Read memory and edit with data structure?

Pages: 12
kryptonite (36)
Lets say the memory location of CCharInfo is 0x00405002 and the data looks like this..

1
2
3
4
5
6
7
8
 
struct CCharInfo
{
DWORD MyID;
CHAR* MyName [0x50];
unsigned char TargetName [0x50];
unsigned int MyHP;
unsigned int MyMana;
} CharInfo, *pCharInfo


How could I link that offset to that structure? So that I can do..

1
2
3
 
CharInfo ci;
ci.MyHP = 50000;
ci.MyMana = 50000;


Obviously that is not going to be the final code, but the point is it's a LOT easier than editing offset by offset when they're in the same location everytime anyway.
Zaita (2770)
CCharinfo *c1 = &CharInfo;
Last edited on
kryptonite (36)
I'm guessing you mean.. 
 
 
Charinfo *c1 = &CCharInfo;
?
Last edited on
Zaita (2770)
Nope. CCharInfo names a type. Not an instance of that type, there for it has no area in memory.

CharInfo is an instance of that type.
kryptonite (36)
Ahhhh I read you code wrong I had thought it said 

 
 
CharInfo *c1 = &CharInfo


I was wondering how in the world that had any link to the CCharInfo offset lol
Zaita (2770)
Corrected my code, :) it was suppose to be CCharinfo *c1 = &CharInfo; not CharInfo *c1 = &CharInfo

Does that help you?
kryptonite (36)
Yah.. not QUITE as complicated as I thought it would be haha - so I didn't read your code wrong, you just corrected it ;)
Zaita (2770)
What your developing sounds quite interesting. I think I have added you to my MSN from a post you had a while ago. I maybe coming up with a fair amount of spare time in the future. I'd be interested in seeing what your developing.
kryptonite (36)
Just to verify if the assembly looks like this (with new lines for each new offset)..

1
2
3
4
5
6
 
0x00400500

05 02
03 05 02 03
25 34 94 83 78 83 94 95 92 84 01 04 04
01


Then struct would be..
1
2
3
4
 
WORD 1;
DWORD 2;
unsigned char 3 [13];
BYTE 4;
Zaita (2770)
1
2
3
4
 
short
int
byte[13] // This should be null terminated.
byte
Zaita (2770)
typedef unsigned long DWORD;
typedef unsigned char BYTE;
typedef int WINBOOL,*PWINBOOL,*LPWINBOOL;
typedef BOOL *PBOOL,*LPBOOL;
typedef unsigned short WORD;
typedef float FLOAT;
typedef FLOAT *PFLOAT;
typedef BYTE *PBYTE,*LPBYTE;
typedef int *PINT,*LPINT;
typedef WORD *PWORD,*LPWORD;
typedef long *LPLONG;
typedef DWORD *PDWORD,*LPDWORD;
typedef CONST void *PCVOID,*LPCVOID;
typedef int INT;
typedef unsigned int UINT,*PUINT,*LPUINT;
typedef DWORD COLORREF;


I'd use sizeof() to check. But I thought long is 8 bytes, not 4.
kryptonite (36)
DWORD = unsigned long and is 4 bytes. I was really just asking if I had the structure set up right (size wise) but thanks a lot for the help man I appreciate it. I'm looking at a source right now and don't see that method done (DLL is huge so I can't read through it all but I did a search through all files) so I'm trying to figure out how he did it lol
Last edited on
Zaita (2770)
Ahhh ok :) What game are you modifying?
kryptonite (36)
World of Warcraft - I do have one more question though. Would I be able to use a code to ReadProcessMemory on the CCHarInfo offset connected to the CharInfo structure and use a debugger with a breakpoint on ReadProcessMemory to spit out the data from that structure. I was thinking I would go through the code and try and put BYTE [size] on all of them and just read the data and narrow down what each offset does. 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
 
/*******************************************************
Bunch of code up here to fix process security issues 
as well as scanning all of the live processes for WoW.exe
*******************************************************/

void ReadStructure (HANDLE hProcess)
{
 CharInfo CI;
 
   void *pointer = (void *)0xE29D28 ;
   void *address;
   DWORD buffer;

   ReadProcessMemory (hProcess, (void *)pointer, &address, 8, &buffer);

   while (1)
   {
      ReadProcessMemory (hProcess, (void *)address, &CI, sizeof (CI), &buffer);
   }
   return;
}

/*******************************************************
int main code to use the scan processes function to return 
the WoW PID and plug it into the ReadStructure function
*******************************************************/
Last edited on
Zaita (2770)
I don't see why you couldn't use a debugger. As long as you didn't lock the memory in WoW causing it to crash :)
kryptonite (36)
It's constantly saying "0" for EVERYTHING and I don't know why which is why I asked about the debugger. When I use OllyDbg I can see the data isn't all 0's - is there something wrong with my code? Enable private messaging so I can send you the whole code - I don't want to put it in public.
Last edited on
Zaita (2770)
Done. I will look at it tonight for you.
Zaita (2770)
Ok.

BOOL WINAPI ReadProcessMemory(
__in HANDLE hProcess,
__in LPCVOID lpBaseAddress,
__out LPVOID lpBuffer,
__in SIZE_T nSize,
__out SIZE_T *lpNumberOfBytesRead
);



ReadProcessMemory (hProcess, addroff, &address, 8, &addrbuffer);

They don't match.

http://msdn.microsoft.com/en-us/library/ms680553(VS.85).aspx

I'd leave the last variable blank imo.
[code]ReadProcessMemory (hProcess, addroff, &addrbuffer, 8);

Try that :)

Nice code btw, it's quite well formatted.
kryptonite (36)
Thanks, I'll try it and let you know what the results end up being.

**EDIT**
Just tested and it's not working, do you happen to have WoW to test this with me? It works for another game, but having problems getting it to work with WoW for whatever reason.
Last edited on
Zaita (2770)
Hey, Yea I do have wow. I'll test the code sometime this week for you. It's quite busy for me at the moment.
Pages: 12