[File Info]
PatchDate=10/31/2005

[Port]
port=7575

#Zone - 0x9239E0 + 0x40 = 0x923A20

[Memory Offsets]
SpawnHeaderAddr=0x905CC4
CharInfo=0x905CF8
TargetAddr=0x905D04
ZoneAddr=0x923A20
ItemsAddr=0x905CC8

[SpawnInfo Offsets]
NameOffset=0x0120
LastnameOffset=0x0001
XOffset=0x0034
YOffset=0x0030
ZOffset=0x0038
SpeedOffset=0x0048
HeadingOffset=0x004c
PrevOffset=0x0220
NextOffset=0x0214
TypeOffset=0x0244
LevelOffset=0x024c
HideOffset=0x0250
ClassOffset=0x0252
SpawnIDOffset=0x0258
RaceOffset=0x0260

[GroundItem Offsets]
PrevOffset=0x0220
NextOffset=0x0214
IdOffset=0x08
DropIdOffset=0x0C
XOffset=0x0034
YOffset=0x0030
ZOffset=0x0038
NameOffset=0x2C


I Can Not Get the rest of the server in debug mode Commands to Work example.

ft Banker_Ceridian000

is coming up with nothing i Did Find and his name and it said in chat

Searched for NPC ID: 1179999
Found NPC 'Banker_Ceridan000'

so thats has to be his right name?

Same thing go's for all the Commands only one that works is
fz) find zonename using pZone (zonename)

I'm Using EverQuest Titanium Version Maybe offsets are Different then whats in Debugger

I have no Problem Trying to Find my Own Offsets with a Memory Edit if someone can just explain how to find them.?

Scratch All in Red These Are Working offsets of EverQuest Titanium!

Ty so Much For the Help Guys

The problem with your search is that you are looking for "ft Banker_Ceridian000" rather than "ft Banker_Ceridian00". NPCs ussually have two zeros after their name. Some named and corpses only one one zero after their name. Actually with such an old version of the exe use will probably have to upade the secondary offsets. Until you do that myseqserver in debug mode will not be able to find any offsets that make sense except for the zone offsets. It relies on knowing the name offset and working off of that. I personally use HexDen and Cheat Engine. The first thing you search for is a name. Player names are easier to find then NPCs names until you get used to them. There will be at least two memory structures that have the name in it. I assume one is an internal memory structure used for common computations another is only for the video thread (well it doesn't seem EQ is multithreaded well but the video dll calls anyway). (HINT search for a player that you DO NOT have selected or have selected in the near past) that willl multiply the number of search results by a lot that is if you have something selected. Probably a little late to mention this but you should have a basic understanding of C++ and how memory structures work internally. What I do with HexDen is
find a name and identify which of the two memory stuructures is the one you are looking for. I believe the one you are looking for includes the last name not too far above the name. Look for pointers and identify the prev and next pointers in the doubly linked list. They are usually the second and third DWORDs respectively in the list and from what I have been able to tell in my limited experience in MySEQ they change very rarely if ever. Once you identify the name offset relative to the structure base pointer it should be trivial identifiying the other elementents of the list. You compare one spawn to another and find the differenceds in HexDen or Cheat Engine is very good at identitiying real time changes to identify things like postition and velocity. I think I am going to leave it at that. If you are looking at a more comprehensive and more comprehensible tutorial I am pretty sure I am going to edit this post after the night of my 21st birthday. lol (LOL). It should be a pretty good start though for anyone with sufficient C++ experience. I don't have the titanium version or I would be more than happyto find the offsets for you for an emulated server. To reiteriate Most NPC name end with two numerical didgets. The ones that do not include this are the corpses and named in combat zones. Even if you type the correct NPC names the myseqserver in debug mode will not work unless you have the Name, Prev, and Next offsets.

Sweet Ty 65536 I'll Give that a Try. And How do i update the secondary offsets for Server Debug Mode I Have C++ if there is a source Code that i can edit the offsets.

Hey is there a Way to Use MacroQuest 2 to Find any of these offsets because i have the Right Version for my eqgame.exe?

Okay Can someone Help me i'm Using Winhack V2 to Search for
Hunting for the Target

i Looking for Target Banker_Ceridan000

Found:
0x0c14b407
0x0c14c757

And Following with just Banker Ceridan Had no Underscore or Numbers?
0x0c14b44a

I Did Do backup' by NameOffset bytes witch is 17 Bytes in First 2 Hex Values.

Them are only 3 i find in game with that Name Is there something i'm doing wrong?

