[WoW] 1.12.1.5875 Info Dump Thread menu

User Tag List

Page 32 of 41 FirstFirst ... 282930313233343536 ... LastLast
Results 466 to 480 of 614
  1. #466
    RobertoSageto's Avatar Member
    Reputation
    7
    Join Date
    May 2014
    Posts
    14
    Thanks G/R
    1/6
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by djanius View Post
    Guys, tell me please, how to check whether player is in combat? In advance many thanks!
    You're going to want to use the "Search Thread" on this thread feature for better answers than mine but briefly:
    1. Get your unit's base address from object manager
    2. Combat status can be checked via movement flags or unit flags, but unit flags are what I will use for this example.
    3. Unit Flags are a descriptor, so we will now break our code down into the following steps:

    PHP Code:
    <?
    // this is pseudo-code
    // where $wow_unit_base_address is the base address of the unit whose combat status we are checking...

    // wow unit offset to descriptor ptr
    $descriptor_offset = 0x8
    // offset to unit flags from descriptor base address
    $unit_field_unit_flags_offset = 0xB8

    // we will compare this combat flag using a bitwise operation to the value we read from the unit flags descriptor
    $in_combat_flag_mask = 0x80000

    $descriptor_base_address = MemoryRead($wow_unit_base_address + $descriptor_offset, "dword")
    $unit_flags = MemoryRead($descriptor_base_address + $unit_field_unit_flags_offset, "dword")

    // $unit_flags will now contain the unit's flag data in a mask format, eg. 0x00080038
    // 0x00080038 as an example is a hunter pet in combat, 0x30 = hunter pet, 0x8 = player or pet, 0x80000 = in combat

    // bitwise comparison to see the combat flag exists
    If BitAnd($unit_flags, $in_combat_flag_mask) = $in_combat_flag_mask{
        // unit is in combat
        // do action
        //
    } else {
        // unit is not in combat
        // do action
        //
    }

    [WoW] 1.12.1.5875 Info Dump Thread
  2. Thanks djanius (1 members gave Thanks to RobertoSageto for this useful post)
  3. #467
    flawblure's Avatar Member
    Reputation
    1
    Join Date
    Mar 2017
    Posts
    8
    Thanks G/R
    3/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi I posted a thread about this but this is probably the correct place.... I am just starting to reverse the 1.12.1 client


    I've been trying to do the most basic thing I could think of - logging in via the client:

    I've tried two methods of logging in, I've tried to call the DefaultServerLogin method at 0046D160 and also tried to call a method called by DefaultServerLogin that takes login/pass as arguments at 0046AFB0

    When I call the nested method the function call works but all I see is the "Connecting" login box -- and when I try to call the top level DefaultServerLogin it doesnt recognize the GUI textboxes as valid....

    0046D160
    Code:
    .text:0046D160 fn_DefaultServerLogin proc near         ; DATA XREF: .data:00837484o
    .text:0046D160                 push    esi
    .text:0046D161                 mov     edx, 1
    .text:0046D166                 mov     esi, ecx
    .text:0046D168                 call    sub_6F3510 // returns 1 during normal execution, but during injection returns 0
    .text:0046D16D                 test    eax, eax
    .text:0046D16F                 jz      short loc_46D1AA // during injection makes this jump and ends function prematurely
    .text:0046D171                 mov     edx, 2
    .text:0046D176                 mov     ecx, esi
    .text:0046D178                 call    sub_6F3510 // returns 1 during normal execution, but during injection returns 0
    .text:0046D17D                 test    eax, eax
    .text:0046D17F                 jz      short loc_46D1AA // during injection never makes it to this jump
    .text:0046D181                 push    edi
    .text:0046D182                 mov     edx, 2          ; ID of GUI textbox
    .text:0046D187                 mov     ecx, esi        ; base address
    .text:0046D189                 call    fn_WoW_GetGUIData
    .text:0046D18E                 mov     edx, 1          ; ID of GUI textbox
    .text:0046D193                 mov     ecx, esi        ; base address
    .text:0046D195                 mov     edi, eax        ; password
    .text:0046D197                 call    fn_WoW_GetGUIData
    .text:0046D19C                 mov     edx, edi        ; password
    .text:0046D19E                 mov     ecx, eax        ; username
    .text:0046D1A0                 call    fn_DefaultServerLogin_Validate
    .text:0046D1A5                 pop     edi
    .text:0046D1A6                 xor     eax, eax
    .text:0046D1A8                 pop     esi
    .text:0046D1A9                 retn
    .text:0046D1AA ; ---------------------------------------------------------------------------
    .text:0046D1AA
    .text:0046D1AA loc_46D1AA:                             ; CODE XREF: fn_DefaultServerLogin+Fj
    .text:0046D1AA                                         ; fn_DefaultServerLogin+1Fj
    .text:0046D1AA                 push    offset aUsageDefaultse ; "Usage: DefaultServerLogin(\"accountName"...
    .text:0046D1AF                 push    esi
    .text:0046D1B0                 call    sub_6F4940
    .text:0046D1B0 fn_DefaultServerLogin endp
    Here's my code:

    Code:
    // VanillaDll.cpp : Defines the exported functions for the DLL application.
    //
    #include "stdafx.h"
    #include "Console.h"
    #include <ctime>
    #include <iostream>
    #include <stdio.h>
    #include <sstream>
    #include <iomanip>
    #include "Utils.h"
     
    namespace Vanilla {
     
        typedef int(__thiscall *ppLogin)(char *login, char *pass); ppLogin pLogin = NULL;
        typedef int(__thiscall *ppDefaultLoginValidate)(char *login, char *pass); ppDefaultLoginValidate pValidate = NULL;
        typedef int(__thiscall *ppDefaultLogin)(DWORD ecx); ppDefaultLogin pDefaultLogin = NULL;
       
        typedef int(__stdcall *ppGetFuncPtrBase)(); ppGetFuncPtrBase pGetFuncPtrBase = NULL;
       
        unsigned int __stdcall GETPTRBASE() {
            return pGetFuncPtrBase();
        }
     
        void __fastcall DefaultServerLogin() {
            DWORD ecx = pGetFuncPtrBase();
            pDefaultLogin(ecx);
        }
     
        void DefaultLogin(char* login, char* pass) {
            unsigned int address;
            //__asm mov edx, pass;
     
            __asm call GETPTRBASE;
            __asm mov address, eax;
     
            std::stringstream ss;
            ss << std::hex << address;
            std::string addressStr = ss.str();
            Utils::Log("Address is 0x%s", addressStr.c_str());
     
            __asm call pGetFuncPtrBase;
            __asm mov esi, eax;
            __asm mov edx, pass;
            pValidate(login, pass);
        }
     
        bool Attach(HINSTANCE DLL, VOID* Reserved) {
     
            Console::RedirectIOToConsole();
            Utils::Log("Hello were logging now....");
           
            //int(*hLogin)(char*,char*);
            pLogin = (ppLogin)0x005AB4B0;
            pDefaultLogin = (ppDefaultLogin)0x0046D160;
            pValidate = (ppDefaultLoginValidate)0x0046AFB0;
            pGetFuncPtrBase = (ppGetFuncPtrBase)0x007040D0;
            Utils::Log("Typedef set hook ready");
            Utils::Log("Calling login at address 0x0046AFB0");
            DefaultServerLogin();
            //pLogin("user", "pass");
            //DefaultLogin("user","pass");
            Utils::Log("Hook called");
     
            return true;
        }
     
        bool Detach() {
            return true;
        }
     
    }

    Calling 0046D160 should attempt to login with the current text contained in memory (expecting to get a "Enter a username" popup), but it simply gives me the invalid default info jump. One thing I notice is that naturally the method gets called from this method 006F6050

    This looks to me like a function ptr handler and checks if the ptr is pointing to a valid function within the binaries .text segment but it's at this point I start to really hit trouble.

  4. #468
    Marikafka's Avatar Member
    Reputation
    6
    Join Date
    Jan 2009
    Posts
    38
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hey!

    I'm trying to figure out how to work with Bit Slicer (memory editing tool for mac) to make simple cheat, however I can't manage to work any manually added address.
    If i'm searching through changable value - it's fine. But i'm trying to figure out how to make a speedhack, for instance..

    Base (wow.exe) + 0x0087BCD4 + 0x88 + 0x28 - this is what i found for player base, however how can I add it to bitslicer?
    I've tried like [0x0087BCD4] + 0x88 + 0x28 because seems like [] brackets makes address as a pointer, but no success.

    Any one have been using Bit Slicer?

  5. #469
    hamgaacaan's Avatar Member
    Reputation
    1
    Join Date
    Feb 2017
    Posts
    3
    Thanks G/R
    3/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hello, just seeking a bit of information on converting a 3D point to a point on the screen.
    When looking at recreating a World to Screen function, I found this.

