# Forum > World of Warcraft > World of Warcraft Bots and Programs > WoW Memory Editing >  (Tutorial) Starting WoW-Memory Reading/Writing

## Mrbrightside

WoW Memory Editing Tutorial

Hello and welcome to this tutorial, this tutorial is made by me and i would like for it not to be copy/pasted anywhere but mmowned.com, if you do copy/paste any code or anything please give credits, Thank you.
First of all i would like to say that this is my way of memory editing i don't care if you do it another way, this i will always do it this way if you choose to follow this way or not is not up to me.


Ok, to start first the things you will need for doing it this way.

1, Microsoft Visual C# 2008 express edition -credits to microsoft
2, blackmagic dll -credits to Shynd


You can download these:

Microsoft Visual C# 2008 express edition -HereVisual C# 2008 Express Edition
blackmagic,fasm_managed dll -Here http://www.shynd.com/public/BlackMagic.1.1.rar

Now to start with the actual memory editing,
1) Open C# and click on File>>>New Project,

2) Click on "Console Application" rename it to whatever you want i named mine "Memory Editing Tutorial- Console App".
3) Then click "OK".

4) Remember the blackmagic dll that you downloaded? Well extract it to anywere i put it on my desktop for now.
5) In C# right-click "References" and click "Add Reference..." Click on "Browse" click on "Look in" then browse to where you extracted your blackmagic folder.
6) Select "BlackMagic.dll" and "fasmdll_managed.dll" Then click "OK"


7) Now back to C# where it says in the text "using _______;" go to the bottom and type "using Magic;" without the quotes.
 :Cool:  Now you need to open the wow process via blackmagic so... in:


```
static void Main(string[] args)
        {

        }
```

Write:


```
BlackMagic wow = new BlackMagic(); //Create new function to open wow process
wow.OpenProcessAndThread(SProcess.GetProcessFromWindowTitle("World of Warcraft")); //This Opens "World of Warcraft" window
```

now you will have:


```
 static void Main(string[] args)
        {
            BlackMagic wow = new BlackMagic(); //Create new function to open wow process
            wow.OpenProcessAndThread(SProcess.GetProcessFromWindowTitle("World of Warcraft")); //This Opens "World of Warcraft" window
        }
```

you don't have to put the // It just makes it easier later on because you don't have to go through the code you can just read the notes.

Now we are going to read the wow memory such as your player name,health,mana,level, and so on, then im going to show you how to write to wow memory so you can have basic x,y,z movement via ClickToMove.

Ok, so the code we have so far should be:


```
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using Magic;

namespace Memory_Editing_Tutorial__Console_App
{
    class Program
    {
        static void Main(string[] args)
        {
            BlackMagic wow = new BlackMagic(); //Create new function to open wow process
            wow.OpenProcessAndThread(SProcess.GetProcessFromWindowTitle("World of Warcraft")); //This Opens "World of Warcraft" window
        }
    }
}
```

The next lines we will insert will be:


```
uint playerbase = wow.ReadUInt(wow.ReadUInt(wow.ReadUInt(0x00CF7C00) + 0x34) + 0x24); //this is the player base
string playername = wow.ReadASCIIString(0x00C923F8, 12); //reads player name
uint Level = wow.ReadUInt(wow.ReadUInt(playerbase + 0x8) + (0x35 * 4)); // Reads players level
```

I will explain all of this a little later just put it in for now.

Ok so with this code we are reading Playerbase,Playername, and playerlevel
now we will write this to console so we can see it all come to action.

add:


```
            Console.WriteLine("Player Name is: " + playername); //writes to console to tell player name
            Console.WriteLine("Player level is:" + Level); //writes to console to tell player level
```

to the code now we will have:


```
            BlackMagic wow = new BlackMagic(); //Create new function to open wow process
            wow.OpenProcessAndThread(SProcess.GetProcessFromWindowTitle("World of Warcraft")); //This Opens "World of Warcraft" window
            uint playerbase = wow.ReadUInt(wow.ReadUInt(wow.ReadUInt(0x00CF7C00) + 0x34) + 0x24); //this is the player base
            string playername = wow.ReadASCIIString(0x00C923F8, 12); //reads player name
            uint Level = wow.ReadUInt(wow.ReadUInt(playerbase + 0x8) + (0x35 * 4)); // Reads players level
            Console.WriteLine("Player Name is: " + playername); //writes to console to tell player name
            Console.WriteLine("Player level is:" + Level); //writes to console to tell player level
```

in the main block of code.

Ok, so now to test what we have out.
Do Ctrl+F5 or go to "Debug>>>Start Without Debugging"
It should look like this:

Ok now that would be basic memory reading lets try memory writing.
add this to your code:


```
            float playerx = wow.ReadFloat(Pbase + 0x798); // Read players xlocation
            float playery = wow.ReadFloat(Pbase + 0x79C); // Read players ylocation
            float playerz = wow.ReadFloat(Pbase + 0x7A0); // Read players zlocation
```

ok this code reads your x,y,z values also known as your cordinates we will now take these and try to move by a few feet or so.
add this to your code:


```
            Console.WriteLine("Player X cord is:" + playerx); //writes to console to tell players x cordinate
            Console.WriteLine("Player Y cord is:" + playery); //writes to console to tell players y cordinate
```

now do "ctrl+F5" again and it should tell your player name,level,x and y cordinates. You need to be ingame in wow while you do this, now don't move your character and write down what the x,y values are as we are going to need them, also when your ingame go to interface>>>mouse and enable click-to-move.

now we will write to the code to make your character move, write this code:


```
            wow.WriteFloat(0x00CB9814, x here); // x pos from prompt
            wow.WriteFloat(0x00CB9818, y here); // y pos from prompt
```

where it says in the code "x here" type for example if the x cord you wrote down earlier was 1000 write 1005 as it will increase your x by 5, do the same for the "y here" except write the y cord you wrote down earlier also plus 5.

now add to the code:


```
wow.WriteInt(0x00CB97A4, 4);//makes character walk
```

this activates your click-to-move so it makes your character walk

now you should have:


```
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using Magic;

namespace Memory_Editing_Tutorial__Console_App
{
    class Program
    {
        static void Main(string[] args)
        {
            BlackMagic wow = new BlackMagic(); //Create new function to open wow process
            wow.OpenProcessAndThread(SProcess.GetProcessFromWindowTitle("World of Warcraft")); //This Opens "World of Warcraft" window
            uint playerbase = wow.ReadUInt(wow.ReadUInt(wow.ReadUInt(0x00CF7C00) + 0x34) + 0x24); //this is the player base
            string playername = wow.ReadASCIIString(0x00C923F8, 12); //reads player name
            uint Level = wow.ReadUInt(wow.ReadUInt(playerbase + 0x8) + (0x35 * 4)); // Reads players level
            float playerx = wow.ReadFloat(playerbase + 0x798); // Read players xlocation
            float playery = wow.ReadFloat(playerbase + 0x79C); // Read players ylocation
            float playerz = wow.ReadFloat(playerbase + 0x7A0); // Read players zlocation
            Console.WriteLine("Player Name is: " + playername); //writes to console to tell player name
            Console.WriteLine("Player level is:" + Level); //writes to console to tell player level
            Console.WriteLine("Player X cord is:" + playerx); //writes to console to tell players x cordinate
            Console.WriteLine("Player Y cord is:" + playery); //writes to console to tell players y cordinate
            wow.WriteFloat(0x00CB9814, x here); // x pos from prompt
            wow.WriteFloat(0x00CB9818, y here); // y pos from prompt
wow.WriteInt(0x00CB97A4, 4);//makes character walk
        }
    }
}
```

now do "ctrl+F5" and it should make your character move to whatever x,y cord you put in there and that's memory writing.

Thank you for reading this tut and i hope you enjoyed it.

----------


## Robske

> Thank you for reading this tut and i hope you enjoyed it.



Sku and I have thoroughly enjoyed this, thanks for contributing. // Tells the OP that sku and I have enjoyed his post

plus rep // Tells the OP he got reputation

----------


## Mrbrightside

:Smile:  Anytime im glad you enjoyed it. // Tells Robske that im glad Robske enjoyed it but first gives him smiley face

----------


## Cypher

> Anytime im glad you enjoyed it. // Tells Robske that im glad Robske enjoyed it but first gives him smiley face

----------


## Mrbrightside

:Roll Eyes (Sarcastic):  Ok i understand... Back to topic then.

----------


## -Ryuk-

A nice simple tut...

Good Job!

----------


## xerconix

I'm new to the site and this was an excellent help and start, Thanks for the great work!

----------


## Mrbrightside

Thank you, if you have any questions feel free to ask.

----------


## ninjamint

you're writing to memory, isn't that detectable?

----------


## lanman92

Yes, detectable. Detected, no.

----------


## kostas89

Really great tutorial! Thanks for the help.
Ive got one question though, and yes you can flame if you want because iam a noob.

When I try to get the playerbase on my 3.2.2 wow i get an error. Is this playerbase for 3.3.2 or did I just do something wrong? Could you please tell me the playerbase for 3.2.2 or were to find it? Ive searched in the Dump thread trying to find the playerbase but I didnt find it...

I assume that the playerbase address is wrong, because when I try:
uint a = wow.ReadUInt(wow.ReadUInt(0x00CF7C00) + 0x34);
I get zero...

Thanks in advance, Kostas

----------


## Danne206

Learning C# for full, this gave me a good view of stuff. Thanks mate, +3 if I can.

----------


## falkor

I would like to express my greatest thanks to you sir for providing this tutorial.
I've only just started learning c# and have to say I know nothing about c# or memory reading BUT I read alot and persist alot till something works.

Just thought I'd attach the below screenshot to show what a complte n00b can do if he reads your tutorial and puts a bit of thought into it.

The multiline text box is going to be a way point logger to a textfile but for now its a placeholder.

----------


## Cypher

> I would like to express my greatest thanks to you sir for providing this tutorial.
> I've only just started learning c# and have to say I know nothing about c# or memory reading BUT I read alot and persist alot till something works.
> 
> Just thought I'd attach the below screenshot to show what a complte n00b can do if he reads your tutorial and puts a bit of thought into it.
> 
> The multiline text box is going to be a way point logger to a textfile but for now its a placeholder.


Fyi, renaming your window title is pointless.

----------


## falkor

> Fyi, renaming your window title is pointless.



Maybe if you backed up your comment with some reasoning I'd be more intrested in accepting that as a fact and not opinion...

I was lead to believe during my research that Warden also scans Windows titles out of its process for certain names, thus random window titles are but one small step towards providing a little bit of security to your apps future...

----------


## Cypher

> Maybe if you backed up your comment with some reasoning I'd be more intrested in accepting that as a fact and not opinion...
> 
> I was lead to believe during my research that Warden also scans Windows titles out of its process for certain names, thus random window titles are but one small step towards providing a little bit of security to your apps future...


Not how you conducted your 'research' but it obviously wasn't from studying Warden's current implementation, otherwise a single API hook would have proven your hypothesis to be incorrect.*

http://www.mmowned.com/forums/bots-p...-governor.html

* Protip: Dump Warden's 'imports' and check for yourself if you don't believe me. (Make sure you strip any 'dummy' entries)

At any rate, even if Warden did scan window titles, renaming your window like that would do very little.

Warden could simply use EnumWindows and then EnumChildWindows to identify your window. Or they could simply enumerate all running processes and perform memory hashing. etc etc

In short: Its a waste of time and offers effectively zero protection against Warden.

----------


## SinnerG

> Not how you conducted your 'research' but it obviously wasn't from studying Warden's current implementation, otherwise a single API hook would have proven your hypothesis to be incorrect.*
> 
> http://www.mmowned.com/forums/bots-p...-governor.html
> 
> * Protip: Dump Warden's 'imports' and check for yourself if you don't believe me. (Make sure you strip any 'dummy' entries)
> 
> At any rate, even if Warden did scan window titles, renaming your window like that would do very little.
> 
> Warden could simply use EnumWindows and then EnumChildWindows to identify your window. Or they could simply enumerate all running processes and perform memory hashing. etc etc
> ...



Errr, I just used BabBot, named it Cheat Engine 5.5 and this is the result:



So yeah, it is usefull to random-generate a window title :P

edit: the only 'advantage' I'd know of using a static window title is that you'll 'know' when warden is modified to prevent your bot on startup (ofc, that will not be before a banwave  :Stick Out Tongue: )

----------


## falkor

> Errr, I just used BabBot, named it Cheat Engine 5.5 and this is the result:
> 
> So yeah, it is usefull to random-generate a window title :P


Exactly what my research showed thanks for posting this  :Smile:

----------


## Azzie2k8

> Errr, I just used BabBot, named it Cheat Engine 5.5 and this is the result:
> 
> 
> 
> So yeah, it is usefull to random-generate a window title :P
> 
> edit: the only 'advantage' I'd know of using a static window title is that you'll 'know' when warden is modified to prevent your bot on startup (ofc, that will not be before a banwave )



Okay maybe this is highly stupid but isnt warden and scan.dll something very much different ?

Edit: As far as I know, those detections at startup are caused by the scan.dll.

----------


## SinnerG

What I wonder about Warden : IF you do NOT release a bot to the public, and make sure that ANY public library you used is 100% refactored so matching on anything within the bot would be impossible, would this make it 'safe' to inject anything, or will Warden still report 'possitives' for doing this? Or will it report as a 'possible' hack? And what if you only use memory reading and no injection at all?

----------


## Cypher

> Errr, I just used BabBot, named it Cheat Engine 5.5 and this is the result:
> 
> 
> 
> So yeah, it is usefull to random-generate a window title :P
> 
> edit: the only 'advantage' I'd know of using a static window title is that you'll 'know' when warden is modified to prevent your bot on startup (ofc, that will not be before a banwave )


That's Scan.dll, it is a totally separate component to the Warden client that is loaded when you log in.

Scan.dll does out-of-process scans because it's designed as a 'warning' system, it never actually communicates anything back to Blizzard, and its only executed on startup.

Warden is loaded once you log in, runs every 15 seconds, communicates back to Blizzard, and does NOT DO WINDOW TITLE SCANS.

And as I've already pointed out, even if it did it doesn't matter because they can still find you just as easily anyway.

The results of your 'research' are wrong because you weren't testing Warden, you were testing Scan.dll, two related yet totally different modules.

Can you please stop with the stupidity now? Stickies are there for a reason. Kthx.

P.S. I think calling what you did 'research' is a bit of a stretch.

----------


## SinnerG

Err I never called this 'research'.. :P

----------


## flo8464

> What I wonder about Warden : IF you do NOT release a bot to the public, and make sure that ANY public library you used is 100% refactored so matching on anything within the bot would be impossible, would this make it 'safe' to inject anything, or will Warden still report 'possitives' for doing this? Or will it report as a 'possible' hack? And what if you only use memory reading and no injection at all?


