Making a WoW Bot [Mac] menu

User Tag List

Page 2 of 3 FirstFirst 123 LastLast
Results 16 to 30 of 39
  1. #16
    ReppzYouTube's Avatar Member CoreCoins Purchaser
    Reputation
    12
    Join Date
    Dec 2007
    Posts
    118
    Thanks G/R
    1/3
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    maybe you should just create an EXE converter i mean so you can run it on an intel PPC, then you could download emu hack or whatever you want to that would proberly be better then starting creating a DMG version of emuhack (im using emu hacker as an EG) btw good luck

    Making a WoW Bot [Mac]
  2. #17
    enteleky's Avatar Member
    Reputation
    3
    Join Date
    May 2008
    Posts
    30
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Wait what?

    And can anyone get me started a little more. I understand that I don't have the tools yet to understand everything but I just need input from everybody to get to that point.

    So looking again I found this....

    │AA0F0 mov dword ptr [esp+14h], 1
    │AA0F8 mov dword ptr [esp+10h], 0
    │AA100 mov dword ptr [esp+0Ch], offset aS_curmgr ; "s_curMgr"
    │AA108 mov dword ptr [esp+8], 14Eh
    │AA110 mov dword ptr [esp+4], offset aVolumesF2Us_83 ; "/Volumes/F2/usrbuild/xb/build/WoW_9183p"...
    │AA118 mov dword ptr [esp], 85100000h
    │AA11F call loc_47CA
    │AA124 jmp loc_A9F71

    Is offset aS_curmgr the memory location of s_curMgr... If so how do I get it?

    I tried setting up a breakpoint on that line but it never tripped.

    So I think I found the static pointer to the TLS_store that I grabbed from pthread_getspecific() its at 0x161b720. Now I have no idea what to do... Or if that is even right, or how to tell.

    Thanks in advanced.
    Last edited by enteleky; 12-07-2008 at 02:37 AM.

  3. #18
    enteleky's Avatar Member
    Reputation
    3
    Join Date
    May 2008
    Posts
    30
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Can anyone help me with whats above please?

  4. #19
    Cypher's Avatar Kynox's Sister's Pimp
    Reputation
    1358
    Join Date
    Apr 2006
    Posts
    5,368
    Thanks G/R
    0/6
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Don't double post just to bump your own thread.

    Furthermore, you have a severe lack of understanding of what you're looking at, either learn the theory first of you're on your own with the practical.

  5. #20
    enteleky's Avatar Member
    Reputation
    3
    Join Date
    May 2008
    Posts
    30
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    What would you suggest is the most important things to go look at? Could you just give me a list please.

  6. #21
    Shynd's Avatar Contributor
    Reputation
    97
    Join Date
    May 2008
    Posts
    393
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Books. On reverse-engineering. Especially the ones that have been posted on this forum that are on page 2 or 3 or 4 (wasn't too long ago that the thread was bumped).

  7. #22
    argh44z's Avatar Member
    Reputation
    19
    Join Date
    Nov 2007
    Posts
    93
    Thanks G/R
    0/1
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by enteleky View Post
    Wait what?

    And can anyone get me started a little more. I understand that I don't have the tools yet to understand everything but I just need input from everybody to get to that point.

    So looking again I found this....

    │AA0F0 mov dword ptr [esp+14h], 1
    │AA0F8 mov dword ptr [esp+10h], 0
    │AA100 mov dword ptr [esp+0Ch], offset aS_curmgr ; "s_curMgr"
    │AA108 mov dword ptr [esp+8], 14Eh
    │AA110 mov dword ptr [esp+4], offset aVolumesF2Us_83 ; "/Volumes/F2/usrbuild/xb/build/WoW_9183p"...
    │AA118 mov dword ptr [esp], 85100000h
    │AA11F call loc_47CA
    │AA124 jmp loc_A9F71

    Is offset aS_curmgr the memory location of s_curMgr... If so how do I get it?
    No, it's a string : "s_curMgr". The above is a call to an error or assert function. It's highly probable that wherever that is, that piece of code is executed after some error condition with s_curMgr (probably it being NULL or something). Look and analyze around this piece of code, it is probably doing something with s_curMgr, including a possible check for it being NULL.


    I tried setting up a breakpoint on that line but it never tripped.
    Probably because that error condition was not reached.

  8. #23
    enteleky's Avatar Member
    Reputation
    3
    Join Date
    May 2008
    Posts
    30
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Another question(Just wondering if I am understanding code right)... g_clientConnection is setup on login correct? And then once you click on a character then objMgr gets added to g_clientConnection.

    Alright back to the drawing board... This stuff is hard to get a handle on.
    Last edited by enteleky; 12-08-2008 at 02:50 AM.

  9. #24
    Nesox's Avatar ★ Elder ★
    Reputation
    1280
    Join Date
    Mar 2007
    Posts
    1,238
    Thanks G/R
    0/3
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    no?

