[Question] Finding the player base pointer

[ddebug]

I've been searching the forums for a couple days now. I've attempted to find some sort of tutorial/explanation on how to find a "base pointer". I couldn't find anything. I found lots of posts where people explicitly give the 'address' out, but this is of no use to me. I'm interested in finding it myself so I don't have to leech off of other people's knowledge/rely on them for everything.

This tutorial/explanation doesn't necessarily have to be for the player base. It can be anything, just as long as it teaches me how to go from a dynamic address to a static address.

I'm not 100% noob, albeit I'm not good either. I can locate the dynamic pointers for stuff like HP, etc in WoW. I'd like to be able to find the static pointer from that. I'm using Cheat Engine. Is the easiest way to find these pointer(s) by checking the last access/write addresses? If so, on average, how many times do I have to navigate from pointer to pointer to find the "base" pointer (which shows up as green on CE)?

I've done the CE tutorials (especially the ones with stuff related to this). They are much easier than navigating through the WoW memory space. In the CE tutorials, I need to scan maybe 3 or 4 times to find the "base" offset. Here, in WoW, I've been scanning for 6 times already (and each time I scan, there is multiple branches to other pointer locations I can scan). It's getting frustrating.

Am I doing something wrong? How deep is the layer to get to the static pointer? Should I be using the "pointer scan" feature in Cheat Engine?

ty for any help,
ddebug

[DrakeFish]

I've been searching the forums for a couple days now. I've attempted to find some sort of tutorial/explanation on how to find a "base pointer". I couldn't find anything. I found lots of posts where people explicitly give the 'address' out, but this is of no use to me. I'm interested in finding it myself so I don't have to leech off of other people's knowledge/rely on them for everything.

This tutorial/explanation doesn't necessarily have to be for the player base. It can be anything, just as long as it teaches me how to go from a dynamic address to a static address.

I'm not 100% noob, albeit I'm not good either. I can locate the dynamic pointers for stuff like HP, etc in WoW. I'd like to be able to find the static pointer from that. I'm using Cheat Engine. Is the easiest way to find these pointer(s) by checking the last access/write addresses? If so, on average, how many times do I have to navigate from pointer to pointer to find the "base" pointer (which shows up as green on CE)?

I've done the CE tutorials (especially the ones with stuff related to this). They are much easier than navigating through the WoW memory space. In the CE tutorials, I need to scan maybe 3 or 4 times to find the "base" offset. Here, in WoW, I've been scanning for 6 times already (and each time I scan, there is multiple branches to other pointer locations I can scan). It's getting frustrating.

Am I doing something wrong? How deep is the layer to get to the static pointer? Should I be using the "pointer scan" feature in Cheat Engine?

ty for any help,
ddebug

Well I probly won't fully answer you question, but just a tip about scanning what accesses the pointer: There is a list of every objects loaded from the server(CurrentMgr/CurrMgr) that is accessing it too. This can be used to get player base, but isn't as good as the usual method. I could also probly help you by saying that player base is placed on the PlayerBase offset everytime you change of map, you login, or you change of controlled creature (by entering a Siege Engine or a WG Canon, as example). If you successfully update the actual Player Pointer first, it may help you, as it will give you a start from the base.

[Cypher]

[SNIP]
There is a list of every objects loaded from the server(CurrentMgr/CurrMgr) that is accessing it too. This can be used to get player base, but isn't as good as the usual method.
[/SNIP]

Do you mean that using the object manager to retrieve the player pointer is somehow 'inferior' to retrieving it through some static pointer somewhere? If so, I disagree. It depends on what you're doing.

If you're writing a bot for example, then you're already going to need to parse the object list, so you may as well pull out the player pointer during that process. Retrieving it via another method would just be a waste of time as it's just more redundant addresses/offsets to maintain.

If however you never need to parse the object list then sure, I can see how using a static pointer somewhere would be easier.

It's not a 'better' solution, it's just different, and which one is most appropriate to use depends on the circumstances.

P.S. Yes, I'm really bored.

[ddebug]

Thanks for the tip DrakeFish, I'll be sure to do something like that once I understand the basics first.

Anyway, here is what I have done so far:



And some code in C#:

(it is c&p friendly, pending you know know how to add references [Black Magic 1.1 and Fasm_Managed])

Code:

using System;
using System.Collections.Generic;
using System.Text;
using Magic;
using System.Diagnostics;

namespace Memdit
{
    class Program
    {
        static void Main(string[] args)
        {
            Console.WriteLine("Memdit v" + System.Reflection.Assembly.GetExecutingAssembly().GetName().Version.ToString() + "...");
            Console.WriteLine(new string('-', 60) + "\n");
            
            BlackMagic bWoW = new BlackMagic();

            Console.WriteLine("Waiting for World of Warcraft...");
            while (!bWoW.OpenProcessAndThread(SProcess.GetProcessFromProcessName("wow")))
                System.Threading.Thread.Sleep(1000);

            Console.WriteLine("World of Warcraft found: {0} PID.", bWoW.ProcessId);
            Process p = Process.GetProcessById(bWoW.ProcessId);
            IntPtr n = p.MainModule.BaseAddress;

            // player name
            string strPlayerName = bWoW.ReadASCIIString((uint)n + 0x8A5C58, 255);

