[Retail] 8.3.0 (33775) Info Dump menu

User Tag List

Page 2 of 2 FirstFirst 12
Results 16 to 28 of 28
  1. #16
    ejt's Avatar Contributor
    Reputation
    209
    Join Date
    Mar 2008
    Posts
    166
    Thanks G/R
    3/111
    Trade Feedback
    0 (0%)
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Lvv View Post
    Thank you for your reply. I have some knowledge of lua, C + +, C#, Java. I have written some wow addons and some BOT programs, which can run normally at present, but I have no idea about wow memory editing. I can't get baseaddress correctly according to other tutorials.
    So you written some "BOT programs" and you still don't know how to iterate over a processes modules, interesting.

    [Retail] 8.3.0 (33775) Info Dump
  2. #17
    Icesythe7's Avatar Contributor
    Reputation
    230
    Join Date
    Feb 2017
    Posts
    168
    Thanks G/R
    10/111
    Trade Feedback
    0 (0%)
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    well if your internal in c++ you could simply do
    Code:
    uintptr_t base = reinterpret_cast<uintptr_t>(GetModuleHandle(nullptr));

  3. #18
    Mudi's Avatar Member
    Reputation
    1
    Join Date
    Apr 2020
    Posts
    6
    Thanks G/R
    4/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thank you H3XC0R3 for publishing this info!
    You are giving back to the community, so new folks like me have a place to start learning how to build our own (primitive) bots or routines. This is awesome and I salute you for it!

    Can you share how you find these offsets ? For example, how do you figure out the offset for the object manager (ObjectMgr).

    I tried to find it myself on WoW retail (8.3.0.33941), by finding the player stats structure (located by the HP value), and then trying to walk back the pointers. I got nowhere.

  4. #19
    Mudi's Avatar Member
    Reputation
    1
    Join Date
    Apr 2020
    Posts
    6
    Thanks G/R
    4/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by CodeBytes View Post
    Here are some of the offsets I found:

    Code:
        Position:       0xE8   (vector 3)
        Current Health: 0x1560 (int64)
        Max Health:     0x1568 (int64)
    CodeBytes, what tools and techniques do you use to figure out the offsets ? For example, how did you figure out that 0x1560 is the HP offset from the object struct ?
    Using a debugger in general, I can find out too by doing something like this:
    1. find the player HP address
    2. attach the debugger
    3. find out what read or writes to the address
    4. inspect the assembler code and figure out the offset

    I tried the above with WoW retail and Cheat Engine, I get an instant crash on point 2 above.
    Last edited by Mudi; 04-13-2020 at 08:05 PM.

  5. #20
    counted's Avatar Contributor Authenticator enabled
    Reputation
    203
    Join Date
    Mar 2008
    Posts
    183
    Thanks G/R
    11/108
    Trade Feedback
    0 (0%)
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Mudi View Post
    Thank you H3XC0R3 for publishing this info!
    You are giving back to the community, so new folks like me have a place to start learning how to build our own (primitive) bots or routines. This is awesome and I salute you for it!

    Can you share how you find these offsets ? For example, how do you figure out the offset for the object manager (ObjectMgr).

    I tried to find it myself on WoW retail (8.3.0.33941), by finding the player stats structure (located by the HP value), and then trying to walk back the pointers. I got nowhere.

    Check out my post on how to dump wow and further down how to find offsets (read the whole thread).

    https://www.ownedcore.com/forums/wor...ow-memory.html (How to Dump Wow from Memory....)

  6. Thanks Mudi (1 members gave Thanks to counted for this useful post)
  7. #21
    Lvv's Avatar Member
    Reputation
    1
    Join Date
    Feb 2020
    Posts
    35
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Mudi View Post
    Thank you H3XC0R3 for publishing this info!
    You are giving back to the community, so new folks like me have a place to start learning how to build our own (primitive) bots or routines. This is awesome and I salute you for it!

    Can you share how you find these offsets ? For example, how do you figure out the offset for the object manager (ObjectMgr).

    I tried to find it myself on WoW retail (8.3.0.33941), by finding the player stats structure (located by the HP value), and then trying to walk back the pointers. I got nowhere.
    I have the same question as you

  8. #22
    Lvv's Avatar Member
    Reputation
    1
    Join Date
    Feb 2020
    Posts
    35
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Icesythe7 View Post
    well if your internal in c++ you could simply do
    Code:
    uintptr_t base = reinterpret_cast<uintptr_t>(GetModuleHandle(nullptr));
    Thank you for your guidance!

