|  |
WoW Memory Editing WoW Memory Editing for learning purposes only.
This section is more advanced than others on MMOwned Read the section specific rules, infractions will be given out if u break them!That is including the expectations! - If you don't meet them then don't post |
 | | 
06-07-2009
|  | Master Sergeant | | | Join Date: Mar 2008 Location: France
Posts: 80
Reputation: 28 Level up: 79%, 105 Points needed | | | | Sorry i'm confused, i search GameObject Name offset ^^
EDIT : And I search how to find CorpseOject owner name ^^
EDIT2 : Founded : [[curObj + 0x1a4] + 0x88]
Last edited by bouh2; 06-07-2009 at 03:30 PM.
|
Donate to remove ads, get your "DONATOR title, and get access to the MMOwned community's elite Shoutbawx.
06-08-2009
|  | MaiN's Biatch Legendary User | | | Join Date: Mar 2007 Location: VirtualAllocEx
Posts: 1,083
Nominated 26 Times in 3 Posts  TOTM/W Award(s): 1 Reputation: 721 Points: 34,939, Level: 28 | Level up: 44%, 1,361 Points needed |    | | | Gameobjects are dynamically allocated there's no static adress for them.
You need to iterate the linked list of object until you find w/e object you want or if you call GetObjectByGUID if you already got the GUID.
|
06-08-2009
| | Sergeant | | | Join Date: Jun 2009
Posts: 66
Reputation: 19 | | "bierstud"
[08:06:59]: 0x0058EE10 -> UseItem
How do I learn how to use this function? For example, where do I store the variable to be passed as parameters? For example, in my thinking, if I create a new thread and run the code at 0058EE10, then it'll check some other memory locations (for parameters)? and then do the code to 'use the item' Anyway, there are a lot of holes in this..theory  So if anyone could point me in the right direction, would be much appreciated. I'm semi-ok w/ programming but don't know much about game hacking techniques so if you could just point the way to your fav. tutorials that'd be great. |
06-08-2009
| | Site Donator | | | Join Date: Mar 2007
Posts: 748
Reputation: 18 Level up: 21%, 715 Points needed | | | | What I would recommend for this 'theory' is to have your injecting app allocate some mem and have offsets from this memory block. Set each 4 bytes to something and use those offsets as your values. Then you can just write to them from your app and run UseItem with the Asm class. Look up blackmagic. |
06-08-2009
| | Site Donator | | | Join Date: Sep 2008
Posts: 130
Reputation: 8 Level up: 82%, 91 Points needed | | | Quote:
Originally Posted by abuckau907  "bierstud"
[08:06:59]: 0x0058EE10 -> UseItem
How do I learn how to use this function? For example, where do I store the variable to be passed as parameters? For example, in my thinking, if I create a new thread and run the code at 0058EE10, then it'll check some other memory locations (for parameters)? and then do the code to 'use the item' Anyway, there are a lot of holes in this..theory So if anyone could point me in the right direction, would be much appreciated. I'm semi-ok w/ programming but don't know much about game hacking techniques so if you could just point the way to your fav. tutorials that'd be great. | If you're out of process, which I assume you are based on your wording, do as lanman92 suggests. If you're not, the way I do it is this: Code: typedef void ( __cdecl * tUseItem )( DWORD, DWORD);
tUseItem oUseItem = 0;
void __cdecl hook_UseItem( DWORD p1, DWORD p2)
{
DWORD dwEcx;
CGObject_C *obj;
_asm { mov dwEcx, ecx };
obj = (CGObject_C *)(dwEcx);
_asm { mov ecx, dwEcx };
oUseItem( p1, p2);
}
void HookUseItem()
{
oUseItem = (tUseItem)gpWoWX->GetFindPattern()->GetAddress( "UseItem" );
gpWoWX->GetPatcher()->AddPatch( &(PVOID&)oUseItem, reinterpret_cast<PBYTE>( hook_UseItem ), "UseItem" );
}
Once I came up with this function I think I got interested in something else and left it.. not sure if it actually works, but you get the general idea.  |
06-08-2009
| | Site n00b.. (A leecher if I've been here for more than a month and can't earn 5 rep) | | | Join Date: Nov 2008
Posts: 14
Reputation: 1 | | Sorry I removed this and posted it elsewhere, please delete
Last edited by johno22; 06-08-2009 at 04:39 PM.
