Free FFXI Memory Hacking guide, 2/2 Complete !! : FFXI General Discussions

Ok, Here we go, As i Promised, i'm gonna show you how to Find the Static pointers to the Flee and XYZ coordination addresses, thus making the cheat/hack permanent.

First of all, even though i called this hack to be permanent, but really it only works 80% of the time, due to the complex Memory allocations SE uses. but 80% of the time, the hack would work. but in case you run into the other 20% where you loaded everything right, but the hack and cheat just won't work, just go ahead and reload the game, or restart the computer and reload the game. In My experience, it has always worked while the pc's fresh restarted going straight into the game and the hack..

And, within the same zone, the hack will also stop working, at least the Flee part will, in most cases, after you did a manual equipment change, meaning, you going into the menu, click equipment, and change your equipment from there. and i'm not sure if swapping equipments with macro will effect the cheat. in that case, just zone and re-zone. and the hack should work again.

and just like i said before, i'm not able to log on to ffxi anymore, and can't really verify how effective and accurate this method is. i'm just writing this by memory.

However i was able to load the game bypassing poL viewer with a private ffxi server running on my PC to help writting this tutorial. so the method showing should be somewhat accurate, atleast the theory should be.

also memory allocation and pointer addresses will be slightly different depending on the version of windower that you are using, i was using windower 3.3 when i made this hack. but by following the theory you should be able to find the static pointer with no problem.

alright, enough BS, let's get hacking.

Assuming you read my 1st thread, followed the instructions and found the working addresses of the coordinations.

again, i'm going with the Y coordination to start with, don't ask me why, you can use any of the other coordination, just apply the same theory.

ok, remember? for each coordination, there're two addresses that associate with'em. the one we need or the one that i'm gonna base on is the first one, which in this case is the first address that starts with "1" and ends with a "C".

*(keep in mind, because i'm using different programs to load ffxi, the memory addresses that i got are gonna be different from yours, yours should be "1xxxxxxC")

assuming that you have added this address to the added section.

see pic 1.




now go ahead right click on that address, and select "Find what accesses this address". See pic 2.

a Disassembler program should pop up, showing you some codes that are accessing that address. to determine which code you need, look for
the ones with "[eax + 3c]", click on any of those codes, and see what
the value of EAX is. See.
<img alt="PIC 2">




Yup the value of EAX is the first pointer we need, but that's not a static poiner.

go ahead copy that value. remember or write it down.

now go back to your MHS window, on the top, click Search, and Pointer search. See pic 3,

make sure your "evaluation type" is "exact", type in the value you got from EAX, and search it.

<img alt="PIC 3">




it should return with a few results, the ones you need are the green ones, in the results window, which should be only one or two.

you gonna have to do some testing from here.

go ahead add the green ones to the added section.

repeat the steps, right click 'em, see what accesses this address.

the one address that we need should only have one code that accesses
it, and would be something like "mov dword ptr [xxxxxxx], ESI" see Pic 4.

Yup, xxxxxxx, the numbers in the bracket is our static pointer!!

<img alt="PIC 4">


Go ahead verify it, go back to your MHS window. Look in the address expression window, enter the expression "[[xxxxxxxx]]+0x3c"
see pic 5.

look at the result, if it matches your current "first address" of Y then there you have it.

<img alt="PIC 5">



now go back to your Y address, double click it.
go under "normal address" tab, see pic 6.
check the "use complex address" box.

enter "[[xxxxxx]]+3c" in the long box right underneath of it. click ok
that's your first permanent hack of the Y coordination.

* the reason you have to put two sets brackets is, because the first/inner brackets refers the address of what the static pointer is pointing at, which is another pointer, a dynamic pointer.
the second/outer bracket refers what the dynamic pointer is pointing at which is the current memory location of the Y coordination.

<img alt="PIC 6">




So

to get the rest of the addresses.
the second Y address is

[[xxxxxxx]]+3c+(Second Y - First Y) do the math and put in the difference.

the first Z address is [[xxxxxxxx]]+3c-4

Second Z address is [[xxxxxxx]]+3c+(2ndY - 1stY -4)

First X address is [[xxxxxxxx]]+3c-8

Second X address is [[xxxxxxxx]]+3c+(2ndY - 1stY -8 )

There you have a set of static permanent addresses for Pos.

Your status address(chocobo riding address) would be [[xxxxxxxx]] + 3c + (difference between the 1stY and current Status Address)

Your flee address would be [[xxxxxxxx]] + 3c + (difference between the 1stY and current Flee address)


alright, and that's it.
if you have questions, feel free to PM me,
also let me know if there's any corrections i should make, to make this 100% accurate.
just like i said, i wrote this mostly base on what i can remember.
and to run ffxi on a private server just to help me remember how to find those pointers,

and because of the different programs i had to use to bypass pol to load ffxi, the memory layout's totally different, so please give me inputs so i can make corrections to make this a working memory hack.

Can members say yay or nay to this so we may give tu bucks and/or premium. If you nay the submission remember to include as to why.

I would really like to Keep this Thread open, so that anyone, free or premium member would be able to see it.