[Guide] How To Find Offsets in any Main to 3DCamera using winhex

KR373N

Well-Known Member
Joined
May 18, 2008
Messages
1,943
Reaction score
446
INTRODUCTION
This is my way to find offsets of 3DCamera, maybe other people can do this more simpler or faster, but this is one way.
For this example I use Main 1.03h

THINGS NEEDED

Programs:

* WinHEX (registered with access to write in memory)
* Main.exe (Client that you must find offsets)


Values:

* 35.00000 = CAMERA_ZOOM = (HEX: 00 00 0C 42)
* -48.50000 = CAMERA_ROTY = (HEX: 00 00 42 C2)
* -45.00000 = CAMERA_ROTZ = (HEX: 00 00 34 C2)
* 150.0000 = CAMERA_POSZ = (HEX: 00 00 16 43)
* 1190.000 = CAMERA_CLIPX = (HEX: 00 C0 94 44)
* 2400.000 = CAMERA_CLIPY = (HEX: 00 00 16 45)
* 3000.000 = not necessary = (HEX: 00 80 3B 45)

This values are default in Clients (Main.exe), and we find for this.

STEPS

1. Open Client in window mode
01guideclient.jpg



2. Open WinHEX
2.1. Click in Tools/Open RAM (Alt+F9)
2.2. Search for process of Main (the client that is running)

02guidewinhex.jpg



2.3. Click in + and select Entire Memory and click OK

03guideeditmemory.jpg


2.4. The content of memory for Main.exe are showed

04guidewinhexoffsets.jpg


3. Now we need to find the offsets using default values
3.1. In winhex click Search/Floating-point value

05guidefloatingpointval.jpg


3.2. Put the value you must find
3.3. Change Search to DOWN and click OK

06guidesearchsucessful.jpg


4. You will be find de first OFFSET

07guidewinhexfirstoffse.jpg


5. Now you must to test this value if is that you need.
6. In window Data Inspector change float value to one and click in File/Save
7. Well you change the value in memory, now change to window of client and see if anything change, if not continue searching and change values.
8. For this Main.exe the offset of zoom that I find is 005FA229, let’s see and change it. (I put value 60 and press enter)

08guidewinhexmatchoffse.jpg


9. Click File and save
10. Well the value of zoom is changed
Important: Offset line is 005FA220 and column 9 >>> offset 005DA229

tmp5318.jpg