Where did I go wrong? [Source][Pix]

[J0llyGr33n]

So, I understand I am new here and that I should spend another week or two trying to hammer out this source code and get it working but I can't seem to understand why its not working properly. Although I know I am not the greatest at C++ I do understand 90% of what I read when i read others source code, and have in the past been very successful in Networking applications when it comes to writing source, but I can't seem to get my head around playing with memory. I've spent the last week or so doing what i could to read as much out dates source and test and play with an application to get it functioning but I seem to fail time after time and it is rather frustrating. The below parts of this post contains source code as well as some screen shots of the results. I have done the best I could to comment along the way for my own personal benefit and encase i ever needed someone to read my source code as I am now. If you have any questions or ideas/solutions as to why I seem to be failing please inform me and i will answer the question or review the information as fast as humanly possible between work and school. Do note I do welcome all kinds of criticism even if its simply bashing me. I feel there is value in all of it.

My assumption of what is going wrong in my source code revolves around address i believe.

Highlighted Syntax: [C++] Head scrater - Pastebin.com
Note: TokenPrivs contains the function I wrote very similar to Knox's to obtain debugging privs for memory editing
Note: Find_Process.cpp contains two simple functions for finding and Opening WoW based on a string "World of Warcraft". Quick method i used instead of the snapshot process method.

Code:

// WoWTest2.cpp : Defines the entry point for the console application.
//

#include "stdafx.h"
#include "TokenPrivs.cpp"
#include "Find_Process.cpp"

int _tmain(int argc, _TCHAR* argv[])
{
	HANDLE hProcess;
	DWORD pID;

	if(FindProcess("World of Warcraft", pID) == -1)
	{
		std::cout << "Could not detect World of Warcraft, press ENTER to exit.";
		std::cin.get();
		return -1;
	}

	std::cout << "Detected World of Warcraft... Attempting to get debugging privs\n";

	if(TokenPrivs() == false)
	{
		std::cout << "Could not raise to debugger privs. Press ENTER to exit.";
		std::cin.get();
		return -1;
	}

	std::cout << "Debugging privs obtained... Attaching to World of Warcraft\n";

	AttachProcess(hProcess, pID);

	DWORD ptrObjectManager, g_ClientConnect, BytesRead;
	ReadProcessMemory(hProcess, (LPCVOID)0x0, (LPVOID)g_ClientConnect, 4, &BytesRead); //0x0; //0x980558,
	std::cout << "Read from base address into g_ClientConnect: " << g_ClientConnect;
	ReadProcessMemory(hProcess, (LPCVOID)(g_ClientConnect + 0x463C), (LPVOID)ptrObjectManager, 8, &BytesRead);
	std::cout << "\nRead from g_ClientConnect into ObjectManager: " << ptrObjectManager;
	/*ptrObjectManager returns 0 when I read 0x0 into g_ClientConnect (the rebased 0x980558 address). Reading
	0x980558 into g_ClientConnect forces both to zero. This is the non-rebased address.*/
	/*note: Occasinally this is showing g_ClientConnect as 0 as well*/

	// ptrObjectManager Is now the pointer to my Object Manager according to Shynd

	UINT64 LocalGUID; // Our GUID
	ReadProcessMemory(hProcess, (LPCVOID)(ptrObjectManager+0xB8), (LPVOID)LocalGUID, 8, &BytesRead);
	std::cout << "\nRead our GUID: " << LocalGUID;

	DWORD CurrentObject, NextObject;
	ReadProcessMemory(hProcess, (LPCVOID)(ptrObjectManager+0xB4), (LPVOID)CurrentObject, 4, &BytesRead);
	// For a pointer to the start of the linked list. Current Object

	NextObject = CurrentObject;

	//Knok's while loop replica mixed with Shynd's
	while(CurrentObject && (CurrentObject & 1) == 0) //while (curObj != 0 && (curObj & 1) == 0) shynd
	{
		UINT64 ObjectGUID;
		DWORD LocalObject; // Our character in the Object Manager
		ReadProcessMemory(hProcess, (LPCVOID)(CurrentObject + 0x30), (LPVOID)ObjectGUID, 8, &BytesRead);
		if(LocalGUID == ObjectGUID)
		{
			std::cout << "\nWe found our self in the Object Manager!\nObject GUID: " << ObjectGUID;
			LocalObject = CurrentObject;
			float X, Y, Z;
			ReadProcessMemory(hProcess, (LPCVOID)(CurrentObject + 0xBF0), (LPVOID)&X, 4, &BytesRead);
			ReadProcessMemory(hProcess, (LPCVOID)(CurrentObject + 0xBF4), (LPVOID)&Y, 4, &BytesRead);
			ReadProcessMemory(hProcess, (LPCVOID)(CurrentObject + 0xBF8), (LPVOID)&Z, 4, &BytesRead);

			std::cout << "\nX: " << X << "\nY: " << Y << "\nZ: " << Z;
			std::cin.get();
			break;
		}

