[Question] Speed Hack

[Megadeadlord]

I'm still a newbie to hacking, this is my first attempt ever and it's a speed hack. I'm using vb.NET since I'm most familiar with it. I have 3 questions.

1. If I'm correct, the code for writing to memory is:

Code:

                                WriteProcessMemory(ByVal hProcess As IntPtr, _
                                              ByVal lpBaseAddress As IntPtr, _
                                              ByVal lpBuffer As Byte(), _
                                              ByVal nSize As System.UInt32, <Out()> _
                                              ByRef lpNumberOfBytesWritten As Int32) As Boolean

To get the process ID I used

Code:

Dim ProcessID As Object = Process.GetProcessesByName("WoW.exe")

But how do I find the other arguments and how do I know what to do to change the speed?

2. How do I use the offset 0x001855F2 for player speed? Is that what I change? What part of the code when writing to memory does that?

3. A bit off topic but out of curiosity is it possible to change something like the aggro range of mobs so you don't pull things easily? Just something I was thinking about trying after making a few simple hacks (after speed a fly hack is my plan).

Sorry if my questions are too vague, I read about the WriteProcessMemory API on the MSDN but found it unhelpful and couldn't find a good explanation for it anywhere.

[Chinchy]

Give up now. You clearly don't have the knowledge. Nobody here is going to help you when you obviously can't help yourself.

[Megadeadlord]

Ok let me try and rephrase my question, I know the SpeedHack offset is 0x001855F2, I know how to have the hack get the process ID, and I know that the lpBaseAddress is a pointer to the base address in WoW to which data is written. I know that before data transfer occurs, the system checks all data in the base address and memory to see if it's writable and if it isn't the function fails. What I don't know is how to find the base address, or the lpBuffer or the number of bytes to write to WoW. I'm not looking for you to give me code, just a good resource or a tip on what the function is doing. Your right, I don't have the knowledge, so where can I find it? There's no need to act like an elitist.

[mnbvc]

and i know that all you did was copy/paste 2 pieces of code and an offset and now you have no clue what to do with them
start by learning programming first

[Megadeadlord]

and i know that all you did was copy/paste 2 pieces of code and an offset and now you have no clue what to do with them
start by learning programming first

I know how to program what I don't know is how to write memory. I can read memory fine and get player names, coordinates, levels, mana, etc. I don't know how to use this function and that's all I'm asking. If I was copy and pasting what would the point be? You realize I can find a speed hack in a minute? Why would I possibly be doing this if I didn't want to learn?

[V0gelz]

Well if you know how to read memory of wow, then you should know aswell you need the bassaddress for this to work. Not to mention you have alot of different method's of making a speedhack.
What does this address do etc is what you have to find out. I'm guessing you got this address from the addresses thread but you can always live debug with olly and see where this address is linked to and what it does. I'm gonna be honest here, i don't know most of the time how everything works, i don't realy know much about reversing tho.. but you can see the difference if you change the address and what it does.

[_Mike]

The reason some people (myself included) gets annoyed by these type of threads are
1) They are against several of the section rules
2) They are always done by someone who claims they know programming because they managed to for example read player hp from some code they c&p from this forum.
3) They are stupid.

MSDN | Microsoft Development, Subscriptions, Resources, and More
Intel® 64 and IA-32 Architectures Software Developer's Manuals
All the info you'll ever need

[Cypher]

The reason some people (myself included) gets annoyed by these type of threads are
1) They are against several of the section rules
2) They are always done by someone who claims they know programming because they managed to for example read player hp from some code they c&p from this forum.
3) They are stupid.

MSDN | Microsoft Development, Subscriptions, Resources, and More
Intel® 64 and IA-32 Architectures Software Developer's Manuals
All the info you'll ever need

<3 (filler)

[apollo0510]

Hi there.

