Shoutbox

***Cameri*** · (This post was last modified: 01-19-2008 11:06 PM by Cameri. *Edit Reason:* )

Well the distance between each entry is 0x4C, so it's like this:
starting_address + 0x4C * (ItemId - 100) + offset*4, where offset is the number of integers from the beginning until the variable you want, for example, flags
starting_addres + 0x4C * (ItemId - 100) + 9*4.

EDIT: I updated the struct.

***Dark Pallys*** · 01-20-2008, 03:46 AM

Geez, I'm gone for a day and you guys have all this done!
I'm proud of you lol

@Cameri
Damn good work dude! How did you manage to find this?

Xyllo · (This post was last modified: 01-20-2008 04:07 AM by Xyllo. *Edit Reason:* )

well its strange x_X when i checked the value with cheat engine for 5D18F6 the value was 8E30000... the same as cameris...

EDIT:
when i do

Code:

var

addr : integer;

begin

addr := memreadint(tibiadat_startptr) + $20;

edit1.Text := inttostr(memreadint(addr + $4C * (3504 - 100) + 9*4));

end;

then i get value 4533208 strange isnt it?

***ame*** · 01-20-2008, 05:49 AM

That pointer isnt a pointer, its a static memory value that equals the address where your datfile is stored :\

I tried searching for that stuff we spoke about yesterday with Cheat Engine, it only gave me the same addresses as tsearch. i'll tty later

Juapillo · 01-20-2008, 05:51 AM

omg omg omg i'm gonna try it on my mega ultra hiper project Big Grin

yaboomaster Wrote:any example how to read this info from item in player hand? Just where to start

you must get the itemID of the item in your hand and then get the info for this ID

i love ya cameri :icon10:

***Cameri*** · 01-20-2008, 06:30 AM

That address, 0X08E30000, plus +0x20, is where it all starts...
If you are using ollydbg, and you are expecting to see the objects information, without clicking the Run button, you won't see shit. That's cause the application hasn't even started, so it has not read Tibia.dat. You must wait until it does.

***Cameri*** · (This post was last modified: 01-20-2008 07:00 AM by Cameri. *Edit Reason:* )

Xyllo Wrote:well its strange x_X when i checked the value with cheat engine for 5D18F6 the value was 8E30000... the same as cameris...

EDIT:
when i do

Code:

var addr : integer; begin addr := memreadint(tibiadat_startptr) + $20; edit1.Text := inttostr(memreadint(addr + $4C * (3504 - 100) + 9*4)); end;
then i get value 4533208 strange isnt it?

That's not strange... that's right. do you see that 9 in your formula? you are trying to read the flags, and the flags, to understand them, you must see them in binary.
What you got there in binary is:
4533208 = 0b10001010010101111011000

EDIT: Um, you guys are right, the address I gave you is NOT a pointer. It's static and it always points to 08E30000, the problem is, that in 08E30000 does not always Tibia save the information we want. For example, i now found it in 08FD0000, using Cheat Engine. I included a pic so you guys could check it out...

Xyllo · 01-20-2008, 08:23 AM

AHH!! why you no told thats binary lol Tongue

now i understand Smile

***Cameri*** · (This post was last modified: 01-21-2008 09:47 AM by Cameri. *Edit Reason:* )

And no, the address isn't static... it's a memory region, and it's allocated randomly, but its usually at the same place for me...

The size of the memory region is: 0x8B000.

Here's how the memory section looks like (in the picture) in olly:
It's the selected one if you can't see clearly.

***Cameri*** · (This post was last modified: 01-21-2008 11:23 AM by Cameri. *Edit Reason:* )

So... after 2 days... I figured out how to get the starting address... and here's how:

Code:

                const unsigned int MaxItems = 7441; //from 100 to 7540, there are 7441 items

                const unsigned int structSize = sizeof(TibiaObj); // size of the structure, right now its 0x4C

                const unsigned int* HeapHandlePointer = (const unsigned int*)0x772500; //pointer to the heap handle handle

                PROCESS_HEAP_ENTRY phe;

                phe.lpData = NULL;

                unsigned int HeapEntryStartAddress=0;

                while (HeapWalk((HANDLE)*HeapHandlePointer, &phe)) {

                    if ((unsigned int)phe.cbData == MaxItems*structSize) {

                        HeapEntryStartAddress = (unsigned int)phe.lpData;

                        break;

                    }

                }

HeapEntryStartAddress is the starting address we've wanted. Tongue

ENJOY

EDIT: Btw, there are 7441 objects in tibia.dat, not 7951, those other ones they are monsters, effects and distance effects. 7441 objects yes, but they start at 100 and end at 7540. So 7540-100+1=7441. You can find that 7541 in the Tibia.dat, offset 0x4.