Looking to get into making bots/hacks in C# menu

User Tag List

Results 1 to 8 of 8
  1. #1
    developerer's Avatar Member
    Reputation
    1
    Join Date
    May 2023
    Posts
    14
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Looking to get into making bots/hacks in C#

    Hello,
    Got about 5 years exp as a web dev, but always been into troublemaking and games. Stumbled upon a pixel bot on this very forum a couple of days ago and decided to make my own.
    After grinding hard for 2 days, I finally have a somewhat crude working "bot" and decided that pixel reading no longer tickles my pickle so it's time to get into memory editing.
    Saw a bunch of tutorials on the forum, but I see most of them refer to "Blackmagic". Links no longer seem to be working, couldn't really find anything on the web except that it's for .net 3.5.
    Saw some dude here released MemorySharp lib, tried with the examples on the website - can't really get it off the ground when it comes to opening the WOW process and can't really find much info.
    Anybody got a download link for blackmagic?
    Or maybe some wow specific tutorial with MemorySharp? Anything really to get me started.
    Already managed to find some values using CheatEngine, but can't really do anything with them if I'm not able to edit them.
    Excuse me for the retarded questions, I'm a React dev so I've lost my ability to use my brain very well.
    Regards

    Looking to get into making bots/hacks in C#
  2. #2
    tayl's Avatar Member
    Reputation
    6
    Join Date
    Aug 2020
    Posts
    17
    Thanks G/R
    3/5
    Trade Feedback
    2 (100%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    First of all read how object manager works, there's plenty of explanations on this forum. Then just use winapi WPM/RPM, u can easily use any winapi function in C#, just google *nameoffunction* C# and you'll get link to Pinvoke with copypaste ready declarations, but my advice wiil be to just skip this step entirely and go straight to injecting, it will save a lot of time if you'll need something like quest state or aoe casts, its kinda easy and there's many guides on how to do it on this forum and unkowncheats. And if you choose the injection path, i think that its better to use C++ for injected dll, its kinda similar to C#, only things that you'll need to learn is pointers and dealing with utterly awful string shit, but you will need to have good understending of pointers anyway. You can inject C# but IMO it's not worth it, learning C++ will probably take less time, plus its good expirience.
    Last edited by tayl; 05-31-2023 at 07:06 AM.

  3. #3
    air999's Avatar Contributor
    Reputation
    131
    Join Date
    Nov 2014
    Posts
    102
    Thanks G/R
    9/62
    Trade Feedback
    0 (0%)
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    BlackMagic and MemorySharp is just library wrappers for Windows API. You do not need them at all. You can Open process, RPM, WPM it. It's enough for basic bot fiunctions.
    To do more advanced hacking you need to learn how to inject your code into process and evade theirs protection.

  4. Thanks hackerlol (1 members gave Thanks to air999 for this useful post)
  5. #4
    developerer's Avatar Member
    Reputation
    1
    Join Date
    May 2023
    Posts
    14
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by air999 View Post
    BlackMagic and MemorySharp is just library wrappers for Windows API. You do not need them at all. You can Open process, RPM, WPM it. It's enough for basic bot fiunctions.
    To do more advanced hacking you need to learn how to inject your code into process and evade theirs protection.
    We will get to that in due time
    So far, been reading and trying all day. Managed to find the player object in cheat engine with all the stats like hp, mana etc., however the address is dynamic.
    Watched this video: https://www.youtube.com/watch?v=YaFlh2pIKAg - everything was going well until I couldn't find the static pointer.
    According to the 3.3.5 dump, 0x00CD87A8 this is the static pointer to the player object.
    In another thread I saw a guy say that this is the base pointer: [[[0xcd87a8]+0x22]+0x18]
    And after that he gave a link to a pastebin, where the player base is:
    uint objBaseAddress = blackMagic.ReadUInt(blackMagic.ReadUInt(blackMagic.ReadUInt(0xCD87A + 0x34) + 0x24);

