0

The only effective static pointer for wotblitz.exe I found is "THREADSTACK0"-0x00000EEC. But I have no idea how to make it work with ReadWriteMemory.

Cheat Engine Pointer:

https://i.stack.imgur.com/xrhzg.png

Python Code:

from ReadWriteMemory import *
from time import sleep as wait

rwm_svc = ReadWriteMemory()
try:
    process = rwm_svc.get_process_by_name('wotblitz.exe')
    process.open()
except ReadWriteMemoryError:
    print('wotblitz.exe not running!')
    exit(1)


def damage():
    dmg = {
        'base': 0x7622FA10-0x00905A4D,
        'add': 0x00000EEC,
        'offsets': [0x4, 0x8, 0x148, 0x0, 0x30, 0x19c, 0x24]
}

    dmg_pointer = process.get_pointer(dmg['base']-dmg['add']+sum(dmg['offsets']))

    return process.read(dmg_pointer)

while 1:
    wait(0.1)
    print('\r', end=str(damage()))
West Prime
  • 1
  • 2
  • are you sure that's the only pointer available? normally you will get a pointer inside "wotblitz.exe" – kuhi Jun 08 '22 at 10:23
  • @kuhi one time it is, another it's not. Once I got wotblitz.exe, but it stopped working if I restarted the game – West Prime Jun 09 '22 at 12:30
  • I think you're doing something wrong and it's not a problem like that the game is special or something. Or maybe you're in a situation: pointerA points to pointerB and you're scanning pointerB instread of pointerA (that is a very common situation). But without knowing which steps are you following exactly it's hard to tell. Another thing you could do is share your CE settings which sometimes are changed and you start missing a lot of values in your scans. I hope this makes sense. – kuhi Jun 14 '22 at 07:31
  • @kuhi I figured out that every battle game creates a random subprocess, which is different every time, and it's some way of anticheat – West Prime Jun 15 '22 at 08:03
  • I don't know this game but if it has LUA wrapped functions you may want to check in IDA strings for function names, for example attack, move, walk, talk, say, etc... and if you're lucky maybe you have access to a good collection of functions by it's name, it's worth to check it. If you find this situation you must check the PUSH sub_XXXX that is pushing the wrapped function and boom you have it's RVA easy – kuhi Jun 16 '22 at 00:04

0 Answers0