Confused/Help needed -> Memory Reading

[Holico]

Hey Guys,
English isnt my native tongue so expect some mistakes.
I know the Thread Title is a bit confusing but i dont know how to discribe my problems.
I want to write a little tool which can readout the enemy names in BGs and then look them up on armory and display ilvl/blizz gear check.

What i have achieved by now is:

-Reading out my Targets name (Buggy)
-Get Armory Page from target and get ilvl/gearcheck info

So i used Cheat Engine to search throug my memory for my Targets name (lets say it tony).
i have switched targets to get the right memory entry, then substracted the wow base adress and thought i got the offset.
But it stops working after i restart my pc (maybe only wow, but after "finding" the offset i go to sleep).
So its maybe an dynamic adress, thats one thing i could need help for.
a side question to this -> the adress shown in CE is that the offset or not?


But theres another "problem", i cant find the targets realm in memory.
Im not sure how to write this in english, i hope you understand the following.
I, obviously, can find realm names in my memory, but there are not target specific (e.g. my target is tony-Azshara, then i cheat engine text: "Azshara", then i switch my target to ultraroxxor-blackmoore but no entry i found before (azshara) swtiches to blackmoore.


And thats not even my final problem, im satisfied if i can read one target + realm at one time but it would be perfekt if i can read out the BG scoreboard or something like that

Im working with

1. Windows 7 64 Bit
2. 32 Bit WoW Client
3. BlackMagic
4. C#
5. Visual C# 2010 Express Studio or what ever this IDE is called

[SwInY]

Research "Object Managers"

This will be your key for all your questions.

[Holico]

damn =/
object manager looks so ****in complicated

i was kinda hoping theres a simple way to do that (i guess for most expirienced programmers, this is the simple way).
ill searching the forums, if anyone has other suggestions please post them.

[Xelper]

It really isn't complicated at all. It is basically just a list of objects, and the offsets are posted pretty much every patch. There are also dozens of posts on how to use it, that likely only need to be updated with new offsets and descriptors.

GetUnitName("unit", showServerName) also returns server name if you set the 2nd argument to true. You could either use an EndScene hook to call that function or you could reverse the function and see where it pulls that information from (probably the object manager, never looked at it before ^^)

[JuJuBoSc]

Realm name is stored in the namecache as for the players name at record + 0x34 (According to CGUnit_C::GetUnitName).

[Holico]

It sounds so easy


i have no clue what an endscene hook is, but even if i know, "call that function" sounds like something that blizzard COULD detect. "reverse the function" -> yeah... i would if i could

Problem with most Tutorials i found is, that they are not up to date (not such a problem cause theres a new offset dump) BUT most tutorials are hooked on something (this ([Guide-kind of] How I handle objects.) is hooked with Kynox’s WoW Object Dumper with is outdated too) .

But before i try this i think i try to rewrite some code from the url above.

Code:

 static class ObjectManager
        {
            public static BlackMagic WowReader = new BlackMagic();

            private const uint staticClientConnection = 0x009BE678, // client connection, same address every boot
            objectManagerOffset = 0x463C,                                  // offset from the ClientConnection to the object manager
            localGuidOffset = 0xC8,                                             // offset from the object manager to the local guid
            firstObjectOffset = 0xC0,                                          // offset from the object manager to the first object
            nextObjectOffset = 0x3C;                                          // offset from one object to the next
            static private uint objectManagerBase;                       // the address off the object manager
            static public ulong localGuid;                                   // the local guid.

            public static void LoadAddresses()
            {
                WowReader.OpenProcessAndThread(SProcess.GetProcessFromProcessName("Wow"));
                objectManagerBase = WowReader.ReadUInt(WowReader.ReadUInt(staticClientConnection + (uint)WowReader.MainModule.BaseAddress) + objectManagerOffset);
                localGuid = (uint)WowReader.ReadInt64((uint)(objectManagerBase + localGuidOffset));
            }

So, as far as i can read the info dump, objectManager Offset and the following variables are right, only the staticClientConnection isnt up to date, so i find this
"625E10 ClientConnection:::ClientConnection", so i changed "0x009BE678 -> 0x625E10) but i dosent work, blackMagic says "Failed to readUint".
Okay as far as i know thats because i have the flase offsets.
I remember something like "All offsets NOT rebased!" so i added +0x1000 to the clientConnection, but it also dosent work...

So you give me 3 Options, ObjectManager, EndScene whatever and reverse an function.

I dont know what an Endscene Hook is, and if im honest im not sure if i want to "learn so much" about mem reading.
I have no clue how to reverse a function, is it maybe possible that i create an wow addon that writes all names in a file and let C# readout the file and search the ppl (maybe easiest way, even if i would like to have one programm todo that)
So third option -> ObjectManager, ill stick with this, hopefully get this to work.

If i get it to work then the following steps are this, or not?

-Search through all Objects
-Filter playerObjects
-Filter Enemys out of PlayerObjects
-Resolve name and realm
-look it up on battlenet (that works for know, yay)
-Filter interssting Information (ilvl -> works, blizz gear check -> works)

I know this is an advanced forum, so maybe its not the right forum to ask questions like this (i think they are realy noobish), so should i make a new thread in the programming forum if i want a bit help?

[namreeb]

It's good that you're honest. I will be equally honest. The people here who are willing to help are generally not keen to put more effort in to helping you than you are willing to put in to help yourself.

[Holico]

Before i wrote the Answer above i googled Endscene hook/endscene hook tutorial.
Mostly i find some DirectX tutorials which are kinda weird.
I dont find anything that i can use for my "plans", im not even able to find a damn explanation what "Endscene Hook" is.
So the only thing left is to analyze the words and try to figure the meaing out by myself...
so i come the conclussion that " WowReader.OpenProcessAndThread(SProcess.GetProcessFromProcessName("Wow"));" is some kind of endscene hook?

