Hi, its been awhile since i posted anything but im doing it now so if anyone would like to answer some of my questions it would be kind
1. the new Tls-Index for 2.4.3 is 0xE2563C? right, i looked it up with Ida
2. this part of code i dont fully understand , the slot is the Tls-Index right?
and the tlsoffset i read on another thread that it shoud be 0x08 for 2.4.3 but if u look at the other piece of code it reads the tls offset from base adress of the thread + 0x2C? and the value of the offset would be 0x153500.
Code:
int tlsoffset = m_Memory.ReadInteger((int)tbi.TebBaseAddress + 0x2C);
int targetslot = m_Memory.ReadInteger(tlsoffset + (slot * 4));
WowObjectBasePointer = m_Memory.ReadInteger(targetslot + 8);
long MyGUID = m_Memory.ReadLong(targetslot + 16);
3.After you get the WowObjectBasePointer how would you go on to copy/enumerate the mob/player data struct?
i know some of this questions has been asked before and kynox posted c++ source an app that fetches the pointer. but have mercy im currently learning c++ got 1 book ive been studying C# for about 1 year now also bought a book recently: Exploiting Online Games: Cheating Massively Distrubuted System. Its quite nice and helped me some.
:wave:
this is the output im getting now.
Code:
int WowObjectBasePointer = 0;
uint THREAD_QUERY_INFORMATION = 0x40;
IntPtr snaphandle = IntPtr.Zero;
IntPtr threadhandle = IntPtr.Zero;
MemoryReader m_Memory = new MemoryReader();
Process[] listProcesses = Process.GetProcesses();
int PID = 0;
bool WoWfound = false;
int index = 0;
for (int i = 0; i < listProcesses.Length; i++)
if (listProcesses[i].MainWindowTitle == "World of Warcraft")
{ PID = listProcesses[i].Id; WoWfound = true; index = i; break; }
if (WoWfound != false)
{
m_Memory.Open(listProcesses[index]);
}
else
MessageBox.Show("Unable to find Wow");
int slot = m_Memory.ReadInteger(0xE2563C);
snaphandle = CreateToolhelp32Snapshot(MemoryReader.TH32CS_SNAPTHREAD, 0);
if (snaphandle != null)
{
THREADENTRY32 info = new THREADENTRY32();
info.dwSize = (uint)System.Runtime.InteropServices.Marshal.SizeOf(typeof(THREADENTRY32));
bool morethreads = true;
bool found = false;
if (Thread32First(snaphandle, ref info))
{
while (morethreads && !found)
{
if (info.th32OwnerProcessID == m_Memory.ReadProcess.Id)
{
threadhandle = OpenThread(THREAD_QUERY_INFORMATION, false, info.th32ThreadID);
if (threadhandle != null)
{
THREAD_BASIC_INFORMATION tbi = new THREAD_BASIC_INFORMATION();
if (NtQueryInformationThread(threadhandle, 0, ref tbi, (uint)System.Runtime.InteropServices.Marshal.SizeOf(typeof(THREAD_BASIC_INFORMATION)), IntPtr.Zero) == 0)
{
int tlsoffset = m_Memory.ReadInteger((int)tbi.TebBaseAddress + 0x2C);
int targetslot = m_Memory.ReadInteger(tlsoffset + (slot * 4));
WowObjectBasePointer = m_Memory.ReadInteger(targetslot + 8);
long MyGUID = m_Memory.ReadLong(targetslot + 16);
string status_string = "Base pointer found: " + WowObjectBasePointer.ToString("X") + "n";
status_string += "GUID of player: " + MyGUID.ToString("X") + "n";
CloseHandle(threadhandle);
found = true;
label1.Text = status_string;
}
}
}
info.dwSize = (uint)System.Runtime.InteropServices.Marshal.SizeOf(typeof(THREADENTRY32));
morethreads = Thread32Next(snaphandle, ref info);
}
}
CloseHandle(snaphandle);
}
return WowObjectBasePointer;