Memory Hacking Software

[Sychotix]

Sorry if this is the right section as it said for MHS, but it is a Help section.

I am not the best coder, but after talking with a bunch of my friends... this is what was came up with as to defining a pointer.

char *pointer = (char *)((DWORD *)0xe8aa38 + 0xbf8);

Now the dll compiles correctly but when i press alt+z (thats my hotkey...) my character does not move up in the air (its changing the z coord to 500 which should be way up)

I am guessing that it was improperly defined as it was meant to be...

[00E8AA38]+0xbf8 was how it was inside of MHS. How would I fix this code? or even a better way to define the pointer?

[L. Spiro]

I assume you are running in the context of the target process.

Code: Select all

#define BRACK( ADDR ) (*(PDWORD)(ADDR))
// Now it is easy to  convert [00E8AA38]+0xbf8.  Just replace [ with BRACK( and ] with ).
PDWORD pdwValue = (PDWORD)(BRACK( 0x00E8AA38 ) + 0xBF8);
// We have a DWORD pointer that points to the converted address.  Use the * operator to change the value at that address.
(*pdwValue) = 500;

// Or maybe it was supposed to be a FLOAT.
PFLOAT pfValue = (PFLOAT)(BRACK( 0x00E8AA38 ) + 0xBF8);
(*pfValue) = 500.0f;


L. Spiro

[Felheart]

[] means pointer to pointer...

You need to ReadProcessMemory 3times

1: 0xe8aa38
2: the value you got from step 1 + 0xbf8
3: the value you got from step 2


Also:

char *pointer = (char *)((DWORD *)0xe8aa38 + 0xbf8);

wtf ?
why char when you value if far over 255/128 ??


DWORD *pointer = NULL;
and then use it like

pointer = ReadProcessMemory(); ....

Again [] is a POINTER TO A POINTER and so on...
[] does not represent a "L"(eft) or "W"(rite) value!



edit: oh lol, i worte so long, spiro wrote a answer befrore me

[Sychotix]

yes, it was meant to be a float value.

Thanks for helping but I'm getting an error with it.

I changed the define (guessing thats what was needed as well to change what you put to float) to
#define BRACK( ADDR ) (*(PFLOAT)(ADDR))

On this line
PFLOAT pfValue = (PFLOAT)(BRACK( 0x00E8AA38 ) + 0xBF8);

i get "error C2440: 'type cast' : cannot convert from 'FLOAT' to 'PFLOAT'"

[L. Spiro]

Do not change the definition of BRACK.


L. Spiro

[Sychotix]

Thanks... aparently it seems WoW LITERALLY JUST patched dll's since when i inject, i do not get my MessageBox (0, "Alt+Z to go up.!\nCreated by sychotix", "WoW Coordinator v1.0", MB_ICONINFORMATION); and i cant go up by pressing alt+z.

I inject the same DLL into WolfTeam and i see the popup so i know itsn ot the dll -.-

EDIT: or not. it was the injector. MHS's injector pwned it =D

[Noname]

I assume you are running in the context of the target process.

Code: Select all

#define BRACK( ADDR ) (*(PDWORD)(ADDR))
// Now it is easy to  convert [00E8AA38]+0xbf8.  Just replace [ with BRACK( and ] with ).
PDWORD pdwValue = (PDWORD)(BRACK( 0x00E8AA38 ) + 0xBF8);
// We have a DWORD pointer that points to the converted address.  Use the * operator to change the value at that address.
(*pdwValue) = 500;

// Or maybe it was supposed to be a FLOAT.
PFLOAT pfValue = (PFLOAT)(BRACK( 0x00E8AA38 ) + 0xBF8);
(*pfValue) = 500.0f;


PFloat is a pointer to a float? That is a type-cast right?

L. Spiro

[Sychotix]

um... why did you just quote him and say nothing?

[L. Spiro]

PFloat is a pointer to a float? That is a type-cast right?

PFLOAT is:

Code: Select all

typedef float * PFLOAT;

L. Spiro

[Noname]

um... why did you just quote him and say nothing?

Because I'm human and make mistakes.


Thanks for the Reply L.

[Sychotix]

Sorry, I did not see that you had put what you wanted to say inside of the quote.

[Noname]

Sorry, I did not see that you had put what you wanted to say inside of the quote.

NP man, It happens. I am noob though.