[WoW] 1.12.1.5875 Info Dump Thread menu

User Tag List

Page 21 of 41 FirstFirst ... 171819202122232425 ... LastLast
Results 301 to 315 of 614
  1. #301
    namreeb's Avatar Legendary

    Reputation
    658
    Join Date
    Sep 2008
    Posts
    1,023
    Thanks G/R
    7/215
    Trade Feedback
    0 (0%)
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    In this code I am assuming that the standard module is in use (the same one used by virtually all private servers). For that module, the following is true:

    Code:
            public enum CheckCode : byte
            {
                MemCheck = 0xF3,
                PageCheckA = 0xB2,
                PageCheckB = 0xBF,
                MpqCheck = 0x98,
                LuaStrCheck = 0x8B,
                DriverCheck = 0x71,
                TimingCheck = 0x57,
                ProcCheck = 0x7E,
                ModuleCheck = 0xD9,
            }

    [WoW] 1.12.1.5875 Info Dump Thread
  2. #302
    tutrakan's Avatar Contributor
    Reputation
    134
    Join Date
    Feb 2013
    Posts
    175
    Thanks G/R
    124/52
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I meant, was this byte (CheckCode enum) been read between SMSG_WARDEN_DATA and the seed int?

    Anyway, now I'm struggling with compiling a mangos zero server.

    If ever i survive after this adventure i will be able to debug all server-side behavior and reduce the amount of stupid questions, that i normally post here.

    Thanks.
    Last edited by tutrakan; 06-13-2016 at 11:13 AM.

  3. #303
    luckruns0ut's Avatar Banned
    Reputation
    20
    Join Date
    Dec 2014
    Posts
    33
    Thanks G/R
    5/8
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I don't believe mangos actually implements warden, iirc it just sends the SMSG_WARDEN_DATA packet.

    And for the check, there's probably a packet that's like a 'warden request' which specifies the check type.

  4. #304
    tutrakan's Avatar Contributor
    Reputation
    134
    Join Date
    Feb 2013
    Posts
    175
    Thanks G/R
    124/52
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by luckruns0ut View Post
    I don't believe mangos actually implements warden ...
    The latest release of mangos does it.
    Last edited by tutrakan; 06-17-2016 at 08:21 PM.

  5. #305
    tutrakan's Avatar Contributor
    Reputation
    134
    Join Date
    Feb 2013
    Posts
    175
    Thanks G/R
    124/52
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Server works just like a charm.

    Another Warden related question: what are these PAGE_CHECK_A and PAGE_CHECK_B for?

    In database there are 20 bytes (some hash?), address, length, id etc...

    Thanks.
    Last edited by tutrakan; 06-17-2016 at 08:26 PM.

  6. #306
    Vandra's Avatar Contributor
    Reputation
    288
    Join Date
    Mar 2008
    Posts
    471
    Thanks G/R
    26/26
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by tutrakan View Post
    Server works just like a charm.

    Another Warden related question: what are these PAGE_CHECK_A and PAGE_CHECK_B for?

    In database there are 20 bytes (some hash?), address, length, id etc...

    Thanks.
    These are known hack addresses, if warden scan one of them, you get banned.
    "If it compiles, it works."

  7. #307
    tutrakan's Avatar Contributor
    Reputation
    134
    Join Date
    Feb 2013
    Posts
    175
    Thanks G/R
    124/52
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I meant, how the page check is composed, for example how the address is formed?

    Here is an example of such check (PageCheckA = 0xB2, or 178):
    Code:
    # id, groupid, build, type, data, str, address, length, result, comment
    
    852, 63, 5875, 178, B5ED443D6CA2F6095BAC8DAFDC8F3413F7B473916357C17E, , 209352, 75, , 
    857, 68, 5875, 178, 3B5955C3B498489869990F08A4CAE566A7D689C23990518B, , 156, 8, , 
    858, 69, 5875, 178, F24317DAA28AA477996EEBB9538A89569ABF9B185A3EA4E4, , 718842, 23, , 
    859, 70, 5875, 178, DA25A4134671325719833878E2556455EC4321A2207B6728, , 198, 10, , 
    861, 72, 5875, 178, 4BB92BBD5CA8C192C9D0E1EDB6C21FF3F4A61ED1B151365F, , 673210, 23, , 
    862, 73, 5875, 178, 13E8DD1C9F5501A270A59CC4B61311F6D5D18DC3F2AA351A, , 3037164, 22, , 
    865, 76, 5875, 178, E37D413DC96A92D3CEAB8A482B8F5397587A0E654C9A0166, , 672954, 23, , 
    866, 77, 5875, 178, E7D5551799C2C7F0072BC3149A22F37D09EA1EB83F64C655, , 3045912, 31, ,
    As we see the address varies from 156 (0x9c) to 3045912 (0x2E7A18).
    What I'm missing here, i think, is basic knowledge about memory paging and such.
    Last edited by tutrakan; 06-18-2016 at 07:33 PM.

