059 (04-16-2020),berserkdev (12-28-2021),iliketrainz (04-21-2020)
I'm not really experienced , but i think this could be useful to some people developing cheats.
In order to get player data from the exalt client, you should inject and read memory from the module GameAssemly.dll.
You can get the pointer path to localplayer adress via simple cheat-engine pointer scan or use these one , which seem to be reliable (but might change after updates and i won't keep track):
This points to localplayer , but in order to get some actual data just add these offsets:
Code:0x150 player moving/shooting angle 0x154 player shooting angle 0x444 or 0x464 x coordinate 0x448 or 0x468 y coordinate 0x434 hp pots 0x438 mp pots 0x1C0 hp 0x1BC max hp 0x3FC xp 0x400 max xp 0x418 max mp 0x3C8 def 0x374 wis 0x22C acceleration 0x5C cameraRotation 0x364 attack 0x374 wisdom 0x3C8 defense 0x428 stars
Here's my code using memoryjs ( because im really used to nodejs )
Initialization , find the game and find module.
Code:const memoryjs = require('memoryjs'); const processName = "RotMG Exalt.exe"; const process = memoryjs.openProcess(processName); const clientModule = memoryjs.findModule("GameAssembly.dll", process.th32ProcessID);
Get localplayer address
Example , first pointer from that list
To get player hp for example :Code:p1 = memoryjs.readMemory(memory.process.handle, memory.module.modBaseAddr+0x0323CFC0, pointer) //"GameAssembly.dll"+0323CFC0 p2 = memoryjs.readMemory(memory.process.handle, p1+0xB8, pointer) // +0xB8 p3 = memoryjs.readMemory(memory.process.handle, p2+0x0, pointer) // +0x0 p4 = memoryjs.readMemory(memory.process.handle, p3+0x90, pointer) // +0x90 playerAddress = memoryjs.readMemory(memory.process.handle, p4+0x240, pointer) // +0x240 In C++ DWORD64 m_nGameAssemblyModule = (DWORD64)GetModuleHandleA("GameAssembly.dll"); void* p1 = *(void**)(m_nGameAssemblyModule +0x0323CFC0); void* p2 = *(void**)(DWORD64(p1) + 0xB8); void* p3 = *(void**)(DWORD64(p2) + 0x0); and so on ..
Code:playerHealth = memoryjs.readMemory(memory.process.handle, playerAddress+0x1C0, int)
You need at least some experience to make a proper cheat, but for now enjoy and happy hacking!
Im still trying to figure a way to get game object list , but there are some issues , would be happy to hear any way to get them
Big thanks to @DIA4A for helpin in search of those offsets and providing some of his own !
Last edited by index.html; 04-16-2020 at 05:11 AM.
2=1+1
2=sqrt(1)+1
2=sqrt((-1)*(-1))+1
2=sqrt(-1)*sqrt(-1)+1
2=i^2 +1
2=-1+1
2=0
059 (04-16-2020),berserkdev (12-28-2021),iliketrainz (04-21-2020)
Might wanna give a credit or two, also here are a few more offsets/info I've found
And also the second example of grabbing localplayer isnt in C#, its in C++Code:struct Position { float m_flX; float m_flY; }; enum ENTITY_DIRECTION { ED_RIGHT = 0, ED_LEFT = 1, ED_UP = 2, ED_DOWN = 3 }; OFFSET(int, m_nCameraRotation, 0x5C); OFFSET(int, m_nMaxHealth, 0x1BC); OFFSET(int, m_nHealth, 0x1C0); OFFSET(float, m_flAimAngle, 0x150); OFFSET(float, m_flAimAngleInverse, 0x154); OFFSET(int, m_nDefense, 0x18C); OFFSET(ENTITY_DIRECTION, m_nEntityDirection, 0x224); OFFSET(int, m_nAcceleration, 0x22C); OFFSET(int, m_nAttack, 0x364); OFFSET(int, m_nVitality, 0x370); OFFSET(int, m_nWisdom, 0x374); OFFSET(int, m_nAbsAttack, 0x3A4); OFFSET(int, m_nAbsDefense, 