Yeah, if you keep your stuff private, you can inject whatever you want. 
At least at the moment.

----------


## Hawker

> Yeah, if you keep your stuff private, you can inject whatever you want. 
> At least at the moment.


Wrong wrong wrong!!!

Warden has no idea if you are private or not. There are addresses that Warden scans and if you write to them your account will get banned.

----------


## Apoc

> Wrong wrong wrong!!!
> 
> Warden has no idea if you are private or not. There are addresses that Warden scans and if you write to them your account will get banned.


Only if you're an idiot.

There are very few addresses that it scans, most of which are for hacks (which bots really don't need...)

Or if you're TAGGING PROCESSES AS BEING ATTACHED TO.

*coughs*

----------


## Cypher

> Err I never called this 'research'.. :P


My bad, got you and the other guy mixed up. Whatever, at any rate it was a pretty fail test.  :Stick Out Tongue:

----------


## falkor

> My bad, got you and the other guy mixed up. Whatever, at any rate it was a pretty fail test.


As you may have noticed in my first post I made it explicitly known that I was a self confessed noob in this topic and that the research i've done is based on other peoples findings not my own.

Thus I'm looking for constructive comments to update my knowledge so I dont spread false information.

I've now learnt that scan.dll and warden are 2 seperate things and got an idea of what they do thats so different so thank you for that but please for future reference just be upfront and don't assume i know what your talking about...

----------


## flo8464

> Wrong wrong wrong!!!
> 
> Warden has no idea if you are private or not. There are addresses that Warden scans and if you write to them your account will get banned.


I didn't say you can hook whatever you want  :Wink: 
Injection is fine.

My bot code rarely contains more memory writing than the hook on EndScene, everything else is done by reading/calling engine functions.

----------


## Jadd

> 


[YT]http://www.youtube.com/watch?v=FMEe7JqBgvg[/YT]

@OP:
Practice makes perfect.

----------


## barathrumm

Just wanne say thanks for a nice tutorial.

btw for anyone doing this in a 64 bit system, remember to set up the project to compile to 86 bit, or you will have problems running blackmagic, since it uses 86.

----------


## GRB

Hello all,

Im getting a very strange error on this line 14



```
wow.OpenProcessAndThread(SProcess.GetProcessFromWindowTitle("World of Warcraft")); //This Opens "World of Warcraft" window
```

Here is what it says:



```
System.ComponentModel.Win32Exception was unhandled
  Message="Not all privileges or groups referenced are assigned to the caller."
  Source="System"
  ErrorCode=-2147467259
  NativeErrorCode=1300
  StackTrace:
       in System.Diagnostics.Process.SetPrivilege(String privilegeName, Int32 attrib)
       in System.Diagnostics.Process.EnterDebugMode()
       in Magic.BlackMagic.Open(Int32 ProcessId) em D:\My Documents\Visual Studio 2008\Projects\BlackMagic\BlackMagic\BMMain.cs:line 144
       in Magic.BlackMagic.OpenProcessAndThread(Int32 dwProcessId) em D:\My Documents\Visual Studio 2008\Projects\BlackMagic\BlackMagic\BMMain.cs:line 220
       in wowbot.Program.Main(String[] args) em C:\Users\Marisa\Documents\Visual Studio 2008\Projects\wowbot\wowbot\Program.cs:line 14
       in System.AppDomain._nExecuteAssembly(Assembly assembly, String[] args)
       in System.AppDomain.ExecuteAssembly(String assemblyFile, Evidence assemblySecurity, String[] args)
       in Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly()
       in System.Threading.ThreadHelper.ThreadStart_Context(Object state)
       in System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
       in System.Threading.ThreadHelper.ThreadStart()
  InnerException:
```

Well basicly i just copy / past all the code, but im getting that strange 1300 native error code.

Anyone able to point in the right direction please?

P.S- im using a x64, but applyed the preferences for debug/build in x86 couse of BlackMagic.

P.P.S - Well if i start c# with administrator rights it passes that error, but now it breaks on the other line after that one, something like it dont recognise 

```
{"ReadUInt failed."}
```

----------


## Danne206

> Hello all,
> 
> Im getting a very strange error on this line 14
> 
> 
> 
> ```
> wow.OpenProcessAndThread(SProcess.GetProcessFromWindowTitle("World of Warcraft")); //This Opens "World of Warcraft" window
> ```
> ...


You must start Visual C# with administrator rights, OR build it and run the .exe as administrator.

If you're doing the first, use:
CTRL + F5 to start without debugging.

----------


## GRB

Danne206 i have done all of that, and if i run with ctrl-F5, the cmd open and it start vista says that hes start looking for a way to fix the problem, so im getting the exactly same error with F5 debbuging or ctrl-F5 no debugging.


Here is what happens with only F5.



Now with ctrl-F5



TRANSLATE: wowbot stop working, windows is looking for a solution for the problem.

Next:



TRANSLATE: wowbot stop working, a problem make the program stop working, windows will now close the program and warn you if theres any solution for it.

Next:



Here says what error was even using crtl-F5 no debbuging.

----------


## Danne206

> Danne206 i have done all of that, and if i run with ctrl-F5, the cmd open and it start vista says that hes start looking for a way to fix the problem, so im getting the exactly same error with F5 debbuging or ctrl-F5 no debugging.


Oh, and by the way, you are using the newest offsets, right? Because I believe that the current ones in the thread are old. Haven't checked tho.

----------


## GRB

sorry for the edit, but think with pic someone can understand better whats heppening. the program dont even have time to read any offsets, it stops on the "ReadUInt"

----------


## MaiN

You need to call Process.EnterDebugMode() before you do any reading.

----------


## Steveiwonder

I seem to be getting this error... can't understand why?

http://img94.imageshack.us/img94/7633/captureqq.png

Anyone got any ideas?

----------


## Danne206

> I seem to be getting this error... can't understand why?
> 
> http://img94.imageshack.us/img94/7633/captureqq.png
> 
> Anyone got any ideas?


If you got x64 bit OS, make sure you compile as x86.

----------


## Steveiwonder

Yeah that did the trick however im getting the same issue now as GRB.

Where can i find the new offsets?

----------


## [email protected]^^@!

Take a look at the stickes: http://www.mmowned.com/forums/wow-me...mp-thread.html

----------


## GRB

Any direction to find the Player Base on that wall of text? Dont seem to find it.

nvm found it, but how to find it without help is the question. i mean without help after apoc post the dumps.

----------


## Floppixx

I get an error at line 

```
BlackMagic wow = new BlackMagic();
```

My full code 

```
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using Magic;

namespace wow_memory_reading_tut__app
{
    class Program
    {
        static void Main(string[] args)
        {
            BlackMagic wow = new BlackMagic(); //Create new function to open wow process
            wow.OpenProcessAndThread(SProcess.GetProcessFromWindowTitle("World of Warcraft")); //This Opens "World of Warcraft" window
            uint playerbase = wow.ReadUInt(wow.ReadUInt(wow.ReadUInt(0x00CF7C00) + 0x34) + 0x24); //this is the player base
            string playername = wow.ReadASCIIString(0x00C923F8, 12); //reads player name
            uint Level = wow.ReadUInt(wow.ReadUInt(playerbase + 0x8) + (0x35 * 4)); // Reads players level
            Console.WriteLine("Player Name is: " + playername); //writes to console to tell player name
            Console.WriteLine("Player level is:" + Level); //writes to console to tell player level


        }
    }
}
```

Its a good tut but I hope it works ;D

----------


## bockwurst25

Hi, i am new to this and i tried the tutorial (thanks for it). But the programm wont showw me the correct name or level. Can anyone tell me what is wrong with my code?

Code:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using Magic;

namespace Memory_Editing_Tutorial__Console_App
{
class Program
{
static void Main(string[] args)
{
BlackMagic wow = new BlackMagic(); //Create new function to open wow process
wow.OpenProcessAndThread(SProcess.GetProcessFromWindowTitle("World of Warcraft"));
uint playerbase = wow.ReadUInt(wow.ReadUInt(wow.ReadUInt(0x00B366D0) + 0x34) + 0x24); //this is the player base
string playername = wow.ReadASCIIString(0x005D3E10, 12); //reads player name
uint Level = wow.ReadUInt(wow.ReadUInt(playerbase + 0x :Cool:  + (0x35 * 4)); // Reads players level
float playerx = wow.ReadFloat(playerbase + 0x79 :Cool: ; // Read players xlocation
float playery = wow.ReadFloat(playerbase + 0x79C); // Read players ylocation
float playerz = wow.ReadFloat(playerbase + 0x7A0); // Read players zlocation
Console.WriteLine("Player Name is: " + playername); //writes to console to tell player name
Console.WriteLine("Player level is:" + Level); //writes to console to tell player level
Console.WriteLine("Player X cord is:" + playerx); //writes to console to tell players x cordinate
Console.WriteLine("Player Y cord is:" + playery); //writes to console to tell players y cordinate
//wow.WriteFloat(0x00CB9814, x here); // x pos from prompt
//wow.WriteFloat(0x00CB9818, y here); // y pos from prompt
//wow.WriteInt(0x00CB97A4, 4);//makes character walk
}
}
}
Sorry for my english.

----------


## Danne206

Doesn't ANYONE read before posting? Look at my latest replies to this thread, compile as x86 and update offsets and you'll be fine!

----------


## bockwurst25

> Take a look at the stickes: http://www.mmowned.com/forums/wow-me...mp-thread.html


I am new to this, i cant find a player base in the thread from the link  :Embarrassment:  , only this "00B366D0 PlayerPointer" and thats wrong. It shows me level 0, see picture.

----------


## Floppixx

> Doesn't ANYONE read before posting? Look at my latest replies to this thread, compile as x86 and update offsets and you'll be fine!


Where can I compile it as x86 ?

----------


## adaephon

I'm pretty sure it's supported in most countries...

----------


## ctac18

byte[] playername = wow.ReadBytes(0xBB4428, 24); //reads player name
string playernam=Encoding.UTF8.GetString(playername);
label1.Text="Player name : "+playernam;
byte[] bPlayerRealm = wow.ReadBytes(0x00BB42AE, 4 :Cool: ;
label2.Text = "Realm : "+Encoding.UTF8.GetString(bPlayerRealm);

----------


## Bonfire666

can someone explain how to get the updated offsets from the dump post? I'm still trying to get one of them working, and I only see a wall of text :S

----------


## Danne206

> can someone explain how to get the updated offsets from the dump post? I'm still trying to get one of them working, and I only see a wall of text :S


CTRL + F and search for the offset you need.
i.e
ClickToMove
etc

----------


## TuFF

Fixed other problem I was having,

Only now i'm clueless on how to find updated PlayerBase (Help Please)

Also total noob question here but how do you find hex codes like 0xBB4428 (The updated ones for like "Player Name" I couldn't find them in the 3.3.3a Dump)

----------


## antoralgola

Thanks for the tutorial: it allowed me (c# and memory readying total noob) to start understanding a bit the concept behind. But now I start to get hungry, so what I would like to do next is:
1) Show also Target Info (how to retrieve target Baseline?)
2) Have data dynamic (how to retrieve always fresh data?)
3) Show the data into a WinForm (I know it’s so basic, but I don’t know how to “nest” the code for this)

Maybe an idea for the Step 2 of the Tutorial !

----------


## Apoc

> Thanks for the tutorial: it allowed me (c# and memory readying total noob) to start understanding a bit the concept behind. But now I start to get hungry, so what I would like to do next is:
> 1) Show also Target Info (how to retrieve target Baseline?)
> 2) Have data dynamic (how to retrieve always fresh data?)
> 3) Show the data into a WinForm (I know it’s so basic, but I don’t know how to “nest” the code for this)
> 
> Maybe an idea for the Step 2 of the Tutorial !


All 3 of these come with a basic understanding of the language you're using.

If you can't figure out how to accomplish them, you shouldn't really be in this section yet, should you?

----------


## Xaqion

Howdy.
I have a problem when i compile this code 



```
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using Magic;

namespace Zudox
{
    public partial class Form1 : Form
    {
        BlackMagic wow = new BlackMagic(); //Create new function to open wow process


        public Form1()
        {
            InitializeComponent();
            
            wow.OpenProcessAndThread(SProcess.GetProcessFromWindowTitle("World of Warcraft")); //This Opens "World of Warcraft" window
            
            //Read players name and displays it.
            byte[] playername = wow.ReadBytes(0xBB4428, 24); //reads player name
            string playernam = Encoding.UTF8.GetString(playername);
            p_name.Text = "Player name : " + playernam;
        }

    }
}
```

I get a window thats says that i shold locate the BMMemory.cs file.
Anyone know whats the problem is ?

----------


## antoralgola

Thanks Apoc for the feedback. Clearly this section is for expert and I'm not but if you don't ask to people that knows more than you, you'll never learn. Moreover, I thought this thread ((Tutorial) Starting WoW-Memory Reading/Writing) was the right place to make even basic questions.
I was just proposing to collect some more info to build “section two” of ((Tutorial) Starting WoW-Memory Reading/Writing), that would be great…

----------


## Apoc

> Thanks Apoc for the feedback. Clearly this section is for expert and I'm not but if you don't ask to people that knows more than you, you'll never learn. Moreover, I thought this thread ((Tutorial) Starting WoW-Memory Reading/Writing) was the right place to make even basic questions.
> I was just proposing to collect some more info to build “section two” of ((Tutorial) Starting WoW-Memory Reading/Writing), that would be great…


As I said; this section isn't meant for you if you don't have a basic grasp of the language you're using.

Plain and simple; if you understood the language (which it's clear, you don't), then you wouldn't have asked your questions. (All of which are within the first 5-6 chapters of any C# book. [Excluding WinForms type stuff, which is usually around chapter 9-10])

Please read the section rules. This section is for ADVANCED things, not 'learn to program!' type discussions. We have another forum for that stuff.

We require you to at least be at the 'intermediate' level in your language of choice, before coming to this section to start learning how to do the stuff we do.

We're not here to give you copy/paste code so you can write your own bot. We're here to help the people who have put in the time to do their own research. (Or just to kick around findings)

----------


## Cypher

> As I said; this section isn't meant for you if you don't have a basic grasp of the language you're using.
> 
> Plain and simple; if you understood the language (which it's clear, you don't), then you wouldn't have asked your questions. (All of which are within the first 5-6 chapters of any C# book. [Excluding WinForms type stuff, which is usually around chapter 9-10])
> 
> Please read the section rules. This section is for ADVANCED things, not 'learn to program!' type discussions. We have another forum for that stuff.
> 
> We require you to at least be at the 'intermediate' level in your language of choice, before coming to this section to start learning how to do the stuff we do.
> 
> We're not here to give you copy/paste code so you can write your own bot. We're here to help the people who have put in the time to do their own research. (Or just to kick around findings)


Pull out this post and sticky it imo. Lol.

