Deprecated: The behavior of unparenthesized expressions containing both '.' and '+'/'-' will change in PHP 8: '+'/'-' will take a higher precedence in /home/iano/public_html/tpforums-vb5/forum/includes/class_core.php on line 5842

PHP Warning: Use of undefined constant MYSQL_NUM - assumed 'MYSQL_NUM' (this will throw an Error in a future version of PHP) in ..../includes/init.php on line 165

PHP Warning: Use of undefined constant MYSQL_ASSOC - assumed 'MYSQL_ASSOC' (this will throw an Error in a future version of PHP) in ..../includes/init.php on line 165

PHP Warning: Use of undefined constant MYSQL_BOTH - assumed 'MYSQL_BOTH' (this will throw an Error in a future version of PHP) in ..../includes/init.php on line 165

PHP Warning: "continue" targeting switch is equivalent to "break". Did you mean to use "continue 2"? in ..../includes/functions_navigation.php on line 588

PHP Warning: "continue" targeting switch is equivalent to "break". Did you mean to use "continue 2"? in ..../includes/functions_navigation.php on line 612

PHP Warning: Use of undefined constant archive_postsperpage - assumed 'archive_postsperpage' (this will throw an Error in a future version of PHP) in ..../archive/index.php on line 456
[update] Tibia 9.42 addresses [Archive] - Forums
PDA

View Full Version : [update] Tibia 9.42 addresses


Cupquake
12-29-2011, 03:10 PM
DarkStaR:

I'm already on my own, I wont use any addresses from here because we have people spouting contradictory information left and right.
maozao
12-29-2011, 04:43 PM
I guess that a lot of things changed -.-'
megano0body
12-29-2011, 06:34 PM
YOU STOLE MY THREAD!



acPrintName => 00504407




I guess that a lot of things changed -.-'


True, they changed some compiler/link settings...
renatonolo
12-29-2011, 06:42 PM
HUSIAHSIAHUISAHUI

Stole my thread.. :D
maozao
12-29-2011, 06:59 PM
The Container itemId Offset changed to 68.

Something happened to the maps/tiles too, not sure what yet, if someone have informations about it.
panqnik
12-29-2011, 07:03 PM
...
Cupquake
12-29-2011, 07:36 PM
DarkStaR:

I'm already on my own, I wont use any addresses from here because we have people spouting contradictory information left and right.
renatonolo
12-29-2011, 07:50 PM
BattleList_Start = 0x546000 + Tibia.exe
Player_Experience = 0x3ABFB8 + Tibia.exe
Player_Flags = 0x3A9CF4 + Tibia.exe
Player_Id = 0x3AC054 + Tibia.exe
Player_Health = 0x3A9CEC + Tibia.exe
Player_HealthMax = 0x3AC048 +Tibia.exe
Player_Level = 0x3ABFEC + Tibia.exe
Player_MagicLevel = 0x3ABFF4 +Tibia.exe
Player_Mana = 0x3AC004 + Tibia.exe
Player_ManaMax = 0x3ABFB0 + Tibia.exe
Player_Soul = 0x3ABFF0 + Tibia.exe


Here no happaned..

Continues Tibia_BaseAddress - 0x400000 + Player_Level
To get Level for example?
panqnik
12-29-2011, 07:51 PM
If You have ASLR disabled
BattleList_Start = 0x546000 + 0x400000

if not
BattleList_Start = 0x546000 + Tibia.exe
maozao
12-29-2011, 08:23 PM
It's wierd ...

The MapPointer that I found it's: 0x9E7798

But it's not working good, I checked the StepTile and it still 168, so what changed? o.o'

I'm still looking for these changes.
Cupquake
12-29-2011, 08:30 PM
DarkStaR:

I'm already on my own, I wont use any addresses from here because we have people spouting contradictory information left and right.
maozao
12-29-2011, 08:35 PM
Thank you Cupquake, would be great to talk how did you found that change : )
Cupquake
12-29-2011, 08:39 PM
DarkStaR:

I'm already on my own, I wont use any addresses from here because we have people spouting contradictory information left and right.
DarkstaR
12-29-2011, 09:03 PM
So, you say container had extra data but size is still 492.. You say position structure changed but its been that way since 9.10. And now your saying there is a change in the map data but it's the same size?

Dude, what the fuck are you smoking. I'm going to finish updating my bot and see if any of this nonsensible information is legitimate or if you're just stupid/trolling.
Cupquake
12-29-2011, 09:08 PM
So, you say container had extra data but size is still 492.. You say position structure changed but its been that way since 9.10. And now your saying there is a change in the map data but it's the same size?

Dude, what the fuck are you smoking. I'm going to finish updating my bot and see if any of this nonsensible information is legitimate or if you're just stupid/trolling.


thats not trolling... thats the data, and its working for me... even other ppl admit it, so stop saying im trolling or stiupid... i was suprised as well as you are. Insulting me, without any proof is childish... oh sorry, insulting is chilldish after all...

And if you need proof, then i can record you a video of my bots functions working on that settings without a problem... a.k.a: gui, dialog, map, chat, containers etc... next time i will not post ANY of new addresses and you will be on your own, becouse thats what i get for trying to help... fucking insults!
petitcoeur
12-29-2011, 09:30 PM
he didn't say you were stupid/trolling, he said he would check if you were stupid/trolling
stop crying
DarkstaR
12-29-2011, 09:34 PM
I'm already on my own, I wont use any addresses from here because we have people spouting contradictory information left and right.
DarkstaR
12-29-2011, 11:02 PM
So, we all know compiler options changed. With this, calling conventions were slightly altered. Their __fastcalls are now MOV'ing to ECX before EDX, instead of vice-versa. This means any function with two parameters being passed on those registers will be swapped. Any function with one parameter on a register should be on swapped from what it is currently.
maozao
12-29-2011, 11:26 PM
The player offset changed too, I'm just missing the BlackSquare offset, I will post them when I find this one.
megano0body
12-30-2011, 01:11 AM
So, we all know compiler options changed. With this, calling conventions were slightly altered. Their __fastcalls are now MOV'ing to ECX before EDX, instead of vice-versa. This means any function with two parameters being passed on those registers will be swapped. Any function with one parameter on a register should be on swapped from what it is currently.


