Mis[opian]s Search V2.1 Written by flap, 15/05/2005 (Final Version. If not, it is very close from it...) ---------------------------------------- PURPOSE OF THE PROGRAMM : As I was updating Mis[opian]s to get the address map from a text file, I wrote this file to help those who will try to update the address map. (In case a new hardwar version is released). It enables to see the different elements of a list or a chained list. This software is not specic for Harwdar, and thus can be used with any other application. It can also with hardwar, it can be used for any kind of investigation. This tool alone is not enough to draw a new address map : The search fonctions is very poor !! But it should speed the process. Also, I have found that since I have installed the SP2, my favorite trainer (gametrainer 2.01) can not change anymore the values. And it is important to check that you found the good value. So I wrote it. An other interesting one that I found is "GameWiz32". It is shareware, it is not as good, but it does search correctly. (also it has no string search facility) ---------------------------------------- HOW TO USE IT ? There are 5 boxes : -Programm Selection -Value Modification -List View -Search -Miscelanious (Those 2 are less important for now) 1: Choose your application to survey. First in "Application Selection", type the name of the application you wish to spy. (default is hardwar. It is the name you see at the top of the window). "Refresh" and "Refr. when change" refresh all the data displayed. if "Refr. when change" is selected, the data will be refreshed for most changes the user does. 2: Change a value. In "Value Modification", you can view the data at the address you specify. If the chek box "hex" is selected, the data are displayed as hexadecimal, with the combo box you selecte the type of data you are viewing. In the box displaying the value, you can write the new one and press "change" to add it to the game. 3: Survey a list. The list View : the interesting part !!! In start address, you select the address of you firts element of the list. Then you select the type of list you are trying to spy : -If it is a chained list (for pilots, buildings, moths), you must enter how far is the stored the address of the next pilot (+820 in UIM6), then the maximum number of pilot you want to see. They will be displaed in the list box to the left. -For the "simple list", you only need to tell how far is your next element (for example for the objects positions, it is 500). It can also be used to view all the data wich follow each other in memory (for example, if the type you've selected is DWORD, then select next = 4, you will see all DWORD wich follow each other (a DWORD is 4 BYTES). For both list you can select a step (at which distance from the address you wich to read) and the type. For example, if you are viewing the pilot. The first address of each pilot is 1000. Not very exiting... So write step=4, type=string, and you'll get the name of the pilot. In the left box, you can choose to view the money, for example, in decimal. step=60,type=DWORD, the hex box is not checked If you select a line in any list, it will be sent to the "Value Modification" box. 4: The map mode. You can also choose to view the right box as a simple list starting from the selected address in the left box. Check the "map mode" button. For example, if you are viewing the pilots (a chained list) on the left, check "map mode", step=4,type=DWORD,number=300. You will see all the content of each element of the list you are viewing 5: Dumping data. You can press "Dump all" to store the data of the two list box in the file dump.txt (the values are separated by a "tab"). If you press "dump", it will only dump the data of the right listbox, without the address. (it makes it easier to copy the values in a programm as excel, to follow the evolution of a value and see if it is interesting). Rem : "Dump all" dumps the data as they are displayed in the lists. "Dump", dumps the data that are upadted in the programm, but does not update them in the list. It enables to track changes (for example if a search has been done) 6: The log file. If you are an hardwar player : NO, it has nothing to do with the created by hardwar. I have made an other tool (still not released) to extract data from it, but it is not this one. It saves all the list you've viewed in your session, writes the name of the application, and the number of the manipulation you did (easier to know where approximatively you have to go back in time, if you are reading the file). I wrote this because in some case I had erased all I did befor without writing anything, or was lost in a --very-- long search (I told you, to do a real search, it is often better to use an other application...). 7: The search. Once again, it is very limited, but can be very usefull. It will search among the elements which should be listed in the left box, and will display only those that fill the condition. It will only choose those which mach EXACTLY what is writen in the box (well, it is not case sensitive) but if you are looking for "dog", it will not find "doggy". And for strings it will be looking for strings ended by a 0. (for Hardwar, it will not find the hangar shape's name for example. Unless, you are doing a research over the value in DWORD) If you are looking for a value in hexadecimal, you have to add the 0 (for example, you are looking in hex a DWORD which value is 5, you need to write 00000005. If it is a WORD, then you are looking for 0005. I told you it is crap, but it has helped me. (mainly, I can stop and restart hardwar, there will be no impact on the search, while most memory viewer, will need to reset all memory. All except my dear, broken gametrainer201. Bouh. It is usefull for example when you are trying the find the address for the fog depth (which is set at the beginning of the game)... There is no proper memory of old search, but you can dump the left box (the data are refreshed) and compare them in excel. Used with gametrainer, the existing map and eventually excel to compare the dumped value it should enable to draw quickly the biggest part of the map. ---------------------------------------- exampleS OF UTILISATION: It is just a tool. And I found that it offers many possibilities way beyond its first use. It depends on how imaginative and astucious you are. 1: Viewing a chained list. (example the pilots, in hardwar UIM6) OK. That was the main example in text above : Look at the address 0054C998. (in the "change value" group for example). It is the address of the first pilot (a thug) Copy and paste it in the start address box. Select : chained List, next = 820 (it is a +820 from the pilot address that the pointer to the next pilot is) number = 300, step =4, type = string (you go at +4 from the pilot address to read its name) map mode checked step =4, type = DWORD, hex checked, number = 300 Press refresh. OK you've got them ! 