----------


## antoralgola

I understand and respect this is an advanced section of the forum but such debate is simply pointless under a thread titled: “(Tutorial) Starting WoW-Memory Reading/Writing”. 

Let me recap:
1.	There’s a thread with a tutorial explaining even how to create a new project in C#... (which C# manual chapter is it?)
2.	Readers say it is a great tutorial and a useful post
3.	People ask basic questions consistently with the topic treated
4.	Your “contribution” is: “This section is for ADVANCED, isn't meant for you” 

…quite bizarre, isn’t? 

By the way I would like to reassure you: I understand and can make use of everything described in the tutorial (even updating the offset that seems to be impossible to many other people that replied to the thread). This clearly doesn’t change my beginner status, but it should at least give me the right to make questions.

----------


## Xaqion

Isnt there any one who know why my Visual C# express ask me to locate BMMemory.cs?

I tried google this problem but i didnt finde anything.

----------


## Robske

I see your point. But know that the existance of this thread isn't inline with the rules for this section.

The subject at hand should never be teached by means of a picture step-by-step guide. Especially not this one who also accounts for making a project in the VS IDE... You learn nothing. (see: the foo above me)

We are still a subforum of a community where the vast majoirty of people can't tie their shoes or take a dump without picture guides, so it's to be expected that one might surface here.

----------


## Xaqion

Did you read my first post so you know what problem i have?

So far i know i only need to have the dll files in my project to get my code to work. Right?
But now when i compile my project visual c# tells me to locate the BMMemory.cs file. 

So if you are this big shot you acting like tell me how to solve this then. 

My question is not about any coding just a thing that happens when i wants to compile and test my code.

----------


## SinnerG

> So if you are this big shot you acting like tell me how to solve this then.


Not the kind of tone I would use to get people to help me...

----------


## Xaqion

> The subject at hand should never be teached by means of a picture step-by-step guide. Especially not this one who also accounts for making a project in the VS IDE... You learn nothing. *(see: the foo above me)*


So the one who have a question and asks about it shold just accept when someone just smash his face in the ground telling him he is no good?

But i can say my acting was not the 100% best way. 
My computers hdd crashed and after that my server computers hardware went down. So i just losed it.

----------


## Robske

> So the one who have a question and asks about it shold just accept when someone just smash his face in the ground telling him he is no good?
> 
> But i can say my acting was not the 100% best way. 
> My computers hdd crashed and after that my server computers hardware went down. So i just losed it.


I'm sorry for calling you a foo because you can't reference a library/project properly. (http://farm3.static.flickr.com/2643/...0447ba1a27.jpg)

From what I gathered you tried to import the BlackMagic sourcecode into your project (to eliminate/conceal the need for an additional dll) and you forgot to import certain files (BMMemory.cs). Or you added a (corrupt/incomplete) BlackMagic project reference to your solution. 

Either way, I went to the trouble of downloading the files in question and had zero problems.

----------


## Xaqion

Ok thanks for the help. Going to test dowload them again and test.

Edited: Now i got it to work. Most had losed something when i downloaded it the first time.

----------


## vinsai

very cool tutorial. I dont plan to use memory editing if i ever get around to coding a bot (or c#) but it was fun to read and interesting to see how a simple bot works

----------


## antoralgola

I'm still struggling to get target info, here’s what I’m doing:

1.	Retrieve Target GUID
> UInt64 TargetGUID = wow.ReadUInt64(0x00C4EB4 :Cool: ;
2.	Use GUID to obtain the rest (e.g. HP)
> int cur_hp = wow.ReadInt(wow.ReadUInt(TargetGUID + 0x :Cool:  + (0x18 * 4)); 
But it gives me error: cannot convert ulong a uint. Error meaning is quite clear, but I couldn't figure out how to solve it.

Someone can help? 
Thanks

----------


## SKU

Assume you work in a hospital. To your left - next to that
hot nurse - is a grey drawer. Inside this drawer are dozens 
of patient records. Each one of these records contains
valuable data about the patient: the name, insurance data, etc.

That hot nurse - god is her voice annoying - needs to know
how many vicodins patient "Foo" should get, and because you think
you've got a shot at her, you agree to help her.

You know that the first thing on the record is the name, and
the 8th thing on the record is the vicodin count for this
day. So you tell her:

Foo + 8 (or something similar..)

She tries to put a smile on her face, thinking of what a
douche you are, and searches the record for herself.

What you should've done:

You know the patient's name: "Foo", now you open that frikin'
drawer, go through each record, compare each record's name
with the name "Foo". If you find it, you move your finger 8
lines down on the record and voila: You got what you wanted.

TLDR: You're doing it wrong, it's a ****ing IDENTIFIER,
[*G*lobally *U*nique *Id*entifier],
and has absolutely nothing to do with a virtual address.
You need to get the object pointer of your target, and then
proceed as you did with the "player base address". One way to
get it is by walking through the object list [search it on
mmowned, jbraumans guide], comparing each object's guid with 
your target-guid.. you get the drill.

----------


## Robske

You're way too nice Sku.

----------


## Cypher

> Assume you work in a hospital. To your left - next to that
> hot nurse - is a grey drawer. Inside this drawer are dozens 
> of patient records. Each one of these records contains
> valuable data about the patient: the name, insurance data, etc.
> 
> That hot nurse - god is her voice annoying - needs to know
> how many vicodins patient "Foo" should get, and because you think
> you've got a shot at her, you agree to help her.
> 
> ...


Best post I've seen all day. Lol.

----------


## antoralgola

Thanks all for your support.

By the way I just managed to get some target info (Hp, lvl mana...).
The hospital metaphor was simply great, as well as effective!

----------


## Fenryr

Awesome tutorial, i was able to get the new player base from info dump thread, but i can't seem to figure out how you got the addresses for click to move(0x00CB9814 in the example below), where can i find this in the info dump? 

```
            wow.WriteFloat(0x00CB9814, x here); // x pos from prompt
            wow.WriteFloat(0x00CB9818, y here); // y pos from prompt
```

 where can i find this in the info dump?

----------


## Apoc

> Awesome tutorial, i was able to get the new player base from info dump thread, but i can't seem to figure out how you got the addresses for click to move(0x00CB9814 in the example below), where can i find this in the info dump? 
> 
> ```
>             wow.WriteFloat(0x00CB9814, x here); // x pos from prompt
>             wow.WriteFloat(0x00CB9818, y here); // y pos from prompt
> ```
> 
>  where can i find this in the info dump?


Reverse the function CGPlayer_C__ClickToMove

----------


## omid

i had this error :



> Could not load file or assembly 'fasmdll_managed, Version=1.0.3262.20709, Culture=neutral, PublicKeyToken=null' or one of its dependencies. An attempt was made to load a program with an incorrect format.


and got it fixed by changing any CPU to x86 but got new error dont know how to fix:




> Not all privileges or groups referenced are assigned to the caller


and it highlights 


> wow.OpenProcessAndThread(SProcess.GetProcessFromWindowTitle("World of Warcraft"));


any help plz??

----------


## Danne206

> i had this error :
> 
> 
> and got it fixed by changing any CPU to x86 but got new error dont know how to fix:
> 
> 
> 
> and it highlights 
> 
> any help plz??


Read the error AND rules.. This section is CLEARLY not for you.
If you can't figure it out: run Visual C# as administrator OR build -> run output as admin. Easy cake.

----------


## omid

fixed fixed 

shorty

----------


## TwixY

Looks like a nice tutorial! Great job!

----------


## flo8464

> Reverse the function CGPlayer_C__ClickToMove


Not even neccessary. 

In the time I wasn't able to reverse my stuff myself, I simply searched the forum for a static address, downloaded the WoW binary this address was posted for, checked all references to it in IDA for a short function, made a pattern for that function, loaded the latest binary into IDA, searched for that pattern, looked out for the static address.

----------


## omid

FIXED

ShortShortyyy

----------


## swollen

> Awesome tutorial, i was able to get the new player base from info dump thread, but i can't seem to figure out how you got the addresses for click to move(0x00CB9814 in the example below), where can i find this in the info dump? 
> 
> ```
>             wow.WriteFloat(0x00CB9814, x here); // x pos from prompt
>             wow.WriteFloat(0x00CB9818, y here); // y pos from prompt
> ```
> 
>  where can i find this in the info dump?


Local $Mem_ClickToMove_X = 0xB9259C
Local $Mem_ClickToMove_Y = 0xB925A0
Local $Mem_ClickToMove_Go = 0xB9252C ;Write 4 to move, default is 13




> Not even neccessary. 
> 
> In the time I wasn't able to reverse my stuff myself, I simply searched the forum for a static address, downloaded the WoW binary this address was posted for, checked all references to it in IDA for a short function, made a pattern for that function, loaded the latest binary into IDA, searched for that pattern, looked out for the static address.


Can also be found with a memory scanner if you know how to use it properly.

----------


## Danne206

> can u help me with my problem that i cant read Uint???
> 
> plz plz help
> 
> ReadUInt failed.


Update your offsets if you haven't already, if that's not the problem or if you don't know how to do - you should not be in this section.

Learn your language before coming here. 
http://www.f.djs-gaming.com/Wrox.Pro...8.Mar.2008.pdf

Jesus.

----------


## harger

for thouse who get an exeption at 


```
BlackMagic wow = new BlackMagic(); //Create new function to open wow process
```

/Platform (C#-Compileroptionen)

Important note for the Express users:



> Note /platform is not available in the development environment in Visual C# Express.


Im an Express user myself so i will try to find a way, but i am a noob too. 

Why do you Hardcore coders even care to write comments like "You are to dump for this section"? What level of knowledge do you expect when you read such a basic tutorial? "Hello world!" Programs are way outdated, todays noobs don't want to code their 18th calculator, this time with multiplying. They want to achieve something bigger,they will be dealing with the same problems like in the calculator but with some fancy WoW manipulating. They want some cool results. I am not saying that thats a good way, or a bad way, but its the way it works today so *help* them or *ignore* them.

----------


## Steveiwonder

Thanks for this Tutorial, found it a big help  :Smile:

----------


## Mr.Zunz

> for thouse who get an exeption at 
> 
> 
> ```
> BlackMagic wow = new BlackMagic(); //Create new function to open wow process
> ```
> 
> /Platform (C#-Compileroptionen)
> 
> ...


You'll understand soon enough. ^^

----------


## namreeb

> Why do you Hardcore coders even care to write comments like "You are to dump for this section"? What level of knowledge do you expect when you read such a basic tutorial? "Hello world!" Programs are way outdated, todays noobs don't want to code their 18th calculator, this time with multiplying. They want to achieve something bigger,they will be dealing with the same problems like in the calculator but with some fancy WoW manipulating. They want some cool results. I am not saying that thats a good way, or a bad way, but its the way it works today so *help* them or *ignore* them.


This section is for advanced users. By entering this section and participating in it you are either agreeing that you possess a sufficient foundation of knowledge to contribute in a productive and intelligent manner (either by questioning or by answering). When for someone this is clearly not the case, it means they have demonstrated an inability or unwillingness to follow the rules. This infraction has consequences. If you walked into a college course as a six year old and behaved in such a disrespectful manner, there too you would be chastised and dismissed.

Nevertheless, believe it or not, scolding people (sometimes harshly) I believe is sometimes the right thing to do. There is a lesson to be learned: instant gratification rarely pans out, and when it does it's usually because someone else made it happen for you. In this case, people expect instant enlightenment on complicated issues, but to the people answering the questions this comes across as an entirely unjustified arrogance, flagrant disrespect, and a statement of "I don't care if I waste your time as long as it saves mine." Needless to say, this does not inspire people to be helpful.

I for one am willing to answer the questions I feel qualified and motivated to answer, even if they seem remedial to me, because I have been in that position before myself, and if someone is working hard themselves trying to learn and understand a subject, I find it very rewarding to be able to fill in the holes for them as necessary. However, what happens more often here is people decide they want to "hack wow" and just dive in here expecting to be spoon fed. It's insulting and a waste of my time.

Bottom line? This is the way things work. You may not understand why, but that does not mean the system is flawed. It simply means you don't understand. Frankly, I would guess nobody really cares if you understand. If you don't like it, don't let the door hit ya on the way out!

----------


## Cypher

> This section is for advanced users. By entering this section and participating in it you are either agreeing that you possess a sufficient foundation of knowledge to contribute in a productive and intelligent manner (either by questioning or by answering). When for someone this is clearly not the case, it means they have demonstrated an inability or unwillingness to follow the rules. This infraction has consequences. If you walked into a college course as a six year old and behaved in such a disrespectful manner, there too you would be chastised and dismissed.
> 
> Nevertheless, believe it or not, scolding people (sometimes harshly) I believe is sometimes the right thing to do. There is a lesson to be learned: instant gratification rarely pans out, and when it does it's usually because someone else made it happen for you. In this case, people expect instant enlightenment on complicated issues, but to the people answering the questions this comes across as an entirely unjustified arrogance, flagrant disrespect, and a statement of "I don't care if I waste your time as long as it saves mine." Needless to say, this does not inspire people to be helpful.
> 
> I for one am willing to answer the questions I feel qualified and motivated to answer, even if they seem remedial to me, because I have been in that position before myself, and if someone is working hard themselves trying to learn and understand a subject, I find it very rewarding to be able to fill in the holes for them as necessary. However, what happens more often here is people decide they want to "hack wow" and just dive in here expecting to be spoon fed. It's insulting and a waste of my time.
> 
> Bottom line? This is the way things work. You may not understand why, but that does not mean the system is flawed. It simply means you don't understand. Frankly, I would guess nobody really cares if you understand. If you don't like it, don't let the door hit ya on the way out!


@Apoc: Sticky this post, lol.  :Stick Out Tongue:

----------


## suicidity

Excellent post, now lets do the dirty.

----------


## MaiN

> -snip-
> Bottom line? This is the way things work. You may not understand why, but that does not mean the system is flawed. It simply means you don't understand. Frankly, I would guess nobody really cares if you understand. * If you don't like it, don't let the door hit ya on the way out!*


Actually, please let the door hit you on the way out. Very hard.

