Solved How to find entitys on memory

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

eduardoroeder

Newbie
Dank Tier Donator
May 2, 2015
30
583
1
Hello everybody,

my name is Eduardo and im quite new here and also at hacking.

Ive starting a project to make a bot on c# for an MMORPG called Warspear Online. Okay. I got it to aattach tô the processo read my life, my name(want to change the game title later), my pos x and y, the target info and more things, all of them with 3-4 levels offset inside the address.

The thing is, i dont know where to start searching for enemies loaded up on the memory to track 'em down. Actually ive found the entitys array by reading the memory with cheat engine, i can read their hp/mana/position /name/and probably id. But when i change zones all the entitys changes address around the memory. So, can anyone help me on this? I can give more information, so if i missed anything please ask me.

Thanks for your attention.
 
Last edited by a moderator:

Solaire

Respected Hacker
Dank Tier VIP
Dec 15, 2013
1,051
16,353
62
Yes, i did a pointer scan but after one /two rescans, the list became empty. Looks like i am getting an address from some index inside the array. I Ive already got how long is the entity unit (the distance between consecutive names ) and by that if i give an address to any unit i can return their hp, position, level, name and such. How could i get the first one if i dont really know how many entities are there?
Thanks for the response.
Btw about function, i cant understand how it works, lets say, ive found which function writes my position, but i dont know what to do with it. I realize that i need to learn more of ASM so i could do something. Where should i start?
As i am doing a bot, is there a better way than using autoit dll to send keystrokes to other process window without focusing it?
I am also thinking about packet sniffing tô get the entities. Is it a good idea?
How to find Entity List Assault Cube

I'm not too great with entity stuff. I've only dealt with Brogue and AssaultCube, Brogue having the weirdest way of storing them, and AssaultCube having the simplest way of storing them. I remember Spock made a thread somewhere about going through large lists of entities at one point, may be good to go through that though I don't remember the name of it. I think it was in the Hacking Tutorials section.

It may be good to start learning assembly if you want to reverse functions, otherwise you won't really understand what's going on :p.
Part 1:
Cheat Engine :: View topic - A Very In Depth Tutorial on Auto Assembler
Part 2:
Cheat Engine :: View topic - An In-Depth Tutorial on Auto Assembler: Extended

They will give you an idea of what each register does, what the flags are, etc. At least knowing what the registers are and what basic instructions do will give you a much better ability to reverse things.

No need for packet sniffing. As for sending keystrokes to another process window, you can use many high level languages to do so. I've never used autoit before so I don't know it's limits when making bots :p.
 
Last edited by a moderator:

Solaire

Respected Hacker
Dank Tier VIP
Dec 15, 2013
1,051
16,353
62
Hello everybody,

my name is Eduardo and im quite new here and also at hacking.

Ive starting a project to make a bot on c# for an MMORPG called Warspear Online. Okay. I got it to aattach tô the processo read my life, my name(want to change the game title later), my pos x and y, the target info and more things, all of them with 3-4 levels offset inside the address.

The thing is, i dont know where to start searching for enemies loaded up on the memory to track 'em down. Actually ive found the entitys array by reading the memory with cheat engine, i can read their hp/mana/position /name/and probably id. But when i change zones all the entitys changes address around the memory. So, can anyone help me on this? I can give more information, so if i missed anything please ask me.

Thanks for your attention.
Just curious, did you try to get a pointer for one of the entities? Or the first entity in the array? It's be best to get the first. When you move into a new area, a new set of entities are likely pushed into the array. You could also see if you can find a function that passes the current array of entites as a parameter, or one that returns it.
 

eduardoroeder

Newbie
Dank Tier Donator
May 2, 2015
30
583
1
Just curious, did you try to get a pointer for one of the entities? Or the first entity in the array? It's be best to get the first. When you move into a new area, a new set of entities are likely pushed into the array. You could also see if you can find a function that passes the current array of entites as a parameter, or one that returns it.
Yes, i did a pointer scan but after one /two rescans, the list became empty. Looks like i am getting an address from some index inside the array. I Ive already got how long is the entity unit (the distance between consecutive names ) and by that if i give an address to any unit i can return their hp, position, level, name and such. How could i get the first one if i dont really know how many entities are there?
Thanks for the response.
Btw about function, i cant understand how it works, lets say, ive found which function writes my position, but i dont know what to do with it. I realize that i need to learn more of ASM so i could do something. Where should i start?
As i am doing a bot, is there a better way than using autoit dll to send keystrokes to other process window without focusing it?
I am also thinking about packet sniffing tô get the entities. Is it a good idea?
 
