Go Back

Rift - Putting it all together

A few people asked me for example code, so I wrote a small proof of concept Entity Reader.

This will basically list all entities in the memory of Rift and list various properties of the entity components. It will also list extended Player/Target information and list group / raid info. This is far from all the available data, but it's all that I have thus far.

If you decide to use this, at least give me some credit and don't try to pass this off as your own work! Other then that, use this as you wish (keep in mind that on the actual source, my usual license still applies).

Also, I will *not* be updating the offsets / pointers /etc. Also if your not a developer/hacker then this proof of concept won't help you. It's not compiled and does not do anything past listing all the entities!

Note, the proof of concept no longer works due to version differences, but it does give the general idea on how it should work (if you update the pointers using my other blogs, it'll probably work again)

Posted by: Da_Teach on Wednesday, March 30, 2011  •  C# Rift

  • Facebook
  • Twitter
  • DZone It!
  • Digg It!
  • StumbleUpon
  • Technorati
  • Del.icio.us
  • NewsVine
  • Reddit
  • Blinklist
  • Add diigo bookmark
  • Just tried this, and unless I did something wrong, the information printed in the console had no useful information.

    It contained nothing pertaining my target or my player.

    Cynikal  •  30 Mar

  • There was a patch yesterday but I'm pretty sure no offsets changed. But thinking about it, I might have zipped up the incorrect version. I'll double check this when I get home (in about 6 hours).

    Da_Teach  •  30 Mar

  • Shards are down in both EU and NA for the patch at the moment anyway. Estimated 4 hours downtime from 8am PDT / 3pm GMT.

    brightemo  •  30 Mar

  • ya thx for sharing this, but got the same problem, tryed to find your pointers in rift.exe from
    26.03 and 20.03 but no luck.

    freitag  •  30 Mar

  • I'll update this once to the 1.1 patch (or hotfix if there is one before I get home). After that you have to look into my previous blog to update pointers.

    Da_Teach  •  31 Mar

  • Hey, nice work! You have basically just given away the Rosetta Stone for Rift (in the right hands, obviously).

    Singleton  •  31 Mar

  • thanks for the update but it seems

    npc namePointer offsets 0x18 and 0x70 are not corrected.

    (var namePointer = memory.ReadInteger(npcComp + 0x18);                  
    (namePointer = memory.ReadInteger(namePointer + 0x70);

    macone  •  01 Apr

  • macone, the name for NPC's is stored in two ways, you have a "default" name and a name that has changed (usually only for pet-names). The last name is read correctly, I never bothered to look at how the first name is retrieved.

    Da_Teach  •  02 Apr

  • thanks for your work but it doesn't work for me... I don't know if I'm doing something wrong...
    I started Rift, logged into my warrior and then started RiftEntitiyReader.exe... then it opens and say
    READING ENTITIES but nothing happens...

    xysoulxy  •  02 Apr

  • Really nice post. Did you guys found anything about LOS?

    CosmosTunes  •  04 Apr

  • I know which function is used in the game to check LOS. Since I don't care about 'cheap hacks', I have not tried to disable that check. And "guys" should be "just me" (I don't work with other people).

    Da_Teach  •  04 Apr

  • Sorry thought maybe some more developers here :) I dont want to deactivate LOS but I need that for my healing script. I have the raid list and distance of each member. But without LOS it doesnt really make sense since the heal wouldnt work most times. Do u have msn? Didnt found any contact details here or on mmoelite.

    CosmosTunes  •  04 Apr

  • Come to IRC (see forum for details), I am on there most evenings (European time), otherwise mail me (da_teach@thehackerwithin.com).

    I don't mind helping you (e.g. giving you the function) but I am not going to release that to the public. It's too easy (for Trion) to blacklist that function (or add special detection routines to it). As such, while I am still playing the game, that info will only be given by request :)

    Da_Teach  •  04 Apr

  • Hey Da_teach!

    Great work on this blog, its helped me alot so far with my reversing and understanding how rift handles data, although I am stuck on exactly "how" to find everything I need from scratch as far as reversing is concerned... although your proof of concept seems perfect start for me! However as we both know the addresses are now out of date, I am NOT asking you to even email me the updated addresses, I can update them myself if I have the binary that you retreived those addresses from! (unless you want to include them :P ) Basicly want to write an  app in C# 4.0 that fully moniters player + pet info while playing in windowed mode, so far I have playerbase and XYZ.. (other in the works :P) any help would be great email attached jayswag01(at)muchomail.com


    jay  •  09 Apr

  •    v5 = ClientEntityComponentPlayer;
      v6 = *(_BYTE *)(ClientEntityComponentPlayer + Entity + 24);
      if ( v6 == -1 )
        v7 = 0;
        v5 = *(_DWORD *)(Entity + 88);
        v7 = *(_DWORD *)(v5 + 4 * v6);
         if ( !dword_120F5C8 )
             dword_120F5C8 = sub_575390();
     |----v13 = sub_6175A0(playerComponentAddress);
     |    sub_5B8BD0(a1, v13);                         
     |    result = a1;
      int __thiscall sub_6175A0(int this)
          return *(_DWORD *)(*(_DWORD *)(this + 0x2C) + 0xF0);)<---Retn/PlayerName?


