-
Corporal
Wildstar64 - Memory Reading Basics
I've been one of those 'leechers' for bots, programs, scripts, etc for far too long. I decided it's time to try and give back to the community and actually understand the amount of effort that goes on behind the scenes in the creation of these tools. As part of that effort, I've decided to start at the very basics with memory reading. Most of what we rely on at the moment seems to start with the "Game Manager" in Wildstar. This is similar to using the "Object Manager" in many other games. The game manager is basically where it all begins, in terms of usable info. From the base address of Game Manager, we can use offsets to find character and target statistics. So, let's get started in finding the Game Manager in Wildstar 64.
Definitions:
- Game Manager - This is similar to Object Manager in other games. The memory address of Game Manager changes with most updates, but items behind Game Manager shouldn't change 'often'.
- Offsets - In its simplest sense, an offset is adding to a starting point. You'll find the base address being Game Manager, and various offsets from Game Manager will allow you to find other information.
Tools Used:
- IDA Pro 6.1
Finding Game Manager:
1) Create a copy of Wildstar64.exe. I generally use Wildstar64_<version>.exe.
2) Open IDA (idag64.exe)
3) File > Open > Wildstar64_<version>.exe (created in step 1) > Options below:
- Select Portable executable...
- Processor: Intel 80x86 processors: metapc
- Analysis: Enabled
- Indicator: Enabled
4) Click OK
5) Wait for analysis to complete, this takes about 5 minutes on my machine.
6) Place IDA into disassembly view by hitting <spacebar> while viewing the IDA View-A tab
7) Options > General > Number of opcode bytes: 10
8) Search > Sequence of Bytes (find all occurrences) > 48 8B 05 ?? ?? ?? ?? 48 8B 88 ?? ?? ?? ?? 48 85 C9 74 0B
9) Only one result should return, the Game Manager address for <version> is now listed at the right. We are interested in the last 6 characters (highlighted, for 6731):
Patterns Reference:
GameManager 64 bit: 48 8B 05 ?? ?? ?? ?? 48 8B 88 ?? ?? ?? ?? 48 85 C9 74 0B
This thread will be updated as I learn more.
Credits: Apoc, boredevil (D3 ObjectManager tutorial), Akaike, and many, many others.
-
Post Thanks / Like - 1 Thanks
yopilax (1 members gave Thanks to kyriaqos for this useful post)
-
Finding game manager using an AoB is cheating =P You should post a tutorial on how to find it the manual way.
-
Contributor
-
Member
I'm trying to find the abilities in x64. Starspot bot does NOT work for me, it tries to use abilities that are on cooldown. The author gave me memory offsets and I loaded them in CE and they never change from 0. I did a simple CE search and was able to find the cooldown for these abilities (stays at 0, when in cooldown goes to cooldown time in ms). But that address wasn't near where Starspot says. He may be checking a activatable flag, instead of the cooldown, I never clarified.
If anyone can give me some tips, I'd appreciate it. It's funny that I seem to be the only one complaining to Starspot about this issue, so it seems to be something unique to my machine which is just absurd.
Last edited by efel; 06-23-2014 at 07:53 AM.
-
Tnx for sharing this info Kyriaqos, me to i'm digging the 64 bit client for info to create my bot, this is my first C# full experience and i decided to go directly to the 64 bit client, since this look the market trend.
I have my personal way to find the GameManager, that involve CE, find hp address, poinerscan it and since i have a idea of where it is, i find it in 3 mins.
But i'm also looking at IDA time to time, since that seem the way to do it, and i'm curious to know where the Array of Bytes come from (i mean, did you decided it was that somehow, or is it the one Apoc posted few weeks ago?) i really wish i can understand how to figure it from 0.
I'll post tomorrow my way to find and use CTM (click to move) in the hope you guys share some of your know too.
