Shynd’s WoW Modification Journal

July 6, 2008

Reading Player/Unit Name

Filed under: World of Warcraft — Tags: , , , , — Shynd @ 3:28 pm

Not that it’s really imperative to know the name of anything, when you’re botting, but I recently spent a little bit of time reverse-engineering the GetPlayerName function so that I could read player names in memory.  The way I figure it, it’ll be nice to keep a list of the different players that were seen by my bot, how long they remained near me, etc.  Or, maybe, further down the road, I may make myself a tool that automatically heals / follows a certain character, based on their name.  Either way, I convinced myself it was worth the time to figure out, so now I’ll share it with you. (more…)


June 29, 2008

Clarification of Object Data

I’m making this post for anyone struggling to gather all the information from objects, corpses, mobs, and players that would be necessary to create a bot/tool.  I’ve had to look in many different places and many different websites/projects to consolidate all of the information I’ve gathered in order to effectively read object data.  Hopefully, this post will make it easier for at least some of you. (more…)

June 28, 2008


Filed under: World of Warcraft — Tags: , , , , , , , , , , — Shynd @ 11:50 pm

The phrase of the day is: Virtual Table.  Read up on Object Oriented Programming, class inheritance, and virtual functions.  I probably don’t understand all of these things as well as I should, so I will not cloud the issue by summarizing what my understanding of the above subjects is.

Suffice it to say that the table of virtual functions associated with a class object–a class object might be a GameObject, a GameUnit, a GamePlayer, etc., as it applies to World of Warcraft–are things that can be called almost as a part of the object.  For instance, instead of calling a function like Interact(GameObject obj), you’d simply call it like obj.Interact(), which, in my opinion, simplifies things greatly. (more…)

June 27, 2008


Filed under: World of Warcraft — Tags: , , , , , , , — Shynd @ 8:14 am

If you haven’t yet downloaded bobbysing’s WoWX framework, do so immediately.  Look through it, learn what you can from it, always keep it as a resource.  Kynox and bobby (and others, I’m sure) have done a ton of reverse-engineering and whatnot and it would be folly to do the same reversing, wasting your time, when you could be building upon the work of others and furthering the WoW hacking community in other directions.

That said, the SelectUnit function that I’m using is ripped directly from bobbysing’s WoWX framework, right down to the pattern that I use to find it.  Instead of screwing with patterns–if you want to screw with patterns, you can find the pattern in bobby’s Patterns.xml, labeled SelectUnit–I’ll just provide you with the address of the function we’re talking about: (more…)

June 22, 2008


Filed under: World of Warcraft — Tags: , , , , , , , — Shynd @ 9:55 pm

Well, I don’t know about the rest of you, but this part is both EXTREMELY tedious to figure out and very, very interesting to me.  Very quick back story: whereas I am pretty good at mathematical concepts, I never passed any high school math higher than Geometry, due to turning in precisely 36% of my math homework three semesters in a row, so any math Algebra 2 and above I have to teach myself as if it were new (because it is).  That makes facing rotation, degrees, radians, tangents, etc., all new-sauce to me.  This article will attempt to make some of these subjects easier for those of you who aren’t math majors.

As I understand it, there are two ways of measuring rotation: degrees and radians.  As you should all know, there are 360 degrees in a circle (with 0 degrees and 360 degrees meeting at north, 90 degrees being west, 180 degrees being south, and 270 degrees being east… counter-clockwise, if you will).  What many of you may not know is that there is π*2 radians in a circle.  That’s pi multiplied-by two, or 3.1415.. + 3.1415.. (which turns out to be approximately 6.3).  A radian is exactly 180/π degrees, or about 57.2958 degrees.  57.2958 * 3.1415 * 2 == 360.  There’s the math you need to know.  To go from radians (which is how we will read Object.Facing from WoW’s memory) to degrees, you need to multiply by 180 and divide by pi.  I hope that’s clear.  If not, perhaps this will help: (more…)

June 15, 2008


Filed under: World of Warcraft — Tags: , , , , , — Shynd @ 12:59 pm

Okay, this is the big one.  We all want to be able to find out how to determine which enemies are hostile and which enemies are neutral.  Kynox, bless his awesome ass, showed us how to do it in-process here (by in-process, I mean injecting a DLL and calling a game function that compares your faction with the faction of the unit in question).  First, let’s outline Kynox’s version.

As of the current patch, 2.4.2, the class method for CObject->GetUnitReaction(CObject obj) is at address 0x005D4AB0 (can be found in WoWOffsets.h in the download posted by Kynox in the above link).  Basically, when it’s called, the two units’ factions are compared and a value representing their reaction is returned (1 for hostile, 3 for neutral, 4 for friendly, etc.). [Note: 1 is actually “extremely hostile” and 3 is actually “hostile”, but 1 is fundamentally equivalent to aggressive and 3 is fundamentally equivalent to neutral] (more…)

June 14, 2008

Accessing WoW’s Game Objects

Filed under: World of Warcraft — Tags: , , , , — Shynd @ 12:50 pm

Now, I haven’t done nearly as much research into this particular part of WoW hacking as I probably should, but I’m looking at it from a IJW (it just works!) standpoint.  Other people, before you and me, have done the really hard work and we’re privileged enough to simply ride along atop their findings.  Never–and I mean never–let their work go unappreciated.

WoW stores its game objects inside what’s called its Thread Local Storage (hereafter referred to as TLS).  There’s pointers to pointers to its linked-list of game objects (hereafter referred to as the object manager) but, thanks to Kynox, we can make it VERY easy to access the object manager inside WoW’s TLS.  Seriously, any time you have the opportunity, thank Kynox.  This method is so much easier than any of the others I’ve come across. (more…)

Starting Out

Filed under: World of Warcraft — Tags: , , , — Shynd @ 12:10 pm

Where to start?  Oh, that’s right, the gathering of information.

Firstly, let’s start with talking about what we’re going to need to know, based on what we want to do.

  • If we’re building a bot/tool for retail WoW, we’re going to want to know as much as possible about Warden.
  • We’re obviously going to need a method of gathering the information we need from the client (memory-reading).
  • If we’re thinking about injecting a DLL into the WoW client, we should probably research whether or not WoW has anti-injection methods in place (it does!).

Now, personally, I am not going to talk much about Warden on this blog.  I’m not looking to create my tool for retail WoW (yet) and I do not really want to spread what may be construed as misinformation due to the lack of proven knowledge about Warden.  Suffice it to say that doing ANYTHING to guard against Warden is far better than doing nothing.  Here’s a few pointers that may help, but also may not: (more…)


Filed under: World of Warcraft — Tags: , , , , , , — Shynd @ 11:20 am

So, three weeks ago (around the end of May, 2008), I decided, on a whim, to check back in on the WoW hacking scene.  I spent the next week, or so, bookmarking and consolidating all of the useful information that I found.  One week, just gathering information.  This journal is going to be an attempt to consolidate some of that information in a slightly more self-contained format, as well as share some of my methods and (perhaps!) insights into creating different WoW tools–personally, I’m heading towards the bot end of the spectrum, but what is contained here should be useful to almost anyone, as well. (more…)

Blog at