0x3A8); OFFSET(int, m_nAbsSpeed, 0x3AC); OFFSET(int, m_nAbsDexterity, 0x3B0); OFFSET(int, m_nAbsVitality, 0x3B4); OFFSET(int, m_nAbsWisdom, 0x3B8); OFFSET(int, m_nAbsMaxHealth, 0x3BC); OFFSET(int, m_nAbsMaxMana, 0x3C0); OFFSET(int, m_nAttackFromGear, 0x3C4); OFFSET(int, m_nDefenseFromGear, 0x3C8); OFFSET(int, m_nSpeedFromGear, 0x3CC); OFFSET(int, m_nVitalityFromGear, 0x3D0); OFFSET(int, m_nWisdomFromGear, 0x3D4); OFFSET(int, m_nDexterityFromGear, 0x3D8); OFFSET(int, m_nXP, 0x3FC); OFFSET(int, m_nMaxXP, 0x400); OFFSET(int, m_nFame, 0x410); OFFSET(int, m_nMaxMana, 0x418); OFFSET(int, m_nStars, 0x428); OFFSET(int, m_nMana, 0x41C); OFFSET(int, m_nHPPots, 0x434); OFFSET(int, m_nMPPots, 0x438); OFFSET(Position, m_pOrigin, 0x444); //Right = 1, Left = -1 OFFSET(int, m_nXAcceleration, 0x450); //Up = 1, Down = -1 OFFSET(int, m_nYAcceleration, 0x454); OFFSET(DWORD64, m_dwValidDirection, 0x458); OFFSET(Position, m_pSecondaryOrigin, 0x464); bool m_bConfused() { return (m_dwValidDirection() == 9223372036854775809); } bool m_bIsMoving() { return (m_nAcceleration() != 0); } };
059 (04-16-2020)
What's the method to find the localplayer address? It seems to have changed as I'm getting read access violation errors.
I hook 0000000180C9FAE0 and get it dynamically along with all other entities, go here for more info https://www.mpgh.net/forum/showthrea...1#post14772756
novastarz (04-20-2020)
I have found confusion patch
There is a field(float) at offset 0x045C in player structure responsible for camera rotation velocity(direction), if you check what accesses it while getting confusion debuff you end up with function changing sing of it. In current game version patching file offset 0x2CDC47 to jmp will prevent movement axis swap and camera rotation inversion.
Last edited by lemon250; 04-23-2020 at 03:11 AM.
DIA4A (04-22-2020)
hey sry iam not really experianced but i try to get the first steps into all this stuff here.
is there any way to get the localplayer pointer in c# i never code in c++ and dont like js.
i know there is vamemory but i dont know how to get the localplayer pointer with it.
i tried to get it via cheat engine but i didnt found any pointers i just found the adresses and the
.
i hope somewon understand my ....
Depending on what you want to do you can use C#.
Just use PInvoke
Read Memory:Write memory:Code:[DllImport("kernel32.dll", SetLastError = true)] static extern bool ReadProcessMemory( IntPtr hProcess, IntPtr lpBaseAddress, [Out] byte[] lpBuffer, int dwSize, out IntPtr lpNumberOfBytesRead);I may release the source code for my C# cheats but it will only have auto hp/mp pot and a basic auto nexus.Code:[DllImport("kernel32.dll", SetLastError = true)] public static extern bool WriteProcessMemory( IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, Int32 nSize, out IntPtr lpNumberOfBytesWritten);
Here is the offsets to get the localplayer. Just loop over the list and add up the offsets. It's a multi level pointer btw.
Credit to me and the documentation on the PInvoke siteCode:List<IntPtr> offsets = new List<IntPtr>(); offsets.Add((IntPtr)0x02D79F38); offsets.Add((IntPtr)0x40); offsets.Add((IntPtr)0xB8); offsets.Add((IntPtr)0x90); offsets.Add((IntPtr)0x280); offsets.Add((IntPtr)0xA8); offsets.Add((IntPtr)0x28);
Last edited by 0x7FFFFFFF; 05-08-2020 at 05:55 PM.