CVars

**Cypher** · 12-30-2008

Hey, today I wanted a way to grab the clients realmlist as a string to detect whether I'm on US/EU/etc.

I could've used LUA but there'd be no fun in that. Anywho, here's how to get a CVar from WoW:

Code:

// CVar Type. Returned by GetCVar.
// Only Name member documented.
// Other members that still require finding and documenting include:
// FloatVal, IntVal, ModifiedVal, DefVal, ResetVal, HashVal, Links
// Flags, Category
// All CVars stored in a linked list similar to WoWs ObjectManager
struct CVar
{
	unsigned char Unknown0[0x28];		// 0x0028 - 0x0028
	const char* Name;					// 0x0028 - 0x002C
	// More below here, size unknown
};

Code:

unsigned int pGetCVar = 0x0069C3F0;
typedef CVar* (__cdecl * tGetCVar)(const char* Name);
tGetCVar oGetCVar = (tGetCVar)(pGetCVar);

Code:

		CVar* RealmListCVar = oGetCVar("realmList");
		if (RealmListCVar)
		{
			stringstream Out;
			Out << "Realmlist: " << RealmListCVar->Name << ".";
			GetRPMgr()->Output(Out.str());
		}
		else
		{
			GetRPMgr()->Output("Realmlist: Error - Null pointer returned by GetCVar");
		}

As documented in the struct, there are lots of other useful members. The structure is quite small so finding all of them would be relatively easy so I'll leave that as an exercise to anyone who needs them (but please post them here if/when you work them out

- laziness ftw).

Furthermore, if you end up reversing the struct you could get the pointer to the list and use the links in each struct to access all the CVars without needing a function call, which would probably be useful for anyone who is only reading memory (eg AutoIT users).

Anyway, nothing fancy, just thought I'd throw this up because I had to reverse it regardless. Glhf.

**Nesox** · 12-30-2008

Ah nice one

+Rep * 2
edit: btw r00tman im back on friday or saturday

**luciferc** · 12-31-2008

very nice.

Maybe ethical hacks can use this to check if your on a private server or not i suspose. :P

**Cypher** · 12-31-2008

Originally Posted by luciferc

very nice.

Maybe ethical hacks can use this to check if your on a private server or not i suspose. :P

Thats what I was originally using it for, I'm currently also using it in my fishbot to toggle autoloot.

**Moose** · 12-31-2008

Here is the exact CVar class from WoW alpha build 3368. It may have changed since then, but probably not by much.

Code:

class CVar : public TSHashObject<CVar,HASHKEY_STRI>        // size = 0x64
{
    private:

        char m_name[32];                         // 0x18
        unsigned int m_category;               // 0x38
        unsigned int m_flags;                     // 0x3c
        char* m_stringValue;                     // 0x40
        float m_floatValue;                        // 0x44
        int m_intValue;                             // 0x48
        int m_modified;                             // 0x4c
        char* m_defaultValue;                   // 0x50
        char* m_resetValue;                     // 0x54
        char* m_latchedValue;                  // 0x58
        CONSOLE_VAR_PROC m_callback;    // 0x5c
        void* m_arg;                               // 0x60

        void InternalSet(const char* value, unsigned char setValue, unsigned char setReset, unsigned char setDefault);

    public:

        CVar(const CVar&);
        CVar();
        ~CVar();

        static void Initialize(const char* filename);
        static void Destroy();
        static CVar* Register(const char* name, const char* help, unsigned int flags, const char* value, CONSOLE_VAR_PROC fcn, enum CATEGORY category, unsigned char setCommand, void* arg);
        static CVar* Lookup(const char* name);
        const char* GetString();
        float GetFloat();
        int GetInt();
        const char* GetName();
        const char* GetLatchedValue();
        const char* GetDefaultValue();
        const char* GetResetValue();
        unsigned char Set(const char* value, unsigned char setValue, unsigned char setReset, unsigned char setDefault);
        void Reset();
        void Default();
        unsigned char Update();
        int Modified();
        unsigned char IsArchived();
        CVar& operator=(const CVar&);
};

**Cypher** · 12-31-2008

I already have access to the alpha binaries and PDB files.

From 'WoW [Release Assertions Enabled] Build 3368 (Dec 11 2003 18:01:27)':

Code:

00000000 CVar            struc ; (sizeof=0x64)
00000000 TSHashObject_CVar_HASHKEY_STRI_::m_hashval dd ?
00000004 TSHashObject_CVar_HASHKEY_STRI_::m_linktoslot TSLink_CVar_ ?
0000000C TSHashObject_CVar_HASHKEY_STRI_::m_linktofull TSLink_CVar_ ?
00000014 TSHashObject_CVar_HASHKEY_STRI_::m_key HASHKEY_STRI ?
00000018 TSHashObject_CVar_HASHKEY_STRI_m_name db 32 dup(?)
00000038 TSHashObject_CVar_HASHKEY_STRI_m_namem_category dd ?
0000003C TSHashObject_CVar_HASHKEY_STRI_m_namem_categorym_flags dd ?
00000040 TSHashObject_CVar_HASHKEY_STRI_m_namem_categorym_flagsm_stringValue dd ? ; offset
00000044 TSHashObject_CVar_HASHKEY_STRI_m_namem_categorym_flagsm_stringValuem_floatValue dd ?
00000048 TSHashObject_CVar_HASHKEY_STRI_m_namem_categorym_flagsm_stringValuem_floatValuem_intValue dd ?
0000004C TSHashObject_CVar_HASHKEY_STRI_m_namem_categorym_flagsm_stringValuem_floatValuem_intValuem_modified dd ?
00000050 TSHashObject_CVar_HASHKEY_STRI_m_namem_categorym_flagsm_stringValuem_floatValuem_intValuem_modifiedm_defaultValue dd ? ; offset
00000054 TSHashObject_CVar_HASHKEY_STRI_m_namem_categorym_flagsm_stringValuem_floatValuem_intValuem_modifiedm_defaultValuem_resetValue dd ? ; offset
00000058 TSHashObject_CVar_HASHKEY_STRI_m_namem_categorym_flagsm_stringValuem_floatValuem_intValuem_modifiedm_defaultValuem_resetValuem_latchedValue dd ? ; offset
0000005C TSHashObject_CVar_HASHKEY_STRI_m_namem_categorym_flagsm_stringValuem_floatValuem_intValuem_modifiedm_defaultValuem_resetValuem_latchedValuem_callback dd ? ; offset
00000060 TSHashObject_CVar_HASHKEY_STRI_m_namem_categorym_flagsm_stringValuem_floatValuem_intValuem_modifiedm_defaultValuem_resetValuem_latchedValuem_callbackm_arg dd ? ; offset
00000064 CVar            ends

Thats just copypaste from the structs list in IDA. Obviously something prettier (as above) could be dumped with a tool more suitable for the job.

Did you just dump it from the PDB or do you have a copy of the source?

PS. Whilst the members are all similar it has changed around a fair bit.

**Moose** · 12-31-2008

A long time ago I made a program called pdb2src which will take a pdb file and re-create the source code files. It does the classes, structs, enums, function prototypes, etc. Everything except the function guts.

Here is one of the CVar methods that the program generates.

Code:

// ConsoleVar.cpp line 295
// address: 0x22dc20
CVar* CVar::Register(const char* name, const char* help, unsigned int flags, const char* value, unsigned char (fcn*)(struct CVar*, const char*, const char*, void*), unsigned int category, unsigned char setCommand, void* arg)
{
// <arguments /*<register ecx>*/ /*|0x4|*/ const char* name>
// <arguments /*<register edx>*/ /*|0x4|*/ const char* help>
// <arguments /*<regrel ebp+0x8>*/ /*|0x4|*/ unsigned int flags>
// <arguments /*<regrel ebp+0xc>*/ /*|0x4|*/ const char* value>
// <arguments /*<regrel ebp+0x10>*/ /*|0x4|*/ unsigned char (fcn*)(struct CVar*, const char*, const char*, void*)>
// <arguments /*<regrel ebp+0x14>*/ /*|0x4|*/ unsigned int category>
// <arguments /*<regrel ebp+0x18>*/ /*|0x1|*/ unsigned char setCommand>
// <arguments /*<regrel ebp+0x1c>*/ /*|0x4|*/ void* arg>
// <local /*<regrel ebp+0x10>*/ /*|0x1|*/ unsigned char setReset>
// <local /*<regrel ebp+0x18>*/ /*|0x1|*/ unsigned char setDefault>

    // TODO
}

I wish I could find a more recent wow.pdb file.

**Cypher** · 12-31-2008

Originally Posted by Moose

A long time ago I made a program called pdb2src which will take a pdb file and re-create the source code files. It does the classes, structs, enums, function prototypes, etc. Everything except the function guts.

Here is one of the CVar methods that the program generates.

Code:

// ConsoleVar.cpp line 295
// address: 0x22dc20
CVar* CVar::Register(const char* name, const char* help, unsigned int flags, const char* value, unsigned char (fcn*)(struct CVar*, const char*, const char*, void*), unsigned int category, unsigned char setCommand, void* arg)
{
// <arguments /*<register ecx>*/ /*|0x4|*/ const char* name>
// <arguments /*<register edx>*/ /*|0x4|*/ const char* help>
// <arguments /*<regrel ebp+0x8>*/ /*|0x4|*/ unsigned int flags>
// <arguments /*<regrel ebp+0xc>*/ /*|0x4|*/ const char* value>
// <arguments /*<regrel ebp+0x10>*/ /*|0x4|*/ unsigned char (fcn*)(struct CVar*, const char*, const char*, void*)>
// <arguments /*<regrel ebp+0x14>*/ /*|0x4|*/ unsigned int category>
// <arguments /*<regrel ebp+0x18>*/ /*|0x1|*/ unsigned char setCommand>
// <arguments /*<regrel ebp+0x1c>*/ /*|0x4|*/ void* arg>
// <local /*<regrel ebp+0x10>*/ /*|0x1|*/ unsigned char setReset>
// <local /*<regrel ebp+0x18>*/ /*|0x1|*/ unsigned char setDefault>

    // TODO
}

I wish I could find a more recent wow.pdb file.

You and me both.

**r00tman** · 01-03-2009

Originally Posted by Nesox

Ah nice one

+Rep * 2
edit: btw r00tman im back on friday or saturday

aww i saw this too late

nice find, cant +rep you again ):

Shout-Out

User Tag List

Thread: CVars

Thread Tools

Search Thread

CVars

Similar Threads

CVar list for build x86 19034 (and tips)

CVars

CVars

[WoW] [3.0.9] [C++] Cvars

Cvar Dump

OwnedCore Forums

casino

CoreCoins

My OwnedCore

About Us

Casino