[WoW] 1.12.1.5875 Info Dump Thread

[Corthezz]

Actually warden bans you as soon as they issue a scan for an address and the bytes returned are different than the one which are expected. I guess Kronos isnt scanning those bytes but Feenix does for sure.
You can quite easily detour the memory scan function of Warden and modify the byte buffer.

Just place a read breakpoint using cheat engine on an address which is scanned for sure (like wallclimb address) and look where its coming from (this will be the scan function).

[WiNiFiX]

Actually warden bans you as soon as they issue a scan for an address and the bytes returned are different than the one which are expected. I guess Kronos isnt scanning those bytes but Feenix does for sure.
You can quite easily detour the memory scan function of Warden and modify the byte buffer.

Just place a read breakpoint using cheat engine on an address which is scanned for sure (like wallclimb address) and look where its coming from (this will be the scan function).

Thanks will check it out, just to confirm the address is?

WallClimb = 0x0080DFFC, // 1.12.1.5875 (Float)

And when I find the address that scans it (warden), how do I detour it?

[Corthezz]

The warden module is send to the client after each authentication and then mapped into memory. You can detour VirtualAllocEx and see where the memory for warden is allocated or look somewhere in the thread for the pointers to the warden module.

After aquiring the start address of the warden module you can calculate the address of the memory scan function adding a static offset to it:
Find memory start address of Warden
Place hardware bp on scanned address and see what reads from it
Open up Disassembler of CE and jump to the address which did the read and scroll up to the function start
Function start address - module start address = Your offset

For detouring functions there are actually enough examples on OC but basically it breaks down to:
Allocate memory and write your Assembler code there
Place a jmp inside the function which will detour to your code
After your code finished doing everything it should do (replace the buffer etc.) jmp back to the next instruction of the function

[WiNiFiX]

Is there an equivalent to "/reload" in 1.12.1,
Edit: /console reloadui

[DarkLinux]

Found a better fix sometime back for click to move, just set 860A90 to 0. No more stutter and no more animation stutter.

The game also sets that value to 0, so they can't ban for it. Just update it every frame and you should be good.

Also for WallClimb, I think they only scan the value, you can always patch the code that reads the value. I think its a total of 6 to 8 places.

[WiNiFiX]

Found a better fix sometime back for click to move, just set 860A90 to 0. No more stutter and no more animation stutter.

The game also sets that value to 0, so they can't ban for it. Just update it every frame and you should be good.

Also for WallClimb, I think they only scan the value, you can always patch the code that reads the value. I think its a total of 6 to 8 places.

Works perfectly thanks DarkLinux

[WiNiFiX]

I have been trying to find out if a spell is on CD, but cant seem to find any lua function that works like

/run usable, nomana = IsUsableSpell(20589); DEFAULT_CHAT_FRAME:AddMessage(usable);

Where can I see the API commands that actually exist in 1.12.1?

[prospectingemu]

If you want to do it with lua you can use API GetSpellCooldown | Vanilla WoW Wiki | Fandom powered by Wikia

otherwise there is a function to do this somewhere in this thread

[WiNiFiX]

If you want to do it with lua you can use API GetSpellCooldown | Vanilla WoW Wiki | Fandom powered by Wikia

otherwise there is a function to do this somewhere in this thread

Thanks figured it out

PHP Code:

public int GetSpellRemainingCD(string spellName)
{
    DoString($@"function _spellNameToID(name) for i=1,999 do if GetSpellName(i,""spell"")==name then return i end end end; 
                start, duration, _ = GetSpellCooldown(_spellNameToID(""{spellName}""), ""spell"");
                local getTime = GetTime();
                cooldownLeft = math.floor(start + duration - getTime);
                if cooldownLeft < 0 then cooldownLeft = 0 end;
                DEFAULT_CHAT_FRAME:AddMessage(cooldownLeft);");
    string seconds = GetLocalizedText("cooldownLeft");
    return int.Parse(seconds);
} 


[namreeb]

Where can I see the API commands that actually exist in 1.12.1?

In general, you can look at the various WoW Lua API wikis, and go back in their history to 2006 when 1.12.1 was live.

[WiNiFiX]

In general, you can look at the various WoW Lua API wikis, and go back in their history to 2006 when 1.12.1 was live.

Yes, I tried to do this but the wiki's I used this time didn't appear to have that history, but I managed to find one now thanks.

As a side question what's the best way to go about facing the current target, currently I'm using the below, but seems to keep facing target even when I don't ask it to re-face target.
also facing seems slow compared to live (maybe it a limitation on Vanilla)

PHP Code:

wow.ClickToMove(wow.Player.X,wow.Player.Y,wow.Player.Z,wow.TargetGUID,WoW.CTMAction.FaceTarget); 


[Corthezz]

Yes, I tried to do this but the wiki's I used this time didn't appear to have that history, but I managed to find one now thanks.

