Jump to content
Sign in to follow this  
brotwurst

[WoW]reading memory...

Recommended Posts

hi there!

i tried to get the heakth of my character in World of Warcraft and got 2 problems...

1. the adress in the memory changes every time i start WoW

2. _memoryread returns 0

my script:

CODE
#include <NomadMemory.au3>

global $Memadd="0x0EF12548";<---changes everytime i start WoW :)

SetPrivilege("SeDebugPrivilege", 1)

$Memopen=_MemoryOpen(WinGetProcess("World of Warcraft"), 0x1F0FFF)

while WinExists("World of Warcraft")

sleep(10)

$MemRead=_MemoryRead($Memadd, $Memopen)

ToolTip($MemRead,0,0)

WEnd

_MemoryClose($Memopen)

some1 got an idea this returns 0??

Share this post


Link to post
Share on other sites

The health / mana in WoW is always stored in a dynamic memory address. Knowing the player's health and mana are located in the player struct (which contains infos such as X, Y, Z, health, mana, rotation, etc... x 50), you need to have a reliable way to find it everytime. The easiest way to find it would be to get the static X, then do a scan for that X value in the memory (which will be in the player struct like i said).

Once found, you need to add the Health offset to it. With that way, you will get it every times. Check the malu's post for an example on how to do it. Note that his script just serves as an example, since the memory addresses are not valid anymore. I can post the good values if you need them or an example script if you need it.

Share this post


Link to post
Share on other sites

as i undestood from malu's scripts there is a base-address for every creature, object(,player?) around you, and if you have got the offsets you can get LOTS of information...

so i got 2 new questions for you(i know, "google is your friend"(but not mine :) ))

1. what do i have to search for to get these basic addresses?

2. and how can i find the offsets?

sry if that sounds like noob...

Edited by brotwurst

Share this post


Link to post
Share on other sites

as i undestood from malu's scripts there is a base-address for every creature, object(,player?) around you, and if you have got the offsets you can get LOTS of information...

so i got 2 new questions for you(i know, "google is your friend"(but not mine :) ))

1. what do i have to search for to get these basic addresses?

2. and how can i find the offsets?

sry if that sounds like noob...

Basically, all objects in WoW all start by xxx0008. The only way to know if your object is active is to check if it's present in the linked list. Also, each type of objects have a signature (e.g.: 0x867A10 for a player) and a size ( 0x 2470 for a player). So if you want to get a list of all active objects in the WoW's memory, you need to find the ptrBase (pointer base adress) of the linked list. Then you irritate throught the list to get all the objects. This linked list contains a list of pointers to the base address of each objects.

To get the base, here's an autoit function that was posted not long ago on the WoWDev forums:

func _getBaseOffset ()
   
   local $buffer_int    = DllStructCreate( 'dword' )
   local $buffer_uint64 = DllStructCreate( 'uint64' )

   local $tlsSlotPTR = 0x00E530C4
   Local $TLS_Slot = 0x0                     
   local $TLS_Offset = 0x0                      
   local $ThreadHandle = 0                      
   local $ThreadEntry = _ThreadEntry32()               
   local $ThreadQueryResult = 0x0                 
   local $BytesRead = 0x0                       
   local $SnapHandle = 0                           
   local $BasicInformation = _BasicInformation()         
   local $BaseObjectPtr = False                  
   local $TLS_TargetSlot = 0x0                   
   
   const $ThreadBasicInformation = 0            
      
   _ReadProcess ( $wowProcessHwnd, $tlsSlotPTR, DllStructGetPtr ( $buffer_int ), DllStructGetSize ( $buffer_int ) )
   $TLS_Slot = DllStructGetData ( $buffer_int, 1 )
   
   $SnapHandle = _CreateToolhelp32Snapshot ( $TH32CS_SNAPTHREAD, 0 )
   if ( _Thread32First ( $SnapHandle, $ThreadEntry ) ) Then
      Do
         if ( DllStructGetData ( $ThreadEntry, 4 ) == $wowProcessID ) Then
            $ThreadHandle = _OpenThread ( $THREAD_QUERY_INFORMATION, 0, DllStructGetData ( $ThreadEntry, 'th32ThreadID' ) )
            if ( $ThreadHandle <> 0 ) then
               
               $b = 0
               $ThreadQueryResult = _NTQueryInformationThread ( $ThreadHandle, $ThreadBasicInformation, $BasicInformation, $buffer_int )
               
               if ( $ThreadQueryResult == 0 ) Then
                  $TIB = DllStructGetData ( $BasicInformation, 'TebBaseAddress' )
                  
                  _ReadProcess ( $wowProcessHwnd, $TIB + 0x2C, DllStructGetPtr ( $buffer_int ), DllStructGetSize ( $buffer_int ) )
                  $TLS_Offset = DllStructGetData ( $buffer_int, 1 )
                  
                  if ( $TLS_Offset <> 0 ) then
                     if ( $TLS_Offset <> 0 ) Then
                        _ReadProcess ( $wowProcessHwnd, $TLS_Offset + ( $TLS_Slot * 4 ), DllStructGetPtr ( $buffer_int ), DllStructGetSize ( $buffer_int ) )
                        $TargetTLSSLot = DllStructGetData ( $buffer_int, 1 )
                        $baseOffset = DllStructCreate ( 'dword baseObjectPTR; uint64 GUID' )
   
                        _ReadProcess ( $wowProcessHwnd, $TargetTLSSlot + 8, DllStructGetPtr ( $buffer_int ), DllStructGetSize ( $buffer_int ) )
                        global $baseObjectPTR = DllStructGetData ( $buffer_int, 1 ) )
                        
                        _ReadProcess ( $wowProcessHwnd, $TargetTLSSlot + 16, DllStructGetPtr ( $buffer_uint64 ), DllStructGetSize ( $buffer_uint64 ) )
                        global $playerID = DllStructGetData ( $buffer_uint64, 1 ) )
                        
                     
                        _CloseHandle ( $ThreadHandle )
                        _CloseHandle ( $SnapHandle )
                        
                        return true
                     endif
                  endif
               endif
            endif
         endif
      Until ( _Thread32Next ( $SnapHandle, $ThreadEntry ) < 1 )
      
      return false
      
   endif
   
   _CloseHandle ( $ThreadHandle )
   _CloseHandle ( $SnapHandle )
   
endfunc

PS: Kernel32, Ntdll, and advapi32 implementations are left out so you need to do them before or it won't work.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...