What would you do to get started?

[shauno]

Hey everyone..
I'm a C#/.NET developer looking to learn the ins and outs of developing for WoW.
Are you required to have a strong knowledge of ASM?
Where would you begin? For someone that has a decent knowledge of programming (it's my job, real snorefest), and can learn and understand most things fairly quickly but is just new to the world of game 'hacking' .. things like remote calls, calling functions externally and what not is all foreign to me but would like to learn..

Thanks in advance for any tips etc, hopefully will help others get on the right track too and hopefully in the near future have something from me to give back to the community

(hopefully you guys don't get too many of these threads..)

[Shynd]

I'd read the books listed in this thread as well as x86 Assembly - Wikibooks, collection of open-content textbooks and x86 Disassembly - Wikibooks, collection of open-content textbooks personally.

[shauno]

Thanks Shynd, you forgot to mention your own blog for more specific reading, it helped get me through the basics of memory reading.

The one question that's really burning on my mind, is how to come to the conlusion on finding things like these patterns:

dwFindPattern(hProcess, 0x400000, 0x600000, "EB 02 33 00 64 8B 15 2C 00 00 00 8B 0D 00 00 00 00 8B 0C 8A", "xxx?xxxxxxxxx????xxx");

I know what the function does, what the parameters do, just unsure of how someone managed to get the search pattern and the mask..

Such as your post here: http://www.mmowned.com/forums/wow-me...ml#post1127086

Any info is helpful Thanks!

[Shynd]

Sigmaker 0.2 - Game Deception - Forums

I used to make patterns by hand, but why when there's such a useful tool for doing so? =p

[shauno]

Sigmaker 0.2 - Game Deception - Forums

I used to make patterns by hand, but why when there's such a useful tool for doing so? =p

Thanks again Shynd, good app, I'm trying to find the latest signature for the g_clientConnection pointer but can't manage to do it properly.

Actually, I think the problem is I'm not using ollydbg properly.. I'm somewhat confused here because I know where the pointer and curMgr offset are (from the 3.0.2 thread) and know what they are, can find them in ollydb when opening Wow.exe but is that is required to get the sig? Don't have to do any breakpointing or actual running of the app?

Thanks for your time for a noob

[shauno]

This is where I'm at in ollydbg, I've tried selecting the last few lines preceeding the pointer for the objmgr (46FBA9) and making a sig but dwFindPattern still can't find it (returns maxint value)

http://img80.imageshack.us/img80/7945/objmgrox9.jpg

Any idea? I'm sure it's something simple.

[Cypher]

Sigh. Based on your OP I can tell you you're going about this the wrong way.

You need to learn to run before you can walk, and firing up olly and trying to make signatures when you don't even understand the code you're looking at is just stupid.

Please do the required theory before jumping right into the practical deep end, it'll save us all from hours of fielding pointless (and to an extent, stupid) questions.

[shauno]

Sigh. Based on your OP I can tell you you're going about this the wrong way.

You need to learn to run before you can walk, and firing up olly and trying to make signatures when you don't even understand the code you're looking at is just stupid.

Please do the required theory before jumping right into the practical deep end, it'll save us all from hours of fielding pointless (and to an extent, stupid) questions.

I'm definitely going through the theory and have downloaded the books to read for sure. At this very point in time I'm just mucking around with some code extracts.

[Shynd]

Cypher does have a point. You may want to just hardcode offsets for now. Most of what you'll need will be updated and posted here every patch anyway.

[Cypher]

I'm definitely going through the theory and have downloaded the books to read for sure. At this very point in time I'm just mucking around with some code extracts.

That's one of the worst things you can do before you understand what you're doing, just a waste of time. You're asking "where would I begin", well we've told you, and you're doing something totally different, so why bother asking? Don't get me wrong its your choice to make, but make it without wasting our time.

PS. What I've said above ('waste of time') is evident from the followup questions you're asking.

[shauno]

That's one of the worst things you can do before you understand what you're doing, just a waste of time. You're asking "where would I begin", well we've told you, and you're doing something totally different, so why bother asking? Don't get me wrong its your choice to make, but make it without wasting our time.

PS. What I've said above ('waste of time') is evident from the followup questions you're asking.

I'm not doing something totally different, I just can't concentrate on reading a book at work right now until I get home.

[shauno]

Thanks Hyru.

I've done the CE tutorial a long while ago and have played around with it before.
Also done a bit of playing around with PostMessage/SendMessage in previous games played and am familiar with P/Invoke (haven't used Read/Write ProcessMemory though)

Funnily enough, that's what I am already doing now, reading a list of objects into a Dictionary using the GUID as the key and a custom class to store the data, just about to start figuring out how to get UnitFields in there.

It is in my own class, with events, so it's as easy as creating an instance of the class, subscribing to the event..

Code:

wBase.ObjectChanged += new EventHandler<ObjectChangedEventArgs>(wBase_ObjectChanged);

And encapsulating the changes in the eventargs class..

Once I get the jist of the more advanced techniques for memory reading (I'm not at all interested in writing or 'hacking' or exploiting anything) I hope to finish off this class as an event based .. base .. for apps.

[Cypher]

1. You do not need a strong knowledge of ASM.

2. Honestly, for someone brand new to memory hacking, I recommend Cheat Engine's tutorial. It's great for beginners.

3. Research the P/Invokes ReadProcessMemory/WriteProcessMemory and SendMessage/PostMessage. Google some tutorials or grab one of the user submitted libraries found throughout these forums.

4. As far as architecture, it'll be different in C# than in C++. You'll basically want to read a list of objects from WoW's memory into a Dictionary<uint,Mobile> where uint is the object's serial (GUID) and Mobile is a custom class you define that contains relevant object information like current vector and attributes (UnitFields). You could take it as far as creating your own Client class which encapsulates all data from a WoW process. This allows you to gather information from multiple clients running on a local machine or over a network stream and utilize it in a central app/server. Very good for multiple AI simulations.

5. Your applications will not warrant a ban as long as you a) do not distribute them, and b) do not write to memory carelessly. If the first is a problem, you should look into countermeasures against warden.

1. If you wanna do anything substantial then yes you very much do need a strong knowledge.

2. It teaches the 'how/what', not the 'why', and the 'why' is the most valuable part.

3. He doens't need to learn about APIs, he needs to learn about reverse engineering and the x86 architecture.

4. Do you even know what the word "architecture" encompasses in this context? Furthermore, do you even understand fully what half of you just said means or are you just spouting a bunch of crap.

5. Correct for the most part but you want to watch out for server side detection on certain things.

[zaleo]

I do not get this threat, when Cypher does not like to put time in getting people up to speed, then why is he putting so much time in answering this threat and blaming Shauno of wasting his time while he is the one who is choosing to respond in the first place.?

[Cypher]

I do not get this threat, when Cypher does not like to put time in getting people up to speed, then why is he putting so much time in answering this threat and blaming Shauno of wasting his time while he is the one who is choosing to respond in the first place.?

1. Don't bump old threads.

2. Believe it or not I'm not here to tutor you. I provide information and advice for free and on my own time, whether you choose to take it onboard is your choice, but don't come here and tell me I need to put in more time to tutor the stupid people like yourself who are too lazy to do any real work.

3. Stop cross-posting. Stick to your first thread.

4. You're a moron.