How to Find/Edit Speed and Location addresses in EQ2 : EverQuest 2 General Discussions

This is a work in progress. Please excuse any typos, lack of formatting or images. English isn’t my primary language and I’m not much of a writer I’ll try and fix it up and make it cleaner later.

As the maker of Santa’s Little Helper, I often get asked how I made it, how I found the addresses in Cheat Engine, so in this tutorial I’ll mainly be showing you how to Find / Edit the speed in EQ2, however once you have the speed modifying XYZ cords are very easy as they use the same base address as speed. Speed is just easiest to find for myself, so I start there.

Open your persona window in EQ2, look at your "Run Speed" value. It will be a number from 0-100. Remember this number for later.

Open Cheat Engine (We'll call it CE from now on).
Attach to your EverQuest2.exe (through the Process menu at the top of CE)
In the "Value" box in CE, type the speed of your character that you got from your EQ2 persona window.
Make sure Hex is unchecked, scan type is Exact Value, and value type is Float
Press the "First Scan" button in CE, wait a second to it to finish doing magic.

You should now have a long list of addresses and values on the left hand side of CE. We need to filter this list down some.
In EQ2, change your speed of your character, Use a bogstrutter stick, or disable it, get on or off your mount, just make sure your speed value has changed in your EQ2 persona window. Remember the new speed value; you'll need it for the next step.
In CE, in the value box, where you had your old speed value, change it to the new speed value, and press "Next Scan"

Your list of addresses and values on the left hand side of CE should now be very small list, anywhere from 1-5 items. If you have more than 5 items in the list you probably did something wrong, but you can always try and do another "next scan" with yet another speed, to filter the list more.
In my example I have 4 addresses in the list to the left. Double click every item in the list and each will be added to a new different list at the bottom of CE.

Now that you have all the addresses added to the list at the bottom of CE, they are editable here, and you can do searches on the variables here to find where they come from. This is where all the action is at.
Right click the address of the first item in the list at the bottom of CE, click "Pointer scan this address".

If it asks you "default" or "injected" question, it doesn't really matter which you choose, whatever works for you. just press OK 'till you get the Pointer Scan window open and scanning
At this point you should have a new window open that is doing a scan of EQ2's memory that’s scanning where the speed values come from. It probably lags out your computer pretty bad, and will take a minute or two to complete... However soon as you notice that it has about 50 or so items that have a "Static Base" (it says so in the window), feel free to stop it early, I always do. If you've got like 300+ items with a Static Base, you're wasting your time, just stop it!

Once the pointer scan is done/stopped early, CE will show a new window with a list of the result of the Pointer Scan.
All the items in this tree view will look like this: Everquest2.exe+00DF4FAC and on the next line lines will be hex offsets to the address above, like "9c" or "117a" or something similar.
To know which address in this pointer scan results window is the correct address to speed, it takes a lot of trial and error of logging in and out and zoning to determine which is the best to use and stable. But I can tell you and save you a lot of trouble that the correct address to speed is going to be a base address with only 1 offset, and that offset will be 9C.
So expand all the entries in this pointer scan window, look for the item that has a parent item that begins with Everquest2.exe+ and has only 1 child item of "9c". If you find this, write down on paper or notepad or something the address that is to the right of Everquest2.exe+, for instance it may be "00DF4FAC".

If you did not find the parent tree item that only had 1 child item of "9c", then close the pointer scan results window, and do a new pointer scan on a different address from the list at the bottom of CE, you should have 1-5 items there. Keep trying 'till you find the 9c alone in the pointer scan results window.
Now you should have the base address to speed, it should be something like Everquest2.exe+00df4fac with an offset of 9c. Yay you can be done now if you like.
I would recommend adding to the list at the bottom of CE a new pointer using the base address, so to do so press the "Add Address Manually" button in CE.
A new window should open up where you can enter the new address. Set the type to "Float" and make sure to "Pointer" is checked. Once you check "Pointer" some new boxes appear, and in the "Address of Pointer" enter what you found earlier, for me, it is "Everquest2.exe+00df4fac", in the offset (hex) enter 9c. Press OK and you should have a new address in the list at the bottom of CE.

You can save these Cheat Engine tables to a file through CE, and next time you open CE you can load them back up, so you don't have to do this work over and over every time you start CE.
Now to find the location of the player so you can teleport instead of just speed hack, the base address is the same as Speed's, now you're just going to have 3 pointers (one for X, one for Y, one for Z), the only difference is the offset from speed's. So instead of having an offset of 9c, you have an offset of 5c and f4 for the X coord, 5c and f8 for Y coord, and 5c and fc for Z coord.
So you can Press the "Add Address Manually" button again to add a new address for location if you like. Make sure to set the type to "Float" and have the pointer checkbox checked. In the address of pointer use the same as before, something like "Everquest2.exe+00df4fac", and the offset should be 5c. Instead of pressing OK, press "Add Pointer". a new row should appear, in the new offset should be "F4", where the line below still reads "5c". Now press OK.

Now you have the base address and offsets to the X value, do the same for Y and Z. you can now change these values anytime you want to teleport around.


You can save these pointers in CE so you don't have to do this over and over.

That's it.

If you you care to use these address in C++/C#/VB, here is how to do so:

Bookmarked, and saved ! These are the kinds of tutorials we should be posting out there so that novices to the programming world of "modification" will be able to break through that first MAJOR hurdle in "modifying" online games; execution .

ps: You should look into the new "flying()" mode when velious expansion comes out. It's been created specifically for flying mounts, and supposedly (from a friend playing the alpha) it's merely a model with animations of flying that attach a "flying mode" state to the character like a buff.

You didn't hear this from me .

Not sure but how detectable is this?

DONT forget to rename the Cheat Engine.exe lol

Sorry had to add that for the well...

Do I get Tu Bucks for that lol?

works great YAY

WOAH! cheating is going to get real fun soon!

Yea a new flying mount might make eq2 WAY to hacker friendly ha. Also moved to confirmed and 1k tu bucks to you for this awesome guide.