[Help] PlayerAdress

[unbekannt1]

Hi,
I am using PlayerAdress =[ [ [ 0x010B65F4 ] + 0x34 ] + 0x24 ] to find out the Playeradress. My Problem is that it often gets the wrong value. Sometimes it works but most of the time it won't.

Code:

unsigned adresse = 0x010B65F4;

hwnd = FindWindow(NULL, TEXT("World of Warcraft"));

GetWindowThreadProcessId(hwnd, &ID);     

handle = OpenProcess(PROCESS_ALL_ACCESS, 0, ID);
	
ReadProcessMemory(handle, (LPCVOID)adresse, &puffer2, sizeof(puffer2), &rw);

puffer2 = puffer2 + 0x34;
	 ReadProcessMemory(handle, (LPCVOID)puffer2, &puffer2, sizeof(puffer2), &rw);

  puffer2 = puffer2 + 0x24;
ReadProcessMemory(handle, (LPCVOID)puffer2, &playerAdress, sizeof(puffer2), &rw);
std::cout<< playerAdress;

My test program has Debug Privs.

[Zephir]

well, what do you expect to get?
the playerbase is just a memory adress that you can use to find information about your character. you do it by adding offsets which are listed on this forum.

[unbekannt1]

I know. For example i read out the Current Hp sometimes it works, but often i get a value like -89944,45e10. This happpens when the playerAdress is not right. Why does it sometimes work and sometimes not?

[Zephir]

WoW rearranges the memory structure whenever you relog or change your zone (happens when you see a load screen). if that happens, you will need to relocate your playerBase again!

[unbekannt1]

I just have a little test program. I start it, it shows me my health and quits. Then i start it again it shows my health. This can work a long time but sometimes by the first try i get wrong values. Because of restarting my program everytime i should not have any problems with rerranged memory structure or?

[Zephir]

Because of restarting my program everytime i should not have any problems with rerranged memory structure or?

that should solve it yes. however i can not imagine why you get wrong values from time to time unless you post the whole thing. probably got an if clause going the wrong way somewhere or something

[unbekannt1]

Code for enabling Debug Privs:

Code:

bool EnableDebugPrivilege()
{
	TOKEN_PRIVILEGES priv;
	HANDLE hThis, hToken;
	LUID luid;
		hThis = GetCurrentProcess();
	OpenProcessToken(hThis, TOKEN_ADJUST_PRIVILEGES, &hToken);
	LookupPrivilegeValue(0, TEXT("seDebugPrivilege"), &luid);
	priv.PrivilegeCount = 1;
	priv.Privileges[0].Luid = luid;
	priv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
	AdjustTokenPrivileges(hToken, false, &priv, 0, 0, 0);
		CloseHandle(hToken);
	CloseHandle(hThis);
	return true;
}

Main function

Code:

#include "movement.h"
#include "memory.h"


HWND hwnd;
DWORD ID;
DWORD rw2=0;
HANDLE handle;

unsigned int playerbase;

int _tmain(int argc, _TCHAR* argv[])
{
	//ADRESSE 3.1.1
	unsigned adresse = 0x010B65F4;

	//Debug Priv
	::EnableDebugPrivilege();

	//Hwnd and Handle
	hwnd = 0;
	hwnd = FindWindow(NULL, TEXT("World of Warcraft"));
	GetWindowThreadProcessId(hwnd, &ID);                                                                                                                                                                   // Funktion
	handle = OpenProcess(PROCESS_ALL_ACCESS, 0, ID);  


	//Create objects
	movement move(hwnd);
	memory mem(handle);


	//Playerbase
	unsigned int puffer;
	ReadProcessMemory(handle, (LPCVOID)adresse, &puffer, sizeof(puffer), &rw2);
	puffer = puffer + 0x34;
	ReadProcessMemory(handle, (LPCVOID)puffer, &puffer, sizeof(puffer), &rw2);
	puffer = puffer + 0x24;
	ReadProcessMemory(handle, (LPCVOID)puffer, &playerbase, sizeof(puffer), &rw2);


	std::cout<< mem.CurrentHealth(playerbase);

	system("Pause");
	CloseHandle(handle);
    	 return 0;
}

CurrentHp function

Code:

int CurrentHealth(unsigned int base) {
	base = base + 0x8;
	int buffer;
	ReadProcessMemory(handle2, (LPCVOID)base, &base, sizeof(buffer), &rw);
	base = base + 0x17 * 4;
	ReadProcessMemory(handle2, (LPCVOID)base, &buffer, sizeof(buffer), &rw);
	return buffer;
}

This is nearly the whole code. Do yout see any mistakes?

