Results 1 to 9 of 9

Thread: How to find offsets

  1. #1
    Registered User
    Join Date
    Aug 2002
    Posts
    29

    How to find offsets

    Okay...there have been a few requests for a writeup on how to find offsets, so I threw something together. I'm sure this can be improved upon, but it works.

    Code:
    Preparation:
    
    To prepare to find your own offsets, you'll need to start with correct offsets the first time.  Run the
    debug version of the server, click the icon in the upper left of the server.exe window, and select 
    "properties".  Select the "Layout" tab, and in the "Screen Buffer Size" box, change "Height" to 3000.
    Use the "es" command to display info about yourself.  Then, go through all of the secondary offsets and
    find what values are stored at the indicated addresses (for example, the secondary offset "NameOffset" is
    0xa4, so at 0xa4, you should see your character's first name).  Write down the values you find at each
    of the secondary offsets listed below- this will help you know what to search for when trying to find
    your own offsets later on.  For HideOffset, do this with some form of invisibility on your character, and
    remember what form of invisibility you used.
    
    HideOffset (4 bytes):                        (invis type:                    )
    LevelOffset (1 byte):
    ClassOffset (2 bytes):
    RaceOffset (2 bytes):
    PrimaryOffset (4 bytes):
    OffhandOffset (4 bytes):
    
    Note that you can also target an NPC that always has the same items equipped in their main and off hand,
    and use the values you get from the "et" command to find all of the secondary offsets except OwnerID and
    Hide.  Also note that it might be useful to get some cheap items that you can keep in your bank and
    equip in your primary and off hands during offset search, since if you upgrade your equipment, the values
    you'll need to search for will probably change.
    Code:
    Finding offsets:
    
    0: A starting note: After identifying each of the offsets we'll be looking for and updating it in the
    MySEQ config file, use the "r" command in the debug server to reload the offsets.
    
    1: Click the icon in the upper left of the debug server window, and select "properties".  Select the "Layout"
    tab, and in the "Screen Buffer Size" box, change "Height" to 3000.  (This could be something that you only
    have to do once, since the setting may be sticky.)
    
    2: Go to the guild lobby
    
    3: In the debug server window, type "fz guildlobby".  Note the returned values.  Try each as the value for
    ZoneAddr.  The most likely candidate will be the one whose value is closest to the previous value for ZoneAddr.
    
    4: Target Guardian Rooksis, at the end of the hall leading to the Plane of Knowledge closest to the throne.
    In the debug server window, type "ft Guardian_Rooksis00".  Note the returned values.  Try each as the value
    for TargetAddr.  The most likely candidate will be the one whose value is closest to the previous value for
    TargetAddr.
    
    5: Target yourself (hit F1 in game).  In the debug server window, type "ft " followed by your first name 
    (for example, if your character's name is "Flyboy Sopwith", you would type "ft Flyboy").  Note the returned 
    values.  Some of the returned values will be identical to the values you got in step 4, above, and can be 
    discarded.  Try each of the others as the value for both CharInfo and SpawnHeaderAddr.  The most likely 
    candidate is the one whose value relative to the one you settled on in step 4 is closest to the previous
    difference between CharInfo and TargetAddr.
    
    6: In the debug server window, type "es" (or "et" with the appropriate NPC targeted if you did your prep
    using an NPC).  For the next few pointers, you'll use the "find" function in the debug server window.  To do
    this, click the icon in the upper-left corner, select "Edit ->", and then "Find...".  Type the hexadecimal
    value for which you want to search into the text box in the Find... window.  For multi-byte values, separate
    the bytes with a space and order the bytes from least significant to most significant (for example, to search
    for the hex value 0x1234, you would type "34 12" into the search box.  Find the offsets below by searching
    for the values you found for them during preparation.  Note that most of these offsets will be even numbers
    (numbers that end in 0, 2, 4, 6, 8, a, c, or e).  The only exception I've seen in the last 5 years is 
    LevelOffset, which doesn't have that restriction.
    6a: Your level (LevelOffset) 
    6b: Your race (RaceOffset)
    6c: Your class (ClassOffset)
    6d: The item you have equipped in your primary hand (PrimaryOffset)
    6e: The item you have equipped in your off hand (OffhandOffset)
    
    7: Place the same type of invisibility on yourself as you had during your prep.  In the debug server window,
    type "es".  Search for the 4-byte value that corresponds to the invis type you recorded during prep, and use
    the offset you find as HideOffset.  Note that it will be on a 32-bit-aligned offset (an offset that ends in
    0, 4, 8, or c).
    
    8: Find and target a pet class player who has a pet up.  In the debug server window type "et".  Go to the
    offset specified by SpawnIDOffset and note the value stored there.  Target the player's pet and, in the debug
    server window, type "et".  Search for the value you recorded for SpawnIDOffset for the pet's owner.
    This is OwnerIDOffset.  Note that because you'll have two "et" dumps in the same window, you're going to get
    at least two hits here - one for the SpawnID of the pet's owner, which will obviously be at SpawnIDOffset,
    and one for the OwnerID of the pet.  Just make sure that when you get a hit, the offset at which the hit was
    found makes sense.
    