|
06-15-2009
|  | MMOwned WebDev Legendary User | | | Join Date: Jan 2008
Posts: 1,891
Nominated 5 Times in 1 Post Reputation: 1029 Points: 21,931, Level: 20 | Level up: 71%, 469 Points needed | | | DBC dump: Code: public enum ClientDb
{
Achievement = 0x000000EB,
Achievement_Criteria = 0x000000EC,
Achievement_Category = 0x000000ED,
AnimationData = 0x000000EE,
AreaGroup = 0x000000EF,
AreaPOI = 0x000000F0,
AreaTable = 0x000000F1,
AreaTrigger = 0x000000F2,
AttackAnimKits = 0x000000F3,
AttackAnimTypes = 0x000000F4,
AuctionHouse = 0x000000F5,
BankBagSlotPrices = 0x000000F6,
BannedAddOns = 0x000000F7,
BarberShopStyle = 0x000000F8,
BattlemasterList = 0x000000F9,
CameraShakes = 0x000000FA,
Cfg_Categories = 0x000000FB,
Cfg_Configs = 0x000000FC,
CharBaseInfo = 0x000000FD,
CharHairGeosets = 0x000000FE,
CharSections = 0x000000FF,
CharStartOutfit = 0x00000100,
CharTitles = 0x00000101,
CharacterFacialHairStyles = 0x00000102,
ChatChannels = 0x00000103,
ChatProfanity = 0x00000104,
ChrClasses = 0x00000105,
ChrRaces = 0x00000106,
CinematicCamera = 0x00000107,
CinematicSequences = 0x00000108,
CreatureDisplayInfo = 0x00000109,
CreatureDisplayInfoExtra = 0x0000010A,
CreatureFamily = 0x0000010B,
CreatureModelData = 0x0000010C,
CreatureMovementInfo = 0x0000010D,
CreatureSoundData = 0x0000010E,
CreatureSpellData = 0x0000010F,
CreatureType = 0x00000110,
CurrencyTypes = 0x00000111,
CurrencyCategory = 0x00000112,
DanceMoves = 0x00000113,
DeathThudLookups = 0x00000114,
DestructibleModelData = 0x00000115,
DungeonMap = 0x00000116,
DungeonMapChunk = 0x00000117,
DurabilityCosts = 0x00000118,
DurabilityQuality = 0x00000119,
Emotes = 0x0000011A,
EmotesText = 0x0000011B,
EmotesTextData = 0x0000011C,
EmotesTextSound = 0x0000011D,
EnvironmentalDamage = 0x0000011E,
Exhaustion = 0x0000011F,
Faction = 0x00000120,
FactionGroup = 0x00000121,
FactionTemplate = 0x00000122,
FileData = 0x00000123,
FootprintTextures = 0x00000124,
FootstepTerrainLookup = 0x00000125,
GameObjectArtKit = 0x00000126,
GameObjectDisplayInfo = 0x00000127,
GameTables = 0x00000128,
GameTips = 0x00000129,
GemProperties = 0x0000012A,
GlyphProperties = 0x0000012B,
GlyphSlot = 0x0000012C,
GMSurveyAnswers = 0x0000012D,
GMSurveyCurrentSurvey = 0x0000012E,
GMSurveyQuestions = 0x0000012F,
GMSurveySurveys = 0x00000130,
GMTicketCategory = 0x00000131,
GroundEffectDoodad = 0x00000132,
GroundEffectTexture = 0x00000133,
gtBarberShopCostBase = 0x00000134,
gtCombatRatings = 0x00000135,
gtChanceToMeleeCrit = 0x00000136,
gtChanceToMeleeCritBase = 0x00000137,
gtChanceToSpellCrit = 0x00000138,
gtChanceToSpellCritBase = 0x00000139,
gtNPCManaCostScaler = 0x0000013A,
gtOCTClassCombatRatingScalar = 0x0000013B,
gtOCTRegenHP = 0x0000013C,
gtOCTRegenMP = 0x0000013D,
gtRegenHPPerSpt = 0x0000013E,
gtRegenMPPerSpt = 0x0000013F,
HelmetGeosetVisData = 0x00000140,
HolidayDescriptions = 0x00000141,
HolidayNames = 0x00000142,
