Get Player Base NO TLS + Delphi code [2.3.3]

[Xarg0]

@Robokit thanks for sharing this information, I'll now be able to find this STatic adress every new patch (if it still exists ^^)
@Bikeraman
You can use the memoryreader programm from the wowsharp project, it's free to use and realy easy to understand, if you want to use it in your prog you just have to change it's namespace include it in you project and create a new instance of the memoryreader class, it has a lot of functions that'll make memory reading and writing a lot easier.

[radegast]

I think so .. i looked at wow.exe in OllyDbg for Referenced tex strings .. and there was string :ASCII "e:\\BuildServer\\bs1\\work\\WoW-code\\branches\\wow-patch-2_3_3-branch\\WoW\\Source\\Object/ObjectClient/Player_C.h"
with no many appearance.

Just look for it and you can find some places with static adress and one of them is 0x0E60BB8.

The code looks like

Code:

007DBCA0  /$  A1 E80BE600   MOV     EAX, DWORD PTR DS:[E60BE8]
007DBCA5  |.  8308 04       OR      DWORD PTR DS:[EAX], 4
007DBCA8  |.  E8 A3F3C8FF   CALL    WoW.0046B050
007DBCAD  |.  68 91000000   PUSH    91
007DBCB2  |.  68 80C88700   PUSH    WoW.0087C880                     ;  ASCII "e:BuildServerbs1workWoW-codebrancheswow-patch-2_3_3-branchWoWSourceObject/ObjectClient/Player_C.h"
007DBCB7  |.  6A 10         PUSH    10
007DBCB9  |.  52            PUSH    EDX
007DBCBA  |.  50            PUSH    EAX
007DBCBB  |.  E8 900CC9FF   CALL    WoW.0046C950
007DBCC0  |.  A3 B80BE600   MOV     DWORD PTR DS:[E60BB8], EAX
007DBCC5  |.  E8 76EBFFFF   CALL    WoW.007DA840
007DBCCA  |.  A1 7C2CBB00   MOV     EAX, DWORD PTR DS:[BB2C7C]
007DBCCF  |.  50            PUSH    EAX
007DBCD0  |.  E8 CBEBFFFF   CALL    WoW.007DA8A0
007DBCD5  |.  E8 96EBFFFF   CALL    WoW.007DA870
007DBCDA  |.  6A 02         PUSH    2                                ; |Arg1 = 00000002
007DBCDC  |.  E8 8FF3FFFF   CALL    WoW.007DB070                     ; WoW.007DB070
007DBCE1  |.  83C4 1C       ADD     ESP, 1C
007DBCE4  .  C3            RETN

Just stay tuned to Player_C.h ...

[robotkid]

I think so .. i looked at wow.exe in OllyDbg for Referenced tex strings .. and there was string :ASCII "e:BuildServerbs1workWoW-codebrancheswow-patch-2_3_3-branchWoWSourceObject/ObjectClient/Player_C.h"
with no many appearance.

Just look for it and you can find some places with static adress and one of them is 0x0E60BB8.

The code looks like

Code:

007DBCA0  /$  A1 E80BE600   MOV     EAX, DWORD PTR DS:[E60BE8]
007DBCA5  |.  8308 04       OR      DWORD PTR DS:[EAX], 4
007DBCA8  |.  E8 A3F3C8FF   CALL    WoW.0046B050
007DBCAD  |.  68 91000000   PUSH    91
007DBCB2  |.  68 80C88700   PUSH    WoW.0087C880                     ;  ASCII "e:BuildServerbs1workWoW-codebrancheswow-patch-2_3_3-branchWoWSourceObject/ObjectClient/Player_C.h"
007DBCB7  |.  6A 10         PUSH    10
007DBCB9  |.  52            PUSH    EDX
007DBCBA  |.  50            PUSH    EAX
007DBCBB  |.  E8 900CC9FF   CALL    WoW.0046C950
007DBCC0  |.  A3 B80BE600   MOV     DWORD PTR DS:[E60BB8], EAX
007DBCC5  |.  E8 76EBFFFF   CALL    WoW.007DA840
007DBCCA  |.  A1 7C2CBB00   MOV     EAX, DWORD PTR DS:[BB2C7C]
007DBCCF  |.  50            PUSH    EAX
007DBCD0  |.  E8 CBEBFFFF   CALL    WoW.007DA8A0
007DBCD5  |.  E8 96EBFFFF   CALL    WoW.007DA870
007DBCDA  |.  6A 02         PUSH    2                                ; |Arg1 = 00000002
007DBCDC  |.  E8 8FF3FFFF   CALL    WoW.007DB070                     ; WoW.007DB070
007DBCE1  |.  83C4 1C       ADD     ESP, 1C
007DBCE4  .  C3            RETN