----------


## Apoc

> This section is for advanced users. By entering this section and participating in it you are either agreeing that you possess a sufficient foundation of knowledge to contribute in a productive and intelligent manner (either by questioning or by answering). When for someone this is clearly not the case, it means they have demonstrated an inability or unwillingness to follow the rules. This infraction has consequences. If you walked into a college course as a six year old and behaved in such a disrespectful manner, there too you would be chastised and dismissed.
> 
> Nevertheless, believe it or not, scolding people (sometimes harshly) I believe is sometimes the right thing to do. There is a lesson to be learned: instant gratification rarely pans out, and when it does it's usually because someone else made it happen for you. In this case, people expect instant enlightenment on complicated issues, but to the people answering the questions this comes across as an entirely unjustified arrogance, flagrant disrespect, and a statement of "I don't care if I waste your time as long as it saves mine." Needless to say, this does not inspire people to be helpful.
> 
> I for one am willing to answer the questions I feel qualified and motivated to answer, even if they seem remedial to me, because I have been in that position before myself, and if someone is working hard themselves trying to learn and understand a subject, I find it very rewarding to be able to fill in the holes for them as necessary. However, what happens more often here is people decide they want to "hack wow" and just dive in here expecting to be spoon fed. It's insulting and a waste of my time.
> 
> Bottom line? This is the way things work. You may not understand why, but that does not mean the system is flawed. It simply means you don't understand. Frankly, I would guess nobody really cares if you understand. If you don't like it, don't let the door hit ya on the way out!


Couldn't have said it better myself.

----------


## Seifer

> Awesome tutorial, i was able to get the new player base from info dump thread, but i can't seem to figure out how you got the addresses for click to move(0x00CB9814 in the example below), where can i find this in the info dump? 
> 
> ```
>             wow.WriteFloat(0x00CB9814, x here); // x pos from prompt
>             wow.WriteFloat(0x00CB9818, y here); // y pos from prompt
> ```
> 
>  where can i find this in the info dump?


The dump thread states that:



> 005CFB70 CGPlayer_C__ClickToMove


So, in IDA, that would be sub_5CFB70. Double clicking it will provide you with the actual code executed when CTM is executed. This isn't what you're after, you're after the method that calls CTM when you want to execute it yourself, which is identified by the "proc near" in IDA.

You simply follow that .. in reverse (get it?) to find where CTM is called, and you write your crap to those memory locations.

----------


## Robske

> I for one am willing to answer the questions I feel qualified and motivated to answer, even if they seem remedial to me, because I have been in that position before myself, and if someone is working hard themselves trying to learn and understand a subject, I find it very rewarding to be able to fill in the holes for them as necessary. However, what happens more often here is people decide they want to "hack wow" and just dive in here expecting to be spoon fed. It's insulting and a waste of my time.


Perfection

----------


## l1nk3

> This section is for advanced users. By entering this section and participating in it you are either agreeing that you possess a sufficient foundation of knowledge to contribute in a productive and intelligent manner (either by questioning or by answering). When for someone this is clearly not the case, it means they have demonstrated an inability or unwillingness to follow the rules. This infraction has consequences. If you walked into a college course as a six year old and behaved in such a disrespectful manner, there too you would be chastised and dismissed.
> 
> Nevertheless, believe it or not, scolding people (sometimes harshly) I believe is sometimes the right thing to do. There is a lesson to be learned: instant gratification rarely pans out, and when it does it's usually because someone else made it happen for you. In this case, people expect instant enlightenment on complicated issues, but to the people answering the questions this comes across as an entirely unjustified arrogance, flagrant disrespect, and a statement of "I don't care if I waste your time as long as it saves mine." Needless to say, this does not inspire people to be helpful.
> 
> I for one am willing to answer the questions I feel qualified and motivated to answer, even if they seem remedial to me, because I have been in that position before myself, and if someone is working hard themselves trying to learn and understand a subject, I find it very rewarding to be able to fill in the holes for them as necessary. However, what happens more often here is people decide they want to "hack wow" and just dive in here expecting to be spoon fed. It's insulting and a waste of my time.
> 
> Bottom line? This is the way things work. You may not understand why, but that does not mean the system is flawed. It simply means you don't understand. Frankly, I would guess nobody really cares if you understand. If you don't like it, don't let the door hit ya on the way out!


Nicely said =)

----------


## Apoc

namreebs post is now in the mem editing section's rules thread.

Grats you silly paradise whore.

----------


## Flowerew

Deserved!!

----------


## Steveiwonder

I dont know if this is relevant to anyone else, but i had some problems with getting the following error:

* Could not load file or assembly 'fasmdll_managed, Version=1.0.3262.20709, Culture=neutral, PublicKeyToken=null' or one of its dependencies. An attempt was made to load a program with an incorrect format*

I've been looking for a solution for aloong time but didn't want to ask here as its already been posted, *"compile it as x86!"* Thats fine, however i was unable to find the option in Visual Studio 2008 Express.

Then did some googling after many previous googles and found this link HERE

From what i can see the Express Edition doesn't give you the option, so you have to edit it manually.

All you have to do is edit some code inside .csproj file. Just open it in notepad.

You will see something like this:


```
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
    <DebugSymbols>true</DebugSymbols>
    <DebugType>full</DebugType>
    <Optimize>false</Optimize>
    <OutputPath>bin\Debug\</OutputPath>
    <DefineConstants>DEBUG;TRACE</DefineConstants>
    <ErrorReport>prompt</ErrorReport>
    <WarningLevel>4</WarningLevel>
    </PropertyGroup>
```

You just need to add:


```
<PlatformTarget>X86</PlatformTarget>
```

So it now reads:



```
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
    <DebugSymbols>true</DebugSymbols>
    <DebugType>full</DebugType>
    <Optimize>false</Optimize>
    <OutputPath>bin\Debug\</OutputPath>
    <DefineConstants>DEBUG;TRACE</DefineConstants>
    <ErrorReport>prompt</ErrorReport>
    <WarningLevel>4</WarningLevel>
    <PlatformTarget>X86</PlatformTarget>
    </PropertyGroup>
```

The reason i'm posting this as i found it very puzzling as to why i couldn't find this this option, so to save more people posting "i can't find option to compile as x86" and getting flamed, here is the answer.

Hope it helps

Steve

----------


## Apoc

> I dont know if this is relevant to anyone else, but i had some problems with getting the following error:
> 
> * Could not load file or assembly 'fasmdll_managed, Version=1.0.3262.20709, Culture=neutral, PublicKeyToken=null' or one of its dependencies. An attempt was made to load a program with an incorrect format*
> 
> I've been looking for a solution for aloong time but didn't want to ask here as its already been posted, *"compile it as x86!"* Thats fine, however i was unable to find the option in Visual Studio 2008 Express.
> 
> Then did some googling after many previous googles and found this link HERE
> 
> From what i can see the Express Edition doesn't give you the option, so you have to edit it manually.
> ...


Build -> Configuration Manager -> Change the platform for the project. Much easier. (And persistent)

----------


## MaiN

> Build -> Configuration Manager -> Change the platform for the project. Much easier. (And persistent)


But impossible in Express editions.

----------


## Steveiwonder

> But impossible in Express editions.


My point exactly. Thanks

----------


## Danne206

Impossible in express? Nope - you're wrong. 
It's just disabled by default.

How to enable: http://www.f.djs-gaming.com/config1.png
Proof: http://www.f.djs-gaming.com/config2.png

----------


## Steveiwonder

Awesome! Learn something new everyday  :Smile:

----------


## MaiN

> Impossible in express? Nope - you're wrong. 
> It's just disabled by default.
> 
> How to enable: http://www.f.djs-gaming.com/config1.png
> Proof: http://www.f.djs-gaming.com/config2.png


Ah, my bad then. Haven't used Express for a good year.  :Smile:

----------


## Flowerew

> Ah, my bad then. Haven't used Express for a good year.


I'm rich, biatch!  :Stick Out Tongue:

----------


## loll__loll__

Hey guys!
Nice explanation, but I only get errors if I copy 'n' paste the tutorial's example or write it on my own.
My compiler said, I didn't handled all exceptions and throws this error:
_
Fileload exception isn't handled
Mixed mode assembly is built against version 'v2.0.50727' of the runtime and cannot be loaded in the 4.0 runtime without additional configuration information._

Any idea? 

Thanks for help and yes: I am noob! xP

----------


## adaephon

http://lmgtfy.com/?q=Mixed+mode+asse...on+information.

First result. Target .NET 3.5 or fix your configuration to allow those assemblies to work in .NET 4.

----------


## Steveiwonder

> Let me google that for you.


omfg i lol'd IRL, thats brilliant you have made my day. Best website ever.

----------


## loll__loll__

Thanks for your help. And yes it was that hard because I am from Germany and my English sucks.^^

----------


## MaiN

> Thanks for your help. And yes it was that hard because I am from Germany and my English sucks.^^


You don't have Google in Germany?

----------


## Flowerew

> You don't have Google in Germany?


Nope! But we have Stackenblochen!
[ame="http://www.youtube.com/watch?v=zqAdxN1IWQQ"]YouTube- Stackenblochen[/ame]

----------


## Hi on helium

> Nope! But we have Stackenblochen!
> YouTube- Stackenblochen


I too have learned something today...

----------


## Jotey

i don't rly get it

----------


## piiters

thankyou for this great tutorial! now i got some understanding how this thing works from reading all posts... ^^

----------


## Cush

Cheers for the tut, helpful, but you wrote you would explain more about the reading bit later on and didnt  :Frown:  Things such as the purpose of reading the playerbase and where you are pulling the addresses from to put in, that would make it easier to adapt and add to (Like if I knew how you were actually gathering the required data to be able to read those values I would be able to apply it to other aspects as well such as max health/mana etc etc)

----------


## DarkLinux

I have some questions that I know I will get raped for asking. So I know I need to update the code using the 3.3.3a codes, as seen (http://www.mmowned.com/forums/world-...mp-thread.html) My problem is that I do not understand the descriptions that are give in this tutorial. 

ex,
Line 15: uint playerbase = wow.ReadUInt(wow.ReadUInt(wow.ReadUInt(0x00CF7C00) + 0x34) + 0x24); //this is the player base

So I go and look up Player base under the 3.3.3a Dump. But I cant find anything about player base. I have looked back to 3.3.3 and 3.3.x and 3.x.x and could not find a match for 00CF7C00, so I could find the title of it. Same thing for the 0x34 and 0x24. No ideas what to look for to update them.

Can some one give me a link to a good Tutorial on what each one is. I know this has been posted but I can not seem to get it to work. I will +rep if help is give.

Also When I run the compile a dialog box pops up and asks for the location of SMemory.cs. I think this has something to do with the out of date code.

Thanks!

----------


## rhilor

```
uint playerBase = wow.ReadUInt(wow.ReadUInt(wow.ReadUInt(0xB366D0) + 0x34) + 0x24);
```




> *DrakeFish:
> *00B366D0 PlayerPointer

----------


## DarkLinux

> ```
> uint playerBase = wow.ReadUInt(wow.ReadUInt(wow.ReadUInt(0xB366D0) + 0x34) + 0x24);
> ```


So does the "+ 0x34) + 0x24)" stay the same?

Because I am getting an error, ReadUInt failed. "Line 3"



```
            BlackMagic wow = new BlackMagic(); 
            wow.OpenProcessAndThread(SProcess.GetProcessFromWindowTitle("World of Warcraft")); 
            uint playerbase = wow.ReadUInt(wow.ReadUInt(wow.ReadUInt(0x00B366D0) + 0x34) + 0x24);
            string playername = wow.ReadASCIIString(0x00B92574, 12);
            Console.WriteLine("Player Name is: " + playername);
```



---------- Post added at 01:28 PM ---------- Previous post was at 12:54 PM ----------

Randomly stopped getting an error, but I think the player base is wrong. The out put of the name is just random character and symbols. Any ideas how to understand how to get each code. Also I tried cheat engine to get the codes but wow detected the program. Any other ways I should try? 

Thanks for the help, if it help I will rep.

----------


## rhilor

```
 string playername = wow.ReadASCIIString(0xBB4428, 30);
```

----------


## supermormor23

Hey  :Smile:  Thanks for the tutorial, but I have a little problem. I have been doing some research at google and the only thing I find is sites from germany that I do not understand anything of.
So I hoped you guys could explain me why I get this error ? I have just done as told in the turorial, I have changed the adresses since they were kind of out of date.

http://img6.imageshack.us/i/ffsl.jpg/

/Cheer Supermormor  :Wink:

----------


## miceiken

> Hey  Thanks for the tutorial, but I have a little problem. I have been doing some research at google and the only thing I find is sites from germany that I do not understand anything of.
> So I hoped you guys could explain me why I get this error ? I have just done as told in the turorial, I have changed the adresses since they were kind of out of date.
> 
> Imageshack - ffsl.jpg
> 
> /Cheer Supermormor


Compile as x86

----------


## supermormor23

Thank you for the answer, also found out my self :b And I saw on the earlier sites in this tutorial how to set it up, but ty for the fast reply.

----------


## purri

Hi, is there any change to convert blackmagic.dll to vb activeX ? or is there a solution how to use it on visual basic

----------


## mnbvc

1. vb suxx
2. im pretty sure you can access dlls with vb :P

----------


## InuyashaITB

yeah umm.... what? lol

---------- Post added at 02:26 AM ---------- Previous post was at 12:56 AM ----------

ok guys, ive taken the time to find the addresses of X, Y, Z using cheat engine:


X Pos = 277FF9D4Y Pos = 277FF9D0Z Pos = 277FF9D8

---------- Post added at 03:11 AM ---------- Previous post was at 02:26 AM ----------

also, for those of you who are on 3.3.3a
here is a simple program that has up-to-date xyz coord locations and name and realm locations:


```
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using Magic;
using Microsoft.VisualBasic;

namespace WindowsFormsApplication1
{
    public partial class Form1 : Form
    {
        public Form1()
        {
            InitializeComponent();
        }

        private void Form1_Load(object sender, EventArgs e)
        {
           timer1.Start();
        }

        private void textBox1_TextChanged(object sender, EventArgs e)
        {
            BlackMagic wow = new BlackMagic();
            wow.OpenProcessAndThread(SProcess.GetProcessFromWindowTitle("World of Warcraft")); //This Opens "World of Warcraft" window
            wow.WriteASCIIString(0xBB4428, textBox1.Text);
        }

        private void textBox2_TextChanged(object sender, EventArgs e)
        {
            BlackMagic wow = new BlackMagic();
            wow.OpenProcessAndThread(SProcess.GetProcessFromWindowTitle("World of Warcraft")); //This Opens "World of Warcraft" window
            wow.WriteASCIIString(0x00BB44AE, textBox2.Text);
        }

        private void textBox3_TextChanged(object sender, EventArgs e)
        {
            BlackMagic wow = new BlackMagic();
            wow.OpenProcessAndThread(SProcess.GetProcessFromWindowTitle("World of Warcraft")); //This Opens "World of Warcraft" window
            wow.WriteFloat(0x277FF9D4, float.Parse(textBox3.Text));
        }

        private void textBox5_TextChanged(object sender, EventArgs e)
        {
            BlackMagic wow = new BlackMagic();
            wow.OpenProcessAndThread(SProcess.GetProcessFromWindowTitle("World of Warcraft")); //This Opens "World of Warcraft" window
            wow.WriteFloat(0x277FF9D8, float.Parse(textBox5.Text));
        }

        private void textBox4_TextChanged(object sender, EventArgs e)
        {
            BlackMagic wow = new BlackMagic();
            wow.OpenProcessAndThread(SProcess.GetProcessFromWindowTitle("World of Warcraft")); //This Opens "World of Warcraft" window
            wow.WriteFloat(0x277FF9D0, float.Parse(textBox4.Text));
        }

        private void timer1_Tick(object sender, EventArgs e)
        {
            BlackMagic wow = new BlackMagic(); //Create new function to open wow process
            wow.OpenProcessAndThread(SProcess.GetProcessFromWindowTitle("World of Warcraft")); //This Opens "World of Warcraft" window
            string playername = wow.ReadASCIIString(0xBB4428, 12); //reads player name
            string realm = wow.ReadASCIIString(0x00BB42AE, 30); //Reads Realm
            float playerx = wow.ReadFloat(0x277FF9D4);
            float playery = wow.ReadFloat(0x277FF9D0);
            float playerz = wow.ReadFloat(0x277FF9D8);
            textBox1.Text = playername; //writes to console to tell player name
            textBox2.Text = realm;
            label6.Text = Convert.ToString(playerx);
            label7.Text = Convert.ToString(playery);
            label8.Text = Convert.ToString(playerz);
        }

    }
}
```

----------


## Bananenbrot

Check your offset...

