[EXALT] Getting local player info

[index.html]

I'm not really experienced , but i think this could be useful to some people developing cheats.

In order to get player data from the exalt client, you should inject and read memory from the module GameAssemly.dll.
You can get the pointer path to localplayer adress via simple cheat-engine pointer scan or use these one , which seem to be reliable (but might change after updates and i won't keep track):

 

This points to localplayer , but in order to get some actual data just add these offsets:

Code:

0x150 player moving/shooting angle
0x154 player shooting angle
0x444 or 0x464 x coordinate
0x448 or 0x468 y coordinate
0x434 hp pots
0x438 mp pots
0x1C0 hp
0x1BC max hp
0x3FC xp
0x400 max xp
0x418 max mp
0x3C8 def
0x374 wis
0x22C acceleration
0x5C cameraRotation
0x364 attack
0x374 wisdom 
0x3C8 defense
0x428 stars

Here's my code using memoryjs ( because im really used to nodejs )

Initialization , find the game and find module.

Code:

const memoryjs = require('memoryjs');
const processName = "RotMG Exalt.exe";
const process = memoryjs.openProcess(processName);
const clientModule = memoryjs.findModule("GameAssembly.dll", process.th32ProcessID);

Get localplayer address
Example , first pointer from that list

Code:

p1 =  memoryjs.readMemory(memory.process.handle, memory.module.modBaseAddr+0x0323CFC0, pointer)  //"GameAssembly.dll"+0323CFC0
p2 =  memoryjs.readMemory(memory.process.handle, p1+0xB8, pointer)  // +0xB8
p3 =  memoryjs.readMemory(memory.process.handle, p2+0x0, pointer)  // +0x0
p4 =  memoryjs.readMemory(memory.process.handle, p3+0x90, pointer)  // +0x90
playerAddress =  memoryjs.readMemory(memory.process.handle, p4+0x240, pointer)  // +0x240

In C++

DWORD64 m_nGameAssemblyModule = (DWORD64)GetModuleHandleA("GameAssembly.dll");
void* p1 = *(void**)(m_nGameAssemblyModule +0x0323CFC0);
void* p2 = *(void**)(DWORD64(p1) + 0xB8);
void* p3 = *(void**)(DWORD64(p2) + 0x0);
and so on ..

To get player hp for example :

Code:

playerHealth =  memoryjs.readMemory(memory.process.handle, playerAddress+0x1C0, int)

You need at least some experience to make a proper cheat, but for now enjoy and happy hacking!
Im still trying to figure a way to get game object list , but there are some issues , would be happy to hear any way to get them



Big thanks to @DIA4A for helpin in search of those offsets and providing some of his own !

[DIA4A]

Might wanna give a credit or two, also here are a few more offsets/info I've found

Code:

		struct Position
		{
			float m_flX;
			float m_flY;
		};

		enum ENTITY_DIRECTION
		{
			ED_RIGHT = 0,
			ED_LEFT = 1,
			ED_UP = 2,
			ED_DOWN = 3
		};

		OFFSET(int, m_nCameraRotation, 0x5C);
		OFFSET(int, m_nMaxHealth, 0x1BC);
		OFFSET(int, m_nHealth, 0x1C0);
		OFFSET(float, m_flAimAngle, 0x150);
		OFFSET(float, m_flAimAngleInverse, 0x154);
		OFFSET(int, m_nDefense, 0x18C);
		OFFSET(ENTITY_DIRECTION, m_nEntityDirection, 0x224);
		OFFSET(int, m_nAcceleration, 0x22C);
		OFFSET(int, m_nAttack, 0x364);
		OFFSET(int, m_nVitality, 0x370);
		OFFSET(int, m_nWisdom, 0x374);
		OFFSET(int, m_nAbsAttack, 0x3A4);
		OFFSET(int, m_nAbsDefense, 0x3A8);
		OFFSET(int, m_nAbsSpeed, 0x3AC);
		OFFSET(int, m_nAbsDexterity, 0x3B0);
		OFFSET(int, m_nAbsVitality, 0x3B4);
		OFFSET(int, m_nAbsWisdom, 0x3B8);
		OFFSET(int, m_nAbsMaxHealth, 0x3BC);
		OFFSET(int, m_nAbsMaxMana, 0x3C0);
		OFFSET(int, m_nAttackFromGear, 0x3C4);
		OFFSET(int, m_nDefenseFromGear, 0x3C8);
		OFFSET(int, m_nSpeedFromGear, 0x3CC);
		OFFSET(int, m_nVitalityFromGear, 0x3D0);
		OFFSET(int, m_nWisdomFromGear, 0x3D4);
		OFFSET(int, m_nDexterityFromGear, 0x3D8);
		OFFSET(int, m_nXP, 0x3FC);
		OFFSET(int, m_nMaxXP, 0x400);
		OFFSET(int, m_nFame, 0x410);
		OFFSET(int, m_nMaxMana, 0x418);
		OFFSET(int, m_nStars, 0x428);
		OFFSET(int, m_nMana, 0x41C);
		OFFSET(int, m_nHPPots, 0x434);
		OFFSET(int, m_nMPPots, 0x438);
		OFFSET(Position, m_pOrigin, 0x444);
		//Right = 1, Left = -1
		OFFSET(int, m_nXAcceleration, 0x450);
		//Up = 1, Down = -1
		OFFSET(int, m_nYAcceleration, 0x454);
		OFFSET(DWORD64, m_dwValidDirection, 0x458);
		OFFSET(Position, m_pSecondaryOrigin, 0x464);
		