    World to screen
    Specifically, the post that shows you can use an existing function for this.
    Code:
    0087202D                         CGWorldFrame__GetScreenCoordinates
    The offset is for 7.1.0.22996, a client that I don't have and wouldn't know how to acquire to try and get a function signature.

    Anybody found this in 1.12.1.5875? Had a search around the forums and the 1.12.1 binary, it's been proving to be a pain for me to find. Does that exact function date back this far? Should I bother, or just recreate World to Screen from reading memory?

    Many thanks.

  6. #470
    Jadd's Avatar 🐸 Premium Seller
    Reputation
    1511
    Join Date
    May 2008
    Posts
    2,432
    Thanks G/R
    81/333
    Trade Feedback
    1 (100%)
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by hamgaacaan View Post
    Anybody found this in 1.12.1.5875? Had a search around the forums and the 1.12.1 binary, it's been proving to be a pain for me to find. Does that exact function date back this far? Should I bother, or just recreate World to Screen from reading memory?

    Many thanks.
    It exists in the 1.0.0 binary/pdb so it most likely exists in 1.12.1 too.

  7. #471
    culino2's Avatar Elite User
    Reputation
    336
    Join Date
    Feb 2013
    Posts
    181
    Thanks G/R
    139/72
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by hamgaacaan View Post
    Hello, just seeking a bit of information on converting a 3D point to a point on the screen.
    When looking at recreating a World to Screen function, I found this.

    World to screen
    Specifically, the post that shows you can use an existing function for this.
    Code:
    0087202D                         CGWorldFrame__GetScreenCoordinates
    The offset is for 7.1.0.22996, a client that I don't have and wouldn't know how to acquire to try and get a function signature.

    Anybody found this in 1.12.1.5875? Had a search around the forums and the 1.12.1 binary, it's been proving to be a pain for me to find. Does that exact function date back this far? Should I bother, or just recreate World to Screen from reading memory?

    Many thanks.
    Haven't checked, just found it named in my idb:
    00483EE0

  8. #472
    badusername1234's Avatar Active Member
    Reputation
    26
    Join Date
    Apr 2017
    Posts
    47
    Thanks G/R
    18/6
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Can anyone confirm or deny that the client is able to send hardware id information to the server? I haven't found anything to suggest that in IDA yet but maybe someone here has found something.

  9. #473
    namreeb's Avatar Legendary

    Reputation
    658
    Join Date
    Sep 2008
    Posts
    1,023
    Thanks G/R
    7/215
    Trade Feedback
    0 (0%)
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    There are a few cases where it can. If you submit a bug report it does. Also if the login server requests a hardware survey and streams an mpq to you with the module to run it.

  10. Thanks badusername1234 (1 members gave Thanks to namreeb for this useful post)
  11. #474
    RobertoSageto's Avatar Member
    Reputation
    7
    Join Date
    May 2014
    Posts
    14
    Thanks G/R
    1/6
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Edit: Nevermind, found it. My apologies... I actually found this offset earlier through CE debugger but somehow managed to muck up my notes or something... not sure, so just a simple mistake costing me a lot of extra time.
    Oh well .

    For 1.12.1, to get a player's experience points, read 0xB30 from descriptor base to get current amount and 0xB34 to get total amount (the amount needed to advance to the next level). Once you reach lv60 or max level 0xB34 should = 0.
    Thanks guys.
    Last edited by RobertoSageto; 04-18-2017 at 06:41 PM. Reason: Answered own question

  12. #475
    asdfx123's Avatar Elite User
    Reputation
    455
    Join Date
    Jan 2009
    Posts
    344
    Thanks G/R
    39/36
    Trade Feedback
    1 (100%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Anyone could help me out with pet stuff?
    I am searching a function like GetActivePetPtr() or something like that.

    Was looking at GetPetHappiness located at 0x004be900 which calls:
    call WoW.exe+68460 to get the active pet ptr, seems like it is fastcall? and takes two parameters, not sure tho
    any help is much appreciated

  13. #476
    danwins's Avatar Contributor
    Reputation
    189
    Join Date
    Mar 2013
    Posts
    143
    Thanks G/R
    6/62
    Trade Feedback
    1 (100%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by asdfx123 View Post
    Anyone could help me out with pet stuff?
    I am searching a function like GetActivePetPtr() or something like that.

    Was looking at GetPetHappiness located at 0x004be900 which calls:
    call WoW.exe+68460 to get the active pet ptr, seems like it is fastcall? and takes two parameters, not sure tho
    any help is much appreciated
    just enumerate through the object list looking for the owner guid descriptor matching the players guid.

    edit: alternatively, it looks like it may store the pet guid @ 0x00B714A0 ( i cant confirm tho, as i have no pet class to test on 1.12.1 )
    Last edited by danwins; 04-21-2017 at 05:24 AM.

