[2.4.3] help with reading buff text, accessing spelldb?

[squiggy]

hi,

I initially wanted to read the text associated with an aura in order to detect when drinking/eating since it stays the same no matter which item is used. While i could do this with lua i thought it would be a simple affair of finding it in memory. To make the story of my weekend short, it wasnt and ive been stubbornly keeping at it wanting to figure it out.

Ive been studying the "script_unitBuff " method which led me to a datastructure at 0xBA0BE0. I initially thought it was what ive seen reffered as g_SpellDb in the vanilla beta pdb but im not sure. What little information about its structure ive found dont seem to match with what im seeing.

Code:

Script_UnitBuff,  line: 57
     if ( sub_466680(             (int)&g_spelldbMaybe,
             *(_DWORD *)(*(_DWORD *)(wowUnit_v5 + 0x120) + 4 * (unsigned __int8)v7 + 0xA8),// grabs aura id, gets spellrec(?) struct
             &SpellRec?) )

The unitbuff function has a nice struct on the stack with the information i need but its populated by this function which takes a record(?) from (0xBA0BE0 + 0x20) + index:

Code:

// Copies spellrec? struct from spelldb?
// a1: spellrec?
// a2: size
// a3: destination?
_BYTE *__cdecl sub_4664C0(_BYTE *source, int size?, _BYTE *outStruct)
{
  _BYTE *outStructEndAddr; // edi@1
  _BYTE *result; // eax@1
  _BYTE *i; // ecx@1
  int v6; // esi@3


  outStructEndAddr = &outStruct[size?];
  *outStruct = *source;
  result = outStruct + 1;
  for ( i = source + 1; result < outStructEndAddr; ++i )
  {
    *result++ = *i;
    if ( *i == *(i - 1) )
    {
      v6 = i[1];
      if ( i[1] )
      {
        do
        {
          --v6;
          *result++ = *i;
        }
        while ( v6 );
      }
      i += 2;
      if ( result < outStructEndAddr )
        *result++ = *i;
    }
  }
  return result;

Its copying too much data for me to (easily) figure out how to handle the source structure. Ive looked at the source but i think it might have headers inside it (or whatever its using the innerloop to read), in either case I havent been able to find a consistent offset to the string im looking for in it. Atm im just calling this function and read the data from the struct it builds instead, that works but i was hoping to read the data without injecting.

I guess what im asking is. Does anyone know what datastructure/object im accessing at 0xBA0BE0 or 0xBA0BE0 + 0x20
Is there any public information about its structure?

[Icesythe7]

you could just read the buff ids in localplayer->data->x and then do like HasBuff(id) thats what i do in vanilla neways would assume its same in tbc but idk

[squiggy]

Hey, thx for replying. I didnt get into it in my post but thats how im handling it atm, Iterating over the auras in the player obj and looking them up in the object i found. The slots correspond to the ids so you can lookup a spell with this formula:
index = (Spellid-1)*4;

I suspect it might not be a good idea to read directly from the object if i would have to search for my values however it seems to contain other interesting data which could be useful for other things. In the end im curios to see wether this is the spelldb data or something else.

----------------------------------------------
Update:

I see no reason to bump this thread so im adding this here instead:

I thought that i had stumbled on something commonly used but since it looks like that might not be the case ill add some more information on how ive been using it in case it may be of use to someone. I dont think this is the spelldb and what im getting is probably the buffTextureName.

If one is to use a method call to get the struct its better to use the function at 0x466680 which has some error handling in place. Theres more information than the buff name in there but i havent looked into it any further. From what i can tell it seems to be stable when called from a remote thread.

Heres a function I wrote while playing with it, anyone wanting to use it should be able to derive what they need from it:

Code:

public string GetBuffNameTest2(int auraId)
        {
            uint spellDb = 0xBA0BE0; //probably not spelldb, some object.
            var structMem = _memory.AllocateMemory(0x260); 

            string[] asm =
            {
                "push dword " + structMem,
                "push dword " + auraId,
                "mov ecx, " + spellDb,
                "call " +0x466680, //bool __thiscall sub_466680(int this, int id, void *a3)
            };
            try
            {
                IntPtr retval;
                if (!InjectAndExecuteReturn(asm, out retval,false) || (int)retval == 0) return string.Empty;
                return _memory.ReadString(_memory.Read<IntPtr>(structMem + 0x1fC), Encoding.UTF8);
            }
            catch (Exception err)
            {
                Log.WriteLine(err.StackTrace);
                return string.Empty;
            }
            finally
            {
                _memory.FreeMemory(structMem);
            }
        }