-
Contributor
Originally Posted by
Lvv
Thank you for your reply. I have some knowledge of lua, C + +, C#, Java. I have written some wow addons and some BOT programs, which can run normally at present, but I have no idea about wow memory editing. I can't get baseaddress correctly according to other tutorials.
So you written some "BOT programs" and you still don't know how to iterate over a processes modules, interesting.
-
Contributor
well if your internal in c++ you could simply do
Code:
uintptr_t base = reinterpret_cast<uintptr_t>(GetModuleHandle(nullptr));
-
Member
Thank you H3XC0R3 for publishing this info!
You are giving back to the community, so new folks like me have a place to start learning how to build our own (primitive) bots or routines. This is awesome and I salute you for it!
Can you share how you find these offsets ? For example, how do you figure out the offset for the object manager (ObjectMgr).
I tried to find it myself on WoW retail (8.3.0.33941), by finding the player stats structure (located by the HP value), and then trying to walk back the pointers. I got nowhere.
-
Member
Originally Posted by
CodeBytes
Here are some of the offsets I found:
Code:
Position: 0xE8 (vector 3)
Current Health: 0x1560 (int64)
Max Health: 0x1568 (int64)
CodeBytes, what tools and techniques do you use to figure out the offsets ? For example, how did you figure out that 0x1560 is the HP offset from the object struct ?
Using a debugger in general, I can find out too by doing something like this:
1. find the player HP address
2. attach the debugger
3. find out what read or writes to the address
4. inspect the assembler code and figure out the offset
I tried the above with WoW retail and Cheat Engine, I get an instant crash on point 2 above.
Last edited by Mudi; 04-13-2020 at 08:05 PM.
-
Originally Posted by
Mudi
Thank you H3XC0R3 for publishing this info!
You are giving back to the community, so new folks like me have a place to start learning how to build our own (primitive) bots or routines. This is awesome and I salute you for it!
Can you share how you find these offsets ? For example, how do you figure out the offset for the object manager (ObjectMgr).
I tried to find it myself on WoW retail (8.3.0.33941), by finding the player stats structure (located by the HP value), and then trying to walk back the pointers. I got nowhere.
Check out my post on how to dump wow and further down how to find offsets (read the whole thread).
https://www.ownedcore.com/forums/wor...ow-memory.html (How to Dump Wow from Memory....)
-
Post Thanks / Like - 1 Thanks
Mudi (1 members gave Thanks to counted for this useful post)
-
Member
Originally Posted by
Mudi
Thank you H3XC0R3 for publishing this info!
You are giving back to the community, so new folks like me have a place to start learning how to build our own (primitive) bots or routines. This is awesome and I salute you for it!
Can you share how you find these offsets ? For example, how do you figure out the offset for the object manager (ObjectMgr).
I tried to find it myself on WoW retail (8.3.0.33941), by finding the player stats structure (located by the HP value), and then trying to walk back the pointers. I got nowhere.
I have the same question as you
-
Member
Originally Posted by
Icesythe7
well if your internal in c++ you could simply do
Code:
uintptr_t base = reinterpret_cast<uintptr_t>(GetModuleHandle(nullptr));
Thank you for your guidance!
-
Member
Originally Posted by
ejt
So you written some "BOT programs" and you still don't know how to iterate over a processes modules, interesting.
Yes, my BOT is based on get pixels and does not about memory
-
Member
Originally Posted by
Lvv
Yes, my BOT is based on get pixels and does not about memory
With C#, you use the Process class, then something like this:
process.MainModule.BaseAddress
From C++, you can use the CreateToolhelp32Snapshot, Module32FirstW and Module32NextW functions (find them on Technical documentation, API, and code examples | Microsoft Docs).
-
Member
Originally Posted by
Mudi
thanks ! i've got it. you're very nice~
-
Member
Originally Posted by Mudi
CodeBytes, what tools and techniques do you use to figure out the offsets ? For example, how did you figure out that 0x1560 is the HP offset from the object struct ?
Using a debugger in general, I can find out too by doing something like this:
1. find the player HP address
2. attach the debugger
3. find out what read or writes to the address
4. inspect the assembler code and figure out the offset
I tried the above with WoW retail and Cheat Engine, I get an instant crash on point 2 above.
I have not yet been able to attach a debugger either; however, you don't need the debugger. My methodology is not overly complex. I poke around with IDA until I find something interesting, then I plug in the relevant addresses and offsets into CE and observe. CE's dissector is an invaluable tool. Also, ReClass.NET is another good tool. From there, I verify my findings. The old fashioned--and least technical--way still works, mind you. That is, note your HP when it's full and scan for that; get hit and scan for decreased value; etc until you narrow down the addresses. Then compare your health address to the pointer to the unit getting hit--in CE's dissector, or in ReClass.NET--and you can find the offset from there.