2: Viewing a list. (example the coordinantes of the moving objetcs -moth,monorail,turrets,weapons-, in hardwar UIM6) Look at the address 005452E0. Copy and paste in start box. Select : simple list, next = 500 (all elements of the list are 500 bytes far one from the other) number = 1000 (really less in fact, I don't remember how many there are) map mode checked step =4, type = DWORD, hex checked, number = 125 (that is 500/4) !! in that example, it might be clever (however confusing for reading) to have a step of 2 (and thus reading 250 values) because some values are at 4n+2 from the main value (In hardwar, most of them are at 4n). Well It might not be that clear, ut if you look, you might understand. 3: Studying a new list. There a new list you want to investigate. You've found where it start, the size of the element, the pointer to the next list. Now you need to know what it inside. Display your list as explained befor. Select the different element and dump the right box (press dump). Each time you dump : copy and paste in excel (or openoffice.org or anything else). Now you can compare all your element and see which value or "kind" of value comes where. If you allready know in game what are these elements, the study will be quite easy. 4: View at the same time hex an decimal value. Nothing crazy there but if you select simple list, no map mode, and no or the same step for both lists, you can display the same values in decimal and hex at the same time. 5: Search a value that is changed out of the programm (at start). (For example fog) You need to know the value. For fog, there are 4 positions in UIM6. You need to know that people using C/C++ are crazy and start counting from 0. So they very probably range from 0 to 3. 0 an 1 are probably very common in the memory. So start the game, set the fog to max (3 you guess) You will search a DWORD (that is a bet once again... but finding 00000003 is probaly less common than 03 if you are looking for a byte. So that bet as some value) The address is not in a big structures that changes with time (such as the moths). It is very probably betwenn 00450000 and 006000000 (and I am viewing large here). Now that you thing that you know what you are looking for... type 450000 in the start address, simple list, 2000000 in number next =1, (well 500000 and next =4 if you feel lucky and believe that it is at 4n+2 from the first value), type =DWORD. In search select new=box, and in the box write 3 (if hex is not selected, otherwhise : 00000003) Then press Refresh. Go have a bier in the fridge. (not easy to in sit in there no ?) You've got the results : Dump All. Copy and paste in excel. (At the top of the right column, you should write what you expect to have. That is 3. Shut down hardwar (but DON'T TOUCH MisSearch !). Restart with a new fog value. Dump copy and paste. And once again. Now, look at excel and select THE address where that 3 as turned to the value you wanted. To check, copy and paste in "Change Value", change the value and see if the weather as changed outside (in hardwar I mean). And yes you can leave the fridge now. And please, leave some of that roastbeef for your housemate !! 6: Searching things. Hummm. Very explicit... Well, mate ! When I had a good trainer, I would have said :"the 'string search' young fellow ! the 'string search' !". Unfortunately fellow trainer do it... The other thing is : the pointers !!!!! The idea is to search something not very common. And figur like "3", or "356" Pouah !!! there are thousands of them in a big game like hardwar. And you don't know what will that value be used for. While a tiny "Xaffax is a jerk" as your pilot name, in the whole hardwar it will only be written once. (no offence Xaffax. 'cause really you are one of the member of the community that I really appreciate. And you will probably agree that such a basic sentence can't be serious). Or a pointer, if it is somewhere, it is not there at random : somehting is happening out there !! So the quest for pointers !! Look around, there are plenty of them : -Easiest, in hardwar, look the debug screen, and a pilot flying. There is vehicule 0x-------- written (-------- being a figur). It is the pointer of its vehicule. same for pilot 0x--------. -More difficult : at sight. Look at its eyes, tell "are you a pointer ? ". if it blinks its one. An other method is to recognize its shape : It is a DWORD, usually the first sign (when written in hex) is 0 (like 086911C0), then it can be often divided by 4 (wich in hex means, it ends by 0,4,8 or c). Finally, they usually travel in loose group : for pilots for example on my computer it will be around 086911C0 (that is from 07C00000 to 09000000). So when you see one in a place that lets you believe that it might be interesting ( in pilot structure for example, you know that the pilot you are viewing is in a building. You don't know much about buildings, but you that very good looking pointer that changes when the pilot changes location... Hmm, look at the memory designed by the pointer. look a bit around (for example : simple list, next = 4. Map mode : step =-4. You see befor and after the address). Change the type to see if you recognize anything, and miracle !! when you change to string, at +16 you see the name of the building !!! -You've found a structure, found the first element, but don't know where exactly it starts, and how to find it next time : you need to find the pointer to the structure ! It will probably be betwen 00450000 and 00600000. So search the address that you suspect to be the beginning of the structure in that area. After a few seach, you should find it. In that last there was nothing very specific to Misopians Search, but it explains a lot however. 7: Survey the economy in hardwar. For example, view the pilot list, their money on the right, and dump from time to time, to copy and paste in excel. ---------------------------------------- I have released the source code. So feel free to improve that programm to your needs. If anyone uses it for a purpose that has nothing to do with hardwar, I'd be glad to know what. I am curious. So send me a mail !! fabien_vidal at yahoo.com