9.44 addresses and changes - ONLY HERE!

[Miziak]

@muttley
I would like to get no-ASLR address to save in config, but I'm not knowing how this calculate ;/

#edit
I know why this function:

Code:

bool runMC(const char* path, DWORD address, bool tibia91plus){
    bool ret = true;
    PROCESS_INFORMATION pi;
	STARTUPINFOA si = {sizeof(si)};

	std::string spath = path;
	if(spath.find_last_of("\\") != spath.size()-1)
        spath += "\\";

    path = spath.c_str();

    if(CreateProcess(std::string(spath+"Tibia.exe").c_str(), NULL, NULL, NULL, false, CREATE_SUSPENDED, NULL, path, &si, &pi) == 0)
        ret = false;

    if(WriteProcessMemory(pi.hProcess, (LPVOID)address, &MCJMP, 1, NULL) == 0)
        ret = false;
    
    ResumeThread(pi.hThread);
    
    if(WaitForInputIdle(pi.hProcess, -1) != 0)
        ret = false;

    if(WriteProcessMemory(pi.hProcess, (LPVOID)address, &MCJNZ, 1, NULL) == 0)
        ret = false;

    CloseHandle(pi.hProcess);
    CloseHandle(pi.hThread);

    return ret;
}

not work.

Module base I can check before ResumeThread function.
Ideas??

[Kimper]

how do I know if the address is to be for example byte or double?

[Cupquake]

Hey everyone... In teory, there should be an address in the memory that holds item id while dragging it with mouse... But i have no idea how to start searching it...

another thing...

searching throu the memory i found that tibia.dat (9.44) address points to a structure that:

tibiadatPointer = 0x7B3694;
tibiadat = memory.readinteger( tibiadatPointer );
offsetstart = memory.readinteger( tibiadat );
itemcount = memory.readinteger( tibiadat + 0x04 );
some_sort_of_struct_that_CONTAINS_tibia_item_names = memory.readinteger( tibiadat + 0x08 ); // maybe here we will find some more info?

[muttley]

@Cupquake
About searching this address:
Well, I have an idea.
Start dragging, pause Tibia, seek in Cheat Engine, unpause Tibia, start dragging another item and repeat this until you find this address.
About pausing Tibia - in Cheat Engine you have menu Edit->Settings, and there you can set hotkeys (and pause process is one of the possible actions on pressed hotkey), so you can press a hotkey while dragging item.

http://tpforums.org/forum/thread-9196-post-80998.html#pid80998 - managed to get working PrintItem and MeasureText

[Sketchy]

Module base I can check before ResumeThread function.
Ideas??

The issue with getting the base address for an application started in suspended mode is it has barely been initialised, only the main executable and the NTDLL modules are loaded into memory. This messes up typical methods of getting the base address such as enumerating the process modules or remote threading GetModuleHandle.

There are still some methods available that you can use, one such method Azura posted about in this post where you retrieve the base address from the process' PEB (Process Execution Block) with the NtQueryInformationProcess function.

[Cupquake]

lastClickedId = $93E400; // (53E400 + tibia.exe)

[Miziak]

@Sketchy
It works thanks very much!

[muttley]

Seems to work perfectly
[code=c++]int MeasureText(int Font, char* Text, int TextLen, int Align)
{
DWORD original = Memory.AlignAddress(0x4C6AA0);
int ret = 0;
__asm
{
PUSH Align
PUSH TextLen
MOV ECX, Text
MOV EDX, Font
CALL original
ADD ESP, 8
MOV ret, EAX
}
return ret;
}

void PrintItem(int nSurface, int X, int Y, int nSize, int itemId, int count, bool CountTextVisible)
{
DWORD original = Memory.AlignAddress(0x04C2F50);
if (!CountTextVisible)
{
__asm
{
PUSH 0
PUSH 0
PUSH 0
PUSH 0
PUSH 0
}
}
else
{
__asm
{
PUSH 1
PUSH 2
PUSH 225
PUSH 225
PUSH 225
}
}
__asm
{
PUSH 2
PUSH nSize
PUSH nSize
PUSH Y
PUSH X
PUSH 0
PUSH 0
PUSH 0
PUSH itemId
PUSH count
PUSH 0
PUSH Y
PUSH X
PUSH nSurface
MOV ECX, nSize
CALL original
}
}[/code]

[carlows]

Anybody know flag address?
Anybody have any idea to get this addr?

[Blaster_89]

Anybody know flag address?
Anybody have any idea to get this addr?

Search for these values:
http://code.google.com/p/tibiaapi/source/browse/trunk/tibiaapi/Constants/Enums.cs#120
I assume you know how flags work.