[3.3.5] Looking for Offset: CMapChunk::Purge

[Kaev]

Hiho,

i'm looking for the offset of the method CMapChunk::Purge in the 3.3.5 client.
I have a OSX debug binary from the MoP beta (15662) on my hand and already tried to find any string in and "near" the function, sadly i couldn't find anything that would help.
The method also has 0x3C local variables in it, we (a WoW modding community, i'm not sure if i'm allowed to tell names here) tried to compare every function which has the same amount of local variables, but it seems like the method was changed between 3.3.5 and MoP beta.
Sadly this is where my reverse engineering knowledge ends and we're hoping someone of you could help us there.

If you ask yourself why we need this:
As far as we know we can mark chunks as unloaded with this function which means that the client will reload this chunk. We really want to implement this in Neo, Noggit and other modding tools that we're developing.

If anyone should find it: It would be great if you could explain how you found it, it would be awesome to have it in other versions also. But for me 3.3.5 is the most important one.

Thanks for reading this and i hope someone can help us.

EDIT: As far as i heard somewhere out there is a 3.3.3 debug binary. Does someone have it and could upload it? That could really help!

[danwins]

its not the debug build but i found this:

https://mega.nz/#!ZEdhUSTY!Gp02zdyUY...O2Tpt0ewDdST78

i would also like the debug binary tho if anyone has it.

[Kaev]

its not the debug build but i found this:

https://mega.nz/#!ZEdhUSTY!Gp02zdyUY...O2Tpt0ewDdST78

i would also like the debug binary tho if anyone has it.

I have a newer version of IDA. When i try to convert it, it will say that the database is corrupt. :/
Does this contain any function names or is it just a "normal" 3.3.5 idb?

[danwins]

it contains function names,

it opens for me in ida 6.8.150423(after the update prompt),

[Kaev]

it contains function names,

it opens for me in ida 6.8.150423(after the update prompt)

Can you send me the updated database? Even with the same version as yours i can't open it. :s

[danwins]

it could be the "pirated" issue, since that idb was likely made on the pirated 6.1 ida pro w/o a valid licence.

Are you getting something along the lines of "Sorry, this database has been created by a pirate version of IDA"?

[Kaev]

it could be the "pirated" issue, since that idb was likely made on the pirated 6.1 ida pro w/o a valid licence.

Are you getting something along the lines of "Sorry, this database has been created by a pirate version of IDA"?

"Database is corrupt" Not more, not less.

[danwins]

try this patch for ida(it has the dbfix and the qstpncpy fix):

patch.zip

just replace the files (backup the original files of course).

[Kaev]

try this patch for ida(it has the dbfix and the qstpncpy fix):

patch.zip

just replace the files (backup the original files of course).

It works! Thank you. I didn't exactly found what i was looking for, but at least it's a start.

[Jadd]

its not the debug build but i found this:

https://mega.nz/#!ZEdhUSTY!Gp02zdyUY...O2Tpt0ewDdST78

i would also like the debug binary tho if anyone has it.

There's a PDB for 3.3.5 'floating around'. And by that I mean it's exclusive to some selfish group of people.. would be cool to see it.

[Kaev]

There's a PDB for 3.3.5 'floating around'. And by that I mean it's exclusive to some selfish group of people.. would be cool to see it.

Yeah, especially when there is no real reason to keep it private anymore. I mean, the official servers are not running on 3.3.5 anymore and would you really put that much afford into smth just for exploiting a private server? I wouldn't.

EDIT: Schlumpf maybe found the offset of CMapChunk::Purge, he's guessing it's 0x007C3370 or 0x007C5690. We try our best to test it as soon as possible, but probably will take a bit because of our little reverse engineering knowledge. Thanks to everyone who is and was helping us!
EDIT2: Krill said it's the second, 0x007C5690, here's the code from IDA: [C++] float __thiscall sub_7C5690(int this, int a2) { int v2; // ebx@1 int - Pastebin.com