Finding Offsets and Hacking FFXI Part 1

Lets start this off with a good windower. Either you have one or you need one. A good place to get one is http://www.windower.net Install it and then from that point on use the launcher to start the game.

Step 1:
Get windower.
Use it from now on. ;-)

Note* If you havent used one try alt-tab. You'll feel like you just witnessed the invention of the wheel.

Now go get ArtMoney. There is a free one and there is one that costs. Take the free one while it lasts. A link for it:
http://www.artmoney.ru

If I had to put it in plain english I would say it like this: Everything that happens on your pc gets stored in your ram at the time it is happening. FFXI is no different. Some data is stored on your side and most of it is on the server side. Regardless.. ram is where you start looking.

Load FFXI with the windower. Start the game and get in a safe spot. Min. FFXI and goto Artmoney which you should have running by now. There is a "Select Option" list... you should find the window name of the game and select it. The window name changes, don't worry about it.

Lets goto "Search"

You have the name of FFXI window and now your at search. A new window opens and you start with:

Search: Exact Value
Value = We'll get to this in a minute.
Type: Integer (standard)
Address range: ALL

Refer to Artmoney help for further info on settings. The one we will look at is "Value". This holds the value of certain stats such as your current hp and by finding it we get the location of it obviously. We are going to find the value and location for current mp first. Assuming you have a mage.. follow along.

Goto the bottom of your screen and bring the game back. Make sure you have full mp. Rest if needed. Lets say your mp is at 98.
Stop resting and do not do anything to alter the mp level. Now go back to Artmoney. (Alt-Tab)

You set the "Value" to 98 ( or whatever your mp is) and lets search through your memory and find all locations that hold the value of 98.

Search: Exact Value
Value = 98
Type: Integer (standard)
Address range: ALL

Remember that there are a lot of things stored in your ram. There could be 200,000 results or 1000. You should get a fairly long list of results. Now.. all of them = 98. Go back to the game again and do something that changes your mp. Cast cure one time. Note your current mp now. Lets say it is 90. Take a look below...

slot 1 = 98
slot 2 = 98
slot 3 = 98
slot 4 = 98

And so on. There are so many slots in memory that contain that value. We have a large list of them. Now, you have just changed one of them by casting cure. Out of that large list we now compare them to see which one matches your NEW mp value. It was 98 now it is 90. Use the "filter" button to sort through the list and find out how many of those values now = 90. Just goto filter and set value to your new mp after casting cure.. start the filter and now you get a shorter list. Its possible that your list could contain 1 or many. You want to try to get it as low as possible. If it is a large number.. repeat the process. Cast cure again and the filter using your new mp.When you have 1 or 2 in thelist.. lets check them to make sure they are your mp level.

Lets assume your down to one or two addresses in the list. You'll find two arrows to the right of the list. Click the bottom one (greenish) which takes your value to the right side. The little "F" on the right side simply stands for freeze. The address is what your hunting for of course. The value should contain the value of the stat your checking on. Mp = 90 then value should = 90. Type is something you should be worried about except the fact that it is a INT. If you have more than one value then run a test to see which is for your current mp.... if not then your good 2 go.


Change the value to 98 or whatever your choose and then click "F". That changes the value in the game to 98 and freezes the value in your ram. You can return to the game and look. If all goes well then you should read 98 and you know for certain that the address that is shown points to your current mp level. If it doesnt work then try it again choosing the new window name in the process list.

Keep in mind that this is not the last stop. I'll make more tutorials in this order:

1) Find Locations
2) Getting your Base Address
3) VB6 and C++ tutorial (quick start)
4) Windows API
5) Bot creation hardcode no offsets
6) Simple Bot creation using offsets
7) Advanced bots using beginner AI and txt chat systems
8) Walk through examples for warp, fishing, NM hunting

Now you KNOW that the location in memory is reserved for your current MP because you payed attention and you see that when your "F" and set new value it shows in the game.

Homework: See if you can do the same with gil, health and so on. Keep record of the address of each thing you find because you will need them over the next few tutorials.

No use recording values unless you subtract the base address. Also checking for pointers is highly recommended.

Edit: btw changing your mp, although it looks like you have more mp, doesn't actually allow you to cast anything more. Same with gil etc, it's just an illusion.

Good guide though; tricky subject to cover in detail. I'll be interested to see how this progresses.

Very nice guide, can't wait to see the other ones. I think you should also make a guide about pointers since a few values (target info and fishing info) use pointers.

Keep em coming man. It's hard to get an understanding on this subject for some. The ones that do know like to keep it to themselves.

Some helpful criticism and suggestions (I hope):

These subjects seem kinda random and all over the place. You should instead teach 1, 2, 3, 4 and 8 using #7 as a base project (skipping 5 because it is utterly useless, dunno why you would do it in the first place...). For instance, you could make a 4 part series in which each episode would teach a certain component/element of hacking and coding and then show its implementation in the project as a whole. I would recommend releasing the source with each article/step also. The project would start out bare-bones and work its way up to the complete end product by the final part of the series.

Tragically, I don't see how a lot of this would fit into ACTools subject-matter... so I wouldn't be surprised if it was deleted from these forums.

I hated reading the memory. We all did it for a long time when FFACT and FFACE were not available (or broken). I am so very happy that I took the time to learn to do it, and also figure out the memory structure as well. I also am glad that FFACT and FFACE are back so I dont have to do it anymore.

If you dont know how the memory works, learn it - even if you use FFACT or FFACE. So totally worth it. And yes, the free version of artmoney really is all you ever will need, it was all i ever used for years and years. the pay-for version is only useful if you are *too good* with the free one ;D