[C++] Looping through object manager not working

[halcynthis]

I'm currently working on small codes to experiment with WoW and came to a snag trying to loop through the object manager to find my current target.

Offsets declared at the start of the code:

Code:

DWORD GameBase = 0x0100000;
DWORD isLooting = 0xE54980;
DWORD LocalPlayer = 0xDC0BC8;
DWORD EntityList = GameBase+0xD3B358;
DWORD FirstObj = 0x0C;
DWORD NextObj = 0x3C;
DWORD TargetGuid = GameBase+0xE35F20;
DWORD MoneyPointer = 0x1804;
DWORD Money = 0x18CC;

HANDLE hProc;
DWORD proc_id;

Function to find my target:

Code:

DWORD findTarget()
{
    DWORD list = ReadDword(EntityList);
    DWORD firstObj = ReadDword(list+FirstObj);
    unsigned long long TargetId = ReadUInt(TargetGuid);
    DWORD curObj = firstObj;
    while(curObj != 0)
    {
        unsigned long long GlobalId = ReadUInt(curObj);
        if(GlobalId == TargetId)
        {
            return curObj;
        }
        DWORD nextObj = ReadDword(curObj+NextObj);
        if(nextObj == curObj)
        {
            break;
        }
        else
        {
            curObj = nextObj;
        }
    }
    return 0;
}

Reading functions; (UInt is what I was originally using to store GUIDs, I just haven't renamed the function to suit using a long long now)

Code:

long ReadUInt(DWORD addr)
{
    unsigned long long read;
    ReadProcessMemory(hProc, (LPVOID)(addr), (LPVOID) &read, sizeof(read), 0);
    return read;
}

DWORD ReadDword(DWORD addr)
{
    DWORD read;
    ReadProcessMemory(hProc, (LPVOID)(addr), (LPVOID) &read, sizeof(read), 0);
    return read;
}

Code I'm calling the findTarget function from:

Code:

void MainWindow::on_pushButton_clicked()
{
    HWND hwnd = FindWindowA(NULL, "World of Warcraft");
    if(hwnd != NULL)
    {
        ui->output->addItem("Found window");
        GetWindowThreadProcessId(hwnd, &proc_id);
        hProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, proc_id);
        char buf[64];
        sprintf_s(buf, "Target obj; %x", findTarget());
        ui->output->addItem(buf);
        char targGuid[128];
        sprintf_s(targGuid, "Target GUID; %d", ReadUInt(TargetGuid));
        ui->output->addItem(targGuid);
    }
}

I've done my best to try finding a solution to the problem and can't seem to find anything. Im assuming its either because im handing GUIDs incorrectly(using long long currently), or because im just doing something wrong in my loop in general. The program starts just fine, but upon pressing the button which I showed the code it calls, it freezes and crashes.

I'm aware that there is probably much better and cleaner ways of what I've done, but I'm just looking to start simple and work my way up. I've managed to read stuff such as my gold/copper/silver, health, etc just fine, I just can't seem to understand what im doing wrong with the object manager.

Any help would be greatly appreciated

[Evansbee]

Gamebase changes every time WoW is loaded due to ASLR.

Amend your process class to compute the base address of the process you're trying to read from. Hint: the "module name" will be the same as the executable name.

[halcynthis]

Gamebase changes every time WoW is loaded due to ASLR.

Amend your process class to compute the base address of the process you're trying to read from. Hint: the "module name" will be the same as the executable name.

I understand what your saying and I do plan on adding that, though that's not the issue here. I use CE to get the base address of WoW each time I mess with it and change it in the code. Ive successfully managed to read my health and such so I know that its correct, but when I try to use the findTarget function I made the program crashes.

[Evansbee]

After drinking a bottle of wine I don't feel like going through your code, and your base pointer bit doesn't seem like we have the pieces we need, in that vein, here's how I get to the object list:

auto basePtr = wowProcess.GetBaseAddress();
auto entityListPtr = wowProcess.ReadMemory<intptr_t>(basePtr + OFFSETS::EntityList);
auto entity = wowProcess.ReadMemory<intptr_t>(entityListPtr + OFFSETS::FirstEntity);

while (entity != 0x00000000 && entity % 2 == 0)
{
...
}

Ignore my all caps OFFSETS garbage, that's a using statement that just references my 64bit offset section. If your offsets are right, this will work.

[halcynthis]

After messing with my code more I noticed that the problem is most likely with how I'm reading guids. If I loop through object manager and output the entity ID instead of guid it works just fine. What data type should I use for guids? (int, long, etc). Also thanks for helping with what you can Evan.

[Evansbee]

it's 128 bits, so you could use cstdint.h and do something cute with a struct and anonymous union like:

struct GUID
{
union
{
struct
{
uint64_t high;
uint64_t low;
};
struct
{
uint8_t bytes[16];
};
__m128 data;
};
};

so sizeof(GUID); is always going to be 16 bytes, but you get a couple cute ways to access it.

-e

[edit]
your compiler has to support the __m128 intrinsic, which is used for SSE/SIMD work, but it's equally as functional here.

[halcynthis]

I ended up looking at the source of a 3d radar posted here (http://www.ownedcore.com/forums/worl...116-32bit.html (3D WoW Radar for 6.03.19116 32bit)) to get an idea of how all this worked and managed to get everything working. I was in fact handling guids wrong and fixed it. Thanks for your help