How to extract and read DB2 WDB5 in memory ?

[Sundark]

Hello there,

Blizzard finally got ride of the format ".dbc" and now uses DB2 with format WDB5 instead (as of legion).

Doc: https://wowdev.wiki/DB2#WDB5_.28.db2.29

I'm looking for a way to dump the list of DB2 directly in IDA to a similar way I used to dump DBC.
Here is my updated DBC script (useless, but for the codestyle used):

http://pastebin.com/bM5sB0T2

And well, I'm also looking to read them directly from memory also which is a bit weirder to do now:
http://imgur.com/6wn7oIP

This is ItemClass.db2 (it was already a db2 back then)
(left = 22248 ptr/release, right =21742 live)

As you can see, on Legion, there is a huge space between NumRows and the beginning of the table, here is my current structure for reading from memory as of 21742:

Code:

[StructLayout(LayoutKind.Sequential)]
        public struct WoWClientDB2
        {
            public IntPtr VTable; // pointer to vtable
            public int NumRows; // number of rows
            public int StartArrayIndex;
            public int NumRows2;
            public int MaxIndex; // maximal row index
            public int MinIndex; // minimal row index
            public uint Unk7;
            public IntPtr Data; // pointer to actual db2 file data
            public IntPtr FirstRow; // pointer to first row
            public IntPtr Rows; // pointer to rows array - not anymore?
            public IntPtr Unk11; // ptr
            public uint Unk12; // 1
            public IntPtr Unk13; // ptr
            public uint RowEntrySize; // 2 or 4

Looks like the new db2 is 0xB4 farther than the old one, and that's not the only difference, when it works for NumRows, NumRows2 and MaxIndex, MinIndex.

It definitly wont fit for the rest, the value are not in this order anymore, and the "VTable" pointer nows links directly to some arrays directly. I'm not sure.


Any hint ?

Note, if you are looking to read the .db2 as files, you can uses TOM_RUS code here: https://github.com/tomrus88/dbcviewe...r/DBC%20Viewer

[Alfalfa]

According to here the structure has changed significantly. I have to change my program a lot now to accommodate for this, kind of a pain.

[VesperCore]

It's pretty easy to find normal rows in the memory (didn't say I reversed it yet), however, the ID column is missing, you need to follow a virtual function and reverse it, I got no time for this so I directly added DB2 as files into my program, for the moment.

Look @ here: 0x216B59

This is the function that return the pointer to the row based on its ID.

It's technically called from nowhere since it's a virtual func, but it's actually this code:

WowClientDB2__GetRowPointer = 0x20CBC3

(a2 in this function = id)
this = pointer to the db2 you are reading (Map.db2, or anything else)
this + 200 = MinIndex
this + 196 = MaxIndex
(*(int (__stdcall **)(int))(**(_DWORD **)(this + 16 + )(a2) = sub_216B59(a2) function

Code:

 if ( a2 >= *(_DWORD *)(this + 200)
      && a2 <= *(_DWORD *)(this + 196)
      && (v8 = (*(int (__stdcall **)(int))(**(_DWORD **)(this + 168) + 8))(a2), (v9 = v8) != 0) ){
      if ( (unsigned __int8)sub_B6C05(v8) )
        return v9;
    }

v8 is a pointer to the row, it's just checked a last time in B6C05 :

(a2 in this function is v8 / pointer to the row from the defined id)
[code]return a2 && a2 != (char *)this + 220;[/b]

then v9 is returned (which is a copy of v8 )


Thanks to void for helping me with that virtual function.

[VesperCore]

Reversing this function gave me the address of the Index array of any db2 you wanna read.

it's an array that contains the list of all indexes of the db2 available without any "hole". (it will jump from index to index, example: 0, 1, 13, 25, 30 (map.db2 continents id))

You can access it here:

Code:

Read<uint>(Read<uint>(Wow.exe + db2Offset + 0xA8) + 0x48);

Format is

Key(short), Value(short)

Key is the index.
If Value is -1 or -2, abort mission, if it's 0, it's fine.

