[WoW] 1.12.1.5875 Info Dump Thread

[prospectingemu]

Thx for share

[Wesk.]

Im looking for the address to see if a fish is hooked... looked through the entire thread and don't really know where to start, found everything else i need to make a simple fishbot but not this important address...

Hopefully someone can help!

Thanks

[Corthezz]

Im looking for the address to see if a fish is hooked... looked through the entire thread and don't really know where to start, found everything else i need to make a simple fishbot but not this important address...

Hopefully someone can help!

Thanks

Hint: Scan inside the bobber object.

@Redarian: Reminds me of my heartbeat teleport implementation?

[Wesk.]

Thanks Corthezz!Seems to be Object.baseaddress + 0xE8 read as short !

Can you do Lua execute InteractUnit(GUID) or something to loot the bobber?

[Corthezz]

Thanks Corthezz!Seems to be Object.baseaddress + 0xE8 read as short !

Can you do Lua execute InteractUnit(GUID) or something to loot the bobber?

OnRightClickObject = 0x005F8660

Gonna see if I can post an example later

[Wesk.]

That would be great, but that OnRightClickObject is that a function inside WoW?

must be something like this

Code:

           public byte[] RightClick(uint BaseAddress)        {
            byte[] tempBytes = new byte[0];
            if(!once)
            {
                once = true;
            // Return Value


            try
            {
                


                //Allocate Memory For Command


                //RemoteAllocation DoStringArg_Codecave = Memory.Memory.Allocate(BitConverter.GetBytes(BaseAddress).Length + 1);
                //Memory.Write<uint>(DoStringArg_Codecave.BaseAddress, BaseAddress, false);
                //CallAutoLoot = 0x4C1FA0
                //Execute Address
                IntPtr RightClick_Execute = new IntPtr(0x005F8660);
                //textBox1.Text = DoStringArg_Codecave.BaseAddress.ToString() + " : " + DoStringArg_Codecave.BaseAddress.ToString("X") + " : " + DoStringArg_Codecave.Read<uint>() + " : " + DoStringArg_Codecave.Read<uint>().ToString("X") ;
                textBox1.Text = "RUNNING INJECT";
                var asm = new[] 
                {
                    "mov eax, " + 0,
                    "mov ecx, " + BaseAddress,
                    "mov esi, " + BaseAddress,
                    "mov edi, " + 0x0080C330,
                    "mov ebp, " + 0x0018FAF4,
                    //"mov esp, " + 0x0018FAE0,
                    //"mov eip, " + 0x005F8660,
                    "call " + RightClick_Execute,
                    "retn",    
                };
                //Inject and Execute
                IntPtr a = Memory.Assembly.InjectAndExecute(asm);
                //Memory.Memory.Deallocate(DoStringArg_Codecave);
                


                


            }
            catch { }
            }
            return tempBytes;
        }

Using the cheatengine trace i seem to be missing information.'

There seem to be nothing wrong with the inject code but the code it injects
Working Loot:
EAX: 0x0
EBX 0x07097D47 (This seems to be something no idea, but i think this is crashing be because i get a pointer exception from 0x0 when this isn't set)
ECX BaseAddress for GO
EDX Always changing
ESI BaseAddress for GO again
EBP ALWAYS 0x0018FAF4
ESP ALWAYS 0x0018FAE0
EIP ALWAYS 0x005F8660

Im pretty much stuck here :S

Unrelated question, how safe is it to inject into the client on private servers? Is warden active?
+5 rep for the previous help!

[Jadd]

I don't know the answer to your question, but I think it would be useful for someone to point this and this out.

OnRightClickObject I'm assuming to be fastcall for 1.12.1, but you may want to check. From these articles you should be able to realise the only registers you should be setting are ecx and edx, for the first two arguments, and pushing the remainders onto the stack.

[Wesk.]

I'll look into it, see if i can fix it.
Thanks for the help

Edit: Can't get it to work it seems :/

[dognip40]

Scan on Feenix / Emerald dream 10.29.2014 @ 3:00

they added a few more scans from the last time this was posted

credits go to DarkLinux for his warden scanner, without that I would not be posting this

Code:

EverScan 
By : Darklinux @ Ever-Devs.com / OwnedCore.com 

Address : 0x7c705f     Size : 0x3
Address : 0x618919     Size : 0x4
Address : 0x7c63dd     Size : 0x3
Address : 0x17fb58     Size : 0xd
Address : 0x6163db     Size : 0x3
Address : 0x60bfb1     Size : 0x2
Address : 0x60ff71     Size : 0x1
Address : 0x635c3a     Size : 0x1
Address : 0x60f7c9     Size : 0x6
Address : 0x63379c     Size : 0x1
Address : 0x6341bc     Size : 0x2
Address : 0x49f5dd     Size : 0x1
Address : 0x4711ea     Size : 0x1
Address : 0x615ba7     Size : 0x4
Address : 0x7c6272     Size : 0x4
Address : 0x7c63da     Size : 0x3
Address : 0x5ec720     Size : 0x8
Address : 0x7c69a0     Size : 0x3
Address : 0x5ed28d     Size : 0x6
Address : 0x7c6206     Size : 0xb
Address : 0x7c705c     Size : 0x6
Address : 0x636ed4     Size : 0x1
Address : 0x6341e3     Size : 0x2
Address : 0x7c625e     Size : 0x2
Address : 0x6cee5b     Size : 0x6
Address : 0x6ab1bf     Size : 0x3
Address : 0x60ff65     Size : 0x2
Address : 0x7c4955     Size : 0x3
Address : 0x7c6269     Size : 0x4
Address : 0x60fc30     Size : 0x4
Address : 0x60bfbf     Size : 0x2
Address : 0x6ab494     Size : 0x1
Address : 0x67063e     Size : 0x1
Address : 0x4711e0     Size : 0x2
Address : 0x518062     Size : 0x1
Address : 0x7c63a8     Size : 0x4
Address : 0x494a50     Size : 0x7
Address : 0x636598     Size : 0x1
Address : 0x6334f0     Size : 0x1
Address : 0x5ed2e3     Size : 0x6
Address : 0x482ed8     Size : 0x6
Address : 0x60bfa0     Size : 0x2
Address : 0x6cee4e     Size : 0x5
Address : 0x680b81     Size : 0x5
Address : 0x5e642c     Size : 0x5
Address : 0x538610     Size : 0x4
Address : 0x49f6f2     Size : 0x3
Address : 0x40362b     Size : 0x3
Address : 0x636198     Size : 0x1
Address : 0x6d2743     Size : 0x6
Address : 0x6ca1b5     Size : 0x1
Address : 0x6a467b     Size : 0x1
Address : 0x6abf13     Size : 0x1
Address : 0x6163de     Size : 0xa
Address : 0x615cf5     Size : 0x1
Address : 0x482be3     Size : 0x1
Address : 0x60f650     Size : 0x6

[dognip40]

LF someone to assist me with a new undetected teleport @ feenix. I am willing to pay for your time and help. Please pm me if you know how or are willing to try and find a new method for me. Thanks, hope to hear from someone soon.

[namreeb]

This is only marginally on-topic (but more so than the guy above me hahaha).

I wanted to have a 'smart' solution to the problem of stop-casting since my latency on European (read: all) private servers is typically in the 250-350ms range. I tried modifying the game to not give an error if you tried to cast a spell while it was already casting and it negatively affected too many other things. Then I tried adding my own lua function called CastSpellAtTarget() which takes the spell id and casts it at your current target. This bypasses all client-side checking entirely. The results were tremendous. All I had to do was this:

Code:

        private static int CastSpellAtTarget(IntPtr luaStatePtr)
        {
            var spellId = (uint) Lua.Core.GetNumber(luaStatePtr, 1);

            var targetGuid = (ulong) Marshal.ReadInt64(Locator.TargetGuid);

            if (targetGuid != 0)
            {
                var targetPackedGuid = new WowGuid(targetGuid).PackedGuid;

                var packet = new CDataStore(10 + targetPackedGuid.Length) {OpCode = OpCode.CMSG_CAST_SPELL};

                packet.Write(spellId);
                packet.Write((ushort) 2); // TARGET_FLAG_UNIT
                packet.Write(targetPackedGuid);

                Net.Send(packet);
            }

            return 1;
        }

Edit: Also, I patched two locations with 5x NOP (0x90) to prevent spamming of the error message and sound. Those two locations are 0x6E1AA6 and 0x6E21DD. This makes things run smoother.

[Saridormi]

Appreciate the response. Looks like SetFacing = 0x76DCE0. Hope that helps.

This is incorrect and refers to API Model SetFacing - WoWWiki - Your guide to the World of Warcraft, I believe that CMovement::SetFacing is at 0x7c6f30

[whitekidney]

Does anyone have the correct playerbase offset?
0x853D40 + 0x9C8 (playerbase + Z) doesnt seem to return the correct Z coordinate

[whitekidney]

0x9C0

filleeeeeeeeeeeeeeer

That's not the playerbase offset.

[nagibator]

Does anyone have the correct playerbase offset?
0x853D40 + 0x9C8 (playerbase + Z) doesnt seem to return the correct Z coordinate

Code:

DWORD
ClntObjMgrObjectPtr(
    QWORD Guid
    )
{
    UINT UnitGuid;
    UINT UnitBaseAddress;

    UnitBaseAddress = ReadDword(ReadDword(s_curMgr) + 0xAC);
    while (UnitBaseAddress != 0) {
        if ((UnitGuid = (ReadQword(UnitBaseAddress + 0x30) == Guid)) != 0) {
            return UnitBaseAddress;
        }
        UnitBaseAddress = ReadDword(UnitBaseAddress + 0x3C);
    }
    return 0;
}

QWORD
ClntObjMgrGetActivePlayer(
    VOID
    )
{
    return ReadDword(ReadDword(s_curMgr) + 0xC0);
}

Playerbase = ClntObjMgrObjectPtr(ClntObjMgrGetActivePlayer());

Not exactly an offset but hey it works like a charm...

Just in case these might be of use to someone:
Kill local player
Instant guild creation (not sure if it still works on Feenix though)
Heartbeat teleporter (used to work on Feenix, guessing it done got fixed by now)
Instant logout anywhere in the world