Some Classes and Functions from 2012.09.09 menu

These ads disappear when you log in.

Page 1 of 12 12345 ... LastLast
Results 1 to 15 of 170
  1. #1
    Kamikaaze's Avatar Private
    Reputation
    13
    Join Date
    Apr 2007
    Posts
    10
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)

    Some Classes and Functions from 2012.09.09

    Here is what i've found out yet. It's not that much since i didn't have too much time for reversing Guild Wars 2 lately.

    The Informations have been gathered from the Executable from 2012.09.09. Forgot to write down the build number

    Functions:

    getClientContext():
    Code:
    .text:00636800 getCliContext   proc near               ; CODE XREF: sub_43E900p
    .text:00636800                                         ; sub_43E910+71p ...
    .text:00636800                 mov     eax, TlsIndex
    .text:00636805                 mov     ecx, large fs:2Ch
    .text:0063680C                 mov     edx, [ecx+eax*4]
    .text:0063680F                 mov     eax, [edx+4]
    .text:00636815                 retn
    .text:00636815 getCliContext   endp
    getAsContext():
    Code:
    .text:00ACE030 getAsContext    proc near               ; CODE XREF: sub_412470+41p
    .text:00ACE030                                         ; sub_413860+357p ...
    .text:00ACE030                 mov     eax, offset dword_1680640
    .text:00ACE035                 retn
    .text:00ACE035 getAsContext    endp


    Classes:

    Code:
    class AsContext{
    
    }
    Code:
    VTable AsContext{
    +58h - setTarget(DWORD targetID)
    }
    Code:
    class CliContext{
    +34h - m_chCliContext
    }
    Code:
    class chCliContext{
    +14h - m_CharacterArray
    ...
    +1Ch - m_CharacterArrayCount
    +28h - m_PlayerArray
    +30h - mPlayerArrayCount
    ...
    +38h - m_controlledCharacter
    }
    Code:
    VTable chCliContext{
    +14h - getControlledCharacter()
    +18h - getControlledPlayer()
    ...
    +38h - getPlayerFromListById()
    }
    Code:
    class Character{
    +44h - m_Agent
    +48h - Type (some sort of ID may contain Type || 30000000 means player; Type || 20000000 means Monster; the lower bytes are the id into the Character Array)
    ...
    +60h - m_attitudeTowardControlled
    ...
    +68h - m_inWater (0 means no; 1 means diving; 2 means swimming on surface)
    ...
    +0A0h - m_Alive (0 means alive; 1 means defeated; 2 means fighting for life)
    ...
    +0ACh - m_nameOverride
    ...
    +0C0h - m_renownSubRegion
    ...
    +128h - m_CoreStats
    ...
    +14Ch - m_endurance
    +150h - m_healthClass
    +154h - m_inventory
    +158h - m_kennel
    ...
    +184h - m_Profession
    +188h - m_skillbar
    }
    Code:
    VTable Character{
    +34h - getInventory()
    ...
    +4Ch - getProfession()
    ...
    +54h - getSkillbar()
    ...
    +80h - getAgent()
    +84h - getAgentId()
    ...
    +0B8h - getPlayer()
    ...
    +0D4h - isAlive()
    ...
    +0E0h - isDowned() (Alternatively this one may be called isDead)
    ...
    +0FCh - isInWater()
    ...
    +108h - isMonster()
    ...
    +118h - isMonsterPlayerClone()
    ...
    +12Ch - isPlayer()
    }
    Code:
    class Player{
    +8h - m_Character
    ...
    +30h - m_name (Unicode)
    ...
    +38h - m_playerId
    }
    Code:
    VTable Player{
    +2Ch - getPlayerId()
    ...
    +0A8h - getSkillMgr()
    ...
    +0C0h - getTraitMgr()
    }
    Code:
    class CoreStats{
    +7Ch - Actual Level
    ...
    +84h - Power
    +88h - Precision
    +8Ch - Toughness
    +90h - Vitality
    ...
    +0A0h - Displayed Level (Zone Dependent)
    +0A4h - Total Experience over all Levels
    }
    Code:
    VTable CoreStats{
    