    9: Go to Plane of Knowledge.  In the server debug window, type "sg".  Note the returned pointers.  One or more
    should be of the form "ITnnnnn_ACTORDEF".  Try each of these as the value for ItemsAddr.  The best candidate
    will be the one whose value is closest to the previous value for ItemsAddr.
    
    10: In game, type "/time".  Note the game date.  In the debug server window, type "sfw mm/dd/yyyy", where
    mm is the month that was returned for game time, dd is the date, and yyyy is the year.  For example, if
    /ti returned "Game Time: Monday, December 7, 3141 - 3 AM", you would type "/sfw 12/07/3141".  In all
    likelihood, only one pointer will be returned, and this should be used as WorldAddr.
    One thing to note: the amount of data displayed by the "es" and "et" commands is 2048 bytes, which is less than
    the current size of the spawn structure. As a result, some offsets might not be easy to find using just the stock
    debug server (in particular, the current values for ClassOffset, RaceOffset, PrimaryOffset and OffhandOffset fall
    outside the range of data displayed by es and et, and the values for ClassOffset and RaceOffset are in danger of
    being pushed outside the displayed range). I suggest that the distro be updated so that the debug server displays
    8192 bytes for es and et to address this issue, or, even better, those commands would take a parameter, allowing
    the user to request how many bytes are to be displayed.
    Last edited by wxh; 07-20-2018 at 07:15 AM. Reason: Correction to caveat re: amount of data displayed by es/et

  2. #2
    Registered User
    Join Date
    Sep 2006
    Posts
    5

    Re: How to find offsets

    Awesome! Thanks for writing this up.

  3. #3
    Registered User
    Join Date
    Jul 2002
    Posts
    52

    Re: How to find offsets

    ahh perfect! thank you so much.. i just started playing on test and the offsets changed today

  4. #4
    Registered User
    Join Date
    Jul 2002
    Posts
    52

    Re: How to find offsets

    Quote Originally Posted by wxh View Post
    Okay...there have been a few requests for a writeup on how to find offsets, so I threw something together. I'm sure this can be improved upon, but it works.

    Code:
    Preparation:
    
    To prepare to find your own offsets, you'll need to start with correct offsets the first time.  Run the
    debug version of the server, click the icon in the upper left of the server.exe window, and select 
    "properties".  Select the "Layout" tab, and in the "Screen Buffer Size" box, change "Height" to 3000.
    Use the "es" command to display info about yourself.  Then, go through all of the secondary offsets and
    find what values are stored at the indicated addresses (for example, the secondary offset "NameOffset" is
    0xa4, so at 0xa4, you should see your character's first name).  Write down the values you find at each
    of the secondary offsets listed below- this will help you know what to search for when trying to find
    your own offsets later on.  For HideOffset, do this with some form of invisibility on your character, and
    remember what form of invisibility you used.
    
    HideOffset (4 bytes):                        (invis type:                    )
    LevelOffset (1 byte):
    ClassOffset (2 bytes):
    RaceOffset (2 bytes):
    PrimaryOffset (4 bytes):
    OffhandOffset (4 bytes):
    
    Note that you can also target an NPC that always has the same items equipped in their main and off hand,
    and use the values you get from the "et" command to find all of the secondary offsets except OwnerID and
    Hide.  Also note that it might be useful to get some cheap items that you can keep in your bank and
    equip in your primary and off hands during offset search, since if you upgrade your equipment, the values
    you'll need to search for will probably change.

    So what do you do if you don't know any of the offsets to start with? On test the only offset that the normal server finds is the one that loads the map. When i try finding offsets following above and use ES i get:
    > es
    Display Raw Memory from 0x340000 to 0x340800
    Failed to obtain valid memory pointer for offset pSelf
    ?) display main menu

  5. #5
    Registered User
    Join Date
    Aug 2002
    Posts
    29

    Re: How to find offsets

    Well, then it gets trickier. The reason for starting with pointers you already know is to find out what the values you need to search for to get the secondary offsets are. The first five steps should all work, and will get you the primary offsets you need to at least get skittles, but of course you won't have previous offsets to give you any hints as to which returned values are most likely to be the correct ones for each step.

    Once that's done, LevelOffset is pretty easy to find, since you know your level, and you can get second- or third-target verification because you know the level of any NPC you /con anymore, so you can search for those.

    For invis, what I would do is get an invis potion, then, while visible, do an "es" and search for 00 00 00 00. Then, invis yourself and search for 01 00 00 00. You'll probably only find one offset where you found 00 00 00 00 while visible and 01 00 00 00 while invis, and that's HideOffset. Note that it may be important to use an invis potion to become invisible, because there are different types of invisibility (invis, invis to animals, invis to undead, hide, and so on), so there are a bunch of different possible values that can show up at HideOffset - I know the value that shows up when you invis using a potion is 01 00 00 00, but I don't know for sure what it would be if you cast invisibility or camouflage on yourself.

