3.1.1 Reading Unit Names

[tanis2000]

With 3.0.9 I used this code to read a Unit name given the Unit pointer:

Code:

        
private string GetUnitName(uint unit)
        {
            uint aaa = ProcessManager.WowProcess.ReadUInt((unit + 0x970));
            return ProcessManager.WowProcess.ReadASCIIString(ProcessManager.WowProcess.ReadUInt((aaa + 0x3C)), 40);
        }

It worked but I want to get rid of that 0x970 which is ugly and does not work anymore for 3.1.1

The problem is that I have no clue if there's a formula to calculate that offset or if it can be read somewhere else? Any idea?

Is there a linked list just like for players that I should go through or anything else?

[Apoc]

I don't know how many more times, or ways, we can answer this same question. Enjoy your infraction.

[tanis2000]

Find me a signature to look for the different kind of structures and I'll be happy

The forum is full of posts of people reading this stuff through offsets exactly like I am doing or by looking at the VMT and injecting code to call the virtual function to retrieve the unit name, which is not what I want to do either.

I want to stick to OOP reading but it's hard to find a reference to the different structures on the forum.

As a proposal.. it'd be nice to put all of that knowledge into something readable and purged of the crap that comes up when you run searches

[SKU]

*hopes the thread does not mysteriously close again*

You don't want offsets and you don't want to call the VM yet you mention 'structures'? Structures and offsets go hand in hand.

Anyway, because I'm insanely bored:

Code:

Object:
.text:00598210 sub_598210      proc near               ; CODE XREF: sub_6A0990+F8p
.text:00598210                                         ; sub_6B64F0+75p
.text:00598210                                         ; DATA XREF: ...
.text:00598210                 mov     eax, [ecx+1A4h]
.text:00598216                 test    eax, eax
.text:00598218                 jz      short loc_598221
.text:0059821A                 mov     eax, [eax+88h]
.text:00598220                 retn

==> pObjectName = [[base + 0x1A4] + 0x88]

Unit:
.text:005ADBE5 loc_5ADBE5:                             ; CODE XREF: sub_5AD970+1B7j
.text:005ADBE5                 mov     esi, [esi+968h]
.text:005ADBEB                 test    esi, esi
.text:005ADBED                 jz      short loc_5ADBBD
.text:005ADBEF                 mov     eax, [esi+54h]
.text:005ADBF2                 pop     edi
.text:005ADBF3                 pop     esi
.text:005ADBF4                 pop     ebx
.text:005ADBF5                 mov     esp, ebp
.text:005ADBF7                 pop     ebp
.text:005ADBF8                 retn    8
.text:005ADBF8 sub_5AD970      endp

==> pUnitName = [[base + 0x968] + 0x54]

Do you like 0x968 more? If you want the playernames, enjoy the cache.

[snoke]

Find me a signature to look for the different kind of structures and I'll be happy

The forum is full of posts of people reading this stuff through offsets exactly like I am doing or by looking at the VMT and injecting code to call the virtual function to retrieve the unit name, which is not what I want to do either.

I want to stick to OOP reading but it's hard to find a reference to the different structures on the forum.

As a proposal.. it'd be nice to put all of that knowledge into something readable and purged of the crap that comes up when you run searches

soo you dont wanna learn anything , you just want offsets? thrust me your cpu does not work in a oop way. i almost wanna cry , there is a wealth of information here all from how you locate those offsets yourself to how you inject your code to do funny stuff and you dont want it because its not oop.

[morgalis]

Cool , and any idea where to retrieve Player Name ?

[SKU]

Yeah, from the cache.

Gnah: http://www.mmowned.com/forums/wow-me...working-2.html.

[flo8464]

Hey, sorry for hijacking the thread.

SKU, if you read this, how and where did you find that sequence of code ?

I know the question sounds stupid, but I finally want to stop using other peoples work and do something myself.

My attempt was reversing "UnitName("unit")".

I am fairly new to reversing, only did easy CrackMes before and wrote ASM-Applications for learning purposes.

But trying to do it in WoW makes me lose the overview about everything, so many calls the functions I don't know and all of the are calling more and more and with bad luck I end up reversing code which isnt even related a bit to my lua-function.

How do you start reversing a lua-function? I appreciate help, even if its a One-Liner.

Thanks !

[SKU]

I'm lazy, but I roughly said it here: http://www.mmowned.com/forums/wow-me...ml#post1509137

How to reverse it.. it's not really special. Does a lot of compares to determine the type of the object, then calls the right method to get the object name. Also calls a couple of lua functions to manage the stack (I guess :O).

I don't know if you use IDA, but the graph view is incredibly useful for the UnitName function and it's subcalls.

[lanman92]

Most of the calls from the funcs will be lua_***() funcs. They will push, gettop, etc. You can tell because they push the lua state onto the stack. I would just go into the 3.1.2 offset thread and label all of the lua functions in IDA from that. It will make things a lot simpler.