Thanks for the precious info!
klusbert
12-30-2011, 05:11 AM
ty dark, thats explain the dat function!
DarkstaR
12-30-2011, 05:36 AM
Also, the reason there have been "extra values" (not extra values, lol kids) in the containers is because their item struct is reversed.



id
count
amount

V

amount
count
id

Swap those and you're good. Same applies to parameters passed to printItem. I haven't tested it anywhere else, though.
petitcoeur
12-30-2011, 07:18 AM
So, we all know compiler options changed. With this, calling conventions were slightly altered. Their __fastcalls are now MOV'ing to ECX before EDX, instead of vice-versa. This means any function with two parameters being passed on those registers will be swapped. Any function with one parameter on a register should be on swapped from what it is currently.


I'ts kind of weird, with the functions passing only 1 parameter to the register, some of them swapped, but some of them didn't!
For example
PrintSkin : was EDX, now is ECX
PrintItem : was ECX, still is ECX
DarkstaR
12-30-2011, 11:26 AM
I know, it was weird. Print item also had some odd behaviour, but I got it working.

EDIT:
Some parts of the project without change may have already had their object files generated, meaning they didn't get rebuild and kept the old convention? Not sure.
robssito
12-30-2011, 01:39 PM
<?xml version="1.0"?>
<CheatTable>
<CheatEntries>
<CheatEntry>
<ID>0</ID>
<Description>"Hourly Exp"</Description>
<Color>80000008</Color>
<VariableType>4 Bytes</VariableType>
<Address>Tibia.exe+3FE49C</Address>
</CheatEntry>
<CheatEntry>
<ID>1</ID>
<Description>"LastServerMessage"</Description>
<Color>80000008</Color>
<VariableType>String</VariableType>
<Length>14</Length>
<Unicode>0</Unicode>
<ZeroTerminate>1</ZeroTerminate>
<Address>Tibia.exe+3FC728</Address>
</CheatEntry>
<CheatEntry>
<ID>2</ID>
<Description>"Width"</Description>
<Color>80000008</Color>
<VariableType>4 Bytes</VariableType>
<Address>Tibia.exe+3BA84C</Address>
<CheatEntries>
<CheatEntry>
<ID>3</ID>
<Description>"Width"</Description>
<Color>80000008</Color>
<VariableType>4 Bytes</VariableType>
<Address>Tibia.exe+58B7C8</Address>
</CheatEntry>
</CheatEntries>
</CheatEntry>
<CheatEntry>
<ID>4</ID>
<Description>"Height"</Description>
<Color>80000008</Color>
<VariableType>4 Bytes</VariableType>
<Address>Tibia.exe+3BA8E4</Address>
<CheatEntries>
<CheatEntry>
<ID>5</ID>
<Description>"Height"</Description>
<Color>80000008</Color>
<VariableType>4 Bytes</VariableType>
<Address>Tibia.exe+58B7CC</Address>
</CheatEntry>
</CheatEntries>
</CheatEntry>
<CheatEntry>
<ID>6</ID>
<Description>"Status"</Description>
<Color>80000008</Color>
<VariableType>4 Bytes</VariableType>
<Address>Tibia.exe+3BA894</Address>
</CheatEntry>
<CheatEntry>
<ID>7</ID>
<Description>"StatusBarText"</Description>
<Color>80000008</Color>
<VariableType>String</VariableType>
<Length>20</Length>
<Unicode>0</Unicode>
<ZeroTerminate>1</ZeroTerminate>
<Address>Tibia.exe+3FC508</Address>
</CheatEntry>
<CheatEntry>
<ID>8</ID>
<Description>"ClickId/SeeId"</Description>
<Color>80000008</Color>
<VariableType>4 Bytes</VariableType>
<Address>Tibia.exe+542F94</Address>
<CheatEntries>
<CheatEntry>
<ID>9</ID>
<Description>"ClickId/SeeId"</Description>
<Color>80000008</Color>
<VariableType>4 Bytes</VariableType>
<Address>Tibia.exe+542F3C</Address>
</CheatEntry>
</CheatEntries>
</CheatEntry>
<CheatEntry>
<ID>10</ID>
<Description>"LastDefaultMessage"</Description>
<Color>80000008</Color>
<VariableType>String</VariableType>
<Length>3</Length>
<Unicode>0</Unicode>
<ZeroTerminate>1</ZeroTerminate>
<Address>Tibia.exe+3FC750</Address>
</CheatEntry>
<CheatEntry>
<ID>11</ID>
<Description>"LoginCharListLenght"</Description>
<Color>80000008</Color>
<VariableType>4 Bytes</VariableType>
<Address>Tibia.exe+3BA890</Address>
</CheatEntry>
<CheatEntry>
<ID>12</ID>
<Description>"LoginSelectedChar"</Description>
<Color>80000008</Color>
<VariableType>4 Bytes</VariableType>
<Address>Tibia.exe+3BA8E0</Address>
</CheatEntry>
<CheatEntry>
<ID>13</ID>
<Description>"Experience"</Description>
<Color>80000008</Color>
<VariableType>4 Bytes</VariableType>