  9. #23
    Lvv's Avatar Member
    Reputation
    1
    Join Date
    Feb 2020
    Posts
    35
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by ejt View Post
    So you written some "BOT programs" and you still don't know how to iterate over a processes modules, interesting.
    Yes, my BOT is based on get pixels and does not about memory

  10. #24
    Mudi's Avatar Member
    Reputation
    1
    Join Date
    Apr 2020
    Posts
    6
    Thanks G/R
    4/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Lvv View Post
    Yes, my BOT is based on get pixels and does not about memory
    With C#, you use the Process class, then something like this:
    process.MainModule.BaseAddress

    From C++, you can use the CreateToolhelp32Snapshot, Module32FirstW and Module32NextW functions (find them on Technical documentation, API, and code examples | Microsoft Docs).

  11. #25
    Lvv's Avatar Member
    Reputation
    1
    Join Date
    Feb 2020
    Posts
    35
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Mudi View Post
    With C#, you use the Process class, then something like this:
    process.MainModule.BaseAddress

    From C++, you can use the CreateToolhelp32Snapshot, Module32FirstW and Module32NextW functions (find them on Technical documentation, API, and code examples | Microsoft Docs).
    thanks ! i've got it. you're very nice~

  12. #26
    CodeBytes's Avatar Member
    Reputation
    14
    Join Date
    Feb 2020
    Posts
    39
    Thanks G/R
    7/7
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Mudi
    CodeBytes, what tools and techniques do you use to figure out the offsets ? For example, how did you figure out that 0x1560 is the HP offset from the object struct ?
    Using a debugger in general, I can find out too by doing something like this:
    1. find the player HP address
    2. attach the debugger
    3. find out what read or writes to the address
    4. inspect the assembler code and figure out the offset

    I tried the above with WoW retail and Cheat Engine, I get an instant crash on point 2 above.
    I have not yet been able to attach a debugger either; however, you don't need the debugger. My methodology is not overly complex. I poke around with IDA until I find something interesting, then I plug in the relevant addresses and offsets into CE and observe. CE's dissector is an invaluable tool. Also, ReClass.NET is another good tool. From there, I verify my findings. The old fashioned--and least technical--way still works, mind you. That is, note your HP when it's full and scan for that; get hit and scan for decreased value; etc until you narrow down the addresses. Then compare your health address to the pointer to the unit getting hit--in CE's dissector, or in ReClass.NET--and you can find the offset from there.

    Complexity is irrelevant. Having the ability to find what you're looking for is all that matters.

  13. Thanks Mudi (1 members gave Thanks to CodeBytes for this useful post)
  14. #27
    Lvv's Avatar Member
    Reputation
    1
    Join Date
    Feb 2020
    Posts
    35
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by counted View Post
    Check out my post on the object manager. It will give you the base address for all objects.

    https://www.ownedcore.com/forums/wor...t-manager.html (8.2.5.32028 Object Manager)
    Can you give me some suggestions?

  15. #28
    Lvv's Avatar Member
    Reputation
    1
    Join Date
    Feb 2020
    Posts
    35
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by H3XC0R3 View Post
    Hi guys, new here will post more stuff as i discover more stuff, i am trying to figure how the object structures works, if anyone can share the object structure ( i dont need offset just to know like Obj -> Unit -> Player and things like that )

    Here is what i use:

    EDIT: Fixed GetUnitNameExposed

    Code:
    	//WoW Lua
    	inline uintptr_t InvalidFunctionPtr = 0x296B200;//GetTextEnd
    	inline uintptr_t FrameScript_RegisterFunction = 0x51AA40;
    	inline uintptr_t FrameScript_Execute = 0x519A70;
    	inline uintptr_t FrameScript_GetText = 0x51D8F0;
    	//Lua
    	inline uintptr_t lua_gettop = 0x1DB700;
    	inline uintptr_t lua_isnumber = 0x1DB9B0;
    	inline uintptr_t lua_tonumber = 0x1DCCB0;
    	inline uintptr_t lua_pushnumber = 0x1DBFA0;
    	inline uintptr_t lua_pushinteger = 0x1DBEB0;
    	inline uintptr_t lua_pushstring = 0x1DBFC0;
    	inline uintptr_t lua_isstring = 0x1DB9E0;
    	inline uintptr_t lua_tolstring = 0x1DCC10;
    	inline uintptr_t lua_pushboolean = 0x1DBD10;
    	inline uintptr_t lua_createtable = 0x1DB000;
    	inline uintptr_t lua_rawseti = 0x1DC3E0;
    	inline uintptr_t lua_pcall = 0x1DBC80;
    	inline uintptr_t lua_settop = 0x1DC950;
    	inline uintptr_t luaL_error = 0x19B9F00;
    	inline uintptr_t lua_state = 0x29428A8;
    	inline uintptr_t lua_getfield = 0x1DB5E0;
    
