WoW Closes when looking for Pointers

[marko002]

Hi all mates,
i've a problem when i'm looking for pointers:
Let's say i'm looking for character name. I pump it into CE and it shows me the first address.
1) I go looking for "Find out what reads..." then i change character name and see what is changed in code. I see different Opcodes.
2) I look them to see if i can get the pointer and after some search i can try to fix one. I manually add it to the list
3) I go to this pointer (P->10CE7F1 and right click "Find Out what Reads.."
4) I choose "Find what writes to..." from pop-up

and then...WoW exits.... so i can't go one searching for greens...

What is gone wrong ???

Thanks

[UnknOwned]

because CrapEngine injects some code that WoW.exe don't want in there and just terminate the process to avoid you looking for pointers..

[Cypher]

WoW might be quitting when you attatch CEs debugger (which is required for the "find what writes to" functionality).

CE already pisses WoW/Warden off, so maybe try another tool and see if that works?

EDIT: SIF POST WHILE I AM MALU!

[marko002]

Cypher, thanks for your help. Can you suggest me, in your opinion, a good tool to use instead of CE ?
Thanks again,

M.

[Shynd]

L. Spiro's Memory Hacking Software

[Cypher]

L. Spiro's Memory Hacking Software

Exactly what I was gonna say.

[Nesox]

and if your wise you dont want to use cheatengine on retail scanning for pointers as warden doesnt liek the ce dll and you can get banned.. i use a uce and mhs, got banned when i used CheatEngine to scan for pointers

[marko002]

Infact. I got now MHS and i'm studying it. I need to learn some basics before i can achieve some interesting results.
I see MHS has the "Pointer Search" tool. Is it interesting or, since you surely are more skilled then me, it's better using Disassembler to check out what's happening to that address?

[Nesox]

Infact. I got now MHS and i'm studying it. I need to learn some basics before i can achieve some interesting results.
I see MHS has the "Pointer Search" tool. Is it interesting or, since you surely are more skilled then me, it's better using Disassembler to check out what's happening to that address?

dunno about that, what are u trying to accomplish?

[marko002]

Here is the matter:

I need some help to better understand where i'm making mistakes:
I try to be as clear as possible, hope someone (please understand me...) can help me sort it out:

Let's say i need to find my char name at login (WoW is the game) so i can check it with my program and i can auto-login:

1) I look address (dinamic) where NOW is the name:

Code:

Search String -> ASCII -> Name

2) I go changing name and i find 2 addresses

Code:

1240DBA0 - 12409C0

3) i dont think to use "Pointer Search" since i read it's better to use DIS

4) Right Click "Find what accesses this Address" on 1240DBA0
5) Go back to program and I change name
6) Going to look where i find a MOV:

Code:

006A125F   8808   MOV     BYTE PTR [EAX], CL   2

Code:

Address: 006A125F 
EAX (after): 1240DBA0   ESP (after): 0019FBB0 
ECX (after): 1240DB50   EBP (after): 0019FBB8 
EDX (after): FFFFFE20   ESI (after): 1240DBA0 
EBX (after): 1240D9C0   EDI (after): 1240DBA8 


Move CL (Ch) to [1240DBA0h]

7) I do the same for the other address: 12409C0
8 ) I find :

Code:

006A1280   8808   MOV     BYTE PTR [EAX], CL   1

Code:

Address: 006A1280 
EAX (after): 1240D9C0   ESP (after): 0019F850 
ECX (after): 00000050   EBP (after): 0019F858 
EDX (after): FF5DFE04   ESI (after): 1240D9C0 
EBX (after): 00000008   EDI (after): 119ED7C4 


Move CL (Ch) to [1240D9C0h]

9) Well, i realized (i did before) that this 006A1280 remains tha same if I close program and I restart.
10) This 006A1280 I believe should be a Static Address, so i add it to Address List (Unsigned Long - Hex) and go see it:
11) This address has this value: 1284114568 or 4C8A0888h
12) Going to see "Find what accesses this Address": there's nothing in DIS and no notes:
13) So IF i'm I correct if i read the value of 006A1280 (WoW.exe + 2A1280) i should find the address pointed, that contains my data BUT i don't find it, since as in 11) the value is 4C8A0888h
14) So i go see that 4C8A0888h but.. i get an "Unobtainable" ...

So I try it but using, i.e., Auto-It, if i memoryread 006A1280 i simply get 4C8A0888h and i can't go further more

Where do I fail? I repeat, if i restart game, close and reopen MHS i always will find 006A1280 pointed by the dinamic address, but i'm not able to go back to it from here, so i can't find the way to write down a correct formula to get it always.
Another hint, the 006A1280 it's not green so probably it's not a pointer.

Hope to find a solution, and maybe this can clarify lot of things I see here and in other forums asked mainly by users.

Thanks again to everyone for the help,

Sincerely,

M.

[Trollin]

i got it! don't memory edit on world of warcraft.. seems like too much of a hassle as is.. and pointless, imo

- trollin

[marko002]

well, i already developed a tool, but i need to go further more, hope someone can be of help
Thanks anyway, mate.

M.

[mandrup]

marko thanks - helped me out aswell

[marko002]

hope someone can help sort it out, anyway.
Thanks, mate

M.