Can you read player names out of process?

[sweeper18]

I have my program looping through and finding all of the objects in the ObjMgr from out of process, Thanks Knyox . I am taking small steps and I have all of the NPC names/pos/level all of that good stuff updating every 200ms. I can't seem to find a way to read the player names from an offset of the player structure. I dumped the memory around the addresses I found using a memory scanner and didn't see much.


I was curious if anyone had done this quite yet... if not, I have a lot of really annoying work ahead of me

[mrbrdo]

Code:

function TWoWNPC.Name: String;
var m: Cardinal;
begin
  m := PWoWMemoryReader(mem).GetDWORD(ptrPlayerBase + 0xDB8);
  m := PWoWMemoryReader(mem).GetDWORD(m + 0x40);
  Result := PWoWMemoryReader(mem).GetString(m, 30); // 30 = length
end;

was told many times, not my idea (sry forgot who originally posted it, i know kynox mentioned it a few times).

[Shynd]

He's asking about Player names, not Unit names.

[Bobnovak]

I haven't seen anything about player names around, I imagine it's in there somewhere though.

[Cypher]

CGObject_C::GetObjectName:
.text:005D8470 CGObject_C__GetObjectName proc near ; CODE XREF: sub_59D930+108p
.text:005D8470 ; sub_59D930+182p
.text:005D8470 ; sub_5A07D0+1Ep ...

Not sure if that's what you're looking for but thats what I have on hand.

[kynox]

Code:

char *__thiscall sub_5D8470(int this, int a2)
{
  DWORD v2; // eax@1
  int v3; // esi@1
  char *result; // eax@2
  DWORD v5; // ecx@6
  int v6; // esi@14
  int v7; // eax@9
  int v8; // ecx@9
  int v9; // [sp+4h] [bp-8h]@2
  int v10; // [sp+8h] [bp-4h]@2

  v3 = this;
  v2 = *(_DWORD *)(this + 8);
  if ( (*(_DWORD *)(v2 + 8) >> 4) & 1 )                         // if ( (OBJECT_FIELD_TYPE >> 4) & 1) aka IsPlayer
  {
    v9 = *(_DWORD *)v2;
    v10 = *(_DWORD *)(v2 + 4);
    result = (char *)sub_67D400(*(_DWORD *)v2, *(_DWORD *)(v2 + 4), &v9, sub_5D6FB0, 0, 1);
    if ( result )
    {
      if ( a2 )
      {
        if ( *(result + 52) )
          *(_DWORD *)a2 = result + 52;
      }
      return result;
    }
  }
  else
  {
    v5 = *(_DWORD *)(this + 288);
    if ( *(_DWORD *)(v5 + 0x268) )                              // if ( UNIT_FIELD_PET_NUMBER ) aka IsPet
    {
      v9 = *(_DWORD *)v2;
      v10 = *(_DWORD *)(v2 + 4);
      result = (char *)sub_67E8C0(*(_DWORD *)(v5 + 616), &v9, sub_5D6FB0, 0, 1);
      if ( result )
      {
        if ( *((_DWORD *)result + 22) == *(_DWORD *)(*(_DWORD *)(v3 + 288) + 620) )
          return result;
        sub_5F24B0(result);
        sub_67A550(*(_DWORD *)(*(_DWORD *)(v3 + 288) + 616));
        v7 = *(_DWORD *)(v3 + 8);
        v9 = *(_DWORD *)v7;
        v8 = *(_DWORD *)(v3 + 288);
        v10 = *(_DWORD *)(v7 + 4);
        sub_67E8C0(*(_DWORD *)(v8 + 616), &v9, sub_5D6FB0, 0, 1);
      }
    }
    else
    {                                                           // else, Its a Unit
      v6 = *(_DWORD *)(v3 + 0xDB8);
      if ( v6 )
        return *(char **)(v6 + 0x40);
    }
  }
  result = (char *)sub_4C15D0("UNKNOWNOBJECT", -1, 0);
  if ( !result || !*result )
    result = "Unknown Being";
  return result;

^ Basically, its reading the name from cache (sub_67D400) Rather than a variable of the class.

It's going to be quite difficult to read it out from what i can see. Though, you can always try i guess.

Inprocess FTW!

[sweeper18]

This is gonna suck lol

[kynox]

You could always inject a code cave to call the cache function

[Shynd]

Read either Unit or Player name, entirely out of process
Pretty simple, actually. Names are stored in a linked list. WoW basically iterates through the list until it finds the entry whose GUID matches that of the object whose name it's trying to get. Simply do the same thing for the win.

As seen in the wild: [ame=http://youtube.com/watch?v=39aAgEjspH8]GetObjectName video[/ame]

[sweeper18]

Read either Unit or Player name, entirely out of process
Pretty simple, actually. Names are stored in a linked list. WoW basically iterates through the list until it finds the entry whose GUID matches that of the object whose name it's trying to get. Simply do the same thing for the win.

Yay, ty vm, will +rep if I can

[suicidity]

Very nice post Shynd.

I knew it could be done because that old KMap or whatever that was backed by Merc did it.

Nice work!