PointerToDB2 = Read<uint>(Wow.exe + db2Offset)
You should stop reading this array at Max Rows = (PointerToDB2 + 0xb8 *4) (in case of Map.db2, it's 677)
You should also stop reading if your current value is greater than MaxIndex = (PointerToDB2 + 0xC4) (1670 in case of Map.db2)

[VesperCore]

Read<uint>(Read<uint>(Wow.exe + db2Offset + 0xA8 ) + 0x48 ); = Index array
Read<uint>(Read<uint>(Wow.exe + db2Offset + 0xA8 ) + 0x4); = rows array

Note that you must substract Index from size for obvious reason when reading. (there is no index stored into results).

However, some db2 don't work like that at all, so it wont work for db2 like Spell.db2 which does not store SpellId as index.

[MaiN]

There are many different lookups now. The one VesperCore showed you is a binary search table with 2-byte IDs, 2-byte indexes. It is just one of 11 non-trivial lookups:

Code:

private enum LookupVTables : uint
{
    Null = 0xDF6D14,
    Vec = 0xDF6DC4,
    IX8 = 0xDF6E34,
    IX16 = 0xDF6E6C,
    IX32 = 0xDF6EA4,
    PIbb = 0xDF6EDC,
    PIsb = 0xDF6F14,
    PIss = 0xDF6F4C,
    PIib = 0xDF6F84,
    PIis = 0xDF6FBC,
    PIii = 0xDF6FF4,
    Spar = 0xDF6DFC,
}

(for 22280).

IX8, IX16 and IX32 are simple flat arrays that map IDs to their respective indices. The size indicates the size of each element in the ID-to-index map.
The ones prefixed by PI are binary search tables. They store entries (id, index) sorted by ID. The one VesperCore is talking about for Map.db2 is the PIss variant, which uses 16-bit ints (s for short) for the ID and index.
Vec are like the flat arrays except it maps IDs directly to row pointers instead of to indices. This has the same size as IX32 and comes first in the array which means IX32 will never be chosen over this.
I have not looked at Spar.
When loading a DB2 the game goes through all the different kinds of lookups and calculates the one which will use the least memory, and selects that one for the lookup table.
There is also support for cached entries, which can have different sizes compares to the .db2 files, and are handled separately. I believe they are used to allow hotfixes to some of the database entries, but I do not know for sure. They are stored as another binary table that all the lookup kinds have. The game tries this table in some cases; for example if the ID is smaller than the min ID, or larger than the max ID. Another case is when the stored index is -1. If you want full support you cannot just abort the lookup when you see a -1 index.

If you want full out-of-process support you in general need 4 different implementations: Vec, IX*, PI* and Spar. The IX and PI implementations just need to be able to handle all the different size combinations.

[VesperCore]

Hello MaiN, thanks for the details. I've started reversing the function WowClientDB2__GetRowPointer byte by byte, yet I only reversed the first half of it, the one that does not requires additionnals parameters out of the DB2 Address and the index.

It wont read Spell.db2 at all since I believe you must read it from the other half, here's the port.

It's totally fine for reading what I'll call "normal db2" xD Exemple, Map.db2, no problem at all;

[C#] using System.Threading; namespace nManager.Wow.Helpers { public class W - Pastebin.com

You are right for not stopping if you see a -1 index, here I had to reverse an alternative to finding the right row:

Code:

            if (v6 == -1 || goToEnd)
            {
                result = WowClientDB2__GetRowPointerBySecondaryIndex(Memory.WowMemory.Memory.ReadUInt(_this + 84), a2);
            }

But it seems that index = -2 is a dead end (at this function and that's where the code I did not reverse starts mostly):

Code:

 if (v6 == -2)
                    return 0;
            }

Note: at some point in the code you'll see a "while (X != Y)" which scared me as if I do any mistakes in the reading or w/e, it will freeze the program here, so I added a "security check", but it should not be reached anyway. Well, if I want to read big SpellId, I may need to increase it to 300k to be sure)

[MaiN]

The reason it does not work for Spell.db2 is that its lookup kind is Vec. I also wouldn't call Map.db2 the "normal" db2 kind; its lookup kind is only the 3rd most used.
Here is a breakdown of how many tables use each lookup kind:

Code:

IX8: 199
IX16: 149
PIss: 64
PIbb: 47
PIsb: 43
Vec: 25
PIis: 18
Null: 6
PIii: 4
Spar: 3
PIib: 2

The function with "while (X != Y)" is a binary search to find the entry with the correct ID. Binary searches are used for looking up cached entries (always 4-byte IDs, 4-byte indices) and for all the PI* variants (size of each entry depends on the kind here, eg. PIss uses 16-bit IDs, 16-bit indices, PIbb uses 8-bit IDs, 8-bit indices, etc.).
Finally, here is a list of most databases and what kind of lookup they use:

Code:

Achievement: PIss
Achievement_Category: PIsb
AdventureJournal: IX16
AdventureMapPOI: IX8
AnimationData: IX16
AnimKit: IX16
AnimKitBoneSet: IX8
AnimKitBoneSetAlias: IX8
AnimKitConfig: PIsb
AnimKitConfigBoneSet: PIsb
AnimKitPriority: PIsb
AnimKitSegment: IX16
AnimReplacement: PIss
AnimReplacementSet: IX8
AreaGroupMember: IX16
AreaPOI: PIss
AreaPOIState: IX16
AreaTable: IX16
AreaTrigger: PIss
AreaTriggerActionSet: PIss
AreaTriggerBox: PIsb
AreaTriggerCylinder: PIbb
AreaTriggerSphere: PIbb
ArmorLocation: IX8
Artifact: IX8
ArtifactAppearance: IX16
ArtifactAppearanceSet: IX8
ArtifactCategory: Vec
ArtifactPower: IX16
ArtifactPowerLink: PIss
ArtifactPowerRank: IX16
ArtifactQuestXP: Vec
ArtifactUnlock: IX8
AuctionHouse: IX8
BankBagSlotPrices: IX8
BannedAddOns: IX8
BarberShopStyle: PIss
BattlemasterList: PIsb
BattlePetAbility: IX16
BattlePetAbilityEffect: IX16
BattlePetAbilityState: PIss
BattlePetAbilityTurn: PIss
BattlePetBreedQuality: IX8
BattlePetBreedState: PIsb
BattlePetEffectProperties: IX8
BattlePetNPCTeamMember: Null
BattlePetSpecies: IX16
BattlePetSpeciesState: PIss
BattlePetSpeciesXAbility: IX16
BattlePetState: IX8
BattlePetVisual: IX16
BoneWindModifierModel: IX8
BoneWindModifiers: IX8
Bounty: PIbb
BountySet: Vec
BroadcastText: PIis
CameraEffect: IX8
CameraEffectEntry: IX16
CameraMode: IX16
CameraShakes: IX8
CastableRaidBuffs: Vec
Cfg_Categories: IX8
Cfg_Configs: IX8
Cfg_Regions: PIbb
CharacterFaceBoneSet: IX16
CharacterFacialHairStyles: PIss
CharacterLoadout: IX8
CharacterLoadoutItem: IX16
CharBaseInfo: IX8
CharBaseSection: IX8
CharComponentTextureLayouts: Vec
CharComponentTextureSections: IX8
CharHairGeosets: PIss
CharSections: PIis
CharShipment: IX8
CharShipmentContainer: IX8
CharStartOutfit: IX8
CharTitles: IX16
ChatChannels: PIbb
ChrClasses: IX8
ChrClassesXPowerTypes: PIbb
ChrClassRaceSex: IX8
ChrClassTitle: IX8
ChrClassUIDisplay: IX8
ChrClassVillain: IX8
ChrRaces: IX8
ChrSpecialization: PIsb
ChrUpgradeBucket: IX8
ChrUpgradeBucketSpell: PIss
ChrUpgradeTier: IX8
CinematicCamera: PIsb
CinematicSequences: PIsb
CloakDampening: IX8
CombatCondition: IX16
ComponentModelFileData: PIis
ComponentTextureFileData: PIis
ConversationLine: Spar
Creature: PIis
CreatureDifficulty: PIis
CreatureDisplayInfo: IX16
CreatureDisplayInfoCond: IX8
CreatureDisplayInfoExtra: PIis
CreatureDisplayInfoTrn: IX8
CreatureDispXUiCamera: IX8
CreatureFamily: PIbb
CreatureImmunities: PIbb
CreatureModelData: IX16
CreatureMovementInfo: IX8
CreatureSoundData: IX16
CreatureType: IX8
Criteria: IX16
CriteriaTree: IX16
CriteriaTreeXEffect: PIss
CurrencyCategory: PIbb
CurrencyTypes: PIsb
Curve: IX8
CurvePoint: IX16
DeathThudLookups: IX8
DecalProperties: IX8
DeclinedWord: Null
DeclinedWordCases: Null
DestructibleModelData: IX8
DeviceBlacklist: IX8
DeviceDefaultSettings: IX8
Difficulty: IX8
DissolveEffect: IX16
DriverBlacklist: IX8
DungeonEncounter: PIss
DungeonMap: IX16
DungeonMapChunk: IX16
DurabilityCosts: IX16
DurabilityQuality: IX8
EdgeGlowEffect: PIbb
Emotes: PIss
EmotesText: PIss
EmotesTextData: IX16
EmotesTextSound: IX16
EnvironmentalDamage: IX8
Exhaustion: IX8
