Alright, so I've given my time to EQ1 and done my fair share of MQ2, ShowEQ, plugins, macros, etc etc...but never actually got my fingers on any documentation that taught me how to make the hacks myself. But recently I ran across Faldo's tutorials on the basics and did a little research myself. Unfortunately I found that SoE has obviously put some pretty nice anti-hacking stuff on their game, making it hard to crack, so I'm here asking for some help.

First, I searched around for addresses to help me keep all tags in the vicinity visible so I can see all around (mainly for harvesting and named mobs, etc). I found a few addresses (not sure if I did it right anyways, since I'm still new) that gave me some values reliant on if the tag was visible or not. I tried editing each one individually to see the results, however when I locked and changed the value, it jumped back to the previous value, even though I had it locked (odd =\).

Second, I looked around for some addresses holding my run speed. I messed around with it for a while, toggling walk/run and sprint modes searching for changing values. Eventually I got it down to about 60 addresses, and I tried changing each one but ran into the same problem as above (values changing back instantly).

Third I looked for addresses to try to keep durability of crafting items at max (not sure if this value is held server-side or not). Again, same thing as above.

Okay so here's where I'm at: the beginning. What am I doing wrong? How can I change these values?

Also, I know the data is well encrypted that's sent to us from the server, however I'd like to do some research and maybe create a ShowEQ-like program for EQ2 (of course only showing the surrounding vicinity, since it is apparent that that is all the data sent to you at a time).

Anyone wanting to help in the cracking of EQ2's shell, lemme know and pitch in a helping hand. Thanks.

Curiosity~

Okay so here I am doing a little more research on tags. I get to a spot in the game where I can see a Wind Swept Rock (in Commonlands) and make sure I cannot see the text of it. I search for a value between 0 and 1, then highlight it and search for a value between 2 and 256. I do this over and over till I narrow dow this little segment below. These are at DMA, so they're not really going to help you too much, but the values may. The 1st value at each address is what it was when I had nothing highlighted, and the 2nd value is when I had the mouse over showing the tag. Some of these values seemed to change depending on what I had targeted, but after a while my game started glitching and the values went wacko.
Off Over
FA19F83 0 63
FA37104 1 2
FA3715C 1 2
FA37238 1 2
FA373F0 1 5
FA37524 1 12
FA3757C 1 2
FA37600 1 2
FA37658 1 12
FA37760 1 2
FA377B8 1 12
FA37810 1 2
FA37868 1 12
FA378C0 1 2
FA37944 1 2
FA3799C 1 12
FA37AA4 1 2
FA37AFC 1 12
FA37C04 1 2
FA37C5C 1 12
FA37CB4 1 2
FA37D38 1 2
FA37D90 1 12
FA37E98 1 2
FA37EF0 1 12
FA37FF8 1 2
FA38050 1 12
FA38158 1 2
FA381B0 1 12
FA382B8 1 2
FA38310 1 12
FA383EC 1 2
FA38470 1 10
FA384C8 1 3
FA3854C 1 2
FA386AC 1 12
FA387B4 1 8
FA3880C 1 12
FA38864 1 2
FA388E8 1 8
FA38940 1 12
FA38A48 1 8
FA38AA0 1 12
FA38AF8 1 2
FA38B7C 1 8
FA38BD4 1 12
FA38CDC 1 8
FA38D34 1 12
FA38D8C 1 2
FA38E10 1 8
FA38E68 1 12
FA38EC0 1 2
FA38F44 1 8
FA38F9C 1 12
FA390A4 1 8
FA390FC 1 12
FA39204 1 8
FA3925C 1 12
FA39364 1 8
FA393BC 1 12
FA39414 1 2
FA39498 1 8
FA394F0 1 12
FA395CC 1 8
FA39700 1 12
FA39808 1 10
FA39860 1 12
FA398B8 1 2
FA3993C 1 10
FA39994 1 12
FA39A9C 1 10
FA39AF4 1 12
FA39B4C 1 10
FA39BD0 1 2
FA39C80 1 10
FA39D04 1 2
FA39DB4 1 10
FA39E38 1 2
FA39EE8 1 10
FA39F6C 1 2
FA3A01C 1 10
FA3A0A0 1 2
FA3A150 1 10
FA3A1D4 1 2
FA3A284 1 10
FA3A308 1 2
FA3A3B8 1 10
FA3A43C 1 2
FA3A4EC 1 10
FA3A5F4 1 2
FA3A6FC 1 2
FA3A780 1 3
FA3A7D8 1 60

If you breakpoint the right address you will find a CMP (compare) that tells the game to show or hide the tags, if you NOP the right compare operation, all tags will show.

Okay did some more research and familiarized myself a little more with T-Search and ASM (a bit) and here's what I came up with.

In searching for the address to NOP to show me all surrounding harvesting tags, I searched for 1-byte results and came up with a single address. When put into AutoHack, I came up with the following:
8C2D2C: mov [esi+0x20],eax
50DF42: fld dword ptr [ecx+0x20]
8C2B88: mov eax,[ebx+0x20]
NOPing 8C2D2C did nothing, NOPing 50DF42 made my character name tag disappear, and NOPing 8C2B88 made my UI disappear. I tried messing with individual lines in each one but had no luck.

My best guess is that somewhere under 50DF42 is the address that affects harvest tags, however after NOPing about 200 lines and crashing my game about 8 or 9 times, I decided to post my results here and get a little help.

i also did this with battle field and learned from faldo "the jedi master"

lets see if i learned something :D

those address u came up with u do breakpoint on em then click em 1 by 1

and look for "jns" patern at the bottom in the disasembler tab but it may be lower

meaning each address u did a break point is close to the opperation so keep looking down and nop 1 by 1 the jns ....but not the "jns short"

its not the address u came up with but some operations uccuring tru that address
i think :D

i need to learn more kung-fu.... still cant hack life :P

unless evequest is different but it should be similar :)

My best guess is that somewhere under 50DF42 is the address that affects harvest tags, however after NOPing about 200 lines and crashing my game about 8 or 9 times, I decided to post my results here and get a little help.You're well on your way mate, you just have to think a little further... i'll give you a hint, try activating/deactivating different tags in the EQ2 settings, move around and point at different objects and characters... and while autohacking (breakpointing) the addresses concerned, watch what happends in your autohack window.


and look for "jns" patern at the bottom in the disasembler tab but it may be lower
meaning each address u did a break point is close to the opperation so keep looking down and nop 1 by 1 the jns ....but not the "jns short"
This method is specific for BF1942, you won't be looking for a JNZ in EQ2, but like you say, in theory, the method is the same.

To understand ASM abit more i'd suggest reading this great guide to ASM:
http://www.cs.virginia.edu/~apb/OLD.CS308/x86_newnew.pdf (you need Acrobat reader)

Should I worry about searching for 1, 2, or 4 byte data? Or should I just always leave that on 4? On your BF1942 tutorials, you leave it at 4 the whole time, so just curious.

4 byte is the most commonly used for static addresses since you can translate it to ASM code. As for DMA values you don't really need to search for 4 bytes, the values used as "triggers" are rarely larger than 255 (1byte).

wow tkx that exacly what i whanted tkx 'master' another tut for the archives yay :)

i will now go try this new kung fu and weild the force to my needs muhuhahaha

tkx alot master faldo :D