WoW v3.0.2 Information

[Cypher]

I'm highly annoyed right now because the reason I had troubles with the new GetModel was because of a bug in the MSVC++ compiler calling the wrong VF when overloading was present.

Nevertheless, here is a working code sample after the bug was revealed. Big thanks to Greyman for noticing.

Code:

    unsigned int DummyInt1 = 0;
    unsigned int DummyInt2 = 0;
    bool Result = gpRedPillMgr->GetObjectMgr()->GetLocalPlayer()->GetModel(&DummyInt1,&DummyInt2);
    if (Result && DummyInt1) 
    {
        const char* Model = reinterpret_cast<const char*>(DummyInt1);
        gpRedPillMgr->GetLog()->Add(str(boost::format("My Model: %s") %Model));
    }

Yes it needs cleaning up, its just to show "yes this works".

[~OddBall~]

^^ Cypher is talking to himself

[Cypher]

^^ Cypher is talking to himself

Not really, just documenting my thoughts and findings as I make them. Think of it as a "log". You're not talking to anyone in particular, just noting information in a 'colloquial' (for lack of a better word) format.

[UnknOwned]

Seems like they have added a lot of features related to movement (possibly because of viechels). They also fixed the hack the allowed you to kill people from your own faction by changing your factionID and step by the "Friendly Target" warning.

Now only spells trigger the Friendly Target warning but you are unable to hit them.

Acceleration and Deceleration have also been added, and look quite fun when you apply those to your toon or mount. After reversing the function it seem that they use spline curves for the acceleration. This in another way means that you can hack the acceleration and make it instant giving you a limited advantage.. However doing the opposite is also quite neat. You can for example set your deceleration to 2.0 500, then after you release your button you keep moving for quite a while slowly slowing down.

It seem like they cleaned up the shader system since you can now easily change each value from the shader without going into each particular function and change the values there.

Some people have been asking about if it was possible to unlock the deathknight icon and create a deathknight. And the answer is ofcause no... even making the client believe that you can will return a "unknown class" error (failure).

Some also mentioned Achievements-unlocks like in TeamFortress 2. Also Server Side. However since its triggered by a client request i can allready see that some achivements can be "hacked" due to their "nature".

[Xarg0]

They also fixed a bug causing wow to crash in wine with d3d :-)

[Cypher]

Seems like they have added a lot of features related to movement (possibly because of viechels). They also fixed the hack the allowed you to kill people from your own faction by changing your factionID and step by the "Friendly Target" warning.

Now only spells trigger the Friendly Target warning but you are unable to hit them.

Acceleration and Deceleration have also been added, and look quite fun when you apply those to your toon or mount. After reversing the function it seem that they use spline curves for the acceleration. This in another way means that you can hack the acceleration and make it instant giving you a limited advantage.. However doing the opposite is also quite neat. You can for example set your deceleration to 2.0 500, then after you release your button you keep moving for quite a while slowly slowing down.

It seem like they cleaned up the shader system since you can now easily change each value from the shader without going into each particular function and change the values there.

Some people have been asking about if it was possible to unlock the deathknight icon and create a deathknight. And the answer is ofcause no... even making the client believe that you can will return a "unknown class" error (failure).

Some also mentioned Achievements-unlocks like in TeamFortress 2. Also Server Side. However since its triggered by a client request i can allready see that some achivements can be "hacked" due to their "nature".

The addition of vehicles and the acceleration etc would probably explain the changes to CInputControl. I'll have to look into that further.

[Dearleader]

Excuse my ignorance on the issue but I have a few questions about your Descriptors.

How do we go about determining the Type for each of the descriptors you listed? Is there a master list somewhere that shows what size each descriptor is? Certainly that info would be required if we're to use the correct offset to get to UNIT_FIELD_HEALTH or any others.
Maybe I'm just missing something blatantly obvious (happens alot heh). 6):

[Zombie911]

UNIT_FIELD_HEALTH = 0x17 is a index in array of integers.
First read value from linked list: int unit_info_address = read(entity address + 0x <-- got address where locate unit information.
Now read: int health = read( unit_info_address + (UNIT_FIELD_HEALTH * 4)) <-- Unit health

[Dearleader]

UNIT_FIELD_HEALTH = 0x17 is a index in array of integers.
First read value from linked list: int unit_info_address = read(entity address + 0x <-- got address where locate unit information.
Now read: int health = read( unit_info_address + (UNIT_FIELD_HEALTH * 4)) <-- Unit health

Few questions:
1) Why did you add 0x8 to entity address?
2) Why did you multiply UNIT_FIELD_HEALTH by 4.

