Memory Values

Uli

Moderator
Staff member
Moderator
Joined
Aug 30, 2010
Messages
208
Will be going through my list of memory values for SWG and explaining them all, there are quite a lot so going to fill it up over time, first will be starting with camera options.

These will be helpful for making tools which requires information from the SWG Client.

Address:
191BFD0
Type:
Byte
Information:
Chase Camera Enable/Disable (1 = Enable, 0 = Disable)

Address:
188A068
Type:
Byte
Information:
Adjusts the Zoom, 0 = Zoomed right in to first person, 1 = zoomed out by 1 etc.

Address:
191BFCC
Type:
Float
Information:
Pitch of the Camera in Radians.
 

lordvenom

New Member
Joined
Aug 15, 2012
Messages
11
Hey there, would you happen to have a value for a camera X-axis? There doesn't seem to be one near that address... I'm trying to get an offset camera.
 

Uli

Moderator
Staff member
Moderator
Joined
Aug 30, 2010
Messages
208
01907F78
01907F7C
01907F80

XYZ

Unsure if thats camera or player but its all I can find on my hdd about them.
 

lordvenom

New Member
Joined
Aug 15, 2012
Messages
11
Hmm, that is the camera direction.

Trying to shift the camera over, so it's more of a "over-the-shoulder" feel. Having the cursor on the character head is rather annoying... though if I recall you can move it above the character...

Anyway thanks for those addresses too.
 

Uli

Moderator
Staff member
Moderator
Joined
Aug 30, 2010
Messages
208
lordvenom said:
Hmm, that is the camera direction.

Trying to shift the camera over, so it's more of a "over-the-shoulder" feel. Having the cursor on the character head is rather annoying... though if I recall you can move it above the character...

Anyway thanks for those addresses too.
There is a file inside the tres which controls that.

Camera/freechasecamera.iff
patch_05.tre
 

lordvenom

New Member
Joined
Aug 15, 2012
Messages
11
Uli said:
lordvenom said:
Hmm, that is the camera direction.

Trying to shift the camera over, so it's more of a "over-the-shoulder" feel. Having the cursor on the character head is rather annoying... though if I recall you can move it above the character...

Anyway thanks for those addresses too.
There is a file inside the tres which controls that.

Camera/freechasecamera.iff
patch_05.tre
I did see this post http://www.modthegalaxy.com/forums/printthread.php?tid=114

I was under the impression that it was not controlled via that.

Although no confirmation was posted.
 

NelkQuyiter

New Member
Joined
Aug 6, 2013
Messages
15
I have a few hundred mem addrs somewhere. mostly to stuff like player struct, target, creo struct, etc. Let me know if anyone wants this and I can dig it up
[hr]
Uli said:
01907F78
01907F7C
01907F80

XYZ

Unsure if thats camera or player but its all I can find on my hdd about them.
I had posted about um in another thread a bit back

SWGEmu.exe+014BE378 Camera-X
SWGEmu.exe+014BE388 Camera-Z
SWGEmu.exe+014BE398 Camera-Y

Those are for the camera

And Lordvenom if you look directly in that memory area (in the next 30 byes or so after Camera-Y) you will find a quaternion to the rotation (ex: axis).
You can actually do a lot with direct-x hooking to mod the camera if you look into it.


-------------
Okay here are some of my mem addrs
Break on Ham (this applies to ANY Creo Struct)
SWGEmu.exe+014CF524 is the target creo I think, don't remember
(SWGEmu.exe+014CF524)+(50:Health,54:Action,58:Mind,5C:Force)
+A4(Cur_Max:Int32)
+A8(Total_Max:Int32)
+AC(Cur_Max:Float)
+B0(Modifer?:?)
+B4(Encumb?:?)

//Creo location (of player)
SWGEmu.exe+014AF29C X
SWGEmu.exe+014AF2A0 Z
SWGEmu.exe+014AF2A4 Y

SWGEmu.exe+014BE378 Camera-X
SWGEmu.exe+014BE388 Camera-Z
SWGEmu.exe+014BE398 Camera-Y

//Zone packet buffer
[[SWGEmu.exe+14A5CEC]+0]+0

//Cell Struct
[swgemu.exe+151BFB4]
+30
+34 (pointer) Cell Struct
-+0 (int64) dunno
-+8 (pointer) ?
+38
+3C
+40 (int32) Movement Tick Counter


I have some more stuff related to targets somewhere (I have a DPS/time-to-kill meter I wrote I can dig up) along with stuff related to ZoneScene (planet stuff and more location, plus I might have the trn heightmap and object list somewhere but I'm not sure).