<Address>Tibia.exe+3ABFB8</Address>
</CheatEntry>
<CheatEntry>
<ID>14</ID>
<Description>"Flags"</Description>
<Color>80000008</Color>
<VariableType>4 Bytes</VariableType>
<Address>Tibia.exe+3A9CF4</Address>
</CheatEntry>
<CheatEntry>
<ID>15</ID>
<Description>"Health"</Description>
<Color>80000008</Color>
<VariableType>4 Bytes</VariableType>
<Address>7A9CF4-8</Address>
</CheatEntry>
<CheatEntry>
<ID>16</ID>
<Description>"HealthMax"</Description>
<Color>80000008</Color>
<VariableType>4 Bytes</VariableType>
<Address>Tibia.exe+3AC048</Address>
</CheatEntry>
<CheatEntry>
<ID>17</ID>
<Description>"Level"</Description>
<Color>80000008</Color>
<VariableType>4 Bytes</VariableType>
<Address>Tibia.exe+3ABFEC</Address>
</CheatEntry>
<CheatEntry>
<ID>18</ID>
<Description>"MagicLevel"</Description>
<Color>80000008</Color>
<VariableType>4 Bytes</VariableType>
<Address>Tibia.exe+3ABFF4+8</Address>
</CheatEntry>
<CheatEntry>
<ID>19</ID>
<Description>"ManaMax"</Description>
<Color>80000008</Color>
<VariableType>4 Bytes</VariableType>
<Address>Tibia.exe+3ABFB0</Address>
</CheatEntry>
<CheatEntry>
<ID>20</ID>
<Description>"Mana"</Description>
<Color>80000008</Color>
<VariableType>4 Bytes</VariableType>
<Address>Tibia.exe+3AC004</Address>
</CheatEntry>
<CheatEntry>
<ID>21</ID>
<Description>"LevelPercent"</Description>
<Color>80000008</Color>
<VariableType>4 Bytes</VariableType>
<Address>Tibia.exe+3AC044</Address>
</CheatEntry>
<CheatEntry>
<ID>22</ID>
<Description>"Stamina"</Description>
<Color>80000008</Color>
<VariableType>4 Bytes</VariableType>
<Address>Tibia.exe+3AC04C</Address>
</CheatEntry>
<CheatEntry>
<ID>23</ID>
<Description>"Soul"</Description>
<Color>80000008</Color>
<VariableType>4 Bytes</VariableType>
<Address>Tibia.Exe + 3ABFF0</Address>
</CheatEntry>
<CheatEntry>
<ID>24</ID>
<Description>"Capacity"</Description>
<Color>80000008</Color>
<VariableType>4 Bytes</VariableType>
<Address>Tibia.exe+3ABFC4</Address>
</CheatEntry>
<CheatEntry>
<ID>25</ID>
<Description>"Fist"</Description>
<Color>80000008</Color>
<VariableType>4 Bytes</VariableType>
<Address>Tibia.exe+3ABF94</Address>
</CheatEntry>
<CheatEntry>
<ID>26</ID>
<Description>"Redsquare"</Description>
<Color>80000008</Color>
<VariableType>4 Bytes</VariableType>
<Address>Tibia.exe+3AC000</Address>
</CheatEntry>
<CheatEntry>
<ID>27</ID>
<Description>"Head"</Description>
<Color>80000008</Color>
<VariableType>4 Bytes</VariableType>
<Address>Tibia.exe+402738</Address>
</CheatEntry>
<CheatEntry>
<ID>28</ID>
<Description>"Z"</Description>
<Color>80000008</Color>
<VariableType>4 Bytes</VariableType>
<Address>Tibia.exe+3AC62C</Address>
</CheatEntry>
<CheatEntry>
<ID>29</ID>
<Description>"GotoX"</Description>
<Color>80000008</Color>
<VariableType>4 Bytes</VariableType>
<Address>Tibia.exe+3BA854</Address>
</CheatEntry>
<CheatEntry>
<ID>30</ID>
<Description>"GotoY"</Description>
<Color>80000008</Color>
<VariableType>4 Bytes</VariableType>
<Address>Tibia.exe+3AC038</Address>
</CheatEntry>
<CheatEntry>
<ID>31</ID>
<Description>"Hotkeys"</Description>
<Color>80000008</Color>
<VariableType>4 Bytes</VariableType>
<Address>00</Address>
<CheatEntries>
<CheatEntry>
<ID>32</ID>
<Description>"HotkeyObjectStart"</Description>
<Color>80000008</Color>
<VariableType>4 Bytes</VariableType>
<Address>Tibia.exe+3BA7A8</Address>
</CheatEntry>
<CheatEntry>
<ID>33</ID>
<Description>"HotkeySendAutostart"</Description>
<Color>80000008</Color>
<VariableType>4 Bytes</VariableType>
<Address>Tibia.exe+3BA75C</Address>
</CheatEntry>
<CheatEntry>
<ID>34</ID>
<Description>"HotkeyUseTypeStart"</Description>
<Color>80000008</Color>
<VariableType>4 Bytes</VariableType>
<Address>Tibia.exe+3BA6C0</Address>
</CheatEntry>
<CheatEntry>
<ID>35</ID>
<Description>"HotkeyTextStart"</Description>
<Color>80000008</Color>
<VariableType>String</VariableType>
<Length>4</Length>
<Unicode>0</Unicode>
<ZeroTerminate>1</ZeroTerminate>
<Address>Tibia.exe+3B8290</Address>
</CheatEntry>
</CheatEntries>
</CheatEntry>
</CheatEntries>
</CheatTable>



I searched some of i need, but forget how search the GotoZ :(
Put it on CheatEngine and have fun...

