If you dont know anything, you should probably get this first and then comeback :) : Startup (http://tpforums.org/forum/threads/5738-Programs-that-you-will-need-before-you-get-started)

Since I'm reinventing the wheel ,I'm going to post images of how to find the values on cheat engine and olly dbg, nothing really new for most of the users, but hey why not update a tutorial, it will be ready in a day or 2, in the mean while heres the program :

Basically it will read only tibia, and it will read 2 addresses xor and hp value or xor and mana, I didn't try anything else and idk if they even exist,however it should work in every version and its a simple test to check if ur addresses are correct


Man Mode Tutorial :

First we need to find the addresses of the xor and health, we can do this on ollydbg or cheat engine, however man mode = cheat engine in ollydbg is a piece of cake.


Client ver. 9.8.3

Step 1

Find your health value in cheat engine (search for unknown value, then let something damage your char, and search changed value, so on) until you get the address your looking for

http://img189.imageshack.us/img189/8332/25268451.png
http://img707.imageshack.us/img707/839/56850116.png


Step 2

Search the xor ,click memory view, in your hp address that says :


Tibia.exe+21AAB - 89 0D 00009500 - mov [Tibia.exe+550000],ecx

Now we know that the Xor comes before the value is displayed so we are going to search in the memory viewer the first line that's before you're hp address, with Tibia.exe+ in it, its also before another xor so the full code looks like this :


Tibia.exe+21AA2 - A1 90A07B00 - mov eax,[Tibia.exe+3BA090]
Tibia.exe+21AA7 - 8B C8 - mov ecx,eax
Tibia.exe+21AA9 - 33 CE - xor ecx,esi
Tibia.exe+21AAB - 89 0D 00009500 - mov [Tibia.exe+550000],ecx


http://img844.imageshack.us/img844/9817/94488996.png
http://img805.imageshack.us/img805/2933/80958899.png

You can see that it is in the same AAX region and we choose [Tibia.exe+3BA090] we copy the address and then add it to cheat engine the values displayed there will be with the same 3 first digits in this case it's the same 6 digits, that's good enough to know that's the correct address

http://img203.imageshack.us/img203/9066/14823645.png
http://img208.imageshack.us/img208/3659/61987609.png
http://img7.imageshack.us/img7/2614/92594877.png

Step 3

Now we use a programmer calculator in decimal and we Xor the values of our addresses = 61 and that's our HP

http://img132.imageshack.us/img132/9448/96685801.png


Album : http://imageshack.us/g/1/10078385/

GRATZ man mode mastered

Ollydbg Tutorial Cheap Mode

Step 1

Load Tibia.exe in ollydbg and press the ( ► ) button, start tibia and get in your char.

http://img802.imageshack.us/img802/7058/12295130.png

Step 2

Right click the main window and search all referenced strings

http://img594.imageshack.us/img594/664/54698820.png

Step 3

Scroll to the top of the window, click the first address (just to start the search from that point, don't double click it) and now we right click that window and search points (the entire scope).
Press Ctrl+L to search the next coincidence

http://img692.imageshack.us/img692/554/98858702.png
http://img715.imageshack.us/img715/282/23118487.png


Step 4

Double click "hit points" and it will send you to the memory region in ollydbg were the data is displayed, and theres our 2 values
(Yup, just that easy)

http://img823.imageshack.us/img823/9175/48638110.png
http://img844.imageshack.us/img844/7065/16584923.png
http://img18.imageshack.us/img18/9642/90628127.png

Now we use a programmer calculator in decimal and we Xor the values of our addresses = 61 and that's our HP

http://img132.imageshack.us/img132/9448/96685801.png

Album : http://imageshack.us/g/1/10079659/

Xor : http://en.wikipedia.org/wiki/XOR

.Net Programming

Dissable rsa? ;) I bet you mean ASLR (Address space layout randomization)

Dissable rsa? ;) I bet you mean ASLR (Address space layout randomization)

ty :) i always forget those things XD

Nice tuto Wesker. I had never take a time to learn how to get the Xor Key, now I think I know... When I have some time I will try that by myself to put in practice.

np have fun with it

I can not find the addresses with the OllyDbg.
follows a ss a customer used, this also happens with the client and other current tibia earlier.

http://img22.imageshack.us/img22/2694/ollyerror.jpg

I can not find the addresses with the OllyDbg.
follows a ss a customer used, this also happens with the client and other current tibia earlier.

http://img22.imageshack.us/img22/2694/ollyerror.jpg


this is only for tibia and only and exclusively for the xor address, not every game uses the xor and from your pic doesnt seem to be xored it will show a Xor value, with cheat engine should be enought to find it, in your case its just the address however it might be ASRL so download emet and disable it

even with the client's tibia, the OllyDbg did not return any value.
primarily according to its tutorial using olly follows the img as their becomes:
http://img18.imageshack.us/img18/9642/90628127.png

My ASRL is disabled.
I'm using windows 7 but already tested it on another machine with windows xp.

if you do it via Cheat Engine, for example just getting the health, mana, healthmax, mana max you could do it this way:
1- take the Xor Address and add it to the list.
2- Close Tibia, open a new Tibia and enter your info, but DO NOT enter in the char, just the Characters list.
3- copy the Xor info that you see in the list, the one you kept from before.
4- New search, paste there the Xor key, and you will get 5 Results (not sure if more, but probably only this).
5-Enter the char, you will see that 1 address hasn't change (that's the Xor Address, Delete it)
6- you will have now 4 addresses. with hp and mana full, the results of Hp = Hpmax, and Mana=manamax....
Use a spell, one of those address will have changed, thats your actual mana. The address that had the same info as this mana address, and hasn't changed, is the Mana max.

Do the same with the hp, profit.

(((hope it was understable, else I will post some pics if needed)))

puterin u know u can find the xor addres with cheat engine while u search the health address LOL, theres 2 ways to do so on this tutorial, however i can almost bet that he didnt search for all referenced strings, and you need to log in into your account in order to get those strings...