    In my code I tried the following:

    1) ReadProcessMemory((int)processHandle, 0x00CD87A8 + 0x22 + 0x18 + 0xFB0, buffer, buffer.Length, ref bytesRead); //supposedly this is the "player base" + the offset for health - 0xFB0
    It doesn't give me my HP.
    2) ReadProcessMemory((int)processHandle, 0x00CD87A8 + 0x34 + 0x24 + 0xFB0, buffer, buffer.Length, ref bytesRead); //with the "player base" from the pastebin link + the offset for health - 0xFB0
    Doesn't work either
    3) ReadProcessMemory((int)processHandle, 0x00CD87A8 + 0xFB0, buffer, buffer.Length, ref bytesRead); // same thing

    None of those worked. I can read the dynamic address no problem, but for some reason, either I'm retarded or idk, can't put 2 and 2 together.
    Where am I doing wrong?

    Code: namespace memorybot{ using System.Diagnostics; using System.Runtime. - Pastebin.com

  6. #5
    Cush's Avatar Elite User
    Reputation
    501
    Join Date
    May 2006
    Posts
    526
    Thanks G/R
    1/16
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Here's an absolute basic bitch copy paste C# example of how to open a handle to the game then use readprocessmemory (Without any external libraries) with 2 examples - One getting a value that is stored dynamically so we need to go through a pointer first, and the other that is just in a static address.

    In vanilla private server with info taken from the WoW 1.12.1 dump thread, don't do on retail (+ the addresses won't work anyway)

    This needs to be run as admin or you'll get access denied - Run VS as admin if using debugging.

    Code:
    using System.Buffers;
    using System.Diagnostics;
    using System.Runtime.InteropServices;
    using System.Text;
    
    namespace WoWExample
    {
        internal class Program
        {
            static bool attached = false;
            static IntPtr wowHandle;
            static IntPtr baseAddr;
            static Process wowProcess;
            const int PROCESS_ALL_ACCESS = 0x001fffff;
    
            [DllImport("kernel32.dll")]
            public static extern IntPtr OpenProcess(int dwDesiredAccess, bool bInheritHandle, int dwProcessId);
    
    
            [DllImport("kernel32.dll", SetLastError = true)]
            public static extern bool ReadProcessMemory(
                IntPtr hProcess,
                IntPtr lpBaseAddress,
                [Out] byte[] lpBuffer,
                int dwSize,
                out IntPtr lpNumberOfBytesRead);
    
    
            public static byte[] ReadMemory(IntPtr handle, IntPtr address, int size)
            {
    
                byte[] dataBuffer = new byte[size];
                ReadProcessMemory(handle, address, dataBuffer, dataBuffer.Length, out IntPtr bytesRead);
    
                if (bytesRead.ToInt32() != size)
                    return null;
                return dataBuffer;
            }
    
            static void Main(string[] args)
            {
                Console.WriteLine("Looking for WoW.exe");
                while (!attached)
                {
                    Process[] processes = Process.GetProcessesByName("WoW");
                    if (processes.Count() > 0)
                    {
                        wowProcess = processes.FirstOrDefault();
                        wowHandle = OpenProcess(PROCESS_ALL_ACCESS, false, wowProcess.Id);
                        baseAddr = wowProcess.MainModule.BaseAddress;
    
                        Console.WriteLine($"Found WoW.exe - {wowHandle} - Base Address = {baseAddr}");
                        attached = true;
                        OnSuccessfulAttach();
                    }
                }
            }
    
            static void OnSuccessfulAttach()
            {
                // 0x00837C04 - Address containing game version
                // 0x00B4B404 - Pointer to address containing current zone
    
                // Read the 6 char value stored at 0x00837C04 and convert it to a string
                IntPtr gameVersionPointer = 0x00837C04;
                string gameVersionText = Encoding.Default.GetString(ReadMemory(wowHandle, gameVersionPointer, 6));
    