-- edit


Creature.DistanceZ = 36
Creature.DistanceX = 40
Creature.DistanceY = 44


Reversed this small structure, correct?
maozao
12-30-2011, 03:41 PM
DistanceX = 44
DistanceY = 40
DistanceZ = 36

The DistanceBlackSquare changed too, but I didn't find it yet.
Maches
12-30-2011, 10:12 PM
Someone could give me address for Character ID and Battle List start??
ozuna
12-30-2011, 11:09 PM
BattleList_Start = 0x546000 + Tibia.exe
Player_Experience = 0x3ABFB8 + Tibia.exe
Player_Flags = 0x3A9CF4 + Tibia.exe
Player_Id = 0x3AC054 + Tibia.exe
Player_Health = 0x3A9CEC + Tibia.exe
Player_HealthMax = 0x3AC048 +Tibia.exe
Player_Level = 0x3ABFEC + Tibia.exe
Player_MagicLevel = 0x3ABFF4 +Tibia.exe
Player_Mana = 0x3AC004 + Tibia.exe
Player_ManaMax = 0x3ABFB0 + Tibia.exe
Player_Soul = 0x3ABFF0 + Tibia.exe


Here no happaned..

Continues Tibia_BaseAddress - 0x400000 + Player_Level
To get Level for example?


How can we begginners, retrieve some value from this addresses?
Im triyng this way:


#include <windows.h>
#include <iostream>
#include <conio.h>

using namespace std;

int main()
{
int address = 0x3A9CEC;
int value;
DWORD pid;
HWND hwnd = FindWindow(NULL,"Tibia");
if(!hwnd)
{
cout << "Window not found!";
} else {
GetWindowThreadProcessId(hwnd,&pid);
HANDLE phandle = OpenProcess(PROCESS_ALL_ACCESS,0,pid);
if(!phandle)
{
cout << "Could not get handle!";
}
else
{
while(1)
{
ReadProcessMemory(phandle,(LPCVOID)address,&value,2,NULL);
cout << value << "\n";
Sleep(1000);

}
}
}

return 0;
}


This always retrieve me the number 2228224...its correct?

Tnx for u help.[/code]
Maches
12-30-2011, 11:27 PM
The adressess doesn't work!!!!!

Give good adressess please..
MxCool
12-30-2011, 11:33 PM
That addresses are correct.
Address + 0x400000;
jo3bingham
12-31-2011, 12:03 AM
The adressess doesn't work!!!!!

Give good adressess please..


^ Why I quit updating TibiaAPI's addresses.
megano0body
12-31-2011, 01:49 AM
The adressess doesn't work!!!!!

Give good adressess please..


^ Why I quit updating TibiaAPI's addresses.


And without you on TibiaAPI, looks a dead project.

Too bad, TibiaAPI was great, but it brings too much noobs to the community.
ozuna
12-31-2011, 04:13 AM
Could some one help me finding my Tibia base address?

Im using 0x400000 but it always give me wierd return, like 2228224 ;/

C++ plz
MxCool
12-31-2011, 04:43 AM
int level = 0x7ABFEC;
Process[] h = Process.GetProcessesByName(nombreProceso);
int offset = h[0].MainModule.BaseAddress.ToInt32() - 0x400000;
int n = memoria.ReadInt32(h[0].Handle, level + offset);
klusbert
12-31-2011, 11:09 AM
The adressess doesn't work!!!!!

Give good adressess please..


^ Why I quit updating TibiaAPI's addresses.


Like
Maches
12-31-2011, 12:10 PM
That addresses are correct.
Address + 0x400000;



In delphi it doesn't work..

I ise it like that :

SelfID = $3AC054 + 400000;

And DOESN't WORK :|||
Help me please.
Blaster_89
12-31-2011, 02:36 PM
That addresses are correct.
Address + 0x400000;



In delphi it doesn't work..

I ise it like that :

SelfID = $3AC054 + 400000;

And DOESN't WORK :|||
Help me please.




0x means the value is hexadecimal, so you need to use $400000 in Delphi.
Keep in mind that you can only use $400000 if you're running XP or if you disabled ASLR in the Tibia executable.
Maches
12-31-2011, 02:40 PM
Ye sure, but If I use
SelfID = $3AC054 + $400000;

is error.
Blaster_89
12-31-2011, 02:43 PM
Ye sure, but If I use
SelfID = $3AC054 + $400000;

is error.


What error?
If it's a problem with adding the two values, you can just add them yourself:
3AC054 + 400000 = 7AC054
Maches
12-31-2011, 02:45 PM
Will test it.
Thank you for answer.
magragaskar
12-31-2011, 04:01 PM
hi guys why don't u post adresses using cheat engine?
Maches
12-31-2011, 04:09 PM
LoginCharListDist = 84;
LoginCharListDistName = 0;
LoginCharListDistWorld = 30;


Someone Know what is for Tibia 9.42?
maozao
12-31-2011, 05:31 PM
LoginCharListDist = 84;
LoginCharListDistName = 0;
LoginCharListDistWorld = 30;


Someone Know what is for Tibia 9.42?


What did you try to find them?
Maches
12-31-2011, 05:59 PM
I still trying.
renatonolo
01-02-2012, 11:02 AM
Here no work...

Look:



private byte[] ReadBytes(string StrAddr, uint bytesToRead)
{
try
{
IntPtr ptrBytesRead;
int address = int.Parse(StrAddr, System.Globalization.NumberStyles.HexNumber);
byte[] buffer = new byte[bytesToRead];
WinApi.ReadProcessMemory(processo.getHandleTibiaIn tPtr(), new IntPtr(address), buffer, bytesToRead, out ptrBytesRead);
return buffer;
}
catch (Exception ex)
{
if (processo.getTibia().HasExited) { System.Windows.Forms.Application.Exit(); }
else { System.Windows.Forms.MessageBox.Show(ex.Message); }
return new byte[bytesToRead];
}
}

public int ReadInt(string address)
{
return BitConverter.ToInt32(ReadBytes(address, 4), 0);
}

public String getExperience()
{
UInt32 soma = 0x3ABFB8 + (UInt32)Process.GetProcessesByName("Tibia")[0].MainModule.BaseAddress.ToInt32() - 0x400000;
string addr = conv.intParaHex(soma);
int exp = ReadInt(addr);
return "" + exp;
}
maozao
01-02-2012, 02:14 PM
Someone found what's the new blacksquare offset?

