Here is my "Smart EQ Offset Finder." To use it, simply start EverQuest and run the program. Logging into the game is not necessary, it just needs the process to be running. I haven't decided if I want to give out the source-code yet, so for now its only available as a binary.

Another important note is that it only finds the base offsets currently.. I'm working on support for structs as I find time.

http://rapidshare.com/files/142994628/SmartEqOffsets.zip.html

That is really nice. Thank you.

Cool program. Nice work.

do you have one for eq2?

I don't do anything involving EQ2, sorry =/.

I hate to ask, but did you reference the server debug code to write the application? If so you are bound by GPL to release the source.

I hate to ask, but did you reference the server debug code to write the application? If so you are bound by GPL to release the source.

Negative. I'm using a completely different method to find the offsets. The memory class I use is also my own personal code. This application was originally just a test bed for me to integrate the offset detection into EverSight.

New version, new download link... Added support for the zone filename offset, (or ZoneAddr for MySEQ).

http://rapidshare.com/files/146812608/SmartEqOffsets.zip.html

Updated again! It's bad to base pieces of your program on UI elements ;-)

http://rapidshare.com/files/151807582/SmartEqOffsets.zip.html

"The application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem."

If you are experiencing this problem, please verify that you have installed the .NET 3.5 Runtime.

[QUOTE=Carpathian;43444]Here is my "Smart EQ Offset Finder." To use it, simply start EverQuest and run the program. Logging into the game is not necessary, it just needs the process to be running. I haven't decided if I want to give out the source-code yet, so for now its only available as a binary.

Another important note is that it only finds the base offsets currently.. I'm working on support for structs as I find time.

http://rapidshare.com/files/142994628/SmartEqOffsets.zip.html[/QUO
TE]
Hi
Can you let me dpownload the file , i think yhe link is not ok. thanks

hi
i can not go to the link, can you check the new adress? thanks for the great idea

You need to use the link from 2 posts above your first one. It is the current one.

Cant get TargetAddr to work after the 12/09/2008 patch.

I saw the same thing. Guessing that 1 or more secondary offsets changed which the program does not find yet.

I am experiencing too much pain from UI issues at the moment to bother looking further.

guessing that the targetAddr offset is out of the range 0x899f64 to 0xa99f64 that is being scanned?

Found the offset manually. Posted offsets in a new thread.

i tried to find it manually but was unsuccessful.

I'll post a new version soon, it was just a simple mistake in my mask value. I was hoping the next patch wouldn't bork it, since it worked fine on the test server, but I guessed wrong heh.

The new version will have some of the changes I mentioned awhile ago, the biggest is that it will use a filestream instead of memory from now. If I can find time, I'd also like to see the struct code added in for this release also...

And finally, since my playtime/interest for EQ is next to nil, I plan to release the source-code under the GPL. Hopefully someone else will be able to learn something from it, its been an intersting project for me at least.

awesome, I look forward to it!

Nice Carp. Thanks.

I will add it to the File section of SF when you get time to post it.

Neat Carp.

My interest in EQ has been nil since the release of SoD. They just added so much stuff, it seems like I will never catch up. I do some casual play on twinks now, and that is about it. I am thinking of totally starting over on FV.

It has been entertaining to work with the 1.19 code of MySEQ. I should get another 2-3 months of fun out of doing that, and then I might be interested in EQ. But in the meantime, I will just learn more C#. Might be fun to roll the code into the MySEQ server.

Razzle

Finally found some time to fix the Smart EQ Offset Finder. There are two major changes with this version of the offset finder. The first is that instead of reading memory it simply reads the eqgame.exe file. It defaults to eqgame.exe but you can provide your own filename as the first argument.

The second big change is that it is completely GPL now. So enjoy the source code! ;-)

http://rapidshare.com/files/236536564/SmartEqOffsets-0.9.zip
http://rapidshare.com/files/236411835/SmartEqOffsets-src.zip

Almost forgot, I also added the WorldAddr offset too.

This looks like a variation of the FindPattern functions originally posted on GameDeception.

Rather than run a program to find these, why not make the MySEQ server find them automatically, eliminating the need to even use the offset ini file. I do this in several of my MQ2 plugins.

