Finding number of inventory slots without loop

[fairytalesx]

I highly doubt this is going to be useful in the foreseeable future but anyway here it is :D

Code:

//For dll only
#define INVENTORY_BASE 0x88F584
size_t GetInventorySize()
{
    DWORD gb = (DWORD)GetModuleHandle("trove.exe"); //game base
    DWORD *pStart = *(DWORD *)(*(DWORD *)(gb+INVENTORY_BASE)+0x17C)+0x78;
    DWORD *pEnd = *(DWORD *)(*(DWORD *)(gb+INVENTORY_BASE)+0x17C)+0x7C;
    return (size_t)( (*pEnd - *pStart) / sizeof(DWORD) );
}

If you do not use dll inject, you have to replace the DWORD pointers with ReadProcessMemory functions. :( :( :(
If you need help with the code feel free to ask me, I'll try to reply where possible.

[sizzlorox]

Hello, On this line : return (size_t)( (*pEnd - *pStart) / sizeof(DWORD) );
What is the DWORD inside of sizeof() if I were to replace the dll with reading memory?

[taejim]

I highly doubt this is going to be useful in the foreseeable future but anyway here it is

Code:

//For dll only
#define INVENTORY_BASE 0x88F584
size_t GetInventorySize()
{
    DWORD gb = (DWORD)GetModuleHandle("trove.exe"); //game base
    DWORD *pStart = *(DWORD *)(*(DWORD *)(gb+INVENTORY_BASE)+0x17C)+0x78;
    DWORD *pEnd = *(DWORD *)(*(DWORD *)(gb+INVENTORY_BASE)+0x17C)+0x7C;
    return (size_t)( (*pEnd - *pStart) / sizeof(DWORD) );
}

If you do not use dll inject, you have to replace the DWORD pointers with ReadProcessMemory functions.
If you need help with the code feel free to ask me, I'll try to reply where possible.

hi can i have your skype i want to ask you a few things and what is sizeof(DWORD)?

[fairytalesx]

Hello, On this line : return (size_t)( (*pEnd - *pStart) / sizeof(DWORD) );
What is the DWORD inside of sizeof() if I were to replace the dll with reading memory?

sizeof(type) is C standard which returns size in bytes of the object representation of type.
Therefore, sizeof(DWORD) is 4. Surely you can write 4 in place of sizeof(DWORD) but that way it is not so descriptive.

P.S. I only know C++/MASM so unfortunately I am not able to answer questions with other macro programs like AutoHotKey script

[taejim]

sizeof(type) is C standard which returns size in bytes of the object representation of type.
Therefore, sizeof(DWORD) is 4. Surely you can write 4 in place of sizeof(DWORD) but that way it is not so descriptive.

P.S. I only know C++/MASM so unfortunately I am not able to answer questions with other macro programs like AutoHotKey script

thank you for the offset why 0x17c, 0x78 is the start and 0x17c, 0x7c is the end? i mean i know the 1st offset of inventory is 0x17c but i thought the 2nd offset is 0x78 and the 3rd offset is the slot number which is 0,4,8,C,10...

[fairytalesx]

thank you for the offset why 0x17c, 0x78 is the start and 0x17c, 0x7c is the end? i mean i know the 1st offset of inventory is 0x17c but i thought the 2nd offset is 0x78 and the 3rd offset is the slot number which is 0,4,8,C,10...

Memory allocation is usually compiler generated for performance optimization. Even Trove devs can't explain that lol

[taejim]

Memory allocation is usually compiler generated for performance optimization. Even Trove devs can't explain that lol

i mean there must be some reason that u choose 0x7c for end right? and 0x78 for start

[fairytalesx]

i mean there must be some reason that u choose 0x7c for end right? and 0x78 for start

This is where I found it.

Code:

.text:0086F9D7                 mov     eax, [esi+74h]
.text:0086F9DA                 inc     edx
.text:0086F9DB                 sub     eax, [esi+70h]
.text:0086F9DE                 add     ecx, 2
.text:0086F9E1                 sar     eax, 1
.text:0086F9E3                 cmp     edx, eax
.text:0086F9E5                 jb      short loc_86F9D0

[taejim]

This is where I found it.

Code:

.text:0086F9D7                 mov     eax, [esi+74h]
.text:0086F9DA                 inc     edx
.text:0086F9DB                 sub     eax, [esi+70h]
.text:0086F9DE                 add     ecx, 2
.text:0086F9E1                 sar     eax, 1
.text:0086F9E3                 cmp     edx, eax
.text:0086F9E5                 jb      short loc_86F9D0

Is it IDA pro?

[Yemiez]

// Moved to "Trove Disussions & Help" as it fits better here!