And why everyone had an "emo" attack and remored the addresses? hehehehehe
Blaster_89
01-02-2012, 02:48 PM
Here no work...

Look:



private byte[] ReadBytes(string StrAddr, uint bytesToRead)
{
try
{
IntPtr ptrBytesRead;
int address = int.Parse(StrAddr, System.Globalization.NumberStyles.HexNumber);
byte[] buffer = new byte[bytesToRead];
WinApi.ReadProcessMemory(processo.getHandleTibiaIn tPtr(), new IntPtr(address), buffer, bytesToRead, out ptrBytesRead);
return buffer;
}
catch (Exception ex)
{
if (processo.getTibia().HasExited) { System.Windows.Forms.Application.Exit(); }
else { System.Windows.Forms.MessageBox.Show(ex.Message); }
return new byte[bytesToRead];
}
}

public int ReadInt(string address)
{
return BitConverter.ToInt32(ReadBytes(address, 4), 0);
}

public String getExperience()
{
UInt32 soma = 0x3ABFB8 + (UInt32)Process.GetProcessesByName("Tibia")[0].MainModule.BaseAddress.ToInt32() - 0x400000;
string addr = conv.intParaHex(soma);
int exp = ReadInt(addr);
return "" + exp;
}



Isn't 0x3ABFB8 already a baseless address? If so, you don't need to subtract 0x400000.
Why are you converting your hexadecimal values to strings? It's very inefficient.
4589417
01-02-2012, 03:34 PM
Hey, somebody tell me how i search the ScreenLevelAndSpyPtr? I don't know ANYTHING about pointers, need to learn it...
renatonolo
01-02-2012, 03:36 PM
Here no work...

Look:



private byte[] ReadBytes(string StrAddr, uint bytesToRead)
{
try
{
IntPtr ptrBytesRead;
int address = int.Parse(StrAddr, System.Globalization.NumberStyles.HexNumber);
byte[] buffer = new byte[bytesToRead];
WinApi.ReadProcessMemory(processo.getHandleTibiaIn tPtr(), new IntPtr(address), buffer, bytesToRead, out ptrBytesRead);
return buffer;
}
catch (Exception ex)
{
if (processo.getTibia().HasExited) { System.Windows.Forms.Application.Exit(); }
else { System.Windows.Forms.MessageBox.Show(ex.Message); }
return new byte[bytesToRead];
}
}

public int ReadInt(string address)
{
return BitConverter.ToInt32(ReadBytes(address, 4), 0);
}

public String getExperience()
{
UInt32 soma = 0x3ABFB8 + (UInt32)Process.GetProcessesByName("Tibia")[0].MainModule.BaseAddress.ToInt32() - 0x400000;
string addr = conv.intParaHex(soma);
int exp = ReadInt(addr);
return "" + exp;
}



Isn't 0x3ABFB8 already a baseless address? If so, you don't need to subtract 0x400000.
Why are you converting your hexadecimal values to strings? It's very inefficient.


This address is from panqnik in this post...



BattleList_Start = 0x546000 + Tibia.exe
Player_Experience = 0x3ABFB8 + Tibia.exe
Player_Flags = 0x3A9CF4 + Tibia.exe
Player_Id = 0x3AC054 + Tibia.exe
Player_Health = 0x3A9CEC + Tibia.exe
Player_HealthMax = 0x3AC048 +Tibia.exe
Player_Level = 0x3ABFEC + Tibia.exe
Player_MagicLevel = 0x3ABFF4 +Tibia.exe
Player_Mana = 0x3AC004 + Tibia.exe
Player_ManaMax = 0x3ABFB0 + Tibia.exe
Player_Soul = 0x3ABFF0 + Tibia.exe


I change my code to:


private byte[] ReadBytes(UInt32 StrAddr, uint bytesToRead)
{
try
{
IntPtr ptrBytesRead;
byte[] buffer = new byte[bytesToRead];
WinApi.ReadProcessMemory(processo.getHandleTibiaIn tPtr(), new IntPtr(StrAddr), buffer, bytesToRead, out ptrBytesRead);
return buffer;
}
catch (Exception ex)
{
if (processo.getTibia().HasExited) { System.Windows.Forms.Application.Exit(); }
else { System.Windows.Forms.MessageBox.Show(ex.Message); }
return new byte[bytesToRead];
}
}

public int ReadInt(UInt32 address)
{
return BitConverter.ToInt32(ReadBytes(address, 4), 0);
}

public String getExperience()
{
UInt32 soma = 0x3ABFB8 + (UInt32)Process.GetProcessesByName("Tibia")[0].MainModule.BaseAddress.ToInt32() - 0x400000;
int exp = ReadInt(addr);
return "" + exp;
}
4589417
01-02-2012, 03:42 PM
@renatonolo

Change this line:


UInt32 soma = 0x3ABFB8 + (UInt32)Process.GetProcessesByName("Tibia")[0].MainModule.BaseAddress.ToInt32() - 0x400000;


To this:


UInt32 soma = 0x3ABFB8 + (UInt32)Process.GetProcessesByName("Tibia")[0].MainModule.BaseAddress.ToInt32();


The 0x400000 is not necessary, because your address is 0x3ABFB8, it alread been subtracted...
renatonolo
01-02-2012, 04:00 PM
@renatonolo

Change this line:


UInt32 soma = 0x3ABFB8 + (UInt32)Process.GetProcessesByName("Tibia")[0].MainModule.BaseAddress.ToInt32() - 0x400000;


To this:


UInt32 soma = 0x3ABFB8 + (UInt32)Process.GetProcessesByName("Tibia")[0].MainModule.BaseAddress.ToInt32();


The 0x400000 is not necessary, because your address is 0x3ABFB8, it alread been subtracted...