    }
    Code:
    class Agent{
    +10h - m_CharacterIndex (Index of the Character inside the Character Array)
    ...
    +1Ch - m_Position
    ...
    +5Ch - m_AgentId
    ...
    +64h - ClientControl - Bit 3 sets wether the user can control his character. Using skills while Bit is 0 crashes the game
    ...
    +90h - Rotation (Writable, but only while standing; positive Values rotate you counterclockwise)
    }
    Code:
    VTable Agent{
    +10h - getCategory() (0 equals AGENT_CATEGORY_CHAR)
    ...
    +5Ch - getAgentId()
    ...
    +9Ch - getType() (0 equals AGENT_TYPE_CHAR; 9 equals AGENT_TYPE_GADGET)
    }
    Code:
    class Position{
    +20h - X
    +24h - Y
    +28h - Z
    }
    Code:
    class SkillBar{
    +40h - m_activationInputPressedSkillbarSlot
    ...
    +4Ch - m_autoAttack (-1 means no Auto Attack)
    ...
    +5Ch - m_outOfRangeActivationSkillbarSlot
    }
    Code:
    VTable SkillBar{
    +0h - getAutoAttack()
    ...
    +58h - castSpellBySlot(DWORD skillBarSlot, DWORD UNKNOWN)
    }
    Notes: The Skillbar is enumerated starting from left to right: 5, 6, 7, 8, 9, 0, 1, 2, 3, 4
    Setting a breakpoint at castSpellBySlot and changing the skillBarSlot Argument changes the executed Attack. UNKNOWN was always 0 as i tested. Haven't tested to call this function with a Hook yet.

    GetAsContext or "GetAgentSelectionContext" is usefull for calling a function that might be named setTarget.
    Setting a breakpoint and changing the targetId Argument changes the then selected Target. 0 means deselect target. This one, in comparison to writing the memory value, not only sets the Target but it also Displays the targets Health bar. This one has been tested by calling with a hook.


    This is the part of Code where i retrieve the current getContext functions:

    Code:
    .text:0045A908                 call    getAsContext    ; 01418598
    .text:0045A90D                 mov     edx, [eax]
    .text:0045A90F                 mov     ecx, eax
    .text:0045A911                 mov     eax, [edx+58h]  ; 14185F0
    .text:0045A914                 push    ebx
    .text:0045A915                 call    eax             ; 00AD1F40 <- Settarget
    .text:0045A917                 mov     dword ptr [esi+64h], 1
    .text:0045A91E                 cmp     dword ptr [edi+18h], 2
    .text:0045A922                 jnz     short loc_45A964
    .text:0045A924                 call    charClientContext
    .text:0045A929                 mov     edx, [eax]
    .text:0045A92B                 mov     ecx, eax
    .text:0045A92D                 mov     eax, [edx+18h]
    .text:0045A930                 call    eax
    .text:0045A932                 mov     [ebp+var_4], eax
    .text:0045A935                 test    eax, eax
    .text:0045A937                 jnz     short loc_45A94D
    .text:0045A939                 push    152h
    .text:0045A93E                 mov     edx, offset a______GameU_10 ; "..\\..\\..\\Game\\Ui\\Scenes\\Gameplay\\GpMous"...
    .text:0045A943                 mov     ecx, offset aPlayer ; "player"
    .text:0045A948                 call    sub_64E910
    I hope this helps other people around here reversing the Game.

    Please share your finds and corrections of my posted Informations.
    Last edited by Kamikaaze; 09-17-2012 at 11:29 AM. Reason: Updated informations

    These ads disappear when you log in.

  2. #2
    Net07's Avatar Private
    Reputation
    5
    Join Date
    Sep 2012
    Posts
    5
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    I must say: Thank you very much. I've been developing a bot, and this is very helpful. Within the coming days I hope to get some of my things in here as well

  3. #3
    Net07's Avatar Private
    Reputation
    5
    Join Date
    Sep 2012
    Posts
    5
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Updated to September 12 Build:
    GetCliContext: 0x636880
    GetAsContext: 0xBC9C60

    I'm going to work on getting patterns for other things as well.

