[Release]WoW 2.4 Addresses

[kynox]

i dont use TLS since my method works... TLS is probably some noob method of finding a pointer address but ill look into it for yall -.-

EDIT: dont see any explanation on what TLS is except that TLS stands for "ThreadLocalStoragePointer". It looks like a complicated method (if you code it yourself) in which you must compile a program to do the searching for you... Why not simply do a pointer search on the addresses? Thats all I do, find the dynamic address, search for a pointer, make sure the pointer is not multilevel, use the address.

Ha-Ha-Ha. You call it a "noob method" when infact brute forcing for the pointer is the "noob method". You do realise the pointer inside the TLS is infact the s_curMgr pointer.. correct?

why mess with other objects? Those will only be client sided anyways -.-

No.. you think? There are an endless amount of reasons to mess with the other objects. The top most being "RADAR".

I think you need to get off your high horse!

[Sychotix]

Its kind of funny how everyone is talking about that ONE post and not every other post I make. I have already answered to basically the same exact post earlier. Also, i do NOT brute force for the pointer. I search for the address, do a pointer search, and write the function. Finding the pointer normally only takes about a minute or less unless it is more complicated like the one that the unknown guy told me to find which is the camera. I will have to work on it later on since it does not use the playerbase to my knowledge.

[kynox]

You're still searching for something, whereas with the TLS it never changes (Unless you count the global index variable, but has not changed from 0 since they implemented the TLS method).

[Cypher]

kth_prkns, TLS is an obviously superior method, updating the TLS method takes a couple of seconds with an IDA script, wheras yours is a manual search for the offset then a pointer search, not only is that slower it's less flexible as it doesn't allow enumeration of the linked list.

/me waves at kynox

PS. I don't know why you had trouble with the jump height offset, the default value is "-7.9555473", all you have to do is make that a lower number to jump higher. ie -14 will let you jump approximately twice as high, etc.

[ABitHazy]

Guys, lay of kth, he made like one post with and negative talk in it and you all wont stop trying to call him a noob now. Seems to me like he knows quite a lot but is interested mainly in altering things ingame as opposed to just using data from the game to do things.

kth, I have to say thanks again for the first post you made in this thread. I had no idea there was a static pointer to the player's base address, untill now i had been searching through from the 1st object until i found one that matches the player. I dunno what Kynox is thinking since the 2 minutes of searching it would take to find the static pointer to the player base every patch is well worth having a nice, neat, reliable way of finding the player's base address. And anyway, heaps of things still change even when you're using TLS like the X, Y, Z offsets for mobs and those things are what take the most time to find each patch.

[kynox]

Guys, lay of kth, he made like one post with and negative talk in it and you all wont stop trying to call him a noob now. Seems to me like he knows quite a lot but is interested mainly in altering things ingame as opposed to just using data from the game to do things.

kth, I have to say thanks again for the first post you made in this thread. I had no idea there was a static pointer to the player's base address, untill now i had been searching through from the 1st object until i found one that matches the player. I dunno what Kynox is thinking since the 2 minutes of searching it would take to find the static pointer to the player base every patch is well worth having a nice, neat, reliable way of finding the player's base address. And anyway, heaps of things still change even when you're using TLS like the X, Y, Z offsets for mobs and those things are what take the most time to find each patch.

If you're reading externally, then yes. It can be tiresome.
However, if you do it the smart way and inject a DLL you can call functions inside of WoW.

Each CObject class has virtual members, including GetPosition/GetFacing/GetMode/GetName/etc which almost never change, so in my case its extremely easy to have a simpler approach i guess.

[AticAtac]

Injecting a DLL into WoW process can be dangerous and get detected by Warden!

I didn't try the injection via a hook-function (like the message-hook). It may be less dangerous than injecting via creating remote-thread. I never followed this path, which is of course the better approach to deal with things (calling virtual functions), but i am still worried that injecting has higher chance to be detected.

[kynox]

I've never been banned, and the only "safety precaution" is using ManualMap by Darawk so the module is never even loaded into the game.

[AticAtac]

Thanks for the information (+rep to you!).
So are you using a hook (which one?) or creating remote thread ?

And are you able to retrieve the name of the other players this way ?
I assume yes, since you call a "GetName()" function for each unit or ?

