brotwurst Posted December 15, 2007 Share Posted December 15, 2007 hi there! i tried to get the heakth of my character in World of Warcraft and got 2 problems... 1. the adress in the memory changes every time i start WoW 2. _memoryread returns 0 my script: CODE#include <NomadMemory.au3> global $Memadd="0x0EF12548";<---changes everytime i start WoW SetPrivilege("SeDebugPrivilege", 1) $Memopen=_MemoryOpen(WinGetProcess("World of Warcraft"), 0x1F0FFF) while WinExists("World of Warcraft") sleep(10) $MemRead=_MemoryRead($Memadd, $Memopen) ToolTip($MemRead,0,0) WEnd _MemoryClose($Memopen) some1 got an idea this returns 0?? Link to comment Share on other sites More sharing options...
JustinReno Posted December 16, 2007 Share Posted December 16, 2007 Well, what are the 10 or less most common memory address? Link to comment Share on other sites More sharing options...
Delta01 Posted December 16, 2007 Share Posted December 16, 2007 If it changes everytime it means it's a dynamic address. Search google for a tutorial on reading dynamic memory. Link to comment Share on other sites More sharing options...
galpha Posted December 17, 2007 Share Posted December 17, 2007 The health / mana in WoW is always stored in a dynamic memory address. Knowing the player's health and mana are located in the player struct (which contains infos such as X, Y, Z, health, mana, rotation, etc... x 50), you need to have a reliable way to find it everytime. The easiest way to find it would be to get the static X, then do a scan for that X value in the memory (which will be in the player struct like i said). Once found, you need to add the Health offset to it. With that way, you will get it every times. Check the malu's post for an example on how to do it. Note that his script just serves as an example, since the memory addresses are not valid anymore. I can post the good values if you need them or an example script if you need it. Link to comment Share on other sites More sharing options...
DW1 Posted December 17, 2007 Share Posted December 17, 2007 galpha is correct, you need to be looking for the pointer to the address. Search google for DMA (Dynamic Memory Allocation) and Pointer, and it should get you on your way. AutoIt3 Online Help Link to comment Share on other sites More sharing options...
brotwurst Posted December 20, 2007 Author Share Posted December 20, 2007 (edited) as i undestood from malu's scripts there is a base-address for every creature, object(,player?) around you, and if you have got the offsets you can get LOTS of information... so i got 2 new questions for you(i know, "google is your friend"(but not mine )) 1. what do i have to search for to get these basic addresses? 2. and how can i find the offsets? sry if that sounds like noob... Edited December 21, 2007 by brotwurst Link to comment Share on other sites More sharing options...
galpha Posted December 26, 2007 Share Posted December 26, 2007 as i undestood from malu's scripts there is a base-address for every creature, object(,player?) around you, and if you have got the offsets you can get LOTS of information... so i got 2 new questions for you(i know, "google is your friend"(but not mine )) 1. what do i have to search for to get these basic addresses? 2. and how can i find the offsets? sry if that sounds like noob... Basically, all objects in WoW all start by xxx0008. The only way to know if your object is active is to check if it's present in the linked list. Also, each type of objects have a signature (e.g.: 0x867A10 for a player) and a size ( 0x 2470 for a player). So if you want to get a list of all active objects in the WoW's memory, you need to find the ptrBase (pointer base adress) of the linked list. Then you irritate throught the list to get all the objects. This linked list contains a list of pointers to the base address of each objects. To get the base, here's an autoit function that was posted not long ago on the WoWDev forums: expandcollapse popupfunc _getBaseOffset () local $buffer_int = DllStructCreate( 'dword' ) local $buffer_uint64 = DllStructCreate( 'uint64' ) local $tlsSlotPTR = 0x00E530C4 Local $TLS_Slot = 0x0 local $TLS_Offset = 0x0 local $ThreadHandle = 0 local $ThreadEntry = _ThreadEntry32() local $ThreadQueryResult = 0x0 local $BytesRead = 0x0 local $SnapHandle = 0 local $BasicInformation = _BasicInformation() local $BaseObjectPtr = False local $TLS_TargetSlot = 0x0 const $ThreadBasicInformation = 0 _ReadProcess ( $wowProcessHwnd, $tlsSlotPTR, DllStructGetPtr ( $buffer_int ), DllStructGetSize ( $buffer_int ) ) $TLS_Slot = DllStructGetData ( $buffer_int, 1 ) $SnapHandle = _CreateToolhelp32Snapshot ( $TH32CS_SNAPTHREAD, 0 ) if ( _Thread32First ( $SnapHandle, $ThreadEntry ) ) Then Do if ( DllStructGetData ( $ThreadEntry, 4 ) == $wowProcessID ) Then $ThreadHandle = _OpenThread ( $THREAD_QUERY_INFORMATION, 0, DllStructGetData ( $ThreadEntry, 'th32ThreadID' ) ) if ( $ThreadHandle <> 0 ) then $b = 0 $ThreadQueryResult = _NTQueryInformationThread ( $ThreadHandle, $ThreadBasicInformation, $BasicInformation, $buffer_int ) if ( $ThreadQueryResult == 0 ) Then $TIB = DllStructGetData ( $BasicInformation, 'TebBaseAddress' ) _ReadProcess ( $wowProcessHwnd, $TIB + 0x2C, DllStructGetPtr ( $buffer_int ), DllStructGetSize ( $buffer_int ) ) $TLS_Offset = DllStructGetData ( $buffer_int, 1 ) if ( $TLS_Offset <> 0 ) then if ( $TLS_Offset <> 0 ) Then _ReadProcess ( $wowProcessHwnd, $TLS_Offset + ( $TLS_Slot * 4 ), DllStructGetPtr ( $buffer_int ), DllStructGetSize ( $buffer_int ) ) $TargetTLSSLot = DllStructGetData ( $buffer_int, 1 ) $baseOffset = DllStructCreate ( 'dword baseObjectPTR; uint64 GUID' ) _ReadProcess ( $wowProcessHwnd, $TargetTLSSlot + 8, DllStructGetPtr ( $buffer_int ), DllStructGetSize ( $buffer_int ) ) global $baseObjectPTR = DllStructGetData ( $buffer_int, 1 ) ) _ReadProcess ( $wowProcessHwnd, $TargetTLSSlot + 16, DllStructGetPtr ( $buffer_uint64 ), DllStructGetSize ( $buffer_uint64 ) ) global $playerID = DllStructGetData ( $buffer_uint64, 1 ) ) _CloseHandle ( $ThreadHandle ) _CloseHandle ( $SnapHandle ) return true endif endif endif endif endif Until ( _Thread32Next ( $SnapHandle, $ThreadEntry ) < 1 ) return false endif _CloseHandle ( $ThreadHandle ) _CloseHandle ( $SnapHandle ) endfunc PS: Kernel32, Ntdll, and advapi32 implementations are left out so you need to do them before or it won't work. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now