            // hp
            uint o1 = bWoW.ReadUInt((uint)n + 0x007A558C);
            uint o2 = bWoW.ReadUInt(o1 + 0x4);
            uint o3 = bWoW.ReadUInt(o2 + 0x24);
            uint o4 = bWoW.ReadUInt(o3 + 0x42C);
            uint o5 = bWoW.ReadUInt(o4 + 0x580);
            uint o6 = bWoW.ReadUInt(o5 + 0x7D4);
            uint o7 = bWoW.ReadUInt(o6 + 0xC);
            
            // mp
            uint oo1 = bWoW.ReadUInt(o3 + 0x7B0);
            uint oo2 = bWoW.ReadUInt(oo1 + 0x1FC);
            uint oo3 = bWoW.ReadUInt(oo2 + 0x7D4);

            Console.WriteLine("\n\nName of character: {0}.", strPlayerName);
            Console.WriteLine(new string('-', 60));

            
            int[] hp = new int[2]; 
            hp[0] = -1;
            int[] mp = new int[2];
            mp[0] = -1;

            int nElapsed = 0;
            while (true)
            {
                nElapsed++;

                hp[1] = bWoW.ReadInt(o7 + 0x128);
                mp[1] = bWoW.ReadInt(oo3 + 0x138);

                if (hp[1] != hp[0] || mp[1] != mp[0])
                {
                    Console.WriteLine("HP: {0} // MP: {1}", hp[1], mp[1]);
                    hp[0] = hp[1];
                    mp[0] = mp[1];
                }

                System.Threading.Thread.Sleep(1000);
            }
        }
    }
}

This code requires you to be in game to work.

The pointers are static. I found them using Cheat Engine's pointer scanner. They don't change when you restart WoW...

Now some questions for you guys...

Cheat Engine returns hundreds of static pointers that I can traverse to get the HP and MP, for example:

(this is for MP)


They are all valid and don't change on restart. I chose one of those hundreds of paths (pictured above) to traverse to get my value for 'MP' (as seen in the code I posted).

Now, I'm probably doing this incorrectly and inefficiently. How should I correctly do this (returning HP and MP)? Should I be calling the LUA functions: GetUnitHealth()? If so, should I do something like this: http://www.mmowned.com/forums/world-...ple-stuff.html ?

And, instead of traversing HP and MP seperately (like I do in my C# code), how would I find the "player base" and use that to get HP and MP? e.g.

pointer_to_player_base + some_offset = hp
pointer_to_player_base + some_offset = mp

thanks again guys,
ddebug

[miceiken]

You should implement an objectmanager that collects all available objects (Read: http://www.mmowned.com/forums/world-...e-objects.html - I found this very useful)
Read http://www.mmowned.com/forums/world-...migration.html and find the Descriptors for 4.0.1 (I believe it's in the first post).
Then you just read object pointer + 0x8 + the descriptor offset for health

Finally, look at the code of this: http://www.mmowned.com/forums/world-...r-library.html

Feel free to PM for a chat about basic stuff.

[ddebug]

Thanks for the links miceiken. +rep

Much appreciated .

[DrakeFish]

Do you mean that using the object manager to retrieve the player pointer is somehow 'inferior' to retrieving it through some static pointer somewhere? If so, I disagree. It depends on what you're doing.

If you're writing a bot for example, then you're already going to need to parse the object list, so you may as well pull out the player pointer during that process. Retrieving it via another method would just be a waste of time as it's just more redundant addresses/offsets to maintain.

If however you never need to parse the object list then sure, I can see how using a static pointer somewhere would be easier.

It's not a 'better' solution, it's just different, and which one is most appropriate to use depends on the circumstances.

P.S. Yes, I'm really bored.

Yeah, sorry. I used the term better, but I meant different or something. But yeah, I don't say using CurrMgr isn't a good solution. I just think it would be a good idea to use the simple player pointer in his case, so he gets it without any extra code than his pointer and offsets.

[miceiken]

You got me excited to try and make a little OOP thing to test this out, thought I'd might aswell post it, look here: http://www.mmowned.com/forums/world-...e-4-0-1-a.html

[mrdennis87]

I am interested in finding out how to get the Static, or Base pointer.. I can get a dynamic pointer every time and display my current hp in my program.. but when I restart wow it is changed of course. I am using CE, Scan for hp, then scan for decrease in hp, this give me 2 values, I dbl click bottom one, scan it for what accesses it. Then Dbl click bottom selection in the debugging window, get the off set, and address that acceses it. I then search as hex in CE to find that address, and read what accesses that address. By doing this, it displays my Base Pointer (it's in green in CE) I dbl click that, copy the value from it(WOW.exe+00F4DA etc) and add that as a second pointer to a pointer I made earlier using the first address.. sorry if this sounds confusing, but I have done this over and over for the past 3 hours to get the base pointer, and I can read my hp outside of wow in my program using readprocessmemory function perfect, but when wow restarts my "Base Pointer" changed... I'm trying to figure out what I'm doing wrong here, if you want me to make Screen Shots, or a video of me doing this so you can help me better, let me know. By the way I have learned this from this video from youtube /watch?v=ZZw9CrGUXAE That is exactly what I am doing, except for wow. Any help is appreciated. I'm so close! lol