need startup help with memory reading (C++, ReadProcessMemory)

[sixpounder]

Hello Folks,

iam very new to memory editing (and also c++) and currently trying to write a programm, which reads x,y,z coords from the local player.
i red some of the guides in this section, but iam at a point where i cant get any further. iam relatively sure, that it is an logical problem and any advanced person in wow memory editing can easily figuring out what iam doing wrong, so iam asking:

Where is the mistake in my code? The 'tempbuf' variable which sould be filled by ReadProcessMemory in the 'readDWORD' or 'readFLOAT' function is ALWAYS zero (contains nothing), so i think i give the wrong memoryaddress to it...

here's my code snippet ( i know the base-address of wow.exe is normally not hardcoded)

Code:

int main(void)
{
	const UINT u32WowBase = 0x00390000;

	const UINT u32ClientConnection = 0x8BF1A8;	// Object Manager Pointer
	const UINT u32CurMgrOffset = 0x462C;		// Offset to Object Manager
	
	const UINT u32FirstObjectOffset = 0xB4;		// First Object from Object Manager
	const UINT u32NextObjectOffset = 0x3C;		// Next Object

	const UINT u32GameObjTypeOffset = 0x14;
	const UINT u32GameObjGUIDOffset = 0x30;

	const UINT u32PlayerGUID = 0xB8;		// Local GUID
	
	UINT u32CurrMgr_pre = 0x0;
	UINT u32CurrMgr = 0x0;
	UINT u32pGUID = 0x0;	

	const UINT u32UnitPosXOffset = 0x898;
	const UINT u32UnitPosYOffset = u32UnitPosXOffset + 0x4;
	const UINT u32UnitPosZOffset = u32UnitPosXOffset + 0x8;
	
	UINT u32NextObject = 0x0;
	UINT u32ObjectType = 0x0;

	UINT u32PlayerObject = 0x0;	

	float X = 0.;
	float Y = 0.;
	float Z = 0.;
	
	HANDLE hWow = NULL;

	DWORD dwWowPid = 0;
	if (!GetWowProc(dwWowPid))  			// get wow PID
		printError ( TEXT("GetWowProc FALSE") );

	if( ( hWow = OpenProcess ( PROCESS_ALL_ACCESS, FALSE, dwWowPid )) == NULL)
		printError ( TEXT("OpenProcess Failed due to open WoW process") );


	u32CurrMgr_pre = readDWORD ( hWow, (u32WowBase + u32ClientConnection));
	u32CurrMgr = readDWORD ( hWow, (u32CurrMgr_pre + u32CurMgrOffset));

	u32pGUID = readDWORD ( hWow, (u32CurrMgr + u32PlayerGUID ) ); // UINT64?

	u32NextObject = readDWORD ( hWow, (u32CurrMgr + u32FirstObjectOffset) );
	u32ObjectType = readDWORD ( hWow, (u32NextObject + u32GameObjTypeOffset));
	
	while ( u32ObjectType <= 7 && u32ObjectType > 0)
	{
		cout << "Valid Object Found!\n";
		
		if ( readDWORD( hWow, (u32NextObject + u32GameObjGUIDOffset)) == u32pGUID )
		{
			cout <<"Mem Location by Player GUID found!!!\n";
			u32PlayerObject = u32NextObject;
			break;
		}
		
		u32NextObject = readDWORD (hWow, (u32NextObject + u32NextObjectOffset));
		u32ObjectType = readDWORD ( hWow, (u32NextObject + u32GameObjTypeOffset));
	}

	X = readFLOAT ( hWow, (u32PlayerObject + u32UnitPosXOffset));
	Y = readFLOAT ( hWow, (u32PlayerObject + u32UnitPosYOffset));
	Z = readFLOAT ( hWow, (u32PlayerObject + u32UnitPosZOffset));
}

my readDWORD function:

Code:

DWORD readDWORD ( HANDLE hWow, DWORD dwAddr )
{
	DWORD tempbuf = 0;
	unsigned int bytes_read = 0;
	
	if (ReadProcessMemory ( hWow, &dwAddr, &tempbuf, sizeof(DWORD), (DWORD*)&bytes_read ) == 0)
	{
		printError ( TEXT("ReadProcessMemory DWORD failed!") );
	}
	
	_tprintf ( TEXT("read %u Bytes\n "),bytes_read );
	cout << "tempbuf:" << tempbuf << "\n";          // HERE IS THE MISTAKE, tempbuf is always 0
	return tempbuf;
}

and my readFLOAT function (similar to readDWORD)

Code:

float readFLOAT ( HANDLE hWow, DWORD dwAddr )
{
	float tempbuf = 0.;
	unsigned int bytes_read = 0;

	if (ReadProcessMemory ( hWow, &dwAddr, &tempbuf, sizeof(FLOAT), (DWORD*)&bytes_read ) == 0)
	{
		printError ( TEXT("ReadProcessMemory FLOAT Failed!") );
	}

	cout << "tempbuf:" << tempbuf << "\n";          // HERE IS THE MISTAKE, tempbuf is always 0
	
