Marshal, unsafe, ReadProcessMemory, structures... menu

User Tag List

Results 1 to 3 of 3
  1. #1
    CGI's Avatar Member
    Reputation
    4
    Join Date
    Jun 2017
    Posts
    4
    Thanks G/R
    1/1
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Marshal, unsafe, ReadProcessMemory, structures...

    Hi,

    In most codes I've seen around bot related, they nearly always work "offset" based, what I am saying is that, say you have the player structure:

    Code:
    struct LocalPlayer
    {
        uint Unk; // 0x0
        uint Guid;  // 0x4
        uint Something; // 0x8
        uint Health; // 0xC
        uint SomethingElse; // 0x10
        ... list goes on ...
        uint Mana; // 0x100
        ushort State; // 0x104
        ... list goes on ...
    }
    Then most people will go like, for example:

    Code:
    Dictionary<string, uint> playerOffsets = new Dictionary<string, uint>
    {
        { "guid", 0x4 },
        { "health", 0xC },
        { "mana", 0x100 },
        { "state", 0x104 },
    };
    Or simple:

    Code:
    internal static uint PlayerGuidOffset = 0x4;
    internal static uint PlayerHealthOffset = 0xC;
    and etc..., this is merely illustrative, excuse me for any mistakes.

    Is there any benefits from doing it that way against marshaling the whole structure?

    In some cases your structure may not be at all in a complete reversed form, but could be in its most nearly complete.

    You could either dereference or marshal it into an actual property like:

    Code:
    var p = Marshal.PtrToStructure<LocalPlayer>(ptr);
    Or perhaps in some cases using unsafe:

    Code:
    var p = (LocalPlayer)*ptr;
    So what are the benefits of dereferencing the structure against reading the structure partially or simple marshaling it in case you're not going unsafe?

    Another doubt I had is, if I am injected to the game process for instance, then I technically don't need to use for example ReadProcessMemory and alike methods, you could access it directly with either unsafe or marshal, is there another way aside from these 2 or even if you are injected to the process is there still a benefit from using ReadProcessMemory in case you do not wish to use unsafe or marshal to some extent?

    Once again excuse me if I am not talking things right and please do correct me, if so. And thanks in advanced for any potential answer.

    Also is there some community / forum towards to replying to questions like these and improving my knowledge towards this field? I've noticed Owned Core has a rather small place for this, I know there is stackoverflow, but they don't always accept questions that lack actual or theoretical examples and often bash you for asking things of this nature like hacking games and what not.

    Marshal, unsafe, ReadProcessMemory, structures...
  2. #2
    Jadd's Avatar 🐸 Premium Seller
    Reputation
    1511
    Join Date
    May 2008
    Posts
    2,432
    Thanks G/R
    81/333
    Trade Feedback
    1 (100%)
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Structures are fine, marshalling is also fine (slow, but more efficient than reading 100 fields separately, for example.) But classes are much more extensible. You should keep this in mind, especially for publicly exposed types.

    Personally, I follow the design pattern of having an internal struct alongside a public class with an internal constructor taking a pointer. For example: WoWRealm.cs * GitHub
    Last edited by Jadd; 06-03-2017 at 06:52 AM.

  3. Thanks CGI, Miksu (2 members gave Thanks to Jadd for this useful post)
  4. #3
    CGI's Avatar Member
    Reputation
    4
    Join Date
    Jun 2017
    Posts
    4
    Thanks G/R
    1/1
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Jadd View Post
    Structures are fine, marshalling is also fine (slow, but more efficient than reading 100 fields separately, for example.) But classes are much more extensible. You should keep this in mind, especially for publicly exposed types.
    I see, so if a struct have multiple structures inside of it, is it still doable to keep marshaling it?

    For example:

    Code:
    struct LocalPlayer
    {
        uint Unk; // 0x0
        uint Guid;  // 0x4
        uint Something; // 0x8
        uint Health; // 0xC
        uint SomethingElse; // 0x10
        Inventory* Inventory;
        Model* Model;
        ... list goes on ...
        uint Mana; // 0x100
        ushort State; // 0x104
        ... list goes on ...
    }
    I believe it would look something like this if it was not a pointer in marshaling:

    Code:
    [MarshalAs(UnmanagedType.Struct, SizeConst = some size)]
    [FieldOffset(0x08)] public readonly Model Model;
    Or it costs extra doing so specially when it runs from inside the endscene for example, like reading entity list and such?

    As for the design pattern I do it in a similar way as well with exception I only read the struct from the pointer once its accessed(in other words I just pass in the pointer to the constructor), is that bad or wrong?

    And of course I check the pointer before accessing it, to ensure its valid, or there is no real benefit from doing that?

    Because from my understanding, if I read the pointer during the constructor, it would be the same as reading all entities from the moment I acquire em in that frame whereas I might not have to read or will use all the entities, etc?
    Last edited by CGI; 06-06-2017 at 08:38 AM.

Similar Threads

  1. grand marshal axe
    By shdw in forum World of Warcraft General
    Replies: 5
    Last Post: 12-24-2006, 05:59 PM
  2. Grand Marshal's Staff > Thundefury? <3<3<3
    By Vincent in forum WoW ME Questions and Requests
    Replies: 1
    Last Post: 12-15-2006, 07:35 PM
  3. Req: Grand Marshal Sword
    By Nivv123 in forum WoW ME Questions and Requests
    Replies: 5
    Last Post: 11-30-2006, 01:44 PM
  4. Do u like MMA(mixed Marshal ART)
    By LightWave in forum Community Chat
    Replies: 3
    Last Post: 09-05-2006, 06:47 AM
  5. 2x Grand marshal's longsword please :)
    By Opey in forum WoW ME Questions and Requests
    Replies: 4
    Last Post: 08-29-2006, 09:17 PM
All times are GMT -5. The time now is 02:55 PM. Powered by vBulletin® Version 4.2.3
Copyright © 2024 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2024 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search