Base Address + pointer + offset = 0 :(

[mrdennis87]

This is for my hp (not max hp)

I Used cheat engine, and in cheat engine I have traced the multilevel pointer to it's static, or base pointer. Which is Wow.exe+A42788 and it has an offset of 0x11CC .. I can start up wow, and when I add this into cheat engine as Wow.exe+A42788 and put 11CC as my offset, I get my hp value every single time, even when I restart wow. I went ahead and got the base address of wow, which currently is 0x013B0000 .. So again when I go into cheat engine and add 0x013B0000+A42788 and set my offset it gets my hp every single time, so I know this is the right static pointer and base address.

My question is.. When I add 0x013B0000+A42788 and then add 0x11cc and try to use that pointer, which is 1DF3954. But when reading the value in this new pointer I am getting a value of zero.. What am I doing wrong here ? It's got me stumped :confused:

[mrdennis87]

By the way, I used Calc.exe to add the hex values together, to get the new pointer..

[_Mike]

You're doing it wrong. Read (0x013B0000+A42788), add 11CC to THAT value, and read again.

[mrdennis87]

So adding the base address + offset will give me a new pointer. Then with that new pointer, I add the 11cc off set? and that should be my hp. I'm trying to experiment right now with it. It seems to be pulling the base address for wow.exe different now (dunno if it's because it's a different pid or not) it's pulling 0x00000000001a00 as base address now :\ Thank you for the response, once I can get this new base address working, I'm going to try what you said, I will let you know how it goes.

[mrdennis87]

I got it!! ty so much. I've been trying to teach myself since February, but I can only learn so much on my own I do appreciate the help, trust me. So It is a level 2 pointer then ? I forgot about adding offset, then adding offset to new value works perfect, even when I restarted wow, and pid changed. But, the base address seems to be changing of the wow.exe. Last question, will there be different base addresses sometimes? and if I continue to use the one, it will be static, and continue to work ?

[Jadd]

I got it!! ty so much. I've been trying to teach myself since February, but I can only learn so much on my own I do appreciate the help, trust me. So It is a level 2 pointer then ? I forgot about adding offset, then adding offset to new value works perfect, even when I restarted wow, and pid changed. But, the base address seems to be changing of the wow.exe. Last question, will there be different base addresses sometimes? and if I continue to use the one, it will be static, and continue to work ?

WoW uses address space layout randomization (ASLR) and it's just that - random. This is why we add the base module to rebased offsets.

Address space layout randomization - Wikipedia, the free encyclopedia

[mrdennis87]

Ah I forgot about the aslr, I was reading something about that too.. So I have two choices now .. I can grab the base address automatically every time my bot is started up( assuming the base address will not change while game is open. Or I can learn how to search for the modules in the process (using CE I believe), and figure out what rebased offsets are? From what I'm reading so far, the process has 1 or more modules, and you have to find out which module stores the value that were looking for. I appreciate the help. and I am def gonna give rep (: I don't want to just make the bot, I want to know how everything works, and what everything is. When I get home from work today, I am going to look through the forums, and try to find how to find the base module. thank you for the information Jadd.

[_Mike]

Ah I forgot about the aslr, I was reading something about that too.. So I have two choices now .. I can grab the base address automatically every time my bot is started up( assuming the base address will not change while game is open. Or I can learn how to search for the modules in the process (using CE I believe), and figure out what rebased offsets are? From what I'm reading so far, the process has 1 or more modules, and you have to find out which module stores the value that were looking for. I appreciate the help. and I am def gonna give rep (: I don't want to just make the bot, I want to know how everything works, and what everything is. When I get home from work today, I am going to look through the forums, and try to find how to find the base module. thank you for the information Jadd.

Yes the base address is static during a single process' lifetime. As for what rebased offsets are; In the context of your OP..
Wow.exe+A42788 is a rebased address. Because it specifies an offset from wow.exe it does not matter what address wow loads at.
0x1DF2788 is not rebased. It will only work for that specific process instance.

How to find the base address? It depends on what programming language you're using. But a good starting point is using the ToolHelp API either directly or via a standard or 3rd-party library. For example .Net has the System.Diagnostics.Process class.