Also in MySeQ How would i Tell if i have right Address i Press F9 to show Target info and nothign pops up would it show on map somewhere like above my position?

This is how EQ stores spawn data. There is a variable in EQ's memory that stores the memory address of your spawn structure this does not change until EQ is recompiled. The offset of that variable is SpawnHeaderAddr and CharInfo. Then each spawn has a pointer that gives you the memory address of the next spawn in the list until you reach the end of the list. At the end of the list the pointer is set to zero. So what you do is search the memory for an NPC's name. If you search for the one with underscores and numbers you will always get at least two results. Searching for the name without those characters is the display name of a mob. That is also stored in the spawn structure. After you do both searches compare the memory offsets. If you find two results for the NPC name and display name that are close together then you know that those two are contained within the spawn structure. In your previous search you found 0x0c14b407 and 0x0c14b44a. So you know that 0x0c14b407 is the NPC name that you are looking for. You back up from there and try to find the pointer that points to the next spawn. You generally look for values between 0xc00000 and 0xf00000. Some next pointers may not be in that range, but most are. Once you find something that looks like a next pointer go to the memory address that the pointer points to. Look down a ways and see if you see an NPC name. If you don't see any names then that is not the correct pointer. Keep in mind that PCs store memory in little-endian order, meaning all the bytes are reversed. The value FF 42 E9 72 would be 72 E9 42 FF in little-endian. Once you have found the next pointer, in the next spawn structure after the one you initially searched for find the name and find the number of bytes it is away from the begining of the spawn structure. That number goes in your NameOffset. Now find the offset from the begining of the spawn structure for the next pointer. That goes into the NextOffset the PreviousOffset should be right next to it. Now you have everything you need to find some primary offsets. Once you have that done MySEQ should work fine in debug mode. To find the rest of the secondary offsets you find the spawn structure of something you know and search for the known value nearby. There are many different methods of finding the offsets, you don't have to follow my suggestions exactly.

Yes, you can use MacroQuest for the offsets if you have a working copy of it for your executable. In the MQ2Main folder, look for the file eqgame.h. This is where the memory offsets MQ2 uses for EverQuest are located. Here is a list of the ones you're looking for, and their corresponding purpose in MySEQ.

The first one is SpawnHeaderAddr, this is pinstSpawnManager.
Next CharInfo, which is pinstCharSpawn.
Next TargetAddr is pinstTarget.
Next ZoneAddr is instEQZoneInfo + 0x40. (This is because ZoneInfo "technically," starts with character name, however, myseq doesn't take that into account automatically, so we must manually adjust the offset.) To add the 0x40 you can use the windows calculator set in hex mode.
Finally ItemsAddr is pinstEQItemList.

So you end up with this (replace the MQ2 names with the appropriate values, of course):

[Memory Offsets]
SpawnHeaderAddr= pinstSpawnManager
CharInfo= pinstCharSpawn
TargetAddr= pinstTarget
ZoneAddr= instEQZoneInfo + 0x40
ItemsAddr= pinstEQItemList

Next you'll need to update the structures. These are located in EQData.h.

SpawnInfo is the same thing as struct _SPAWNINFO. The member variables will look like this...

/*0x0000*/ void *vtable;
/*0x0004*/ struct _SPAWNINFO *pPrev;

... lets say we want the value for PrevOffset, it would be 0x0004. Simple enough eh? So...

[SpawnInfo Offsets]
NameOffset= Name
LastnameOffset= Lastname
XOffset= X
YOffset= Y
ZOffset= Z
SpeedOffset= SpeedRun
HeadingOffset= Heading
PrevOffset= pPrev
NextOffset= pNext
TypeOffset= Type
LevelOffset= Level
HideOffset= HideMode
ClassOffset= Class
SpawnIDOffset= SpawnID
RaceOffset= Race

GroundItem is the same as _GROUNDITEM, use the same process as SpawnInfo.

[GroundItem Offsets]
PrevOffset= pPrev
NextOffset= pNext
IdOffset= ID
DropIdOffset= DropID
XOffset= X
YOffset= Y
ZOffset= Z
NameOffset= Name

Theres a whole bunch of stickies and info on how to find offsets. Look around a little.

2^16, do you have that version around to muck with?

Someone asked me awhile ago to do this (for the free server thing) and I told them I needed the EQ version, then I didn't hear much after that.

Yea i'm the Torrent Hoster for the Version to play For Free

One Thing i'm Noticing My Charater Position Seems to Be Off Any idea what would cause this?

Also All Maps And Spawns are liek Offset too Kinda Weird?