I am trying to ignore your name ( if I wouldn't, I shouldn't respond to you at all ) and explain one little mistake you make:

Once upon a time, there was an executable called wow.exe , and all adrezzes for de supa hacks were absolute at that time.
In these good old days, your code might have worked.
These days are gone.
Nowerdays, all da addrezzes for da hacks are relative. So you need to find the current base address for the wow process
everytime AT RUNTIME, when you want to apply a patch.

nuff said. try again. there are several threads about this topic already.

[miceiken]

Hi there.

I am trying to ignore your name ( if I wouldn't, I shouldn't respond to you at all ) and explain one little mistake you make:

Once upon a time, there was an executable called wow.exe , and all adrezzes for de supa hacks were absolute at that time.
In these good old days, your code might have worked.
These days are gone.
Nowerdays, all da addrezzes for da hacks are relative. So you need to find the current base address for the wow process
everytime AT RUNTIME, when you want to apply a patch.

nuff said. try again. there are several threads about this topic already.

If you bothered to read he said he already had found that.

[apollo0510]

If you bothered to read he said he already had found that.

Sorry, my bad. I simply missed his second posting.
Nevertheless, the solution is already to be found in these forums. The one I found (and use) is this one:

Code:

			
                        HANDLE hSnapshot = NULL ;
			MODULEENTRY32 Module ;
			Module.dwSize = sizeof(MODULEENTRY32) ;
			hSnapshot=CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, GetCurrentProcessId()) ;
			if(hSnapshot)
			{
				if (Module32First(hSnapshot, &Module))
				{
					do 
					{
						if (strcmp("Wow.exe", Module.szModule) == 0) 
						{
							gl_module_base_addr=(size_t)Module.modBaseAddr ;
							break;
						}
					} while (Module32Next(hSnapshot, &Module)) ;
				}
				CloseHandle(hSnapshot) ;
			}

Credits for that go to the unknown inventor. And of course these lines only work, if you are in-process. But It shows the way how to do it.

Greetings

[Cypher]

Sorry, my bad. I simply missed his second posting.
Nevertheless, the solution is already to be found in these forums. The one I found (and use) is this one:

Code:

			
                        HANDLE hSnapshot = NULL ;
			MODULEENTRY32 Module ;
			Module.dwSize = sizeof(MODULEENTRY32) ;
			hSnapshot=CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, GetCurrentProcessId()) ;
			if(hSnapshot)
			{
				if (Module32First(hSnapshot, &Module))
				{
					do 
					{
						if (strcmp("Wow.exe", Module.szModule) == 0) 
						{
							gl_module_base_addr=(size_t)Module.modBaseAddr ;
							break;
						}
					} while (Module32Next(hSnapshot, &Module)) ;
				}
				CloseHandle(hSnapshot) ;
			}

Credits for that go to the unknown inventor. And of course these lines only work, if you are in-process. But It shows the way how to do it.

Greetings

Protip: CreateToolhelp32Snapshot returns INVALID_HANDLE_VALUE on failure, not NULL.

[Woodi]

You can try to translate this Autoit code to VB.NET. I don't know anything about Visual Basic so I can't help you.

Global $PROCESSID = ProcessExists("WoW.exe")

If $PROCESSID = 0 Then
MsgBox(4096, "Error", "World of Warcraft is not running.")
Exit
Endif

$WOWPROCESS = _MemoryOpen($PROCESSID)

Global $BASEADDRESS = _MemoryModuleGetBaseAddress($PROCESSID, "Wow.exe")

_MemoryWrite($BASEADDRESS + "1594850", $WOWPROCESS, "0xE96AFFFFFF909090", "Byte[8]")

[Megadeadlord]

Just so you all know this question was solved about a day after it was posted. The reason I was unable to use the WriteProcessMemory function was because I had set the base address to an incorrect variable type and so I interpreted that as I couldn't get the base address the way I was attempting to do so. I'm new to windows programming and I just learned VB a few months ago, I usually code in c++ for Linux and I've never had to play around with memory editing until now. I apologize for the stupid question, feel free to close the thread.

[Remus]

Give up now. You clearly don't have the knowledge. Nobody here is going to help you when you obviously can't help yourself.

Infracted, Don't be rude.