    I'm In the process of trying to update your PoC, Ive So far it seems to chuck up the XYZ of "NPC's" I'm pretty sure.. but its not finding the player info (skips the if (playerComp != 0))

    Is it because of the added code?:(Ive tryed tinkering with the GetComponent() func thinking that it needed to be changed...) Any help would be awesome thx again.
    v5 = *(_DWORD *)(Entity + 88);
    v7 = *(_DWORD *)(v5 + 4 * v6); 

    jay  •  12 Apr

  • Are you talking about hotfix 16 or another new version?

    Since hotfix 15 has no "big" changes.

    Da_Teach  •  13 Apr

  • Well the C code above is from hotfix #15, the most up to date version as far as i know..(?) But anyway,  the entity reader is finding NPC info like XYZ (not name yet)  but not any player info.. anyway you can send me the PlayerComponent address to verify I have the correct one? jayswag01(at)muchomail.com

    Thx alot, Ill; start using your forum I just realised you had one lol sorry. :)

    jay  •  13 Apr

  • The latest hotfix (#16) has these pointers:
    public const uint RaidManager = 0x12105E8;
    public const uint EntityManager = 0x12105E0;
    public const uint WorldManager = 0x1212EFC;

    public const uint ActorComponent = 0x11E032C; // ClientEntityComponentActor
    public const uint PlayerComponent = 0x11E0624; // ClientEntityComponentPlayer
    public const uint NpcComponent = 0x11E05E0; // ClientEntityComponentNPC
    public const uint ComponentMod = 0x11E05C8; // ClientEntityComponentMod
    public const uint TransformComponent = 0x11E08C0; // ClientEntityComponentTransform
    public const uint RenderableComponent = 0x11E067C; // ClientEntityComponentRenderable
    public const uint AbilityComponent = 0x11E02F8; // ClientEntityComponentAbility

    Da_Teach  •  15 Apr

  • var entityArray = memory.ReadInteger(_entityManager + 4);
    var entityArrayLength =  memory.ReadInteger(_entityManager + 8);
    Console.WriteLine("entityArray: " + entityArray);
    Console.WriteLine("entityArrayLength: " + entityArrayLength);
    entityArray = 1
    entityArrayLength = 113406736
    and then the program stops... did the +4 and +8 change?

    or are my offsets wrong?

    static int _entityManager = 0x12115E0;
    private static int _raidManager = 0x12115E8;
    private static int _worldManager = 0x1213EFC;
    private static int _actorIndex = 0x11E132C;
    private static int _npcIndex = 0x11E15E0;
    private static int _playerIndex = 0x11E1624;
    private static int _transformIndex = 0x11E18C0;
    private static int _renderIndex = 0x11E167C;

    Thanks alot Da_teach

    jay  •  16 Apr

  • I believe the offsets changed in hotfix 18.

    brightemo  •  17 Apr

  • Yes, the pointers stayed the same in hotfix #17, but hotfix #18 changed them.

    I think I'll write a blog post on "how to update offset/pointers".

    Da_Teach  •  18 Apr

  • The new patch (1.2) changed stuff rather a lot and I can no longer just update the pointers to get your code to work, any chance you'll update your PoC please?

    brightemo  •  11 May

  • We have been for the way how to get free house of coins online. This can be very simple as you would be able to get anytime the way to generate the free coins online here.

    sabir  •  16 Oct

  • Drastically to components of the pulling everything together for the probably trick to pulling anything without power usage are denied. We pulled the low price essay writing service in the market from the corner of the useless location.

    Darcy Creal  •  19 Jul

  • Enjoy unlimited boost, do as you will. Join a clan, your allies will be your brothers, play mafia online now!

    mafia city h5 review  •  04 Sep

  • In maglie calcio a poco prezzo, you are faced with piles of overstocked or outlined Products, readily available for sale at great and reasonable discounts equipaciones de futbol baratas. Some camisetas de futbol baratas are even marked won everyday! Just think of how much it will be beneficial to you -most especially when the magliette calcio is facing great economic struggles.So while you may not have amassed much of a savings maillot pas cher psg, you've prepared yourself for your future by investing in other camiseta atletico de madrid. You've stockpiled a massive arsenal of fashion maillot de foot pas cher that will last a lifetime. You have a comprar camisetas de futbol baratas for every outfit. You look great at all your maillot psg pas cher and best of all, you'll never have to buy another the rest of your life! A kate spade outlet handbags has passed and today you are celebrating. You've landed your first real job. Moreover these fake are very good copies of genuine, branded camisetas del real madrid. Generally there is a minor difference only in their chaussure homme louboutin. Some shrewd even use the comprar camisetas de futbol that is very closer to the original cheap soccer jerseys. Such maglie calcio poco prezzo are enough to confuse the prospective hola camisetas baratas.

    siyuefa  •  18 Sep

Post a comment!
  1. Formatting options