Finding player health address 3.3.5

[Boody]

Hi guys, am trying to make a Multiboxing bot for WoW version 3.3.5 that can run FoS and PoS alone.

I want to know how to find the player's health address, I do not want to search for pointers with cheat
engine, although i did it and ended up with 6,000 pointers, but I want to learn how professionals do it.
I've spent a lot of time searching and reading guides, I've actually learned a lot of stuff that
I never knew that trying to make a bot for a game would would be that much beneficial for me, but still I did not find a reliable
way of doing that. The 2 ways that am trying to find the address with, by implementing them into the bot
so that it can always automatically find the address are:

1- Tracing the function that accesses the health's address # game.exe+31C2CB eax,[ecx+00000FB0].
2- Finding the value of the ecx register (which am not sure if this is actually doable), which will be added to (FB0)
to give me the health's address.


Am trying to do this using python 2.7, but i failed to find the address in all the mentioned ways, and I would really appreciate
if anyone can help me or point me to the right direction.

Also, I want to know how do you guys read the player's health in 3.3.5? do you use the same ways thats mentioned in all the guides?
I tried to follow the ways mentioned in the guides, but they all use object manager that starts with
ClientConnection #address# that is static, then
start adding offsets to it.
but I do not know what is clientconnection? and also cant find it in the info dump thread.

To sum it up, mainly I want to know how to find the static player's health address. And I want to know what address are you guys using
to read it atm, so that I can work on some code on the bot when I get bored or tired from searching for the address.

Thanks!

[Natrist]

Hey, I don't mean to be a bitch but that offset has been posted years ago:
http://www.ownedcore.com/forums/worl...0-offsets.html
http://www.ownedcore.com/forums/worl...mp-thread.html

CGUnit_C__GetPredictedHealth(CGUnit_C *unit) @ 0071C2C0
should return the health for the unit pointed to it.
Otherwise what you could do is use an AddOn that function from the script 'UnitHealth' (Usage: UnitHealth(\"unit\")).

[Boody]

Hey, thanks for your reply. Isn't CGUnit_C__GetPredictedHealth(CGUnit_C *unit) is a Lua function? If I go and try to read that address I get 0.
I dont really understand what you mean by use an addon. I want the bot to be able to get the current player health value, can I use an addon
that will get the health value and with one way or another my bot get it from the addon? If there is a good way you know about, can you tell me
which way do you use? Thanks.

[Natrist]

When I meant to say was that you could call it as though it was an AddOn calling UnitHealth. I was tired yesterday when I wrote my post.
You won't get shit with a debugger because the address itself does not store anything, you need to pass arguments to it.

[Boody]

I have no idea how to call a function from another process, but I can look into that soon.
So the argument that this function takes is: CGUnit_C *unit ?
what is CGUnit_C? And what is unit?
Thanks!

[seasick]

you have to like, loop thru all the units in the object manager until you find your player. The first unit starts with a pointer from the objectmanager, then the next unit you get with a pointer from the current unit. so like each unit contains a pointer to the next.
To know which unit that is ur player, u just compare the GUIDs

[Boody]

Thanks for your help guys, but I've successfully found the hp address with the second way that I mentioned, which is to get the
value of the ecx register at wow.exe+31C2CB, and then the hp address is equal to [ecx+00000FB0]. So now I have a reliable way to find
the hp address, and the mana address which is [hpaddress+4].
Can you guys tell me what else can I get, other than mana address, since that I have the hp address?

[Natrist]

Thanks for your help guys, but I've successfully found the hp address with the second way that I mentioned, which is to get the
value of the ecx register at wow.exe+31C2CB, and then the hp address is equal to [ecx+00000FB0]. So now I have a reliable way to find
the hp address, and the mana address which is [hpaddress+4].
Can you guys tell me what else can I get, other than mana address, since that I have the hp address?

You can find whatever else is in the struct. I'll post the info if I can find it.

UPDATE
---------------------------------------------------------

I think 0x964 would be the player level, 1026 the money (in copper)...

[Boody]

Thanks for your fast reply. I just went to the info dump thread for 3.3.5a and read all the 2 threads, but I could not find anything that
may depend on the player structure! I could not even find the money offset that you mentioned above.
Instead of telling me the offsets, can you please tell me where can I find them?
I want to find some info thats useful for this bot, like if the char is in combat. And most important is the BUFFS!
And MaxHealth, but I think that this will be easy to find so I will go and start searching for it now.

UPDATE:

Ok, I just found the MaxHealth offset from Playerhealth.
MaxHealth = PlayerHealth + 0xA28

But still have no idea how to find the buffs

[homer91]

I do not want to search for pointers with cheat engine

Thats not the right attitude. "Professionals" do it with various self developed tools, or the good old static/dynamic debugging way to acquire the addresses/offsets and structures. I'm nowhere near a professional, but I use these tools : IDA, Olly/Immunity debugger, Cheat engine. And some others, but these three the most.

Basically you should start with building an object manager, which basically is just a list with the object surrounding you.(units, game objects, items, etc...) There are a lot of code on the forum or even on Github about the object manager.
This is the first step for any bot IMO.

Now about the objects offsets, addresses, every object has properties, that you can read by adding offsets to the object's base address. There is also a data storage array, often referenced as descriptors.


Okey so here are some pointers for 3.3.5a (12340).

You have to get the object's storage/descriptors array address, this way :
m_storage of an object = [objBase + 0x8]

Therefore this is the formula for getting max/current HP:
unit's currentHP = [m_storage + offset * 4] // offset is 0x18
unit's maxHP = [m_storage + offset * 4] // offset is 0x20


And here is the way to read player info:
PlayerBase = [[[0xcd87a8]+0x22]+0x18] // this one is static, yeey
AURA_TABLE_1 = 0xC50; // add these to playerBase and read it
AURA_TABLE_2 = 0xC58;
PredictedHealth = 0xFB0;

So just to show an example, you can read your player's PredictedHealth field with this : [[[[0xcd87a8]+34]+24] + 0xfb0]

All of these offsets/addresses, relations can be acquired from observing the game binary in a debugger.

A little bit more about the auras here : http://www.ownedcore.com/forums/worl...uff-count.html

One of many good resources out there : https://github.com/tomrus88/WowAddin

http://www.ownedcore.com/forums/worl...0-offsets.html
http://www.ownedcore.com/forums/worl...mp-thread.html
Pastebin stuff : http://pastebin.com/h0TZi8Fn

PS: this wont be easy if you dont use debuggers.