| View previous topic :: View next topic |
| Author |
Message |
Zanzer I post too much
Reputation: 126
Joined: 09 Jun 2013 Posts: 3278
|
Posted: Fri Sep 11, 2015 3:05 pm Post subject: |
|
|
Increase the final offset in your pointer by 1, 2, and 3, while keeping the 1-byte size.
Change those values and see if they have any impact on your magic find.
For example, the pointer in your screenshot showed the address 0047F938.
Create 1-byte address for 0047F939, 0047F93A, and 0047F93B as well.
Only change the value in those 3 new addresses and see if it has an impact.
|
|
| Back to top |
|
 |
Rydian Grandmaster Cheater Supreme
Reputation: 31
Joined: 17 Sep 2012 Posts: 1358
|
Posted: Fri Sep 11, 2015 3:06 pm Post subject: |
|
|
Okay which movsx only shows up when you're standing still and have MF on, but aren't changing your gear?
_________________
|
|
| Back to top |
|
 |
Tirpitz721 Newbie cheater
Reputation: 0
Joined: 10 Sep 2015 Posts: 14
|
Posted: Fri Sep 11, 2015 3:17 pm Post subject: |
|
|
| Rydian wrote: | | Okay which movsx only shows up when you're standing still and have MF on, but aren't changing your gear? |
The "count" keeps going up, at 5k now. I made a new game with the 25% MF ring equipped, I just opened up the character window and inventory window, didn't move or anything.
Will try what Zanzer suggested, if I can figure it out.
*EDIT*
| Zanzer wrote: | Increase the final offset in your pointer by 1, 2, and 3, while keeping the 1-byte size.
Change those values and see if they have any impact on your magic find.
For example, the pointer in your screenshot showed the address 0047F938.
Create 1-byte address for 0047F939, 0047F93A, and 0047F93B as well.
Only change the value in those 3 new addresses and see if it has an impact. |
That address changes it seems....
| Description: |
|
| Filesize: |
75 KB |
| Viewed: |
5530 Time(s) |

|
| Description: |
|
| Filesize: |
807.96 KB |
| Viewed: |
5538 Time(s) |

|
|
|
| Back to top |
|
 |
Zanzer I post too much
Reputation: 126
Joined: 09 Jun 2013 Posts: 3278
|
Posted: Fri Sep 11, 2015 4:11 pm Post subject: |
|
|
Yes, the address changes. Increase whatever it changes to by 1, 2, and 3.
If you double-click your current pointer, it'll have offsets listed.
You can simply increase the top offset by 1, 2, and 3.
Copy and paste the current table address to make copies.
|
|
| Back to top |
|
 |
Rydian Grandmaster Cheater Supreme
Reputation: 31
Joined: 17 Sep 2012 Posts: 1358
|
Posted: Fri Sep 11, 2015 4:27 pm Post subject: |
|
|
So my line of thought was something like...
| Quote: | | Click one of the movsx instructions and then click Show Disassembler. That should target it in the upper half of the memory viewer window. In there, right-click it and Find What Addresses This Instructions Accesses and it should target the proper addresses instead of the middle of them potentially. |
Then I was like "oh wait it's actually just byte in the movsx".
So... I guess do that for all four movsx instructions and see if the addresses they're accessing are the same or different?
_________________
|
|
| Back to top |
|
 |
Tirpitz721 Newbie cheater
Reputation: 0
Joined: 10 Sep 2015 Posts: 14
|
|
| Back to top |
|
 |
panraven Grandmaster Cheater
Reputation: 62
Joined: 01 Oct 2008 Posts: 960
|
Posted: Fri Sep 11, 2015 4:47 pm Post subject: |
|
|
Not sure if this of any use... I saw there seems a pattern in a pic in previous page, so I try to find what the pattern is, this the result.
| Code: | 0B32F480 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F4A8 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F4D0 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F4F8 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F520 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F548 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F570 .. .. .. .. .. .. .. 06 .. .. 04 .. .. .. .. .. .. .. .. .. .. .. .. .. .. 06 .. .. 04 .. .. .. .. .. .. .. .. .. .. ..
