i am moving on and had some initial success. however, i need help-
i found the following code segment:
007FAFDF CC INT3
007FAFE0 55 PUSH EBP
007FAFE1 8BEC MOV EBP,ESP
007FAFE3 8B45 0C MOV EAX,DWORD PTR SS:[EBP+C]
007FAFE6 8B00 MOV EAX,DWORD PTR DS:[EAX]
007FAFE8 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
007FAFEB 2B01 SUB EAX,DWORD PTR DS:[ECX]
007FAFED 5D POP EBP
007FAFEE C3 RETN
007FAFEF CC INT3
007FAFF0 A1 38AAE800 MOV EAX,DWORD PTR DS:[E8AA38]
007FAFF5 8B88 20010000 MOV ECX,DWORD PTR DS:[EAX+120]
007FAFFB 8079 79 09 CMP BYTE PTR DS:[ECX+79],9
007FAFFF 75 13 JNZ SHORT WoW.007FB014
007FB001 6A 00 PUSH 0
007FB003 8D88 F0250000 LEA ECX,DWORD PTR DS:[EAX+25F0]
007FB009 68 79180000 PUSH 1879
007FB00E E8 ED38DFFF CALL WoW.005EE900
007FB013 C3 RETN
007FB014 33C0 XOR EAX,EAX
007FB016 C3 RETN
007FB017 CC INT3
note:
007FAFF0 A1 38AAE800 MOV EAX,DWORD PTR DS:[E8AA38]
this points to the player struct, from what i can gather. for instance:
if [E8AA38] = 19c10008
then 19c10008 + bf8 is the address which holds FLOAT for player Z coordinate.
so i have the following questions:
1) is there a list of current offsets for various useful information for the player struct? for instance the player mana, health, etc.
2) how do i get to the pointer to the list of what is around the player? is there an offset in the player struct that points to it?
I am not using TLS for the above but below here is what I found:
also i found the following code:
0077624E CC INT3
0077624F CC INT3
00776250 55 PUSH EBP
00776251 8BEC MOV EBP,ESP
00776253 A1 84AAE800 MOV EAX,DWORD PTR DS:[E8AA84]
00776258 64:8B0D 2C000000 MOV ECX,DWORD PTR FS:[2C]
0077625F 53 PUSH EBX
00776260 56 PUSH ESI
00776261 8B3481 MOV ESI,DWORD PTR DS:[ECX+EAX*4]
00776264 8B86 10000000 MOV EAX,DWORD PTR DS:[ESI+10]
0077626A 05 A8000000 ADD EAX,0A8
0077626F 8B40 04 MOV EAX,DWORD PTR DS:[EAX+4]
00776272 A8 01 TEST AL,1
00776274 57 PUSH EDI
note:
00776253 A1 84AAE800 MOV EAX,DWORD PTR DS:[E8AA84]
00776258 64:8B0D 2C000000 MOV ECX,DWORD PTR FS:[2C]
0077625F 53 PUSH EBX
00776260 56 PUSH ESI
00776261 8B3481 MOV ESI,DWORD PTR DS:[ECX+EAX*4]
[e8aa84] holds the tls slot which ends up being 0 during run time
FS:[2C] holds the tls base address which ends up being 167ab0 at run time
so, MOV ESI,DWORD PTR DS:[ECX+EAX*4]
is [167ab0+0*4] which is
167ab0
this is supposed to be the WOWBase as described in thread:
http://www.mmowned.com/forums/wow-me...-tls-help.html
and then
WOWbase + 8 = Player GUID 8 byte long ( __int64 )
WOWbase + 16 = Addres of Objects list around player
when i add 8 to that i get 167ab8 (player GUID?)
when i add 16 to that (or hex 10) i get 167ac0 (Address of Objects?)
unfortunately, the above addresses neither hold any useful info nor do they point to any usefull address.
167ab8 has the following bytes:
00167AB0 C0 21 19 00 88 01 15 00 05 00 02 00 D7 01 08 00
and 167ac0 has:
00167AC0 00 00 00 00
so i can get to the player struct, but unfortunately i cannot seem to find the objects address like i should be able to. is there a way to point to the objects address once you have the player struct address? or do you HAVE to do the TLS method, which apparently I am doing wrong here since the values aren't showing what they should-
any help would be appreciated.