    Btw, how do I access a function in the VTable for a certain class?


    Code:
    class CoreStats
    {
    +7C - Actual Level
    ...
    +84h - Power
    +88h - Precision
    +8Ch - Toughness
    +90h - Vitality
    ...
    +A0 - Displayed Level (zone dependent)
    +A4 - Experience
    }
    Last edited by Net07; 09-12-2012 at 09:32 PM.

  4. #4
    ITAUTO's Avatar Private
    Reputation
    1
    Join Date
    Jan 2012
    Posts
    14
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Wow... What are you using to find those? And where can I learn about implementing them?

  5. #5
    Kamikaaze's Avatar Private
    Reputation
    13
    Join Date
    Apr 2007
    Posts
    10
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    A Pointer to the VTable is located at Offset +0h of every class. However some classes contain more than 1 or no VTable. Additional VTables are then stored at Offset +4h and so on.

    To learn how to implement them you have to search the Internet and simply try to reverse executables to learn how compilers store classes in Memory and so on. I started my Journey years ago with WoW and this forum is really a great resource to gather knowledge of what / where to look for in those executables like WoW or in this case GW2.
    And i am far away from being a good Reverser :-)

  6. #6
    Net07's Avatar Private
    Reputation
    5
    Join Date
    Sep 2012
    Posts
    5
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Originally Posted by Kamikaaze View Post
    A Pointer to the VTable is located at Offset +0h of every class. However some classes contain more than 1 or no VTable. Additional VTables are then stored at Offset +4h and so on.

    To learn how to implement them you have to search the Internet and simply try to reverse executables to learn how compilers store classes in Memory and so on. I started my Journey years ago with WoW and this forum is really a great resource to gather knowledge of what / where to look for in those executables like WoW or in this case GW2.
    And i am far away from being a good Reverser :-)
    Ah ok that's all I wanted to know. I'm actually using an in-process injection method, and I need to start hooking some of the funcs. Only problems I really had was a way to track methods, but that answered that :P.

    Btw, any idea what compiler they used on GW? I see a lot of weird calling conventions (such as first arg passed in edi)

  7. #7
    1M1's Avatar Contributor CoreCoins User
    Reputation
    126
    Join Date
    Aug 2012
    Posts
    90
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Microsoft Visual C++ 9.0 - Visual Studio 2008 ( E8 )
    *M*

  8. #8
    JuJuBoSc's Avatar Banned for scamming CoreCoins User
    Reputation
    1018
    Join Date
    May 2007
    Posts
    922
    Thanks G/R
    1/2
    Trade Feedback
    1 (100%)
    +58h - castSpellBySlot(DWORD skillBarSlot, DWORD UNKNOWN)
    the UNKNOWN is the target agent (if any)

    +48h - Type (some sort of ID may contain Type || 30000000 means player; Type || 20000000 means Monster)
    Removing the flag part, you get an index usable in the ChCliContext to retrieve ChCliCharacter / ChCliPlayer object using the array.

    Good to see people doing real reversing, this make me want to share most stuff since I have almost every class reversed.

    Don't hesitate to PM me if you need any help.
    Last edited by JuJuBoSc; 09-14-2012 at 05:21 PM.

  9. #9
    Net07's Avatar Private
    Reputation
    5
    Join Date
    Sep 2012
    Posts
    5
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    AsContext VTable [0x8] - 0xBCB300 - Interact()
    AsContext VTable [0x48] - 0x5FBCF0 - Likely a getSomeContext() function
    AsContext VTable [0x4C] - 0xBC9250 - Tests a flag at AsContext+0xE8 (flag >> 6 & 1)
    AsContext VTable [0x5C] - 0xBC9450 - Sets the same part of the same flag again (AsContext+0xE
    AsContext VTable [0x60] - 0xBCCB40 - hits BP on mouse click. Has 2 args (EBP+0xC = Pointer to a mouse position context (ratio of x and y to middle of screen)
    AsContext VTable [0x64] - 0xBCCB70 - hits BP on mouse click (after last func). (Also last func of VTable)

    Note: This is byte*addressed, not dword
    Last edited by Net07; 09-14-2012 at 07:45 PM.