  8. #308
    namreeb's Avatar Legendary

    Reputation
    658
    Join Date
    Sep 2008
    Posts
    1,023
    Thanks G/R
    7/215
    Trade Feedback
    0 (0%)
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    I believe that the purpose of the page check is to check the start of each memory page (offset by a given amount) for a particular byte pattern. The two different checks are for checking different types of memory pages, though I don't remember the specifics.

    Edit: So to be clear, the 'addresses' you mentioned (0x9C, 0x2E7A18, etc.) are probably the offsets into each page to check for the corresponding byte patterns.
    Last edited by namreeb; 06-20-2016 at 03:57 PM.

  9. Thanks Jadd, tutrakan (2 members gave Thanks to namreeb for this useful post)
  10. #309
    BlackRainBow's Avatar Member
    Reputation
    28
    Join Date
    Feb 2014
    Posts
    5
    Thanks G/R
    2/8
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    *_A - all memory pages
    *_B - memory pages with MZ+PE headers

    You can see it from reversing module func for checks

  11. Thanks Jadd, tutrakan (2 members gave Thanks to BlackRainBow for this useful post)
  12. #310
    Erke's Avatar Member
    Reputation
    2
    Join Date
    Apr 2012
    Posts
    17
    Thanks G/R
    2/1
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hello OC, long time lurker here. Playing around with a 1.12.1 server with the resources found here and i'm having tons of fun! One problem that i've ran into and been unable to solve for a couple of days is proper morphing. I morph by writing to the nativeId and displayId and then calling CGUnit_C__UpdateDisplayInfo (think Sacred posted both the descriptor offsets and the function so +1 to him!) my problem though is that I create abominations by doing this. This is an example of doing from Nelf Female to Undead Female:

    Code:
    	void morph(uint id) {
    		descriptor<uint>(0x20C, id); //0x1F4 + 0x18 (displayid)
    		descriptor<uint>(0x210, id); //0x1F8 + 0x18 (nativeid)
    		CGUnit_C__UpdateDisplayInfo(this);
    	}


    Wondering if anyone has any pointers on what I might be doing wrong :x

    Edit: Might be worth mentioning that i'm running internally and call my code from the endscene!
    Last edited by Erke; 06-21-2016 at 04:13 AM.

  13. #311
    Vandra's Avatar Contributor
    Reputation
    288
    Join Date
    Mar 2008
    Posts
    471
    Thanks G/R
    26/26
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Erke View Post
    Hello OC, long time lurker here. Playing around with a 1.12.1 server with the resources found here and i'm having tons of fun! One problem that i've ran into and been unable to solve for a couple of days is proper morphing. I morph by writing to the nativeId and displayId and then calling CGUnit_C__UpdateDisplayInfo (think Sacred posted both the descriptor offsets and the function so +1 to him!) my problem though is that I create abominations by doing this. This is an example of doing from Nelf Female to Undead Female:

    Code:
    	void morph(uint id) {
    		descriptor<uint>(0x20C, id); //0x1F4 + 0x18 (displayid)
    		descriptor<uint>(0x210, id); //0x1F8 + 0x18 (nativeid)
    		CGUnit_C__UpdateDisplayInfo(this);
    	}


    Wondering if anyone has any pointers on what I might be doing wrong :x

    Edit: Might be worth mentioning that i'm running internally and call my code from the endscene!

    Not sure what you did wrong but you don't need to change the nativeId, you need to write to unit baseaddresse + UNIT_FIELD_DISPLAYID of the unit you want to morph like this for player:
    (this is wotlk/cata stuff btw, may be different on vanilla)

    uint character = application.ReadUInt((uint)ObjectManager.Me.BaseAddress+0x;
    application.WriteUInt(storage + 0xF8, displayid);

    then call CGUnit_C__UpdateDisplayInfo i did it like this:
    Code:
    push 1,
    mov ecx,  + ObjectManager.Me.BaseAddress,
    call + application.MainModule.BaseAddress + Offsets.CGUnit_C__UpdateDisplayInfo,
    retn
    (for vanilla you don't need app.baseaddress since aslr wasn't implemented afaik)
    "If it compiles, it works."

  14. #312
    Erke's Avatar Member
    Reputation
    2
    Join Date
    Apr 2012
    Posts
    17
    Thanks G/R
    2/1
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Vandra View Post
    Not sure what you did wrong but you don't need to change the nativeId, you need to write to unit baseaddresse + UNIT_FIELD_DISPLAYID of the unit you want to morph like this for player:
    (this is wotlk/cata stuff btw, may be different on vanilla)

    uint character = application.ReadUInt((uint)ObjectManager.Me.BaseAddress+0x;
    application.WriteUInt(storage + 0xF8, displayid);

    then call CGUnit_C__UpdateDisplayInfo i did it like this:
    Code:
    push 1,
    mov ecx,  + ObjectManager.Me.BaseAddress,
    call + application.MainModule.BaseAddress + Offsets.CGUnit_C__UpdateDisplayInfo,
    retn
    (for vanilla you don't need app.baseaddress since aslr wasn't implemented afaik)
    Hey, thanks for answering! I was looking at this thread yesterday since it seemed that this guy had the same problem, don't know if he managed to get it resolved though http://www.ownedcore.com/forums/worl...her-issue.html (Morpher Issue) (maybe it'll make more sense to you than what it does to me). To the coding part that's actually exactly what i'm doing
    Code:
    	template<typename T>
    	void descriptor(dword field, T value) {
    		*(T*)((*(dword*)(this + 0x8)) + field) = value;
    	}
    this snippet writes to the descriptor successfully and I call the function via a function pointer which is also done with no problems, maybe it's a vanilla thing when more descriptors have to be changed?

