An example of using searchvalidaddr to search for a base address

Source: Internet
Author: User

CopyCode The Code is as follows: # setargsoncompile

# Script of the Yixian base address search tool. This script is used to help friends who cannot use the officially released base address.
# Usage:
# First, enter the HP and MP values of your role in the parameters. You can modify the search range if necessary. Then start the script in the fairy game.
# When the words "potential base addresses" are output, write down the base address of the output, and set the parameter "base address" in the script ".
# If multiple base addresses are output, log out of the game and search for the address several times.
# If there is no output, adjust the range to search again, but do not search too much at a time, the speed will be slow.

Dim myhp, mymp

Function logprint (MSG)
Print (MSG)
Writelog ("search result .txt", MSG)
End Function

Function hexstr (Num)
STR = ""
While num> 0
N = num mod 16
If n <10 then
STR = CHR (n + ASC ("0") & Str
STR = CHR (N-10 + ASC ("A") & Str
End if
Num = num \ 16
Hexstr = Str
End Function

Function tryaddr (byref addfirst)
Tryaddr = false

If not searchvalidaddr (addfirst, & h0000000, addresult) then
Exit Function
End if

Addfirst = addresult

If not readmemoryex (addfirst, 2, number1, 1) then
Exit Function
End if

Addsecond = number1 + 40
If not readmemoryex (addsecond, 2, Number3, 1) then
Exit Function
End if

Addnowblood = Number3 + 596
Addallblood = addnowblood + & H18
Addnowmp = addnowblood + & h4
Addallmp = addnowblood + & H1c

If not readmemoryex (addnowblood, 2, nowblood, 1) then
Exit Function
End if
If nowblood <> myhp then
Exit Function
End if

If not readmemoryex (addallblood, 2, allblood, 1) then
Exit Function
End if
If allblood <> myhp then
Exit Function
End if

If not readmemoryex (addnowmp, 2, nowmp, 1) then
Exit Function
End if
If nowmp <> mymp then
Exit Function
End if

If not readmemoryex (addallmp, 2, allmp, 1) then
Exit Function
End if
If allmp <> mymp then
Exit Function
End if

Tryaddr = true
End Function

function main
dim progress [11]
for I = 1 to 11
progress [I] = false
myhp = getconfignumber ("current blood value ")
mymp = getconfignumber ("current MP value")
startaddr = cnum (getconfigstring ("Search Start address "))
endaddr = cnum (getconfigstring ("Search end address")
Print ("START address: & H" & hexstr (startaddr ))
Print ("end address: & H" & hexstr (endaddr)
Print ("Search hpvalue:" & myhp)
Print ("Search MP value:" & mymp)
logprint ("start searching ..... ")
for ADDR = startaddr to endaddr Step 4
If tryaddr (ADDR) Then
logprint (" possible base addresses found: & H "& hexstr (ADDR)
end if
PRG = int (ADDR-startaddr)/(endaddr-startaddr) * 10)
If PRG> 10 then
PRG = 10
end if
if not progress [PRG + 1] Then
Print ("% completed "& (PRG * 10 ))
progress [PRG + 1] = true
end if
end function

the above Code is the code used to search the base address of copy. Let me explain the principle.
In xianli, the blood address is [[[base address] + 40] + 596]
that is, the base address reads more than 40 data and then reads more than 596 data, reading the data again is the blood address
the principle of searching the base address is to know this formula, but the base address is changed. We try from an approximate range as a base address one by one until we use this formula to find the blood value that matches the parameter settings.
searchvalidaddr is to start from the specified address one by one until an address is found. Its value is greater than the value we specify (in this example, It is 0 ), then return this address. So let's ask, why can't we write a loop using readmemoryex to read one by one? The answer is, using this function is 1000 times faster.
after finding the address, we can use readmemoryex to read the address. Of course, the read may fail. Check whether the address is correct. If you read the data, read the three-level address according to the formula and try again. Read the data until the data is successfully read and matches the specified value. So we can say this may be the base address.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.