Here's an example for finding an offset I use for detecting mouse movement on the screen's X axis:


// this will get filled with the pointer address
DWORD *gMouseRelX = 0;

.
.
.

// patterns for the scan function - these all get saved in "patterns.h"
unsigned char *mouseRelXPattern = (unsigned char*)"\x89\x0D\x00\x00\x00\x00\x89\x15\x00\x00\x00\x00\x 74\x00\xA1\x00\x00\x00\x00\x8B\x80\x00\x00\x00\x00 \x83\xF8\x00\x74\x00\x83\xF8\x00\x74\x00\x83\xF8\x 00\x75";
char mouseRelXMask[] = "xx????xx????x?x????xx????xx?x?xx?x?xx?x";

// this pattern brings us to this address in eqgame.exe. our pointer address (0xAC95A8) starts at byte 2 (0x89 being byte zero)
// .text:005638ED A0C 89 0D A8 95 AC 00 mov int RelX, ecx
.
.
.

// function for loading offsets (the "return 4" is for an error message. other offset scans have been snipped out)
DWORD GetOffsets()
{
DWORD n = 0;
.
.
.
if(n = FindPattern(0x500000, 0x100000, mouseRelXPattern, mouseRelXMask)) // this returns address 0x5638ED
gMouseRelX = (DWORD*)GetDWordAt(n, 2); // this adds two bytes and returns the pointer address at that location
else
return 4;
.
.
.
return 0;
}

.
.
.

// detect mouse movement
if(*gMouseRelX || *gMouseRelY)
{
// do stuff
}

Basically GetOffsets() gets called during initialization and if there's a problem locating an offset it spits out an error message and exits.


FindPattern files that I use:


// FindPattern.cpp


// originally created by: radioactiveman/bunny771/(dom1n1k?) of GameDeception -----------
inline bool DataCompare(const unsigned char* pData, const unsigned char* bMask, const char* szMask)
{
for(;*szMask;++szMask,++pData,++bMask)
if(*szMask=='x' && *pData!=*bMask )
return false;
return (*szMask) == 0;
}

unsigned long FindPattern(unsigned long dwAddress,unsigned long dwLen,unsigned char *bMask,char * szMask)
{
for(unsigned long i=0; i < dwLen; i++)
if( DataCompare( (unsigned char*)( dwAddress+i ),bMask,szMask) )
return (unsigned long)(dwAddress+i);

return 0;
}
// --------------------------------------------------------------------------------------

// ieatacid - 3/11/09
unsigned long GetDWordAt(unsigned long address, unsigned long numBytes)
{
if(address)
{
address += numBytes;
return *(unsigned long*)address;
}
return 0;
}

// ieatacid - 3/11/09
unsigned long GetFunctionAddressAt(unsigned long address, unsigned long addressOffset, unsigned long numBytes)
{
if(address)
{
unsigned long n = *(unsigned long*)(address + addressOffset);
return address + n + numBytes;
}
return 0;
}


// FindPattern.h


unsigned long FindPattern(unsigned long dwAddress,unsigned long dwLen,unsigned char *bMask,char * szMask);
inline unsigned long GetDWordAt(unsigned long address, unsigned long numBytes);
inline unsigned long GetFunctionAddressAt(unsigned long address, unsigned long addressOffset, unsigned long numBytes);


I've also used these successfully to retrieve structure offsets.

Yeah, the pattern functions are derived from those original functions, except I found them at unknown cheats. I'm not 100% on what their licensing is since I've seen them in both open and closed-source projects. Oh well, opensource here now ;-).

I also have a version that can find the structure offsets, but I haven't finished the masks for ground spawns yet. I might go work on finishing that now. Either way, I'm hoping that the source code will encourage someone to move it into MySEQ-Server. The only downside is right now only 2 people here know how to fix this method, where-as multiple people can find the offsets. I could post a tutorial on how to find/create the masks with IDA Pro I suppose.

