being attacked!?

[ShoniShilent]

A dll does not help you, tell you how? Come on man, use your brains. I'm assuming you know a small amount of assembly, from what i've seen.

Follow the call i use to get the mob flag, you'll see where it reads its information from.

i will try that. i wasn't sure you wanted us breaking apart your code, etc.

just for information this .dll isn't re-routing or detouring the actual WOW.exe, correct? it is simply reading from the WOW.exe memory space?

thanks for the reply-

EDIT... ok i d/l the file and looked at it. i am not using visual studion (nor c++ for that matter) to code with, however i can look a the source code. some areas i see are:

enum eUnitReaction
{
UR_EXTREMEHOSTILE=1,
UR_VERYHOSTILE=2,
UR_HOSTILE=3,
UR_NEUTRAL=4,
UR_FRIENDLY=5,
UR_VERYFRIENDLY=6,
UR_EXTREMEFRIENDLY=7,
UR_EXALTED=8
};

and

char* GetReactionName( int iReaction )
{
switch( iReaction )
{
case UR_EXTREMEHOSTILE:
return "Exceptionally hostile";
case UR_VERYHOSTILE:
return "Very Hostile";
case UR_HOSTILE:
return "Hostile";
case UR_NEUTRAL:
return "Neutral";
case UR_FRIENDLY:
return "Friendly";
case UR_VERYFRIENDLY:
return "Very Friendly";
case UR_EXTREMEFRIENDLY:
return "Exceptionally friendly";
case UR_EXALTED:
return "Exalted";
default:
return "Unknown";
}
}


and

gLog.Log( "\tReaction: %s", GetReactionName( ((CUnit*)pObject)->GetReactionTo( objMgr.GetActivePlr() ) ) );

however, the outline to the OOP function GetReactionName( ((CUnit*)pObject)->GetReactionTo( objMgr.GetActivePlr() ) ) must be a call to the actual wow.exe if i am not mistaken? i see no definition of that/those functions in the rest of the code.

i'd prefer not to use or inject a .dll that is tying into and detouring the actual WOW.exe and this well-written .dll example doesn't actually show how the function determines those values for hostility since it appears to be calling a function within the game itself. is there an explanation as to how these values are being determined in the program itself, without me having to attach a debugger to it and bp and following it. that makes me quite nervous with real servers.


OK, more EDIT (LOL)

i see the following is the code location in WOW.exe getting called:

005D4AB0 55 PUSH EBP
005D4AB1 8BEC MOV EBP,ESP
005D4AB3 83EC 10 SUB ESP,10
005D4AB6 53 PUSH EBX
005D4AB7 57 PUSH EDI
005D4AB8 8B7D 08 MOV EDI,DWORD PTR SS:[EBP+8]
005D4ABB 8BD9 MOV EBX,ECX
005D4ABD 3BFB CMP EDI,EBX
005D4ABF 895D F4 MOV DWORD PTR SS:[EBP-C],EBX
005D4AC2 75 0D JNZ SHORT WoW.005D4AD1
005D4AC4 5F POP EDI
005D4AC5 B8 04000000 MOV EAX,4
005D4ACA 5B POP EBX
005D4ACB 8BE5 MOV ESP,EBP
005D4ACD 5D POP EBP
005D4ACE C2 0400 RETN 4
005D4AD1 8B83 20010000 MOV EAX,DWORD PTR DS:[EBX+120]
005D4AD7 8B88 A0000000 MOV ECX,DWORD PTR DS:[EAX+A0]
005D4ADD C1E9 03 SHR ECX,3
005D4AE0 F6C1 01 TEST CL,1
005D4AE3 56 PUSH ESI
005D4AE4 0F84 62010000 JE WoW.005D4C4C
005D4AEA 8B97 20010000 MOV EDX,DWORD PTR DS:[EDI+120]
005D4AF0 8B82 A0000000 MOV EAX,DWORD PTR DS:[EDX+A0]
005D4AF6 C1E8 03 SHR EAX,3
005D4AF9 A8 01 TEST AL,1
005D4AFB 0F84 4B010000 JE WoW.005D4C4C
005D4B01 8BCB MOV ECX,EBX
005D4B03 E8 3877FFFF CALL WoW.005CC240
005D4B08 8BCF MOV ECX,EDI
005D4B0A 8BF0 MOV ESI,EAX
005D4B0C E8 2F77FFFF CALL WoW.005CC240
005D4B11 85F6 TEST ESI,ESI
005D4B13 8BF8 MOV EDI,EAX
005D4B15 0F84 20010000 JE WoW.005D4C3B
005D4B1B 85FF TEST EDI,EDI
005D4B1D 0F84 18010000 JE WoW.005D4C3B
005D4B23 8B96 98110000 MOV EDX,DWORD PTR DS:[ESI+1198]
005D4B29 8B42 20 MOV EAX,DWORD PTR DS:[EDX+20]
005D4B2C 85C0 TEST EAX,EAX
005D4B2E 76 37 JBE SHORT WoW.005D4B67
005D4B30 8B8F 98110000 MOV ECX,DWORD PTR DS:[EDI+1198]
005D4B36 8B59 20 MOV EBX,DWORD PTR DS:[ECX+20]
005D4B39 85DB TEST EBX,EBX
005D4B3B 895D F8 MOV DWORD PTR SS:[EBP-8],EBX
005D4B3E 76 24 JBE SHORT WoW.005D4B64
005D4B40 8B1A MOV EBX,DWORD PTR DS:[EDX]
005D4B42 3B19 CMP EBX,DWORD PTR DS:[ECX]
005D4B44 75 1E JNZ SHORT WoW.005D4B64
005D4B46 8B52 04 MOV EDX,DWORD PTR DS:[EDX+4]
005D4B49 3B51 04 CMP EDX,DWORD PTR DS:[ECX+4]
005D4B4C 75 16 JNZ SHORT WoW.005D4B64
005D4B4E 2B45 F8 SUB EAX,DWORD PTR SS:[EBP-8]
005D4B51 5E POP ESI
005D4B52 F7D8 NEG EAX
005D4B54 1BC0 SBB EAX,EAX
005D4B56 83E0 FD AND EAX,FFFFFFFD
005D4B59 5F POP EDI
005D4B5A 83C0 04 ADD EAX,4
005D4B5D 5B POP EBX
005D4B5E 8BE5 MOV ESP,EBP
005D4B60 5D POP EBP

i see two code areas that stick out:

005D4AD1 8B83 20010000 MOV EAX,DWORD PTR DS:[EBX+120]
005D4AD7 8B88 A0000000 MOV ECX,DWORD PTR DS:[EAX+A0]

and

005D4B23 8B96 98110000 MOV EDX,DWORD PTR DS:[ESI+1198]
005D4B29 8B42 20 MOV EAX,DWORD PTR DS:[EDX+20]

however, i am not sure what is being passed to this function. is it the player's base address?

then do we take that and add 120h to it and read, then add a0h to THAT and read and that gives us the hostility?

or is it the 1198,20 one above?

i am trying to follow the code without it being in real-time live... so not very easy. i've always had trouble looking at the code and seeing where the pushed items are in the stack, etc. and what got sent in the call, etc.

thanks for any help on this. i am doing my best to figure this out with your hints...

[kynox]

+0x120 is the same as +8 (It's a Storage area where you can use things such as UNIT_FIELD_xxx), ESI+1198 - I've not a clue, but it shouldn't be too hard to replicate.

Regarding the actual function, ECX passed is your player, where EBP+8 is the Object you're checking if you're hostile to.