Finding the mob list

Discussions Related to Game Hacking and Memory Hacking Software

Moderators: g3nuin3, SpeedWing, WhiteHat, mezzo

Finding the mob list

Postby Kalagaraz » Sat Dec 06, 2008 6:34 am

Alright so I thought I would write a bot for the first time since I've got nothing else to do. Anyways, set one was targetting enemies, so after a few minutes I found the target function

0042AF7C. It's a "thiscall" function and it takes 1 parameter (pointer to enemy). Speaking of which, why is there support for calling "thiscall" or "fastcall" functions in MHS?

Anyways, I hooked the function and grabbed the parameter a couple times.

13A79CA8
13B330C8
13B9F2D8

Obviously given the closeness and pattern of the pointers, you can see that they are contained in an array. (Not sure if this contains players or other objects as well). Anyways, I'm wondering how I could find this array WITHOUT having to record hooks. I.E I want to be able to identify entities right off the bat, without my bot having to study the game structure for a few minutes every time I restart game. I would also needto be able to determine the 'size' of each enemy structure so that I could parse out each enemy. So does anyone know any methods to accomplish this?

If my hex skills haven't failed me, I could assume that the enemy structure is at least a multiple of 16 bytes (given that each pointer ends with 8 the only way that could happen equally is that if objects between them were multiples of 10h) 10h = 16 decimal.

So does anyone know any methods for:

1. Finding the beginning/end/size of an array of enemies
2. Finding the size of each enemy
Kalagaraz
I Have A Few Questions
 
Posts: 9
Joined: Fri Dec 05, 2008 4:22 am

Re: Finding the mob list

Postby Synsia » Sun Jul 18, 2010 12:10 pm

Bump.

I have started reversing a MMORPG for learning experience and came across the same issue.

As of now I have the player structure studied a bit, I wasn't able to find anything pointing to my currently selected target except for some kind of object id (no address/pointer).
So I created another account for the game, moved him nearby my first character, searched for his coordinate from the other process and finally finding the address and checking what was accessing it.

I end up in a big loop in which it processes nearby objects, eg:
Code: Select all
0044FF6A  |.  D946 14           |FLD DWORD PTR DS:[ESI+14]               ; y coordinate
0044FF6D  |.  D805 D4866A00     |FADD DWORD PTR DS:[6A86D4]              ; FLOAT 0.1000000
0044FF73  |.  8B56 10           |MOV EDX,DWORD PTR DS:[ESI+10]           ; x coordinate
0044FF76  |.  8B46 18           |MOV EAX,DWORD PTR DS:[ESI+18]           ; z coordinate



My problem is I don't know where to go from here. I'd like to find the array/list of these pointers to objects but my lack of experience is stopping me.
Synsia
I Have A Few Questions
 
Posts: 4
Joined: Sun Jul 18, 2010 10:59 am

Re: Finding the mob list

Postby iOr » Mon Aug 02, 2010 5:54 am

Find the value of ESI in the above example.

Then do a pointer search for ESI in MHS (Assuming ESI is a pointer to the object, then searching for ESI would find the address which regulates all the objects).

So when you do find the the pointer to ESI you can input the address in MHS hex editor and change display type to pointer.
This will show the pointer to the various objects.

I'm sorry for the poor English.
iOr
I Have A Few Questions
 
Posts: 5
Joined: Mon Aug 02, 2010 5:41 am


Return to General Related Discussions

Who is online

Users browsing this forum: No registered users and 0 guests

cron