		NextObject = CurrentObject;

		ReadProcessMemory(hProcess, (LPCVOID)(CurrentObject + 0x3C), (LPVOID)NextObject, 4, &BytesRead);

		if(NextObject == CurrentObject)
		{
			std::cout << "\nError, NextObject == CurrentObject";
			std::cin.get();
			break;
		}
	}
	std::cin.get();
	return 0;


}

Our first attachment shows 0x0 (0x0 being rebased 0x980558 according to most recent info thread.)


Our second attachment is the results from 0x0. This time returning some more information...


Our third attachment is from a test ran just encase I was wrong where it ran 0x980558 as the address to read into g_ClientConnect.


Like I said above I believe that the issue lies within my addressing but I'm not sure what to change. I worked off of Shynd's blog and did some reading over Knox's code for TLS/Object Dump source and I am just failing to see it. I hope that someone can help me here but if no helps comes I will alert you of when I find the solution on my own and as to what is was. Thank you for your time and all the information you have shared on this forum.

[Bananenbrot]

Ok... some cricism: don't include<> .cpp files. It's misleading and best and you will suffer a massive push back in compile time. Extract proper headers!
Instead of checking each and every method return and polluting the CUI with irrelevant assertions, you should throw exceptions. This was just some obvious stuff, there is more to do, like proper wrapping C API etc.

Now something more WoW related: You can't read from 0. It's called a null pointer, that's an invalid pointer. If you had properly wrapped ReadProcessMemory and thrown an exception on one of the various error condition, you would have recognized that. What you are doing atm is just wrong.
Look for gononono's (or whatever he's called) howto to get your stuff running.

[xalcon]

Well, my C++ knowledge is not that good, but I'll try to help.

Code:

ReadProcessMemory(hProcess, (LPCVOID)0x0, (LPVOID)g_ClientConnect, 4, &BytesRead); //0x0; //0x980558,

Well, you are doin' it wrong :3
0x980558 is not the Base Adress of WoW, its the Pointer to the client connection structure. The BaseAdress changes everytime you start the client (at least when using Win7 or Vista). This 'feature' is called ASLR (http://www.ownedcore.com/forums/worl...r-enabled.html (Finding the BaseAddress when ASLR is enabled)).

To get the right data, you need to

1. Read the BaseAdress
2. Add the baseAdress to the rebased address of the client connection pointer and read from this position (pClientConnection = [baseAddress + 0x980558])
3. Add the object manager offset to the ClientConnection-Pointer (pObjMgr = [clientConnection + ObjMgr-offset])
4. Get the First object in the Object Manager (pObject = [ObjMgr + FirstObjectOffset])
5. Iterate through the whole list (pObject = [NextObjectOffset+pObject])
6. For each object, read all data you need or do something else

PHP Code:

DWORD ptrObjectManager, g_ClientConnect, BytesRead;
DWORD baseAdress = getBaseAdressAnyhow();
ReadProcessMemory(hProcess, (LPCVOID)(0x980558 + baseAdress), (LPVOID)g_ClientConnect, 4, &BytesRead);
std::cout << "Read from base address into g_ClientConnect: " << g_ClientConnect;
ReadProcessMemory(hProcess, (LPCVOID)(g_ClientConnect + 0x463C), (LPVOID)ptrObjectManager, 4, &BytesRead);
std::cout << "\nRead from g_ClientConnect into ObjectManager: " << ptrObjectManager;

UINT64 LocalGUID; // Our GUID
ReadProcessMemory(hProcess, (LPCVOID)(ptrObjectManager+0xB8), (LPVOID)LocalGUID, 8, &BytesRead);
std::cout << "\nRead our GUID: " << LocalGUID; 


I have not tested this, but this is how would (*not*) do it.

[Cypher]

Two things...

1. This shit has been covered over 9000 times.
2. This is not a beginners section, you're expected to know the language you're trying to use. If you want to use C++ that's fine, but don't expect help here when you don't even have a basic working knowledge of it...

Go do some research and come back when you have an actual question, not "please spoonfeed me beginner level stuff that has already been covered in depth in the past".

Lastly, because you obviously haven't read them, please familiarize yourself with the section rules (Memory Editing Section Rules).