WoW Disassembled Functions (over 8000)

[GmG]

How to use the mask?

[testout]

Search through memory using the mask and matching the code.

I'm guessing X is don't care and if its a number its the mask.

so

<mask>44XX44</mask>
<code>123456</code>

means you are looking for the byte 0x12, followed by another byte we don't care about, followed by 0x56.

[roxaz911]

umm how the hell is this list compiled? i can not see any func names in executable

[testout]

Got IDA? Look at xrefs to the LUA function strings.

They are in huges lists of:

ref to name of function
ref to function
ref to name of function
ref to function
ref to name of function
ref to function
etc etc...

[roxaz911]

right right, found them interesting i should say ^_^ gonna try to add additional lua api funcs now =]

[GmG]

Search through memory using the mask and matching the code.

I'm guessing X is don't care and if its a number its the mask.

so

<mask>44XX44</mask>
<code>123456</code>

means you are looking for the byte 0x12, followed by another byte we don't care about, followed by 0x56.

Thank you for your reply, But I found the problem seems to be a little.

eg. CMovement_SetFacing
XXXXX1 XXXXXXX1 XXXX4444 XXXX1X1
558BEC D9450856 D9C08BF1 D86620D
------ -------- -------- -------
XXXXX0 XXXXXXX0 XXXX0040 XXXX0X1

I'm found,
The length of the mask and the code is 68, indicating that they are the same length, and an X correspond to one byte, the other as well.
However, the results do not seem right, do not know why?

[testout]

Ok, got it.

Don't look at that function it maybe incorrect address as stated in his post

Look at: 0075FC70 RLF_GetLFGResults

X X X X X 4 4 4 4 X X X 1 X 1 X ...
55 8B EC 81 EC 14 01 00 00 56 8B 75 08 6A 01 56 ...

If it is an X, match it, otherwise we don't care. Te numbers just seem to secify the size of the skip in bytes.

Here the
4444 (14 01 00 00) is a value: sub esp, 114h
1 (08 ) is a value: mov esi, [ebp+arg_0]
1 (01 ) is a value: push 1

So yeah I guess that is it. X is match, number = don't care.

[goderion]

testout: its correct! ^^

The Mask is really simple. Maybe there should be a Text who tell how to use it.

X = Part of an assembler instruction
1 = byte value (8 bit)
22 = word value (16 bit)
4444 = dword value (32 bit)

XX22XXX1XXXX4444XXXX is like xx??xxx?xxxx????xxxx.

x = check
? = ignore

The 1, 22 and 4444 are used, couse some functions are in the X part the same but differs in the values they use.

I guess it would help some people if a version of the htm-files would appear for 3.1.3. ^^

[GmG]

Thank you very much for the help, now I understand.
However, if the code change, then how can match?
For example, in function of the middle section of the code to insert, not only the code was changed, its length has been changed. Is not to determine the length of code block in order to match it? Or what other method? Disassembly is carried out?

[Shynd]

Am having english winning? Or else for something I know forget! What can happens if . No?

[undrgrnd59]

So, can we use FindPattern with these masks just like we do to find s_curMgr to make our bots "auto-update"?

[GmG]

Shynd:zhong guo ren??

English is not good. As for it?

[testout]

So, can we use FindPattern with these masks just like we do to find s_curMgr to make our bots "auto-update"?

Yes, with a little intervention. (Sometimes multiple matches will be found - or none at all if a function changes heavily).

[goderion]

Yo!

Function-Index 3.1.3

The following 7z-archiv (14 MB) contain an iso (290 MB), wich contains addresses, asm, pattern(mask+code) for wow 3.1.1, 3.1.2 and 3.1.3.

Put the wow.iso in a virtual cd/dvd drive. Dont extract it, couse it contains over 70.000 files, your HD will hate you! ^^

You find the file here:
RapidShare: Easy Filehosting
or
MEGAUPLOAD - The leading online storage and file delivery service

[roxaz911]

did anyone share tool that extracts funcs?