Releasing a minor, slightly major, update. Some of the structure offset code is in place so others can work on it too if they desire. It also has support for MySEQ styled output, simply add -myseq as the second argument.

http://rapidshare.com/files/238066999/SmartEqOffsets-0.9.1.zip
http://rapidshare.com/files/238067087/SmartEqOffsets-0.9.1-src.zip

Weird. Coming up with a different SpawnHeaderAddr again (0xac625c). It is showing (0xa4ea58) for CharInfoAddr which is what the prior one the Offset Finder found for SpawnHeaderAddr and the 2 values are generally the same, although the .ini file names it just CharInfo, so not sure it is meant to be the same value used as an offset.

Great work though.

Yeah, I changed that on purpose. The pattern I put into 0.9 was actually supposed to be the pattern for CharInfo.

EQGame actually has about three pointers which all point to the same value currently. This is because Sony has chosen to keep the local player spawn data as the head element of the linked list for awhile now. Thus using SpawnHeader or CharInfo interchangeably will currently yield working results. Back in the day, they used to put the local player randomly into the list, so I always find the two independent offsets still... just in case Sony ever decides to change that again ;-).

Thanks for the information about the name being different between the two. It's weird that whomever added the offset used a different naming convention. I also see that "Primary Offsets" is supposed to be "Memory Offsets".

Keep letting me know if you find anything out the ordinary. I don't have an EQ subscription anymore, so its hard to actually verify anything I do now. The only executables I have to test against are the SoF CD, and the two patch servers.

I don't have an active account either, but I do use someone elses info to keep the game patched to save time if I ever do subscribe again. I will not risk someone elses account to test MYSEQ though, so I can't actually test the offsets.

I don't have a live account either, but am hoping SOE gives out free play time again this summer. Then I can play with this more, great work by the way. Until then I will just play on the emulator servers.

Razzle

Just noticed when running this today that it is not finding the NextOffset.

It's not finding the ptarget info now for Test, using winhex ( im no expert at trying to find offsets) I got 0xb17120 but those wont work either.

I'll check it out once I get back from vacation next week. The target pointer always seems to be a problem, heh.

I downloaded and extracted the program from the links provided on page 2, clicking on the .exe file seems to open up a dialog box for a second then it closes, I'm running vista and have verified that .net 3.5 is installed and eq is running.

Any further directions on how to run the application?

You either need to run it in the same directory as a eqgame.exe file, or run it from command prompt and specify a path as the first argument.

Ex: smartoffsetfinder.exe "C:\Path\To\eqgame.exe"

With todays patch, besides not finding NextOffset (was already not finding), it is also not finding TargetAddr

If you play on test server this will get ya going till Carp can come up with a fix for the offset finder.

[Memory Offsets]
ZoneAddr=0xa75380
ZoneInfoAddr=0xa750c0
SpawnHeaderAddr=0xae859c
CharInfo=0xa70d38
TargetAddr=0xb17120
ItemsAddr=0xa70d08
WorldAddr=0xa70d04

[SpawnInfo Offsets]
NextOffset=0x4
PrevOffset=0x8
LastnameOffset=0x38
XOffset=0x64
YOffset=0x68
ZOffset=0x6c
SpeedOffset=0x7c
HeadingOffset=0x80
NameOffset=0xA4
TypeOffset=0x125
SpawnIDOffset=0x148
HideOffset=0x3c4
LevelOffset=0x3c8
RaceOffset=0xe78
ClassOffset=0xe7c

[GroundItem Offsets]
PrevOffset=0x00
NextOffset=0x04
IdOffset=0x08
DropIdOffset=0x0c
XOffset=0x34
YOffset=0x30
ZOffset=0x2c
NameOffset=0x38

Any word on an update Carp?

bump :eek:

I took some time to check out the source code of this neat tool and corrected the code so that TargetAddr will be found once again.

Within the header file "EQGamePatterns.h" look for below section and replace the code as follows:


/* Offset: TargetAddr
* Last Updated: 10-24-2009
* Found At: 00a6ecc0
* Search In: 0x490000 (Memory), 0x8F000 (File)
*/
DWORD startTargetAddr = 0x8F000;
PBYTE patternTargetAddr = (PBYTE)"\x8A\x81\xB8\x01\x00\x00\x3C\x64"
"\x8B\x35\x70\xEA\xA4\x00\x74\x27"
"\x84\xD2\x75\x3E\x3C\x66\x8B\x0D"
"\x4C\xEC\xA6\x00\x55\x55\x6A\x0D";
char maskTargetAddr[] = "xx??xxxxxxtttt??xx??xxxx????xxxx";

Let's see if the next patch breaks it again.