I need convert

UInt32 soma = 0x3ABFB8 + (UInt32)Process.GetProcessesByName("Tibia")[0].MainModule.BaseAddress.ToInt32();


to hex in string or i can set hex in UInt32? if i need convert, how to?
4589417
01-02-2012, 04:11 PM
No, it is the correct, your code will be something like this:



private byte[] ReadBytes(string StrAddr, uint bytesToRead)
{
try
{
IntPtr ptrBytesRead;
int address = int.Parse(StrAddr, System.Globalization.NumberStyles.HexNumber);
byte[] buffer = new byte[bytesToRead];
WinApi.ReadProcessMemory(processo.getHandleTibiaIn tPtr(), new IntPtr(address), buffer, bytesToRead, out ptrBytesRead);
return buffer;
}
catch (Exception ex)
{
if (processo.getTibia().HasExited) { System.Windows.Forms.Application.Exit(); }
else { System.Windows.Forms.MessageBox.Show(ex.Message); }
return new byte[bytesToRead];
}
}

public int ReadInt(string address)
{
return BitConverter.ToInt32(ReadBytes(address, 4), 0);
}

public String getExperience()
{
UInt32 soma = 0x3ABFB8 + (UInt32)Process.GetProcessesByName("Tibia")[0].MainModule.BaseAddress.ToInt32();
int exp = ReadInt(soma.ToString());
return "" + exp.ToString();
}


Try this
renatonolo
01-02-2012, 04:19 PM
No, it is the correct, your code will be something like this:



private byte[] ReadBytes(string StrAddr, uint bytesToRead)
{
try
{
IntPtr ptrBytesRead;
int address = int.Parse(StrAddr, System.Globalization.NumberStyles.HexNumber);
byte[] buffer = new byte[bytesToRead];
WinApi.ReadProcessMemory(processo.getHandleTibiaIn tPtr(), new IntPtr(address), buffer, bytesToRead, out ptrBytesRead);
return buffer;
}
catch (Exception ex)
{
if (processo.getTibia().HasExited) { System.Windows.Forms.Application.Exit(); }
else { System.Windows.Forms.MessageBox.Show(ex.Message); }
return new byte[bytesToRead];
}
}

public int ReadInt(string address)
{
return BitConverter.ToInt32(ReadBytes(address, 4), 0);
}

public String getExperience()
{
UInt32 soma = 0x3ABFB8 + (UInt32)Process.GetProcessesByName("Tibia")[0].MainModule.BaseAddress.ToInt32();
int exp = ReadInt(soma.ToString());
return "" + exp.ToString();
}


Try this



I try, but return is not correct... I search the memory address in Cheat Engine, but the tibia.exe + 0x3ABFB8 no are the Experience.. :/
Sketchy
01-02-2012, 05:00 PM
It is incorrect because you are converting the address to a decimal-based string which the ReadBytes method then converts back into an integer based upon the hexadecimal base, this results in it attempting to read from an entirely different address than the one you want. Solution is simple, parse it as a decimal-based string instead of a hexadecimal one.

As Blaster said though it is inefficient to use a string for the address in the first place, and it is pointless anyway since you will just be converting it back to an integer and not making any actual real use of it as a string.
renatonolo
01-02-2012, 05:14 PM
It is incorrect because you are converting the address to a decimal-based string which the ReadBytes method then converts back into an integer based upon the hexadecimal base, this results in it attempting to read from an entirely different address than the one you want. Solution is simple, parse it as a decimal-based string instead of a hexadecimal one.

As Blaster said though it is inefficient to use a string for the address in the first place, and it is pointless anyway since you will just be converting it back to an integer and not making any actual real use of it as a string.


Then i can read by UInt32 address? I can set the address direct in UInt32?

For example:


private byte[] ReadBytes(UInt32 StrAddr, uint bytesToRead)
{
try
{
IntPtr ptrBytesRead;
byte[] buffer = new byte[bytesToRead];
WinApi.ReadProcessMemory(processo.getHandleTibiaIn tPtr(), new IntPtr(StrAddr), buffer, bytesToRead, out ptrBytesRead);
return buffer;
}
catch (Exception ex)
{
if (processo.getTibia().HasExited) { System.Windows.Forms.Application.Exit(); }
else { System.Windows.Forms.MessageBox.Show(ex.Message); }
return new byte[bytesToRead];
}
}

public int ReadInt(UInt32 address)
{
return BitConverter.ToInt32(ReadBytes(address, 4), 0);
}

public String getExperience()
{
UInt32 soma = 0x3ABFB8 + (UInt32)Process.GetProcessesByName("Tibia")[0].MainModule.BaseAddress.ToInt32() - 0x400000;
int exp = ReadInt(addr);
return "" + exp;
}


Or i need convert the addres from UInt32 to Hex?
If I need convert, how make this in c#?

The unique method o i know is convert to string with:


String addr = address.ToString("X");


This is correct?

Thx for all help :D
petitcoeur
01-02-2012, 06:28 PM
Someone found what's the new blacksquare offset?

And why everyone had an "emo" attack and remored the addresses? hehehehehe


Hahahaha "emo" attack
maozao
01-02-2012, 07:00 PM
Someone found what's the new blacksquare offset?