Tip: I never accessed the localplayer by the more or less static address, but I think PlayerPointer in DrakeFish's dump will do the job for you.

----------


## rhilor

```
PlayerPointer = 0xB366D0
X = 0x798,
Y = 0x79C,
Z = 0x7A0
```

that are the offsets.

----------


## martinochsan

Hey guys I am pretty new to memory edit, I have tried many times to find out the value to playerpos Can anyone help me please?

//Air0x

----------


## namreeb

What's really funny about the post above is that it would appear the answer is directly above his request.

----------


## dididii

Hi, I know how to find playerbase and some simple values, like account name and character name, but I have problem finding numbers, such as player hp and level. I don't know what you have to add to playerbase to get these values and I get an error on every ReadUInt (example: uint Level = wow.ReadUInt(wow.ReadUInt(playerbase + 0x :Cool:  + (0x35 * 4)); ). Adding those values doesn't return correct level - it just causes error. Also using addresses found on Cheat Engine cause error.
Is there some basic level guide somewhere about this? I know you all have been in the same situation at some point when you first started to do this stuff. I have tried to search for stuff but it has kinda failed.

----------


## Ellesar1

it would help if you would give some error message. just saying it didn't work won't give us a chance to give you hints.

----------


## Kz0z

@dididii Your example should be *uint Level = wow.ReadUInt(wow.ReadUInt(playerbase + 0x + (0x36 * 4));* where the *0x36* value is from eUnitFields.UNIT_FIELD_LEVEL value given in http://www.mmowned.com/forums/world-...mp-thread.html Likewise, HP would be obtained by using the eUnitFields.UNIT_FIELD_HEALTH value (0x1 :Cool: , etc.




```
// Memory Editing Tutorial from http://www.mmowned.com/forums/world-of-warcraft/bots-programs/memory-editing/276015-tutorial-starting-wow-memory-reading-writing.html
// Updated for 3.3.5.12340
//
// NOTE 1: Click to Move must be enabled in the WoW user interface.
// NOTE 2: Player must use Click to Move at least once before running this program otherwise toon will simply run without stopping.
//

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using Magic;

namespace Memory_Editing_Tutorial__Console_App
{
    class Program
    {
        // From eUnitFields on page http://www.mmowned.com/forums/world-of-warcraft/bots-programs/memory-editing/300463-wow-3-3-5-12340-info-dump-thread.html
        public enum UnitFields
        {
            Level = 0x36,
            Health = 0x18,
            Energy = 0x19,
            MaxHealth = 0x20,
            SummonedBy = 0xE,
            MaxEnergy = 0x21
        }

        // From ClickToMove on page http://www.mmowned.com/forums/world-of-warcraft/bots-programs/memory-editing/300463-wow-3-3-5-12340-info-dump-thread.html
        public enum ClickToMove
        {
            CTM_Base = 0x00CA11D8,
            CTM_X = CTM_Base + 0x8C,
            CTM_Y = CTM_Base + 0x90,
            CTM_Z = CTM_Base + 0x94,
            CTM_Action = CTM_Base + 0x1C
        }

        // Form http://www.mmowned.com/forums/world-of-warcraft/bots-programs/memory-editing/298310-3-3-5-offsets-2.html
        const UInt32   STATIC_PLAYER   = 0xCD87A8;     // PlayerBaseStatic, Playerbase, etc.
        const UInt32   PlayerBaseOffset1 = 0x34;       //
        const UInt32   PlayerBaseOffset2 = 0x24;       //

        const UInt32    XOffset = 0x798;                // PlayerX
        const UInt32    YOffset = 0x79c;                // PlayerY
        const UInt32    ZOffset = 0x7a0;                // PlayerZ
//      const UInt32    RotationOffset  = 0x7ab;        // ROffset

        // From http://www.mmowned.com/forums/world-of-warcraft/bots-programs/memory-editing/298984-3-3-5a-12340-offsets.html
        const UInt32    STATIC_NAME     = 0xC79D18;


        static void Main(string[] args)
        {
            BlackMagic wow = new BlackMagic(); //Create new function to open wow process
            wow.OpenProcessAndThread(SProcess.GetProcessFromWindowTitle("World of Warcraft")); //This Opens "World of Warcraft" window

            uint playerbase = wow.ReadUInt(wow.ReadUInt(wow.ReadUInt(STATIC_PLAYER) + PlayerBaseOffset1) + PlayerBaseOffset2); //this is the player base

            string playername = wow.ReadASCIIString(STATIC_NAME, 30); //reads player name
            uint Level = wow.ReadUInt(wow.ReadUInt(playerbase + 0x8) + ((uint)UnitFields.Level * 4)); // Reads players level
            uint Health = wow.ReadUInt(wow.ReadUInt(playerbase + 0x8) + ((uint)UnitFields.Health * 4)); // Reads players health

            Console.WriteLine("Player Name is: " + playername);     //writes to console to tell player name
            Console.WriteLine("Player level is:" + Level);          //writes to console to tell player level
            Console.WriteLine("Player health is:" + Health);        //writes to console to tell player health

            float playerx = wow.ReadFloat(playerbase + XOffset);    // Read players xlocation
            float playery = wow.ReadFloat(playerbase + YOffset);    // Read players ylocation
            float playerz = wow.ReadFloat(playerbase + ZOffset);    // Read players zlocation

            Console.WriteLine("Player X cord is:" + playerx);       //writes to console to tell players x cordinate
            Console.WriteLine("Player Y cord is:" + playery);       //writes to console to tell players y cordinate
            Console.WriteLine("Player Z cord is:" + playerz);       //writes to console to tell players z cordinate

            // ClickToMove  CTM_...
            float MoveToX = playerx + 10;                           // Position to move to (add offset from current location).
            float MoveToY = playery + 5;

            wow.WriteFloat((uint)ClickToMove.CTM_X, MoveToX);       // x destination pos
            wow.WriteFloat((uint)ClickToMove.CTM_Y, MoveToY);       // y destination pos
            wow.WriteInt((uint)ClickToMove.CTM_Action, 4);          // Makes character walk.  !!! MUST HAVE CTM ENABLED IN USER INTERFACE !!!.
        }
    }
}
```

----------


## dididii

> @dididii Your example should be *uint Level = wow.ReadUInt(wow.ReadUInt(playerbase + 0x + (0x36 * 4));* where the *0x36* value is from eUnitFields.UNIT_FIELD_LEVEL value given in http://www.mmowned.com/forums/world-...mp-thread.html Likewise, HP would be obtained by using the eUnitFields.UNIT_FIELD_HEALTH value (0x1, etc.


Thank you for this answer. Now it works  :Smile:

----------


## Zaxer

Is there any chance that this will be updated?

----------


## Kz0z

```
// Memory Editing Tutorial from http://www.mmowned.com/forums/world-of-warcraft/bots-programs/memory-editing/276015-tutorial-starting-wow-memory-reading-writing.html
// Updated for 4.0.1.13164
//
// NOTE 1: Click to Move must be enabled in the WoW user interface.
// NOTE 2: Player must use Click to Move at least once before running this program otherwise toon will simply run without stopping.
//
// For a MUCH more detailed and useable example please consider one of the following:
//      http://www.mmowned.com/forums/world-of-warcraft/bots-programs/memory-editing/290817-c-source-blackrain-simple-object-manager-library.html
//      http://www.mmowned.com/forums/world-of-warcraft/bots-programs/memory-editing/307988-example-c-bot-base-4-0-1-a.html


using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using Magic;

using System.Diagnostics;

namespace Memory_Editing_Tutorial__Console_App
{
    class Program
    {
        #region WoW 4.0.1 Constants
        public enum WoW401
        {
            CurMgrPointer = 0x008A5C20,                 // ObjectManager.CurMgrPointer
            CurMgrOffset = 0x4618,                      // ObjectManager.CurMgrOffset
            NextObject = 0x3C,                          // ObjectManager.NextObject
            FirstObject = 0xB4,                         // ObjectManager.FirstObject
            LocalGUID = 0xC8,                           // ObjectManager.LocalGUID

            STATIC_PLAYERNAME = 0x8A5C58,

            OBJECT_FIELD_GUID = 0x00,                   // WowObjectFields.OBJECT_FIELD_GUID

            X = 0x880,                                  // WowObject.X
            Y = 0x884,                                  // WowObject.Y
            Z = 0x888,                                  // WowObject.Z

            UNIT_FIELD_HEALTH = 0x08 + 0x12,            // WowUnitFields.UNIT_FIELD_HEALTH
            UNIT_FIELD_LEVEL = 0x08 + 0x40,             // WowUnitFields.UNIT_FIELD_LEVEL

            CTM_Base = 0x8BD7D8,                        // ClickToMove
            CTM_Distance = 0x0c,
            CTM_Action = CTM_Base + 0x1c,
            CTM_X = CTM_Base + 0xa0,
            CTM_Y = CTM_Base + 0xa4,
            CTM_Z = CTM_Base + 0xa8
        }
        #endregion

        #region Global Variables
        static BlackMagic wow = null;
        static IntPtr BaseAddress = IntPtr.Zero;
        static uint CurrentManager = 0;
        #endregion

        static void Main(string[] args)
        {
            ////////////////////////////////////////////////////////
            // Initialize memory access.
            var proc = Process.GetProcessesByName("Wow");
            if (proc[0] == null)
            {
                Console.WriteLine("World of Warcraft process could not be found.");
                return;
            }

            wow = new BlackMagic(proc[0].Id);
            BaseAddress = proc[0].MainModule.BaseAddress;

            CurrentManager = wow.ReadUInt(wow.ReadUInt((uint)BaseAddress + (uint)WoW401.CurMgrPointer) + (uint)WoW401.CurMgrOffset);
            ulong PlayerGUID = wow.ReadUInt64(CurrentManager + (uint)WoW401.LocalGUID);


            ////////////////////////////////////////////////////////
            // Display some simple player static data.

            string PlayerName = wow.ReadASCIIString((uint)BaseAddress + (uint)WoW401.STATIC_PLAYERNAME, 60);
            Console.WriteLine("Player Name is: " + PlayerName);


            ////////////////////////////////////////////////////////
            // Display some simple player data from the palyer GUID.

            // Find the object for the local player.
            uint PlayerPtr = FindObjectPtr(PlayerGUID);
            if (PlayerPtr == 0)
                return;

            uint Level = wow.ReadUInt(wow.ReadUInt(PlayerPtr + 0x8) + ((uint)WoW401.UNIT_FIELD_LEVEL * 4)); // Reads players level
            uint Health = wow.ReadUInt(wow.ReadUInt(PlayerPtr + 0x8) + ((uint)WoW401.UNIT_FIELD_HEALTH * 4)); // Reads players health

            Console.WriteLine("Player level is:" + Level);          //writes to console to tell player level
            Console.WriteLine("Player health is:" + Health);        //writes to console to tell player health

            float playerx = wow.ReadFloat(PlayerPtr + (uint)WoW401.X);    // Read players xlocation
            float playery = wow.ReadFloat(PlayerPtr + (uint)WoW401.Y);    // Read players ylocation
            float playerz = wow.ReadFloat(PlayerPtr + (uint)WoW401.Z);    // Read players zlocation

            Console.WriteLine("Player X cord is:" + playerx);       //writes to console to tell players x cordinate
            Console.WriteLine("Player Y cord is:" + playery);       //writes to console to tell players y cordinate
            Console.WriteLine("Player Z cord is:" + playerz);       //writes to console to tell players z cordinate


            ////////////////////////////////////////////////////////
            // ClickToMove  CTM_...
            float MoveToX = playerx + 10;                           // Position to move to (add offset from current location).
            float MoveToY = playery + 5;

            wow.WriteFloat((uint)BaseAddress + (uint)WoW401.CTM_X, MoveToX);            // x destination pos
            wow.WriteFloat((uint)BaseAddress + (uint)WoW401.CTM_Y, MoveToY);            // y destination pos
            wow.WriteInt((uint)BaseAddress + (uint)WoW401.CTM_Action, 4);               // Makes character walk.  !!! MUST HAVE CTM ENABLED IN USER INTERFACE !!!.
        }

        #region Support Functions

        /// <summary>
        /// Step through all objects to find the object with the specificed GUID.
        /// </summary>
        /// <param name="GUID"></param>
        /// <returns></returns>
        static uint FindObjectPtr(ulong GUID)
        {
            uint ObjectPtr = 0;
            uint CurrentObjectPtr = wow.ReadUInt(CurrentManager + (uint)WoW401.FirstObject);
            while (CurrentObjectPtr != 0 && (CurrentObjectPtr & 1) == 0)
            {
                ulong ObjGUID = wow.ReadUInt64(wow.ReadUInt(CurrentObjectPtr + 0x8) + (uint)WoW401.OBJECT_FIELD_GUID * 4);
                if (ObjGUID == GUID)
                {
                    ObjectPtr = CurrentObjectPtr;
                    break;
                }
                CurrentObjectPtr = wow.ReadUInt(CurrentObjectPtr + (uint)WoW401.NextObject);
            }

            if (ObjectPtr == 0)
                Console.WriteLine("Error: GUID could not be found.");

            return ObjectPtr;
            }
        
        #endregion
    }
}
```

----------


## klucky

thx Kz0z the updated versions are rlly nive =) +rep for you!

----------


## Floppixx

I use the adresses and offests for 3.3.5a.
All works fine.