                // Read the address contained within the pointer, which we know always contains at the text of the current zone - 0x00B4B404
                IntPtr zonePointer = (IntPtr)BitConverter.ToInt32(ReadMemory(wowHandle, 0x00B4B404, 4), 0);
    
                // Now that we have the address of the current zone text from the above, read the value of it.
                string zoneText = Encoding.Default.GetString(ReadMemory(wowHandle, zonePointer, 16));
    
                Console.WriteLine("Current game version: {0}", gameVersionText);
                Console.WriteLine("Current zone: {0}", zoneText);
                Console.ReadLine();
    
            }
        }
    }
    Output, when run while logged into a character (Ignore the 1.16.5 - The actual client version is 1.12.1 but this value has been modified for the private server)



    This should at least give a basic understanding of the process. If you struggle with this level, I would highly recommend doing some further online learning as you have a long way to go to being able to make a bot.

    If you don't understand memory addressing/pointers/offsets, this is quite a useful tutorial in Cheat Engine: Offset tutorial

    There are also troves of information on Github and these forums if you search. e.g. searching "Wow 1.12.1 hack" or "Wow 1.12.1 bot" on Github nets you some results, and you can also peek at how they are structuring their offsets and classes.

    I would also recommend DrewSkell's very in-depth blog on building a WoW bot from start to finish, it is extremely informative on the whole process: https://drewkestell.us/Article/6/Chapter/1

    I just want to emphasis that the above example is about as basic as you get but hopefully it helps - There are a million ways to skin a cat and this is not the method that any popular hacks or bots will be using. Most bots/hacks inject into the WoW process so they can execute lua functions in-game directly from code so it becomes incredibly easy to perform in-game actions like casting spells.

    WriteProcessMemory has a very similar implementation, so with a touch of Googling you could add to the above code to let you write to memory addresses as well.

    Finally, when you are looking for your local player's data, the general method used is to find WoW's 'Object Manager' which the pointers for are publicly available, which is a list of game objects. Iterate over it (Again, offsets/addresses are publicly available for this, as well as code in plenty of places), then compare the GUID value of each object to the GUID value stored in a static address for the local player. Once you find the match, then you have the memory location of your player and can use all of the public available offsets to read player data relative to that base address of your player.

    Once you have a decent understanding of memory addressing I'd start looking for examples of how open source hacks/bots inject code into the process and run from there.
    Last edited by Cush; 05-31-2023 at 06:22 PM.

  7. Thanks hackerlol (1 members gave Thanks to Cush for this useful post)
  8. #6
    developerer's Avatar Member
    Reputation
    1
    Join Date
    May 2023
    Posts
    14
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for the response bro.
    I have some questions:
    1) In the snippet you provided, you say
    // Read the 6 char value stored at 0x00837C04 and convert it to a string
    IntPtr gameVersionPointer = 0x00837C04;
    string gameVersionText = Encoding.Default.GetString(ReadMemory(wowHandle, gameVersionPointer, 6));
    How do you know that the game version pointer is 0x00837C04? In the 1.12.1 Dump thread I don't see this pointer listed.
    How do you know that you're suppose to read 6 characters? Because you expect "1.12.1"?

    2) Found this 3.3.5a bot on github WoW Objects - AmeisenBot Docs
    In the docs it says that the structure is:
    Wowobject -> unit -> ...
    It says that the wowobject base is 0x0
    It says that the Unit.Name offset is ((0x964) + 0x05C) (why is this in brackets and not just 0x964 + 0x05c?
    So in theory to get this, we would need to do 0x0 + ((0x964) + 0x05C) ? Probably not

    3) I managed to run the bot in debug and in the memory object I see the following:
    //pseudocode
    Bot = {
    ...
    Wow
    }
    Inside Bot.Wow we have a bunch of properties, including Player and objectManager.
    the ObjectManager has a property called PlayerBase with a value 0x19caa6a0
    the Player has a property called BaseAddress with a value 0x13bc94b8
    In the OffsetsList we have a PlayerBase pointer with a value 0xD38AE4
    In the 3.3.5 Dump thread, it says PlayerBaseStatic 0x00CD87A8

    So what is going on?