And why everyone had an "emo" attack and remored the addresses? hehehehehe


Hahahaha "emo" attack


Hahahahahahahaha, I tought that noone got it hehehehehehe

@renatonolo
You shoul learn the basic first, since you can't convert a simple variable you won't be able to go to far. Sorry if it sounds rude.
psydack
01-02-2012, 07:50 PM
I need really change type uint to long?
Example:
OLD: Player.experience = 0x81ce10 + 0x400000 + baseAdress;
NEW: Player.Experience = Convert.ToUint32(0x3ABFB8 + 0x400000 + baseAdress);
Blaster_89
01-02-2012, 08:18 PM
0x3ABFB8 + baseAdress
ozuna
01-02-2012, 10:02 PM
Someone can help me with base address? Im having ASLR problem and i just cant find that.



C++
-----------------------------------------------------
#include <windows.h>
#include <iostream>
#include <conio.h>

using namespace std;

int main()
{
// dont work
int address = 0x7ABFEC + 0x400000;
int _buffer;
DWORD pid;
HWND hwnd = FindWindow(NULL,"Tibia");
if(!hwnd)
{
cout << "Tibia not found!";
} else {
GetWindowThreadProcessId(hwnd,&pid);
HANDLE phandle = OpenProcess(PROCESS_ALL_ACCESS,0,pid);
if(!phandle)
{
cout << "Could not get handle!";
}
else
{
int cont = 0;
while(1)
{
ReadProcessMemory(phandle,(LPCVOID)address,&_buffer,sizeof(int),NULL);

cout << _buffer << "\n";
Sleep(1000);
cont++;
}
}
}
system("PAUSE");
return 0;
}


Tnx
magragaskar
01-02-2012, 10:25 PM
hey guys where is the complete adresses list?
psydack
01-02-2012, 11:34 PM
Should be:
int address = 0x7ABFEC - 0x400000 + phandle;

I dont know how you convert process from phandle to uint, but I think you can do it by yourself.[hr]


hey guys where is the complete adresses list?


I think they removed.
theafien
01-03-2012, 02:58 AM
See code belo the function get_baseaddress get tibia.exe base address.


C++
-----------------------------------------------------
#include <windows.h>
#include <iostream>
#include <conio.h>

using namespace std;

int get_baseaddress(HANDLE pHandle)
{
int i_start = 0x00100000;
MEMORY_BASIC_INFORMATION lpBuffer;
DWORD dwLength = sizeof(MEMORY_BASIC_INFORMATION);
do
{
VirtualQueryEx(pHandle, (void*)i_start, &lpBuffer, dwLength);
i_start += 0x10000;
} while (lpBuffer.AllocationProtect != 0x80 && i_start < 0x01000000);
if (lpBuffer.AllocationProtect == 0x80)
{
return (long)lpBuffer.AllocationBase;
}
return 0;
}
int main()
{
// get tibia.exe module address
// note that address 0x007ABFEC is same "Tibia.exe + 0x3ABFEC"
int baseaddress = get_baseaddress();
int address = 0x7ABFEC - 0x400000 + baseaddress;
//int address = 0x3ABFEC + baseaddress;
int _buffer;
DWORD pid;
HWND hwnd = FindWindow(NULL,"Tibia");
if(!hwnd)
{
cout << "Tibia not found!";
} else {
GetWindowThreadProcessId(hwnd,&pid);
HANDLE phandle = OpenProcess(PROCESS_ALL_ACCESS,0,pid);
if(!phandle)
{
cout << "Could not get handle!";
}
else
{
int cont = 0;
while(1)
{
ReadProcessMemory(phandle,(LPCVOID)address,&_buffer,sizeof(int),NULL);
cout << _buffer << "\n";
Sleep(1000);
cont++;
}
}
}
system("PAUSE");
return 0;
}



Someone can help me with base address? Im having ASLR problem and i just cant find that.



C++
-----------------------------------------------------
#include <windows.h>
#include <iostream>
#include <conio.h>

using namespace std;

int main()
{
// dont work
int address = 0x7ABFEC + 0x400000;
int _buffer;
DWORD pid;
HWND hwnd = FindWindow(NULL,"Tibia");
if(!hwnd)
{
cout << "Tibia not found!";
} else {
GetWindowThreadProcessId(hwnd,&pid);
HANDLE phandle = OpenProcess(PROCESS_ALL_ACCESS,0,pid);
if(!phandle)
{
cout << "Could not get handle!";
}
else
{
int cont = 0;
while(1)
{
ReadProcessMemory(phandle,(LPCVOID)address,&_buffer,sizeof(int),NULL);

cout << _buffer << "\n";
Sleep(1000);
cont++;
}
}
}
system("PAUSE");
return 0;
}


Tnx


[hr]
psydack is possible convert phandle to uint.
phandle is HANDLE which in turn is a (void*), then using simple (unsigned long) in phandle you get one uint to phandle.



Should be:
int address = 0x7ABFEC - 0x400000 + phandle;

I dont know how you convert process from phandle to uint, but I think you can do it by yourself.[hr]


hey guys where is the complete adresses list?


I think they removed.
ozuna
01-03-2012, 04:09 AM
See code belo the function get_baseaddress get tibia.exe base address.