	_tprintf( TEXT("read %u Bytes\n "),bytes_read );

	return tempbuf;
}

so finding the PID and creating the Handle is working correctly, but it starts to fails at this point :

Code:

u32CurrMgr_pre = readDWORD ( hWow, (u32WowBase + u32ClientConnection));

as mentioned above the tempbuf in 'readDWORD' is always zero, so of course 'u32CurrMgr_pre' and everything else is empty too.

iam wondering why 'tempbuf' is empty and not giving some random numbers stored in the memory!

thanks to everyone reading this and thanks for every help ! iam very happy about this forum and all the helpful skilled people around here.

greetings,
sixpounder

[unbekannter2]

You need to enable Debug Privileges before you start reading other applications memory

Code:

BOOL EnableDebugPrivileges()
{
    HANDLE tokenHandle;
    LUID luid;
    TOKEN_PRIVILEGES newPrivileges;

    if(!OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &tokenHandle))
        return FALSE;

    if(!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luid))
    {
        CloseHandle(tokenHandle);
        return FALSE;
    }

    newPrivileges.PrivilegeCount = 1;
    newPrivileges.Privileges[0].Luid = luid;
    newPrivileges.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

    if(!AdjustTokenPrivileges(tokenHandle, FALSE, &newPrivileges, sizeof(newPrivileges), NULL, NULL))
    {
        CloseHandle(tokenHandle);
        return FALSE;
    }

   CloseHandle(tokenHandle);

   return TRUE;
}

[Syltex]

You accualy seam to know alot but that above + run c++ visual studio/express and admin or disable UAC.

[_Mike]

You need to enable Debug Privileges before you start reading other applications memory

No you don't. How to obtain a handle to any process with SeDebugPrivilege

This functionality is provided for system-level debugging purposes. For debugging non-system processes, it is not necessary to grant or enable this privilege.

You accualy seam to know alot but that above + run c++ visual studio/express and admin or disable UAC.

I also know alot. He's not happy today.
Mixing stream and stdio output.. Terrible error handling.. Inconsistent hungarian notation.. Bad advice.. This thread has it all.

On topic: Check your base address.

[sixpounder]

@unbekannter2: wow, first time i red about that. this was explained nowhere i was looking before. thanks for your post!
i copy and pasted your code, nothing changed expect the very first time i ran this, there tempbuf was always "1395667493" or "0x53303225" no matter what address it was trying to read.

now everytime i run my program all is zero again.
btw. iam not exactly sure how to implement EnableDebugPrivileges()... i simply added it as function in my program and called it asap..

@syltex: i tried it under win7 (uac disabled) and winxp, on both OS the same behaviour

iam glad to hear other suggestions

@_mike : ok, ty ! will do

[_Mike]

@sixpounder:
Ignore my last post.. I fail at reading.

Code:

if (ReadProcessMemory ( hWow, &dwAddr, &tempbuf, sizeof(DWORD), (DWORD*)&bytes_read ) == 0)

There's your problem..

[sixpounder]

hell, yeah...
you wont believe me how many times i checked the parameters for RPM and did not see that! typically noobstyle

everything runs flawless now. thanks man. i will clean up my code and contribute it soon. i think it could be a good entrypoint for beginners like me.

[Cypher]

No you don't. How to obtain a handle to any process with SeDebugPrivilege



I also know alot. He's not happy today.
Mixing stream and stdio output.. Terrible error handling.. Inconsistent hungarian notation.. Bad advice.. This thread has it all.

On topic: Check your base address.

"You must spread some Reputation around before giving it to _Mike again."

hell, yeah...
you wont believe me how many times i checked the parameters for RPM and did not see that! typically noobstyle

everything runs flawless now. thanks man. i will clean up my code and contribute it soon. i think it could be a good entrypoint for beginners like me.

If you release C++ code with functions like:
ReadDWORD
ReadFLOAT
ReadDOUBLE
etc

I will hunt you down. Why the **** do you think C++ has templates?

There's enough terrible "getting started" code examples in the wild at the moment. If you're going to release a new one, at least put some effort in and TRY to get it right. >_>

[gononono64]

I will hunt you down. Why the **** do you think C++ has templates?

Cypher scares me. God whatever you do don't let me **** up in the presence of the almighty Cypher.

[miceiken]

Cypher scares me. God whatever you do don't let me **** up in the presence of the almighty Cypher.

Necro bump, and stop trolling.

[snigelmannen]

Cypher scares me. God whatever you do don't let me **** up in the presence of the almighty Cypher.

He scares you? So far he's only been encouraging me to read up on stuff before posting, he is quite sweet/kind imo.

[~OddBall~]

watch out guys, suck any harder and his dik will fall off

[gononono64]

Necro bump, and stop trolling.

1 week before i unintentionally bumped it is not considered a necro bump. Also i was just joking around. I really like cypher cuz hes funny (in a ****ed up way) and has yet to yell at me. ^_^

I found this on the first page so it wasn't really old.

On topic: I think this code could really be useful for people. Although i'm not sure why cypher does not like the read functions. But then again i do not program much in c++ and im still fairly new to reading memory

[reggggg]

use generics .......

read<dword>
read<char>
read<qword>

Templates - C++ Documentation