Last edited:

eduardoroeder

Newbie
Dank Tier Donator
May 2, 2015
30
583
1
Thanks man, ill take a look on those tutorials tomorrow. I am watching the aimbot tutorial from Fleep now because it seems to be the same point for searching enemy. Im on part 8 now, doing the enemy list part. Lets see if i cant get my targets with the same method :D
What kind of high level language i can use for sending keystrokes? Keep in mind i want to the game be on background and still receive the key stokes.
Thanks again.
 

Solaire

Respected Hacker
Dank Tier VIP
Dec 15, 2013
1,051
16,353
62
Thanks man, ill take a look on those tutorials tomorrow. I am watching the aimbot tutorial from Fleep now because it seems to be the same point for searching enemy. Im on part 8 now, doing the enemy list part. Lets see if i cant get my targets with the same method :D
What kind of high level language i can use for sending keystrokes? Keep in mind i want to the game be on background and still receive the key stokes.
Thanks again.
C++, C, C#, VB, Python, Java, etc. If you're wanting to go for something quick and simple, VB or Python. If you're wanting to go for something complex, but with tons more power, C++, C, or C#.
 

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,073
78,998
2,371
Sending keystrokes to a window that is not in focus is not a easy task. You are better off reversing the functions that get called from the keystrokes calling them as crazy as that sounds. It sounds like your'e making an external hack, if you're internal you can hook the api function that checks for keystrokes and set it to true when a given criteria is met but that's thinking outside the box.

Regarding the entity list like Krampus said try to find the first entity of the array, meaning the address that holds entityArray[0]. Then use "find out what writes or accesses" that address and see if you can't find a pointer to the array. And hopefully that array is the entityArray for the zone you are in. The server probably only sends the data pertaining to the zone you are in. Then when you change zones the pointer will point to the new entityArray hopefully.

Sounds like a fun project good luck!
 

eduardoroeder

Newbie
Dank Tier Donator
May 2, 2015
30
583
1
I'm not too great with entity stuff. I've only dealt with Brogue and AssaultCube, Brogue having the weirdest way of storing them, and AssaultCube having the simplest way of storing them. I remember Spock made a thread somewhere about going through large lists of entities at one point, may be good to go through that though I don't remember the name of it. I think it was in the Hacking Tutorials section.

It may be good to start learning assembly if you want to reverse functions, otherwise you won't really understand what's going on :p.
Part 1:
https://forum.cheatengine.org/viewtopic.php?t=95363
Part 2:
https://forum.cheatengine.org/viewtopic.php?t=222520

They will give you an idea of what each register does, what the flags are, etc. At least knowing what the registers are and what basic instructions do will give you a much better ability to reverse things.

No need for packet sniffing. As for sending keystrokes to another process window, you can use many high level languages to do so. I've never used autoit before so I don't know it's limits when making bots :p.
Well, i Just finished reading the first one and i actually learned how to make a script with those registry entries and the functions. Still i dont know where to put my script so i can test it haha.
Ill try to hack a simple game like minesweeper, but i dont have it on Windows 10 :/ can you send me a copy of the exe?
 

eduardoroeder

Newbie
Dank Tier Donator
May 2, 2015
30
583
1
Sending keystrokes to a window that is not in focus is not a easy task. You are better off reversing the functions that get called from the keystrokes calling them as crazy as that sounds. It sounds like your'e making an external hack, if you're internal you can hook the api function that checks for keystrokes and set it to true when a given criteria is met but that's thinking outside the box.

Regarding the entity list like Krampus said try to find the first entity of the array, meaning the address that holds entityArray[0]. Then use "find out what writes or accesses" that address and see if you can't find a pointer to the array. And hopefully that array is the entityArray for the zone you are in. The server probably only sends the data pertaining to the zone you are in. Then when you change zones the pointer will point to the new entityArray hopefully.

