10-31-05 Offsets Help

[DaHexor]

[File Info]
PatchDate=10/31/2005

[Port]
port=7575

#Zone - 0x9239E0 + 0x40 = 0x923A20

[Memory Offsets]
SpawnHeaderAddr=0x905CC4
CharInfo=0x905CF8
TargetAddr=0x905D04
ZoneAddr=0x923A20
ItemsAddr=0x905CC8

[SpawnInfo Offsets]
NameOffset=0x0120
LastnameOffset=0x0001
XOffset=0x0034
YOffset=0x0030
ZOffset=0x0038
SpeedOffset=0x0048
HeadingOffset=0x004c
PrevOffset=0x0220
NextOffset=0x0214
TypeOffset=0x0244
LevelOffset=0x024c
HideOffset=0x0250
ClassOffset=0x0252
SpawnIDOffset=0x0258
RaceOffset=0x0260

[GroundItem Offsets]
PrevOffset=0x0220
NextOffset=0x0214
IdOffset=0x08
DropIdOffset=0x0C
XOffset=0x0034
YOffset=0x0030
ZOffset=0x0038
NameOffset=0x2C


I Can Not Get the rest of the server in debug mode Commands to Work example.

ft Banker_Ceridian000

is coming up with nothing i Did Find and his name and it said in chat

Searched for NPC ID: 1179999
Found NPC 'Banker_Ceridan000'

so thats has to be his right name?

Same thing go's for all the Commands only one that works is
fz) find zonename using pZone (zonename)

I'm Using EverQuest Titanium Version Maybe offsets are Different then whats in Debugger

I have no Problem Trying to Find my Own Offsets with a Memory Edit if someone can just explain how to find them.?

Scratch All in Red These Are Working offsets of EverQuest Titanium!

Ty so Much For the Help Guys

[65536]

The problem with your search is that you are looking for "ft Banker_Ceridian000" rather than "ft Banker_Ceridian00". NPCs ussually have two zeros after their name. Some named and corpses only one one zero after their name. Actually with such an old version of the exe use will probably have to upade the secondary offsets. Until you do that myseqserver in debug mode will not be able to find any offsets that make sense except for the zone offsets. It relies on knowing the name offset and working off of that. I personally use HexDen and Cheat Engine. The first thing you search for is a name. Player names are easier to find then NPCs names until you get used to them. There will be at least two memory structures that have the name in it. I assume one is an internal memory structure used for common computations another is only for the video thread (well it doesn't seem EQ is multithreaded well but the video dll calls anyway). (HINT search for a player that you DO NOT have selected or have selected in the near past) that willl multiply the number of search results by a lot that is if you have something selected. Probably a little late to mention this but you should have a basic understanding of C++ and how memory structures work internally. What I do with HexDen is
find a name and identify which of the two memory stuructures is the one you are looking for. I believe the one you are looking for includes the last name not too far above the name. Look for pointers and identify the prev and next pointers in the doubly linked list. They are usually the second and third DWORDs respectively in the list and from what I have been able to tell in my limited experience in MySEQ they change very rarely if ever. Once you identify the name offset relative to the structure base pointer it should be trivial identifiying the other elementents of the list. You compare one spawn to another and find the differenceds in HexDen or Cheat Engine is very good at identitiying real time changes to identify things like postition and velocity. I think I am going to leave it at that. If you are looking at a more comprehensive and more comprehensible tutorial I am pretty sure I am going to edit this post after the night of my 21st birthday. lol (LOL). It should be a pretty good start though for anyone with sufficient C++ experience. I don't have the titanium version or I would be more than happyto find the offsets for you for an emulated server. To reiteriate Most NPC name end with two numerical didgets. The ones that do not include this are the corpses and named in combat zones. Even if you type the correct NPC names the myseqserver in debug mode will not work unless you have the Name, Prev, and Next offsets.

[DaHexor]

Sweet Ty 65536 I'll Give that a Try. And How do i update the secondary offsets for Server Debug Mode I Have C++ if there is a source Code that i can edit the offsets.

[DaHexor]

Hey is there a Way to Use MacroQuest 2 to Find any of these offsets because i have the Right Version for my eqgame.exe?

[DaHexor]

Okay Can someone Help me i'm Using Winhack V2 to Search for
Hunting for the Target

i Looking for Target Banker_Ceridan000

Found:
0x0c14b407
0x0c14c757

And Following with just Banker Ceridan Had no Underscore or Numbers?
0x0c14b44a

I Did Do backup' by NameOffset bytes witch is 17 Bytes in First 2 Hex Values.

Them are only 3 i find in game with that Name Is there something i'm doing wrong?

Also in MySeQ How would i Tell if i have right Address i Press F9 to show Target info and nothign pops up would it show on map somewhere like above my position?

