-
Originally Posted by
wightolore
Boom. That did it. I finally figured it out. Thanks for that last nudge. In case anyone else is wondering how to change FoV in WoW 16769. [EDIT: And has little to no clue about memory editing, I should add.]
Offsets used: 0x5E9400 (w/ 0x0 base Wow.exe) for CGWorldFrame_GetActiveCamera
Source:
http://www.ownedcore.com/forums/worl...mp-thread.html ([WoW] [5.2.0 16769] x86 Info Dump Thread)
In Cheat Engine 6.2 you can open Wow.exe and click 'Memory View' right below where Address and Values are scanned and found. From there go to Tools -> Auto Assemble. In this window you can do a bunch of fun things like call functions in the process you've opened. Here's the script I used:
Code:
fullaccess(00400500,4)
alloc(mycode,2048)
CreateThread(mycode)
mycode:
call 9C9400
mov [00400500],eax //save result
ret // exit thread
Before hitting execute use the Memory View one more time to look at address 0x400500 - manually add the address to the original cheat engine window and right-click (->Browse this memory region) to access it quicker.
Hit execute, and watch the 4 bytes at 0x400500 change. This is the pointer to the camera. My 4 bytes read 'C8 F3 73 0C'. This is the address but in reverse. The actual address of my pointer was 0C 73 F3 C8. Like the guys above said the FoV is at offset 0x38. I added the two (0C 73 F3 C8 and 38 ) and got 0C 73 F4 00. Added this address manually. Set the type to float and changed it. BOOM GOES THE DYNAMITE. Changed the FoV immediately.
You might want to take note of what the GetActiveCamera function does. The active camera can be easily found with reading memory, which is obviously easier to do through programs like Cheat Engine. Check in IDA how the function gets it.
-
Originally Posted by
Jadd
You might want to take note of what the GetActiveCamera function does. The active camera can be easily found with reading memory, which is obviously easier to do through programs like Cheat Engine. Check in IDA how the function gets it.
I think I was able to figure it out. GetActiveCamera calls offset 0xD5153C which carried an address. That address in this instance of WoW was added to 0x8150 per the function. This led directly to an already made pointer to an active camera. Added 0x38 for the final address. Given a bit more research into memory editing via C++ I think I can do it in my own executable alot easier. Thanks for the nudge, Jadd.
-
Ok last time I reply to this thread because I assume I have thoroughly beaten this dead horse long enough. Anyways, I spent all day trying to writing an executable that does what Cheat Engine did in like 2 seconds haha. But I learned alot so I feel like it was worth it and I wanted to share the source and the exe.
Link to the exe: https://www.dropbox.com/s/o1q7v29qbptqoop/FoVflyi.zip
Virustotal for the exe: 0/45 https://www.virustotal.com/en/file/1...687f/analysis/
Link to the source: https://www.dropbox.com/s/pt4poshqmy...FoVflyi%29.zip
Only special compiler options I used were Properties -> General -> Use MFC in a static library. I've never uploaded source or an exe to any web site before so I don't really know the proper etiquette.
-
Originally Posted by
wightolore
Seems pretty bold to start with C++. You should try something simpler and easier to format (at least you're familiarized with a coding style), such as C#. There's plenty of memory editing libraries for it, so that shouldn't be a problem.
Edit: Props for actually putting in the effort to learn something. Most people just expect hand-outs of code, addresses and such.
-
Elite User
Originally Posted by
Jadd
Seems pretty bold to start with C++. You should try something simpler and easier to format (at least you're familiarized with a coding style), such as C#. There's plenty of memory editing libraries for it, so that shouldn't be a problem.
Edit: Props for actually putting in the effort to learn something. Most people just expect hand-outs of code, addresses and such.
Why? I learned cpp from start as well, where is the problem?
-
Originally Posted by
Master674
Why? I learned cpp from start as well, where is the problem?
It's just my recommendation, C# is far cleaner to write in so it's obviously more suited to a beginner. At least until you get the syntax and coding style down. Native languages can also be a bit daunting to learn at the start.
Edit: It's also worth trying out different languages just to see which you like more.
Last edited by Jadd; 04-08-2013 at 05:35 PM.
-
Ty Jadd for the rep and props, man.
I've heard some good things in favor of coding 'trainers' in C#, but in school I took a couple comp sci classes that started in Java and ended in C++ so I just chose what felt the safest for me. I didn't feel like learning new syntax while also learning memory reading / writing. haha
Right now I'm trying to figure out how the CGCamera struct was discerned. O__o
-
Originally Posted by
wightolore
I've heard some good things in favor of coding 'trainers' in C#, but in school I took a couple comp sci classes that started in Java and ended in C++ so I just chose what felt the safest for me. I didn't feel like learning new syntax while also learning memory reading / writing. haha
Just keep up with your native programming. There is no reason for you to use .NET if you don't need it, and the fact that it's "simpler to code" isn't necessarily true; you will find yourself writing interopability code because simple native structures aren't always so simple in C#, whereas they take a few lines to write in native C or C++. The fact that you are already coding in native should also help you to understand how things really work on runtime.
Originally Posted by
wightolore
Right now I'm trying to figure out how the CGCamera struct was discerned. O__o
If you mean that you don't understand how it was found in memory, there would be various ways to tell when looking at the executable with a "disassembler" program like IDA or by scanning/analyzing the game's process on runtime. But only experience can help to quickly recognize what information is useful or not when searching for such things, and every engines/softwares have their own way of coding things. The same would go with finding out what exactly the structure fields are.
Last edited by DrakeFish; 04-09-2013 at 12:56 AM.
-
Sorry to necro this thread, but I thought I would just add for future readers that you can apply the FoV fix in a simpler way, by changing where the client reads its default. In 1.12.1, this is at 0x8089B4. The default value is 0x3FC90FDB which equals 1.5708. In 2.4.3, this is at 0x8B5A04. In 3.3.5a, this is at 0x9E8D88.
Last edited by namreeb; 12-05-2016 at 06:36 PM.
Reason: added 3.3.5a offset
-
Post Thanks / Like - 2 Thanks
Natrist,
Nikk0z (2 members gave Thanks to namreeb for this useful post)
-
Active Member
Sorry for the (second) necro, but I wanted to let everyone who is interested know that thanks to namreeb's info I managed to permanently patch the executables for Vanilla and TBC with a custom FoV value via an hex editor.
Downloads and explanation here (Vanilla 1.12 & TBC 2.4.3 - Permanent FoV fix (patched WoW.exe)).
-
Post Thanks / Like - 1 Thanks
CrazyCo (1 members gave Thanks to Nikk0z for this useful post)