0B32F598 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. 01
0B32F5C0 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. 01 .. .. 0A .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F5E8 .. .. .. .. .. .. .. .. .. .. .. .. .. 02 .. .. 08 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..[09].. .. .. .. ..
0B32F610 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F638 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F660 .. 03 .. .. 0C .. .. .. .. .. .. .. .. .. .. .. .. .. .. 01 .. .. 0E .. .. .. .. .. .. .. .. .. .. .. .. .. .. 02 .. ..
0B32F688 03 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F6B0 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. 02 .. .. 0D .. .. .. .. .. .. ..
0B32F6D8 .. 01 .. .. .. .. .. 07 .. .. 0D .. .. .. .. .. .. .. .. .. .. .. .. .. .. 01 .. .. 06 .. .. .. .. .. .. .. .. .. .. ..
0B32F700 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F728 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. 06 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F750 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F778 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F7A0 .. .. .. .. .. 01 .. .. 09 .. .. .. .. .. .. .. .. .. .. .. .. .. .. 08 .. .. 09 .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F7C8 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F7F0 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. 05 .. .. ..
0B32F818 .. .. .. .. .. 0B .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F840 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F868 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F890 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. 05 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. 03 ..
0B32F8B8 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F8E0 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F908 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. 04 .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F930 .. 02 .. .. 0F .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..[01].. ..
0B32F958[09].. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F980 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F9A8 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F9D0 .. .. 0F 0F 0F 0F 02 0F 0F 0F 0F .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F9F8 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32FA20 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32FA48 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32FA70 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32FA98 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32FACO .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
81-byte pattern
90 BB E9 F1 52 49 E9 AE F1 90 BB E9 F1 ... (snip) ... E F1 90 BB E9 F1 52 49 E9 AE F1
restruct to 9x9-byte pattern
90 BB E9 F1 52 49 E9 AE F1
90 BB E9 F1 52 49 E9 AE F1
90 BB E9 F1 52 49 E9 AE F1
90 BB E9 F1 52 49 E9 AE F1
90 BB E9 F1 52 49 E9 AE F1
90 BB E9 F1 52 49 E9 AE F1
90 BB E9 F1 52 49 E9 AE F1
90 BB E9 F1 52 49 E9 AE F1
90 BB E9 F1 52 49 E9 AE F1
|
It seems
(display byte - 9-byte-pattern + 256) % 256 => real byte?
If there are an isolated constant pattern of "90 BB E9 F1 52 49 E9 AE F1" from other address, it may be used in some encrypt/decrypt subroutine?
bye~
ADDED:
1. I replace the '00' with '..' so that some more pattern can be easier seen. It seem most logical 'value' in this region is in 3-byte size each, except that of b32f9d0.
2. the 9-byte pattern may be from an addition instead of substration, so that the referenced 9-byte pattern may be '70 45 17 0F 9E B7 17 52 0F', and it is not necessary start from '70 45 17...' or '90 bb e9...'. oops :O
3. there may be some debugger has some xlat function that can be reveal some simple encryption, but I can't find one from google. (I saw this function in heiw.exe but it is not a runtime debugger). .... may be a custom translate function in ce memory view 'display type' option?
bye~
_________________
- Retarded.
Last edited by panraven on Fri Sep 11, 2015 7:12 pm; edited 2 times in total |
|
| Back to top |
|
 |
Tirpitz721 Newbie cheater
Reputation: 0
Joined: 10 Sep 2015 Posts: 14
|
Posted: Fri Sep 11, 2015 4:54 pm Post subject: |
|
|
panraven,
Wow no idea how you got all that information, pretty clever. No idea what to do with it either. This stuff is so far over my head I completely lost. I figured all I needed to do was find the pointer and I'd be set for fixing the magic find value... how wrong I was.
|
|
| Back to top |
|
 |
Rydian Grandmaster Cheater Supreme
Reputation: 31
Joined: 17 Sep 2012 Posts: 1358
|
Posted: Fri Sep 11, 2015 5:14 pm Post subject: |
|
|
Yeah the issue is finding what the value is stored as.