  14. Thanks asdfx123 (1 members gave Thanks to danwins for this useful post)
  15. #477
    asdfx123's Avatar Elite User
    Reputation
    455
    Join Date
    Jan 2009
    Posts
    344
    Thanks G/R
    39/36
    Trade Feedback
    1 (100%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by danwins View Post
    just enumerate through the object list looking for the owner guid descriptor matching the players guid.

    edit: alternatively, it looks like it may store the pet guid @ 0x00B714A0 ( i cant confirm tho, as i have no pet class to test on 1.12.1 )
    just tested it, can confirm this, damn how dumb i am not looking into the guid... lolz my bad

    [edit]
    thx for ur help
    Last edited by asdfx123; 04-21-2017 at 06:28 AM.

  16. #478
    NitroGlycerine's Avatar Member
    Reputation
    3
    Join Date
    May 2009
    Posts
    45
    Thanks G/R
    5/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Does anyone know if you can retrieve the GUID of caster of a debuff in 1.12?

    The lua function UnitDebuff does not retrieve it (was only added in 2.0 I think), but is it somewhere in the memory?

  17. #479
    larcerkev's Avatar Member
    Reputation
    5
    Join Date
    Jan 2012
    Posts
    61
    Thanks G/R
    1/1
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Does anyone know why I might be crashing when I'm calling the interact with object function?

    I'm calling it remotely by making a code cave like so:


    Code:
    WoW.exe+034F - push 00 { 0 }
    WoW.exe+0351 - mov ecx,OBJECTPTR
    WoW.exe+0356 - call WoW.exe+1F8660
    WoW.exe+035B - ret
    I write the cave and address each time I call my interact function and then start a remote thread.

    Code:
    VirtualProtectEx(currentProcess, (LPVOID)(caveLocation), 20, 0x40, &prevAccessProtection); // Remove protection of the section of memory.
    WriteProcessMemory(currentProcess, LPVOID(caveLocation), cave, sizeof(cave), NULL);
    WriteProcessMemory(currentProcess, LPVOID(pointerLocation), &object.addressStart, sizeof(object.addressStart), NULL);
    
    HANDLE hThread = CreateRemoteThread(currentProcess, 0, 0, (LPTHREAD_START_ROUTINE)caveLocation, 0, 0, 0);
    //close thread handle
    CloseHandle(hThread);
    This appears to crash about 50% of the time, and then the other 50% it seems to work without a problem.

    Edit: Been at this constantly for about 12 hours, and not sure why but I keep seeing errors like "0xC0000005 (ACCESS_VIOLATION) at 0023:0064B3FD" where the ending address there changes between 2-4 different locations each time. Am I supposed to be calling the function only at a certain point which would require me to be internal?
    Last edited by larcerkev; 05-06-2017 at 07:22 PM.

  18. #480
    culino2's Avatar Elite User
    Reputation
    336
    Join Date
    Feb 2013
    Posts
    181
    Thanks G/R
    139/72
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by larcerkev View Post
    This appears to crash about 50% of the time, and then the other 50% it seems to work without a problem.
    It's a thread problem, you have to call it within WoW's main-thread.

Page 32 of 41 FirstFirst ... 282930313233343536 ... LastLast

Similar Threads

  1. [WoW][3.3.5.12340] Info Dump Thread
    By Nesox in forum WoW Memory Editing
    Replies: 83
    Last Post: 04-28-2018, 03:32 PM
  2. [WoW][4.0.3.13329] Info Dump Thread
    By TOM_RUS in forum WoW Memory Editing
    Replies: 73
    Last Post: 02-06-2011, 06:37 AM
  3. [WoW][4.0.1.13164] Info Dump Thread
    By Seifer in forum WoW Memory Editing
    Replies: 29
    Last Post: 01-18-2011, 09:14 AM
  4. [WoW][4.0.1.13205] Info Dump Thread
    By DrGonzo in forum WoW Memory Editing
    Replies: 12
    Last Post: 11-11-2010, 02:34 PM
  5. [WoW][3.3.3.11723] Info Dump Thread
    By miceiken in forum WoW Memory Editing
    Replies: 2
    Last Post: 03-27-2010, 04:42 PM
All times are GMT -5. The time now is 07:30 AM. Powered by vBulletin® Version 4.2.3
Copyright © 2024 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2024 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search