But I dont know wich offsets/adress I need to make the charekter work. 
And is the offset correct for the xyz reading part ?



```
Const $PlayerBase = 0x00CD87A8
Const $PlayerBaseOffset1 = 0x34
Const $PlayerBaseOffset2 = 0x24

Const $UnitX = 0x798
Const $UnitY = $UnitX + 0x04 ;3.3.5a
Const $UnitZ = $UnitY + 0x04 ;3.3.5a

Const $CGPlayer_C__ClickToMove = 0x00727400
Const $CTM_Activate_Pointer = 0xBD08F4
Const $CTM_Activate_Offset = 0x30
Const $CTM_Base = 0x00CA11D8
Const $CTM_X = 0x8C
Const $CTM_Y = 0x90
Const $CTM_Z = 0x94
Const $CTM_TurnSpeed = 0x4
Const $CTM_Distance = 0xC
Const $CTM_Action = 0x1C
Const $CTM_GUID = 0x20
```




```
        static void Main(string[] args)
        {
            
            BlackMagic wow = new BlackMagic(); //Create new function to open wow process
            wow.OpenProcessAndThread(SProcess.GetProcessFromWindowTitle("World of Warcraft")); //This Opens "World of Warcraft" window
            uint playerbase = wow.ReadUInt(wow.ReadUInt(wow.ReadUInt(0x00CD87A8) + 0x34) + 0x24); //this is the player base
            string playername = wow.ReadASCIIString(0x00C79D18, 12); //reads player name
            uint Level = wow.ReadUInt(wow.ReadUInt(playerbase + 0x8) + (0x36 * 4)); // Reads players level
            uint CurrHp = wow.ReadUInt(wow.ReadUInt(playerbase + 0x8) + (0x20 * 4));
            float playerx = wow.ReadFloat(playerbase + 0x798); // Read players xlocation
            float playery = wow.ReadFloat(playerbase + 0x04); // Read players ylocation
            float playerz = wow.ReadFloat(playerbase + 0x04); // Read players zlocation
            Console.WriteLine("Player Name is: " + playername); //writes to console to tell player name
            Console.WriteLine("Player level is: " + Level); //writes to console to tell player level
            Console.WriteLine("Player X cord is: " + playerx); //writes to console to tell players x cordinate
            Console.WriteLine("Player Y cord is: " + playery); //writes to console to tell players y cordinate
            Console.WriteLine("Player Z cord is: " + playerz);
            Console.WriteLine("Player max Health: " + CurrHp);
            wow.WriteFloat(0xBD08F4, 900); // x pos from prompt
            wow.WriteFloat(0xBD08F4, 900); // y pos from prompt
            wow.WriteInt(0x00CB97A4, 4);//makes character walk

            Console.Read();
        }
```

----------


## Syltex

> Const $PlayerBase = 0x00CD87A8
> Const $PlayerBaseOffset1 = 0x34
> Const $PlayerBaseOffset2 = 0x24
> 
> Const $UnitX = 0x798
> 
> Const $UnitY = $UnitX + 0x04 ;3.3.5a
> Const $UnitZ = $UnitY + 0x04 ;3.3.5a
> 
> ...


Explaination:
(inside wow.exe)
Playerbase
bla bla
bla lba
_after 200 lines_
line:798 = X
line: 799 = `????
line: 800 = `????
line: 801 = `????
line: 802 = Y 
//WARNING THE "LINES" IS IN DEC NOT HEX
It´s like a reading a book.

Picture explaination if u didnt understand:

----------


## Floppixx

```
float playerx = wow.ReadFloat(playerbase + 0x798); // Read players xlocation
            float playery = wow.ReadFloat(playerbase + 0x798 + 0x04); // Read players ylocation
            float playerz = wow.ReadFloat((playerbase + 0x798 + 0x04) + 0x04); // Read players zlocation
```



---------- Post added at 11:25 AM ---------- Previous post was at 11:16 AM ----------




> ```
> float playerx = wow.ReadFloat(playerbase + 0x798); // Read players xlocation
>             float playery = wow.ReadFloat(playerbase + 0x798 + 0x04); // Read players ylocation
>             float playerz = wow.ReadFloat((playerbase + 0x798 + 0x04) + 0x04); // Read players zlocation
> ```


Is that correct ?

----------


## Syltex

> ```
> float playerx = wow.ReadFloat(playerbase + 0x798); // Read players xlocation
>             float playery = wow.ReadFloat(playerbase + 0x798 + 0x04); // Read players ylocation
>             float playerz = wow.ReadFloat((playerbase + 0x798 + 0x04) + 0x04); // Read players zlocation
> ```
> 
> 
> 
> ---------- Post added at 11:25 AM ---------- Previous post was at 11:16 AM ----------
> ...


Sorry, not rly. 
Because you need to predeclare Y Z if ur gonna do that in that way because the writer just gets the X offset then 
it´s a simple rule that after 0x4 comes Y and Z. So you can just use a calculator to get the offset ( 798 + 4 = 79C) IN HEX FORM
So:
Y_Offset = X + 0x4
Read(Playerbase + Y_Offset)

----------


## Floppixx

I got it  :Smile:  ... hopefully


```
            float playerx = wow.ReadFloat(playerbase + 0x798); // Read players xlocation
            float PlayerCurrY = playerx + 0x04;
            float playery = wow.ReadFloat(playerbase) + PlayerCurrY; // Read players ylocation
            float playerCurrZ = PlayerCurrY + 0x04;
            float playerz = wow.ReadFloat(playerbase) + playerCurrZ; // Read players zlocation
```

But the xy write part doesent work ...
I think I choose the wrong offsets and adress ...



```
            //wow.WriteFloat(0xBD08F4, 900); // x pos from prompt
            //wow.WriteFloat(0xBD08F4, 900); // y pos from prompt
            //wow.WriteInt(0x00CB97A4, 4);//makes character walk
```

----------


## Hi on helium

could someone help me update this for patch 4.0.3 and tell me what I need to change? Here's what I've got so far:



```
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using Magic;

namespace Memory_Editing_Tutorial__Console_App
{
    class Program
    {
        static void Main(string[] args)
        {
            BlackMagic wow = new BlackMagic(); //Create new function to open wow process
            wow.OpenProcessAndThread(SProcess.GetProcessFromWindowTitle("World of Warcraft")); //This Opens "World of Warcraft" window
            uint playerbase = wow.ReadUInt(wow.ReadUInt(wow.ReadUInt(0x923720)+0x38)+0x24); //this is the player base
            string playername = wow.ReadASCIIString(0x8B2FB0, 12); //reads player name
            float playerx = wow.ReadFloat(playerbase + 0x898); // Read players xlocation
            float playery = wow.ReadFloat(playerbase + 0x88C); // Read players ylocation
            float playerz = wow.ReadFloat(playerbase + 0x8A0); // Read players zlocation
            Console.WriteLine("Player Name is: " + playername); //writes to console to tell player name
            Console.WriteLine("Player X cord is:" + playerx); //writes to console to tell players x cordinate
            Console.WriteLine("Player Y cord is:" + playery); //writes to console to tell players y cordinate
        }
    }
}
```

But when I try to compile it, it comes up saying: "An unhandled Microsoft .NET Framework exception occurred in ConsoleApplication1.exe[256]"(Note: ConsoleApplication1 is the name of my C# Application because it happens to be a Visual C# Console Application..)

Then it Asks me if i'd like to debug it using "ConsoleApplication1 - Microsoft Visual Studios: Microsoft Visual Studios 2010" when i click yes it says, "An unhandled exception of type 'System.IO.FileLoadException' occurred in ConsoleApplication1.exe

Additional information: Mixed mode assembly is built against version 'v2.0.50727' of the runtime and cannot be loaded in the 4.0 runtime without additional configuration information."

Then I can either click "Break" or "Continue" and when I click "Break" it highlights "BlackMagic wow = new BlackMagic();"

So is there a new way of doing "BlackMagic wow = new BlackMagic();" in Black Magic or did I somehow do something wrong?

Thanks,

-Hi on Helium

----------


## Syltex

> I got it  ... hopefully
> float playerx = wow.ReadFloat(playerbase + 0x79; // Read players xlocation
> float PlayerCurrY = playerx + 0x04;


No, it´s "0x798 + 0x4" for y

----------


## Millow

HiOnHelium

Project -> Project property -> Application tab -> Target Framework -> .Net Framework 3.5
Gonna get rid of the nasty 'v2.0.50727' of the runtime and cannot be loaded in the 4.0 runtime' error.

Cheers

----------


## maffer

> Project -> Project property -> Application tab -> Target Framework -> .Net Framework 3.5
> Gonna get rid of the nasty 'v2.0.50727' of the runtime and cannot be loaded in the 4.0 runtime' error.


I had the same problem and it worked thanks ;D But now i got another problem :/ 



```
wow.OpenProcessAndThread(SProcess.GetProcessFromWindowTitle("World of Warcraft"));
```

----------


## Millow

> I had the same problem and it worked thanks ;D But now i got another problem :/ 
> 
> 
> 
> ```
> wow.OpenProcessAndThread(SProcess.GetProcessFromWindowTitle("World of Warcraft"));
> ```


Make sure you run wow and your visual studio as administrator.
I wonder how come you have 4 posts and 12 rep, *sigh* !

----------


## dook123

If it isnt the administrator issue it might be with his OS being in a different language. Try changing the Text to see.

@Millow, Rep aint no big deal  :Wink:  I get thanked an no rep = me a lazy leecher

----------


## maffer

That didn't work :/ and sorry for my lack of details thought the picture would tell you more :P. I get the error when i try debugging, and i'm a real nab with visual studio xD haven't seen this error before that's why i'm asking for help.

----------


## oldmanofmen

> I had the same problem and it worked thanks ;D But now i got another problem :/ 
> 
> 
> 
> ```
> wow.OpenProcessAndThread(SProcess.GetProcessFromWindowTitle("World of Warcraft"));
> ```


Even if that particular part of your code was working as you intend it to, you're highly likely to get an exception on the next line and...the line after that....and yet again on the line after that. The memory addresses that you're using aren't relevant to the current patch and you're not even reading the addresses you're using relative to WoW's process. Come on.......atleast do a bit of research before you start doing this, you really don't deserve help if you can't be bothered putting some work in yourself.

----------


## maffer

Well excuse me but i was just following this tutorial -.-'

----------


## Syltex

> Well excuse me but i was just following this tutorial -.-'


They already said the solution for it. 
1# RUN THE C# AS ADMIN 
2# RUN WOW AS ADMIN 
3# Profit!!!

----------


## FunnybunnyJR

When I try to run the program, it gives this error when i try to create the BlackMagic function: "Could not load file or assembly 'fasmdll_managed, Version=1.0.3262.20709, Culture=neutral, PublicKeyToken=null' or one of its dependencies. An attempt was made to load a program with an incorrect format." I thought that this might be because im on an x64 system, but i downloaded the source for the fasm_managed dll and compiled it myself, added the dll i compiled to the references, and the problem persists. any idea how i might fix this?

EDIT: fixed by changing target platform to x86

----------


## Xelper

Any help on this would be appreciated, I'm a long time programmer but the memory reading and editing scene is pretty new to me. 

I understand that I need the latest playerbase and playername offsets to make this work, and I believe I have them after looking at the infodump thread for 4.0.3a (13229).



```
using System;
using System.Collections.Generic;
using System.Text;
using Magic;
using System.Diagnostics;

namespace TestTutorial
{
    class Program
    {
        static void Main(string[] args)
        {

            BlackMagic wow = new BlackMagic(); //Create new function to open wow process
            wow.OpenProcessAndThread(SProcess.GetProcessFromWindowTitle("World of Warcraft")); //This Opens "World of Warcraft" window
            uint playerbase = wow.ReadUInt(wow.ReadUInt(wow.ReadUInt(0x924720) + 0x38) + 0x24); //this is the player base
            string playername = wow.ReadASCIIString(0x8B2FB0, 12); //reads player name
            Console.WriteLine("Player Name is: " + playername); //writes to console to tell player name
        }
    }
```

The code breaks on "uint playerbase = ...." with the error "ReadUInt Failed"

Am I doing something wrong here? Been going at this for a few hours now with no luck at all.

From a post Apollo made on the thread:


```
#define PLAYER_STRUCT      0x924720  // 4.0.3a
#define PLAYER_STRUCT_HOP1 0x38      // 4.0.3a
#define PLAYER_STRUCT_HOP2 0x24      // 4.0.3a
```

----------


## JuJuBoSc

Wow base address ... just a hint.

----------


## Xelper

Thanks for the hint, all set. +rep for you! (If I can even give it out that is!)

I had been assuming that since the the BlackMagic instance opened the process that it was already taking the base address into account.



```
            Process pWoW = Process.GetProcessById(wow.ProcessId);
            IntPtr baseWoW = pWoW.MainModule.BaseAddress;

            string playername = wow.ReadASCIIString((uint)baseWoW + 0x8B3FB0, 255); //player name
```

----------


## Plaguesnow

I wasn't very interested about this stuff a few seconds ago, but I read the tutorial out of boredome and now I'm VERY interested...

Is it completely safe to memory read and not write? There are supposedly no 4.0 servers and I don't want to get banned on retail...

Also does Visual C# 2010 work?

----------


## Sychotix

> I wasn't very interested about this stuff a few seconds ago, but I read the tutorial out of boredome and now I'm VERY interested...
> 
> Is it completely safe to memory read and not write? There are supposedly no 4.0 servers and I don't want to get banned on retail...
> 
> Also does Visual C# 2010 work?


Nothing is 100% safe. I suggest that if you care if your account is banned, you do not do anything that may cause it.

That being said, reading from memory is fairly safe and can be done in in any language [where possible ofc], including C#.

----------


## Plaguesnow

I've been trying to get this to work for about 2 hours now... I changed all sorts of stuff relative to the last few posts but eventually I screwed it up and got errors on everything that didn't have errors before... So I started over and the problem is: 

ReadUID failed... Do I need later offsets? If so where do I get them in hex form... :S I'm very confused.


*Awaits the generic "Section isn't for beginners" response.*

----------


## Cypher

> I've been trying to get this to work for about 2 hours now... I changed all sorts of stuff relative to the last few posts but eventually I screwed it up and got errors on everything that didn't have errors before... So I started over and the problem is: 
> 
> ReadUID failed... Do I need later offsets? If so where do I get them in hex form... :S I'm very confused.
> 
> 
> *Awaits the generic "Section isn't for beginners" response.*


<Insert generic "Section isn't for beginners" response here>

----------


## Xelper

Just wanted to say thanks again, for those that are having issues getting started all of the answers you need are already answered in this thread. Using just this thread and the info dump thread for the current patch (to get offsets/descriptors) I was able to come up with this in less than 24 hours after never doing any memory reading at all (clicky):



Time to figure out how the object manager works then figure out how to reverse some LUA functions.  :Smile:

----------


## lewie4

Im fairly new to C# having done other languages prior to this but I havent ever had to dump data to get offsets before. I have read through the majority of this but couldn't see the new offsets so I was wondering if anyone could post the new offset used in the tutorial or if they could point me in the right direction so I could get them myself.

