How to get started with Memory Editing? Quick basic question

[crunk001]

So I have digged out a couple of guides that are from around 2010. The date probably does not matter.

My question is, can I follow them without wasting time? Using my time correctly is crucial for me.

Can you possibly recommend steps or a concrete guide on how to memory edit? From start to finish

- and also: Is packet sniffing and editing the same as memory editing? If not, what is superior and can be actually used on live / probably never can get detected [because here] ?


Thank's in advance

[uzzy13u]

// edit - removed

[Affenmann3000]

I dont want to open another basic thread, so maybe it's ok to post my current problem here.
I just want to read the coordinates of the player. I have C# knowledge and already built some months ago
a little winform which showed me the position of my player. I simply searched the coordinates with CheatEngine,
subtracted the base adress for the offsets and everything works fine. Today I tried the same but the value is always wrong when I restart Wow.
I know the Obfuscation came, but did this also change the distance between offsets and base adress now?
When I take the offsets from the current Update Threads, do I need to take the Objectmanager offset and X as one offset?
Here is my code:

Code:

            uint offsetPlayerX = 0xDB87EC;
            uint offsetPlayerY = 0xDB87F0;
            uint offsetPlayerZ = 0xEE6F70;

            Process[] procs = Process.GetProcessesByName("Wow");

            IntPtr ptrBaseAdress = procs[0].MainModule.BaseAddress;

            var baseAdress = (uint)ptrBaseAdress;

            var wow = new BlackMagic(procs[0].Id);           

            var playerX = wow.ReadFloat(baseAdress + offsetPlayerX);
            var playerY = wow.ReadFloat(baseAdress + offsetPlayerY);
            var playerZ = wow.ReadFloat(baseAdress + offsetPlayerZ);

[FunnybunnyJR]

a general hint would be that those values reside in an object which is dynamic, or runtime allocated, so by it's very nature, that object is going to have a different address every time the process starts.

there is a wealth of information in this forum about the "object manager" which is an important structure in the wow client, and the mechanism by which you can find the address of any and all "objects" (speaking specifically about wow's hierarchy of ingame objects and not generally about c++ objects) including your toon, other toons, npcs, doors, zeppelins, and really any server-spawned entity.

[crunk001]

for start you can learn some programming lang because it will help you in 2 ways, hacking games or to work as a programmer in future why not...
after you know some programming lang you can start to learn little assembly from those videos Stephen Chapman
- YouTube
this is RLY the basic info but my point is if you want to hack something rly good you must know assembly which again requires programming knowledge

thanks man, I'll appreciate it. yes, I've read and theoretically know about the entire reverse engineering approach

[xalcon]

packet sniffing and memory editing are 2 completly different things.

Packet sniffing just means to intercept a network stream to grab packets which are being send/received. Nothing else.

Memory editing generally means reading and writing to the virtual address space of a different process to gather information or modify its behavior. I.e. you can write to certain locations in the wow process to cause your toon to move to a certain location using the click-to-move (CTM) feature or hook a method so it runs your own code instead everytime it is called.

If you want to learn all this by using WoW as your game of choice, you will probably waste a lot of time and/or accounts just because of the recent changes to the anti cheat system (packing of the executable, anti debug, warden changes, etc). I suggest going with a different game that doesnt have any anti-cheat to begin with if you are so worried about wasting your time.

For me, the whole reverse engineering thing was never a waste of time. I've learned a lot that I could apply at my job. As it stands right now, I wont do anything related to WoW RE anytime soon - i'm really attached to my account

@Affenmann3000
This thread isnt really the right place for your question. Since your code is several months old, you probably didnt update your offsets after the 7.3.2 patch.

[Affenmann3000]

packet sniffing and memory editing are 2 completly different things.

Packet sniffing just means to intercept a network stream to grab packets which are being send/received. Nothing else.

Memory editing generally means reading and writing to the virtual address space of a different process to gather information or modify its behavior. I.e. you can write to certain locations in the wow process to cause your toon to move to a certain location using the click-to-move (CTM) feature or hook a method so it runs your own code instead everytime it is called.

