinks.WriteLine("RunTime,#,Address,HighMobID,LowMobID,PrevAddress,NextAddress,MobX,MobY,MobZ")

        Dim sngX As Single = 0
        Dim sngY As Single = 0
        Dim sngZ As Single = 0

        Dim intInitLink As Integer = intCurrLink
        Do While intRead = 1 Or intInitLink <> intCurrLink
            ReadProcessMemory(readHandle, intCurrLink - 8, intLinkHighID, 4, Nothing)
            ReadProcessMemory(readHandle, intCurrLink - 4, intLinkLowID, 4, Nothing)
            ReadProcessMemory(readHandle, intCurrLink, intNextStep, 4, Nothing)
            ReadProcessMemory(readHandle, intCurrLink + 4, intPrevStep, 4, Nothing)
            ReadProcessMemoryFloat(readHandle, intCurrLink + &H14, sngX, 4, Nothing)
            ReadProcessMemoryFloat(readHandle, intCurrLink + &H18, sngY, 4, Nothing)
            ReadProcessMemoryFloat(readHandle, intCurrLink + &H1C, sngZ, 4, Nothing)
            Dim strOutLog As String = datRunTime & "," & intRead & "," & intCurrLink.ToString("X") & "," & intLinkHighID.ToString("X") & "," & intLinkLowID.ToString("X") & "," & intPrevStep.ToString("X") & "," & intNextStep.ToString("X") & "," & sngX & "," & sngY & "," & sngZ
            Debug.WriteLine(strOutLog)
            outTraverseLinks.WriteLine(strOutLog)
            intCurrLink = intNextStep
            intRead += 1
        Loop
        outTraverseLinks.Close()
    End Sub

Next is figuring out how to retrieve the mobs' names and health. Let me know if you have any ideas!

Nice work, thanks for sharing. It looks like the first object in that list is your own character. Am I correct?

[skiss0rz]

I'm seeing the same thing dook, I think it is.

[tearf]

Mrfo > I've seen the same thing with the target's coordinates cycling if I access them too quickly/often. Though for me it happens even if I don't have a companion up.

dook123 > Whenever I've done it, my character has always been the first one to come up. So it looks like that's a safe assumption.

I'm still having no luck finding a link between this list and the structure that holds the mobs' health (in C/E search for a Double with value of the mobs' HP. If you find two matches 1056 (0x420) bytes apart then you've got it. The way Find What Writes/Accesses This Address works with this game, always seems to pop up the same one or two functions with a -4 offset is getting me really frustrated!

[luthien23]

Thanks for the info tearf.
That has encouraged me to share what I have recently discovereded.