Thanks
Lewie

----------


## Xelper

> Im fairly new to C# having done other languages prior to this but I havent ever had to dump data to get offsets before. I have read through the majority of this but couldn't see the new offsets so I was wondering if anyone could post the new offset used in the tutorial or if they could point me in the right direction so I could get them myself.
> 
> Thanks
> Lewie


(4.0.3a 13329)
playerbase = 0x924720
offset1 = 0x38
offset2 = 0x24
playername = 0x8B3FB0

Should be enough to get you started. All of the info to go further than that is in the info dump thread though.

----------


## GameAssist

In my humble opinion, the example given is not the most successful ways to move your character. If you move your bot in this way is 100% get banned. For the safe movement of BOT should be recorded in the CTM domain of memory.


```
#region offset ctm
    enum CTM_offset
    {
        orient = 0,
        turn = 4,
        after = 8, 
        distance = 24, 
        action = 28,  //<<  here we write the new action
        taget_guid = 32, 
        move_to_X = 160, // << here we write the new position of BOT (Vector3)
        point_pos_X = 148 
    }
public enum Action : byte
{
    LeftClick = 1,
    Face = 2,
    Stop_ThrowsException = 3, 
    GoTo = 4,
    InteractWithNpc = 5,
    Loot = 6,
    ...
 }
```

Question to the guru :Stick Out Tongue: 
*Is it safe to turn the BOT, writing directly to WowObject.Offset +0 x8A8? Does anyone realties such a method for turning in my BOT?*

----------


## Xelper

Hi All, wanted to post this here as to not clutter the forum...

I've been working on a radar since I picked up memory reading a few days ago, and for the most part it has gone well. I'm trying to figure out this one bug though. 

Any players using accented characters in their names are returning some garbage in place of the accented letter, every other standard alphanumeric character (Aa-Zz, 0-9) based name looks fine... see the screenshot below. Any quick thoughts on what I should look at to resolve this? Don't want any code just a hint would be nice.

I'm currently reading from the playerName offset using BlackMagic's ReadASCIIString, which I thought might be the issue.



EDIT: Thanks for the tip miceiken, I wasn't sure how to make BlackMagic's ReadUnicodeString work... kept returning gibberish, so I did this:



```
        public string ProcessUnicode(string UnicodeString) // Remove any extra bytes that were read.
        {
            return UnicodeString.Remove(UnicodeString.IndexOf("\0"));           
        }

Use:
string unicodeString = Encoding.UTF8.GetString((bWoW.ReadBytes(memoryAddress, 30)));
unicodeString = ProcessUnicode(unicodeString);
```

----------


## miceiken

Read it as UTF-8?

----------


## fvicaria

Hi guys,
Not sure if this thread is still active but I was trying to update the source for the demo to compile and run with version 4.3 but I keep getting an error.
Its is probably obvious for the most experienced of you but I have ran out of the ideas. The offsets are correct as far as I can see.
Am I missing a base somewhere or something stupider than that?

I attached my code below.




using System;
using Magic;

using System.Diagnostics;

namespace Memory_Editing_Tutorial__Console_App
{
class Program
{
#region WoW 4.3.0.15005 Constants
public enum WoW430
{
CurMgrPointer = 0x009BE678, // ObjectManager.CurMgrPointer
CurMgrOffset = 0x463C, // ObjectManager.CurMgrOffset
NextObject = 0x3C, // ObjectManager.NextObject
FirstObject = 0xC0, // ObjectManager.FirstObject
LocalGUID = 0xC8, // ObjectManager.LocalGUID

STATIC_PLAYERNAME = 0x9BE6B8,

OBJECT_FIELD_GUID = 0x00, // WowObjectFields.OBJECT_FIELD_GUID

X = 0x790, // WowObject.X
Y = X + 0x4, // WowObject.Y
Z = X + 0x8, // WowObject.Z
RotationOffset = X + 0x10,

UNIT_FIELD_HEALTH = 0x20 + 0x48, // WowUnitFields.UNIT_FIELD_HEALTH
UNIT_FIELD_LEVEL = 0x20 + 0xA0, // WowUnitFields.UNIT_FIELD_LEVEL

CTM_Base = 0x9D6050, // ClickToMove
CTM_Distance = CTM_Base + 0x0C,
CTM_Action = CTM_Base + 0x1C,
CTM_X = CTM_Base + 0x8C,
CTM_Y = CTM_Base + 0x90,
CTM_Z = CTM_Base + 0x94
}
#endregion

#region Global Variables
static BlackMagic wow = null;
static IntPtr BaseAddress = IntPtr.Zero;
static uint CurrentManager = 0;
#endregion

static void Main(string[] args)
{
////////////////////////////////////////////////////////
// Initialize memory access.
var proc = Process.GetProcessesByName("Wow");
if (proc[0] == null)
{
Console.WriteLine("World of Warcraft process could not be found.");
return;
}

wow = new BlackMagic(proc[0].Id);
BaseAddress = proc[0].MainModule.BaseAddress;

CurrentManager = wow.ReadUInt(wow.ReadUInt((uint)BaseAddress + (uint)WoW430.CurMgrPointer) + (uint)WoW430.CurMgrOffset);
ulong PlayerGUID = wow.ReadUInt64(CurrentManager + (uint)WoW430.LocalGUID);


////////////////////////////////////////////////////////
// Display some simple player static data.

string PlayerName = wow.ReadASCIIString((uint)BaseAddress + (uint)WoW430.STATIC_PLAYERNAME, 60);
Console.WriteLine("Player Name is: " + PlayerName);


// Alternative way...
//uint playerbase = wow.ReadUInt(wow.ReadUInt(wow.ReadUInt(0x00A70AE0) + 0x3 :Cool:  + 0x24); //this is the player base
//uint level = wow.ReadUInt(wow.ReadUInt(playerbase + 0x :Cool:  + ((uint)WoW401.UNIT_FIELD_LEVEL * 4)); // Reads players level

////////////////////////////////////////////////////////
// Display some simple player data from the palyer GUID.

// Find the object for the local player.
uint PlayerPtr = FindObjectPtr(PlayerGUID);
if (PlayerPtr == 0)
return;

uint Level = wow.ReadUInt(wow.ReadUInt(PlayerPtr + 0x :Cool:  + ((uint)WoW430.UNIT_FIELD_LEVEL * 4)); // Reads players level
uint Health = wow.ReadUInt(wow.ReadUInt(PlayerPtr + 0x :Cool:  + ((uint)WoW430.UNIT_FIELD_HEALTH * 4)); // Reads players health

Console.WriteLine("Player level is:" + Level); //writes to console to tell player level
Console.WriteLine("Player health is:" + Health); //writes to console to tell player health

float playerx = wow.ReadFloat(PlayerPtr + (uint)WoW430.X); // Read players xlocation
float playery = wow.ReadFloat(PlayerPtr + (uint)WoW430.Y); // Read players ylocation
float playerz = wow.ReadFloat(PlayerPtr + (uint)WoW430.Z); // Read players zlocation

Console.WriteLine("Player X cord is:" + playerx); //writes to console to tell players x cordinate
Console.WriteLine("Player Y cord is:" + playery); //writes to console to tell players y cordinate
Console.WriteLine("Player Z cord is:" + playerz); //writes to console to tell players z cordinate


////////////////////////////////////////////////////////
// ClickToMove CTM_...
float MoveToX = playerx + 10; // Position to move to (add offset from current location).
float MoveToY = playery + 5;

wow.WriteFloat((uint)BaseAddress + (uint)WoW430.CTM_X, MoveToX); // x destination pos
wow.WriteFloat((uint)BaseAddress + (uint)WoW430.CTM_Y, MoveToY); // y destination pos
wow.WriteInt((uint)BaseAddress + (uint)WoW430.CTM_Action, 4); // Makes character walk. !!! MUST HAVE CTM ENABLED IN USER INTERFACE !!!.
}

#region Support Functions

/// <summary>
/// Step through all objects to find the object with the specificed GUID.
/// </summary>
/// <param name="GUID"></param>
/// <returns></returns>
static uint FindObjectPtr(ulong GUID)
{
uint ObjectPtr = 0;
uint CurrentObjectPtr = wow.ReadUInt(CurrentManager + (uint)WoW430.FirstObject);
while (CurrentObjectPtr != 0 && (CurrentObjectPtr & 1) == 0)
{
ulong ObjGUID = wow.ReadUInt64(wow.ReadUInt(CurrentObjectPtr + 0x :Cool:  + (uint)WoW430.OBJECT_FIELD_GUID * 4);
if (ObjGUID == GUID)
{
ObjectPtr = CurrentObjectPtr;
break;
}
CurrentObjectPtr = wow.ReadUInt(CurrentObjectPtr + (uint)WoW430.NextObject);
}

if (ObjectPtr == 0)
Console.WriteLine("Error: GUID could not be found.");

return ObjectPtr;
}

#endregion
}
}

----------


## miceiken

No, you didn't attach your code, you attached your wall of text. Use the code bbtag. And how about giving us the actual error? Noone is gonna put extra effort into understanding your code and figuring out the error for themselves.

----------


## ccKep

First glance is actually already answered in the info dump sticky:




> Before endless QQ IT DUN BROKED posts.
> 
> Descriptors are now at 0xC instead of 0x8.


Didn't check the rest.

----------


## fvicaria

> First glance is actually already answered in the info dump sticky:
> 
> 
> 
> Didn't check the rest.


Thanks ccKep...

Awesome! That was exactly it. 
I will fix the code and post here a working version for 4.3.

----------


## fvicaria

> First glance is actually already answered in the info dump sticky:
> 
> 
> 
> Didn't check the rest.


That was it. Thanks a lot!
I will post the code updated for 4.3 once I get it working nicely.

Thanks again!

----------


## Ahatius

Hello There

I've downloaded Black-Magic, but I've got 2 problems:
1) Is this still up to date? Since the last entry from the developer seems from 2009
2) I have problems using the dlls since they are made with .NET 2, and I've got Windows 7 with .NET 4. Anyway to use it anyway? Can't get the 3.5 installer to work.

Thanks

Edit: Ok, didn't understood that BM was a general library for mem hacking. Tought it's special for wow.

Anyway, editing App.config and adding <supportedRuntime version="v4.0"/> did the trick.

----------


## vitecp

> That was it. Thanks a lot!
> I will post the code updated for 4.3 once I get it working nicely.
> 
> Thanks again!


And where is your working version?

----------


## xalcon

Well, first look here [Interesting stuff] (Memory Editing Section Rules)
Espacially the 4. and the 6. point...

----------


## Jokur

Was very happy to see a complete tutorial on this. Was a very good example of the basic CTM activity.
Had this issue immediately (see attachment screen shot)
x86 - CHECK
.Net 3.5 - CHECK (have up to .Net 4 available) 
Offsets are correct - CHECK
Ran VS & WOW as Administrator - CHECK
Read thru 12 pages trying to see if the issue was mentioned or resolved - CHECK




> Well, first look here [Interesting stuff]
> Especially the 4. and the 6. point...


 - CHECK

I am wondering now if BM is still a valid tool for trying to do this type of thing. Any suggestions would be much appreciated. 
I remarked out everything to attempt to find / resolve the error. And yes I reliase that the x y coords on the write statement are incorrect at the bottom, but not even getting to that point.

----------


## JuJuBoSc

Base address as mentionned many time - UNCHECK

----------


## Jokur

> Base address as mentionned many time - UNCHECK



Yes, base address was mentioned Juju... Now use it in a sentence..

----------


## Bananenbrot

He meant that you should take ASLR into account (unless you disabled it...), which forces you to use the offsets relative to WoW's base address.

----------


## Vandra

> Was very happy to see a complete tutorial on this. Was a very good example of the basic CTM activity.
> Had this issue immediately (see attachment screen shot)
> x86 - CHECK
> .Net 3.5 - CHECK (have up to .Net 4 available) 
> Offsets are correct - CHECK
> Ran VS & WOW as Administrator - CHECK
> Read thru 12 pages trying to see if the issue was mentioned or resolved - CHECK
> 
> - CHECK
> ...


Basically you have to read wow.exe+0x000000 (where 0x00000 is your offset of course..)

Ex:
Memory.Read<UInt32>(Memory.BaseAddress + 0xAD7296);

----------


## Jokur

Thanks guys. I will give it a shot.

----------


## punkedalex

Hi all,

i've replaced all the address pointers for 4.3.4 ( i can see this line showing up correctly my char name 

```
 Console.WriteLine("Player level is:" + Level);
```

 but
i get "ReadUInt64 Failed" at this line: 

```
ulong ObjGUID = wow.ReadUInt64(wow.ReadUInt(CurrentObjectPtr + 0x8) + (uint)WoW401.OBJECT_FIELD_GUID * 4);
```

any ideeas ?


