[Guide] Memory Editing - The Basics

[flo8464]

Im not a coder im an electrician i cut cables and abuse energy drinks. So a a question, i wanted to make a little program that reads my health and power/mana and prints it to a ProgressBar, is there loads to know about or is it easy? if anyone can be bothered, are you able to share it with me?

Copy it like everyone else here does (well, at least most).
Searchfunction is your friend

[snigelmannen]

Well currently i am using Google(cool stuffz i know), but it doesn't explain how to make it, and as i stated i am not a coder but i know copy pasta and it doesn't have to look pretty but it gotta work, so if you are suggesting that i should copy someones source it wouldn't help me as i don't know C#.

[Sychotix]

For those who want to use this with pointers, If your pointer was [[9000]+0x1]+0x42

you would do (obviously cypher, not correct syntax, but it gives them the idea)
int x, y, z;
string name;
ReadProcessMemory($9000, x); //Read 9000, store into x
x = x+$1;
ReadProcessMemory(x, y);
y = y+$42;
ReadProcessMemory(y, z);

ReadProcessMemory(z, name);

ShowMessage(name);

[Apoc]

Time to rip this post apart....

[COLOR=DeepSkyBlue]
2. Requirements

A few things you will need for this guide:

General knowledge of computers
Half a brain
Cheat Engine [Link]
C# [Link]
Shynd's BlackMagic lib [Link]

You do know that CE is known for getting people banned... right?

3. Getting Started[INDENT]We'll start with some general information about memory. There are two types of memory (in WoW), serverside, and clientside.

WRONG. All memory is client side. Regardless of where the originating info comes from to fill that memory. You can change your stats/level/etc all you want, but it will be client side only.

Serverside data is memory that can be read, but cannot directly be changed, including (but not limited to), level, health, race, class, stats, and many more.

Wat? See my above note. This is just plain rubbish. I can change all of them without any issues.

And then there is clientside. This is the data that can be both read and written to

....

however, because of World of Warcraft's anti-cheat system, Warden, some memory cannot be written to without you, the hacker, being disconnected, or even banned, which is why we're going to be reading and writing from a trial account... just in case

Finally got something somewhat right.

Just a couple more definitions you should know. Static addresses, non-static addresses, and pointers.

This should be humorous.

Static addresses are addresses that you can read or write to from, which will have the same function every time you open a program.

You do realize that ALL addresses can be read/written to? Whether or not you SHOULD is a different story. Please don't tell people things that aren't true.

Also; static addresses are addrs that don't change; and will always point to the same thing. (Functions, certain 'data', etc.)

Non-static addresses are memory that are located at different addresses when the base address' value changes (see the pointers definition for more details), whether it be when you open up WoW, log out, or whenever it was made to change. This means that when the base address' value is changed, the non-static address you are using will have an entirely different function, or won't effect WoW by writing to it.

Close! Just because it isn't static; doesn't mean it won't have the same 'function' as you put it.

Pointers are how you are going to find non-static addresses when the base address' value changes. A base address is always static, and when finding non-static addresses, it is the first address you will read from. We will use a fake address and pointer to show an example. Say the address and pointer is [0x0124CDA48] + 0x16. The base address would be 0x0124CDA48, and the pointer would be 0x16. In the simplest form, we add the pointer to the value of the base, which will give us as it's value, the new non-static address.

For the love of god; at least quote Wikipedia on what a pointer really is. It's just a 'thing' that 'points' to another location in memory. That's all.



Meh; I'm not even going to bother finishing ripping your post apart. It's just too much fail to do so.

[flo8464]

You do know that CE is known for getting people banned... right?

Really? I doubt that. Never heard about anyone getting banned because of CE.
Basically it is nothing more than some kind of debugging utility.

[snigelmannen]

Oh hi im level 1 warrior and i wanna go IF fast plxzzzzz, lets use CE speedhackz = ban

[Apoc]

Really? I doubt that. Never heard about anyone getting banned because of CE.
Basically it is nothing more than some kind of debugging utility.

Had roughly 6 trials banned from using CE. I'd say that's pretty clear proof. (And yes; all I was doing was scanning for arbitrary data)

[schlumpf]

Still, CE is detected even by that bad anti-virus scan before logging in iirc.

[snigelmannen]

Still not by the Firefox virus scan
Gotta get a crappy AV

[flo8464]

Had roughly 6 trials banned from using CE. I'd say that's pretty clear proof. (And yes; all I was doing was scanning for arbitrary data)

Hmm, strange. I used it all the time while reversing to check stuff.
With my main account. Never got banned.

Oh hi im level 1 warrior and i wanna go IF fast plxzzzzz, lets use CE speedhackz = ban

The CE speedhack only hooks stuff like QueryPerformanceCounter. As far as I know it wouldn't work with WoW anyway.

[Robske]

http://www.likecool.com/Home/Outdoor...Lawn-Mower.jpg

[snigelmannen]

One pimped lawn mover

[Multitask]

Really? I doubt that. Never heard about anyone getting banned because of CE.
Basically it is nothing more than some kind of debugging utility.

unless u modify it, it will get you auto banned if u try to modify the memory through it.

[amadmonk]

I think that the "serverside" vs "clientside" memory was a good idea in concept, just not spelled out correctly.

Anything "in memory" on your computer can be read or written to (with the correct permissions).

Some information in memory will have no useful effect on WoW to write to, because it's just a copy of the "real" data that lives on the Blizzard servers. Your level is a good example; you can change the level your client displays in memory, but all significant behavior will still act as though you're at your correct level, because the servers know the "real" value of your level, and you can never touch their memory (unless, of course, you're running a socks proxy in ring 0!!!!!1!)

As Apoc points out, you can read from or write to any memory (with the correct permissions, and possibly after doing some memory protection setting). But a lot of memory you *shouldn't* write to. Note: kernel memory is exempted from this "can write to any memory" thing because unless you can get in the kernel, you *can't* write to it, for good reason. But kernel (ring 0! l3333t!!!!!) stuff is far beyond the level of folks who'd be reading this tut.

[flo8464]

unless u modify it, it will get you auto banned if u try to modify the memory through it.

I modified memory using a standard CE I downloaded at their website.