Faction: PIss
FactionGroup: IX8
FactionTemplate: PIss
FootprintTextures: IX8
FootstepTerrainLookup: IX16
FriendshipRepReaction: IX8
FriendshipReputation: PIbb
FullScreenEffect: Vec
GameObjectArtKit: PIbb
GameObjectDiffAnimMap: PIbb
GameObjectDisplayInfo: PIss
GameObjectDisplayInfoXSoundKit: IX16
GameObjects: PIis
GameTips: IX8
GarrAbility: IX16
GarrAbilityCategory: IX8
GarrAbilityEffect: IX16
GarrBuilding: PIbb
GarrBuildingDoodadSet: IX8
GarrBuildingPlotInst: IX16
GarrClassSpec: IX8
GarrClassSpecPlayerCond: IX8
GarrEncounter: IX16
GarrEncounterSetXEncounter: IX8
GarrEncounterXMechanic: IX16
GarrFollItemSetMember: IX16
GarrFollower: IX16
GarrFollowerLevelXP: IX8
GarrFollowerQuality: PIbb
GarrFollowerSetXFollower: Null
GarrFollowerType: IX8
GarrFollowerUICreature: IX16
GarrFollowerXAbility: IX16
GarrFollSupportSpell: IX8
GarrMechanic: IX8
GarrMechanicSetXMechanic: IX8
GarrMechanicType: IX8
GarrMission: IX16
GarrMissionTexture: IX8
GarrMissionType: IX8
GarrMissionXEncounter: IX16
GarrMissionXFollower: IX8
GarrMssnBonusAbility: IX8
GarrPlot: PIbb
GarrPlotBuilding: PIbb
GarrPlotInstance: PIbb
GarrPlotUICategory: IX8
GarrSiteLevel: PIsb
GarrSiteLevelPlotInst: PIsb
GarrSpecialization: IX8
GarrString: IX8
GarrTalent: IX8
GarrTalentTree: PIbb
GarrType: Vec
GarrUiAnimClassInfo: IX8
GarrUiAnimRaceInfo: IX8
GemProperties: IX16
GlyphBindableSpell: IX8
GlyphExclusiveCategory: IX8
GlyphProperties: IX16
GlyphRequiredSpec: IX16
GMSurveyAnswers: IX8
GMSurveyCurrentSurvey: IX8
GMSurveyQuestions: IX8
GMSurveySurveys: IX8
GroundEffectDoodad: IX16
GroundEffectTexture: PIis
GroupFinderActivity: IX16
GroupFinderActivityGrp: IX8
GroupFinderCategory: IX8
GuildColorBackground: IX8
GuildColorBorder: IX8
GuildColorEmblem: IX8
GuildPerkSpells: IX8
Heirloom: PIsb
HelmetAnimScaling: IX8
HelmetGeosetVisData: PIbb
HighlightColor: PIbb
HolidayDescriptions: PIbb
HolidayNames: PIbb
Holidays: PIsb
ImportPriceArmor: IX8
ImportPriceQuality: IX8
ImportPriceShield: Vec
ImportPriceWeapon: IX8
InvasionClientData: IX8
Item: IX16
Item_Sparse: Spar
ItemAppearance: IX16
ItemAppearanceXUiCamera: IX8
ItemArmorQuality: IX16
ItemArmorShield: IX16
ItemArmorTotal: IX16
ItemBagFamily: IX8
ItemBonus: IX16
ItemBonusListLevelDelta: PIss
ItemBonusTreeNode: PIsb
ItemChildEquipment: PIbb
ItemClass: IX8
ItemContextPickerEntry: Vec
ItemCurrencyCost: IX16
ItemDamageAmmo: IX16
ItemDamageOneHand: IX16
ItemDamageOneHandCaster: IX16
ItemDamageTwoHand: IX16
ItemDamageTwoHandCaster: IX16
ItemDisenchantLoot: IX8
ItemDisplayInfo: IX16
ItemDisplayInfoMaterialRes: Vec
ItemDisplayXUiCamera: IX8
ItemEffect: IX16
ItemExtendedCost: IX16
ItemGroupSounds: IX8
ItemLimitCategory: IX16
ItemLimitCategoryCondition: PIbb
ItemModifiedAppearance: Vec
ItemModifiedAppearanceExtra: PIss
ItemNameDescription: PIsb
ItemPetFood: IX8
ItemPriceBase: IX16
ItemRandomProperties: IX16
ItemRandomSuffix: IX16
ItemRangedDisplayInfo: IX8
ItemSet: IX16
ItemSetSpell: IX16
ItemSpec: IX16
ItemSpecOverride: IX16
ItemSubClass: IX8
ItemSubClassMask: IX8
ItemUpgrade: PIsb
ItemVisualEffects: IX8
ItemVisuals: IX8
ItemXBonusTree: PIss