  15. #313
    Vandra's Avatar Contributor
    Reputation
    288
    Join Date
    Mar 2008
    Posts
    471
    Thanks G/R
    26/26
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Erke View Post
    Hey, thanks for answering! I was looking at this thread yesterday since it seemed that this guy had the same problem, don't know if he managed to get it resolved though http://www.ownedcore.com/forums/worl...her-issue.html (Morpher Issue) (maybe it'll make more sense to you than what it does to me). To the coding part that's actually exactly what i'm doing
    Code:
    	template<typename T>
    	void descriptor(dword field, T value) {
    		*(T*)((*(dword*)(this + 0x8)) + field) = value;
    	}
    this snippet writes to the descriptor successfully and I call the function via a function pointer which is also done with no problems, maybe it's a vanilla thing when more descriptors have to be changed?

    Are you sure the correct value is written at the correct place ?
    If you have your own 1.12.1 server i'd suggest you to track (with CE or whatever) "legit" morphing with .mod morph xxx on the server.

    I don't have much experience with morphing for 1.12, maybe you should take a look at a working 1.12.1 morpher to check if something is that different (darklinux's vanilla bot have a morphing feature and it's really nice)
    "If it compiles, it works."

  16. #314
    Erke's Avatar Member
    Reputation
    2
    Join Date
    Apr 2012
    Posts
    17
    Thanks G/R
    2/1
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Vandra View Post
    Are you sure the correct value is written at the correct place ?
    If you have your own 1.12.1 server i'd suggest you to track (with CE or whatever) "legit" morphing with .mod morph xxx on the server.

    I don't have much experience with morphing for 1.12, maybe you should take a look at a working 1.12.1 morpher to check if something is that different (darklinux's vanilla bot have a morphing feature and it's really nice)
    I'm certain it's correct, if I read the value later with both my own dll and CE it returns the value i've written. I'm messing around with Kronos atm but they use the normal 1.12.1 client so I don't think it should be any different from any other server. Tried to check out Gasai bot but he doesn't share the source afaik.

  17. #315
    tutrakan's Avatar Contributor
    Reputation
    134
    Join Date
    Feb 2013
    Posts
    175
    Thanks G/R
    124/52
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Erke View Post
    Hello OC, long time lurker here. Playing around with a 1.12.1 server with the resources found here and i'm having tons of fun! ...
    I've just found that the race and the gender have to be modified too: https://github.com/l0l1dk/Just-A-Mor...ource/Unit.cpp

    Code:
    public WoWRace Race
    {
        get { return (WoWRace)UnitBytes0[0]; }
        set { SetAbsoluteDescriptor<byte>((int)UnitFields.UNIT_FIELD_BYTES_0 * 4, (byte)value); }      // byte at 0x78 + 0x18
    }       
    
    public WoWGender Gender
    {
        get { return (WoWGender)UnitBytes0[2]; }
        set { SetAbsoluteDescriptor<byte>((int)UnitFields.UNIT_FIELD_BYTES_0 * 4 + 2, (byte)value); }     // byte at 0x7A + 0x18
    }
    However, it crashes the client (guess what? zero pointer) at /run ReloadUI() in Script_GetSkillLineInfo.
    Last edited by tutrakan; 06-22-2016 at 04:52 PM.

  18. Thanks Erke (1 members gave Thanks to tutrakan for this useful post)
Page 21 of 41 FirstFirst ... 171819202122232425 ... LastLast

Similar Threads

  1. [WoW][3.3.5.12340] Info Dump Thread
    By Nesox in forum WoW Memory Editing
    Replies: 83
    Last Post: 04-28-2018, 03:32 PM
  2. [WoW][4.0.3.13329] Info Dump Thread
    By TOM_RUS in forum WoW Memory Editing
    Replies: 73
    Last Post: 02-06-2011, 06:37 AM
  3. [WoW][4.0.1.13164] Info Dump Thread
    By Seifer in forum WoW Memory Editing
    Replies: 29
    Last Post: 01-18-2011, 09:14 AM
  4. [WoW][4.0.1.13205] Info Dump Thread
    By DrGonzo in forum WoW Memory Editing
    Replies: 12
    Last Post: 11-11-2010, 02:34 PM
  5. [WoW][3.3.3.11723] Info Dump Thread
    By miceiken in forum WoW Memory Editing
    Replies: 2
    Last Post: 03-27-2010, 04:42 PM
All times are GMT -5. The time now is 02:03 AM. Powered by vBulletin® Version 4.2.3
Copyright © 2024 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2024 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search