		bool m_bConfused()
		{
			return (m_dwValidDirection() == 9223372036854775809);
		}

		bool m_bIsMoving()
		{
			return (m_nAcceleration() != 0);
		}
	};

And also the second example of grabbing localplayer isnt in C#, its in C++

[index.html]

Might wanna give a credit or two, also here are a few more offsets/info I've found

Oh snap , sorry had it in mind but forgot to mention ya

[novastarz]

What's the method to find the localplayer address? It seems to have changed as I'm getting read access violation errors.

[DIA4A]

What's the method to find the localplayer address? It seems to have changed as I'm getting read access violation errors.

I hook 0000000180C9FAE0 and get it dynamically along with all other entities, go here for more info https://www.mpgh.net/forum/showthrea...1#post14772756

[lemon250]

I have found confusion patch
There is a field(float) at offset 0x045C in player structure responsible for camera rotation velocity(direction), if you check what accesses it while getting confusion debuff you end up with function changing sing of it. In current game version patching file offset 0x2CDC47 to jmp will prevent movement axis swap and camera rotation inversion.

[DIA4A]

I have found confusion patch
There is a field(float) at offset 0x045C in player structure responsible for camera rotation velocity, if you check what accesses it while getting confusion debuff you end up with function changing sing of it. In current game version patching GameAssembly.dll + 0x2CDC47 to jmp will prevent movement axis swap and camera rotation inversion.

Neat find but you might wanna try sig it

[lemon250]

Neat find but you might wanna try sig it

There you go:
0F 84 ? ? ? ? 48 8B 15 24 E3 EF 02 48 8B CF E8
\x0F\x84\x00\x00\x00\x00\x48\x8B\x15\x24\xE3\xEF\x 02\x48\x8B\xCF\xE8 xx????xxxxxxxxxxx

In the previous post it's the file offset not virtual address, right rva = 0x2CF247

[edrik]

hey sry iam not really experianced but i try to get the first steps into all this stuff here.

is there any way to get the localplayer pointer in c# i never code in c++ and dont like js.
i know there is vamemory but i dont know how to get the localplayer pointer with it.
i tried to get it via cheat engine but i didnt found any pointers i just found the adresses and the
.

i hope somewon understand my ....

[0x7FFFFFFF]

hey sry iam not really experianced but i try to get the first steps into all this stuff here.

is there any way to get the localplayer pointer in c# i never code in c++ and dont like js.
i know there is vamemory but i dont know how to get the localplayer pointer with it.
i tried to get it via cheat engine but i didnt found any pointers i just found the adresses and the
.

i hope somewon understand my ....

Depending on what you want to do you can use C#.
Just use PInvoke
Read Memory:

Code:

[DllImport("kernel32.dll", SetLastError = true)]
static extern bool ReadProcessMemory(
    IntPtr hProcess,
    IntPtr lpBaseAddress,
    [Out] byte[] lpBuffer,
    int dwSize,
    out IntPtr lpNumberOfBytesRead);

Write memory:

Code:

[DllImport("kernel32.dll", SetLastError = true)]
  public static extern bool WriteProcessMemory(
  IntPtr hProcess,
  IntPtr lpBaseAddress,
  byte[] lpBuffer,
  Int32 nSize,
  out IntPtr lpNumberOfBytesWritten);

I may release the source code for my C# cheats but it will only have auto hp/mp pot and a basic auto nexus.
Here is the offsets to get the localplayer. Just loop over the list and add up the offsets. It's a multi level pointer btw.

Code:

            
            List<IntPtr> offsets = new List<IntPtr>();
            offsets.Add((IntPtr)0x02D79F38);
            offsets.Add((IntPtr)0x40);
            offsets.Add((IntPtr)0xB8);
            offsets.Add((IntPtr)0x90);
            offsets.Add((IntPtr)0x280);
            offsets.Add((IntPtr)0xA8);
            offsets.Add((IntPtr)0x28);

Credit to me and the documentation on the PInvoke site