JournalEncounter: PIss
JournalEncounterCreature: PIss
JournalEncounterItem: IX16
JournalEncounterSection: IX16
JournalEncounterXDifficulty: PIss
JournalInstance: PIsb
JournalItemXDifficulty: IX16
JournalSectionXDifficulty: IX16
JournalTier: PIsb
JournalTierXInstance: PIsb
KeyChain: PIbb
KeystoneAffix: IX8
Languages: PIbb
LanguageWords: IX16
LfgDungeonExpansion: IX8
LfgDungeonGroup: IX8
LfgDungeons: PIss
LfgDungeonsGroupingMap: IX8
LfgRoleRequirement: IX8
Light: PIss
LightData: IX16
LightParams: IX16
LightSkybox: IX8
LiquidMaterial: IX8
LiquidObject: IX8
LiquidType: PIsb
LoadingScreens: IX8
LoadingScreenTaxiSplines: PIsb
Locale: IX8
Location: IX16
Lock: PIss
LockType: IX8
LookAtController: PIbb
MailTemplate: IX8
ManifestInterfaceActionIcon: PIis
ManifestInterfaceItemIcon: PIis
ManifestInterfaceTOCData: PIib
ManifestMP3: PIis
Map: PIss
MapChallengeMode: PIbb
MapDifficulty: PIss
MapDifficultyXCondition: IX16
MarketingPromotionsXLocale: PIsb
Material: IX8
MinorTalent: PIsb
ModelAnimCloakDampening: IX8
ModelFileData: PIis
ModelRibbonQuality: Vec
ModifierTree: IX16
Mount: IX16
MountCapability: PIbb
MountTypeXCapability: IX8
Movie: PIsb
MovieFileData: PIib
MovieVariation: IX8
NameGen: IX16
NpcModelItemSlotDisplayInfo: PIii
NPCSounds: IX16
ObjectEffect: IX16
ObjectEffectGroup: IX16
ObjectEffectModifier: PIbb
ObjectEffectPackage: PIss
ObjectEffectPackageElem: IX16
OutlineEffect: PIbb
OverrideSpellData: IX16
PageTextMaterial: IX8
PaperDollItemFrame: IX8
ParticleColor: IX16
Path: PIss
PathNode: IX16
PathNodeProperty: PIis
PathProperty: PIsb
Phase: IX8
PhaseShiftZoneSounds: IX8
PhaseXPhaseGroup: IX16
PlayerCondition: PIss
Positioner: IX8
PositionerState: IX8
PositionerStateEntry: IX8
PowerDisplay: IX8
PowerType: IX8
PrestigeLevelInfo: IX8
PvpBracketTypes: IX8
PvpDifficulty: PIsb
PvpItem: IX16
PvpReward: PIbb
PvpTalent: PIss
PvpTalentUnlock: IX8
QuestFactionReward: Vec
QuestFeedbackEffect: IX8
QuestInfo: PIbb
QuestLine: IX8
QuestLineXQuest: IX16
QuestMoneyReward: IX8
QuestObjective: PIss
QuestPackageItem: PIss
QuestPOIBlob: PIis
QuestPOIPoint: PIii
QuestPOIPointCliTask: PIis
QuestSort: PIsb
QuestV2: IX16
QuestV2CliTask: PIss
QuestXP: IX8
RacialMounts: IX8
RandPropPoints: IX16
ResearchBranch: PIsb
ResearchField: Vec
ResearchProject: PIsb
ResearchSite: PIss
Resistances: IX8
RewardPack: IX8
RewardPackXCurrencyType: IX8
RewardPackXItem: IX8
RibbonQuality: IX8
RulesetItemUpgrade: PIss
ScalingStatDistribution: IX8
Scenario: PIss
ScenarioEventEntry: IX8
ScenarioStep: PIss
SceneScript: PIss
SceneScriptPackage: IX16
SceneScriptPackageMember: IX16
ScheduledInterval: IX8
ScheduledWorldState: PIss
ScheduledWorldStateGroup: PIbb
ScheduledWorldStateXUniqCat: IX16
ScreenEffect: PIss
ScreenLocation: IX8
SeamlessSite: IX8
ServerMessages: IX8
ShadowyEffect: IX8
SkillLine: PIsb
SkillLineAbility: PIss
SkillRaceClassInfo: PIsb
SoundAmbience: IX16
SoundAmbienceFlavor: IX16
SoundBus: IX8
SoundEmitterPillPoints: IX16
SoundEmitters: IX16
SoundFilter: IX8
SoundFilterElem: IX8
SoundKit: Vec
SoundKitAdvanced: IX16
SoundKitChild: PIsb
SoundKitEntry: Vec
SoundKitFallback: IX8
SoundOverride: IX8