And to "call that function" i must write something in the memory and thats nothing i want to do cause (even if blizzard dosent do it at the moment) blizzard could detect it.
My Problem is, i dont want to write anything extreamly complicated (okay i guess endscene hooking and object manager usage isn complicated at all).
At the Moment i do the following:

-Start wow
-Start CE
-Search for my Targets Name
-Switch Target -> search for new Targets name
-Use the given Adress (string playername = wow.ReadASCIIString(0x2080583C, 255); )
-Write realmname by hand (string result = Microsoft.VisualBasic.Interaction.InputBox("Realm?", "Please input Realm", "azshara", 10, 20); )
-Azshara is standart realm, cause its my realm
-look person up in armory

So i have some differnt goals
-Get the Offset for Targetname so i dont need CE
-Get the realm name so i dont write it down by hand

So thats kinda V1,
if i can figure out how it works the following:

-Use the Object Manager
-Filter Enemy Players
-Readout Name/Realm
-Lookup in Armory

So, another thing that i dont understand is following
i looked at the info dump, and find the offset for playername (0x9BD070, its rebased allready (not sure what that means too)) so i try wow.ReadASCIIString(0x9BD070, 255) and wow.ReadASCIIString(baseAdress + 0x9BD070, 255)
and i didnt get my name... i dont understand this and im willing to learn, but the i cant find any upto date tutorial (not in english, and of course not in german).
i find an good tutorial how to find offsets, but i dont know how to work with offsets, i thought i know it but after trying this above and cant get it to work it seems like i dont...

[TOM_RUS]

You don't need any hooks if you just need player and realm name. Search for ObjectManager examples, there's tons of them...

[Holico]

Okay, if you look at Post 6 i tried it already, but i will try it again.
A question before that if i understand things right.

i use BlackMagic to read the Memory

Code:

BlackMagic MemReader = new BlackMagic();
MemReader.OpenProcessAndThread(SProcess.GetProcessFromProcessName("WoW"));

Then i need to find the ObjectManager,
i want to store the adress at the variable OMB (ObjectManagerBase)
For this i need the following informations
staticClientConnection
ObjectManagerOffset
localGUIDOffset
first/nextobjectOffset

In the Info dumpthread i find the following informations:

Code:

internal enum ObjectManager
        {
            CurMgrPointer = 0x9BD030,     
            CurMgrOffset = 0x463C,        
            NextObject = 0x3C,            
            FirstObject = 0xC0,           
            LocalGUID = 0xC8
        }

So my Variables are there

Code:

ObjectManagerOffset = 0x463C
firstObjectOffset = 0xC0 (So ObjectManagerOffset + firstObjectOffset = the adress of my first object right?)
nextObjectOffset = 0x3C (So firstObject + nextObject = secondObject, secondObject + nextObject = thirdObject etc.)
localGUIDOffset = 0xC8 (So ObjectManagerOffset + localGUIDOffset = localeGuid (is this my GUID?))

Missing is the staticClientConnection, thats some kind of Problem, cause im not sure which infoDump entry is the right.
In my Opinion there are 2 possibilities:
625910 ClientConnection:::ClientConnection
625190 ClientConnection::ClientConnection

So i tried booth, but the Second line in the CodeAbove throws a exception every time (ReadUInt failed)
I guess it because one offset is false.

Code:

omb = MemReader.ReadUInt(staticClientConnection + (uint)WowReader.MainModule.BaseAddress);
omb = MemReader.ReadUInt(objectManagerBase + objectManagerOffset);

Could figure out this Problem, now ill try to filter Players and get the names

[Holico]

Okay,
the ObjectManager is Working.
I can readout all the Player, GUIDs, level.
But i dont know how to get Name or Realm, these 2 values are not saved in the Object itself.
In another thread i found a crazy (in my eyes) way to resolve the name, but i have know clue how to resolve the realmname, any ideas besides from the lua function?

[SwInY]

i done this a while ago

http://www.ownedcore.com/forums/worl...ayer-name.html ([Code Release] C#, Out Of Process - Get Player Name)

[Holico]

Figured UserName out already, but cant get the realm =/
Another Problem with the usernames is that they have strange characters in it

Gókû
LÃ*ona
for example, i tried to convert it but the only thing i have achieved by now, is that the Ã* is replaced by an "?".
Not sure from what to what i need to konvert, thought utf8 -> unicode but nope

**** yeah
System.Text.Encoding.UTF8.GetString(ObjectManager.WowReader.ReadBytes((uint)ptr + (uint)NameStringOffset, 64))
and its all nice

But i cant find the realmname.

Get the Realmname too.

[_Mike]

This is why I dislike managed programmers..
You guys (generally, there are exceptions ofc) have no clue how the win32 api or basic memory management works.
The only thing I can tell you is to read up on what the words "pointer" and "pointer dereferencing" means and you will have it much much easier, because from reading your posts it's clear that you have no idea what they are.
Sorry if it sounds harsh but it's just the way it is. Managed languages are great from a rapid development point of view, but they also tend to breed lazy clueless programmers. Don't be one of those guys

And to stay on topic; Xelper and JuJu already told you everything you need to know.

[DarkLinux]

I do not recommend getting the object managers address from a pointer of a pointer of a whatever... As seen above..

Just set a break point at 0x1CCD3E+wow.exe and look at the ESI register.

That will give you the address of your object managers, just add 0x3C to get the pointer of the NextObject.

Anyways its simple, but not if its your first time...

Take a look at BlackRain
http://www.ownedcore.com/forums/worl...r-library.html ([C#][Source] BlackRain - Simple Object Manager Library)