Object Manager

[Shamun]

I've seen shynd's blog about wow hacking...
I updated the addresses to 3.0.3 and used his code from Accessing WoW’s Game Objects « Shynd’s WoW Modification Journal.
I didn't use his memoryLib I used mine which I'm sure works.
For some reason I'm not able to get the objects.
Client Connection = 0x011CA260
Object Manager Offset = 0x2864

If anyone has idea what's wrong please help me

[argh44z]

His example code doesn't include getting s_curMgr so I'm going to guess that's where you messed up on. Read what he says carefully about it or post your code.

In psuedocode:

Code:

gClientConnection = ReadDWord(0x011CA260)
if gClientConnection 
       sCurMgr = ReadDWord(gClientConnection + 0x2864)
       if sCurMgr
            guid = ReadQWord(sCurMgr + 0xC0)
            curObj = ReadDWord(sCurMgr + 0xAC)
            while curObj
                 do whatever  
                 curObj = ReadDWord(curObj + 0x3C)

etc...

[Shamun]

Well actually I tried his code on how to get the address for the s_curMgr but it didn't work either =\
Both with his memoryLib and with mine

[argh44z]

post the relevant code

[Shamun]

Code:

using System;
using System.Collections.Generic;
using System.Text;
using System.Diagnostics;
namespace Wow_Bot
{
classProgram
{
constlong clientConnection = 0x011CA260;
constlong mgrOffset = 0x2864;
constlong s_curMgr = clientConnection + mgrOffset;
staticProcessMemoryReader reader = newProcessMemoryReader();
staticvoid Main(string[] args)
{
Process[] processes = Process.GetProcessesByName("Wow");
reader.ReadProcess = processes[0];
reader.OpenProcess();
string name = "";
long currentIndex = 0x011CA298;
byte currentByte = reader.ReadByte(currentIndex);
while (currentByte != 0)
{
name += (char)currentByte;
currentIndex++;
currentByte = reader.ReadByte(currentIndex);
}
uint curObj, nextObj, localObj = 0;
UInt64 localGUID;
localGUID = reader.ReadUInt64((s_curMgr + 0xC0));
Console.WriteLine("LocalGUID: 0x{0:X016}", localGUID);
curObj = reader.ReadUInt32((s_curMgr + 0xAC));
nextObj = curObj;
while (curObj != 0 && (curObj & 1) == 0)
{
UInt64 cGUID = reader.ReadUInt64((curObj + 0x30));
float X = reader.ReadFloat((curObj + 0x7D0));
float Y = reader.ReadFloat((curObj + 0x7D4));
float Z = reader.ReadFloat((curObj + 0x7D8));
if (cGUID == localGUID)
localObj = curObj;
Console.WriteLine("0x{0:X08} -- GUID: 0x{1:X016} | {2} {3} {4}", curObj, cGUID, X, Y, Z);
nextObj = reader.ReadUInt32((curObj + 0x3C));
if (nextObj == curObj)
break;
else
curObj = nextObj;
}
}
staticvoid FindAddress()
{
DateTime now = DateTime.Now; //used for testing how long it takes to find the tls pointer
System.Diagnostics.Process.EnterDebugMode(); //gives our program debug permissions
//if open process was successful
if (reader.hProcess != IntPtr.Zero)
{
//search for the code pattern that we want (in this case, WoW TLS)
uint tlscode = dwFindPattern(reader.hProcess, 0x410000, 0x400000,
"EB 02 33 00 64 8B 15 2C 00 00 00 8B 0D 00 00 00 00 8B 0C 8A",
"xxx?xxxxxxxxx????xxx");
//read Kynox's g_clientConnection from memory
uint g_clientConnection = reader.ReadUInt32(reader.ReadUInt32((tlscode + 0x16)));
//first, the offset for the curMgr inside g_clientConnection is read,
//then s_curMgr is read from g_clientConnection + that offset (which may change version to version,
//I honestly don't know)
uint s_curMgr = reader.ReadUInt32((g_clientConnection + reader.ReadInt32(tlscode + 0x22)));
//output to console
Console.WriteLine("TLS code: 0x{0:X08}\ng_clientConnection: 0x{1:X08}\ns_curMgr: 0x{2:X08}", tlscode, g_clientConnection, s_curMgr);
}
//tell user how long it took to find and get what we wanted
TimeSpan timer = DateTime.Now.Subtract(now);
Console.WriteLine("\n\nTime taken: {0}ms\n\nPlease press [ENTER] to continue...", timer.Milliseconds);
Console.ReadLine();
}
#region dwFindPattern
//blatantly adapted/copied from dom1n1k :)
staticbool bDataCompare(byte[] data, int index, byte[] pattern, string mask)
{
if (pattern.Length != mask.Length) returnfalse;
for (int i = 0; i < pattern.Length; i++)
if (mask[i] == 'x' && (data[index + i] != pattern[i]))
returnfalse;
returntrue;
}
//blatantly adapted/copied from dom1n1k :)
staticuint dwFindPattern(IntPtr hProcess, uint start, int length, string _pattern, string mask, char delimiter)
{
string[] p = _pattern.Split(delimiter);
byte[] pattern = newbyte[p.Length];
for (int i = 0; i < p.Length; i++)
pattern[i] = Convert.ToByte(p[i], 16);
constint bytestoread = 1024;
int index = 0;
byte[] buf;
if (bytestoread > length)
{
buf = newbyte[length];
reader.ReadMemory(start, ref buf);
for (int i = 0; i < (buf.Length - pattern.Length); i++)
if (bDataCompare(buf, i, pattern, mask))
return (uint)(start + i);
}
else
{
while (index < length)
{
buf = newbyte[bytestoread + pattern.Length];
reader.ReadMemory(start + index, ref buf);
for (int i = 0; i < bytestoread; i++)
if (bDataCompare(buf, i, pattern, mask))
return (uint)(start + index + i);
index += bytestoread;
}
}
returnuint.MaxValue;
}
staticuint dwFindPattern(IntPtr hProcess, uint start, int length, string _pattern, string mask)
{
return dwFindPattern(hProcess, start, length, _pattern, mask, ' ');
}
#endregion
}
}

this is all my code exculde my memory class but you can guess what it does not so complicated.
you can see i used addresses instead of the FindAddress method coz it doesn't work.
The addresses I used are updated to version 3.0.3 as I see in many websites.
I would appreciate help

[luciferc]

I too have tryed shynd's but i had all my data correct just said unknown error injectin.

[kynox]

Did you even read his code at all? g_clientConnection is a pointer to a structure. It has members, one of which is the s_curMgr pointer.

const long clientConnection = 0x011CA260;
const long mgrOffset = 0x2864;
const long s_curMgr = ReadValueOf(ReadValueOf(clientConnection) + mgrOffset);

There's the proper pseudo code.

[Cypher]

Did you even read his code at all? g_clientConnection is a pointer to a structure. It has members, one of which is the s_curMgr pointer.

There's the proper pseudo code.

Incoming question:

"Where can I download compiler for pseudo?? Is it better than AutoIt?"

[luciferc]

u gotta go to 1guy1horse free download!

[Shamun]

now really where can I download the compiler?

Just Kidding :P
Thanks for the advice I'll try it out

[Robske]

I too have tryed shynd's but i had all my data correct just said unknown error injectin.

Tsk tsk, fasm_managed.dll is but a wrapper for fasm.dll so it's only natural that your injection won't work if this file isn't present.

I place it in bin/release and run the compiled exe. I'm pretty sure there's a more optimal way to do this but I'm not that into visual studio that much

[Shamun]

Thanks to kynox I've got the object manager working.