[3.0.9] Offsets

**~~ukjamie~~** · 02-20-2009

Originally Posted by Racket

Those are the exact same numbers as i use, the issue is that for R, i get a value that i have to multiply by 56 to make it between 0 and 360.

The value doesnt exist when my angle is between 359° and 1°

I read it as a float and i dont understand why i have this problem.

here visit this wiki WoW Development 3.0.9: Welcome WoW Development Wiki! teaches you rotation, and radians to degrees....since wows rotation is in radians...0-6.3 meet at north

**Racket** · 02-20-2009

well man i should have thought about it before ... thanks for the link and sorry for being so idiot.

**Cypher** · 02-20-2009

Originally Posted by ukjamie

here visit this wiki WoW Development 3.0.9: Welcome WoW Development Wiki! teaches you rotation, and radians to degrees....since wows rotation is in radians...0-6.3 meet at north

That wiki is hilarious.

**~~ukjamie~~** · 02-20-2009

Originally Posted by Cypher

That wiki is hilarious.

Teaches you player rotation

So I guess thats funny? but then again your a funny guy.

**SKU** · 02-20-2009

This is one of the biggest subjects that programmers tend to have trouble with when making a WoW Bot!

Oh boy....

**UnknOwned** · 02-20-2009

Originally Posted by SKU

Oh boy....

hehe...

If that is someone's biggest subject I would recommend them to stay far away from creating bots, and maybe take a math class.

**Cypher** · 02-20-2009

Originally Posted by UnknOwned

hehe...

If that is someone's biggest subject I would recommend them to stay far away from creating bots, and maybe take a math class.

High school math is hard, rotating an object is a serious subject that requires a PHd to truly understand. Why do you think so many programmers have trouble with it?

*cough*

**~~JuJuBoSc~~** · 02-21-2009

i is your rotation value

i = i * 180 / Math.PI
i = Math.Round(i, 3, MidpointRounding.AwayFromZero)

**ramey** · 02-22-2009

I found that really complex.

**~~JuJuBoSc~~** · 02-26-2009

How do you use this offset, like for the wall climb, it work with CE, but with WriteProcessMemory nothing.

**deadbeef** · 03-01-2009

Can someone give me a hint how to find the GetPlayerName-function using IDA?

What I have so far:
.rdata:0097EB70 a_Playername_cp db '.\PlayerName.cpp',0 ; DATA XREF: sub_7497F0+11o

xref:

Code:

.text:0074A7F0 sub_74A7F0      proc near               ; CODE XREF: sub_4A8A40+703p
.text:0074A7F0                 push    0
.text:0074A7F2                 push    1
.text:0074A7F4                 push    0
.text:0074A7F6                 push    4
.text:0074A7F8                 push    offset sub_74A780
.text:0074A7FD                 push    offset a0       ; "0"
.text:0074A802                 push    10h
.text:0074A804                 push    0
.text:0074A806                 push    offset aUnitnameown ; "UnitNameOwn"
.text:0074A80B                 call    sub_6A2970
.text:0074A810                 push    0
.text:0074A812                 push    2
.text:0074A814                 push    0
.text:0074A816                 push    4
.text:0074A818                 push    offset sub_74A780
.text:0074A81D                 push    offset a0       ; "0"
.text:0074A822                 push    10h
.text:0074A824                 push    0
.text:0074A826                 push    offset aUnitnamenpc ; "UnitNameNPC"
.text:0074A82B                 call    sub_6A2970
.text:0074A830                 add     esp, 48h
.text:0074A833                 push    0
.text:0074A835                 push    4
.text:0074A837                 push    0
.text:0074A839                 push    4
.text:0074A83B                 push    offset sub_74A780
.text:0074A840                 push    offset a1       ; "1"
.text:0074A845                 push    10h
.text:0074A847                 push    0
.text:0074A849                 push    offset aUnitnameplayer ; "UnitNamePlayerGuild"
.text:0074A84E                 call    sub_6A2970
.text:0074A853                 push    0
.text:0074A855                 push    8
.text:0074A857                 push    0
.text:0074A859                 push    4
.text:0074A85B                 push    offset sub_74A780
.text:0074A860                 push    offset a1       ; "1"
.text:0074A865                 push    10h
.text:0074A867                 push    0
.text:0074A869                 push    offset aUnitnameplay_0 ; "UnitNamePlayerPVPTitle"
.text:0074A86E                 call    sub_6A2970
.text:0074A873                 add     esp, 48h
.text:0074A876                 push    0
.text:0074A878                 push    10h
.text:0074A87A                 push    0
.text:0074A87C                 push    4
.text:0074A87E                 push    offset sub_74A780
.text:0074A883                 push    offset a1       ; "1"
.text:0074A888                 push    10h
.text:0074A88A                 push    0
.text:0074A88C                 push    offset aUnitnameenemyp ; "UnitNameEnemyPlayerName"
.text:0074A891                 call    sub_6A2970
.text:0074A896                 push    0
.text:0074A898                 push    20h
.text:0074A89A                 push    0
.text:0074A89C                 push    4
.text:0074A89E                 push    offset sub_74A780
.text:0074A8A3                 push    offset a1       ; "1"
.text:0074A8A8                 push    10h
.text:0074A8AA                 push    0
.text:0074A8AC                 push    offset aUnitnameenem_0 ; "UnitNameEnemyPetName"
.text:0074A8B1                 call    sub_6A2970
.text:0074A8B6                 add     esp, 48h
.text:0074A8B9                 push    0
.text:0074A8BB                 push    40h
.text:0074A8BD                 push    0
.text:0074A8BF                 push    4
.text:0074A8C1                 push    offset sub_74A780
.text:0074A8C6                 push    offset a1       ; "1"
.text:0074A8CB                 push    10h
.text:0074A8CD                 push    0
.text:0074A8CF                 push    offset aUnitnameenemyc ; "UnitNameEnemyCreationName"
.text:0074A8D4                 call    sub_6A2970
.text:0074A8D9                 push    0
.text:0074A8DB                 push    80h
.text:0074A8E0                 push    0
.text:0074A8E2                 push    4
.text:0074A8E4                 push    offset sub_74A780
.text:0074A8E9                 push    offset a1       ; "1"
.text:0074A8EE                 push    10h
.text:0074A8F0                 push    0
.text:0074A8F2                 push    offset aUnitnamefriend ; "UnitNameFriendlyPlayerName"
.text:0074A8F7                 call    sub_6A2970
.text:0074A8FC                 add     esp, 48h
.text:0074A8FF                 push    0
.text:0074A901                 push    100h
.text:0074A906                 push    0
.text:0074A908                 push    4
.text:0074A90A                 push    offset sub_74A780
.text:0074A90F                 push    offset a1       ; "1"
.text:0074A914                 push    10h
.text:0074A916                 push    0
.text:0074A918                 push    offset aUnitnamefrie_0 ; "UnitNameFriendlyPetName"
.text:0074A91D                 call    sub_6A2970
.text:0074A922                 push    0
.text:0074A924                 push    200h
.text:0074A929                 push    0
.text:0074A92B                 push    4
.text:0074A92D                 push    offset sub_74A780
.text:0074A932                 push    offset a1       ; "1"
.text:0074A937                 push    10h
.text:0074A939                 push    0
.text:0074A93B                 push    offset aUnitnamefrie_1 ; "UnitNameFriendlyCreationName"
.text:0074A940                 call    sub_6A2970
.text:0074A945                 add     esp, 48h
.text:0074A948                 push    0
.text:0074A94A                 push    400h
.text:0074A94F                 push    0
.text:0074A951                 push    4
.text:0074A953                 push    offset sub_74A780
.text:0074A958                 push    offset a1       ; "1"
.text:0074A95D                 push    10h
.text:0074A95F                 push    0
.text:0074A961                 push    offset aUnitnamecompan ; "UnitNameCompanionName"
.text:0074A966                 call    sub_6A2970
.text:0074A96B                 add     esp, 24h
.text:0074A96E                 retn
.text:0074A96E sub_74A7F0      endp

I need to know the codelocation to create a searchpattern.