  10. #10
    z0m's Avatar Banned CoreCoins User
    Reputation
    3
    Join Date
    Jan 2011
    Posts
    56
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    If anyone feels like uploading the previous build (15502), that would be really kind. Seems I never made a backup...

  11. #11
    QKdefus's Avatar Active Member
    Reputation
    49
    Join Date
    May 2010
    Posts
    96
    Thanks G/R
    3/0
    Trade Feedback
    0 (0%)
    Gw2_15502.rar enjoy :)

  12. #12
    z0m's Avatar Banned CoreCoins User
    Reputation
    3
    Join Date
    Jan 2011
    Posts
    56
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Thanks (+).

  13. #13
    Kamikaaze's Avatar Private
    Reputation
    13
    Join Date
    Apr 2007
    Posts
    10
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    I Added some information in the Post at top. Most interesting things are the Position Class of the Agent Class at offset +1Ch, and the players name at Offset +30h in the Player Class.

    Some Notes to the CharacterArray and PlayerArray in ChCliContext:

    The corresponding count number is not the number of Characters/Players really stored in the Array, but more like the Size of the Array. The Array is always 4 * ...ArrayCount huge in Memory.
    The Array contains a huge number of NULL Pointers and i have yet to figure out how to really iterate through it, if possible. Right now all i do is check every entry for Non-NULL.
    The Position of a Character/Player in those Arrays is calculated as follows: (CharacterId or PlayerId * 4) + ArrayBase.

    A Typicall Id is like 5Dh. In the Character Class the Value Type contains this Id || Type as example: 30xxxxxx where xxxx would be the Id, and 30 the Type (Player)

    I also added Net07s Informations to the List

  14. #14
    aforster's Avatar Private
    Reputation
    4
    Join Date
    Sep 2012
    Posts
    1
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Thank you for all this information. I will be contributing once I get going on this project.

  15. #15
    QKdefus's Avatar Active Member
    Reputation
    49
    Join Date
    May 2010
    Posts
    96
    Thanks G/R
    3/0
    Trade Feedback
    0 (0%)
    Code:
            public enum SkillBar : uint
            {
                Slot_1 = 5, // Skill1
                Slot_2 = 6, // Skill2
                Slot_3 = 7, // Skill3
                Slot_4 = 8, // Skill4
                Slot_5 = 9, // Skill5
    
                Slot_6 = 0, // Healing Skill1
                Slot_7 = 1, // Utility Skill1
                Slot_8 = 2, // Utility Skill2
                Slot_9 = 3, // Utility Skill3
                Slot_10 = 4, // Elite Skill1
    
                Slot_11 = 10, // ??
                Slot_12 = 11, // ??
                Slot_13 = 12, // F1
                Slot_14 = 13, // F2 
                Slot_15 = 14, // F3
                Slot_16 = 15, // F4
                Slot_17 = 16, // Mining ?
            }
    on my ranger 10-15 does nothing, not sure why : )

Page 1 of 12 12345 ... LastLast

Similar Threads

  1. [PvP] Ninja Capping Guide Some Class And Race Specific
    By tmanowen in forum World of Warcraft Guides
    Replies: 3
    Last Post: 04-26-2013, 09:27 PM
  2. [Gold] Old place to Farm some gold, and some items ( from junk to epic ).
    By markons in forum World of Warcraft Guides
    Replies: 49
    Last Post: 02-17-2013, 07:58 PM
  3. Class and Instance Guides
    By Robin1986 in forum World of Warcraft Guides
    Replies: 0
    Last Post: 04-11-2007, 02:18 PM
  4. Save your hearth while going back and forth from shatt to SW
    By shakey420 in forum World of Warcraft Exploits
    Replies: 6
    Last Post: 04-07-2007, 03:42 PM
  5. Favourite Class and Race
    By Simy in forum World of Warcraft General
    Replies: 13
    Last Post: 07-12-2006, 08:55 PM
All times are GMT -5. The time now is 08:00 AM. Powered by vBulletin® Version 4.2.3
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved. Digital Point modules: Sphinx-based search