3.1.3 info dump

**Nesox** · 07-16-2009

They are, x = 0xE8 y = 0xEC z = 0xE0
read them as float or make a wowpos struct and read them all at once, yes it's possible with BlackMagic!

**felixdekat** · 07-16-2009

i dont use blackmagic

but tnx in advance

**abuckau907** · 07-17-2009

Dumb question but I can't find on forums:

Problem: How to know if an object is attackable? I have a function like "GetClosestMob" which search the obj list and returns what it thinks is the closest object..but the only sorting i have is wowBasicObject.Type ==3 (unit/npc) which apparently isn't specific
enough because I keep targetting walking broomsticks :P I know there is a way to know if the monster is like... Dragon, Undead, etc...just don't know how to find it, any help would be awesome. The problem is I don't know the classes enough yet, so far I have like..
wowBasicObject (guid,baseaddr,type)
wowCreatureObject(player,monster,npc baseclass?)
wowMob
wowPlayer

but the only criteria I have for creating a new 'wowmob' object is if wowbasicobject.type == 3...which is just a unit, how to find more
about specific class?

**Robske** · 07-17-2009

Originally Posted by abuckau907

Dumb question but I can't find on forums:

Problem: How to know if an object is attackable? I have a function like "GetClosestMob" which search the obj list and returns what it thinks is the closest object..but the only sorting i have is wowBasicObject.Type ==3 (unit/npc) which apparently isn't specific
enough because I keep targetting walking broomsticks :P I know there is a way to know if the monster is like... Dragon, Undead, etc...just don't know how to find it, any help would be awesome. The problem is I don't know the classes enough yet, so far I have like..
wowBasicObject (guid,baseaddr,type)
wowCreatureObject(player,monster,npc baseclass?)
wowMob
wowPlayer

but the only criteria I have for creating a new 'wowmob' object is if wowbasicobject.type == 3...which is just a unit, how to find more
about specific class?

CanAttack, GetUnitReaction, faction id comparing...

**abuckau907** · 07-17-2009

I guess I should have mentioned I'm out of process and I'm trying my hardest to only do memory_ready...i thought there would be some offset that is the mobs 'class' (ie. dragon, etc) but maybe not? Well..if there is a wow function for it..i guess I have to open olly.?. thanks.

**ramey** · 07-17-2009

Originally Posted by abuckau907

I guess I should have mentioned I'm out of process and I'm trying my hardest to only do memory_ready...i thought there would be some offset that is the mobs 'class' (ie. dragon, etc) but maybe not? Well..if there is a wow function for it..i guess I have to open olly.?. thanks.

Usually, when you need functionality for your bot, or well when I need functionality for my bot, I open Ollydbg before posting on a forum asking to be spoonfed. Also, yes, you will have to open Ollydbg.

**Nesox** · 07-17-2009

Take a look in the flags for units it's all there, if they are lootable skinable tapped by you if they are attackable etc.

**Azzie2k8** · 07-17-2009

Originally Posted by bouh2

Sorry i'm confused, i search GameObject Name offset ^^

EDIT : And I search how to find CorpseOject owner name ^^

EDIT2 : Founded : [[curObj + 0x1a4] + 0x88]

could anyone tell me if those are correct ?

I am trying to read the GameObject Name like this

Code:

ObjectManager.WowReader.ReadASCIIString((ObjectManager.WowReader.ReadUInt(baseAddress + 0x1a4) + 0x88), 14);

I know that having a fix length is bad but I used it for testing since I only tried to find the fishing bobber...

I myself could not find those offsets like given by bouh but I guess that is beacuse I fail alot.

-Azrael

**Nesox** · 07-17-2009

Take a look at the UnitName lua function or just call GetObjectName

**Azzie2k8** · 07-17-2009

Originally Posted by Nesox

Take a look at the UnitName lua function or just call GetObjectName

so this should be UnitName, right ?

Code:

.text:006A3650 ; =============== S U B R O U T I N E =======================================
.text:006A3650
.text:006A3650 ; Attributes: bp-based frame
.text:006A3650
.text:006A3650 sub_6A3650      proc near               ; DATA XREF: .data:00A3C834o
.text:006A3650
.text:006A3650 var_14          = dword ptr -14h
.text:006A3650 var_10          = dword ptr -10h
.text:006A3650 var_C           = dword ptr -0Ch
.text:006A3650 var_8           = dword ptr -8
.text:006A3650 var_4           = dword ptr -4
.text:006A3650 arg_0           = dword ptr  8
.text:006A3650
.text:006A3650                 push    ebp
.text:006A3651                 mov     ebp, esp
.text:006A3653                 sub     esp, 14h
.text:006A3656                 push    edi
.text:006A3657                 mov     edi, [ebp+arg_0]
.text:006A365A                 push    1
.text:006A365C                 push    edi
.text:006A365D                 call    sub_91AC40
.text:006A3662                 add     esp, 8
.text:006A3665                 test    eax, eax
.text:006A3667                 jnz     short loc_6A367E
.text:006A3669                 push    offset aUsageUnitnameU ; "Usage: UnitName(\"unit\")"
.text:006A366E                 push    edi
.text:006A366F                 call    sub_919B30
.text:006A3674                 add     esp, 8
.text:006A3677                 xor     eax, eax
.text:006A3679                 pop     edi
.text:006A367A                 mov     esp, ebp
.text:006A367C                 pop     ebp
.text:006A367D                 retn

since I don't see objects in there I followed all references but I don't see where I should get those offsets... maybe (actually I am pretty sure) I am being stupid here...

**SKU** · 07-17-2009

Originally Posted by Azzie2k8

so this should be UnitName, right ?

Code:

.text:006A3650 ; =============== S U B R O U T I N E =======================================
.text:006A3650
.text:006A3650 ; Attributes: bp-based frame
.text:006A3650
.text:006A3650 sub_6A3650      proc near               ; DATA XREF: .data:00A3C834o
.text:006A3650
.text:006A3650 var_14          = dword ptr -14h
.text:006A3650 var_10          = dword ptr -10h
.text:006A3650 var_C           = dword ptr -0Ch
.text:006A3650 var_8           = dword ptr -8
.text:006A3650 var_4           = dword ptr -4
.text:006A3650 arg_0           = dword ptr  8
.text:006A3650
.text:006A3650                 push    ebp
.text:006A3651                 mov     ebp, esp
.text:006A3653                 sub     esp, 14h
.text:006A3656                 push    edi
.text:006A3657                 mov     edi, [ebp+arg_0]
.text:006A365A                 push    1
.text:006A365C                 push    edi
.text:006A365D                 call    sub_91AC40
.text:006A3662                 add     esp, 8
.text:006A3665                 test    eax, eax
.text:006A3667                 jnz     short loc_6A367E
.text:006A3669                 push    offset aUsageUnitnameU ; "Usage: UnitName(\"unit\")"
.text:006A366E                 push    edi
.text:006A366F                 call    sub_919B30
.text:006A3674                 add     esp, 8
.text:006A3677                 xor     eax, eax
.text:006A3679                 pop     edi
.text:006A367A                 mov     esp, ebp
.text:006A367C                 pop     ebp
.text:006A367D                 retn

since I don't see objects in there I followed all references but I don't see where I should get those offsets... maybe (actually I am pretty sure) I am being stupid here...

Maybe have a look at the whole function.

Hint: The important/interesting part comes exactly after the thing you posted.

**Azzie2k8** · 07-17-2009

Originally Posted by SKU

Maybe have a look at the whole function.

Hint: The important/interesting part comes exactly after the thing you posted.

so that one takes me here

Code:

.text:006A367E loc_6A367E:                             ; CODE XREF: sub_6A3650+17j
.text:006A367E                 push    ebx
.text:006A367F                 push    esi
.text:006A3680                 xor     ebx, ebx
.text:006A3682                 push    ebx
.text:006A3683                 push    1
.text:006A3685                 push    edi
.text:006A3686                 call    sub_91ADC0
.text:006A368B                 add     esp, 0Ch
.text:006A368E                 push    7FFFFFFFh       ; size_t
.text:006A3693                 mov     esi, eax
.text:006A3695                 push    offset aPlayer  ; "player"
.text:006A369A                 push    esi             ; char *
.text:006A369B                 call    sub_53A670
.text:006A36A0                 test    eax, eax
.text:006A36A2                 jnz     short loc_6A36C3
.text:006A36A4                 call    sub_5F9760
.text:006A36A9                 push    eax
.text:006A36AA                 push    edi
.text:006A36AB                 call    sub_91B030
.text:006A36B0                 push    edi
.text:006A36B1                 call    sub_91AF60
.text:006A36B6                 add     esp, 0Ch
.text:006A36B9                 pop     esi
.text:006A36BA                 lea     eax, [ebx+2]
.text:006A36BD                 pop     ebx
.text:006A36BE                 pop     edi
.text:006A36BF                 mov     esp, ebp
.text:006A36C1                 pop     ebp
.text:006A36C2                 retn

so far I do not see anything usefull beside the jump and the calls.

I will explore a little further and see where the jump takes me ...

Code:

.text:006A36C3 ; ---------------------------------------------------------------------------
.text:006A36C3
.text:006A36C3 loc_6A36C3:                             ; CODE XREF: sub_6A3650+52j
.text:006A36C3                 push    ebx             ; char
.text:006A36C4                 lea     eax, [ebp+var_14]
.text:006A36C7                 push    eax             ; int
.text:006A36C8                 push    esi             ; char *
.text:006A36C9                 mov     [ebp+var_4], ebx
.text:006A36CC                 mov     [ebp+var_14], ebx
.text:006A36CF                 mov     [ebp+var_10], ebx
.text:006A36D2                 call    sub_69FC40
.text:006A36D7                 mov     eax, [ebp+var_14]
.text:006A36DA                 mov     ecx, [ebp+var_10]
.text:006A36DD                 mov     edx, eax
.text:006A36DF                 add     esp, 0Ch
.text:006A36E2                 or      edx, ecx
.text:006A36E4                 mov     [ebp+var_C], eax
.text:006A36E7                 mov     [ebp+var_8], ecx
.text:006A36EA                 jz      loc_6A3837
.text:006A36F0                 cmp     eax, 0FFFFFFFEh
.text:006A36F3                 jnz     short loc_6A36FE
.text:006A36F5                 cmp     ecx, 0FFFFFFFFh
.text:006A36F8                 jz      loc_6A3837
.text:006A36FE
.text:006A36FE loc_6A36FE:                             ; CODE XREF: sub_6A3650+A3j
.text:006A36FE                 push    7A2h
.text:006A3703                 push    offset a_Scriptevents_ ; ".\\ScriptEvents.cpp"
.text:006A3708                 push    1
.text:006A370A                 push    ecx
.text:006A370B                 push    eax
.text:006A370C                 call    sub_7BE110
.text:006A3711                 mov     ecx, eax
.text:006A3713                 add     esp, 14h
.text:006A3716                 cmp     ecx, ebx
.text:006A3718                 jz      loc_6A37C6
.text:006A371E                 mov     esi, [ecx+8]
.text:006A3721                 mov     eax, [esi+8]
.text:006A3724                 mov     edx, eax
.text:006A3726                 shr     edx, 3
.text:006A3729                 test    dl, 1
.text:006A372C                 jz      short loc_6A373E
.text:006A372E                 push    1
.text:006A3730                 lea     eax, [ebp+var_4]
.text:006A3733                 push    eax
.text:006A3734                 call    sub_5AE6D0
.text:006A3739                 jmp     loc_6A3803

I mean there are alot of mov and jumps but I really don't see those offsets in there ...

I will just check further but I doubt that I will get those

Edit: Thanks for the help guys but I think I have to do this some other time. Either I am just not thinking straigth or this is way over my head. anyways I will continue sometime later when I fell up to it...

**flo8464** · 07-17-2009

You have to try to understand it.
Try to get knowledge what the function is doing.

I am also pretty new to reversing but I put a lot of afford into something if I try to get information out of it.

Maybe try to translate it to Pseudo-Code.

**Apoc** · 07-17-2009

/me coughs

sub_5AD9B0 (takes a WoWObject* as 'this' and the 2nd arg)

Does a 'dynamic' check to see if you actually CAN attack said object. Not just the 'attackable' flag. (As that's set for pretty much every Player since you can PvP)

**lanman92** · 07-19-2009

Anyone else having problems iterating through the OM? It's just not working for me and I'm clueless why not. Everyone said offsets are same...

Code:

GameObject* CurObj = (GameObject*)(*(uint*)s_curMgr + 0xAC);

<snip />

while(...) {
NextObj = (GameObject*)(*(uint*)CurObj + 0x3C);
if (NextObj == CurObj)
{
        MainClass.Print(Encoding.ASCII.GetBytes("Done parsing."), 0);
        break;
}
else
        CurObj = NextObj;
}

It's printing one object to the console and saying it's done. Any help?

EDIT: Even after switching to readprocessmemory instead of pointers, it's reading 0 for the 2nd/3rd object...

EDIT2: Well. Apparently C# is very SHITTY with pointers. Going back to uints now.

Shout-Out

User Tag List

Thread: 3.1.3 info dump

Thread Tools

Search Thread

Similar Threads

[WoW][3.3.0] Info Dump Thread

[WoW][3.2.2] Info Dump Thread

[WoW][3.2.0] Info Dump Thread

[WoW][3.1.0] Info Dump Thread

[WoW][3.0.9] Info dump thread

OwnedCore Forums

casino

CoreCoins

My OwnedCore

About Us

Casino