As a side question what's the best way to go about facing the current target, currently I'm using the below, but seems to keep facing target even when I don't ask it to re-face target.
also facing seems slow compared to live (maybe it a limitation on Vanilla)

PHP Code:

wow.ClickToMove(wow.Player.X,wow.Player.Y,wow.Player.Z,wow.TargetGUID,WoW.CTMAction.FaceTarget); 


About the API thing: World of Warcraft API | Vanilla WoW Wiki | Fandom powered by Wikia (first link in google btw).
What you do right now is the constant facing triggered by spells like Mind Flay which is not bad at all but needs to be canceled (set ctm state to 4 again). There are functions posted in this thread to directly set the facing IIRC.

[tutrakan]

I have been trying to find out if a spell is on CD, but cant seem to find any lua function that works like

/run usable, nomana = IsUsableSpell(20589); DEFAULT_CHAT_FRAME:AddMessage(usable);

Where can I see the API commands that actually exist in 1.12.1?

Code:

[UnmanagedFunctionPointer(CallingConvention.StdCall)]
public delegate bool IsUsableSpellDelegate(ref SpellEntry spellRec, ref bool notEnoughPower);
_isUsableSpell = Fastcall.StdcallToFastcall<IsUsableSpellDelegate>((IntPtr)0x006E3D60, "IsUsableSpell");

From here.

And for the CD:

Code:

[UnmanagedFunctionPointer(CallingConvention.StdCall)]
public delegate bool GetSpellCooldownDelegate(int spellId, bool isPet, ref int duration, ref int start, ref bool isEnabled);
_getSpellCooldown = Fastcall.StdcallToFastcall<GetSpellCooldownDelegate>((IntPtr)0x006E2EA0);

Thanks figured it out

PHP Code:

public int GetSpellRemainingCD(string spellName)
{
    DoString($@"function _spellNameToID(name) for i=1,999 do if GetSpellName(i,""spell"")==name then return i end end end; 
                start, duration, _ = GetSpellCooldown(_spellNameToID(""{spellName}""), ""spell"");
                local getTime = GetTime();
                cooldownLeft = math.floor(start + duration - getTime);
                if cooldownLeft < 0 then cooldownLeft = 0 end;
                DEFAULT_CHAT_FRAME:AddMessage(cooldownLeft);");
    string seconds = GetLocalizedText("cooldownLeft");
    return int.Parse(seconds);
} 


Code:

[UnmanagedFunctionPointer(CallingConvention.ThisCall)]
public delegate int GetSpellIdByNameDelegate([MarshalAs(UnmanagedType.LPStr)] string spellName);
_getSpellIdByName = Marshal.GetDelegateForFunctionPointer<GetSpellIdByNameDelegate>((IntPtr)0x006E30A0);

As a side question what's the best way to go about facing the current target, currently I'm using the below, but seems to keep facing target even when I don't ask it to re-face target.
also facing seems slow compared to live (maybe it a limitation on Vanilla)

(007C6F30)void __thiscall CMovement::SetFacing(int this, float angle) - for the this arg, you pass the unit(local player or possessed unit) address + 0x9A8.
Even more: you could send a movement update after the change of the facing: (00600A30)int __thiscall SendMovementPacket(int addr, int timeStamp, int opcode, float zero, int zero1).

StdcallToFastcall

[WiNiFiX]

Please can someone explain to me how/why a vector3 position is only 0x8 in size?

PHP Code:

public unsafe struct CGCamera
{
    public IntPtr vTable;           // 0x0
    private int unk0;               // 0x4
    public Vector3 Position;        // 0x8
    public fixed float Facing[9];   // 0x14 (3x3 Matrix)
    public float NearClip;          // 0x38
    public float FarClip;           // 0x3C
    public float FieldOfView;       // 0x40
    public float Aspect;            // 0x44
} 


to my knowledge float is 0x4 in size and 0x4 * 3 [for x,y,z] = 12 not 0x8 ?

[Zazazu]

Please can someone explain to me how/why a vector3 position is only 0x8 in size?

PHP Code:

public unsafe struct CGCamera
{
    public IntPtr vTable;           // 0x0
    private int unk0;               // 0x4
    public Vector3 Position;        // 0x8
    public fixed float Facing[9];   // 0x14 (3x3 Matrix)
    public float NearClip;          // 0x38
    public float FarClip;           // 0x3C
    public float FieldOfView;       // 0x40
    public float Aspect;            // 0x44
} 


to my knowledge float is 0x4 in size and 0x4 * 3 [for x,y,z] = 12 not 0x8 ?

yep.. but 12 in dec, 0x04*3=0x0C

and its struct number is offset from start (not size) and Vector3= 0x14-0x08=0x0C .... Hex-decimal operations.... First lesson ))