Just stay tuned to Player_C.h ...

Yes i can confirm that..stay tuned there for it may be usefull for future revs
if my way wont work. Dont assume this code to be excactly like this but it
should look like this at least so with some experiments you may get the
pointer this way again. +Rep for not leeching

[mrnipply]

Im just getting into programing and have no clue how to hack the program like ur teaching. Can u explain to me how i should run this to change my health or anything else?
Thanks,
Noob Programer

[radegast]

Im just getting into programing and have no clue how to hack the program like ur teaching. Can u explain to me how i should run this to change my health or anything else?
Thanks,
Noob Programer

Try this first: crackmes.de Reverse-engineering
LeARN TO CrACk Learn about reversing on simple file, increase your skill step-by-step, and then you can understand, how it works ... no chance to understand the whole problems at once.

[=sinister=]

I'm trying to see if you see your raid group in the mini map in WSG, or is it alliance, because if it is alliance, then we could find the value for it n have a track alliance value too.

[waltobc6]

ty dude its helped me alot

[Cypher]

Interesting find but the pointer you have is not the player base, it must be something else (GUID is definately not that far down in the struct :P).

Anyway, I prefer using TLS because it allows me to enumerate all the objects in WoW's object manager which is a big plus.

[fry010]

This is great, very usefull... im adding into my hack now +rep

[craby987]

Well, I just started to learn C#, and I wanted to know if anyone knew how to put memory actions into it, so if you pressed a button, or clicked a check box, it would turn on fly mode.

If you have Microsoft Visual C# then you can goto new project and under the "Project types:" to the left and select CLR. After selecting that you will see in the templates window to the right you will see "Windows Forms Application". Select that , name it and hit ok! The only problem (I think its a problem) is that is makes your PE run off the CLR which stands for Common Language Runtime (sorry if you know all this :/) and it uses Microsoft's .NET 2.0 (old) and 3.0 (new) framework. This means that means no more cross-platform code and anyone who does not have the framework will NOT be able to run your executable :yuck:.

[Lucani]

Thanks! It was very useful for me

[KOS0937]

Code:

[Pascal Hint] PCex.pas(380): H2077 Value assigned to 'iCount' never used
[Pascal Hint] PCex.pas(371): H2077 Value assigned to 'iCount' never used
[Pascal Hint] PCex.pas(400): H2077 Value assigned to 'NTSetPrivilege' never used
[Pascal Hint] uMain.pas(38): H2077 Value assigned to 'GetPlayerBase' never used
[Pascal Warning] uMain.pas(59): W1020 Constructing instance of 'TStrings' containing abstract method 'TStrings.Get'
[Pascal Warning] uMain.pas(59): W1020 Constructing instance of 'TStrings' containing abstract method 'TStrings.GetCount'
[Pascal Warning] uMain.pas(59): W1020 Constructing instance of 'TStrings' containing abstract method 'TStrings.Clear'
[Pascal Warning] uMain.pas(59): W1020 Constructing instance of 'TStrings' containing abstract method 'TStrings.Delete'
[Pascal Warning] uMain.pas(59): W1020 Constructing instance of 'TStrings' containing abstract method 'TStrings.Insert'
[Pascal Hint] uMain.pas(59): H2077 Value assigned to 'wowlist' never used

Thanks anyways for the share =) Nice to know this easy way