[Sychotix]

kth_prkns, TLS is an obviously superior method, updating the TLS method takes a couple of seconds with an IDA script, wheras yours is a manual search for the offset then a pointer search, not only is that slower it's less flexible as it doesn't allow enumeration of the linked list.

/me waves at kynox

PS. I don't know why you had trouble with the jump height offset, the default value is "-7.9555473", all you have to do is make that a lower number to jump higher. ie -14 will let you jump approximately twice as high, etc.

what trouble did i have with jump? you are probably refering to the fact that i put "(i had trouble editing the value so i used a debugger)". I put this because the memory editing engine that i use would not edit the value so i had to go to the base address and edit it manually. I did not say that i could not edit the value at all -.- and yes i know how it edits. I think its odd however that its negative but I'm guessing its telling the game to fall -7.9* z coords which would in turn pull you up.

Also i still do not see how TLS is a superior method. Mabye for making other things like a bot, but i have seen no releases like i have been releasing other than WoWInfinity which the creator ALSO memory edits like I do.

It seems like I know more about memory editing than you know about it and you know more about TLS than i do. Lets please drop this subject and stop spamming the thread with useless posts. Also can someone purge this thread of all the useless posts? Thanks.

[galpha]

its possible i guess but i thought wardent detected WPE since its such a common and old program.

also @chazwazza...

how am i noob when i am releasing all of these things which actually benefit the player? The only other person i see doing this is selling them. I am not interested in making a bot since I have glider to mess with.

Because you're the only one here who doesn't know what he's talking about. I'm not flamming you or something, but you don't even know what the TLS method for retrieving WoW Objects involve. Thinking doing Signature search + Struct search is supperior is just WRONG. It's vastly slower and is fairly limited.

You should read up on that technique on WoWDev before. Since this method has been made public (for a while now), no1 is using the old Struct search anymore.

[Sychotix]

I'm not searching for signatures. I am searching for values and how they change. Signatures are generally leechers who only know how to use Ollydbg to search for binary strings or people who are updating their older addresses. I have only once used someone else's method in finding something which was to find the wallclimb address way back in like patch 2.1 or 2.2 which I only used the ASM lines around the address and did a binary search with a few wildcards to incorporate the changes that may have been made in patching. Everything (except for one) has been from manual searching by either using a guessed value, or using things such as "Increased" and "Decreased" while of course starting with "Unknown" since i do not know the original value. The only one that I did not find this way was the jump address which I found through using my memory editor to put a breakpoint and find what wrote to (or maybe it was access i don't remember) to find which addresses wrote to it and then did multiple breakpoints to see how the jumps were being handled while jumping. After doing that, I would look around the function which I was led to and see if there were any pointers which, of course, there were and I edited the value the represent the hack I wanted.

I do not care for other methods of hacking WoW since from what I've heard, they will not help me modify the game to benefit the player in any other method but creating a bot. I do not need to know what x/y/z coord the box in the middle of Stormwind is at, nor do I need to know the HP of the mobs since this can all be accomplished through addons. If I wanted to bot, I would simply use Glider which I have been a member for about 2 years and I am loving it. If i wanted to change the position of certain objects I would simply Model Edit.

As I said before, please stop spamming the thread with posts that are trying to "down" me or trying to contradict what i have said. Someone else has already said it so let it be.

FYI everyone else, most of the addresses have changed from the few minutes that i was able to logon before the servers were taken down again. The only one i saw at a quick glance that was still the same was the time address which is useless none the less. I will be releasing new addresses by the end of tomorrow since I have to leave to eat in about 20 minutes.

[Cypher]

Injecting a DLL into WoW process can be dangerous and get detected by Warden!

I didn't try the injection via a hook-function (like the message-hook). It may be less dangerous than injecting via creating remote-thread. I never followed this path, which is of course the better approach to deal with things (calling virtual functions), but i am still worried that injecting has higher chance to be detected.

You won't get detected by warden if you stay away from detours. Injecting of DLLs is a perfectly legitimate tool, IM clients do it to provide anti-afk features, simply injecting a DLL won't raise flags.

As long as you're careful about what you modify you won't get detected. Warden doesn't do stack traces so calling functions is fine.

@kth_prkns

I give up, you obviously have no idea what you're talking about and there's no way anyone can get through to you. Ignorance is bliss I guess, have fun.