ReadProcessMemory w/o BlackMagic

[cloud_wizard]

[I]Hi again everyone. I've been dissecting a lot of code over the last few days. I was pretty sure I had a working bit of code here that would get exactly the information I needed from WoW... Without having to use BlackMagic. I was wrong, though.

This is a massive hunk of code that I'm not finished with yet. I'll tidy it up a bit later.

Code:

	void GetNearbyPlayerInfo()
	{
		HBAI.CurrentWoWInstance = 0;
		HBAI.Handle = OpenProcess(PROCESS_ALL_ACCESS,FALSE,HBAI.Instance[HBAI.CurrentWoWInstance].PID);

		DWORD ClientConnectionAddress = 0x011CA260;
		DWORD ClientConnection;

		ReadProcessMemory(HBAI.Handle,(LPCVOID)ClientConnectionAddress,&ClientConnection,4,&HBAI.BytesRead);

		DWORD ObjectManagerAddress = ClientConnection + 0x2864;
		DWORD ObjectManager;

		ReadProcessMemory(HBAI.Handle,(LPCVOID)ObjectManagerAddress,&ObjectManager,4,&HBAI.BytesRead);
		
		DWORD CurrentObjectAddress = ObjectManager + 0xAC;
		DWORD CurrentObject;

		ReadProcessMemory(HBAI.Handle,(LPCVOID)CurrentObjectAddress,&CurrentObject,4,&HBAI.BytesRead);

		DWORD LocalObjectAddress = CurrentObject;

		DWORD GUIDOffset = 0x0;
		DWORD NameOffset;
		DWORD LevelOffset = 0x35;
		DWORD RaceOffset;
		DWORD ClassOffset;
		DWORD CurrentHPOffset = 0x17;
		DWORD MaxHPOffset = 0x1F;
		DWORD CurrentPowerOffset;
		DWORD MaxPowerOffset;
		DWORD AliveOffset;
		DWORD XOffset;
		DWORD YOffset;
		DWORD ZOffset;
		DWORD FacingOffset;
		DWORD TargetOffset = 0x12;
		
		int i = 0;

		ReadProcessMemory(HBAI.Handle,(LPCVOID)CurrentObjectAddress,&CurrentObject,4,&HBAI.BytesRead);

		while (CurrentObject != 0)
		{
			DWORD ObjectTypeAddress = CurrentObject + 0x14;
			DWORD ObjectType;
			ReadProcessMemory(HBAI.Handle,(LPCVOID)ObjectTypeAddress,&ObjectType,4,&HBAI.BytesRead);
			if(ObjectType == 4)
			{
				LocalObjectAddress = CurrentObject + 0x8;
				ReadProcessMemory(HBAI.Handle,(LPCVOID)(LocalObjectAddress),&HBAI.Instance[HBAI.CurrentWoWInstance].PlayerObjectData[i].GUID,4,&HBAI.BytesRead); // GUID
				ReadProcessMemory(HBAI.Handle,(LPCVOID)(LocalObjectAddress+CurrentHPOffset),&HBAI.Instance[HBAI.CurrentWoWInstance].PlayerObjectData[i].CurrentHP,4,&HBAI.BytesRead); // CurrentHP
				ReadProcessMemory(HBAI.Handle,(LPCVOID)(LocalObjectAddress+MaxHPOffset),&HBAI.Instance[HBAI.CurrentWoWInstance].PlayerObjectData[i].MaxHP,4,&HBAI.BytesRead); // MaxHealth
				if (HBAI.Instance[HBAI.CurrentWoWInstance].PlayerObjectData[i].MaxHP > 0)
				{
					HBAI.Instance[HBAI.CurrentWoWInstance].PlayerObjectData[i].PercentHP = ((HBAI.Instance[HBAI.CurrentWoWInstance].PlayerObjectData[i].CurrentHP / HBAI.Instance[HBAI.CurrentWoWInstance].PlayerObjectData[i].MaxHP) *100); // Calculate Percent HP
				}
				i++;
				if (HBAI.Instance[HBAI.CurrentWoWInstance].PlayerObjectData[i].PercentHP != 0)
				{
					MsgBox(HBAI.Instance[HBAI.CurrentWoWInstance].PlayerObjectData.PercentHP.ToString());
				}
			}
			CurrentObject = CurrentObject + 0x3C;
		}
	}

First thing it doesn't do *ever* is display the message box. Second thing it does is get stuck in the loop. I'm pretty sure I got several things wrong. I just don't know where they are.

[cloud_wizard]

If you expect me to run that, you're out of your god damned mind.

