Go Back

Rift - Putting it all together

A few people asked me for example code, so I wrote a small proof of concept Entity Reader.

This will basically list all entities in the memory of Rift and list various properties of the entity components. It will also list extended Player/Target information and list group / raid info. This is far from all the available data, but it's all that I have thus far.

If you decide to use this, at least give me some credit and don't try to pass this off as your own work! Other then that, use this as you wish (keep in mind that on the actual source, my usual license still applies).

Also, I will *not* be updating the offsets / pointers /etc. Also if your not a developer/hacker then this proof of concept won't help you. It's not compiled and does not do anything past listing all the entities!

Note, the proof of concept no longer works due to version differences, but it does give the general idea on how it should work (if you update the pointers using my other blogs, it'll probably work again)

Posted by: Da_Teach on Wednesday, March 30, 2011  •  C# Rift

  • Facebook
  • Twitter
  • DZone It!
  • Digg It!
  • StumbleUpon
  • Technorati
  • Del.icio.us
  • NewsVine
  • Reddit
  • Blinklist
  • Add diigo bookmark
  • Just tried this, and unless I did something wrong, the information printed in the console had no useful information.

    It contained nothing pertaining my target or my player.

    Cynikal  •  30 Mar

  • There was a patch yesterday but I'm pretty sure no offsets changed. But thinking about it, I might have zipped up the incorrect version. I'll double check this when I get home (in about 6 hours).

    Da_Teach  •  30 Mar

  • Shards are down in both EU and NA for the patch at the moment anyway. Estimated 4 hours downtime from 8am PDT / 3pm GMT.

    brightemo  •  30 Mar

  • ya thx for sharing this, but got the same problem, tryed to find your pointers in rift.exe from
    26.03 and 20.03 but no luck.

    freitag  •  30 Mar

  • I'll update this once to the 1.1 patch (or hotfix if there is one before I get home). After that you have to look into my previous blog to update pointers.

    Da_Teach  •  31 Mar

  • Hey, nice work! You have basically just given away the Rosetta Stone for Rift (in the right hands, obviously).

    Singleton  •  31 Mar

  • thanks for the update but it seems

    npc namePointer offsets 0x18 and 0x70 are not corrected.

    (var namePointer = memory.ReadInteger(npcComp + 0x18);                  
    (namePointer = memory.ReadInteger(namePointer + 0x70);

    macone  •  01 Apr

  • macone, the name for NPC's is stored in two ways, you have a "default" name and a name that has changed (usually only for pet-names). The last name is read correctly, I never bothered to look at how the first name is retrieved.

    Da_Teach  •  02 Apr

  • thanks for your work but it doesn't work for me... I don't know if I'm doing something wrong...
    I started Rift, logged into my warrior and then started RiftEntitiyReader.exe... then it opens and say
    READING ENTITIES but nothing happens...

    xysoulxy  •  02 Apr

  • Really nice post. Did you guys found anything about LOS?

    CosmosTunes  •  04 Apr

  • I know which function is used in the game to check LOS. Since I don't care about 'cheap hacks', I have not tried to disable that check. And "guys" should be "just me" (I don't work with other people).

    Da_Teach  •  04 Apr

  • Sorry thought maybe some more developers here :) I dont want to deactivate LOS but I need that for my healing script. I have the raid list and distance of each member. But without LOS it doesnt really make sense since the heal wouldnt work most times. Do u have msn? Didnt found any contact details here or on mmoelite.

    CosmosTunes  •  04 Apr

  • Come to IRC (see forum for details), I am on there most evenings (European time), otherwise mail me (da_teach@thehackerwithin.com).

    I don't mind helping you (e.g. giving you the function) but I am not going to release that to the public. It's too easy (for Trion) to blacklist that function (or add special detection routines to it). As such, while I am still playing the game, that info will only be given by request :)

    Da_Teach  •  04 Apr

  • Hey Da_teach!

