[Question] Need little bit explanation

[piiters]

Hi to all!

i have learned a little how to read wow memory. today i played with cheat engine and tried to find ofset for player health. and i did, and it works (even on other pc's / when you close or start wow).

here is the screen:


I have gathered this:

Code:

uint min = wow.ReadUInt(playerbase /*0x0c4a1fb0)*/ + 0xfb0);//UNIT_FIELD_HEALTH = 0x18

The 0x0c4a1fb0 i believe was a playerbase at that moment and 0xfb0 is the ofset i found.

My question is: how is my ofset (0xfb0) related to UNIT_FIELD_HEALTH = 0x18? or maybe UNIT_FIELD_HEALTH is not the identificator for player health?

Thank you for reading this.

[flo8464]

UNIT_FIELD_HEALTH is not located at [base + 0x18 * 4] (base->health), it is an offset of the descriptor table ... [[base + 8] + 0x18 * 4] (base->descriptor_table->health)

[piiters]

did some thinking but at the moment still don't understand why i have to look 8 bytes (adresses) further than playerbase at first

[BoogieManTM]

It's the 3rd member into the class

Class Start (Base)
Member1 (4 bytes)
Member2 (4 bytes)
Member3 (4 bytes) <- Descriptors pointer
... and so on

I have no idea if it really is the 3rd member, and if the first two are 4 bytes or what, i'm just giving an example of why it is that way.

[piiters]

i'm sorry for being such petty, but i want really get into it!

so if i understand correctly (adresses are decimal just for easier understanding):

Code:

adress | what's into it
0 | playerbase adress
1 | misc
2 | misc
3 | misc
4 | misc
5 | misc
6 | misc
7 | misc
8 | pointer to UnitFields data structure

is this correct?

[flo8464]

You should consider learning C++ if you reverse applications written in C++.

Take a look at this:
OpenRCE

[piiters]

i know c/ c++ as the most working examples here are in c# i decided to start with it to better understand things that are/ need to be done. when i'll fully understand, i'll have no problems to do the same in languages i know - c/ c++ / vb/ delphi [i know that delphi isn't language ]

P.S. Thanks for very useful link

[purri]

Hmm looks like you use my source code =) Have fun with it

[Cypher]

It's the 3rd member into the class

Class Start (Base)
Member1 (4 bytes)
Member2 (4 bytes)
Member3 (4 bytes) <- Descriptors pointer
... and so on

I have no idea if it really is the 3rd member, and if the first two are 4 bytes or what, i'm just giving an example of why it is that way.

From memory it's actually the first.

At offset 0x0 is the VTable, and at offset 0x4 is some padding inserted by MSVC because of the use of the __int64 extension.

[piiters]

to Purri: I think, i'm actually using source code from this: http://www.mmowned.com/forums/world-...g-writing.html but i'll look on your codes too... in the past 3 weeks i've used a lot of sources, read thousants of posts contained in this and other forums, so at the end i don't even now who's source it is

to Cypher: thanks for explanation

[purri]

Hi piiters, here is my source
[C#] Release a source of Wowcore bot Check it out and figure what is happening

[piiters]

wow, thanks purri for sharing this! i think soon i'll contribute something to others too, but personally i think that my primary home for hacking wow is here at mmowned, so i'll definitely release here