Complexity is irrelevant. Having the ability to find what you're looking for is all that matters.
-
Post Thanks / Like - 1 Thanks
Mudi (1 members gave Thanks to CodeBytes for this useful post)
-
Member
Originally Posted by
counted
Can you give me some suggestions?
-
Member
Originally Posted by
H3XC0R3
Hi guys, new here will post more stuff as i discover more stuff, i am trying to figure how the object structures works, if anyone can share the object structure ( i dont need offset just to know like Obj -> Unit -> Player and things like that )
Here is what i use:
EDIT: Fixed GetUnitNameExposed
Code:
//WoW Lua
inline uintptr_t InvalidFunctionPtr = 0x296B200;//GetTextEnd
inline uintptr_t FrameScript_RegisterFunction = 0x51AA40;
inline uintptr_t FrameScript_Execute = 0x519A70;
inline uintptr_t FrameScript_GetText = 0x51D8F0;
//Lua
inline uintptr_t lua_gettop = 0x1DB700;
inline uintptr_t lua_isnumber = 0x1DB9B0;
inline uintptr_t lua_tonumber = 0x1DCCB0;
inline uintptr_t lua_pushnumber = 0x1DBFA0;
inline uintptr_t lua_pushinteger = 0x1DBEB0;
inline uintptr_t lua_pushstring = 0x1DBFC0;
inline uintptr_t lua_isstring = 0x1DB9E0;
inline uintptr_t lua_tolstring = 0x1DCC10;
inline uintptr_t lua_pushboolean = 0x1DBD10;
inline uintptr_t lua_createtable = 0x1DB000;
inline uintptr_t lua_rawseti = 0x1DC3E0;
inline uintptr_t lua_pcall = 0x1DBC80;
inline uintptr_t lua_settop = 0x1DC950;
inline uintptr_t luaL_error = 0x19B9F00;
inline uintptr_t lua_state = 0x29428A8;
inline uintptr_t lua_getfield = 0x1DB5E0;
//Game:
inline uintptr_t GameVersion = 0x21A31BC;
inline uintptr_t GetBaseFromToken = 0x16842E0;
inline uintptr_t InGame = 0x2A73ADC;
inline uintptr_t TerrainClick = 0xD99F80;
inline uintptr_t CameraBase = 0x2A74A88;
inline uintptr_t CorpseBase = 0x27CBDA8;
inline uintptr_t ObjectMgr = 0x29DBED0;
inline uintptr_t CGGameObject_C__GetName = 0xE14AC0;
inline uintptr_t CGUnit_C__GetUnitNameExposed = 0xD7B960;
inline uintptr_t CGUnit_C__CanAttack = 0xD62350;
inline uintptr_t Script_GetGUIDFromToken = 0x1682F60;
inline uintptr_t CGGameUI__OnSpriteRightClick = 0x11900B0; //bool(__fastcall*)(ObjectGuid*) <--- This is what LUA uses to interact with Unit/Object
inline uintptr_t CGGameUI__ClosestObjectMatch = 0x117D920;
inline uintptr_t CGGameUI__m_currentObjectTrack = 0x2A73AE0;//(Mouse over object)
//GameObject:
inline uintptr_t Type = 0x0010;
inline uintptr_t Guid = 0x0040;
inline uintptr_t ObjectPosition = 0x00C8;
inline uintptr_t UnitPosition = 0x0110;
inline uintptr_t fAngle = 0x0120;
inline uintptr_t CastSpellID = 0x04F0;//Found inside UnitChannelInfo
inline uintptr_t CastSpellStartTimeMS = 0x04F8;
inline uintptr_t CastSpellEndTimeMS = 0x04FC;
inline uintptr_t UnitRace = 0x157C;
inline uintptr_t UnitClass = 0x157D;
inline uintptr_t CurrentHP = 0x1588;
inline uintptr_t MaxHP = 0x1590;
inline uintptr_t CurrentMana = 0x1788;
inline uintptr_t MaxMana = 0x17A0;
inline uintptr_t Strength = 0x1808;
inline uintptr_t Agility = 0x180C;
inline uintptr_t Stamina = 0x1810;
inline uintptr_t Intellect = 0x1814;
inline uintptr_t Spirit = 0x1818;
inline uintptr_t BaseArmor = 0x1838;
inline uintptr_t NegBuffArmor = 0x1854;
inline uintptr_t Money = 0x3DD8;
inline uintptr_t CurrentXP = 0x3DE0;
inline uintptr_t MaxXP = 0x3DE4;
hi, can you tell me how did you find the offsets of GameObject, like UnitRace UnitClass and any others? The way I try to find UnitLevel is to get all the data of CurMgr 0x8 and then match and verify with the current account level I am logged in, then founded it in 0x1598 .I think it is not efficient
Last edited by Lvv; 05-08-2020 at 08:09 PM.