3) Assuming unit_info_address is 0x08000000, are you saying (using the values you supplied) Unit Health would be located at 0x08000044?

[Xarg0]

1) [WoWObjectBase + 0x8] = FieldEntryPTR the Adress at 0x8 off the BaseAdress points to the objects info struct depending on the objects type this are different fields.

2)The Unit Field is a Data Array, UNIT_FIELD_HEALTH is a descriptor for the array index, increasing the index by one increases the adress acessed by 4, that's why we multiply if we want to work with ReadProcessMemory.

3)If the unit_info_adress was 0x8000000 the adress of Unit health would be 0x800005C.

[ArciX^]

That patch is so cool!

[Cypher]

Excuse my ignorance on the issue but I have a few questions about your Descriptors.

How do we go about determining the Type for each of the descriptors you listed? Is there a master list somewhere that shows what size each descriptor is? Certainly that info would be required if we're to use the correct offset to get to UNIT_FIELD_HEALTH or any others.
Maybe I'm just missing something blatantly obvious (happens alot heh). 6):

The value next to the descriptors is their index into the descriptor array. Just multiply by four.

UNIT_FIELD_HEALTH = 0x17 is a index in array of integers.
First read value from linked list: int unit_info_address = read(entity address + 0x <-- got address where locate unit information.
Now read: int health = read( unit_info_address + (UNIT_FIELD_HEALTH * 4)) <-- Unit health

Yep.

Few questions:
1) Why did you add 0x8 to entity address?
2) Why did you multiply UNIT_FIELD_HEALTH by 4.

3) Assuming unit_info_address is 0x08000000, are you saying (using the values you supplied) Unit Health would be located at 0x08000044?

0x8 is the offset in the CGObject_C class to the pointer to the descriptor array. You multiply the descriptor by 4 because its an index, not a hard offset, and the size of each object in the array is 4 bytes.

I personally use array access so I don't do the multiplication by hand and its handled by the compiler. (Take a look at SetKnownField/GetKnownField)

1) [WoWObjectBase + 0x8] = FieldEntryPTR the Adress at 0x8 off the BaseAdress points to the objects info struct depending on the objects type this are different fields.

2)The Unit Field is a Data Array, UNIT_FIELD_HEALTH is a descriptor for the array index, increasing the index by one increases the adress acessed by 4, that's why we multiply if we want to work with ReadProcessMemory.

3)If the unit_info_adress was 0x8000000 the adress of Unit health would be 0x800005C.

Beaten again.

That patch is so cool!

Lol.

[Xarg0]

Cypher...

Huh!

I see that nothing's changed
Insist on playing games
Some waste of time you are
And you're so popular
Well, this is it, you bitch
I've got to make my switch
I'm just another John
I know what's going on

Your move
What do I have to lose?
Stalemate
No! Too late, too late

I thought you was for real
But you're a rip-off deal
Don't give me all that crap
I just escaped your trap
I think you see the joke
But you're just chasing smoke
You ain't another one
I know what's going on

Your move
What do I have to lose?
Stalemate
Oh no! Too late, too late
Ooh!

Get on with it!

Misunderstanding me
The way you feel so free
I'm gonna jump the gun
Ooh, I'm gonna hit and run
Your credibility
Don't cut no ice with me
Another privilege gone
I know what's going on

Your move
What do I have to lose?
Stalemate
Oh no! Too late, too late
Ooh! Too late, too late

Edit: Yeah it's a lyric flame, deal with it!!!!!

[kynox]

Cypher...

Huh!

I see that nothing's changed
Insist on playing games
Some waste of time you are
And you're so popular
Well, this is it, you bitch
I've got to make my switch
I'm just another John
I know what's going on

Your move
What do I have to lose?
Stalemate
No! Too late, too late

I thought you was for real
But you're a rip-off deal
Don't give me all that crap
I just escaped your trap
I think you see the joke
But you're just chasing smoke
You ain't another one
I know what's going on

Your move
What do I have to lose?
Stalemate
Oh no! Too late, too late
Ooh!

Get on with it!

Misunderstanding me
The way you feel so free
I'm gonna jump the gun
Ooh, I'm gonna hit and run
Your credibility
Don't cut no ice with me
Another privilege gone
I know what's going on

Your move
What do I have to lose?
Stalemate
Oh no! Too late, too late
Ooh! Too late, too late

Edit: Yeah it's a lyric flame, deal with it!!!!!

Holy crap. That is pure awesome. +Rep to you my good sir.

[Cypher]

Holy crap. That is pure awesome. +Rep to you my good sir.

/facepalm .