Any Ideas?

I Have Two EQ windows open though and i'm maken Sure right charater is selected on MySEQ

Or do you have to Play with the offset X, Y and Scale and Z Negand Z Pos At Bottom of MySEQ?

Forgot about torrents. I'm downloading titanium now.

Download This one if you want

http://www.demonoid.com/files/details/1285730/3675925/

It's my Torrent i'm Hosting for EverQuest Titanium.

Try flipping the X and Y offset values in [SpawnInfo Offsets]. Everquest goes by Y,X instead of X,Y, and I think MySEQ automatically accounts for that.


One Thing i'm Noticing My Charater Position Seems to Be Off Any idea what would cause this?

Also All Maps And Spawns are liek Offset too Kinda Weird?

Any Ideas?

I Have Two EQ windows open though and i'm maken Sure right charater is selected on MySEQ

Or do you have to Play with the offset X, Y and Scale and Z Negand Z Pos At Bottom of MySEQ?

Alright I'll Try that now

Sweet Seems that Fixed it Thanks again! Going to Post the Corrent INI Info Now seems to be 100% working

Offsets for EverQuest Titanium Private Server (EQEMU)



[File Info]
PatchDate=10/31/2005

[Port]
port=7575

#Zone - 0x9239E0 + 0x40 = 0x923A20

[Memory Offsets]
SpawnHeaderAddr=0x905CC4
CharInfo=0x905CF8
TargetAddr=0x905D04
ZoneAddr=0x923A20
ItemsAddr=0x905CC8

[SpawnInfo Offsets]
NameOffset=0x0120
LastnameOffset=0x0001
XOffset=0x0030
YOffset=0x0034
ZOffset=0x0038
SpeedOffset=0x0048
HeadingOffset=0x004c
PrevOffset=0x0220
NextOffset=0x0214
TypeOffset=0x0244
LevelOffset=0x024c
HideOffset=0x0250
ClassOffset=0x0252
SpawnIDOffset=0x0258
RaceOffset=0x0260

[GroundItem Offsets]
PrevOffset=0x0220
NextOffset=0x0214
IdOffset=0x08
DropIdOffset=0x0C
XOffset=0x0030
YOffset=0x0034
ZOffset=0x0038
NameOffset=0x2C

MacroQuest 2 (MQ2) Offsets for EverQuest Titanium Private Server (EQEMU)




[Run_Speed]
Description="Makes you Run at Bard Speeds."
DefaultSetting=off
Version="2005.10.31"
address0=0x009237B4
normal0="01"
crack0="02" # May Set this to 03 + to Run even Faster.



For you MQ2 Addicts I've so Far Found

Just Run Speed I Will Continue to Search for the Rest I'm No Expert but I'm Trying to learn =)

Starting working on offsets just before you posted them lol. They are the same as what you have posted except I also have the offsets for the ground items. I did notice one anomaly. All spawns are pointing north until you get near them. It looks like the heading offset is correct, EQEmu must just be funny like that.




[File Info]
PatchDate=10/31/2005

[Port]
port=5555

[Memory Offsets]
ZoneAddr=0x923a20
TargetAddr=0x79db94
CharInfo=0x905ce4
SpawnHeaderAddr=0x905ce4
ItemsAddr=0x905cc8

[SpawnInfo Offsets]
NameOffset=0x120
NextOffset=0x220
PrevOffset=0x214
LevelOffset=0x24c
XOffset=0x30
YOffset=0x34
ZOffset=0x38
LastnameOffset=0x1
RaceOffset=0x260
HideOffset=0x250
ClassOffset=0x252
TypeOffset=0x244
SpeedOffset=0x48
HeadingOffset=0x4c
SpawnIDOffset=0x258

[GroundItem Offsets]
PrevOffset=0x00
NextOffset=0x04
NameOffset=0x2c
IdOffset=0x1c
DropIdOffset=0x1c
XOffset=0x28
YOffset=0x24
ZOffset=0x20

hehe Cool Do you also use MQ2?

Nope, never used MQ2.

Should Try it Out it's Fun if you Play on EQEMU you Need Version 2005-11-01.zip

From http://www.macroquest2.com/downloads/zips.php

You will Need C++ or some other Kind of Compiler or if you wish i can Compile you a Copy Let me know

EQEmu doesn't store a heading in the database, atleast the last time I checked. And because of that, when they spawn, the default value is 0 (north). Also most of the mobs won't move unless they have proper mapping, which most servers don't to my knowledge. Its been awhile so I could be wrong?