    For ClassOffset and RaceOffset, you can search for those pretty easily, and to find the values you need to look for, look in the \cfg folder in your ShowEQ directory. In the file "Classes.txt" is a list of what each value for class translates into, starting with 0 on the first line (so, warrior=1, cleric=2, paladin=3, and so on). In the file "Races.txt" is a list of what each value for race translates into, again starting with 0 on the first line (so, human=1, barbarian=2, erudite=3, and so on).

    For PrimaryOffset and OffhandOffset, you need to do some looking up of things. Go to lucy.allakhazam.com and look up the item you equip in your main hand. Click on "raw" in the upper-right corner, and scroll down to see what the value for "idfile" is (it will be in the format "ITxxxxx", where xxxxx is a number). Convert that number to hexadecimal, and search for that, making sure to put the least significant byte first (for example, if you're equipping Fabled Fiery Staff of Zha, the value for idfile is IT10506...10506 in hex is 290a, so you'd search for 0a 29). Do the same for the item in your offhand.

    The process for finding OwnerIDOffset is unchanged.

    Bear in mind that you won't get valid hits for some these if you're using the debug server that comes stock with the distro as of this writing, because some of the offsets (ClassOffset, RaceOffset, PrimaryOffset, and OffHandOffset) are outside the range of data that is displayed by the unmodified debug server that comes in the distro.

    As for the "failed to obtain valid memory pointer" error - did you reload the offsets using the "r" command after you put in the primary offset for CharInfo? If not, you may want to try again. If so, maybe try targeting yourself and use "et" rather than "es". If that fails too, there may be a problem using the "es" and "et" against the test client.
    Last edited by wxh; 07-20-2018 at 07:14 AM.

  6. #6
    Registered User
    Join Date
    Jul 2002
    Posts
    52

    Re: How to find offsets

    Sorry, i meant to post back.. i used the built in offset finder in the server and it found me the Zoneaddr and from there i followed the instructions in the ini..(just cause i was in there at the time) But this write up is great, i will use it in the future today was the first time i ever found my own offsets.. kinda happy inside

  7. #7
    Registered User
    Join Date
    Jul 2002
    Posts
    52

    Re: How to find offsets

    wow.. it has been too long since i tried to use what little brains i have So.. "Once that's done, LevelOffset is pretty easy to find, since you know your level, and you can get second- or third-target verification because you know the level of any NPC you /con anymore, so you can search for those."

    so i target say a guard.. lvl 55 do es in server.. ctrl-f to search am i searching for 55 in hex or dec? or am i just wrong totally...

    And now to show my limited understand of memory and hex..

    CharInfo=0xe5c8f0 So this is the offset for charinfo obviously.. i look in es in server and i see my toons name at the 5th byte of 0xe0 so that i assume i where you get 0xe5 BUT.. what is the c8f0 after that?

    P.S. thank you. i love learning but feel stupid as hell with this

  8. #8
    Registered User
    Join Date
    Aug 2002
    Posts
    29

    Re: How to find offsets

    You're searching for hex values, so if the guard is level 55, you'll want to search for 37 hex.

    And actually, the e5 in 0xe5c8f0 doesn't point to your character's name...that's just a coincidence. That whole number (0xe5c8f0, or 15059184 decimal) is the offset from the start of EQ's allocated RAM where the pointer to the structure that describes your character is stored. When you do es (or et or ew or ez), each line of output is formatted something like this:

    0000: 11 11 11 11 11 11 11 11 11 42 11 11 11 11 11 11 .........B......

    In this case, the 0000 on the left represents the offset from the start of the data structure being examined that the data on this line represents. The next 16 2-digit numbers are the hex values stored starting at that offset, and the dots to the right are the ASCII representation of those hex values (assuming that a given value has an associated printable ASCII character - lots don't). In this case, all 16 bytes stored starting at offset 0 of the structure being examined have a value of 0x11, except for the one at offset 0x09, which has a value of 0x42.

  9. #9
    Registered User
    Join Date
    Jun 2018
    Posts
    7

    Re: How to find offsets

    I am so trying to get my head around this and would enjoy working this out but have spent a few hours and cannot get passed this part:


    Then, go through all of the secondary offsets andfind what values are stored at the indicated addresses (for example, the secondary offset "NameOffset" is0xa4, so at 0xa4, you should see your character's first name). Write down the values you find at eachof the secondary offsets listed below- this will help you know what to search for when trying to findyour own offsets later on. For HideOffset, do this with some form of invisibility on your character, andremember what form of invisibility you used.HideOffset (4 bytes): (invis type: )LevelOffset (1 byte):ClassOffset (2 bytes):RaceOffset (2 bytes):PrimaryOffset (4 bytes):OffhandOffset (4 bytes):
    For instance Leveloffset currently says LevelOffset=0x1b0 so I look at 0x1b0

    0x1b0) 42 0b 00 00 00 00 00 00 00 ff ff ff ec 7a 60 00

    I am currently 60 and see a 60. I have no idea what to do next. Write down what part? Search for what? All the levels of mobs and myself are wrong currently and I have tried changing the 0x1b? with ? being 0 all way up to F and nothing.

    Hope someone pops new ones up as I am clueless =)

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

You may post new threads
You may post replies
You may post attachments
You may edit your posts
HTML code is Off
vB code is On
Smilies are On
[IMG] code is On