here is my full code :



```
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using Magic;
using System.Configuration;

using System.Diagnostics;

namespace Memory_Editing_Tutorial__Console_App
{
    class Program
    {
        #region WoW 4.0.1 Constants
        public enum WoW401
        {
            CurMgrPointer = 0x009BE7E0,                 // ObjectManager.CurMgrPointer
            CurMgrOffset = 0x463C,                      // ObjectManager.CurMgrOffset
            NextObject = 0x3C,                          // ObjectManager.NextObject
            FirstObject = 0xC0,                         // ObjectManager.FirstObject
            LocalGUID = 0xC8,                           // ObjectManager.LocalGUID

            STATIC_PLAYERNAME = 0x9BE820,

            OBJECT_FIELD_GUID = 0x00,                   // WowObjectFields.OBJECT_FIELD_GUID

            

            X = 0x790,
            Y = X + 0x4,
            Z = X + 0x8,
            OBJECT_END = 0x8,
            UNIT_FIELD_HEALTH = OBJECT_END + 0x12,           // WowUnitFields.UNIT_FIELD_HEALTH
            UNIT_FIELD_LEVEL = OBJECT_END + 0x28,       // WowUnitFields.UNIT_FIELD_LEVEL

            CTM_Base = 0x8BD7D8,                        // ClickToMove
            CTM_Distance = 0x0c,
            CTM_Action = CTM_Base + 0x1c,
            CTM_X = CTM_Base + 0xa0,
            CTM_Y = CTM_Base + 0xa4,
            CTM_Z = CTM_Base + 0xa8
        }
        #endregion

        #region Global Variables
        static BlackMagic wow = null;
        static IntPtr BaseAddress = IntPtr.Zero;
        static uint CurrentManager = 0;
        #endregion

        static void Main(string[] args)
        {
            ////////////////////////////////////////////////////////
            // Initialize memory access.
            var proc = Process.GetProcessesByName("Wow");
            if (proc[0] == null)
            {
                Console.WriteLine("World of Warcraft process could not be found.");
                return;
            }

            wow = new BlackMagic(proc[0].Id);
            BaseAddress = proc[0].MainModule.BaseAddress;

            CurrentManager = wow.ReadUInt(wow.ReadUInt((uint)BaseAddress + (uint)WoW401.CurMgrPointer) + (uint)WoW401.CurMgrOffset);
            ulong PlayerGUID = wow.ReadUInt64(CurrentManager + (uint)WoW401.LocalGUID);


            ////////////////////////////////////////////////////////
            // Display some simple player static data.

            string PlayerName = wow.ReadASCIIString((uint)BaseAddress + (uint)WoW401.STATIC_PLAYERNAME, 60);
            Console.WriteLine("Player Name is: " + PlayerName);


            ////////////////////////////////////////////////////////
            // Display some simple player data from the palyer GUID.

            // Find the object for the local player.
            uint PlayerPtr = FindObjectPtr(PlayerGUID);
            if (PlayerPtr == 0)
                return;

            uint Level = wow.ReadUInt(wow.ReadUInt(PlayerPtr + 0x8) + ((uint)WoW401.UNIT_FIELD_LEVEL * 4)); // Reads players level
            uint Health = wow.ReadUInt(wow.ReadUInt(PlayerPtr + 0x8) + ((uint)WoW401.UNIT_FIELD_HEALTH * 4)); // Reads players health

            Console.WriteLine("Player level is:" + Level);          //writes to console to tell player level
            Console.WriteLine("Player health is:" + Health);        //writes to console to tell player health

            float playerx = wow.ReadFloat(PlayerPtr + (uint)WoW401.X);    // Read players xlocation
            float playery = wow.ReadFloat(PlayerPtr + (uint)WoW401.Y);    // Read players ylocation
            float playerz = wow.ReadFloat(PlayerPtr + (uint)WoW401.Z);    // Read players zlocation

            Console.WriteLine("Player X cord is:" + playerx);       //writes to console to tell players x cordinate
            Console.WriteLine("Player Y cord is:" + playery);       //writes to console to tell players y cordinate
            Console.WriteLine("Player Z cord is:" + playerz);       //writes to console to tell players z cordinate


            ////////////////////////////////////////////////////////
            // ClickToMove  CTM_...
            float MoveToX = playerx + 10;                           // Position to move to (add offset from current location).
            float MoveToY = playery + 5;

            wow.WriteFloat((uint)BaseAddress + (uint)WoW401.CTM_X, MoveToX);            // x destination pos
            wow.WriteFloat((uint)BaseAddress + (uint)WoW401.CTM_Y, MoveToY);            // y destination pos
            wow.WriteInt((uint)BaseAddress + (uint)WoW401.CTM_Action, 4);               // Makes character walk.  !!! MUST HAVE CTM ENABLED IN USER INTERFACE !!!.
        }

        #region Support Functions

        /// <summary>
        /// Step through all objects to find the object with the specificed GUID.
        /// </summary>
        /// <param name="GUID"></param>
        /// <returns></returns>
        static uint FindObjectPtr(ulong GUID)
        {
            uint ObjectPtr = 0;
            uint CurrentObjectPtr = wow.ReadUInt(CurrentManager + (uint)WoW401.FirstObject);
            while (CurrentObjectPtr != 0 && (CurrentObjectPtr & 1) == 0)
            {
                ulong ObjGUID = wow.ReadUInt64(wow.ReadUInt(CurrentObjectPtr + 0x8) + (uint)WoW401.OBJECT_FIELD_GUID * 4);
                if (ObjGUID == GUID)
                {
                    ObjectPtr = CurrentObjectPtr;
                    break;
                }
                CurrentObjectPtr = wow.ReadUInt(CurrentObjectPtr + (uint)WoW401.NextObject);
            }

            if (ObjectPtr == 0)
                Console.WriteLine("Error: GUID could not be found.");

            return ObjectPtr;
        }

        #endregion
    }
}
```

----------


## punkedalex

i think i might have a wrong version of blackmagic... i have 1.0
anyone has a link for a new one ? could not find on this forum

EDIT found 1.1 here  but same error

----------


## DarkLinux

-_- Its in the sticky... black magic 1.1

----------


## punkedalex

how can i calculate the playerbase?

i can't find in the "[WoW][4.3.4.15595] Info Dump Thread" thread STATIC_PLAYER, PlayerBaseOffset1 or PlayerBaseOffset2


EDIT: it seems i am unable to get the baseaddress of wow.exe  :Smile: ) will keep searching
EDIT: i found this around


```
[PlayerBase] + 0xC] + 0x15 * 0x4 + 0x14 // health
[PlayerBase] + 0xC] + 0x16 *4 + 20 // mana
[[WoW.exe + 0x00A70C50] + 0x38] + 0x24 // playerbase
```

and used to do this


```
uint hp = wow.ReadUInt(wow.ReadUInt(wow.ReadUInt(wow.ReadUInt(wow.ReadUInt((uint)BaseAddress + 0x00A70C50) + 0x38) + 0x24) + 0xC) + 0x15 * 0x4 + 0x14);
```

and it works
but it doesn't make any sense as the health and mana offsets don't match http://www.ownedcore.com/forums/worl...mp-thread.html ([WoW][4.3.4.15595] Info Dump Thread)

----------


## punkedalex

please someone enlight me how do i get this baseaddress cuz all i get is 0x400000 ...

----------


## DarkLinux

```
MEMORY_BASIC_INFORMATION mbi;
uint Traverse;

VirtualQueryEx(hProcess,(LPVOID)Traverse,&mbi,sizeof(mbi));

mbi.BaseAddress
```

----------


## punkedalex

found how , thanks

----------


## abuckau907

> ```
> MEMORY_BASIC_INFORMATION mbi;
> uint Traverse;
> 
> VirtualQueryEx(hProcess,(LPVOID)Traverse,&mbi,sizeof(mbi));
> 
> mbi.BaseAddress
> ```


Process.MainModule.BaseAddress == very first mbi's base? why doesn't that seem right?...


alex, if you're on an older machine (without ASLR) it will always be that number. (I'm on windows xp sp3 - same thing)

----------


## MyNewName

I dont want to burn your thread up. (Wish i could borrow that sarcasm someone used a few pages ago) But Just a quick question, and slightly bent topic. But what is a good book to learn C#(Forgive me if I sound like I was born addicted to crack). But I want to run an experiment. Please only people who have a clue respond via Inbox. **And i'll tell you the experiment,**-****Shhh****

----------


## Linda513

you're writing to memory, isn't that detectable?

----------


## DarkLinux

Everything is detectable... Even the bots that do not write to memory...  :Big Grin:  It just depends on how bad Blizz wants your ass XD

----------


## homer91

Yes. Yes it is.

----------


## Stany8

I'm getting a 'Win32Exception was unhandled' exception, meaning that it doesn't have the rights to execute the project, if I start it up as administrator it works, though it doesn't work when I just press F5. Is there any way I can start up my project as administrator automatically?

----------


## flowtek333

Stany8. ofc there is a way. what program do you use to make the program in? visual studio? if y open visual studio with adminstrator.


//edit: for more info about the error you get. make f.eks. a try function to see if it can handle it or show the error

----------


## Jadd

> I'm getting a 'Win32Exception was unhandled' exception, meaning that it doesn't have the rights to execute the project, if I start it up as administrator it works, though it doesn't work when I just press F5. Is there any way I can start up my project as administrator automatically?


Add an app manifest.

----------


## Decodex

Hi, I completed this tutorial, my character name is printed to the listbox but I'm not getting the xyz coordinates, can someone put a newbie like me in the correct way?.

I'm ingame and running the app as admin, here is the little code.




```
private void button1_Click(object sender, EventArgs e)
        {
            
            BlackMagic wow = new BlackMagic();
            wow.OpenProcessAndThread(SProcess.GetProcessFromProcessName("Wow"));

            IntPtr baseWOW = wow.MainModule.BaseAddress;

            string playername = wow.ReadASCIIString((uint)baseWOW + 0xE28468, 256);
            float playerx = wow.ReadFloat((uint)baseWOW + 0x7E8);
            float playery = wow.ReadFloat((uint)baseWOW + 0x7EC);
            float playerz = wow.ReadFloat((uint)baseWOW + 0x7F0);
 
            listBox1.Items.Add(playername);
            listBox1.Items.Add(playerx.ToString());
            listBox1.Items.Add(playery.ToString());
            listBox1.Items.Add(playerz.ToString());
 
        }
```

The xyz values I'm getting are 0.

Thanks in advance.

----------


## flowtek333

Decodex by finding the xyz with BaseWOW aint the best idea at all..

use movementdata to get xyz. most allways 100% right

uint movementdata = wow.ReadUInt(playerbase + 0x100);
float playerx = wow.ReadFloat(movementdata + 0x10);
float playery = wow.ReadFloat(movementdata + 0x14);
float playerz = wow.ReadFloat(movementdata + 0x18 );

ps.. offset old, find the offset on the forum

----------


## zdohdds

Good morning.

I have inject dll with ChatListener for 3.3.5a:

WoWChat.h


```
#ifndef WOWCHAT_H
#define WOWCHAT_H

class WoWChatClass
{
private:
	unsigned int index;
	struct WoWChatStruct
	{
		long long SenderGuid;
		unsigned int Unknow[13];
		char FormattedMessage[3000];
		char Text[3000];
		unsigned int MessageType;
		unsigned int ChannelNumber;
		unsigned int Sequence;
		unsigned int Time;
	} *pWoWChatStruct;

public:
	WoWChatClass();
	~WoWChatClass();
	long long getSenderGuid() { return pWoWChatStruct->SenderGuid; }
	char* getFormattedMessage() { return pWoWChatStruct->FormattedMessage; }
	char* getText() { return pWoWChatStruct->Text; }
	unsigned int getMessageType() { return pWoWChatStruct->MessageType; }
	unsigned int getChannelNumber() { return pWoWChatStruct->ChannelNumber; }
	unsigned int getSequence() { return pWoWChatStruct->Sequence; }
	unsigned int getTime(){ return pWoWChatStruct->Time; }

	WoWChatStruct* getPointWoWChat() { return pWoWChatStruct; }
	void setPointWoWChat(unsigned int address) { pWoWChatStruct = (WoWChatStruct*)address; }

	char* CheckNewMessage();

	void Init();
};

#endif
```

WoWChat.cpp


```
void WoWChatClass::Init(){
	setPointWoWChat(Memory::Read<unsigned int>(Offsets::Chat::ChatBuffer_start));
	index = Memory::Read<unsigned int>(Offsets::Chat::ChatBuffer_count);
}

WoWChatClass::WoWChatClass(){
	setPointWoWChat(Memory::Read<unsigned int>(Offsets::Chat::ChatBuffer_start));
	index = Memory::Read<unsigned int>(Offsets::Chat::ChatBuffer_count);
}
WoWChatClass::~WoWChatClass(){ delete this->pWoWChatStruct; }

char* WoWChatClass::CheckNewMessage(){
	unsigned int newIndex = 0;
	unsigned int newAddress = 0;
	newIndex = Memory::Read<unsigned int>(Offsets::Chat::ChatBuffer_count);
	if (newIndex == index) return NULL;

	if (newIndex < index){
		for (; index < 60 ; index++){
			newAddress = Offsets::Chat::ChatBuffer_start + (Offsets::Chat::ChatBuffer_next * index);
			setPointWoWChat(newAddress);
			if (getText()[0] == '.') {
				if (index == 59) index = 0; else index++;
				return getText();
			}
		}
		index = 0;
	}

	for (; index < newIndex; index++){
		newAddress = Offsets::Chat::ChatBuffer_start + (Offsets::Chat::ChatBuffer_next * index);
		setPointWoWChat(newAddress);
		if (getText()[0] == '.') {
			if (index == 59) index = 0; else index++;
			return getText();
		}
	}

	return NULL;
}
```

Sometimes when i set a new pointer (setPointWoWChat(newAddress)) in the char* WoWChatClass::CheckNewMessage() i can get issue:



```
pWoWChatStruct->SenderGuid; // <--memory reading is impossible, but a new pointer of struct is fine
```

PS: I'm just using dereferencing like reading of variables and struct

----------


## ioctl

Your code is a little confusing, and I'm not familiar with the chat message structures, but that "delete" in the constructor is a very obvious bug. You don't own that memory; don't try to delete it. Bizarre things will happen. Maybe that's causing your problems, maybe not. In fact, I would just get rid of that member -- keeping your class structured like this is going to give you headaches; the less state variables you have, the better. I would do this:
* Move all of those methods for retrieving chat fields (text, channel number, etc.) onto the WoWChat struct. If you want to avoid c++ fanciness, just leave all the fields public.
* Add a method that returns index of the latest message, however that is determined (looks like a ring buffer?), and a method that advances the index.
* 


> ChatBuffer_start + ChatBuffer_next * index


 feels like you should have a struct of size ChatBuffer_next, and just do ChatBuffer[index].
* Now CheckNewMessage() can look something like: 

```
if (index != GetLatestIndex()) {
    index = GetNextIndex();
    return ChatMessageAt(index);
} else {
   return nullptr;
}
```

Calling code would look like:


```
WowChat* message;
while (message = wow_chat_manager.CheckNewMessage()) {
  DoSomethingWithMessageText(message->getText());
}
```

----------


## mamamsm

```
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Diagnostics;
using Magic;

namespace ReadChat
{
    class Program
    {

        static BlackMagic wow = null;

        static void Main(string[] args)
        {
            var proc = Process.GetProcessesByName("Wow");
            if (proc[0] == null)
            {
                return;
            }
            wow = new BlackMagic(proc[0].Id);
            uint buildid = wow.ReadUInt(0xA4012C);
            Console.WriteLine(buildid);
            Console.Read();
        }
    }
}
```

result: 3177892135

What im doing wrong? I try to read gamebuild and print result in console.
use this offsets ([WoW] [7.1.5.23420])
(yes, im play on private)

----------


## danwins

guessing your trying to read a string as a uint.

----------


## mamamsm

> guessing your trying to read a string as a uint.


when i use "build = wow.ReadASCIIString(0xA4012C, 12); Console.WriteLine(build);" i get empty result. Can u show me how need that doing right?

----------


## danwins

Sorry, I guess i missed it the first time around, your issue is being caused from ASLR you need to be reading the base address + offset

try this:



```
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Diagnostics;
using Magic;

namespace ReadChat
{
    class Program
    {

        static BlackMagic wow = null;

        static void Main(string[] args)
        {
            var proc = Process.GetProcessesByName("Wow");
            if (proc[0] == null)
            {
                return;
            }
            BaseAddress = proc[0].MainModule.BaseAddress;
            wow = new BlackMagic(proc[0].Id);
            uint buildid = wow.ReadUInt(BaseAddress + 0xA4012C);
            Console.WriteLine(buildid);
            Console.Read();
        }
    }
}
```

----------

