Question about CTM or general memory reading

[Haugli92]

Hi!

First of all, lets point out that im a pretty new to memory edition.

My task is to find out CTM baseaddress and offsets to X,Y,Z and actiontype in Wow.exe (1.12.1)

After hours of search with Cheat Engine I found this:

CTM_Actiontype = Wow.exe + 0x0020FDDC + 0x1C
CTM_X = 0x00C4D890
CTM_Y = 0x00C4D894
CTM_Z = 0x00C4D898

Old threads says CTM_X usally is CTM_Base + 0x8C and CTM_Y is CTM_X + 4 and so on with CTM_Z.
And I can see there is some connection between addresses that i found and this calculation.

But, my question is then. How can I find the correct CTM_Base so I can call:

CTM_Base = Wow.exe + ???
CTM_Actiontype = CTM + ? (Might still be 0xC1)
CTM_X = CTM_Base + ???
CTM_Y = CTM_X + ? (Might still be 0x4)
CTM_Z = CTM_X + ? (Might still be 0x

..............

Just to clearify. Addresses above work when I write too them, but I would like to have a base address and add the offsets instead of multiple static addreses.

I appreciate any answers that will help me further.

Thanks,
Haugli92

[Corthezz]

Ctm is used in this bot: / [Bot] 1.12.1 WoW Bot Source Code
[WoW] 1.12.1.5875 Info Dump Thread has ctm offsets posted.

but I would like to have a base address and add the offsets instead of multiple static addreses.

If the address is static the way to retrieve it is obviously also static. Since there is no ASLR in 1.12.1 the baseaddress is always 0x400000.
0xC4D890 - 0x400000 = 0x84D890

So WoW.exe + 0x84D890 is CTM_X which is stil static all the way. I dont get your question tbh.

[squiggy]

im fairly new to this myself and havent worked on vanilla so i might have gotten something wrong here but I took a quick look at the wow.exe binary for you.

wow.exe + 0x0020FDDC looks like its the operand part of an instruction which zeroes data in the struct. you can read directly from 0xC4D86C instead, whether its the base of the struct or not i cant tell, i doubt it though.

you could calculate offsets from that address though so ctm actiontype would be: 0xC4D86C + 0x1C

thus:

CTM_X = 0xC4D86C + 0x24. (0x00C4D890 - 0xC4D86C = 0x24)
CTM_Y = CTM_X + 4
CTM_Z = CTM_X + 8

You can rebase the addresses to zero by subtracting the wow.exe imagebase(?) (its 0x400000) from your address. ex 0xC4D86C - 0x400000 = 0x84D86C (wow.exe + 0x84d86C = 0xC4D86C) . This is not needed on vanilla though.

Sry if this got messy, its 2am here and im beat, hope it helped though.

[Jadd]

Just FYI, there is no such thing as "CTM_Base". See here: what wrong with my ClickToMove code?

[Haugli92]

If the address is static the way to retrieve it is obviously also static.

You're absolutely right. In som messed why i was obsessed that any 0x00000000 + 0x000 was base + offset.

CTM_X = 0xC4D86C + 0x24. (0x00C4D890 - 0xC4D86C = 0x24)
CTM_Y = CTM_X + 4
CTM_Z = CTM_X + 8

This is what i was looking for, but when i got it explained as above its not necessary. Thanks anyway

Just FYI, there is no such thing as "CTM_Base". See here: what wrong with my ClickToMove code?

Thanks for point it out. This "base"-thing messing me really up. Like reading static addresses is not enough

__________________

+ rep to you all