[alek900]

first thing i noticed was

Code:

CurrentObject = CurrentObject + 0x3C;

should be

Code:

CurrentObject = MemoryRead(CurrentObject + 0x3C);

http://fiveoheight.110mb.com/508_Client_Public.html

gtfo!

[cloud_wizard]

Alright, that solved the getting stuck in the loop problem... but I'm still not getting the message box.

[Cypher]

Add some debug messages, see where it's failing. Software testing 101.

[cloud_wizard]

Alright, I greatly simplified the code. It should be a lot easier to follow now... In the process, I didn't fix my error, though. I think I'm doing something wrong. Something simple.

Code:

	DWORD MemoryRead(HANDLE Handle, DWORD ReadAddress, int BytesToRead)
	{
		SIZE_T BytesRead;
		DWORD ContentsOfAddress;
		ReadProcessMemory(Handle,(LPCVOID)ReadAddress,&ContentsOfAddress,BytesToRead,&BytesRead);
		return ContentsOfAddress;
	};

	void GetNearbyPlayerInfo()
	{
		HBAI.CurrentWoWInstance = 0;
		HBAI.Handle = OpenProcess(PROCESS_ALL_ACCESS,FALSE,HBAI.Instance[HBAI.CurrentWoWInstance].PID);

		DWORD ClientConnection = MemoryRead(HBAI.Handle,0x011CA260,8);
		DWORD ObjectManager = MemoryRead(HBAI.Handle,(ClientConnection+0x2864),8);
		DWORD CurrentObject = MemoryRead(HBAI.Handle,(ObjectManager+0xAC),8);

		DWORD GUIDOffset = 0x0;
		DWORD NameOffset;
		DWORD LevelOffset = 0x35;
		DWORD RaceOffset;
		DWORD ClassOffset;
		DWORD CurrentHPOffset = 0x17;
		DWORD MaxHPOffset = 0x1F;
		DWORD CurrentPowerOffset;
		DWORD MaxPowerOffset;
		DWORD AliveOffset;
		DWORD XOffset;
		DWORD YOffset;
		DWORD ZOffset;
		DWORD FacingOffset;
		DWORD TargetOffset = 0x12;
		
		int IndexNumber = 0;

		while (CurrentObject != 0)
		{
			DWORD ObjectType = MemoryRead(HBAI.Handle,(CurrentObject+0x14),8);

			if(ObjectType == 4)
			{
				DWORD UnitFields = MemoryRead(HBAI.Handle,(CurrentObject+0x8),8);

				HBAI.Instance[HBAI.CurrentWoWInstance].PlayerObjectData[IndexNumber].CurrentHP = MemoryRead(HBAI.Handle,(UnitFields+CurrentHPOffset),8);
				HBAI.Instance[HBAI.CurrentWoWInstance].PlayerObjectData[IndexNumber].MaxHP = MemoryRead(HBAI.Handle,(UnitFields+MaxHPOffset),8);
				HBAI.Instance[HBAI.CurrentWoWInstance].PlayerObjectData[IndexNumber].GUID = MemoryRead(HBAI.Handle,(UnitFields+GUIDOffset),8);

				if (HBAI.Instance[HBAI.CurrentWoWInstance].PlayerObjectData[IndexNumber].MaxHP > 0)
				{
					HBAI.Instance[HBAI.CurrentWoWInstance].PlayerObjectData[IndexNumber].PercentHP = ((HBAI.Instance[HBAI.CurrentWoWInstance].PlayerObjectData[IndexNumber].CurrentHP / HBAI.Instance[HBAI.CurrentWoWInstance].PlayerObjectData[IndexNumber].MaxHP) *100); // Calculate Percent HP
				}
				if (HBAI.Instance[HBAI.CurrentWoWInstance].PlayerObjectData[IndexNumber].PercentHP != 0)
				{
					MsgBox(HBAI.Instance[HBAI.CurrentWoWInstance].PlayerObjectData[IndexNumber].PercentHP.ToString());
				}
				IndexNumber++;
			}
			CurrentObject = MemoryRead(HBAI.Handle,(CurrentObject+0x3C),8);
		}
	}

[Cypher]

Thanks for doing what I suggested and posting the results. Its much easier for me to go to the trouble of doing it myself just to fix your problem.

/sarcasm

[alek900]

make it print out the objects and their type that it finds.

[cloud_wizard]

Sorry, I don't know what any of these numbers before the while loop should be. I've traced through it a few times seeing if I can see something that makes sense, but honestly, I don't know what I'm looking at. I'll give you what I've got though.