    <filla />

  10. #25
    enteleky's Avatar Member
    Reputation
    3
    Join Date
    May 2008
    Posts
    30
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Doing more research and learning a whole lot in the process I am still after curMgr and well I think I have found clientConnection. Can anyone confirm that this is the clientConnection...

    clientConnection: 0x019d8c00

    Thanks.

  11. #26
    Cypher's Avatar Kynox's Sister's Pimp
    Reputation
    1358
    Join Date
    Apr 2006
    Posts
    5,368
    Thanks G/R
    0/6
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Why don't you just confirm it yourself?

    Check if it contains the correct values/pointers......

  12. #27
    enteleky's Avatar Member
    Reputation
    3
    Join Date
    May 2008
    Posts
    30
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ok...

    So I have been trying to disassemble the Unit Object... And it seems to be like this:

    [Base = xxxxx]xxx

    Add base before each of these below...

    For example 0x6f0 = [Base]6f0

    Current Health: 0x6f0
    Max Health: 0x710
    Strength: 0x7e4
    Agility: 0x7e8
    Stamina: 0x7ec
    Intelligence: 0x7f0
    Spirit: 0x7f4

    But I was wondering do those line up to the Windows Offsets for player? I checked vs. the 3.0.2 Offsets thread but they didn't come out the same(Did the offsets change between 3.0.2 and 3.0.3?). If they don't how might I go about finding the Unit object beinging?

    I think I may have gotten it... Does the object that holds the player data have a length of 36024?
    Last edited by enteleky; 12-10-2008 at 03:51 AM.

  13. #28
    enteleky's Avatar Member
    Reputation
    3
    Join Date
    May 2008
    Posts
    30
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ok I think I have found the objMgr... This snippet of ASM code comes from the GetObjectFromGUID()


    │__text:000A7B4D mov ebp, esp
    │__text:000A7B4F push edi
    │__text:000A7B50 push esi
    │__text:000A7B51 push ebx
    │__text:000A7B52 sub esp, 4Ch
    │__text:000A7B55 mov esi, [ebp+arg_0]
    │__text:000A7B58 mov edi, [ebp+arg_4]
    │__text:000A7B5B mov eax, ds:dword_121D5AC
    │__text:000A7B60 mov [ebp+var_38], eax
    │__text:000A7B63 test eax, eax
    │__text:000A7B65 jz loc_A7C33
    │__text:000A7B6B mov ecx, [eax+0C4h]
    │__text:000A7B71 mov ebx, [eax+0C8h]
    │__text:000A7B77 mov eax, ebx <---- I think this is the line in which the objMgr offset is put into eax.
    │__text:000A7B79 or eax, ecx
    │__text:000A7B7B jnz loc_A7C45
    │__text:000A7B81 mov ebx, edi
    │__text:000A7B83 or ebx, esi
    │__text:000A7B85 jz loc_A7C33

    Is the object manager at 0x0121d5ac+c8h?

    The problem is when ever I set IDAs debugger to break on this line WoW spinlocks and IDA doesn't show its broken yet... Could anyone help me?

  14. #29
    Cypher's Avatar Kynox's Sister's Pimp
    Reputation
    1358
    Join Date
    Apr 2006
    Posts
    5,368
    Thanks G/R
    0/6
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I lol'd.

    Free tip for you: Learn ASM before trying to reverse WoW.

    Durrrrrrrr.

  15. #30
    enteleky's Avatar Member
    Reputation
    3
    Join Date
    May 2008
    Posts
    30
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well instead of just laughing at me could you help me understand whats going on here?

Page 2 of 3 FirstFirst 123 LastLast

Similar Threads

  1. How do you make a wow bot?
    By iownyounoob in forum WoW Bots Questions & Requests
    Replies: 8
    Last Post: 01-28-2015, 10:30 PM
  2. Help me make a wow bot!
    By ffffrf in forum WoW Bots Questions & Requests
    Replies: 2
    Last Post: 03-10-2013, 09:49 PM
  3. [Guide] How to make a Wow bot for complete newbs!
    By gononono64 in forum WoW Memory Editing
    Replies: 65
    Last Post: 11-18-2012, 03:12 AM
  4. Replies: 12
    Last Post: 06-12-2010, 12:39 PM
  5. Make your own Bots for Wow/EQ2
    By HunterHero in forum World of Warcraft Bots and Programs
    Replies: 0
    Last Post: 10-19-2006, 10:05 AM
All times are GMT -5. The time now is 12:46 PM. Powered by vBulletin® Version 4.2.3
Copyright © 2025 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2025 DragonByte Technologies Ltd.
Google Authenticator verification provided by Two-Factor Authentication (Free) - vBulletin Mods & Addons Copyright © 2025 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search