C++
-----------------------------------------------------
#include <windows.h>
#include <iostream>
#include <conio.h>

using namespace std;

int get_baseaddress(HANDLE pHandle)
{
int i_start = 0x00100000;
MEMORY_BASIC_INFORMATION lpBuffer;
DWORD dwLength = sizeof(MEMORY_BASIC_INFORMATION);
do
{
VirtualQueryEx(pHandle, (void*)i_start, &lpBuffer, dwLength);
i_start += 0x10000;
} while (lpBuffer.AllocationProtect != 0x80 && i_start < 0x01000000);
if (lpBuffer.AllocationProtect == 0x80)
{
return (long)lpBuffer.AllocationBase;
}
return 0;
}
int main()
{
// get tibia.exe module address
// note that address 0x007ABFEC is same "Tibia.exe + 0x3ABFEC"
int baseaddress = get_baseaddress();
int address = 0x7ABFEC - 0x400000 + baseaddress;
//int address = 0x3ABFEC + baseaddress;
int _buffer;
DWORD pid;
HWND hwnd = FindWindow(NULL,"Tibia");
if(!hwnd)
{
cout << "Tibia not found!";
} else {
GetWindowThreadProcessId(hwnd,&pid);
HANDLE phandle = OpenProcess(PROCESS_ALL_ACCESS,0,pid);
if(!phandle)
{
cout << "Could not get handle!";
}
else
{
int cont = 0;
while(1)
{
ReadProcessMemory(phandle,(LPCVOID)address,&_buffer,sizeof(int),NULL);
cout << _buffer << "\n";
Sleep(1000);
cont++;
}
}
}
system("PAUSE");
return 0;
}


Man first of all, i love u auhahua it worked with a small change:


#include <windows.h>
#include <iostream>
#include <conio.h>

using namespace std;

int get_baseaddress(HANDLE pHandle)
{
int i_start = 0x00100000;
MEMORY_BASIC_INFORMATION lpBuffer;
DWORD dwLength = sizeof(MEMORY_BASIC_INFORMATION);
do
{
VirtualQueryEx(pHandle, (void*)i_start, &lpBuffer, dwLength);
i_start += 0x10000;
} while (lpBuffer.AllocationProtect != 0x80 && i_start < 0x01000000);
if (lpBuffer.AllocationProtect == 0x80)
{
return (long)lpBuffer.AllocationBase;
}
return 0;
}

int main()
{
int _buffer;
DWORD pid;
HWND hwnd = FindWindow("TibiaClient", "Tibia");
if(!hwnd)
{
cout << "Tibia not found!";
} else {
GetWindowThreadProcessId(hwnd,&pid);
HANDLE phandle = OpenProcess(PROCESS_ALL_ACCESS,0,pid);
if(!phandle)
{
cout << "Could not get handle!";
}
else
{
int baseaddress = get_baseaddress(phandle);
int address = 0x3AC004 + baseaddress;
int cont = 0;
while(1)
{
ReadProcessMemory(phandle,(LPCVOID)address,&_buffer,sizeof(int),NULL);

cout << (int)_buffer << "\n";
Sleep(1000);
cont++;
}
}
}
system("PAUSE");
return 0;
}


Tnx u again!
theafien
01-03-2012, 04:14 AM
@ozuma, nop!
psydack
01-03-2012, 05:46 AM
Does anybody know who uses this player_flag?

Some advance in address?



//assuming baseAdress = tibia.exe
//assuming ASLR disabled
//testing 3/1/12 8044472
Player.Experience = 0x7ABFB8 - 0x400000 + baseAdress;
Player.Id = Player.Experience + 156;
Player.Level = Player.Experience + 52;

Player.Health = 0x7A9CEC - 0x400000 + baseAdress;
Player.HealthMax = 0x7AC048 - 0x400000 + baseAdress;
Player.Mana = 0x7AC004 - 0x400000 + baseAdress;
Player.ManaMax = 0x7ABFB0 - 0x400000 + baseAdress;
Player.Soul = Player.Experience + 56;
Player.MagicLevel = 0x7ABFF4 - 0x400000 + baseAdress;
Player.Capacity = 0x7ABFC4 - 0x400000 + baseAdress;
Player.LevelPercent = 0x7AC044 - 0x400000 + baseAdress;



This not working more...


Player.Stamina = 0x7AC044 - 0x400000 + baseAdress;
renatonolo
01-03-2012, 11:09 AM
Ok.

I am using the Address of the tibia on variables of type int.


public const int Experience = 0x3ABFB8;


and i am using the Tibia base address too in the variables of type int.


int baseCurrent = (int) this.hTibia.MainModule.BaseAddress;


and i am using this method to search memory in tibia window:


public int getLevel()
{
int addr = baseCurrent + Experience;
WinApi.ReadProcessMemory(Process.GetProcessesByNam e("Tibia")[0].MainWindowHandle, new IntPtr(addr), buffer, 4, out ptrBytesRead);
int level = BitConverter.ToInt32(buffer, 0);
return level;
}


But the return of getLevel method is 0... :(

Where i am wrong? :(
psydack
01-03-2012, 12:06 PM
@renatonolo : Maybe the adress has changed your pattern.
renatonolo
01-03-2012, 12:09 PM
@renatonolo : Maybe the adress has changed your pattern.


I do not understand. I get this address in this post... panqnik post this address here...
Blaster_89
01-03-2012, 02:30 PM
Ok.

I am using the Address of the tibia on variables of type int.


public const int Experience = 0x3ABFB8;


and i am using the Tibia base address too in the variables of type int.


int baseCurrent = (int) this.hTibia.MainModule.BaseAddress;


and i am using this method to search memory in tibia window:


public int getLevel()
{
int addr = baseCurrent + Experience;
WinApi.ReadProcessMemory(Process.GetProcessesByNam e("Tibia")[0].MainWindowHandle, new IntPtr(addr), buffer, 4, out ptrBytesRead);
int level = BitConverter.ToInt32(buffer, 0);
return level;
}


But the return of getLevel method is 0... :(

Where i am wrong? :(


Use Handle instead of MainWindowHandle.
renatonolo
01-03-2012, 03:32 PM
Using Handle instead of MainWindowHandle work.. :D

Thx for all help..
Kush
01-04-2012, 01:56 AM
Any have the address of the level spy?