If you want to learn all this by using WoW as your game of choice, you will probably waste a lot of time and/or accounts just because of the recent changes to the anti cheat system (packing of the executable, anti debug, warden changes, etc). I suggest going with a different game that doesnt have any anti-cheat to begin with if you are so worried about wasting your time.

For me, the whole reverse engineering thing was never a waste of time. I've learned a lot that I could apply at my job. As it stands right now, I wont do anything related to WoW RE anytime soon - i'm really attached to my account

@Affenmann3000
This thread isnt really the right place for your question. Since your code is several months old, you probably didnt update your offsets after the 7.3.2 patch.

I tried to update the Offsets with current one but it didn't worked. I am using blackmagic lib.
For example x coordinate.

Code:

float playerX = wow.readfloat(baseadress + objectmanagerOffset + xOffset)

Would it be correct this way?

[danwins]

I tried to update the Offsets with current one but it didn't worked. I am using blackmagic lib.
For example x coordinate.

Code:

float playerX = wow.readfloat(baseadress + objectmanagerOffset + xOffset)

Would it be correct this way?

The X coordinate is part of the player struct, which is pointed to by the object manager.

To read it, You need to traverse the object managers linked list to find the player object's pointer, then read the XYZ coords out of the player struct.

see here: https://www.ownedcore.com/forums/wor...ml#post3789680 ([7-3-0-25195] Finding GUID in ObjectList (Cheat Engine))

Here is a quick snippet that should return the current player pointer:

Code:

[StructLayout(LayoutKind.Sequential)]
struct WGUID
{
  public ulong m_high;
  public ulong m_low;
}

private uint playerBase()
{
  uint curMgr = Memory.Read<uint>(Memory.BaseAddress + 0x00FF31FC);

  WGUID ActivePlayer = Memory.Read<WGUID>(curMgr + 0xF8);

  uint firstObj = Memory.Read<uint>(curMgr + 0xC);
  uint nextObj = Memory.Read<uint>(curMgr + 0x4);

  uint curObj = firstObj;
  while (curObj != 0x0)
  {
    WGUID guid = Memory.Read<WGUID>(curObj + 0x30);

    if (guid.m_high == ActivePlayer.m_high && guid.m_low == ActivePlayer.m_low)
    {
      return curObj;
    }

    curObj = Memory.Read<uint>(curObj + nextObj + 0x4);
  }

  return 0;
}

[crunk001]

packet sniffing and memory editing are 2 completly different things.

Packet sniffing just means to intercept a network stream to grab packets which are being send/received. Nothing else.

Memory editing generally means reading and writing to the virtual address space of a different process to gather information or modify its behavior. I.e. you can write to certain locations in the wow process to cause your toon to move to a certain location using the click-to-move (CTM) feature or hook a method so it runs your own code instead everytime it is called.

If you want to learn all this by using WoW as your game of choice, you will probably waste a lot of time and/or accounts just because of the recent changes to the anti cheat system (packing of the executable, anti debug, warden changes, etc). I suggest going with a different game that doesnt have any anti-cheat to begin with if you are so worried about wasting your time.

For me, the whole reverse engineering thing was never a waste of time. I've learned a lot that I could apply at my job. As it stands right now, I wont do anything related to WoW RE anytime soon - i'm really attached to my account

@Affenmann3000
This thread isnt really the right place for your question. Since your code is several months old, you probably didnt update your offsets after the 7.3.2 patch.

thank you for sharing your experience and information! much appreciated

especially when you want to edit something, get something, but first have to dig through all the terms

[squiggy]

Cheat engine has a pretty good built in interactive tutorial which can help you get started.

[Affenmann3000]

The X coordinate is part of the player struct, which is pointed to by the object manager.

To read it, You need to traverse the object managers linked list to find the player object's pointer, then read the XYZ coords out of the player struct.

see here: https://www.ownedcore.com/forums/wor...ml#post3789680 ([7-3-0-25195] Finding GUID in ObjectList (Cheat Engine))

First thanks for your answer! Which library did you use in your Snippet for accessing the Memory?


EDIT: I just found it. It should be GreyMagic?