SoundProviderPreferences: PIbb
SourceInfo: IX16
SpamMessages: IX8
SpecializationSpells: PIss
Spell: Vec
SpellActionBarPref: IX8
SpellActivationOverlay: PIsb
SpellAuraOptions: IX16
SpellAuraRestrictions: PIss
SpellAuraVisibility: PIsb
SpellAuraVisXChrSpec: PIss
SpellCastingRequirements: IX16
SpellCastTimes: IX8
SpellCategories: IX16
SpellCategory: PIss
SpellChainEffects: IX16
SpellClassOptions: PIss
SpellCooldowns: IX16
SpellDescriptionVariables: IX8
SpellDispelType: IX8
SpellDuration: IX8
SpellEffect: Vec
SpellEffectCameraShakes: IX8
SpellEffectEmission: IX8
SpellEffectGroupSize: IX16
SpellEffectScaling: IX16
SpellEquippedItems: PIss
SpellFlyout: PIbb
SpellFlyoutItem: PIsb
SpellFocusObject: PIss
SpellIcon: IX16
SpellInterrupts: IX16
SpellItemEnchantment: IX16
SpellItemEnchantmentCondition: Null
SpellKeyboundOverride: IX8
SpellLabel: IX16
SpellLearnSpell: PIsb
SpellLevels: IX16
SpellMechanic: IX8
SpellMisc: Vec
SpellMiscDifficulty: Vec
SpellMissile: PIsb
SpellMissileMotion: PIss
SpellPower: PIss
SpellPowerDifficulty: PIsb
SpellProceduralEffect: IX16
SpellProcsPerMinute: IX8
SpellProcsPerMinuteMod: IX8
SpellRadius: IX8
SpellRange: IX8
SpellReagents: IX16
SpellReagentsCurrency: IX16
SpellScaling: IX16
SpellShapeshift: PIss
SpellShapeshiftForm: IX8
SpellSpecialUnitEffect: IX8
SpellTargetRestrictions: PIss
SpellTotems: PIss
SpellVisual: IX16
SpellVisualAnim: IX16
SpellVisualColorEffect: IX8
SpellVisualEffectName: IX16
SpellVisualKit: Vec
SpellVisualKitAreaModel: IX16
SpellVisualKitEffect: Vec
SpellVisualKitModelAttach: PIii
SpellVisualMissile: IX16
SpellXSpellVisual: Vec
Startup_Strings: IX8
Stationery: PIbb
StringLookups: IX8
SummonProperties: PIss
TactKey: PIbb
TactKeyLookup: PIbb
Talent: PIss
TaxiNodes: PIss
TaxiPath: IX16
TaxiPathNode: Vec
TerrainMaterial: PIbb
TerrainType: IX8
TerrainTypeSounds: IX8
TextureBlendSet: IX8
TextureFileData: PIii
TotemCategory: PIbb
Toy: IX16
TradeSkillCategory: IX16
TransformMatrix: IX8
TransmogSet: IX8
TransmogSetItem: IX16
TransportAnimation: PIis
TransportPhysics: PIbb
TransportRotation: PIis
Trophy: IX8
UiCamera: IX16
UiCameraType: IX8
UiCamFbackTransmogChrRace: IX16
UiCamFbackTransmogWeapon: IX8
UiMapPOI: Vec
UiTextureAtlas: IX16
UiTextureAtlasMember: IX16
UiTextureKit: IX8
UnitBlood: IX8
UnitBloodLevels: IX8
UnitCondition: IX16
UnitPowerBar: IX8
Vehicle: IX16
VehicleSeat: PIss
VehicleUIIndicator: PIsb
VehicleUIIndSeat: PIsb
VideoHardware: IX8
Vignette: IX16
VocalUISounds: IX16
WbAccessControlList: IX8
WbCertBlacklist: Null
WbCertWhitelist: IX8
WbPermissions: IX8
WeaponImpactSounds: PIbb
WeaponSwingSounds2: IX8
WeaponTrail: IX8
WeaponTrailModelDef: IX8
WeaponTrailParam: IX16
Weather: PIbb
WindSettings: PIbb
WMOAreaTable: IX16
WmoMinimapTexture: Spar
World_Pvp_Area: PIbb
WorldBossLockout: IX8
WorldChunkSounds: IX16
WorldEffect: IX16
WorldElapsedTimer: IX8
WorldMapArea: PIss
WorldMapContinent: IX8
WorldMapOverlay: IX16
WorldMapTransforms: IX8
WorldStateExpression: IX16
WorldStateUI: IX16
WorldStateZoneSounds: IX8
ZoneIntroMusicTable: IX16
ZoneLight: PIsb
ZoneLightPoint: PIss
ZoneMusic: IX16