    	//Game:
    	inline uintptr_t GameVersion = 0x21A31BC;
    	inline uintptr_t GetBaseFromToken = 0x16842E0;
    	inline uintptr_t InGame = 0x2A73ADC;
    
    	inline uintptr_t TerrainClick = 0xD99F80;
    	inline uintptr_t CameraBase = 0x2A74A88;
    	inline uintptr_t CorpseBase = 0x27CBDA8;
    	inline uintptr_t ObjectMgr = 0x29DBED0;
    	inline uintptr_t CGGameObject_C__GetName = 0xE14AC0;
    	inline uintptr_t CGUnit_C__GetUnitNameExposed = 0xD7B960;
    	inline uintptr_t CGUnit_C__CanAttack = 0xD62350;
    	inline uintptr_t Script_GetGUIDFromToken = 0x1682F60;
    	inline uintptr_t CGGameUI__OnSpriteRightClick = 0x11900B0; //bool(__fastcall*)(ObjectGuid*) <--- This is what LUA uses to interact with Unit/Object
    	inline uintptr_t CGGameUI__ClosestObjectMatch = 0x117D920;
    	inline uintptr_t CGGameUI__m_currentObjectTrack = 0x2A73AE0;//(Mouse over object)
    
    
    		//GameObject:
    		inline uintptr_t Type = 0x0010;
    		inline uintptr_t Guid = 0x0040;
    		inline uintptr_t ObjectPosition = 0x00C8;
    		inline uintptr_t UnitPosition = 0x0110;
    		inline uintptr_t fAngle = 0x0120;
    
    		inline uintptr_t CastSpellID = 0x04F0;//Found inside UnitChannelInfo
    		inline uintptr_t CastSpellStartTimeMS = 0x04F8;
    		inline uintptr_t CastSpellEndTimeMS = 0x04FC;
    
    		inline uintptr_t UnitRace = 0x157C;
    		inline uintptr_t UnitClass = 0x157D;
    		inline uintptr_t CurrentHP = 0x1588;
    		inline uintptr_t MaxHP = 0x1590;
    		inline uintptr_t CurrentMana = 0x1788;
    		inline uintptr_t MaxMana = 0x17A0;
    		inline uintptr_t Strength = 0x1808;
    		inline uintptr_t Agility = 0x180C;
    		inline uintptr_t Stamina = 0x1810;
    		inline uintptr_t Intellect = 0x1814;
    		inline uintptr_t Spirit = 0x1818;
    		inline uintptr_t BaseArmor = 0x1838;
    		inline uintptr_t NegBuffArmor = 0x1854;
    		inline uintptr_t Money = 0x3DD8;
    		inline uintptr_t CurrentXP = 0x3DE0;
    		inline uintptr_t MaxXP = 0x3DE4;
    hi, can you tell me how did you find the offsets of GameObject, like UnitRace UnitClass and any others? The way I try to find UnitLevel is to get all the data of CurMgr 0x8 and then match and verify with the current account level I am logged in, then founded it in 0x1598 .I think it is not efficient
    Last edited by Lvv; 05-08-2020 at 08:09 PM.

Page 2 of 2 FirstFirst 12

Similar Threads

  1. [Diablo 3][[1.0.3.10485] Retail Patch - Info Dump Thread
    By psior in forum Diablo 3 Memory Editing
    Replies: 9
    Last Post: 08-20-2012, 05:12 AM
  2. [Diablo 3][[1.0.3.10235] Retail Patch - Info Dump Thread
    By RamirezX in forum Diablo 3 Memory Editing
    Replies: 6
    Last Post: 07-06-2012, 08:12 AM
  3. [Diablo 3][[1.0.3.10057] Retail Patch - Info Dump Thread
    By RamirezX in forum Diablo 3 Memory Editing
    Replies: 21
    Last Post: 06-25-2012, 05:01 PM
  4. [Diablo 3][[1.0.2.9749] Retail Patch 2 - Info Dump Thread
    By st0724 in forum Diablo 3 Memory Editing
    Replies: 36
    Last Post: 06-24-2012, 06:36 AM
  5. [Diablo 3][[1.0.1.9558] Retail Patch 1 - Info Dump Thread
    By KOS0937 in forum Diablo 3 Memory Editing
    Replies: 5
    Last Post: 05-19-2012, 10:26 AM
All times are GMT -5. The time now is 07:29 AM. Powered by vBulletin® Version 4.2.3
Copyright © 2024 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2024 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search