This is not for overly smart people...you just really need to know a little bit about networking to make this work...otherwise its like trying to read a foreign language on my second explanation. So yea, first part is just to !@#$%^&* around, like an example, so if it doesn't work from just the first part (which it won't) proceed to the second part and follow my directions. Hope ya have some fun with this stuff heh =P Oh and one more thing *uses Auto-Translate* Premium Membership (Can I have it?) (please) (/tell) (Thank you) ^_^
FFXI - n00bway
Part 1 By: IchigoHitokiri[/CENTER]
Lets start this off with a good windower. Either you have one or you need one. A good place to get one is
FFXi Windower Install it and then from that point on use the launcher to start the game.
Note* If you havent used one try alt-tab. You'll feel like you just witnessed the invention of the wheel.
Now go get ArtMoney. There is a free one and there is one that costs. Take the free one while it lasts. A link for it:
Game Cheater ArtMoney - Official site. Powerful and easy to use game cheating utility.
If I had to put it in plain english I would say it like this: Everything that happens on your pc gets stored in your ram at the time it is happening. FFXI is no different. Some data is stored on your side and most of it is on the server side. Regardless.. ram is where you start looking.
Load FFXI with the windower. Start the game and get in a safe spot. Min. FFXI and goto Artmoney which you should have running by now. There is a "Select Option" list... you should find the window name of the game and select it. The window name changes, don't worry about it.
Lets goto "Search"
You have the name of FFXI window and now your at search. A new window opens and you start with:
[COLOR="DarkRed"]Search: Exact Value
Value = We'll get to this in a minute.
Type: Integer (standard)
Address range: ALL[/COLOR]
Refer to Artmoney help for further info on settings. The one we will look at is "Value". This holds the value of certain stats such as your current hp and by finding it we get the location of it obviously. We are going to find the value and location for current mp first. Assuming you have a mage.. follow along.
Goto the bottom of your screen and bring the game back. Make sure you have full mp. Rest if needed. Lets say your mp is at 98.
Stop resting and do not do anything to alter the mp level. Now go back to Artmoney. (Alt-Tab)
You set the "Value" to 98 ( or whatever your mp is) and lets search through your memory and find all locations that hold the value of 98.
Search: Exact Value
Value = 98
Type: Integer (standard)
Address range: ALL
Remember that there are a lot of things stored in your ram. There could be 200,000 results or 1000. You should get a fairly long list of results. Now.. all of them = 98. Go back to the game again and do something that changes your mp. Cast cure one time. Note your current mp now. Lets say it is 90. Take a look below...
slot 1 = 98
slot 2 = 98
slot 3 = 98
slot 4 = 98
And so on. There are so many slots in memory that contain that value. We have a large list of them. Now, you have just changed one of them by casting cure. Out of that large list we now compare them to see which one matches your NEW mp value. It was 98 now it is 90. Use the "filter" button to sort through the list and find out how many of those values now = 90. Just goto filter and set value to your new mp after casting cure.. start the filter and now you get a shorter list. Its possible that your list could contain 1 or many. You want to try to get it as low as possible. If it is a large number.. repeat the process. Cast cure again and the filter using your new mp.When you have 1 or 2 in thelist.. lets check them to make sure they are your mp level.
Lets assume your down to one or two addresses in the list. You'll find two arrows to the right of the list. Click the bottom one (greenish) which takes your value to the right side. The little "F" on the right side simply stands for freeze. The address is what your hunting for of course. The value should contain the value of the stat your checking on. Mp = 90 then value should = 90. Type is something you should be worried about except the fact that it is a INT. If you have more than one value then run a test to see which is for your current mp.... if not then your good 2 go.
Change the value to 98 or whatever your choose and then click "F". That changes the value in the game to 98 and freezes the value in your ram. You can return to the game and look. If all goes well then you should read 98 and you know for certain that the address that is shown points to your current mp level. If it doesnt work then try it again choosing the new window name in the process list.
Now you KNOW that the location in memory is reserved for your current MP because you payed attention and you see that when your "F" and set new value it shows in the game.
Homework: See if you can do the same with gil, health and so on. Keep record of the address of each thing you find because you will need them over the next few tutorials.
FFXI - n00bway
Part 2 By: IchigoHitokiri
Getting your Base Address
A term you'll get to know now is "Code Shifting". In laymens terms you can look at it like this: Your ram holds several slots and different process' take up those slots. What programs are running on your pc? I am sure there are far more than you actually see. Each store info in ram. Whats more important than that? Each slot has a address. So if you run a program on your computer that program takes those slots in ram and stores info.. variables. FFXI is different because it uses a base address that changes. If ram contained these slots:
Slot 1
Slot 2
Slot 3
Slot 4
Slot 5
Slot 6
Slot 7
Slot 8
Slot 9
Slot 10
FFXI starts and reserves slot 3 for example. Now you have:
Slot 1
Slot 2
Slot 3 FFXI
Slot 4
Slot 5
Slot 6
Slot 7
Slot 8
Slot 9
Slot 10
Each variable that FFXI uses changes also. For example: If you found the "current" mp of your char. in the prior tutorial, lets assume that the value was 7. You now have this:
Slot 1
Slot 2
Slot 3 FFXI
Slot 4
Slot 5
Slot 6
Slot 7 Current MP
Slot 8
Slot 9
Slot 10
The one thing that does not change is the distance from FFXI to the STAT. In easy terms..
FFXI + 4 = Current MP
You found the current mp in the last lesson... and now you need to find the base address of ffxi. Why? Look at the slots. You found the actual location of current mp. For example it is value "7".