Holidays = 0x00000143,
Item = 0x00000144,
ItemBagFamily = 0x00000145,
ItemClass = 0x00000146,
ItemCondExtCosts = 0x00000147,
ItemDisplayInfo = 0x00000148,
ItemExtendedCost = 0x00000149,
ItemGroupSounds = 0x0000014A,
ItemLimitCategory = 0x0000014B,
ItemPetFood = 0x0000014C,
ItemPurchaseGroup = 0x0000014D,
ItemRandomProperties = 0x0000014E,
ItemRandomSuffix = 0x0000014F,
ItemSet = 0x00000150,
ItemSubClass = 0x00000151,
ItemSubClassMask = 0x00000152,
ItemVisualEffects = 0x00000153,
ItemVisuals = 0x00000154,
LanguageWords = 0x00000155,
Languages = 0x00000156,
LfgDungeons = 0x00000157,
Light = 0x00000158,
LightFloatBand = 0x00000159,
LightIntBand = 0x0000015A,
LightParams = 0x0000015B,
LightSkybox = 0x0000015C,
LiquidType = 0x0000015D,
LiquidMaterial = 0x0000015E,
LoadingScreens = 0x0000015F,
LoadingScreenTaxiSplines = 0x00000160,
Lock = 0x00000161,
LockType = 0x00000162,
MailTemplate = 0x00000163,
Map = 0x00000164,
Material = 0x00000165,
Movie = 0x00000166,
MovieFileData = 0x00000167,
MovieVariation = 0x00000168,
NameGen = 0x00000169,
NPCSounds = 0x0000016A,
NamesProfanity = 0x0000016B,
NamesReserved = 0x0000016C,
OverrideSpellData = 0x0000016D,
Package = 0x0000016E,
PageTextMaterial = 0x0000016F,
PaperDollItemFrame = 0x00000170,
ParticleColor = 0x00000171,
PetPersonality = 0x00000172,
PowerDisplay = 0x00000173,
QuestInfo = 0x00000174,
QuestSort = 0x00000175,
Resistances = 0x00000176,
RandPropPoints = 0x00000177,
ScalingStatDistribution = 0x00000178,
ScalingStatValues = 0x00000179,
ScreenEffect = 0x0000017A,
ServerMessages = 0x0000017B,
SheatheSoundLookups = 0x0000017C,
SkillCostsData = 0x0000017D,
SkillLineAbility = 0x0000017E,
SkillLineCategory = 0x0000017F,
SkillLine = 0x00000180,
SkillRaceClassInfo = 0x00000181,
SkillTiers = 0x00000182,
SoundAmbience = 0x00000183,
SoundEmitters = 0x00000184,
SoundEntries = 0x00000185,
SoundProviderPreferences = 0x00000186,
SoundSamplePreferences = 0x00000187,
SoundWaterType = 0x00000188,
SpamMessages = 0x00000189,
SpellCastTimes = 0x0000018A,
SpellCategory = 0x0000018B,
SpellChainEffects = 0x0000018C,
Spell = 0x0000018D,
SpellDispelType = 0x0000018E,
SpellDuration = 0x0000018F,
SpellEffectCameraShakes = 0x00000190,
SpellFocusObject = 0x00000191,
SpellIcon = 0x00000192,
SpellItemEnchantment = 0x00000193,
SpellItemEnchantmentCondition = 0x00000194,
SpellMechanic = 0x00000195,
SpellMissile = 0x00000196,
SpellMissileMotion = 0x00000197,
SpellRadius = 0x00000198,
SpellRange = 0x00000199,
SpellRuneCost = 0x0000019A,
SpellShapeshiftForm = 0x0000019B,
SpellVisual = 0x0000019C,
SpellVisualEffectName = 0x0000019D,
SpellVisualKit = 0x0000019E,
SpellVisualKitAreaModel = 0x0000019F,
StableSlotPrices = 0x000001A0,
Stationery = 0x000001A1,
StringLookups = 0x000001A2,
SummonProperties = 0x000001A3,
Talent = 0x000001A4,
TalentTab = 0x000001A5,
TaxiNodes = 0x000001A6,
TaxiPath = 0x000001A7,