  9. #7
    Cush's Avatar Elite User
    Reputation
    501
    Join Date
    May 2006
    Posts
    526
    Thanks G/R
    1/16
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    1) I think I pulled it from a random codebase on Github - It was noted as being 6 characters long as the vanilla version is 6 chars, not sure of the top of my head how this changes in live.

    I just tested it by slapping it in Cheat Engine attached to WoW and checking it was as expected.

    2) I believe the notation being used means the (0x964) is a pointer - usually these would be in [ ] I think, then the name is offset 0x05C from the address read in that. It's saying WoWObject baseaddress offset is 0x0, naturally the base address of a given WoWObject is not going to be offset from itself.

    So you have an object from the object manager and you want its name:
    BaseObject address
    -> Read address of BaseObject+0x065
    -> Read address result of above read + 0x05C offset to get the name value

    I got this by looking at the source....AmeisenBot-3.3.5a/Unit.cs at dbdfa2bfda48c8ed32573931a8682d2a961ebda1 . Jnnshschl/AmeisenBot-3.3.5a . GitHub

    3) Pass - You are going to find huge amounts of information all over and I have only looked at vanilla where I haven't seen anyone mention a static address for the player. I have found lots of conflicting offsets and pointers around the internet that are purportedly for the same game version that I haven't been able to get any meaningful data from. There also isn't only necessarily only going to be a single way to find a single bit of data, there could be loads around the memory of the game that people will post in different places.

    Only true way to find out is experiment for yourself. If you can get something that can look through the objectmanager or read data from the player base you can plug in different values and see what comes out.

    I'd start small and look at making something that can read some basic values from the game and build it up from there - If you are anything like me you will just get more and more confused trying to look at large codebases and work out what is being done, practicing the fundamentals of reading and exploring the memory of the program will go a long way.
    Last edited by Cush; 06-01-2023 at 04:55 AM.

  10. #8
    developerer's Avatar Member
    Reputation
    1
    Join Date
    May 2023
    Posts
    14
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    After about 15 grueling hours of trying, reading, trying, asking and what not, with a lot of help from a guy I found in a bot's discord, I've finally understood the absolute most basic thing ever.
    I don't know why I didn't see mentioned in any tutorial that I need to get the clientConnection and then proceed further.
    I've now managed to get the clientConnection, the current object manager and the first object. My results match those from CE, so I'm happy so far.
    What is my next step tho? Do now go and get all of the objects? What then? I don't even know where to find out what I should do next or where to read about beyond the basic stuff, but for now I'm gonna head straight into debugger and read as much as possible till I figure out what I should get familiar with next.
    I don't know if this guy visits this forum but shout out to a guy called Bia10.

Similar Threads

  1. [Selling] Want to get into betting? Making money on other people? Look here
    By KuRIoS in forum General Trading Buy Sell Trade
    Replies: 6
    Last Post: 05-14-2017, 07:00 AM
  2. Looking to get an AH bot built, Paying well
    By diesiel1 in forum Diablo 3 Bots Questions & Requests
    Replies: 1
    Last Post: 06-03-2012, 04:54 PM
  3. How to get into the hordes inn in dalaran (as alli)
    By imjaspar2 in forum World of Warcraft Guides
    Replies: 7
    Last Post: 07-30-2009, 03:47 PM
  4. [Video] How to get into the gold vault in Dalaran bank
    By Asdii in forum World of Warcraft Exploits
    Replies: 4
    Last Post: 12-30-2008, 02:11 PM
  5. How to get into AB without waiting in que
    By mr_stephen in forum World of Warcraft Exploits
    Replies: 21
    Last Post: 06-16-2008, 07:02 PM
All times are GMT -5. The time now is 05:59 AM. Powered by vBulletin® Version 4.2.3
Copyright © 2024 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2024 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search