And about the info dump threads; If a post doesn't say that the addresses are already rebased you should subtract 0x400000 (the default load address from the .exe header)

[Jadd]

Dynamic base address... that's a million dollar idea lol

[mrdennis87]

Not to sound lazy lol. But if that base address is static as long as that process is running, I can grab the base address each time the bot is started, and then grab all my values (: that's probably the way I will do it. I am using vb6 by the way, yes I know, vb6.. but it's what I know .. I am currently using the nomadmemory.au3 in AutoIt to grab the base address, I would love to convert that function to vb6 but that's above my knowledge on that one, because I am just learning AutoIt. I already have my bot where I can queue for bg's, move my toon, fight etc. My only problem was where I'm trying to read values. I should only need to read my hp, mana, and coordinates. From what I've heard, writing to the memory, or loading the dll file to call functions into wow ( I believe this is how it's usually done ), is against their terms of service, or maybe even illegal :\ So I'm making my bot where it will not write any values, or write to memory at all. Just reading from it. Once again guys, thank you for all the help so far, it is much appreciated.

[mrdennis87]

Dynamic base address... that's a million dollar idea lol

If they ever made it dynamic, would just use a timer to check every 1 second, to see if the base changed. If so would grab new one and would take like 3 seconds (:
Unless they changed it every 1 second lol then I would be screwed on making the bot.

[Jadd]

Not to sound lazy lol. But if that base address is static as long as that process is running, I can grab the base address each time the bot is started, and then grab all my values (: that's probably the way I will do it. I am using vb6 by the way, yes I know, vb6.. but it's what I know .. I am currently using the nomadmemory.au3 in AutoIt to grab the base address, I would love to convert that function to vb6 but that's above my knowledge on that one, because I am just learning AutoIt. I already have my bot where I can queue for bg's, move my toon, fight etc. My only problem was where I'm trying to read values. I should only need to read my hp, mana, and coordinates. From what I've heard, writing to the memory, or loading the dll file to call functions into wow ( I believe this is how it's usually done ), is against their terms of service, or maybe even illegal :\ So I'm making my bot where it will not write any values, or write to memory at all. Just reading from it. Once again guys, thank you for all the help so far, it is much appreciated.

Start a new language. You'll be kicking yourself later when VB6 fails you. Come on, that language is 14 years old now.

[mrdennis87]

Start a new language. You'll be kicking yourself later when VB6 fails you. Come on, that language is 14 years old now.

You are right Jadd. It's just that I haven't found anything that vb6 can't do yet. I started to teach myself C++, vb.net and delphi,But I ended up only learning a little of each, because I couldn't find a reason to learn a new language when the other one worked :\ Right now I'm teaching myself AutoIt (Or at least trying). But my thing is going to be which one to learn fluently and make my main language of choice. I'm guessing C++ will be the best, or at least most common to learn. Once I make this bot, I will learn a little more C++, and try to make it in C++ Which one do you think, C++ or VB.net ? I have 30 college credits for IT in college so far so I guess I should get out of vb6, and into a more powerful language ^_^

[Jadd]

You are right Jadd. It's just that I haven't found anything that vb6 can't do yet. I started to teach myself C++, vb.net and delphi,But I ended up only learning a little of each, because I couldn't find a reason to learn a new language when the other one worked :\ Right now I'm teaching myself AutoIt (Or at least trying). But my thing is going to be which one to learn fluently and make my main language of choice. I'm guessing C++ will be the best, or at least most common to learn. Once I make this bot, I will learn a little more C++, and try to make it in C++ Which one do you think, C++ or VB.net ? I have 30 college credits for IT in college so far so I guess I should get out of vb6, and into a more powerful language ^_^

VB6: Outdated
VB.NET: Retarded syntax
AutoIt: Scripting language, no one takes it seriously
C++: Coming from VB6, you're probably going to get lost unless you forget everything you know and dedicate yourself to books/classes/etc.

I recommend C#. It's a serious language, and it's not too hard.

Making hacks and bots will help you with some knowledge of how the CPU works, which can also be a big help for C++ if you want to take on that at some point.

[mrdennis87]

I'm downloading the visual studio for C# right now, Visual C# I'm guessing will be the same coding as C#, just more of a GUI side of it. I will be working on how to read memory and understand the basics of C# today, and maybe I can continue to work on my bot in C# By The Way, I was wondering if writing to the memory of wow is illegal. I want to make my bot legal, and do it the right way. From what I've read on here before, people were using C#, and AutoIt and loading a dll file into the process. From that dll file they can call functions like targetname, or go here(x,y,z) etc.