Results 1 to 13 of 13

Thread: How to find offsets

Threaded View

  1. 07-18-2018, 03:43 PM #1
    wxh
    wxh is offline
    Registered User
    Join Date
    Aug 2002
    Posts
    29

    How to find offsets

    Okay...there have been a few requests for a writeup on how to find offsets, so I threw something together. I'm sure this can be improved upon, but it works.

    Code:
    Preparation:

To prepare to find your own offsets, you'll need to start with correct offsets the first time.  Run the
debug version of the server, click the icon in the upper left of the server.exe window, and select 
"properties".  Select the "Layout" tab, and in the "Screen Buffer Size" box, change "Height" to 3000.
Use the "es" command to display info about yourself.  Then, go through all of the secondary offsets and
find what values are stored at the indicated addresses (for example, the secondary offset "NameOffset" is
0xa4, so at 0xa4, you should see your character's first name).  Write down the values you find at each
of the secondary offsets listed below- this will help you know what to search for when trying to find
your own offsets later on.  For HideOffset, do this with some form of invisibility on your character, and
remember what form of invisibility you used.

HideOffset (4 bytes):                        (invis type:                    )
LevelOffset (1 byte):
ClassOffset (2 bytes):
RaceOffset (2 bytes):
PrimaryOffset (4 bytes):
OffhandOffset (4 bytes):

Note that you can also target an NPC that always has the same items equipped in their main and off hand,
and use the values you get from the "et" command to find all of the secondary offsets except OwnerID and
Hide.  Also note that it might be useful to get some cheap items that you can keep in your bank and
equip in your primary and off hands during offset search, since if you upgrade your equipment, the values
you'll need to search for will probably change.
    Code:
    Finding offsets:

0: A starting note: After identifying each of the offsets we'll be looking for and updating it in the
MySEQ config file, use the "r" command in the debug server to reload the offsets.

1: Click the icon in the upper left of the debug server window, and select "properties".  Select the "Layout"
tab, and in the "Screen Buffer Size" box, change "Height" to 3000.  (This could be something that you only
have to do once, since the setting may be sticky.)

2: Go to the guild lobby

3: In the debug server window, type "fz guildlobby".  Note the returned values.  Try each as the value for
ZoneAddr.  The most likely candidate will be the one whose value is closest to the previous value for ZoneAddr.

4: Target Guardian Rooksis, at the end of the hall leading to the Plane of Knowledge closest to the throne.
In the debug server window, type "ft Guardian_Rooksis00".  Note the returned values.  Try each as the value
for TargetAddr.  The most likely candidate will be the one whose value is closest to the previous value for
TargetAddr.

5: Target yourself (hit F1 in game).  In the debug server window, type "ft " followed by your first name 
(for example, if your character's name is "Flyboy Sopwith", you would type "ft Flyboy").  Note the returned 
values.  Some of the returned values will be identical to the values you got in step 4, above, and can be 
discarded.  Try each of the others as the value for both CharInfo and SpawnHeaderAddr.  The most likely 
candidate is the one whose value relative to the one you settled on in step 4 is closest to the previous
difference between CharInfo and TargetAddr.

6: In the debug server window, type "es" (or "et" with the appropriate NPC targeted if you did your prep
using an NPC).  For the next few pointers, you'll use the "find" function in the debug server window.  To do
this, click the icon in the upper-left corner, select "Edit ->", and then "Find...".  Type the hexadecimal
value for which you want to search into the text box in the Find... window.  For multi-byte values, separate
the bytes with a space and order the bytes from least significant to most significant (for example, to search
for the hex value 0x1234, you would type "34 12" into the search box.  Find the offsets below by searching
for the values you found for them during preparation.  Note that most of these offsets will be even numbers
(numbers that end in 0, 2, 4, 6, 8, a, c, or e).  The only exception I've seen in the last 5 years is 
LevelOffset, which doesn't have that restriction.
6a: Your level (LevelOffset) 
6b: Your race (RaceOffset)
6c: Your class (ClassOffset)
6d: The item you have equipped in your primary hand (PrimaryOffset)
6e: The item you have equipped in your off hand (OffhandOffset)

7: Place the same type of invisibility on yourself as you had during your prep.  In the debug server window,
type "es".  Search for the 4-byte value that corresponds to the invis type you recorded during prep, and use
the offset you find as HideOffset.  Note that it will be on a 32-bit-aligned offset (an offset that ends in
0, 4, 8, or c).

8: Find and target a pet class player who has a pet up.  In the debug server window type "et".  Go to the
offset specified by SpawnIDOffset and note the value stored there.  Target the player's pet and, in the debug
server window, type "et".  Search for the value you recorded for SpawnIDOffset for the pet's owner.
This is OwnerIDOffset.  Note that because you'll have two "et" dumps in the same window, you're going to get
at least two hits here - one for the SpawnID of the pet's owner, which will obviously be at SpawnIDOffset,
and one for the OwnerID of the pet.  Just make sure that when you get a hit, the offset at which the hit was
found makes sense.

9: Go to Plane of Knowledge.  In the server debug window, type "sg".  Note the returned pointers.  One or more
should be of the form "ITnnnnn_ACTORDEF".  Try each of these as the value for ItemsAddr.  The best candidate
will be the one whose value is closest to the previous value for ItemsAddr.

10: In game, type "/time".  Note the game date.  In the debug server window, type "sfw mm/dd/yyyy", where
mm is the month that was returned for game time, dd is the date, and yyyy is the year.  For example, if
/ti returned "Game Time: Monday, December 7, 3141 - 3 AM", you would type "/sfw 12/07/3141".  In all
likelihood, only one pointer will be returned, and this should be used as WorldAddr.
    One thing to note: the amount of data displayed by the "es" and "et" commands is 2048 bytes, which is less than
    the current size of the spawn structure. As a result, some offsets might not be easy to find using just the stock
    debug server (in particular, the current values for ClassOffset, RaceOffset, PrimaryOffset and OffhandOffset fall
    outside the range of data displayed by es and et, and the values for ClassOffset and RaceOffset are in danger of
    being pushed outside the displayed range). I suggest that the distro be updated so that the debug server displays
    8192 bytes for es and et to address this issue, or, even better, those commands would take a parameter, allowing
    the user to request how many bytes are to be displayed.
    Last edited by wxh; 07-20-2018 at 07:15 AM. Reason: Correction to caveat re: amount of data displayed by es/et
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

You may post new threads
You may post replies
You may post attachments
You may edit your posts 		HTML code is Off
vB code is On
Smilies are On
[IMG] code is On