Read Binary Buffer from Wow.exe into memory C++

[baintzimisce]

This is the code I have from the "Exploiting Online Games" book. When I run the program it's not finding the files in memory. My Question, are the offset's wrong or should I go about this differently?

Code:

#include "stdafx.h"
#include <windows.h>
#include <tchar.h>
#include <assert.h>

DWORD g_binBufSize = 0;
char *g_binBuf = NULL;

bool ReadBinaryBuffer(char *filepath);
DWORD FindOffset( char *thename );

int _tmain(int argc, _TCHAR* argv[])
{
	if(true == ReadBinaryBuffer("Wow.exe"))
	{
		DWORD offset = 0;

		offset = FindOffset( "RenderWorld");
		if(offset != -1)
		{
			//add base of file in memory
			offset += 0x00400000;
			printf("got offset 0x%08x for RenderWorld\n",offset );
			
		}
		else
		{
			printf("could not find RenderWorld\n");
		}

		offset = FindOffset( "NetCLient::ProcessMessage" );
		if(offset != -1)
		{
			//add base of fine in memory
			offset += 0x00400000;
			printf(
				"got offset 0x%08x for NetClient::ProccessMessage\n",offset );
		}
		else
		{
			printf("could not find ProcessMessage\n");
		}

		offset + FindOffset( "CGGameUI::ClearTarget" );
		if(offset != -1)
		{
			// add base of file in memory
			offset += 0x00400000;
			printf("got offset 0x%08x for CGGameUI::ClearTarget\n", offset );
		}
		else
		{
			printf("could not find ClearTarget\n");
		}

		offset = FindOffset( "Spell_C::CastSpellByID" );
		if(offset != -1)
		{
			//add base of file in memory
			offset += 0x00400000;
			printf("got offset 0x%08X for Spell_C::CastSpellByID\n", offset);
		}
		else
		{
			printf("could not find Spell_C::CastSpellByID\n");
		}

		if(g_binBuf) delete[] g_binBuf, g_binBuf = NULL;
	}
	return 0;
}

bool ReadBinaryBuffer(char *filepath)
{
	HANDLE hFile;

	hFile = CreateFile(
		filepath,
		GENERIC_READ,
		FILE_SHARE_READ | FILE_SHARE_WRITE,
		NULL,
		OPEN_EXISTING,
		FILE_ATTRIBUTE_NORMAL,
		NULL);
		
	
	if(!hFile || hFile == INVALID_HANDLE_VALUE)
		return false;

	g_binBufSize = GetFileSize(hFile, NULL);
	g_binBuf = new char[g_binBufSize];
	DWORD nBytes;
	ReadFile(
		hFile,
		g_binBuf,
		g_binBufSize,
		(LPDWORD)&nBytes,
		NULL);

	CloseHandle(hFile);

	if(nBytes != g_binBufSize)
		return false;

	return true;
}

bool _f_memcmp(const char *in, const char *pat, int len)
{
	for(int i = 0;i<len; i++)
	{
		if(*pat == '*')
		{
			//skip wildcards
		}

		else if( *pat != *in )
		{
			//the two don't match
			return false;
		}
		pat++;
		in++;
	}
	return true;
}

//return -1 if scan fails to find needle, treats * as wildcard
DWORD ScanForBytes( const char *haystack, DWORD haystack_size, const char *needle, DWORD needle_size )
{
	const char *curr = haystack;

	assert(haystack_size >= needle_size);

	while(curr <= (haystack + haystack_size))
	{
		if(*curr == *needle)
		{
			if(true == _f_memcmp(curr, needle, needle_size))
			{
				//haystack is the benning of the buffer,
				//and curr is where string occurs
				DWORD offset = curr - haystack;
				return( offset );
			}
		}
		curr++;
	}
	return -1;
}

DWORD FindOffset( char *theName )
{
	if(!strcmp(theName, "RenderWorld"))
	{
		//find RenderWorld
		char s[] = { 0x55, 0x8B, 0xEC, 0x81, 0xEC, 0x80, 0x00, 0x00, 0x00, 0x56, 0x8B, 0xF1, 0x8D, 0x4D, 0xC0, 0xC7, 0x45, 0xC0, 0x00, 0x00, 0x80, 0x3F };
		int offset = ScanForBytes( g_binBuf, g_binBufSize,s,sizeof(s) );
		if(offset != -1) return offset;
	}

	if(!strcmp(theName, "NetClient::ProcessMessage"))
	{
		char s[] = { 0x55, 0x8B, 0xEC, 0x8B, '*', '*', '*', '*', 0x53, 0x8B, 0x5D, 0x0C, 0x56, 0x57, 0x8D, 0x45, 0x0E, 0x8B, 0xF1 };

		int offset = ScanForBytes( g_binBuf, g_binBufSize, s, sizeof(s) );

		if(offset != -1) return offset;
	}

	if(!strcmp(theName, "CGGameUI::ClearTarget"))
	{		
		char s[] = { 0x55, 0x8B, 0xEC, 0x83, 0xEC, 0x1C, 0x53, 0x56, 0x57, 0x89, 0x4D, 0xFC, 0xE8, '*', '*', '*', '*', 0x8B, 0x0D, '*', '*', '*', '*', 0x8B, 0xF8 };

		int offset = ScanForBytes( g_binBuf, g_binBufSize, s, sizeof(s) );
		if(offset != -1) return offset;
	}

	if(!strcmp(theName, "Spell_C::CastSpellByID"))
	{
		char s[] = { 0x53, 0x8B, 0xDC, 0x83, 0xEC, 0x08, 0x83, 0xE4, 0xF8, 0x83, 0xC4, 0x04, 0x55, 0x8B, 0x6B, 0x04, 0x89, 0x6C, 0x24, 0x04, 0x8B, 0xEC, 0x83, 0xEC, 0x20, 0x56, 0x8B, 0xF1, 0x85, 0xF6, 0x57, 0x89, 0x55, 0xF4, 0x89, 0x75, 0xE8, 0x0F, 0x8C, 0x97, 0x04, 0x00, 0x00, 0x3B, '*', '*', '*', '*', 0x00, 0x0F, 0x8F, 0x8B, 0x04, 0x00, 0x00, 0xA1, '*', '*', '*', '*', 0x8B, 0x3C, 0xB0, 0x85,};

		int offset = ScanForBytes( g_binBuf, g_binBufSize, s, sizeof(s) );
		if(offset != -1) return offset;
	}
	return -1;
}

[Cypher]

The book you're referring to is awful and the author is a complete ****tard. Just fyi.

If you've just ripped the code straight from the book then the offsets are obviously going to be outdated.

[baintzimisce]

Kk, sorry I posted, Admin plz remove this for me, thx!

[Cypher]

May as well leave it here so others can see it if they have the same problem.

[Nesox]

that book is fail ive read some of it, most his examples is from BWH think it was around patch 1.12? and teleporting actually worked back then by just changing your coords... M-M-MONSTERFAIL !