Game Auto – How to get Max HP of character

Today I would like to write a small article about finding information of game character in game online. This article may help you in writing an auto game which controls a character for you and let you free from the keyboard. I am playing now an online game named Thiên Long Bát Bộ and sometimes I need a tool to attack mobs automatically so that I can do something else, for example watching TV, reading newspaper,… In this game, a character is built with equipments to be stronger through HP, strength… and has some important properties like max HP, current HP. The picture below shows information of my character (believe me, my character is very weak ^^. Do not laugh me.).

rongchaua

You can see the max HP is about 63749. If I add one equipment to it and its max HP turns to be 64946 like the picture below

rongchaua

So how we can get this max HP through programming so that we can create a wonderful AI gamer who should play the game for us? The answer is very simple. We just have to find out where the max HP is being stored in memory and then use API function to read it out as following steps.

Step 1

– Go to http://www.cheatengine.org/ , download and install Cheat Engine. Run it.

Step 2
– Use Cheat Engine (CE) to open process of game

Cheat Engine opens process of game

Step 3
– Enter current max. HP of character into Value text box

Current max. HP

– Click “First Scan” and wait until Cheat Engine gives few values back.

Step 4
– Add or remove an equipment to change the current max. HP and enter the current max. HP of character again into Value text box.

Current max. HP next scan

– Click “Next Scan”. If you have luck, you have only one entry left on left list. Let’s me shortly explain about this result. The column address is where my max. HP is being stored. You may think that we can already read from this address but it is not so simple because this address is dynamic. That means it will change if you moves your character to new map or restart game. If you are programmer, you maybe now the definition of pointer and double pointer. Pointer 1 points to Pointer 2, then Pointer 2 + Offset points to Pointer 3, then Pointer 3 + Offset points to Pointer 4…. like example below

Pointer points to pointer

Therefore the address we got above is of Pointer N. We must go up, go up … until we get the Pointer 1 (a static pointer) and then we can get max. HP with that pointer. So end with theory, back to work.
Now, double click on this address “0x1BB5F1FC” to add it to address list. Then in address list, right click on the new entry, choose “Find out what accesses this address”

Find out what accesses this address

– Click “Yes” to allow Cheat Engine attach the debugger to process of game. New windows will be opened.

Step 5

– Go back to game, change to another map. In new window of CE you will see some new entries. We note only the entries marked with “copy memory”. And double click on them.

Pointer to address

– Write down the offset 0x954 and address 0x1BB5E8A8. Close all sub windows and back to main window of CE.
– So what did we? We tried to found out which pointer points to the address “0x1BB5F1FC”.

Step 6
– In main window of CE, click “New Scan”, check “Hex” and enter “1BB5E8A8” into Value text box. Click “First Scan”. We have a black entry containing value “1BB5E8A8”. That means we still do not reach a static pointer. Then do the steps above to find out which address points to this new address “14C8327C”

Find address accessing to pointer

Find address accessing this pointer

– Write down this offset “0x04” and this address “0x14C83278”

Step 7

– Repeat the steps above, close all sub windows, back to main window of CE, click “New Scan”, click “Hex” and enter “14C83278”, click “First Scan”

Next scan

– In this scan we see two results. It is pretty bad because we must add two addresses and find out which one is correct. I’ll show you how to choose the correct one. Just add them to address list and choose “Find out what accesses this address”.
+ For address “0x17E43B80”, I see nothing happens in new window –> temporary variable
+ For address “0x17F99A50”, I see many entries which read/write instantly –> here is it.
– So I can conclude “0x17F99A50” is the right one and write new offset and address.

Find pointer accessing this pointer

– Write down this offset “0x158” and this address “0x17F998F8”.

Step 8
– Repeat the steps above, we find out the pointers point to “0x17F998F8”.

Pointer accesses to pointers

– In this case we have so many results back. We can eliminate the adresses which are bigger than 0x0……. then we have only two ones “0x3AF1CAC” and “0x03AF5FAC”. Add these two addresses and “Find out what accesesses this address”.
+ For address “0x03AF1CAC” I see many results in new window and come more and more later –> Hmm, it can be.
+ For address “0x03AF5FAC” I have only 4 results –> Ok let’s see it first.

Let's examine the second pointer

– Write down the offset “0xC” and the address “0x03AF5FA0”

Step 8
– Follow the steps above and… Yu…hu…. we may be find out at last the static pointer points to our max. HP.

Static pointer

– We have 3 candidates for static pointer. Now start to write our small tool to test which ones is correct.

Step 9

static void Main(string[] args)
        {
            IntPtr handle;
            int processID;
            IntPtr process;

            handle = WinAPI.FindWindow("TianLongBaBu WndClass", null);
            WinAPI.GetWindowThreadProcessId(handle, out processID);
            process = WinAPI.OpenProcess(0x10, false, processID);
            Console.WriteLine("Your max. HP: " + MemAPI.ReadPointerValue(process, 0x68b320, new int[] { 0xC, 0x158, 0x4, 0x954 }));
            Console.ReadLine();
        }

Yu hu, I can read now the max. HP of my character

Console Output

The complete source code can be downloaded “Read Max HP“.

2 thoughts on “Game Auto – How to get Max HP of character”

Leave a Reply

Your email address will not be published. Required fields are marked *