[Zephir]

looks pretty good actually. only whats the difference between handle and handle2 (CurrentHealth(unsigned int base) uses handle2)

[unbekannt1]

CurrentHealth(unsigned int base) is in the class memory. Memory has a global variable which is handle2. Handle2 is set through the constructor.

[Cypher]

Code for enabling Debug Privs:

Code:

bool EnableDebugPrivilege()
{
    TOKEN_PRIVILEGES priv;
    HANDLE hThis, hToken;
    LUID luid;
        hThis = GetCurrentProcess();
    OpenProcessToken(hThis, TOKEN_ADJUST_PRIVILEGES, &hToken);
    LookupPrivilegeValue(0, TEXT("seDebugPrivilege"), &luid);
    priv.PrivilegeCount = 1;
    priv.Privileges[0].Luid = luid;
    priv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
    AdjustTokenPrivileges(hToken, false, &priv, 0, 0, 0);
        CloseHandle(hToken);
    CloseHandle(hThis);
    return true;
}

Main function

Code:

#include "movement.h"
#include "memory.h"


HWND hwnd;
DWORD ID;
DWORD rw2=0;
HANDLE handle;

unsigned int playerbase;

int _tmain(int argc, _TCHAR* argv[])
{
    //ADRESSE 3.1.1
    unsigned adresse = 0x010B65F4;

    //Debug Priv
    ::EnableDebugPrivilege();

    //Hwnd and Handle
    hwnd = 0;
    hwnd = FindWindow(NULL, TEXT("World of Warcraft"));
    GetWindowThreadProcessId(hwnd, &ID);                                                                                                                                                                   // Funktion
    handle = OpenProcess(PROCESS_ALL_ACCESS, 0, ID);  


    //Create objects
    movement move(hwnd);
    memory mem(handle);


    //Playerbase
    unsigned int puffer;
    ReadProcessMemory(handle, (LPCVOID)adresse, &puffer, sizeof(puffer), &rw2);
    puffer = puffer + 0x34;
    ReadProcessMemory(handle, (LPCVOID)puffer, &puffer, sizeof(puffer), &rw2);
    puffer = puffer + 0x24;
    ReadProcessMemory(handle, (LPCVOID)puffer, &playerbase, sizeof(puffer), &rw2);


    std::cout<< mem.CurrentHealth(playerbase);

    system("Pause");
    CloseHandle(handle);
         return 0;
}

CurrentHp function

Code:

int CurrentHealth(unsigned int base) {
    base = base + 0x8;
    int buffer;
    ReadProcessMemory(handle2, (LPCVOID)base, &base, sizeof(buffer), &rw);
    base = base + 0x17 * 4;
    ReadProcessMemory(handle2, (LPCVOID)base, &buffer, sizeof(buffer), &rw);
    return buffer;
}

This is nearly the whole code. Do yout see any mistakes?

Dunno about mistakes in the logic, but all the WinAPI code is awful.

[unbekannt1]

so you think i got the probs cause of using so much api calls?

[Shynd]

Now, I may be mistaken, since I do not use the PlayerAddress to get information about my player, but isn't the static pointer 0x01357CE4;? I didn't think that had changed between 3.1.0 and 3.1.1.

[Cypher]

so you think i got the probs cause of using so much api calls?

No, the code is just awful. You're not checking you have valid handles etc, you're potentially leaking handles, you're passing the wrong types in to certain APIs, you're doing zero error checking, etc etc.

[Shynd]

I think he needs an explanation of why his EnableDebugPrivileges function should either be re-written or be of return type void instead of bool!

[unbekannt1]

well the EnableDebugPrivileges i copied from a site i found in google. I changed it to void. I have the same problem. The EnableDebugPrivileges is ok.