Cheat Engine

iamv3nom · Posted: Mon Nov 04, 2013 9:58 am Post subject: Locating ID for HP Bar?

Hello guys, not posted in here for some time. Just a small (hopefully) request for insight on the NPC structure for Dark Souls.

As will be obvious to the veterans, the live structure is composed of many base structures. One or two that I haven't yet located it seems. One of the base structures looks like it controls whether an enemy is given a HP bar with a name ID (such as bosses and summoned players/NPCs)

I can't seem to find this ID. I believe I have the pointer that goes to the relevant structure, but inside this are of course, hundreds of other structure pointers. I can manipulate the HP bars that are spawned with their given NPC to any degree, but I can't find the 'thisID/on-off/wake-up' function.

Any ideas?

iamv3nom · Posted: Mon Nov 11, 2013 8:27 am Post subject:

Can CE perform a copy/paste function using a script? Not for one value, but an entire section of memory? More to the point, for a game that loads contiguously, if I pull the required data from memory myself, can CE inject this via a saved file?

daspamer · Posted: Mon Nov 11, 2013 8:51 am Post subject:

Yes CE can perform that using lua.

Like

iamv3nom · Posted: Mon Nov 11, 2013 9:03 am Post subject:

None of the addresses in this section are pointers. It's just a base list of parameters to paste over another set of the same type, simply different values at a different location. It won't crash the game as it's only accessed and written to on initial load/death and the data is as expected (to a degree)

daspamer · Posted: Mon Nov 11, 2013 9:14 am Post subject:

So it should work.
I will write the script to 'write' the values to the addresses..
1 question,
you want to write for address, address+4, address+8 and etc. ?
Or you have like specific addresses (0x40000 = 10, 0x50000 = 30 and etc.)

iamv3nom · Posted: Mon Nov 11, 2013 9:22 am Post subject:

Thank you for your assistance Spamer. Is there a way to implement this with an outside file? The data I need would only be available in one section of the game, then when you walk to another section, the game unloads unnecessary sections and loads the next logical parts (contiguously). If I can make a file or files that contain the relevant data to be pasted, then that would be excellent.

Also, do you have any knowledge that would assist in finding the initial ID or call function for the HP bars? (Sorry to be cheeky, but you're the only one who replied)

daspamer · Posted: Mon Nov 11, 2013 10:30 am Post subject:

If you mean, that you store the data you want to write in outside file, then yeah it should be easy.

And, I do not know much about how to call function for the HP bars.
But when looking inital ID, I usually look up in the early offsets or in the very first pointers.

But sometimes the ID and the Health are not stored in the same structure, so look for anything else that in the game that might contain it.

I don't use lately auto assemble or any assembly operation, since I'm more into re-writing the game functions, so I'm not the recommended guy to ask about this kind of stuff.

iamv3nom · Posted: Mon Nov 11, 2013 11:22 am Post subject:

I have been tempted to use use OllyDBG to try and backtrace the function that creates the Names and Bar and maybe change it so it is forced to all game characters. Is this viable? I would make backups of the EXE as I know saving changes in Olly is permanent to the file

Zaladine · Posted: Thu Nov 14, 2013 7:51 am Post subject:

In DMC4, Nero/Dante are able to lock an enemy as their target. Upon locking this enemy, their attacks will be focused/directed to this target. This kind of game mechanic gives advantage for us to search the target ID.

Should Dark Souls has similar mechanic, and suppose that there are 3 enemies: A, B, and C, then locking/targeting on each of them alternately while doing changed/unchanged filtering in CE could result for exactly one address which holds each unique IDs. From this IDs, it's common that we can go deeper to their sub-stats such as HP, Manna, Coordinates, etc... However, this unique IDs address is, most likely, contains the pointer to the targeted enemy base structure.

For DMC4, i still have the addresses. The address of (what i called) Pointer to Targeted Enemy's Base Structure:
[["DevilMayCry4_DX9.exe"+0xA558B8]+0x24]+0x3080

then started from this address, the sub-structures were obtained much more easily (and it was in fact easy for DMC4), i.e.:
- its Current Health : [[["DevilMayCry4_DX9.exe"+0xA558B8]+0x24]+0x3080]+0x2C
- its Max Health : [[["DevilMayCry4_DX9.exe"+0xA558B8]+0x24]+0x3080]+0x28
- its Distance to Player : [[["DevilMayCry4_DX9.exe"+0xA558B8]+0x24]+0x3080]+0x24

So, maybe this could be implemented to Dark Souls in obtaining NPCs ID. The biggest draw back is that upon target changing, the ID will be gone or replaced with the new target's ID. However, there are also minor advantages in this such as killing an enemy only by targeting them via code-injecting.

Anyway, i've read somewhere that there should be list within memory that holds all objects ID, and should we're able to get this list then it would be the best way. This list is a dynamic one since many game could spawn new objects or units while it's running.

Just try to share my experience i hope will give a little idea. CMIIW and please pardon my English...

iamv3nom · Posted: Thu Nov 14, 2013 2:50 pm Post subject:

Hello Zaladine, and thank you very much for your input!

Where Dark Souls is concerned, it has a map loadlist for each area. I have this list pointed to and broken down for each area with all the character ID's. The game uses bonfire checkpoints as a trigger to revive all dead npc's, which I believed meant that each NPC must have it's own seperate bool value for IsAlive status. I can even find the IsAlive string in memory, but I might still be wrong.

My two problems that I have are the ID for names and specific HP bars, and the ID for either the NPC alive bool or even the trigger the bonfire has. I have the 'live' NPC structure pointed at for the characters I am messing with, in the same area of the level that another character has a name ID and bigger than normal HP bar. If I copy and paste one of the pointers from that structure to another structure, even my own, the character it is copied to has the name and HP bar moved over their head, but the damage meter still references the other character.

When I open up the pointer and try to mirror the values in a side-by-side structure dissector window, it does not change. Some parts have to be forcefully nopped to get to change (probably to do with the parent structure) but even so, no luck

I should point out that there are two versions of HP bars in this game. Regular small ones that show a red bar with damage numbers and special ones for bosses, certain NPC's and other players that connect to your world that has a larger HP bar along with a name (of the boss, NPC or player assisting you)

I can deform the bars to my hearts content when they are in the game world, but I can't find the operation or ID that spawns or defines them