[Question] Finding offsets using IDA or OllyDBG.

[defcon5]

First of all, I'd like to introduce myself on these boards. I've allready been reading the posts made here for a long time.

The question i'm about to ask may have been asked alot in the past, and yes, I've allready read all the threads that slightly resemble my question.
I'd rather not ask this question, but I just want to know how it's done.

I'm seeing alot of offsets being posted all over this boards, and while it's great that these are being shared, I'd rather have the knowledge on how to find these myself. I've allready read the small IDA tutorial posted by nopz. I'm currently reading up on the reversing topic, using forums and the books posted in the sticky (just started tho).


On of the things I want to find myself (withouth the use of Cheat Engine) is how to find :
- The offset for the playername.
- The playerbase offset.

Like i said before, I'm aware that these offsets are published all over the forum. What would be the best tool to find these : IDA (Disassembler) or OllyDBG (Debugger)? And how would I go about finding these?

I'm looking for a well structured awnser, since I'm made this thread for learning purposes.

If I missed a post where all this is nicely explained, then by all means, delete this thread.

---

Btw: Cypher, didn't you used to be on CN forums? (not the "new" one, but the old one with Shruh, RedGhost and BlueScreen? And ain't you from Belgium also?)

[bykte]

http://www.mmowned.com/forums/wow-me...ple-stuff.html

I believe that is what you are looking for. Cheers.

[Cypher]

1. What the hell is "CN forums"?
2. Who the hell are Shruh, RedGhost, and BlueScreen?
3. I'm from Australia...

[Flowerew]

Btw: Cypher, didn't you used to be on CN forums? (not the "new" one, but the old one with Shruh, RedGhost and BlueScreen? And ain't you from Belgium also?)

1. What the hell is "CN forums"?
2. Who the hell are Shruh, RedGhost, and BlueScreen?
3. I'm from Australia...

He got ya!

[defcon5]

1. What the hell is "CN forums"?
2. Who the hell are Shruh, RedGhost, and BlueScreen?
3. I'm from Australia...

I mixed you up with someone else then. My mistake.

http://www.mmowned.com/forums/wow-me...ple-stuff.html

I believe that is what you are looking for. Cheers.

I allready read this thread. But how would you get the Playerbase offset using his method? I'm not looking for someone to hold my hand and write a tutorial about this, however I'm looking for an explanation on how to know what to search for, to find the correct offsets. I'm still new at reversing.

[bykte]

I mixed you up with someone else then. My mistake.




I allready read this thread. But how would you get the Playerbase offset using his method? I'm not looking for someone to hold my hand and write a tutorial about this, however I'm looking for an explanation on how to know what to search for, to find the correct offsets. I'm still new at reversing.

I would like to know how to do this too.

[Nesox]

I would like to know how to do this too.

try this

Amazon.com: Haxxing World of Warcraft for Dummies (9780764557842)

[defcon5]

I've started reading Reversing: Secrets of Reverse Engineering as it was suggested in the Bookthread (combining it with learning assembly language), and it's proving to be a very intresting read.

I'm starting to see how my question is annoying to the more expierenced reversing people. There is no point in to giving me hints as I don't master the underlying basics for this yet. This thread may be closed.

[bnovc]

I think this would be a pretty useful question to have answered, too. There are tons of offsets posted but *very little* information about how to find them/etc.

[amadmonk]

Here's the thing about reversing: you're only going to gain skill at it by doing it. Meaning that no amount of us telling you how to do it is going to substitute for you actually doing it.

Next, don't equate IDA and OllyDbg. I'm sure you're aware of this, but they serve two different purposes. One (IDA) is a static analysis tool (kinda... it now has a halfway decent debugger built in) and is extremely useful for unraveling the structure of the program. In fact, IDA is by far the tool of choice for anyone who wants to actually reverse applications (as opposed to simply, say, using CE to find "likely offsets" without understanding what those offsets represent). The other (Olly) is a debugger, which is used to analyze the behavior of the application as it is running (the "static" part of "static analysis" means that the program ISN'T running; debuggers are designed to look at things when they ARE running).

Up until recently, you really needed both tools to be a decent reverser -- a static analyzer (or, ideally, a decompiler) like IDA, and a debugger like Olly. Lately, IDA has made great strides forward in integrating the debugger into their tool, making IDA effectively a "one stop shop." In other words, if you have a recent version of IDA (5.5 or later, I'd recommend), you can pretty much completely ditch Olly, Windbg, etc. for debugging and just use IDA. It's a much better experience to have it all rolled together, trust me.

As to HOW to reverse, that's a huge subject. There are books written on the topic, as you know. First, you have to have at least a basic understanding of how assembly works, as that's essentially what you'll be doing... mapping assembly to C/C++ or some other high level language, mostly to understand WHAT is being done in the assembly, and WHY (very important!) it is being done. If you DON'T gain a high-level understanding of the code (what I sometimes call the code's "intent" -- not just the raw sequence of instructions, but the purpose behind them), you'll be what I call a "cargo cult reverser" -- just trading offsets and bits of assembly around without understanding the consequences of the information (and very prone to getting caught by e.g. Warden, and very prone to your code breaking, badly, on a regular basis).

So start by trying to understand how assembly constructs map back to C/C++. The best way to do this is to write your own! Learn to code in C/C++ (if you don't already know), compile the code, and then debug it (or better, load it into IDA). Visual studio's disassembly view will even show you how your C++ maps to the assembly line-by-line, so that's a VERY good way to understand how one compiler works (since WoW uses VC, that should be good enough for now without worrying about, say, how gcc is different from VC).

Edit: forgot to mention that you have to have a little bit of an understanding of how compilers work. Not at a deep level; you don't have to read the "Dragon Book," but you should understand that C++ compilers map source code into assembly (well, ALL compilers do that), and possibly perform some optimization on the resulting assembly to make it more streamlined. Optimizations (inlining, loop unrolling, FPO, oh my!) can really mess up your day, but the good news is that you're unlikely to see *most* of them in WoW (I believe Apoc mentioned that they're starting to do inlining, which is... annoying).

Edit2: when looking at how C++ maps to assembly, it's especially important -- critically important, actually -- to understand calling conventions. When you can look at an assembly function and understand that it's stdcall, thiscall, cdecl, whatever, you'll be much further down the road.

Once you start to get this -- once you have a few "AHA" moments (ahhh, I finally understand repne scasb!) -- you'll be well on your way to reversing code. Then you start to act like a scientist. I want to get the player's name. Hmm, that's a string, and it's displayed here, here, and here. I wonder if I can find those usages, or search the process memory for the string...? And by doing that, the whole ball of yarn begins to unravel.

So:

1) Learn C/C++ (there you go, Cypher, there's your ad campaign for the day :P)
2) Debug your own C++ code to understand how a high level language maps to asm.
3) Get familiar with IDA and a debugger (or IDA's debugger)
4) THINK about how the code MIGHT work and do little experiments to see if your're right

Sorry this was a long-winded post, but reversing is not a trivial topic. It takes a lot of patience and trial and error, but (in my opinion) the result is WELL worth the effort.

Be prepared to lose many, many hours of your life down this black hole, but also be prepared to add a lot of highly valuable and sought-after skills to your resume

[opulent]

Well said mate.. +Rep