Let me know
 

Timbab

Administrator
Staff member
Administrator
Moderator
Joined
Oct 6, 2010
Messages
1,057
Location
Magna Germania
By all means, share. :D

Uli is too busy staring at blank walls and making typos to do Emu related stuff these days.
 

NelkQuyiter

New Member
Joined
Aug 6, 2013
Messages
15
aye I'll see what I find next week. Busy studying but I have a research folder from waaay back somewhere. I'm mostly done with SWG but more than happy to share what I know.
 

lordvenom

New Member
Joined
Aug 15, 2012
Messages
11
@NelkQuyiter I was unable to get any results from those addresses you posted. Values showed up but they seemed not to be related to camera/character. Not sure what is the cause of this, unless Uli's .exe directly scrambles the addresses I am unsure.
 

NelkQuyiter

New Member
Joined
Aug 6, 2013
Messages
15
hrm what kind of values? You are trying to read it as a float right? Also if his exe is bigger or smaller than the conventional 14.1 client, some of the addresses could be shifted as well.

Do these:
SWGEmu.exe+014AF29C X
SWGEmu.exe+014AF2A0 Z
SWGEmu.exe+014AF2A4 Y

show the player position?
because I used the same client to find both sets of values.

What are you using to display values (Cheat Engine?)
 

lordvenom

New Member
Joined
Aug 15, 2012
Messages
11
NelkQuyiter said:
hrm what kind of values? You are trying to read it as a float right? Also if his exe is bigger or smaller than the conventional 14.1 client, some of the addresses could be shifted as well.

Do these:
SWGEmu.exe+014AF29C X
SWGEmu.exe+014AF2A0 Z
SWGEmu.exe+014AF2A4 Y

show the player position?
because I used the same client to find both sets of values.

What are you using to display values (Cheat Engine?)
Hey, yeah I'm setting them as floats (I also tried the others byte, 2 byte, 4 byte). --Using cheat engine 6.2 as well--

I loaded those addresses and they gave me 1.31, 1.84, 1.84 (floats).
[None of these addresses -for me- refer to the player coordinates.] Lemme see if I can pull those up...


Actual X: 16436EC0
Actual Y: 16436E6C
Actual Z: 16436E7C
 

fusspawn

New Member
Joined
Jan 30, 2014
Messages
1
Anyone still working at this?

I took a crack at it last night:
Current SWGEMU client values as of 30/1/2014:

PlayerX: SWGEmu.exe + 01913DEC
PlayerY: SWGEmu.exe + 01913DF0
PlayerZ: SWGEmu.exe + 01913DF4

Currently trying to find Player Rotation?
and the Ham Data. Im probally the only person still looking at this now I guess. :/
 

n00854180t

New Member
Joined
Dec 2, 2016
Messages
26
fusspawn said:
Anyone still working at this?

I took a crack at it last night:
Current SWGEMU client values as of 30/1/2014:

PlayerX: SWGEmu.exe + 01913DEC
PlayerY: SWGEmu.exe + 01913DF0
PlayerZ: SWGEmu.exe + 01913DF4

Currently trying to find Player Rotation?
and the Ham Data. Im probally the only person still looking at this now I guess. :/
Necroing this so that people will have it if they are looking for this in the future. Most of the other stuff listed, player xyz, zoom, chasecam flag, still work.

I'll be putting the stable pointers down in the same way Cheat Engine displays them. Brackets [] and the arrow -> denote a pointer. If the address isn't in brackets, it's a final address and doesn't point to another.

------------------

Stable pointers to:

* Player HAM (health is the first val)

["SWGEmu.exe"+015471CC] -> [103F9B80 + 410] -> 0E0964F0

* Target HAM

["SWGEmu.exe"+0153461C] -> [225CDB20+124] -> [225CDC60+4] -> [225CDDC0] -> 225CDC60+480 = 225CE0E0


* Target Name

["SWGEmu.exe"+0152CFC0] -> [22600490+8] -> [0C9DF460+7E0] -> 1DB3B840

Note these are just one of a huge list of stable pointers to these values. I wasn't able to narrow it down. If anyone wants it I'll also upload a pack with the pointer scans, which are easy to update if they break.

---------------

Tutorial on finding Player HAM value:

1) Find out your character's Health and Strength value, then convert these into hex (individually). My character, due to some small wounds, had 796 Health and 12 Strength when I was doing it. 796 is 31C in hex, and 12 is C.

