Offsets!

This is a discussion on Offsets! within the Warcraft 3 Hacks, bots and tools board part of the Warcraft 3 forum category; Help me find my first offset, and I'll take-off like a peacock! Attachment 9857 My simple example objective: Get Player's ...

Results 1 to 8 of 8
  1. #1
    MountainDew's Avatar
    MountainDew is offline Mentor
    Array
    Join Date
    Feb 2012
    Posts
    138
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    6
    Reputation
    154

    Offsets!

    Help me find my first offset, and I'll take-off like a peacock!

    Attachment 9857

    My simple example objective: Get Player's Hero Kills

    Using Cheat Engine, I narrowed down Player 1's Hero Kills section in memory. Then, using Ollydbg, I set a breakpoint on access for that address, and was given the address that writes to the one I found in Cheat Engine.

    The opcode for said address is:

    Code:
    ADD DWORD PTR DS:[EBX+250],1
    And that's as far as I can get

    The data at EBX is obviously different for each player number, and different each time WC3 is started.



    How can I use the opcode at this memory address to obtain the value at EBX+250 ?

  2. #2
    ZeD's Avatar
    ZeD
    ZeD is offline RoR 0x266E


    Array
    Join Date
    Feb 2007
    Location
    Germany
    Posts
    1,440
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    14
    Reputation
    698
    DWORD dwVal;

    __asm MOV dwVal, DWORD PTR DS:[EBX+0x250];

  3. The Following User Says Thank You to ZeD For This Useful Post:


  4. #3
    MountainDew's Avatar
    MountainDew is offline Mentor
    Array
    Join Date
    Feb 2012
    Posts
    138
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    6
    Reputation
    154
    Isn't the value at EBX always changing? If I call this at some random point in game, how will EBX be what it's equal to at the point in memory I found for what I need?

  5. #4
    BullJam's Avatar
    BullJam is offline Wannabe Member
    Array
    Join Date
    Feb 2012
    Posts
    15
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    6
    Reputation
    5
    Call me Coach BullJam and rep my name!

    Well first off, try to figure out what you've found. Look at the stack and try to trace through through the asm. It's probably a function that increases some intHeroKills, right? Maybe this int is part of a player class or struct. Try to figure out what parameters this function takes and maybe what it returns. Once you get the hang of this you can flesh out some of Warcraft's API.

    There are two basic ways you can accomplish your objective.
    You can:
    1. Hook some part of the Warcraft thread to update your own intHeroKills variable in your project.
    2. Create some function that returns this integer.

    For #1, you may be able to hook an offset near the opcode you've already found and run zero division's code, but you'll probably want to figure out which player's kill count this is (Hint: maybe some reference to the player is passed to this function?) Check out YourName's selfhack and try to understand the PlantDetour functions and what the detour functions themselves are doing.

    #2, requires more info gathering. Maybe there's already a function in Warcraft 3 that returns what you're looking for, then you need to find out what parameters to pass it. Or maybe you can flesh out a struct that stores this data. Or use some JASS stuff, etc...

    If you need more help I might consider starting some kind of tutorial thread.

  6. #5
    MountainDew's Avatar
    MountainDew is offline Mentor
    Array
    Join Date
    Feb 2012
    Posts
    138
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    6
    Reputation
    154
    Thanks for the detailed reply!

    I think I understand now how Zero Divisions asm code is supposed to be used; I'll have to check out that detour stuff.

    As for #2, I've scanned all over the place for something like that with Cheat Engine, but I can't find anything stable. For a while, I thought I found a struct that had that sort of data, and I was working with it until I loaded other maps and the data was bad /facepalm. And yeah, I considered JASS, but you can only call the native functions, and a player's hero kills is passed with PLAYER_HEROKILLS or something like that.

    !

  7. #6
    YourName's Avatar
    YourName is offline THE ONE AND ONLY DARK KNIGHTY


    Array
    Join Date
    Jun 2007
    Location
    Germany
    Posts
    1,553
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    16
    Reputation
    1088
    There's no actual value of hero kills stored by Warcraft itself, maps like DotA do that stuff themselves. You're going to need to do it yourself too.
    Providing you with foolish stuff since 2007.

  8. #7
    ZeD's Avatar
    ZeD
    ZeD is offline RoR 0x266E


    Array
    Join Date
    Feb 2007
    Location
    Germany
    Posts
    1,440
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    14
    Reputation
    698
    Quote Originally Posted by YourName View Post
    There's no actual value of hero kills stored by Warcraft itself, maps like DotA do that stuff themselves. You're going to need to do it yourself too.
    Well, there's a way to get this figured out very well.
    Only requirement would be good reverse engineering skills, I am not able to explain how to do that.

    I'd give you a tip and start off from BullJam's first tip; Hook that function. Somewhere in the code there will be most likely something like "inc ecx", or "add ecx, 1" to increase that intHeroKills variable; If there is, this value must be passed to the hero.

    So somewhere in that code there will be a part loading the HPlayer handle; What I would be doing now would be calling warcrafts GetPlayerSlotByHandle( Player* pPlayerHandle ) function, passing the playerhandle to it; so you know for which slot that variable (intHeroKills) got increased for.

    Warcraft has alot of other functions being able to catch which player is at the specified slot, like GetPlayerName( int nSlot ) and some else; but I guess it would be enough havin' the playerslot itself.

    Hope anyone can overall even guess what I'm trying to say; if not, ask BullJam, he seems to understand my weird stuff.

  9. #8
    BullJam's Avatar
    BullJam is offline Wannabe Member
    Array
    Join Date
    Feb 2012
    Posts
    15
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    6
    Reputation
    5
    Quote Originally Posted by YourName View Post
    There's no actual value of hero kills stored by Warcraft itself, maps like DotA do that stuff themselves. You're going to need to do it yourself too.
    I'm not sure about this. In a ladder game's score recap isn't there a section listing the number of times each hero has been killed by each hero?

    Even if the value does exist, it's probably still less work to hook and emulate the map's triggers and do it yourself. Especially when someone like YourName has already dumped all of the JASS natives for us.
    From fledgling to people's champion: Witness the rise of the titan BullJam!

Similar Threads

  1. Replies: 1
    Last Post: 02-09-2012, 11:51 PM
  2. 1.4.2 offsets (help please)
    By james666 in forum Starcraft 2 Coding
    Replies: 7
    Last Post: 01-21-2012, 03:13 AM
  3. Offsets
    By purecp in forum Counter-Strike: Source Hacks
    Replies: 1
    Last Post: 11-27-2011, 02:11 AM
  4. [PC] Offsets for 1.0.168
    By dumbkk in forum CoD 6 hacks
    Replies: 0
    Last Post: 11-23-2009, 02:29 PM
  5. About offsets
    By Range in forum Warcraft 3 forum
    Replies: 0
    Last Post: 05-27-2007, 03:05 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •