Dumping Player Buffs

[luciferc]

Currently i have

Code:

            0xDB8, //Buff Offset From PlayerBase
            0xED0, //PassiveBuff Offset From PlayerBase

It doesnt work all the time though.

On Certain start ups on Characters it works other times it doesnt. It makes no sense.

Any help Appreciated.

Yes i tryed 0xde8 as well

Sometimes it even shows up buffs i dont have on.

Code:

Get Buff Name 47893 == Fel Armor //Expired about 1 min ago.
Get Buff Name 57940 == Essence of Wintergrasp

[dkilkhan]

I have the same issue using offset from playerbase 0xEBC I saw somewhere on here.

Most of the time it is just fine, but other times it is just garbage and this doesn't change even when restarting wow, same garbage.

I've started digging into API UnitAura - WoWWiki - Your guide to the World of Warcraft, but haven't done much as I've used a lot of buff timers on critical things as a temporary workaround.

I would be interested in knowing why that happens though.

[testout]

I'm using:

Code:

public int[] Buffs()
{
    int count = Memory.Read<int>(BaseAddress + 0xeb8);
    return Memory.ReadBufferInt(BaseAddress + 0xebc, count);
}

Seems to work fine.

[Tanaris4]

On mac the buffs only show for the first 16 or so, then once you get more than 16 auras it jumps to another place in memory. Might be a similar behavior for windows. From PG:

Code:

    BaseField_Auras_ValidCount          = 0xD9C,
    BaseField_Auras_Start               = 0xC1C,
    
    // I'm not entirely sure what the story is behind these pointers
    // but it seems that once the player hits > 16 buffs/debuffs (17 or more)
    // the Aura fields in the player struct is abandoned and moves elsewhere
    BaseField_Auras_OverflowValidCount  = 0xC20,
    BaseField_Auras_OverflowPtr1        = 0xC24,

[Travelformed]

yes it has 2 possible locations

Code:

        // Buffs 3.1.2
        protected const uint AURA_COUNT_1 = 0xDB0; 
        protected const uint AURA_COUNT_2 = 0xC34;        
        protected const uint AURA_TABLE_1 = 0xC30; 
        protected const uint AURA_TABLE_2 = 0xC38;
        protected const uint AURA_SIZE = 0x18;
        protected const uint AURA_SPELL_ID = 0x8;

        public ArrayList getAuras(uint unit) {
            ArrayList result = new ArrayList();            
            uint auraTable = unit + AURA_TABLE_1; //aura list & count has 2 possible locations
            uint auraCount = m.rUInt(unit + AURA_COUNT_1);
            if(auraCount > 80) { 
                auraTable = m.rUInt(unit + AURA_TABLE_2); //and the second one
                auraCount = m.rUInt(unit + AURA_COUNT_2); 
                Console.WriteLine("getAuras() AURA_TABLE_2");                                
            }
            for (uint i=0; i<auraCount; i++) {
                uint spellId = m.rUInt(auraTable + AURA_SIZE * i + AURA_SPELL_ID);                        
                if(spellId > 0) {
                    uint creatorGUID = m.rUInt(auraTable + AURA_SIZE * i);
                    Aura aura = new Aura();
                    aura.creatorGUID = creatorGUID;
                    aura.spellId = spellId;
                    result.Add(aura);
                    Console.WriteLine("{0} getAuras({1}) spellId:{2} creatorGUID:{3}", i, unit, spellId, creatorGUID);                                                    
                }
            }            
            return result;            
        }

[luciferc]

Thanks will try it out

[boomingranny]

i have found the above code very helpful.
The way i am doing it:

from base unit.

read +0xDB0
if -1 then
table is at:
pointer(+0xC3
else
table is at +0xC30


loop thru the table until the spell id is null (0)

[Travelformed]

adding to my previous post, i needed time left on buff\debuf

Code:

//time when buff expires sits at
aura.endTime = bm.ReadUInt(auraTable + AURA_SIZE * i + 0x14);

wow uses hi-res QueryPerformanceCounter/QueryPerformanceFrequency for its GetTime() (API GetTime - WoWWiki - Your guide to the World of Warcraft wowwiki falsely says GetTickCount() wich apparently gives slightly different result)

Code:

//getTime
[DllImport("kernel32.dll")]
private static extern bool QueryPerformanceCounter(out long lpPerformanceCount);

[DllImport("kernel32.dll")]
private static extern bool QueryPerformanceFrequency(out long lpFrequency);

public static long getTime() {
    long count;
    long freq;
    QueryPerformanceFrequency(out freq);
    QueryPerformanceCounter(out count);            
    return (long)(((double)count/(double)freq) * 1000);
}

// time left on buff\debuff
timeLeft = aura.endTime - getTime()

[Robske]

wow uses hi-res QueryPerformanceCounter/QueryPerformanceFrequency for its GetTime() (API GetTime - WoWWiki - Your guide to the World of Warcraft wowwiki falsely says GetTickCount() wich apparently gives slightly different result)

There's a CVAR that allows you to select one of the two, can't remember which one though, Cypher once posted about it.

[Cypher]

timingMethod is the CVar you can use to force WoW to use a certain timing API.

[amadmonk]

Dear god, why would you need WoW to be more precise than the 33ms or whatever it is that you get with GetTickCount()? I mean your average packet latency is nearly that long... Is anyone really timing their buffs that carefully?

[Nesox]

Dear god, why would you need WoW to be more precise than the 33ms or whatever it is that you get with GetTickCount()? I mean your average packet latency is nearly that long... Is anyone really timing their buffs that carefully?

It's for when you write a speedhack that detours GetTickCount/QueryPerformanceCounter could get messy if wow uses QPC and you only detour GTC

[amadmonk]

Ahhhh, now that makes more sense.

[namreeb]

For those interested in some more details, here you are:

Code:

<Pattern desc="GetUnitAura" pattern="\x55\x8B\xEC\x8B\x81\xB0\x0D\x00\x00\x83\xF8\xFF\x75\x08\x8B\x91\x34\x0C\x00\x00\xEB\x02\x8B\xD0\x8B\x45\x08\x3B\xC2" mask="xxxxx????xxxxxxx????xxxxxx?xx" />

Code:

struct AURA
{
	WGUID creatorGuid;	// 0x00 - 0x07
	unsigned long auraId;	// 0x08 - 0x0B
	unsigned long unk1;	// 0x0C - 0x0F
	unsigned long unk2;	// 0x10 - 0x13
	unsigned long endTime;	// 0x14 - 0x17
};

AURA *CGUnit_C::GetAura(const int dwIndex)
{
	unsigned long dwGetUnitAura = gpWoWX->GetFindPattern()->GetAddress( "GetUnitAura" );

	_asm
	{
		mov ecx, this
		push dwIndex
		call dwGetUnitAura
		mov dwGetUnitAura, eax
	}

	return (AURA *)(dwGetUnitAura);
}

Note that since this is an array, as opposed to some sort of linked list structure, once an aura expires or is removed, in its place in memory will be an aura with id 0.

Code:

		CGUnit_C *target;
		AURA *aura;

		if (!(target = gpWoWX->GetCurMgr()->GetObjectByGUID(gpWoWX->GetCurMgr()->GetLocalPlayer()->GetTarget())->GetUnit()))
			target = gpWoWX->GetCurMgr()->GetLocalPlayer()->GetUnit();

		for (int i = 0; 1; i++)
		{
			if (!(aura = target->GetAura(i)))
				break;

			if (!aura->auraId)
				continue;

			DBGLOG("Aura #" << std::dec << i << " ID: " << aura->auraId << " Creator GUID: 0x" << std::hex << aura->creatorGuid.ullGuid <<
				   " Ticks remaining: 0x" << (DWORD)(aura->endTime - GetTickCount()));
		}

Those two unknown fields appear to be some sort of flags, probably to tell you thinks like whether they're dispellable or positive/negative or whatever, but I haven't looked into it as it's not relevant to my purposes at this time.

[Apoc]

The two unknowns are DispelType and some extra flags containing info such as IsHarmful etc.