2) We're going to search for "Array of Byte". The format for searching for it is tricky to get right sometimes, so here's an example using the above values 796 and 12: 1C 03 00 00 0C 00 00 00. Replace 1C 03 and 0C with the appropriate values for your character in hex.

3) If you get more than one value, browse memory for each. You should only get at max 2-3 values for this. Only 1 or 2 of them will be valid, while the other has invalid huge ints surrounding it, and importantly doesn't have the Action and Mind values and their substats immediately following the Health values. Add only the ones that also have the Action and Mind values near the Health values.

4) If you need to get a stable pointer to this value, do a pointer scan for that address, then close the game (but not CE), reopen and attach the game, re-find the HAM address for the player, then do a Rescan in the pointer scan window for the new address. Whatever's left over should be stable pointers. Alternatively, do the same thing with the pointer files I've provided (do Open on the file menu in the pointer scan window).

Tutorial on finding Target HAM value:

This one is a bit easier as all you really need to do, aside from finding the stable pointer, is to target something, like a creature in the wild, search the Health value, then target something else with a vastly different value (switching between a lair and a lowbie enemy is good), and search the new value. Most of the original values will be filtered out.

Then do pointer scanning and rescanning as needed (pointer scan files for this also available).

---------

Pointer scan files will be linked a bit later on today.

-----------

009FFD8E is the address where it pushes the string for "No such command, mood or chat type:" and then your input text. If you inject a jmp to your own code here, you can implement new /commands.
 

n00854180t

New Member
Joined
Dec 2, 2016
Messages
26
Code:
// Created with ReClass.NET by KN4CK3R

class PlayerCreatureObjectTemplate
{
public:
	char pad_0004[64]; //0x0004

	virtual void Function0();
	virtual void Function1();
	virtual void Function2();
	virtual void Function3();
	virtual void Function4();
	virtual void Function5();
	virtual void Function6();
	virtual void Function7();
	virtual void Function8();
	virtual void Function9();
}; //Size: 0x0044

class PlayerCreatureController
{
public:
	char pad_0004[64]; //0x0004

	virtual void Function0();
	virtual void Function1();
	virtual void Function2();
	virtual void Function3();
	virtual void Function4();
	virtual void Function5();
	virtual void Function6();
	virtual void Function7();
	virtual void Function8();
	virtual void Function9();
}; //Size: 0x0044

class HAMValues
{
public:
	uint32_t currentHealth; //0x0000
	uint32_t currentStrength; //0x0004
	uint32_t currentConstitution; //0x0008
	uint32_t currentAction; //0x000C
	uint32_t currentQuickness; //0x0010
	uint32_t currentStamina; //0x0014
	uint32_t currentMind; //0x0018
	uint32_t currentFocus; //0x001C
	uint32_t currentWillpower; //0x0020
	uint32_t unknown10; //0x0024
	uint32_t maxHealth; //0x0028
	uint32_t maxStrength; //0x002C
	uint32_t maxConstitution; //0x0030
	uint32_t maxAction; //0x0034
	uint32_t maxQuickness; //0x0038
	uint32_t maxStamina; //0x003C
	uint32_t maxMind; //0x0040
	uint32_t maxFocus; //0x0044
	uint32_t maxWillpower; //0x0048
}; //Size: 0x004C

class PlayerCreatureObject
{
public:
	char pad_0004[12]; //0x0004
	class PlayerCreatureObjectTemplate* characterTemplate; //0x0010
	char pad_0014[24]; //0x0014
	class PlayerCreatureController* controller; //0x002C
	char pad_0030[44]; //0x0030
	float locationX; //0x005C
	char pad_0060[12]; //0x0060
	float locationY; //0x006C
	char pad_0070[12]; //0x0070
	float locationZ; //0x007C
	char pad_0080[248]; //0x0080
	wchar_t* characterName; //0x0178
	char pad_017C[660]; //0x017C
	class HAMValues* characterHAM; //0x0410
	char pad_0414[92]; //0x0414

	virtual void Function0();
	virtual void Function1();
	virtual void Function2();
	virtual void Function3();
	virtual void Function4();
	virtual void Function5();
	virtual void Function6();
	virtual void Function7();
	virtual void Function8();
	virtual void Function9();
}; //Size: 0x0470
Got some useful stuff from ReClass. There's a bunch more to be done there but this gives the basics, XYZ, player name, HAM values.
 
Top Bottom