As of now you dont have a clue what the location of FFXI is. Whatthat means is that when the values change you will be lost. If FFXI is at slot 4 next time then that moves current mp to slot 8. See where this is going? You need the base address of FFXI then you can do the math and always get the locations of stats such as current mp. In this example it would be FFXI + 4 = current mp. So no matter what.. in code I will use that equation when trying to determine my current mp.
Now the hard part. FFXI is always changing its location in memory. We need to find the base address.. thats where it will be until the next update. You can do this in a ton of ways.. I choose to show you the 2 easiest. Get the latest update for actools and use a predefined function FindModuleBaseAddr. Simply put.. put this code it and press start. You should have ffxi started using a windower.
]CODE]
constants
consttwo = " "
end
FindModuleBaseAddr Consttwo = FFXiMain.dll
Say $Consttwo
[/CODE]
"Say" is'nt going to do much for you. You will have to goto:
Macro
Test Mode
Test Only
Start
You have a "Test Log" tab in Actools. Go look and see the value. Open Calculator on your pc and change it to Scientific. You'll find that under the view option.
Check the options Dec and Degrees. Enter the value: Example:
21299200 entered
Now click Hex to convert it. I get..
1450000
Make sure you have Hex and Qword. If not then change to Qword and do it again.
You have found your base address for ffxi.
Another way is to use this program. (soemone lemme know if they can upload it, Ill send via email) I found the source code, made a few adjustments and compiled it. I'll teach you how to make this program in C++ and vb6 tutorials.
Run the program, click the button and you get a list. FFXI must be running using windower.
Now look for the name FFXiMain.dll in the list. This is the file that actually moves locations. You need its base address which is located after the funky Ý. So in my list I find:
FFXiMain.dllÝ1450000
1450000 being my base address in hex form.
Found Address - Base Address = Offset
Base Address + Offset = Address
Now you have your base address. Goto Atrmoney and get the locations for some stats. Do the math and get the offsets.
For those of you who have vb6... here is the source: I took a few snippets from someone else for this example.
(!empty($user->lang['CODE'])) ? $user->lang['CODE'] : ucwords(strtolower(str_replace('_', ' ', 'CODE'))):
Const TH32CS_SNAPHEAPLIST = &H1
Const TH32CS_SNAPPROCESS = &H2
Const TH32CS_SNAPTHREAD = &H4
Const TH32CS_SNAPMODULE = &H8
Const TH32CS_SNAPALL = (TH32CS_SNAPHEAPLIST Or TH32CS_SNAPPROCESS Or TH32CS_SNAPTHREAD Or TH32CS_SNAPMODULE)
Const TH32CS_INHERIT = &H80000000
Const MAX_PATH As Integer = 260
Private Type MODULEENTRY32
dwSize As Long
th32ModuleID As Long
th32ProcessID As Long
GlblcntUsage As Long
ProccntUsage As Long
modBaseAddr As Long
modBaseSize As Long
hModule As Long
szModule As String * 256
szExePath As String * 260
End Type
Private Type PROCESSENTRY32
dwSize As Long
cntUsage As Long
th32ProcessID As Long
th32DefaultHeapID As Long
th32ModuleID As Long
cntThreads As Long
th32ParentProcessID As Long
pcPriClassBase As Long
dwFlags As Long
szExeFile As String * MAX_PATH
End Type
Private Declare Function GetCurrentProcessId Lib "Kernel32" () As Long
Private Declare Function CreateToolhelp32Snapshot Lib "Kernel32" (ByVal lFlags As Long, ByVal lProcessID As Long) As Long
Private Declare Function Process32First Lib "Kernel32" (ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As Long
Private Declare Function Process32Next Lib "Kernel32" (ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As Long
Private Declare Sub CloseHandle Lib "Kernel32" (ByVal hPass As Long)
Private Declare Function Module32First Lib "Kernel32" (ByVal hSnapShot As Long, uProcess As MODULEENTRY32) As Long
Private Declare Function Module32Next Lib "Kernel32" (ByVal hSnapShot As Long, uProcess As MODULEENTRY32) As Long
Private Function ListModules(ProcName As String) As Boolean
Dim rProcessFound As Long
Dim hSnapShot As Long
Dim szExename As String
Dim exitCode As Long
Dim i As Integer
Dim PID As Long
Dim uProcess As PROCESSENTRY32
Dim uModule As MODULEENTRY32
Dim n As Long
uProcess.dwSize = Len(uProcess)
hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0&)
rProcessFound = Process32First(hSnapShot, uProcess)
ListMOD.Clear
Do While rProcessFound
i = InStr(1, uProcess.szExeFile, Chr(0))
szExename = LCase$(Left$(uProcess.szExeFile, i - 1))
If Right$(szExename, Len(ProcName)) = LCase$(ProcName) Then
ListModules = True
hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, uProcess.th32ProcessID)
uModule.dwSize = Len(uModule)
n = Module32First(hSnapShot, uModule)
Do While n
ListMOD.AddItem Left(uModule.szModule, InStr(uModule.szModule, Chr(0)) - 1) & "¥" & Hex(uModule.modBaseAddr)
n = Module32Next(hSnapShot, uModule)
Loop
End If
rProcessFound = Process32Next(hSnapShot, uProcess)
Loop
Call CloseHandle(hSnapShot)
End Function
Private Sub Command1_Click()
Dim namer As String
ListModules ("pol.exe")
End Sub
Any questions? Just email me at [url]woohootness@yahoo.com[/url]
Check this out!! ^_^ : FFXI Submissions
RSS Feed
Sitemap
