target by guid

[Sillyboy72]

Can someone kick me down a hint on how to target a mob based on its guid?

Jamming the guid into the "currently selected" guid (at 0x010A58B does seem to vaguely do what I want... but it short circuits some UI updates as to make me nervous.

[kynox]

Pass the GUID to CGGameUI::SetTarget. I don't have the offset on me, but it's not hard to track down.

[Nesox]

API TargetUnit - WoWWiki - Your guide to the World of Warcraft
API ClearTarget - WoWWiki - Your guide to the World of Warcraft

I would use those 2 but you would have to remove the protection check first, that's a great little exercise wasnt all that hard, altho i got help
it's also possible to push the guid as 2 integrers and then you do a call cant remember, there's something like that on shynd's blog

edit: ye i guess the stuff kynox posted would be the correct one, find it and take a look at it in olly or ida

[kynox]

API TargetUnit - WoWWiki - Your guide to the World of Warcraft
API ClearTarget - WoWWiki - Your guide to the World of Warcraft

I would use those 2 but you would have to remove the protection check first, that's a great little exercise wasnt all that hard, altho i got help
it's also possible to push the guid as 2 integrers and then you do a call cant remember, there's something like that on shynd's blog

edit: ye i guess the stuff kynox posted would be the correct one, find it and take a look at it in olly or ida

0x4ADD90 - SetTarget( INT64 Guid )

[Nesox]

0x4ADD90 - SetTarget( INT64 Guid )

yea but dont you have to push twice? split the guid into 2 int32's and then push them do the call etc.. ?

[kynox]

No, thats how a INT64 is pushed onto the stack, its pushed via 2 32bit registers.

[Nesox]

No, thats how a INT64 is pushed onto the stack, its pushed via 2 32bit registers.

alrighty sir! i wont argue

[Sillyboy72]

Thanks. And I feel like an idiot.

I had looked at the cross references for 0x010A58B8 and saw only 2 subs writing to it, one beng the one at sub_004ADD90... but i was totally thrown by the 2 args.

[Cypher]

alrighty sir! i wont argue

Theres no 64-bit registers on IA-32 so 64-bit datatypes are stored in two 32-bit registers, one for the "high" part the other for the "low" part.

Remember its pushing the GUID by value not by reference/pointer so it needs to pass 64 bits of data, that means that at the low level although it looks like two params its really only one.

Think of it this way:
SetTarget(__int64 GUID);
SetTarget(unsigned int High, unsigned int Low);

They both do the same thing and will produce the same low-level output, but the former is more logical and most likely the 'correct' implementation in this scenario.

At any rate though it makes no difference. Same shit, different smell.

[bigtimt]

i was trying to find the ptr to SetTarget in 3.0.8 but it seems to have 5 args

Code:

.text:004AEB71                 push    28C5h
.text:004AEB76                 push    offset a_Gameui_cpp ; ".\\GameUI.cpp"
.text:004AEB7B                 push    1
.text:004AEB7D                 push    edi
.text:004AEB7E                 push    ebx
.text:004AEB7F                 mov     dword_10A58E0, ebx
.text:004AEB85                 mov     dword_10A58E4, edi
.text:004AEB8B                 call    sub_46D9B0

[kynox]

Erm dude, thats a call to GetObjectPtr..

SetTarget is 0x004AEA40