Might i Ask what you mean by They Spawn North?

It used to be, atleast way back when, that we'd zero the spawn info structure and then just fill in the values we knew for the mob from the database. Since we didn't store heading in the database, it would default to 0. A heading of 0 is due north, which means that they will be facing the north side of the zone.

Hey anyone want to Help me find more MacroQuest 2 Offsets for Version="2005.10.31"

Or Just help find em for Titanium it's Driving me nuts trying to find em lol

Thanks if anyone is up for it

MacroQuest 2 (MQ2) Offsets for EverQuest Titanium Private Server (EQEMU)




[Run_Speed]
Description="Makes you Run at Bard Speeds."
DefaultSetting=off
Version="2005.10.31"
address0=0x009237B4
normal0="01"
crack0="02"

[EnviroFall]
Description="No Fall + Enviro"
Version="2005.10.31"
address0=0x0041C905
normal0="55 8D AC"
crack0="C2 18 00"

[NoEncumber]
Description="Allows for no encumberance"
Version="2005.10.31"
address0=4194C2
normal0="7A 33"
crack0="90 90"

[NoAnon]
Description="NoAnon In Zone"
Version="2005.10.31"
Address0=0x0049D054
Normal0="74"
Crack0="EB"

[NPCWho]
Description="NPC on who list"
Version="2005.10.31"
Address0=0x0049D047
Normal0="0F 85 DA 01 00 00"
Crack0="90 90 90 90 90 90"

[NoDelayJump]
Description="No delay while chain jumping"
Version="2005.10.31"
address0=0x004A2760
normal0="0F 86 DB 00 00 00"
crack0="90 90 90 90 90 90"



More Coming Soon =)

Try flipping the X and Y offset values in [SpawnInfo Offsets]. Everquest goes by Y,X instead of X,Y, and I think MySEQ automatically accounts for that.
Yes there used to be a bit in a flag field that meant to swap the X and Y values. About 2 years ago I figured that was not helpful anymore and just swapped the offsets in the INI file itself and took out the logic in the server.

OffsetX=0x100
OffsetY=0x104

is the same as

OffsetX=0x104
OffsetY=0x100

and then swapping the values read in at those offsets betwee X and Y.

Few More Offsets i Found.



[HideRun]
Description="Hide & Run While in Standing Still or Running Motion."
Version="2005.10.31"
address0=0x00422FD9 #Disable You from Appearing Once your Hidden.
normal0="CB"
crack0="C8"
address1=0x0041FFE7 #Disable You Must be Stand Still to Hide.
normal1="0F 8C 24 FF FF FF"
crack1="E9 25 FF FF FF 90"
address2=0x00422FEE #Disable The Message you Moved and no longer Hidden.
normal2="8A 31"
crack2="5A 01"

[LootAnyCorpse]
Description="Allows you to Loot any Corpse you Find. Also Ones people are looting."
Version="2005.10.31"
address0=0x0052B7F7
normal0="75 11"
crack0="74 11"

[RemoveEffects]
Description="Allows you to click off Any Effect you Wish."
Version="2005.10.31"
address0=0x004BADDB
normal0="74 1F"
crack0="75 1F"


I've Also Found the Drop No Drop items But i want to Keep that one for my self Unless you Share something with me i'll Share it with you Sorry.

Anyone happen to know what the Titanium offsets would be for the new Primary and Offhand item listing for spawns included in the newest versions? Everything is being reported as an Axe or a string of numbers to me.

Get the latest version of MySEQ. I added these offsets to the ini files that are included with the installer. I also updated the offsets for the Shards of Dalaya, and Secrets of Faydwer client versions too.

If you use the custom options with the new installer, it will even make shortcuts to load the appropriate ini file for the version you need.

Razzle

I currently have 1.27.1 installed, and the Titanium ini file in question here seems to be the only one missing the new primary & secondary item offsets.

Oh bah humbug. Hate when that happens.

At some point i changed the titanum ini file in the install package. I guess something somewhere didn't get updated. Will have to figure that out. But in the meantime.

PrimaryOffset=0x1fc
OffhandOffset=0x200

Here are the offsets for the titanium install.

Razzle

Ok, I figured how I managed to do that. Oops. I guess I should look closer how I set up building the installer package.

The 1.27.1 installer has been updated to include the proper file with those offsets.

I downloaded, installed, and verified the installer includes the offsets for the titanium client now.

Thanks Hidron.

Razzle

Thank you! I also never noticed the Titanium options until you just mentioned them (just been copying from this post). Looks great!