TaxiPathNode = 0x000001A8,
TerrainType = 0x000001A9,
TerrainTypeSounds = 0x000001AA,
TotemCategory = 0x000001AB,
TransportAnimation = 0x000001AC,
TransportPhysics = 0x000001AD,
TransportRotation = 0x000001AE,
UISoundLookups = 0x000001AF,
UnitBlood = 0x000001B0,
UnitBloodLevels = 0x000001B1,
Vehicle = 0x000001B2,
VehicleSeat = 0x000001B3,
VocalUISounds = 0x000001B4,
WMOAreaTable = 0x000001B5,
WeaponImpactSounds = 0x000001B6,
WeaponSwingSounds2 = 0x000001B7,
Weather = 0x000001B8,
WorldMapArea = 0x000001B9,
WorldMapTransforms = 0x000001BA,
WorldMapContinent = 0x000001BB,
WorldMapOverlay = 0x000001BC,
WorldSafeLocs = 0x000001BD,
WorldStateUI = 0x000001BE,
ZoneIntroMusicTable = 0x000001BF,
ZoneMusic = 0x000001C0,
WorldStateZoneSounds = 0x000001C1,
WorldChunkSounds = 0x000001C2,
SoundEntriesAdvanced = 0x000001C3,
ObjectEffect = 0x000001C4,
ObjectEffectGroup = 0x000001C5,
ObjectEffectModifier = 0x000001C6,
ObjectEffectPackage = 0x000001C7,
ObjectEffectPackageElem = 0x000001C8,
SoundFilter = 0x000001C9,
SoundFilterElem = 0x000001CA,
}
|
06-17-2009
| | Sergeant | | | Join Date: Jun 2009
Posts: 66
Reputation: 19 | | | What I would recommend for this 'theory' is to have your injecting app allocate some mem and have offsets from this memory block. Set each 4 bytes to something and use those offsets as your values. Then you can just write to them from your app and run UseItem with the Asm class. Look up blackmagic.
Um..I don't know what you mean by '..inject and have offsets from this memory block'. This is what I *think* happens
Somewhere in wow.exe is function like.. UseItem which..uses an item in-game
so..how is UseItem ..implemented? Like..is it a global function that needs values passed in like PlayerToUseOn,PlayerUsing,Item.Id ??
I guess I mean..in the asm code for UseItem, what are all the variables used..how did you find this function? (Don't answer the variables question, just how to find it..I can try to look up)
Will it only be LocalPlayer calling useItem :S like..when another person in group uses a heal potion, does the server just send us the updated stats, or does it call UseItem(ByRef somePlayer as WowPlayer) ?
I'm asking because I *thought* thats important for ..--> to use an item you have to know where UseItem's storing it's values passed in -->(ie.if UseItem expect a uint32..it stores that somewhere..where is that location?/how to calculate it) then you write to those location w/ your desired values (item.id etc)
Then Call UseItem from a wow thread (I know it's not that easy w/ the threads thing..I'll tackle that later)
I *Really* have no idea what you meant by
"to have your injecting app allocate some mem and have offsets from this memory block. Set each 4 bytes to something and use those offsets as your values"
or** is useItem really as easy as
UseItem(Pointer to UseItemDataStructure)
or basically..