So no luck finding your total MF value by searching for the number when it changes?
_________________
|
|
| Back to top |
|
 |
Zanzer I post too much
Reputation: 126
Joined: 09 Jun 2013 Posts: 3278
|
Posted: Fri Sep 11, 2015 5:14 pm Post subject: |
|
|
Change the 950 to 951. Click OK. Change the value and see if your MF changes.
Change the 951 to 952. Click OK. Change the value and see if your MF changes again.
Change the 952 to 953. Click OK. Change the value and see if your MF changes again.
If your MF changes at each place, then it is likely as panraven stated. The value is encrypted.
Figuring out how to decrypt it is probably beyond your ability and too complicated for us to walk you through it.
|
|
| Back to top |
|
 |
Tirpitz721 Newbie cheater
Reputation: 0
Joined: 10 Sep 2015 Posts: 14
|
Posted: Fri Sep 11, 2015 5:23 pm Post subject: |
|
|
| Rydian wrote: | Yeah the issue is finding what the value is stored as.
So no luck finding your total MF value by searching for the number when it changes? |
So wait, you want me to search for the magic find number represented in game, or the represented value in CE?
| Zanzer wrote: | Change the 950 to 951. Click OK. Change the value and see if your MF changes.
Change the 951 to 952. Click OK. Change the value and see if your MF changes again.
Change the 952 to 953. Click OK. Change the value and see if your MF changes again.
If your MF changes at each place, then it is likely as panraven stated. The value is encrypted.
Figuring out how to decrypt it is probably beyond your ability and too complicated for us to walk you through it. |
K that's what I thought it was, but I wanted to be sure as to not mess anything up. So I did what you asked, and there was no change in game of the magic find value.
|
|
| Back to top |
|
 |
Rydian Grandmaster Cheater Supreme
Reputation: 31
Joined: 17 Sep 2012 Posts: 1358
|
Posted: Fri Sep 11, 2015 6:10 pm Post subject: |
|
|
The one represented in-game, were you ever able to find that normally?
_________________
|
|
| Back to top |
|
 |
Tirpitz721 Newbie cheater
Reputation: 0
Joined: 10 Sep 2015 Posts: 14
|
Posted: Fri Sep 11, 2015 6:43 pm Post subject: |
|
|
| Rydian wrote: | | The one represented in-game, were you ever able to find that normally? |
No I was never able to find that. I used the "unknown value" to start, then increase/decrease when I was changing the rings in game to whittle it down. That's pretty much the problem, the in game value has nothing to do with the value displayed in CE. As I listed in the OP, 174 (byte value) = 0% MF in game.
That's what you were asking right?
When I first started I was looking for the in game stat, which was 21% and 25%. I found them, but when I tried to change the value it crashed the game. This was a head scratcher until I realized what was going on. The values it was finding were the 21% and 25% values on the ring, in my inventory, not the MF value stat on my character.
|
|
| Back to top |
|
 |
Zanzer I post too much
Reputation: 126
Joined: 09 Jun 2013 Posts: 3278
|
Posted: Fri Sep 11, 2015 7:39 pm Post subject: |
|
|
If only you knew assembly and could break and trace the instruction to see what it's doing.
It almost appears as if the value is really 4-bytes but the game spread them out in memory in 1-byte chunks.
You simply can't have such a huge value as you've shown using a single byte.
|
|
| Back to top |
|
 |
Tirpitz721 Newbie cheater
Reputation: 0
Joined: 10 Sep 2015 Posts: 14
|
Posted: Fri Sep 11, 2015 9:37 pm Post subject: |
|
|
Unfortunately it's over my head. How difficult is it to learn? Like are there videos or something a person could watch? That's pretty much how I learned to find the pointer, the power of YouTube.
But you're probably right about it being a 4 byte value. I was never able to get it over 15% MF in game by changing the value in byte. Problem with the 4 Byte value is changing it yields a ridiculously large MF value.
|
|
| Back to top |
|
 |
|