[Release]WoW 2.4 Addresses

[Sychotix]

Here are the addresses that I updated today. If you have any more addresses, please feel free to post them! =D

Don't forget to +Rep if these helped you at all...

Code:

Speedhack Forwards:
[00E7D9E0]+0xC70

Speedhack Backwards:
[00E7D9E0]+0xC74

Speedhack Swimming:
[00E7D9E0]+0xC78

Speedhack Flying:
[00E7D9E0]+0xC80

X Coord:
[00E7D9E0]+0xBF4

Y Coord:
[00E7D9E0]+0xBF0

Z Coord:
[00E7D9E0]+0xBF8

Facing Direction:
[00E7D9E0]+0xBFC

Movement State:
[00E7D9E0]+0xC23

Map ID (credits to Flos):
009230EC

Zone ID:
00DD1B98 

??Something to do with zones??:
0093B2AC

Tilt Forward:
[00E7D9E0]+0xC08

Tilt Backward:
[00E7D9E0]+0xC04

Weird Movement Thing: (mostly useful on P-Servers im guessing)
[00E7D9E0]+0xC20

Minutes: (cant effect the hour)
00C6FD30

Jumphack: (i had trouble editing the value so i used a debugger)
008D60E8

P.S.

-You can change your movement state to walking (value 12 while flying, move some, and then switch back to your normal form to remain at that z coord and still fly! (only tested on a druid with flight form)
-Freeze the Zone ID to 4092 and you can use the Arcane Charges wherever you want, although it wont actually let you USE it.
-Change the weird movement thing to -2 and its like your walking up stairs (i think).

[AticAtac]

Nice !
Got also the new TLS-offset ?

[galpha]

New TLS Index: 0x00E7DA2C

[AticAtac]

Thx !
But looks like more has changed, replacing the tls-offset with the new one didn't work for me. Anyone else has the same problem ?

[Flos]

Thx !
But looks like more has changed, replacing the tls-offset with the new one didn't work for me. Anyone else has the same problem ?

yop same problem here. changed it a few hours ago and memory-reading errors.
grml.... need to learn assembler ^^

[Sychotix]

well duh noobs... the offsets will change too... do you guys understand wtf a pointer is? -.-

[AticAtac]

@kth
do you know what the tls-offset is ?
If not then read about it and come back and give us advises....

[Flos]

well duh noobs... the offsets will change too... do you guys understand wtf a pointer is? -.-

Nah... Pointer? never heard of it. Btw wtf is "world of warcraft" and what are we even talking about?

I'll admit that I have very limited understand of the whole TLS thing, but usually by changing the tlsindex adress I should get a pointer to the first objectStruct. Or am I wrong?

[Sychotix]

i dont use TLS since my method works... TLS is probably some noob method of finding a pointer address but ill look into it for yall -.-

EDIT: dont see any explanation on what TLS is except that TLS stands for "ThreadLocalStoragePointer". It looks like a complicated method (if you code it yourself) in which you must compile a program to do the searching for you... Why not simply do a pointer search on the addresses? Thats all I do, find the dynamic address, search for a pointer, make sure the pointer is not multilevel, use the address.

[Whalemarte]

TLS uses known PE offsets for various constant pointers to find the .data storage offset (iirc). You then use known offsets from the TLS slot to find known variables. The thing that broke is the variables stored in TLS moved around, you are still finding the base offset just fine. I'm looking into the new offsets. ^_^

edit
TLS appears to work just fine, the offsets are the same. What seems to be the bigger issue is permissions. The error I'm getting when I try to read is 998, or ERROR_NOACCESS. This means my program doesn't have permission to read that section of memory. I'm looking for a way around right now >_>

edit
more testing and it actually looks like the NextNode field changed in the object linked list. Oh joy, just after I deleted my Tsearch and PermEdit >.<

[AticAtac]

For wow-tls read here:
WoW.DeV &bull; View topic - Proof of concept code - WoW memory reading

With the tls-offset you get a list of objects (npc, mobs, players, ...).
So you just need to iterate through it.
Theoritically with a new patch you just need to adjust the tls-offset and everything else stay the same.
But with this patch i've the feeling much more changed. I was able to find the player-offset in the object-list and obviously some offsets inside thist structure changed too, like (x,y,z) values, etc.
But i may be wrong need to investigate more. Luckily i freezed the ram of the 2.3.3 version so i can compare things.

[Sychotix]

but why use that method which seems complicated and not simply scan for the x y z coords like i did? go up a mountain, scan increased, go down, scan decreased, rinse and repeat until you find the correct addy.

[Flos]

but why use that method which seems complicated and not simply scan for the x y z coords like i did? go up a mountain, scan increased, go down, scan decreased, rinse and repeat until you find the correct addy.

because the ObjectStructure contains a lot more information than just coordinates.
With the structure you for example have access to the coordinates of everybody around you.

[Sychotix]

so you can vac everyone? that would be.... interesting lol

[Whalemarte]

Torso framework for autoit fans if they want to use TLS based memory reading. Sadly the wow object changed and I don't know of any good programs to dump structure/enum data from wow.exe. Anybody? I'm trying to see if I can get IRA Debugger to do it