UseItem(Pointer to values as arrary) ?? Now I'm just jumping at every thought so I'm going to stop...later.
-Andrew
Last edited by abuckau907; 06-17-2009 at 05:32 AM.
|
06-17-2009
| | Site Donator | | | Join Date: Mar 2007
Posts: 748
Reputation: 18 Level up: 21%, 715 Points needed | | | | I meant something along the lines of doing a simple endscene detour(like shynd posted) and have it read from a struct that you also injected into wow. Then you can just write to the struct from VB/C# and your detour will do whatever you want. It's not really that complex. This will take care of all threading issues. BTW, use "UseItemByName(NAMEHERE);" in lua to do this. So much easier. |
06-21-2009
| | Corporal | | | Join Date: Apr 2009
Posts: 15
Reputation: 6 | | | What is the Clienteconnection pointer to find objekts? |
06-21-2009
|  | Contributor | | | Join Date: May 2007 Location: Dragon Shores
Posts: 673
Reputation: 166 Level up: 22%, 704 Points needed | | | Quote:
Originally Posted by hamburger1 What is the Clienteconnection pointer to find objekts? | French?
(fllr)
__________________ “Saying that Java is nice because it works on all OSes is like saying that anal sex is nice because it works on all genders.”
“If Java had true garbage collection, most programs would delete themselves upon execution.” |
06-21-2009
| | Contributor | | | Join Date: Sep 2006 Location: Jaedenar O.o
Posts: 555
Reputation: 159 Level up: 52%, 389 Points needed | | | | Lua_ProtectionCheck = 0x6E4610 if anyone was wondering
__________________ http://www.main-dev.com/
I was here. ~Dragon[Sky] I was here too. ~Kuiren |
06-23-2009
|  | Master Sergeant | | | Join Date: Dec 2007 Location: at my home. HEHEHE
Posts: 109
Reputation: 20 Level up: 39%, 305 Points needed | | | Hmmm. Now i started with memory-reading a "bit" again. And im kinda confused... ? Code: #include 'NomadMemory.au3'
SetPrivilege("SeDebugPrivilege", 1)
$pid = WinGetProcess('World of Warcraft')
$mo = _Memoryopen($pid)
Sleep(100)
$PlayerBase = _MemoryRead(0x010BD5F4,$mo,'ptr')
$playerBaseOffset1 = _MemoryRead($PlayerBase+0x34,$mo,'ptr')
$playerBaseOffset2 = _MemoryRead($playerBaseOffset1+0x24,$mo,'ptr')
$test = _MemoryRead($playerBaseOffset1+0x1F,$mo,'int')
while 1
TrayTip('asd',$test,5,1)
Sleep(100)
WEnd
edit: 0x1F = offset for maxhealth. and im getting 0 ;/. i belive i did wrong? |
06-23-2009
| | Site Donator | | | Join Date: Mar 2007
Posts: 748
Reputation: 18 Level up: 21%, 715 Points needed | | | | Use the descriptor fields at [obj+0x8]. Then the offset for HP is 0x17*4 away from that value. |
06-24-2009
| | Master Sergeant | | | Join Date: Dec 2007 Location: at my home. HEHEHE
Posts: 109
Reputation: 20 Level up: 39%, 305 Points needed | | | Quote:
Originally Posted by lanman92 Use the descriptor fields at [obj+0x8]. Then the offset for HP is 0x17*4 away from that value. | like this ?
$PlayerBase = _MemoryRead(0x010BD5F4,$mo,'ptr')
$hp = _MemoryRead(0x17*4,+_MemoryRead($playerbase+0x8, $mo, "int"))
still getting 0 ;/ | | |
Posting Rules
| You may not post new threads You may not post replies You may not post attachments You may not edit your posts
HTML code is Off
| | |
All times are GMT -4. The time now is 07:01 PM.
|