**~~arigity~~** · 03-01-2009

when in doubt, use lua.

UnitName("unit") - Returns the name (and realm name) of a unit.

the function is at 5693A0 in wow and if you take a look at it you will see it calls 66FBA0 to get an objects name.

if you only want the local players name then try 5F9CC0

**deadbeef** · 03-01-2009

Thanks arigity, but I'm looking for the function that uses the GUID as parameter to get the playername ... the one that has been reversed here:

Code:

Public Function GetPlayerName(ByVal playerGUID As Int64)
        Dim nameStorePtr = &H11AF470 + &H8
        Dim nameMaskOffset = &H24
        Dim nameBaseOffset = &H1C
        Dim nameStringOffset = &H20

        Dim GUID = playerGUID

        Dim mask = WoW.ReadUInt(nameStorePtr + nameMaskOffset)
        Dim base = WoW.ReadUInt(nameStorePtr + nameBaseOffset)

        Dim shortGUID = (GUID And &HFFFFFFFF)
        If mask = &HFFFFFFFF Then
            Return ""
        End If

        Dim offset = 12 * (mask And shortGUID)
        Dim current = WoW.ReadUInt(base + offset + 8)
        offset = WoW.ReadUInt(base + offset)
        If current = 0 Or (current And &H1) Then
            Return ""
        End If

        Dim testGUID = WoW.ReadInt(current)
        While testGUID <> shortGUID
            current = WoW.ReadUInt(current + offset + 4)
            If current = 0 Or (current And &H1) Then
                Return ""
            End If
            testGUID = WoW.ReadInt(current)
        End While

        Return WoW.ReadASCIIString(current + nameStringOffset, 12)
    End Function

Now I found this ... could this be the function? I'm not sure ...
(note this is copypasta from CE ... I think some opcodes are f***ed up, better check with IDA)

Code:

00487FA0 - 55                         - push ebp
00487FA1 - 8b ec                      - mov ebp,esp
00487FA3 - 8b 45 08                   - mov eax,[ebp+08]
00487FA6 - 83 ec 10                   - sub esp,10
00487FA9 - 53                         - push ebx
00487FAA - 33 db                      - xor ebx,ebx
00487FAC - 3b c3                      - cmp eax,ebx
00487FAE - 75 08                      - jne 00487fb8
00487FB0 - 83 c8 ff                   - or eax,ff
00487FB3 - 5b                         - pop ebx
00487FB4 - 8b e5                      - mov esp,ebp
00487FB6 - 5d                         - pop ebp
00487FB7 - c3                         - ret
00487FB8 - 57                         - push edi
00487FB9 - 8b 7d 0c                   - mov edi,[ebp+0c]
00487FBC - 3b fb                      - cmp edi,ebx
00487FBE - 75 0b                      - jne 00487fcb
00487FC0 - 5f                         - pop edi
00487FC1 - b8 01 00 00 00             - mov eax,00000001
00487FC6 - 5b                         - pop ebx
00487FC7 - 8b e5                      - mov esp,ebp
00487FC9 - 5d                         - pop ebp
00487FCA - c3                         - ret
00487FCB - 8b 50 0c                   - mov edx,[eax+0c]
00487FCE - 8b 40 08                   - mov eax,[eax+08]
00487FD1 - 56                         - push esi
00487FD2 - 53                         - push ebx
00487FD3 - 53                         - push ebx
00487FD4 - 53                         - push ebx
00487FD5 - 8d 4d f8                   - lea ecx,[ebp-08]
00487FD8 - 51                         - push ecx
00487FD9 - 52                         - push edx
00487FDA - 50                         - push eax
00487FDB - b9 70 f4 1a 01             - mov ecx,011af470 // <- namestoreptr
00487FE0 - 89 5d f8                   - mov [ebp-08],ebx
00487FE3 - 89 5d fc                   - mov [ebp-04],ebx
00487FE6 - e8 35 49 14 00             - call 005cc920
00487FEB - 8b 57 0c                   - mov edx,[edi+0c]
00487FEE - 53                         - push ebx
00487FEF - 53                         - push ebx
00487FF0 - 53                         - push ebx
00487FF1 - 8d 4d f0                   - lea ecx,[ebp-10]
00487FF4 - 51                         - push ecx
00487FF5 - 8b f0                      - mov esi,eax
00487FF7 - 8b 47 08                   - mov eax,[edi+08]
00487FFA - 52                         - push edx
00487FFB - 50                         - push eax
00487FFC - b9 70 f4 1a 01             - mov ecx,011af470 // <- namestoreptr
00488001 - 89 5d f0                   - mov [ebp-10],ebx
00488004 - 89 5d f4                   - mov [ebp-0c],ebx
00488007 - e8 14 49 14 00             - call 005cc920
0048800C - 3b f3                      - cmp esi,ebx
0048800E - 74 27                      - je 00488037
00488010 - 3b c3                      - cmp eax,ebx
00488012 - 75 0c                      - jne 00488020
00488014 - 5e                         - pop esi
00488015 - 5f                         - pop edi
00488016 - b8 01 00 00 00             - mov eax,00000001
0048801B - 5b                         - pop ebx
0048801C - 8b e5                      - mov esp,ebp
0048801E - 5d                         - pop ebp
0048801F - c3                         - ret
00488020 - 38 1e                      - cmp [esi],bl
00488022 - 74 13                      - je 00488037
00488024 - 68 ff ff ff 7f             - push 7fffffff
00488029 - 50                         - push eax
0048802A - 56                         - push esi
0048802B - e8 90 e6 21 00             - call 006a66c0
00488030 - 5e                         - pop esi
00488031 - 5f                         - pop edi
00488032 - 5b                         - pop ebx
00488033 - 8b e5                      - mov esp,ebp
00488035 - 5d                         - pop ebp
00488036 - c3                         - ret
00488037 - 5e                         - pop esi
00488038 - 5f                         - pop edi
00488039 - 83 c8 ff                   - or eax,ff
0048803C - 5b                         - pop ebx
0048803D - 8b e5                      - mov esp,ebp
0048803F - 5d                         - pop ebp
00488040 - c3                         - ret

**~~arigity~~** · 03-01-2009

if you take a look at the function i posted you will see this

0066FC94 PUSH ECX ; dontcare
0066FC95 PUSH ESI ; highGUID
0066FC96 PUSH EAX ; lowGUID
0066FC97 MOV ECX, Wow.011AF470 ; nameStrPtr
0066FC9C CALL <Wow.PlayerName> ; Wow.005CC920 returns name

if you follow the call you will end up at the function 585630 which does the actual search for the name (and where the reversed information probably came from)

**argh44z** · 03-01-2009

It's just the NameDBCache. Look at starting at 0x0091ADDC. You'll see for example:

Code:

.text:0091AECD                 align 10h
.text:0091AED0                 push    100h
.text:0091AED5                 push    0
.text:0091AED7                 push    0
.text:0091AED9                 push    0
.text:0091AEDB                 push    50h
.text:0091AEDD                 push    offset aNamecache_wdb ; "namecache.wdb"
.text:0091AEE2                 push    574E414Dh
.text:0091AEE7                 mov     ecx, offset g_nameDBCache
.text:0091AEEC                 call    sub_5C5380
.text:0091AEF1                 push    offset loc_924D80
.text:0091AEF6                 call    _atexit
.text:0091AEFB                 pop     ecx

You'll see similar for each type of cache, useful if you use any of the rest.

Shout-Out

User Tag List

Thread: [3.0.9] Offsets

Thread Tools

Search Thread

Similar Threads

WoW Offsets & WPE

Hiding offsets of proccess how ?

Swimming state offset

Enemy offsets

How do you find memory offsets in the game?

OwnedCore Forums

casino

CoreCoins

My OwnedCore

About Us

Casino