Beginner needs Delphi Help

[joostvanpoppel]

Hi,

I just started doing some coding with memory. And have to say it's still very difficult.
My first goal is to "simply" read the current logged in characters' name. To do so, I understand you need the WoW base address + the rebased playername offset (now: 0x9BE820). Correct so far?

First off i created a new function in my project to get the base-address from module WoW.exe.

Code:

function TForm2.GetModuleBaseAddress(ProcessID: Cardinal;   MName: String): Pointer;
var
  Modules         : Array of HMODULE;
  cbNeeded, i     : Cardinal;
  ModuleInfo      : TModuleInfo;
  ModuleName      : Array[0..MAX_PATH] of Char;
  PHandle         : THandle;
begin
  Result := nil;
  SetLength(Modules, 1024);
  PHandle := OpenProcess(PROCESS_QUERY_INFORMATION + PROCESS_VM_READ, False, ProcessID);
  if (PHandle <> 0) then
  begin
    EnumProcessModules(PHandle, @Modules[0], 1024 * SizeOf(HMODULE), cbNeeded);
    SetLength(Modules, cbNeeded div SizeOf(HMODULE));
    for i := 0 to Length(Modules) - 1 do
    begin
      GetModuleBaseName(PHandle, Modules[i], ModuleName, SizeOf(ModuleName));
        GetModuleInformation(PHandle, Modules[i], @ModuleInfo, SizeOf(ModuleInfo));
        Result := ModuleInfo.lpBaseOfDll;
        CloseHandle(PHandle);
        Exit;
    end;
  end;
end;

So I assume the starting point of the playername can be retrieved by calling the function like this. (Edit1.text holds the WoW-pid)

Code:

procedure TForm2.btnTestClick(Sender: TObject);
var
  Address: DWord;
  Pidhandle: Integer;
  BytesRead: DWord;
  buf: array of AnsiChar;
begin
  //CHARACTER NAME START ADDRESS
  Address := Integer(GetModuleBaseAddress(StrToInt(Edit1.Text), '')) + Integer($9BE820);
end;

Is this correct so far? Or am i doing something wrong

If correct, how do I actually read the value from the running process in Delphi?

Any help would be greatly appreciated!

thanks,
Joost

[joostvanpoppel]

Ok, so dubble-checked the outcome in the address-variable searching for the value with cheatengine. It's exactly the same value.

So question remains: how do I actually Read a string from the process? And how do I know the length of in-memory variables?
Anyone mind explaining?

[Bananenbrot]

This is simple and actually too easy stuff to bother anyone in this forum, so I'll keep the spoon small.
You read bytes from another process via ReadProcessMemory. C-strings are zero terminated, so you should read bytes in chunks from that address until you hit a '\0'.

[joostvanpoppel]

This is simple and actually too easy stuff to bother anyone in this forum, so I'll keep the spoon small.
You read bytes from another process via ReadProcessMemory. C-strings are zero terminated, so you should read bytes in chunks from that address until you hit a '\0'.

Damn, wasn't really looking outside the box.. It helped me get there, thanks.

Other question: There's a lot of offsets with different variables. Is there any list that defines each variable? Definition, size, type, etc? Or is that all to figure out by myself? I like puzzling, but if there's a list, it will sure safe some time.
For example: The global "IsInGame", suggests it's a boolean, but what do I encounter when i read it? 0/1, Y/N, ?
Another example: What is ment by global LootWindow: I'm not sure what that value does.
(Hoping to make my point clear)

thx for the replies,
J.

[Frosttall]

Well try to get the adresses on your own by using IDA. Like this you'll directly see which type you have to read. I would recomment you to not use published adresses blind without opening them with a disassembler.

And just think how values are stored in the memory. A boolean is stored as 0 = false ; 1 = true and not as string ('Y' / 'N') Oo. Wow uses as far as I know only Int32, UInt32, Double, Float and Boolean (strings are stored as UInt32 pointers).

P.S. What do you mean with "global Lootwindow"? Where do you have it from?
P.P.S. Read the rules (This section is more advanced than others on OwnedCore Read the section specific rules, infractions will be given out if u break them! That is including the expectations! - If you don't meet them then don't post): http://www.ownedcore.com/forums/worl...ion-rules.html (Memory Editing Section Rules)

[Bananenbrot]

@Frosttall: Actually, WoW uses also bool (8-bit), shorts (WORDs rather), etc... it's wrong to say WoW generally uses only those types. Though I definitely second the rest of your post.

@OP: And please, before you post any other beginner level questions, google around and get knowledge in reverse engineering. Learning to program a bot is not like "oh let's keep it simple and read out the player name, asking for spoons on every step i take" but rather gain a profound knowledge in reverse engineering and os architecture at first. See the book thread and/or begin with x86 Disassembly - Wikibooks, open books for an open world and come back in a week or two before posting any other trivial questions.