Read Binary Buffer from Wow.exe into memory C++

**baintzimisce** · 10-24-2009

This is the code I have from the "Exploiting Online Games" book. When I run the program it's not finding the files in memory. My Question, are the offset's wrong or should I go about this differently?

Code:

#include "stdafx.h"
#include <windows.h>
#include <tchar.h>
#include <assert.h>

DWORD g_binBufSize = 0;
char *g_binBuf = NULL;

bool ReadBinaryBuffer(char *filepath);
DWORD FindOffset( char *thename );

int _tmain(int argc, _TCHAR* argv[])
{
	if(true == ReadBinaryBuffer("Wow.exe"))
	{
		DWORD offset = 0;

		offset = FindOffset( "RenderWorld");
		if(offset != -1)
		{
			//add base of file in memory
			offset += 0x00400000;
			printf("got offset 0x%08x for RenderWorld\n",offset );
			
		}
		else
		{
			printf("could not find RenderWorld\n");
		}

		offset = FindOffset( "NetCLient::ProcessMessage" );
		if(offset != -1)
		{
			//add base of fine in memory
			offset += 0x00400000;
			printf(
				"got offset 0x%08x for NetClient::ProccessMessage\n",offset );
		}
		else
		{
			printf("could not find ProcessMessage\n");
		}

		offset + FindOffset( "CGGameUI::ClearTarget" );
		if(offset != -1)
		{
			// add base of file in memory
			offset += 0x00400000;
			printf("got offset 0x%08x for CGGameUI::ClearTarget\n", offset );
		}
		else
		{
			printf("could not find ClearTarget\n");
		}

		offset = FindOffset( "Spell_C::CastSpellByID" );
		if(offset != -1)
		{
			//add base of file in memory
			offset += 0x00400000;
			printf("got offset 0x%08X for Spell_C::CastSpellByID\n", offset);
		}
		else
		{
			printf("could not find Spell_C::CastSpellByID\n");
		}

		if(g_binBuf) delete[] g_binBuf, g_binBuf = NULL;
	}
	return 0;
}

bool ReadBinaryBuffer(char *filepath)
{
	HANDLE hFile;

	hFile = CreateFile(
		filepath,
		GENERIC_READ,
		FILE_SHARE_READ | FILE_SHARE_WRITE,
		NULL,
		OPEN_EXISTING,
		FILE_ATTRIBUTE_NORMAL,
		NULL);
		
	
	if(!hFile || hFile == INVALID_HANDLE_VALUE)
		return false;

	g_binBufSize = GetFileSize(hFile, NULL);
	g_binBuf = new char[g_binBufSize];
	DWORD nBytes;
	ReadFile(
		hFile,
		g_binBuf,
		g_binBufSize,
		(LPDWORD)&nBytes,
		NULL);

	CloseHandle(hFile);

	if(nBytes != g_binBufSize)
		return false;

	return true;
}

bool _f_memcmp(const char *in, const char *pat, int len)
{
	for(int i = 0;i<len; i++)
	{
		if(*pat == '*')
		{
			//skip wildcards
		}

		else if( *pat != *in )
		{
			//the two don't match
			return false;
		}
		pat++;
		in++;
	}
	return true;
}

//return -1 if scan fails to find needle, treats * as wildcard
DWORD ScanForBytes( const char *haystack, DWORD haystack_size, const char *needle, DWORD needle_size )
{
	const char *curr = haystack;

	assert(haystack_size >= needle_size);

	while(curr <= (haystack + haystack_size))
	{
		if(*curr == *needle)
		{
			if(true == _f_memcmp(curr, needle, needle_size))
			{
				//haystack is the benning of the buffer,
				//and curr is where string occurs
				DWORD offset = curr - haystack;
				return( offset );
			}
		}
		curr++;
	}
	return -1;
}

DWORD FindOffset( char *theName )
{
	if(!strcmp(theName, "RenderWorld"))
	{
		//find RenderWorld
		char s[] = { 0x55, 0x8B, 0xEC, 0x81, 0xEC, 0x80, 0x00, 0x00, 0x00, 0x56, 0x8B, 0xF1, 0x8D, 0x4D, 0xC0, 0xC7, 0x45, 0xC0, 0x00, 0x00, 0x80, 0x3F };
		int offset = ScanForBytes( g_binBuf, g_binBufSize,s,sizeof(s) );
		if(offset != -1) return offset;
	}

	if(!strcmp(theName, "NetClient::ProcessMessage"))
	{
		char s[] = { 0x55, 0x8B, 0xEC, 0x8B, '*', '*', '*', '*', 0x53, 0x8B, 0x5D, 0x0C, 0x56, 0x57, 0x8D, 0x45, 0x0E, 0x8B, 0xF1 };

		int offset = ScanForBytes( g_binBuf, g_binBufSize, s, sizeof(s) );

		if(offset != -1) return offset;
	}

	if(!strcmp(theName, "CGGameUI::ClearTarget"))
	{		
		char s[] = { 0x55, 0x8B, 0xEC, 0x83, 0xEC, 0x1C, 0x53, 0x56, 0x57, 0x89, 0x4D, 0xFC, 0xE8, '*', '*', '*', '*', 0x8B, 0x0D, '*', '*', '*', '*', 0x8B, 0xF8 };

		int offset = ScanForBytes( g_binBuf, g_binBufSize, s, sizeof(s) );
		if(offset != -1) return offset;
	}

	if(!strcmp(theName, "Spell_C::CastSpellByID"))
	{
		char s[] = { 0x53, 0x8B, 0xDC, 0x83, 0xEC, 0x08, 0x83, 0xE4, 0xF8, 0x83, 0xC4, 0x04, 0x55, 0x8B, 0x6B, 0x04, 0x89, 0x6C, 0x24, 0x04, 0x8B, 0xEC, 0x83, 0xEC, 0x20, 0x56, 0x8B, 0xF1, 0x85, 0xF6, 0x57, 0x89, 0x55, 0xF4, 0x89, 0x75, 0xE8, 0x0F, 0x8C, 0x97, 0x04, 0x00, 0x00, 0x3B, '*', '*', '*', '*', 0x00, 0x0F, 0x8F, 0x8B, 0x04, 0x00, 0x00, 0xA1, '*', '*', '*', '*', 0x8B, 0x3C, 0xB0, 0x85,};

		int offset = ScanForBytes( g_binBuf, g_binBufSize, s, sizeof(s) );
		if(offset != -1) return offset;
	}
	return -1;
}

**Cypher** · 10-24-2009

The book you're referring to is awful and the author is a complete ****tard. Just fyi.

If you've just ripped the code straight from the book then the offsets are obviously going to be outdated.

**baintzimisce** · 10-24-2009

Kk, sorry I posted, Admin plz remove this for me, thx!

**Cypher** · 10-24-2009

May as well leave it here so others can see it if they have the same problem.

**Nesox** · 10-24-2009

that book is fail ive read some of it, most his examples is from BWH think it was around patch 1.12? and teleporting actually worked back then by just changing your coords... M-M-MONSTERFAIL !

Shout-Out

User Tag List

Thread: Read Binary Buffer from Wow.exe into memory C++

Thread Tools

Search Thread

Read Binary Buffer from Wow.exe into memory C++

Similar Threads

[Tool] Low memory usage (20-50MB) per wow.exe

Read Memory wow.exe Why Address Change

[Guide][VB.NET] Read a string from memory

WoW Leveling Bot Memory Reading

[Guide][VB.NET] Reading a String From Memory

OwnedCore Forums

casino

CoreCoins

My OwnedCore

About Us

Casino