Begin Trace @ HBAI.CurrentWoWInstance (2 lines inside of the 2nd function)

@ DWORD ClientConnection ... Handle is 0x29C, ReadAddress is 18653792.
@ MemoryRead Function @ ReadProcessMemory... ClientConnection = 194726136
@ DWORD ObjectManager
@ MemoryRead Function @ ReadProcessMemory... ObjectManager = 318771096
@ DWORD CurrentObject
@ MemoryRead Function @ ReadProcessMemory... CurrentObject = 790298656

<skipping some boring variable definitions>

@ while (CurrentObject !=0)
@ DWORD ObjectType =
@ MemoryReadFunction @ ReadProcessMemory... ObjectType = 1
@ DWORD ObjectType = 1
@ CurrentObject = MemoryRead(HBAI.Handle,(CurrentObject+0x3C),;
@ MemoryReadFunction @ ReadProcessMemory... CurrentObject = 790300152

@ while (CurrentObject !=0)
@ DWORD ObjectType =
@ MemoryReadFunction @ ReadProcessMemory... ObjectType = 1
@ DWORD ObjectType = 1
@ CurrentObject = MemoryRead(HBAI.Handle,(CurrentObject+0x3C),;
@ MemoryReadFunction @ ReadProcessMemory... CurrentObject = 790301648

<It repeats for a while>

CurrentObject = 774106774, ObjectType = 2
CurrentObject = 790332592, ObjectType = 1

<object type is 1 for several more cycles>

Another ObjectType = 2

More ObjectType = 1

The occasional ObjectType = 2

Followed by more ObjectType = 1 (@ 774115774 now)

<skipping until ObjectType = 4>

CurrentObject = 356854416, Object Type = 4 (resuming verbose feedback)
@ HBAI.Instance[HBAI.CurrentWoWInstance].PlayerObjectData[IndexNumber].CurrentHP = MemoryRead(HBAI.Handle,(UnitFields+CurrentHPOffset),;

UnitFields = 356864304

HBAI.Instance[HBAI.CurrentWoWInstance].PlayerObjectData[IndexNumber].CurrentHP = MemoryRead(HBAI.Handle,(UnitFields+CurrentHPOffset),;

Failed ?

HBAI.Instance[HBAI.CurrentWoWInstance].PlayerObjectData[IndexNumber].CurrentHP

was never given a quantity. (Assuming this is a good place to start?)

[alek900]

Code:

UnitFields+(CurrentHPOffset * 4)

[Robske]

HBAI.Instance[HBAI.CurrentWoWInstance].PlayerObjectData[IndexNumber].CurrentHP = MemoryRead(HBAI.Handle,(UnitFields+CurrentHPOffset * 4),;
HBAI.Instance[HBAI.CurrentWoWInstance].PlayerObjectData[IndexNumber].MaxHP = MemoryRead(HBAI.Handle,(UnitFields+MaxHPOffset * 4),;
HBAI.Instance[HBAI.CurrentWoWInstance].PlayerObjectData[IndexNumber].GUID = MemoryRead(HBAI.Handle,(UnitFields+GUIDOffset * 4),;

Assuming you got the offsets from the stickied post.

[cloud_wizard]

That did it. I don't understand what adding *4 did, but that made it work. Thank you all, and +Rep






Er... wait wait wait. Why *DID* adding *4 make it work?

[alek900]

That did it. I don't understand what adding *4 did, but that made it work. Thank you all, and +Rep






Er... wait wait wait. Why *DID* adding *4 make it work?

because each field is 4 bytes long, I think, I'm still trying to understand this :P

[Robske]

It has something to do with how computers store arrays in memory.

When you create an array the computer will allocate enough memory to hold all items, these items always have the same size. When you wish to access a particular element in the array, your computer will multiply the index by that size and add that value to the address of the base of the array to get the correct memory slot in memory.

Seeing as the size is 4 bytes in most cases, you'll have to read from the base and add the index multiplied by 4. So if the index for health is 0x17 you'll have to read from [base + 0x17*4] where the base is found in [object+0x8]

[Shynd]

HOLY ****ING HELL, PLEASE STOP.

Memory in a 32-bit application is aligned EVERY FOUR ****ING BYTES, hence 32-bit. Byte = bit * 8. 4 * 8 = 32. 32 bit = 4 ****ing bytes. **** me running how can you ALL be that stupid?



And, for the record, let's get one thing straight: BlackMagic is none of the following:
The only way to read memory.
The best way to read memory.
The newest way to read memory.
The fastest way to read memory.
ANYTHING SPECIAL, other than it has been adopted, for whatever reason, by a proportionately large group of this forums' posting population.

Please, stop saying things like 'how do I inject without BlackMagic' and 'how i for memorying w/o BLACKMAJIK!!' or whatever stupid shit comes spewing from your collective mouths.