[C++] Some questions that need answers

[ejt]

Hello,

I'm looking to get some of my basic C++ questions answered for dealing with World of Warcraft memory reading.

First of I know in 4.0.1 patch you need base address of wow.exe for the offsets to work, but I can't seem to find anything pointing me to something useful that could help me find it.
I started guessing on 0x10000 but that doesn't seem to work and I tried 0x4000000 but doesn't seem to work either. Is this dynamic?

Secondly I want to read the memory from wow, but can't seem to find anything that I can learn from. I've searched the forum for weeks now and tried to get something cooking and did get my program to print the player name (3.3.5a) but nothing fancy.

This is my program at the moment:

Code:

#include <windows.h>
#include <tlhelp32.h>
#include <shlwapi.h> 
#include <iostream>

#define PROC_NAME "wow.exe"

HANDLE hProc;

unsigned int baseAddress = 0x10000;
unsigned int PlayerName = baseAddress + 0x008A5C58;

int main() {
    // Enable debug privileges
    EnablePriv();

    hProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, getTargetProcessIDFromProcName(PROC_NAME));

    if(!hProc) {
        std::cout<<"Process could not be found/opened.\n";
        std::cin.get();
        return 0;
    }
    char playerName[16] = {'\0'};
    ReadProcessMemory(hProc, &PlayerName, &playerName, sizeof(playerName), NULL);
    std::cout<<playerName<<std::endl;
    std::cin.get();
    return 0;
}

Doesn't print anything, the offset is from the thread in this forum, credits to the one who posted it.
Removed EnablePriv and getTargetProcessIDFromProcName to make it more readable.

Thirdly, if anyone could give me a quick example on how to use functions in wow.exe for ex. target function or something cause I got no idea and can't find any informations on how to use them in C++.

Any help or information you could give me is very much appreciated.

I wish NOT to switch to C# and most information I could find was for C#, I've downloaded and looked at tons of sourcecode but didn't help me much.

[ostapus]

In short - search HadesMem. In long - no one will bother to answer you just because you dont bother to search tons of sources/explanations/etc on this forum. The question you asking being discussed here 1k times.

[caytchen]

First of I know in 4.0.1 patch you need base address of wow.exe for the offsets to work, but I can't seem to find anything pointing me to something useful that could help me find it.
I started guessing on 0x10000 but that doesn't seem to work and I tried 0x4000000 but doesn't seem to work either.
Is this dynamic?

You do the "connect the dots" part.

[Cypher]

You can't find anything to learn from? Do you suffer from blindness?

[moritzmdm]

/editet >->

[caytchen]

Due that Blizzard activated ASLR we need to have relative addresses. If you find addresses post them with an image base of 0x1000 and you can add that address with your base address of WoW.exe.

The function for the base adress of WoW:
paste-code - easily share snippets.

Thanks to Unkn0wn0x from e*pvpers for this!

Hooray for ****ing up the looping idiom. Oh my.

[Cypher]

Sigh, why do people insist on casting pointers to fixed-size integer types. Especially annoying given they're typically the same people who later on complain their code doesn't work under AMD64 or IA64.

[ejt]

Due that Blizzard activated ASLR we need to have relative addresses. If you find addresses post them with an image base of 0x1000 and you can add that address with your base address of WoW.exe.

The function for the base adress of WoW:
paste-code - easily share snippets.

Thanks to Unkn0wn0x from e*pvpers for this!

Thanks for the link, got playername working now and got the correct baseaddress. Gonna start exploring the offsets now +Rep

[mnbvc]

Due that Blizzard activated ASLR we need to have relative addresses. If you find addresses post them with an image base of 0x1000 and you can add that address with your base address of WoW.exe.

The function for the base adress of WoW:
paste-code - easily share snippets.

Thanks to Unkn0wn0x from e*pvpers for this!

DWORD wowbase = (DWORD)GetModuleHandle("Wow.exe");
would be too easy?

[Cypher]

DWORD wowbase = (DWORD)GetModuleHandle("Wow.exe");
would be too easy?

That only works if you're injected.

[Xarg0]

That only works if you're injected.

Also would only work on 32bit, if wow actually had a 64bit executable

[_Mike]

DWORD wowbase = (DWORD)GetModuleHandle("Wow.exe");
would be too easy?

Why is everyone passing in static strings to GetModuleHandle? Just pass NULL and it would work even if someone has renamed wow.exe

[Cypher]

Why is everyone passing in static strings to GetModuleHandle? Just pass NULL and it would work even if someone has renamed wow.exe

More efficient too.

[_Mike]

Indeed they are! But seriously, if more people actually looked up stuff on msdn before they came here asking for help at least half of the threads on this forum should never have been made.

[Unkn0wn0x]

DWORD wowbase = (DWORD)GetModuleHandle("Wow.exe");
would be too easy?

In fact that no one codes injected on that forum (except of 3 members I know), I posted this alternate snippet to be sure that there are no stupid questions in regard to the patch.

By the way your method is still not the best, but this has been mentioned already.