Enjoy

Good work Fireblade, thanks for fixing it!

Borked again , wont find Target, Zone address and zone information, as well as next offset :confused:

/* Offset: ZoneAddr
* Last Updated: 11-11-2009
* Found At: 00492F84
* Search In: 0x480000 (Memory), 0x76000 (File)
*/
DWORD startZoneAddr = 0x76000;
PBYTE patternZoneAddr = (PBYTE) "\xA4\x24\x00\x00\x00\x00\x90\x8A"
"\x4C\x04\x70\x88\x88\x30\xA5\xB0"
"\x00\x40\x3A\xCB\x75\xF1\x39\x1D"
"\x64\x2C\xA9\x00\x8B\xCD\x74\x04"
"\x6A\x01\xEB\x01\x53\xE8\x6D\x48"
"\xFF\xFF\x39";
char maskZoneAddr[] = "xxxx?xxxxxxxxttttx????xx??xxx?xxxxxxxx????x";


/* Offset: ZoneInfoAddr
* Last Updated: 11-19-2009
* Found At: 0049180D
* Search In: 0x480000 (Memory), 0x76000 (File)
*/
DWORD startZoneInfoAddr = 0x76000;
PBYTE patternZoneInfoAddr = (PBYTE)"\xE1\xFF\xFF\x83\xC2\x44\x52\x68"
"\x80\x1A\xA9\x00\xE8\x08\xDA\x00"
"\x00\x83\xC4\x0C\xB9\x80\x17\xA9"
"\x00\xE8\x3B\x90\xFC\xFF\x50\x8B"
"\x0D\x28\xD4\xA8\x00\xE8\x3F\xDA"
"\xFC\xFF\x8B\x85\x40";
char maskZoneInfoAddr[] = "xxxx?x?x???xx???xxxxxttttx??xxxxx???xx??xxx??";


/* Offset: SpawnHeaderAddr
* Last Updated: 11-19-2009
* Found At: 0048CEE0
* Search In: 0x470000 (Memory), 0x6F000 (File)
*/
DWORD startSpawnHeaderAddr = 0x6F000;
PBYTE patternSpawnHeaderAddr = (PBYTE)"\x8B\x0D\x5C\x62\xAC\x00\x55\x8B"
"\x6C\x24\x08\x8B\x45\x00\x57\x50"
"\xE8\x4B\xE6\x09\x00\x85\xC0";
char maskSpawnHeaderAddr[] = "xxttttxxxxxxxxxxx????xx";



/* Offset: TargetAddr
* Last Updated: 11-19-2009
* Found At: 00a6ecc0
* Search In: 0x490000 (Memory), 0x8F000 (File)
*/
DWORD startTargetAddr = 0x8F000;
PBYTE patternTargetAddr = (PBYTE)"\x8A\x81\xB8\x01\x00\x00\x3C\xF9"
"\x64\x8B\x35\x70\xEA\xA4\x00\x74"
"\x0D\x4C\xEC\xA6\x00\x55\x55\x6A"
"\x0D";
char maskTargetAddr[] = "x???xx??xxxttttx?????xxxx";

This code will fix it for the current eqgame.exe as well as the current testeqgame.exe

However I will need a few more versions with the next patches to make it work reliable again since the OP codes have changed in size.

Edit: Added the code for TargetAddr

Looks like I may need to learn to compile this stuff one of these days.

Every time I try to compile this im getting errors (Visual C++ 08 EE) , perhaps someone could compile and blue could UL it to the SF download page.

Ok. Got the compile figured out. Worked & Offset program is working again, aside from it failing to find the NextOffset. Would be nice for some code to find the Primary & Secondary offsets too.

/bump
anyone got a working version ? or source ?

Bump as well. Or looking for current offsets :)

I'd like it too, but the offsets from here are still working http://www.showeq.net/forums/showthread.php?6547-4-13-Offsets