[VesperCore]

Those are the DB2 I was reading and currently reading from files. This is a bit annoying given there is 4 different kind to support, and I would like to "re"-support Spell/SpellMisc ones.

Code:

FactionTemplate: PIss
Lock: PIss
Map: PIss
SpellCategories: IX16
QuestPOIPoint: PIii
ItemClass: IX8
ItemSubClass: IX8
ResearchSite: PIss

So far, the part I reversed is enough to read PIss, I haven't tested the others kind yet.

[MaiN]

The IX and Vec kinds are very simple as they are just a flat map. PIii is exactly the same as PIss but with 4-byte IDs and 4-byte indices for the binary search table entries.
Extending what you have right now to the rest of those should not be too hard.

[Zazazu]

You can access it here:

Code:

Read<uint>(Read<uint>(Wow.exe + db2Offset + 0xA8) + 0x48);

Format is
Key(short), Value(short)

Key is the index.
If Value is -1 or -2, abort mission, if it's 0, it's fine.

PointerToDB2 = Read<uint>(Wow.exe + db2Offset)
You should stop reading this array at Max Rows = (PointerToDB2 + 0xb8 *4) (in case of Map.db2, it's 677)
You should also stop reading if your current value is greater than MaxIndex = (PointerToDB2 + 0xC4) (1670 in case of Map.db2)

Try understand this topic...
So...
0xD29264 pointer to Map.db2
Read<IntPtr>(Wow.exe + 0xD29264) = PointerToMap (wdb5_db2_header + fields + records + string_table ((c) WDB5))
Read<IntPtr>(Wow.exe + 0xD29264 + 0x04) = rows array
I understand it. I can read all records (with string_table). Record is corrects. But where index array? i cant find...
Can help me whith index-offset?

[Zazazu]

ouch....
So... I understood. My mistake was in getting address... I get started ptr to DataTable (wdb5) without ptr to FileInfo... Now i get correct pointers and read all indexes... IX?? format is realy simple )))
Ty for code

Last questions: how determine what kind index lookup for table?

UPD: not for all For Map.db2 PIss work correct (array of index like [index, FFFF]), but for FactionTemplate.db2 index array is incorrect... Can any show dump idex-array for FactionTemplate.db2?

[Zazazu]

Format is

Key(short), Value(short)

Key is the index.
If Value is -1 or -2, abort mission, if it's 0, it's fine.

Got It

VesperCore a bit wrong... Key = index increment, value = position in array...

So... Have PIxx, IXxx and Vec ready lookup.