Marsunpaisti How do I cheat? Reputation: 0
Joined: 23 Apr 2009 Posts: 3
|
Posted: Wed Oct 11, 2017 2:47 pm Post subject: Trouble finding list of mobs |
|
|
So I'm trying to R/E a 2d dungeon crawler style game called EUO or EUOtopia, and I'm having troubles finding a static address to an entity list base that would allow me to iterate through the mobs in my C++ program.
I have succesfully found an address which points to the nearest mobs base address that is at most 4 tiles away from the player.
I thought that by finding pointers to that pointer would let me find something static but I keep getting dynamic addresses all the time going up the tree of pointers.
Another weird thing is that the address to which the "nearest mob" pointer points to keeps changing, but the mob in-game that it points to is still the same AKA. same mob being accessed through a constantly changing address. This makes it very difficult for me to search for deeper level pointers since the addresses keep changing.
Any tips on how to go about finding an entity base which I could then add offset*index to iterate through mobs, for example?
Bonus info: at nearest mob base + 4 address is the amount of mobs located in 4 tiles of me. I tried to see what writes to that and the assembly around the part where it increases the nearby-mobs amount is below. What should I be looking for in here?
The increment happens here:
euo.exe+5FAF8 - FF 43 04 - inc [ebx+04]
where ebx = nearest mob base address
ebx+04 = nearby mobs count
Code: | euo.exe+5FA68 - FF 15 B8E04C00 - call dword ptr [euo.exe+CE0B8] { ->MSVCP90.std::basic_string<char,std::char_traits<char>,std::allocator<char> >::operator= }
euo.exe+5FA6E - 8B 54 24 34 - mov edx,[esp+34]
euo.exe+5FA72 - 8B 4C 24 30 - mov ecx,[esp+30]
euo.exe+5FA76 - 8B 44 24 38 - mov eax,[esp+38]
euo.exe+5FA7A - 89 56 30 - mov [esi+30],edx
euo.exe+5FA7D - 8B 54 24 3C - mov edx,[esp+3C]
euo.exe+5FA81 - 89 4E 2C - mov [esi+2C],ecx
euo.exe+5FA84 - 8B 4C 24 40 - mov ecx,[esp+40]
euo.exe+5FA88 - 89 56 54 - mov [esi+54],edx
euo.exe+5FA8B - 0FBF 54 24 4C - movsx edx,word ptr [esp+4C]
euo.exe+5FA90 - 89 46 4C - mov [esi+4C],eax
euo.exe+5FA93 - 8A 44 24 44 - mov al,[esp+44]
euo.exe+5FA97 - 89 4E 58 - mov [esi+58],ecx
euo.exe+5FA9A - 8B 4C 24 48 - mov ecx,[esp+48]
euo.exe+5FA9E - 88 46 5D - mov [esi+5D],al
euo.exe+5FAA1 - 89 4E 50 - mov [esi+50],ecx
euo.exe+5FAA4 - C7 86 94000000 00000000 - mov [esi+00000094],00000000 { 0 }
euo.exe+5FAAE - 89 BE 98000000 - mov [esi+00000098],edi
euo.exe+5FAB4 - 89 56 38 - mov [esi+38],edx
euo.exe+5FAB7 - 83 3B 00 - cmp dword ptr [ebx],00 { 0 }
euo.exe+5FABA - 75 32 - jne euo.exe+5FAEE
euo.exe+5FABC - 89 33 - mov [ebx],esi
euo.exe+5FABE - EB 38 - jmp euo.exe+5FAF8
euo.exe+5FAC0 - 8B 54 24 30 - mov edx,[esp+30]
euo.exe+5FAC4 - 8B 44 24 34 - mov eax,[esp+34]
euo.exe+5FAC8 - 89 56 2C - mov [esi+2C],edx
euo.exe+5FACB - 89 46 30 - mov [esi+30],eax
euo.exe+5FACE - 8B 4D 00 - mov ecx,[ebp+00]
euo.exe+5FAD1 - 89 4E 04 - mov [esi+04],ecx
euo.exe+5FAD4 - 8B 55 04 - mov edx,[ebp+04]
euo.exe+5FAD7 - 83 C5 08 - add ebp,08 { 8 }
euo.exe+5FADA - 55 - push ebp
euo.exe+5FADB - 8D 4E 0C - lea ecx,[esi+0C]
euo.exe+5FADE - 89 56 08 - mov [esi+08],edx
euo.exe+5FAE1 - FF 15 B8E04C00 - call dword ptr [euo.exe+CE0B8] { ->MSVCP90.std::basic_string<char,std::char_traits<char>,std::allocator<char> >::operator= }
euo.exe+5FAE7 - B8 01000000 - mov eax,00000001 { 1 }
euo.exe+5FAEC - EB 0F - jmp euo.exe+5FAFD
euo.exe+5FAEE - 85 FF - test edi,edi
euo.exe+5FAF0 - 74 06 - je euo.exe+5FAF8
euo.exe+5FAF2 - 89 B7 94000000 - mov [edi+00000094],esi
euo.exe+5FAF8 - FF 43 04 - inc [ebx+04]
euo.exe+5FAFB - 33 C0 - xor eax,eax
euo.exe+5FAFD - 8B 4C 24 14 - mov ecx,[esp+14]
euo.exe+5FB01 - 64 89 0D 00000000 - mov fs:[00000000],ecx { 0 }
euo.exe+5FB08 - 59 - pop ecx
euo.exe+5FB09 - 5F - pop edi
euo.exe+5FB0A - 5E - pop esi
euo.exe+5FB0B - 5D - pop ebp
euo.exe+5FB0C - 5B - pop ebx
euo.exe+5FB0D - 83 C4 0C - add esp,0C { 12 }
euo.exe+5FB10 - C2 2C00 - ret 002C { 44 }
euo.exe+5FB13 - CC - int 3
|
|
|