Noob Question about multi level pointers

[rdw]

After having some success on other games I decided to move to the famous WoW as someone in the forum advised me, the chosen version was 3.3.5a and I got started couple days ago. Still the other games I tried to create tools were pretty simples to find entities and all but when I started messing with wow it got me stuck on its multi level pointers.

There was another topic here talking about the same thing but the answer given was to use IDA and the PDB to find the playerbase but since this is about learning, the addresses should be found pilgrim style.

So after finding the dynamic address for XYZ using CE, I set a bp on access and got the first pointer, second pointer, third pointer... after the third pointer it loops me back to the second pointer.

Thanks for all the info on this section its really a rich resource for research and most of the users are very helpful.

[Frosttall]

First of all: Don't use the pointer-scan in CE.

You should use Cheat Engine only in order to find a function which reads/sets the values. Open IDA in order to navigate to that function and work trough the calltree until you reach a static pointer.

Here's a way to achieve something with the help of Cheat Engine instead of using IDA only:
An approach for reversing the object manager would be to find out at which position (relative to the object pointer) the coordinates are stored and subtract that offset from the memory-location you've determine for the coordinates. The new value is the object pointer - a read-hook would bring you sooner or later to a function which manages all objects (aka a function which enumerates all objects inside the object manager) and you'll be able to reverse that function with the same pattern as above until you reach a static address.


P.S.: There are easier ways, but this is one which is easier to understand for newcomers rather than reversing everything completely with IDA. Here's a nice tutorial to reverse some easy stuff with IDA: http://www.ownedcore.com/forums/worl...ple-stuff.html ([Tutorial] How to find simple stuff)

P.P.S. I tried to keep everything as generalized as possible to allow you to use that pattern for reversing other things you found with Cheat Engine. You will have to use IDA either sooner or later anyways - so try to take small steps.

[rdw]

So the right path should be finding a function that r/w the address and reverse it with ida/olly to find the playerbase through the callstack?

[Frosttall]

So the right path should be finding a function that r/w the address and reverse it with ida/olly to find the playerbase through the callstack?

Yes, something along those lines - even tho I don't really remember if it's the playerbase or the ObjectManager you need at that point. Either way, you can start using Cheat Engine and continue to reverse with IDA (xrefs and searching for strings is a nice feature ).