    Great work on this blog, its helped me alot so far with my reversing and understanding how rift handles data, although I am stuck on exactly "how" to find everything I need from scratch as far as reversing is concerned... although your proof of concept seems perfect start for me! However as we both know the addresses are now out of date, I am NOT asking you to even email me the updated addresses, I can update them myself if I have the binary that you retreived those addresses from! (unless you want to include them :P ) Basicly want to write an  app in C# 4.0 that fully moniters player + pet info while playing in windowed mode, so far I have playerbase and XYZ.. (other in the works :P) any help would be great email attached jayswag01(at)muchomail.com
    Thanks

    -jay

    jay  •  09 Apr

  •    v5 = ClientEntityComponentPlayer;
      v6 = *(_BYTE *)(ClientEntityComponentPlayer + Entity + 24);
      if ( v6 == -1 )
      {
        v7 = 0;
      }
      else
      {
        v5 = *(_DWORD *)(Entity + 88);
        v7 = *(_DWORD *)(v5 + 4 * v6);
      
        .........
        .....
        ..
         if ( !dword_120F5C8 )
             dword_120F5C8 = sub_575390();
     |----v13 = sub_6175A0(playerComponentAddress);
     |    sub_5B8BD0(a1, v13);                         
     |    result = a1;
     |  
     |
     +  
      int __thiscall sub_6175A0(int this)
      {
          return *(_DWORD *)(*(_DWORD *)(this + 0x2C) + 0xF0);)<---Retn/PlayerName?

      }

    I'm In the process of trying to update your PoC, Ive So far it seems to chuck up the XYZ of "NPC's" I'm pretty sure.. but its not finding the player info (skips the if (playerComp != 0))

    Is it because of the added code?:(Ive tryed tinkering with the GetComponent() func thinking that it needed to be changed...) Any help would be awesome thx again.
    v5 = *(_DWORD *)(Entity + 88);
    v7 = *(_DWORD *)(v5 + 4 * v6); 


    jay  •  12 Apr

  • Are you talking about hotfix 16 or another new version?

    Since hotfix 15 has no "big" changes.

    Da_Teach  •  13 Apr

  • Well the C code above is from hotfix #15, the most up to date version as far as i know..(?) But anyway,  the entity reader is finding NPC info like XYZ (not name yet)  but not any player info.. anyway you can send me the PlayerComponent address to verify I have the correct one? jayswag01(at)muchomail.com

    Thx alot, Ill; start using your forum I just realised you had one lol sorry. :)

    jay  •  13 Apr

  • The latest hotfix (#16) has these pointers:
    public const uint RaidManager = 0x12105E8;
    public const uint EntityManager = 0x12105E0;
    public const uint WorldManager = 0x1212EFC;

    public const uint ActorComponent = 0x11E032C; // ClientEntityComponentActor
    public const uint PlayerComponent = 0x11E0624; // ClientEntityComponentPlayer
    public const uint NpcComponent = 0x11E05E0; // ClientEntityComponentNPC
    public const uint ComponentMod = 0x11E05C8; // ClientEntityComponentMod
    public const uint TransformComponent = 0x11E08C0; // ClientEntityComponentTransform
    public const uint RenderableComponent = 0x11E067C; // ClientEntityComponentRenderable
    public const uint AbilityComponent = 0x11E02F8; // ClientEntityComponentAbility

    Da_Teach  •  15 Apr

  • var entityArray = memory.ReadInteger(_entityManager + 4);
    var entityArrayLength =  memory.ReadInteger(_entityManager + 8);
    Console.WriteLine("entityArray: " + entityArray);
    Console.WriteLine("entityArrayLength: " + entityArrayLength);
    output:
    ----------------------------
    entityArray = 1
    entityArrayLength = 113406736
    -----------------------------
    and then the program stops... did the +4 and +8 change?

    or are my offsets wrong?

    private
    static int _entityManager = 0x12115E0;
    private static int _raidManager = 0x12115E8;
    private static int _worldManager = 0x1213EFC;
    private static int _actorIndex = 0x11E132C;
    private static int _npcIndex = 0x11E15E0;
    private static int _playerIndex = 0x11E1624;
    private static int _transformIndex = 0x11E18C0;
    private static int _renderIndex = 0x11E167C;

    Thanks alot Da_teach

    jay  •  16 Apr

  • I believe the offsets changed in hotfix 18.

    brightemo  •  17 Apr

  • Yes, the pointers stayed the same in hotfix #17, but hotfix #18 changed them.

    I think I'll write a blog post on "how to update offset/pointers".

    Da_Teach  •  18 Apr

  • The new patch (1.2) changed stuff rather a lot and I can no longer just update the pointers to get your code to work, any chance you'll update your PoC please?

    brightemo  •  11 May

  • now this is great info

    Kelos  •  21 Oct

Post a comment!
  1. Formatting options