Sounds like a fun project good luck!
Yea, i tired it, but i cant find the first one... I can actually find some, but looking through the memory i cant see a pattern, sometimes they are near with a pattern, sometimes between there are entities that actually appeared once and other times i can Just find one entity far away from the others.
The zone i mean is that you have 28x28 space loaded each time, só after you get on the corners you need to press 'go west' or 'east'/north /souto. By that i believe that once the entity list is set on a determined address, there is no need to change the position in the memory. I can be wrote, of course.
And as soon i learn some assembly ill try to simulate a keystroke.
Thanks for trying to help.
 

eduardoroeder

Newbie
Dank Tier Donator
May 2, 2015
30
583
1
Ok, i think i found a key value here.
If i search on CE for 4Bytes 8384CC, it will give me some entries, the first 2-5 of them arent the ones i want, but the next ones will give me exactly the offest 0x0 i use for the unity base.From there i think i can do something.
How do i search the whole code for that value, get the address then pass it to an array so i can check if there is a pattern like a unit structure? I know how i would do for checking the structure, but i dont know how i search for the addresses that got that value. Btw, is that a good approach?
 

eduardoroeder

Newbie
Dank Tier Donator
May 2, 2015
30
583
1
Explain your problem in more detail



You use cheat engine to search for the value
Woops. sorry. I was with C# on my mind and forgot to say it lol.

Like this, i know that every EntityItem starts with(example) 1234567 as a Hex 4 byte value. If i search(in cheat engine) for 1234567 in Hex 4 bytes, it will return all the entities on the area + 6-7 entries that arent even entities(i can assume it is always like that). So, i want to do a search on the whole memory for that value, and save the addresses of the entries on a array so i can filter them out(remove the 6-7 entries that arent entities). Is it possible via c#?

Thanks again for the attention.
 

Solaire

Respected Hacker
Dank Tier VIP
Dec 15, 2013
1,051
16,353
62
Woops. sorry. I was with C# on my mind and forgot to say it lol.

Like this, i know that every EntityItem starts with(example) 1234567 as a Hex 4 byte value. If i search(in cheat engine) for 1234567 in Hex 4 bytes, it will return all the entities on the area + 6-7 entries that arent even entities(i can assume it is always like that). So, i want to do a search on the whole memory for that value, and save the addresses of the entries on a array so i can filter them out(remove the 6-7 entries that arent entities). Is it possible via c#?

Thanks again for the attention.
I tried making a memory scanner once. It took 7 minutes, scanned all of the memory, and saved it in a .txt file which was around 10mb afterwards :p. (Which you don't need to do lol). If the addresses are consistently in the the memory of one module, just scan through that module using ReadProcessMemory. Ex:
ReadProcessMemory(handle, modBase, &buffer, modSize, NULL)
 

till0sch

Respected Hacker
Dank Tier VIP
Dank Tier Donator
Oct 14, 2012
1,104
12,593
51
Search for those entity values which seem to always be the same, through VirtualQuery you can get the memory regions.

Also somewhat code what makes you decide it's not a right one or a right one..
 

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,073
78,998
2,371
Normally none of this would be neccesary if you found a pointer in cheat engine, but if that is impossible for this game than you will need to write a "signature" for an entity and scan the memory for it to find valid entities. Reverse as much of the entity struct as you can and then apply what you know to building the signature.
 

till0sch

Respected Hacker
Dank Tier VIP
Dank Tier Donator
Oct 14, 2012
1,104
12,593
51
Try to find instructions accessing all entities you need, build a signature and hook them
 

eduardoroeder

Newbie
Dank Tier Donator
May 2, 2015
30
583
1
Hey, thanks all for the help, i actually resolved this issue. The thing was finding the correct pointers. 3 pointer with 4level deep offset each solved it.
And btw, if something else pops up on the road, do i need to make a new thread or i can post in this one?
 

galaxykiller

Newbie
Feb 7, 2014
2
102
1
Hey, thanks all for the help, i actually resolved this issue. The thing was finding the correct pointers. 3 pointer with 4level deep offset each solved it.
And btw, if something else pops up on the road, do i need to make a new thread or i can post in this one?
New thread would be fine. :)
 
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods