Memory Editing in Visual Basic .NET

a guide by Wiirgi.

Before we start, make sure...

• You have a good understanding of VB.NET and how it works.

​

• You have your IDE installed and setup.�
• You have a basic understanding of Memory Editing.

​

​

What you are going to learn...

• You are going to learn the basics of Memory Reading and Writing using BlackMagic.�
• You are going to learn how you can use the information in the Dump Thread in your program.�
• How you can use Pointers and Offsets you have found in for example, CE.

Resources

also known as

"Stuff you are probably gonna need"

• BlackMagic 1.1 Memory Library for .NET
• Visual Studio An IDE, if you don't have one.

​

And after you have finished the guide:

• Jbrauman's guide to Objects A C# Guide
• iHook Another library but with LUA support.
• Constant WoW Data on Ownedcore
• PM Wiirgi A link to PM me if you need help.

A little page about guides and "Spoonfeeding"

In this page I just wan't to tell you that in this guide you will not get so much code examples. Instead I will explain what each function we are gonna use does and how we can use it in our logic.

​

I choose this approach because I don't want people who have no understanding of VB.NET whatsoever posting complete copies of my guide.

Rome wasn't built in a day

(Getting Familiar with BlackMagic)

Startup a new Project and give it a name like "WoWTest" (because we programmers are so creative). Make it a Console Application just for case of simplicity and add your usual code that will stop it from closing down everytime you run it.

​

Now Save your project and change it to compile to .NET 3.5 and x86.

​

Now reference BlackMagic and and fasm_managed in your project and import BlackMagic by using Imports Magic. Now you can initiate a new instance of BlackMagic.

​

Before we go into the juicy stuff lets add some code to actually attach BlackMagic to our WoW Instance. BlackMagicInstance.OpenProcessAndThread() this function takes an Integer representing the process ID of WoW (or any other process we would like to open). For this you need a function to fetch the ID(s). For this we can use SProcess which contains functions like

GetProcessesFromWindowTitle() which returns all the processes with the Window Title specified. But for our simple purpose we are going to use GetProcessFromProcessName

which fetches the first instance of the process with the Process Name given. Combining it it all we should have something like:

BlackMagicInstance.OpenProcessAndThread(SProcess.GetProcessFromProcessName("Wow"))

Now once we have opened our process we can start reading and writing to memory.

​

Explaining some functions from the previous page and next page and etc.

• BlackMagicInstance.OpenProcessAndThread() takes an Integer (ProcessID) to open the process to Memory Reading and Writing.
• SProcess.GetProcessesFromWindowTitle() returns a List(Of Integer) with Process IDs of all the Processes running with the Window Title specified. Not used in previous or coming pages, but very useful for making a multi process interface, so you can select which process you want to open.
• SProcess.GetProcessFromProcessName() returns an ID of the first Process that has the Process Name specified.
• BlackMagicInstance.MainModule.BaseAddress() returns the Base Address as IntPtr from the process that is currently opened. It has to be called AFTER opening the Process for Memory Reading and Writing.

When making bigger projects the keyword is, ORGANIZE

Organizing, sounds like something your mom would tell you to do? Maybe. But when making any big project Organizing is the key to success. In Memory Editing sorting our offsets out makes our code look much cleaner. We could do something like this:

What we are doing here is we make a class called Offsets (because again we programmers are sooooo creative). The Offset class will then hold an Enum and this Enums indexes will hold the respective offset, for example:

​

Offsets.Player._Name would be something like &HXXXXXXX

​

If you want you can also include your BlackMagic if you make a new instance of the offsets class. This way you can also keep functions that gives you pointer addresses and so on.

Finding stuff in the Dump Thread...

Finding stuff in the Dump Thread is probably the easiest way to get Addresses and Offsets.

The most of the information here is in C# or XML, but you should be able to convert it quite easily, for example on the front page we have the Addresses for the Object Manager, both x86 and x64.

​

​

​

​

Looking a bit down we have goodies like the WoW Version Offset, Player Name and Player Class among others.

Using Black Magic's reading capabilitys to read the Player Name

Alright! Once you have got some juicy information from the Dump Thread we are now going to focus on reading Memory. Using BlackMagicInstance.ReadUInt() we can read Integers (or Unsigned Integers) to lets try reading the Player Name. Our Address is in place in our Offsets Class so now we can just do BlackMagicInstance.ReadUInt(CUInt(Base) + Offsets.Player._Name) to fetch our Characters name. But WAIT! We have a problem. When using this all we get is a bunch of numbers, this is because there are multiple ways to read Memory and now we read the address as an unsigned integer, this wont work because our Player Name is a string, so lets try to use the function .ReadASCIIString() instead of .ReadUInt() this time and TADAH, it works!

​

Some Extra Resources...

• 5.1.0.16357 Dump Thread
• If you are using a BlackMagic instance in your Offsets class, if you want to read pointers this function makes it a whole bunch easier: Wiirgis Pointer Function�the above function takes the Address, the Base Address and the offsets in an array and then gets you the address from all the offsets. Its very useful, more about this function later when I explain CE and its pointer scanning.

​

​

​

A veeery tiny page about Writing.

I just started my Memory Writing adventure so I have not come far, but I will explain BlackMagic's function to write Memory.

​

As there are .READUint() and .READASCIIString() there is also..

• .WriteUInt()
• .WriteFloat()
• .WriteASCIIString()

​

These functions are very similar to their READing cousins except they take one more argument, VALUE which represents exactly what value the memory address should now hold. For example, if the Address now holds: "Smith" and "Miss. Smith" marries "Mr.Hoooladoop"(actually you're writing "Hoooladoop" in the Address xD) then the Address now holds "Hoooladoop".

Using a Pointer that you have found.

If you have the function I gave you earlier finding an Address from Pointers + Offsets is an easy task. Here it is by the way. Back to the point, you can use my function like this:

Public Function Player_Health()

Return bm.ReadUInt(GetPointerAddress(Player.Health, Base, {Player.HealthOffset1, Player.HealthOffset2, Player.HealthOffset3, Player.HealthOffset4,

Player.HealthOffset5}))

End Function

The function above returns the Player Health with an Address and some Offsets that I have found using Cheat Engines Pointer Scan (This is an very inefficient method, but as I'm just trying to learn how to use the Object Manager this is the way I use ATM)

​

If you know how to properly use the Object Manager and want to help out? You can PM me here!��

We have reached...

THE END

​

I would like to thank the following persons who made this guide possible:

• DarkLinux, for helping me out when I started.
• Jbrauman for his guide.
• Shynd for BlackMagic
• -Ryuk- for iHook
• and others on Ownedcore who has helped be during the days, Thanks!

​

​

​

​

Questions? PM me here!