I am currently looking for a hack that enables you to run even if you have 90+% weight.

What I did first was search for run/walk. Then I found out what accesses those addresses. However, after that, I am stuck.

Does anyone have suggestions/tips/hints?

I am currently looking for a hack that enables you to run even if you have 90+% weight.

What I did first was search for run/walk. Then I found out what accesses those addresses. However, after that, I am stuck.

Does anyone have suggestions/tips/hints?

ok, did you actually search for the text 'run' and 'walk'? there are different ways of getting it, i think one would be;

stand still, search 0
> move, search 1
>stand still...

etc and you should find it. im guessing but perhaps also look with 'unknown value', since myshop sprint may also affect it.

First, what I did was to get heavy, and then search. Then get normal and search for changed value. I did that over and over until I only got one address. It ended up being walk/run. Which is 0 for walk and 1 for run.

I did "find what accesses" and I got some stuff with move byte or move stuff. I wasn't really sure what to do next.

Did you get the address for the movement then?

Does the value of the address switch between 0 and 1 when you walk and run?

First, what I did was to get heavy, and then search. Then get normal and search for changed value. I did that over and over until I only got one address. It ended up being walk/run. Which is 0 for walk and 1 for run.

I did "find what accesses" and I got some stuff with move byte or move stuff. I wasn't really sure what to do next.

oh so you actually found the address? cool, ok, well what is the function of the memory address? like a cmp/add/sub etc. and is there a jump immediately near that address (can either be a higher or lower address than what you found)

Does the value of the address switch between 0 and 1 when you walk and run?
Yes.

well what is the function of the memory address?
The function is mov

is there a jump immediately near that address
Yes there is (from what I remember I believe it is 4 above the address)

i suppose there are a few things you could try; flagging the jump, editing the register of that mov [eax,edx etc.] (or if its a pointer, edit that register), or both.

It's moving 00 into the register. How do i stop that?

It's moving 00 into the register. How do i stop that?

did you try what i already said? i would presume to either change the register to 1 (00000001) and flag the jump

if its

mov [esi+XXXX], 00


I can't change the register can i? That would change the location that I am copying 00 to?

I'm not really sure which flag to use either. I'm still trying to read up on flags to see which one I have to use.

ok, thanks that starting to help. i'll have a look and see what i can find, will edit this if i get there.

Wow... I was able to change the assembly line from
mov [esi+XXXX], 00
to
mov [esi+XXXX], 01

Now the address of run/walk shows run, but I still can't run... =[

Release Always WALK -_-

418CDC je 00418d0b ZF [X] [X]

Have you array?

thank you xD

66 C7 44 24 04 01 00 33 C0 66 is the array, and thanks for CODE :P

although god know why you would always want to walk :P

It's a step. I still need help finding always run -_-


Has anyone else made any progress?

ER I'm not sure it this is right but it is just my 2 cent on a always run hack. If you do it from turning run on and off and finding that address to me I would think that wouldn't work at all. You can toggle run and walk on and off as much as you want when over 90% weight and nothing will change. So wouldn't you need something that either ignores or bypasses the fact that your over weight?

Sounds like good logic there, you would have to find both weight and run switch.

If you do it from turning run on and off and finding that address to me I would think that wouldn't work at all. You can toggle run and walk on and off as much as you want when over 90% weight and nothing will change. So wouldn't you need something that either ignores or bypasses the fact that your over weight?

i would probably agree, since i have seen some people running at the myshop sprint pace without using the sprint items, but still have a slower pace when overweight. so you would probably be better looking at where it changes when you are overweight and when you are not, like it might be 2 addresses and a jump; one address for when you are normally running, when you become overweight, the jump will move to an address which makes you walk. i could be wrong though, but i think it makes more sense then to be looking for the run/walk toggle.

you would have to find both weight and run switch. finding the weight isn't as easy since you would need to change a stat value to make you not overweight at all, unless of course you can make it stop you from actually getting overweight once you get to 90% holding limit.

i would say, that when you look at it, there may be quite a few different methods of actually making yourself always run, or just stop yourself from walking when the holding limit gets to 90%. i could also add that you may be able to still find it using the same method, but instead of toggling the run/walk whilst searching with 0 and 1, being 89% capacity and having a heavy item that will bring you to over 90% on the ground in front, and search while holding that item and when you aren't.

Hi

May I carry more than 100% fare using this hack?

TKX

dut;

well so far here all that was discussed is about where to look for a running hack, there are none posted or told directly where they are. and if you want to carry more than 100% holding capacity then you will need to either stat hack to increase your weight holding capacity or change the value of your weight to a different number (the later i might presume wouldn't work)

search while holding that item and when you aren't.

That is what I do.

My theory is there is an address for run/walk. When you are overweight, something triggers that address and forces it to walk. That is why I searched for run and walk and tried to find out from the addresses the access it, which one is the one that tells it "hey! you are overweight! WALK!"

Nekkron, have you found anything more about the walk/run address?

no unfortunately, i have hardly started, i've been a bit lazy with trickster since my main characters hit level 200 a few months ago, i'm probably only on it 3-5 hours a week, but if it's a request i can do some over this weekend or after work this week, i've pretty much already said what i can guess though so most probably will only end up so far at the same spot you got to. it's a promise though i'll work a bit harder on it.

i would probably agree, since i have seen some people running at the myshop sprint pace without using the sprint items, but still have a slower pace when overweight.


Just got a stallion sprint today from a giftbox, so I was trying to hack the sprint variable. However, I've kinda run into a dead end here, mind lending some help?

Here are my search process and results:

1. search unknown value
2. equip stallion sprint, search increased value
3. unequip, search decreased value, repeat a few more times
4. equip lucky charm, search unchanged (to throw off other values)

result:
5 addresses change with sprint effect. Since the addys are probably not fixed, here are their pointer values and corresponding opcode addys, though after opening and closing trickster a few times they did not seem to change... Note that freezing the addy values does nothing to change the running speed.

addy 1: 01803A00
pointer value: 01803A60
opcode addy: 0046DCB3
search for pointer value showed 0 results.

addy 2: 01803A2C
pointer value: 01803A78
opcode addy: 0046DD0B
search for pointer value showed 0 results.

addy 3: 01803A30
pointer value 1: 0180383C
pointer value 2: 01803A30
opcode addy 1: 0046D3DD
opcode addy 2: 00469C84
search for pointer value 1 gave 27 results, search for pointer value 2 gave 0 results. Oddly enough, the pointer value with no offset gives pointer value 1 while adding the offset gives pointer value 2.
pointer addy: 01802438
offset: 1F4

addy 4: 01803A38
same as addy 3 except pointer value 2: 1803A38 . Search for pointer values gave 0 results. Shouldn't the same opcode give the same pointer value? :ponder:

addy 5: 01803A5C
opcode 1 is a storage opcode, no pointer value.
pointer value 2: 01803A5C
opcode addy 2: 00469C84
Search for pointer value 2 gave 0 results.

Too bad stallion sprint only lasts 3 days, and I don't feel like spending more cash to recharge it!


HAHAHAHA, found a useless hack in the process!
Equipping stuff gives NEGATIVE bonuses: 00469C72 ZF [x][ ]

The thing that sucks about a speed hack is that it is noticeable to other players.

How does speed hack work when one is overweight?

@ ekmo:
What does the assembly line say for each of the addresses?

Argh. Stallion sprint has expired. Gonna have to continue this based entirely off analyzing the opcodes. x_x

@ BalistarDrake:

Assembly lines? I've tried modifying the registers manually and all that caused was CS value changes without any sprint effect, but anyway here you go:

46DCB3 mov [eax - 60], edi

46DD0B mov [eax - 4C], edi

46D3DD lea edi, [ebx + 000001F4]

469C84 mov [eax], ebx


46D3E3 repe stosd

Oh, before I forget, here are the related addy values before and after equipping stallion sprint (these were tested on my lion and may differ for other chars):

Before Equip:
01803A00 222
01803A2C 2
01803A30 24
01803A38 0
01803A5C 0


After equip:
01803A00 254
01803A2C 3
01803A30 56
01803A38 4294967295
01803A5C 1


The values don't seem to jump after you freeze or modify them. They are also the same whenever you startup trickster.