Originally Posted by
efel
If anyone can give me some tips, I'd appreciate it. It's funny that I seem to be the only one complaining to Starspot about this issue, so it seems to be something unique to my machine which is just absurd.
efel, can you pm me the offset? i really wish i can test them, what you say about it being absurd, is true, at least for what i know but i'm interessed in this problem too.
-
Member
Last edited by efel; 06-24-2014 at 12:00 PM.
-
All the address work fine for me, as i got back from work tonight, ill post my CTM and dig more about this problem.
The address you posted are not relater to the GameManager, so they must be related to the user interface (are you using some custom ui?), or something else i don't understand, in my mind there must be a skill manager relater to the player and so to the GameManager, and ill try for that.
Again tnx for the offset, saved me some work for sure.
-
Member
I tried disabling all my addons and those addresses still don't work. I don't understand why I'm having issues. I just want a rotation bot, ARGH! I'm running Win 8.1 at 2560x1440 in borderless window mode on an Intel i5 with 8GB RAM and an AMD 7870 2GB not that it should matter. Could it be my overclock?
-
Contributor
ASLR is enabled on WildStar this can be your problem, so you need to rebase your offsets to 0x0, then add pointer and base address of WildStar at run time.
-
Member
Midi, thanks for the reply, wouldn't the BOT do that automatically? I don't know. I just know that everyone that uses StarSpot, I seem to be the only one with issues with it using abilities that are on cooldown. The author doesn't seem to understand the issue, and no one else is complaining about it so it seems I'm the only one affected. I'm just confused.
-
Member
Update: whatever addresses I'm finding for cooldowns are 0x400 a part and get changed when zoning. I still can't figure out why the addresses StarSpot provides will not work for me but seem to work for everyone else.... It is not making any sense.
Last edited by efel; 06-24-2014 at 11:19 AM.
-
Active Member
Originally Posted by
efel
I'm trying to find the abilities in x64. Starspot bot does NOT work for me, it tries to use abilities that are on cooldown. The author gave me memory offsets and I loaded them in CE and they never change from 0. I did a simple CE search and was able to find the cooldown for these abilities (stays at 0, when in cooldown goes to cooldown time in ms). But that address wasn't near where Starspot says. He may be checking a activatable flag, instead of the cooldown, I never clarified.
If anyone can give me some tips, I'd appreciate it. It's funny that I seem to be the only one complaining to Starspot about this issue, so it seems to be something unique to my machine which is just absurd.
It never changed from 0 because you load them in a wrong way. You send me a screenshot and it was not correct.
And you can't search addresses in StarSpot and try to use them with Wildstar . You can add me in Skype and I will show you how it works. My ID is akaike02.
Last edited by Akaike; 06-24-2014 at 11:48 AM.
-
Member
Akaike, yes, but I've fixed my mistake and I can find the addresses in StarSpot and use them in CE (how else would I have that list from above?). The only one that correctly detects cooldown is 'R'. All of the others stay on 0.
See for yourself:
I just did a fresh reboot, undid any overclocking, and only loaded Wildstar64 and CE. Still not working. I have to be missing something, how can they work for everyone else?
Last edited by efel; 06-24-2014 at 11:54 AM.
-
Active Member
Originally Posted by
efel
Akaike, yes, but I've fixed my mistake and I can find the addresses in StarSpot and use them in CE (how else would I have that list from above?). The only one that correctly detects cooldown is 'R'. All of the others stay on 0.
See for yourself:
I just did a fresh reboot, undid any overclocking, and only loaded Wildstar64 and CE. Still not working. I have to be missing something, how can they work for everyone else?
Hm, I never allowed you to publish that stuff. But okay . I think I can fix that problem for you. R seems to work so I know a solution. By the way, it seems like you use hacks like nova or trackmaster? That could be your problem.
-
Member
I have no other hacks loaded. That green line is Ayth Quest addon or whatever... I'm curious to see your solution if you have one...
I can remove those addresses from the post, but I didn't think it was a big deal since they will change with a new version and anyone who can't find them now, won't be able to find them then... (or maybe I'm wrong)... Anyway, I'll remove them.