[65536]

This is how EQ stores spawn data. There is a variable in EQ's memory that stores the memory address of your spawn structure this does not change until EQ is recompiled. The offset of that variable is SpawnHeaderAddr and CharInfo. Then each spawn has a pointer that gives you the memory address of the next spawn in the list until you reach the end of the list. At the end of the list the pointer is set to zero. So what you do is search the memory for an NPC's name. If you search for the one with underscores and numbers you will always get at least two results. Searching for the name without those characters is the display name of a mob. That is also stored in the spawn structure. After you do both searches compare the memory offsets. If you find two results for the NPC name and display name that are close together then you know that those two are contained within the spawn structure. In your previous search you found 0x0c14b407 and 0x0c14b44a. So you know that 0x0c14b407 is the NPC name that you are looking for. You back up from there and try to find the pointer that points to the next spawn. You generally look for values between 0xc00000 and 0xf00000. Some next pointers may not be in that range, but most are. Once you find something that looks like a next pointer go to the memory address that the pointer points to. Look down a ways and see if you see an NPC name. If you don't see any names then that is not the correct pointer. Keep in mind that PCs store memory in little-endian order, meaning all the bytes are reversed. The value FF 42 E9 72 would be 72 E9 42 FF in little-endian. Once you have found the next pointer, in the next spawn structure after the one you initially searched for find the name and find the number of bytes it is away from the begining of the spawn structure. That number goes in your NameOffset. Now find the offset from the begining of the spawn structure for the next pointer. That goes into the NextOffset the PreviousOffset should be right next to it. Now you have everything you need to find some primary offsets. Once you have that done MySEQ should work fine in debug mode. To find the rest of the secondary offsets you find the spawn structure of something you know and search for the known value nearby. There are many different methods of finding the offsets, you don't have to follow my suggestions exactly.

[Carpathian]

Yes, you can use MacroQuest for the offsets if you have a working copy of it for your executable. In the MQ2Main folder, look for the file eqgame.h. This is where the memory offsets MQ2 uses for EverQuest are located. Here is a list of the ones you're looking for, and their corresponding purpose in MySEQ.

The first one is SpawnHeaderAddr, this is pinstSpawnManager.
Next CharInfo, which is pinstCharSpawn.
Next TargetAddr is pinstTarget.
Next ZoneAddr is instEQZoneInfo + 0x40. (This is because ZoneInfo "technically," starts with character name, however, myseq doesn't take that into account automatically, so we must manually adjust the offset.) To add the 0x40 you can use the windows calculator set in hex mode.
Finally ItemsAddr is pinstEQItemList.

So you end up with this (replace the MQ2 names with the appropriate values, of course):

[Memory Offsets]
SpawnHeaderAddr= pinstSpawnManager
CharInfo= pinstCharSpawn
TargetAddr= pinstTarget
ZoneAddr= instEQZoneInfo + 0x40
ItemsAddr= pinstEQItemList

Next you'll need to update the structures. These are located in EQData.h.

SpawnInfo is the same thing as struct _SPAWNINFO. The member variables will look like this...

/*0x0000*/ void *vtable;
/*0x0004*/ struct _SPAWNINFO *pPrev;

... lets say we want the value for PrevOffset, it would be 0x0004. Simple enough eh? So...

[SpawnInfo Offsets]
NameOffset= Name
LastnameOffset= Lastname
XOffset= X
YOffset= Y
ZOffset= Z
SpeedOffset= SpeedRun
HeadingOffset= Heading
PrevOffset= pPrev
NextOffset= pNext
TypeOffset= Type
LevelOffset= Level
HideOffset= HideMode
ClassOffset= Class
SpawnIDOffset= SpawnID
RaceOffset= Race

GroundItem is the same as _GROUNDITEM, use the same process as SpawnInfo.

[GroundItem Offsets]
PrevOffset= pPrev
NextOffset= pNext
IdOffset= ID
DropIdOffset= DropID
XOffset= X
YOffset= Y
ZOffset= Z
NameOffset= Name

[Seaxouri]

Theres a whole bunch of stickies and info on how to find offsets. Look around a little.

[Seaxouri]

2^16, do you have that version around to muck with?

Someone asked me awhile ago to do this (for the free server thing) and I told them I needed the EQ version, then I didn't hear much after that.

[DaHexor]

Yea i'm the Torrent Hoster for the Version to play For Free

[DaHexor]

One Thing i'm Noticing My Charater Position Seems to Be Off Any idea what would cause this?

Also All Maps And Spawns are liek Offset too Kinda Weird?

Any Ideas?

I Have Two EQ windows open though and i'm maken Sure right charater is selected on MySEQ

Or do you have to Play with the offset X, Y and Scale and Z Negand Z Pos At Bottom of MySEQ?

[65536]

Forgot about torrents. I'm downloading titanium now.

[DaHexor]

Download This one if you want

http://www.demonoid.com/files/details/1285730/3675925/

It's my Torrent i'm Hosting for EverQuest Titanium.

[Carpathian]

Try flipping the X and Y offset values in [SpawnInfo Offsets]. Everquest goes by Y,X instead of X,Y, and I think MySEQ automatically accounts for that.

One Thing i'm Noticing My Charater Position Seems to Be Off Any idea what would cause this?

Also All Maps And Spawns are liek Offset too Kinda Weird?

Any Ideas?

I Have Two EQ windows open though and i'm maken Sure right charater is selected on MySEQ

Or do you have to Play with the offset X, Y and Scale and Z Negand Z Pos At Bottom of MySEQ?

[DaHexor]

Alright I'll Try that now