Getting shapeshift form

[Sillyboy72]

So... I am trying to write an auto-miner, and since that pops my dr00d out to caster form (from flying), it seemed useful to be able to query what form I am currently running.

So, I debug into myluaf_GetShapeshiftForm, see that the call to 0x004CF770 returns the hotness I want, then write this magic:

Code:

int GetShapeshiftForm()
{
	DWORD GetShapeshift = 0x004CF770;    // 3.0.9

	__asm {
		mov eax, 0
		call GetShapeshift
		mov GetShapeshift, eax		
	}

	return GetShapeshift;
}

So, that works fine. (Yeah me!)

Questions:

• is this how non-lame people do this?
• can I correctly assume that calling myluaf_GetShapeshiftForm is a larger PITA since I have to figure out what the hells to pass and parse the return goo?
• can't I directly "retn" or something in my asm w/o the ghetto mov into a local and return that in c? (I have enough problems reading asm, let alone writing it )

[Cypher]

1. Depends really. For some projects I prefer to use LUA, for others I prefer to use the underlying implementation. Depends on what your goals and priorities are.
2. Not really, what you need to call lua functions is already available on these forums, and a bonus of using LUA is that you have a LOT less updating to do across patches if you can use LUA for most of your stuff.
3. While technically you can just do a call then a ret it's safer to do the 'ghetto mov' due to differences in compilers.

[kynox]

Code:

__declspec(naked) int GetShapeshiftForm()
{
    mov eax, 0x004CF770
    jmp eax
}

imo

[g3gg0]

have a look at the byte at
[[[PlayerObject] + 0x0108] + 0x01D3]

[Sillyboy72]

2. Not really, what you need to call lua functions is already available on these forums, and a bonus of using LUA is that you have a LOT less updating to do across patches if you can use LUA for most of your stuff.

Though, if I went that route, I also have to do some crazy patching to avoid issues (since the wowz doesn't let all lua functions to be called)... then I have to not screw up warden madness...

Ya, me == scared.

[Xarg0]

Though, if I went that route, I also have to do some crazy patching to avoid issues (since the wowz doesn't let all lua functions to be called)... then I have to not screw up warden madness...

Ya, me == scared.

Lol get into wows mainthread, you should be able to execute protected lua function without restrictions once you're in there, you wont need to patch anything.

[Sillyboy72]

I am... skeptical.

I am in wow's main thread. But hell, even if I wasn't haxoring, wow blocks:
/script CastSpellByName("blah")
which is also "in the main thread"

Pretty sure there is gonna be some extra work required to handle protected lua functions. But then, I haven't really started researching it...
--
Edit: oic. I am gonna use lua_dostring (which isn't protected?) to call other protected lua functions w/o issue. That does sound like the hotness
--
More Edit: Holy crap! Could that have been easier? This stomps like a mother!

Code:

typedef char (__cdecl *WowzLuaDoString)(char*, char*, int a3);
WowzLuaDoString pfLuaDoString = (WowzLuaDoString) 0x0077E460;  // 3.0.9
void TestLuaDoString()
{
    pfLuaDoString("CastSpellByName(\"War Stomp\")", "CastSpellByName(\"War Stomp\")", 0);
}

[Cypher]

Code:

__declspec(naked) int GetShapeshiftForm()
{
    mov eax, 0x004CF770
    jmp eax
}

imo

As far as I'm aware that's a Microsoft specific language extension. Like __try/__finally. Although some compilers will support the custom extensions others won't.

Again, you're better off using standard C++ to avoid any problems stemming from compiler differences.

Imo.

[Sillyboy72]

Back to the subject at hand (getting my shape shift form, via lua function)

Code:

typedef int (__cdecl *WowzLuaGetTop)(DWORD State);
WowzLuaGetTop pfLuaGetTop = (WowzLuaGetTop) 0x007ADAD0;  // 3.0.9

typedef int (__cdecl *WowzLuaToInteger)(DWORD State, int Arg);
WowzLuaToInteger pfLuaToInteger = (WowzLuaToInteger) 0x007ADF70;  // 3.0.9

typedef int (__cdecl *WowzLuaGetShapeshiftForm)(DWORD State);
WowzLuaGetShapeshiftForm pfGetShapeshiftForm = (WowzLuaGetShapeshiftForm) 0x004CFF30;  // 3.0.9

void TestGetShapeshift()
{
	DWORD *pLuaState = (DWORD*) 0x12E98FC;  // 3.0.9	

	pfGetShapeshiftForm(*pLuaState);
	int top = pfLuaGetTop(*pLuaState);
	int val = pfLuaToInteger(*pLuaState, top);
	dbg("Top: %d  Val: %d\n", top, val);

	pfGetShapeshiftForm(*pLuaState);
	top = pfLuaGetTop(*pLuaState);
	val = pfLuaToInteger(*pLuaState, top);
	dbg("Top: %d  Val: %d\n", top, val);
}

This dumps :
Top: 1 Val: 3
Top: 2 Val: 3

Which is to say its working (w00t!), but that the lua state is going its stack. How do I clean it up?

[g3gg0]

why dont u use this one to get an objects shapeshift form?

0x00 = caster
0x01 = cat
0x03 = travelform
0x08 = bear
0x1B = swift flight form

have a look at the byte at
[[[PlayerObject] + 0x0108] + 0x01D3]

[Sillyboy72]

why dont u use this one to get an objects shapeshift form?

Oh, that is certainly the hotness, and I will probably use that (thanks for that action).

But, in general, it would be pretty useful to directly call various lua routines w/o having to reverse each one to figure out how it works... which is why I am trying to figure out how to cleanup the LuaState...

[Sillyboy72]

thx ggg989:

Code:

typedef void (__cdecl * tLuaSetTop)(LPDWORD luaState, int idx);
tLuaSetTop luaSetTop = (tLuaSetTop)0x007ADAF0;   // 3.0.9
luaSetTop(state, 0)

[kynox]

why dont u use this one to get an objects shapeshift form?

0x00 = caster
0x01 = cat
0x03 = travelform
0x08 = bear
0x1B = swift flight form

Because then he has to go and reverse a class offset each patch.

[Cypher]

Because then he has to go and reverse a class offset each patch.

I had sex with your mother.

[g3gg0]

I had sex with your mother.

thought you prefer males?
SCNR


well, reversing is something like....
- opening IDA
- following the first call
- looking at the offsets

so not really hard