C# Finding buffs

[Hawker]

Can anyone see why this hasBuff code is working on some WoW clients and not on others? I'm baffled

Code:

        /// <summary>
        /// Returns true if the player got the specific buff id (look at thottbot to get the id's)
        /// </summary>
        public bool hasBuff(uint buffID)
        {
            try
            {
                GUnit temp = new GUnit(objectList, ObjectPointer);
                for (int i = 0; i < 20; i++)
                {
                    uint curAura = Memory.ReadUInt((uint)(temp.ObjectPointer + 0xDB8 + (i * 4)));
                    Output.LogToFile("Buff found: " + curAura.ToString());
                    if (curAura == buffID)
                    {
                        Output.LogToFile("Wanted Buff: " + buffID); 
                        return true;
                    }
                }
                return false;
            }
            catch
            {
                return false;
            }
        }

Output from my own druid:

[16/07/2009 11:45:28]:Maneuvering towards Felweed: ( 537.116 2828.452 214.1415 ) 17370386803974151545
[16/07/2009 11:45:28]:Moving to node...
[16/07/2009 11:45:29]:Buff found: 33943
[16/07/2009 11:45:29]:Wanted Buff: 33943

Strange output from a user's druid:

[7/16/2009 3:36:23 AM]:Maneuvering towards Icethorn: ( 6020.106 -476.5709 367.1697 ) 17370386953324909881
[7/16/2009 3:36:23 AM]:Moving to node...
[7/16/2009 3:36:23 AM]:Buff found: 24
[7/16/2009 3:36:23 AM]:Buff found: 728301552
[7/16/2009 3:36:23 AM]:Buff found: 0
[7/16/2009 3:36:23 AM]:Buff found: 256
[7/16/2009 3:36:23 AM]:Buff found: 0
[7/16/2009 3:36:23 AM]:Buff found: 256
[7/16/2009 3:36:23 AM]:Buff found: 0
[7/16/2009 3:36:23 AM]:Buff found: 256
[7/16/2009 3:36:23 AM]:Buff found: 0
[7/16/2009 3:36:23 AM]:Buff found: 256

[Cypher]

Lol @ the "just sweep it under the rug" style exception handling.

[Hawker]

Lol @ the "just sweep it under the rug" style exception handling.

That's why I even have a rug in my hallway you insensitive clod.

[Gorzul]

(WoW 3.1.3.9947)
Have a closer look at Lua_UnitAura:

Code:

.text:004BA3E0 000                 push    ebp
.text:004BA3E1 004                 mov     ebp, esp
.text:004BA3E3 004                 cmp     dword ptr [ecx+0DB0h], 0FFFFFFFFh ; Compare Two Operands
.text:004BA3EA 004                 mov     eax, [ebp+auraIndex]
.text:004BA3ED 004                 jnz     short loc_4BA402 ; Jump if Not Zero (ZF=0)
.text:004BA3EF 004                 mov     ecx, [ecx+0C38h]
.text:004BA3F5 004                 lea     eax, [eax+eax*2] ; Load Effective Address
.text:004BA3F8 004                 lea     eax, [ecx+eax*8] ; Load Effective Address
.text:004BA3FB 004                 mov     eax, [eax+8]
.text:004BA3FE 004                 pop     ebp
.text:004BA3FF 000                 retn    4               ; Return Near from Procedure

.text:004BA402 004                 lea     edx, [eax+eax*2] ; Load Effective Address
.text:004BA405 004                 lea     eax, [ecx+edx*8+0C30h] ; Load Effective Address
.text:004BA40C 004                 mov     eax, [eax+8]
.text:004BA40F 004                 pop     ebp
.text:004BA410 000                 retn    4               ; Return Near from Procedure

Hex-Rays:

Code:

int __thiscall GetUnitAuraId(int this, int auraIndex)
{
  int result; // eax@2

  if ( *(_DWORD *)(this + 0xDB0) == 0xFFFFFFFF )
    result = *(_DWORD *)(*(_DWORD *)(this + 0xC38) + 0x18 * auraIndex + 0x8);
  else
    result = *(_DWORD *)(this + 0xC38 + 0x18 * auraIndex);
  return result;
}

As you can see there two possible locations to read the aura id.

edit:
Your problem was already discussed:
http://www.mmowned.com/forums/wow-me...yer-buffs.html

[Hawker]

+rep for pointing that out. Can we lock this thread please?

[Apoc]

Code:

AURA *__thiscall CGUnitC__GetUnitAura(WoWObject *this, unsigned int auraIndex)
{
  unsigned int dwAuraCount; // edx@2
  AURA *result; // eax@6

  if ( this->dwAuraCount2 == -1 )                               // dwAuraCount2 is the overflow ptr. (>10 auras)
    dwAuraCount = this->dwAuraCount1;
  else
    dwAuraCount = this->dwAuraCount2;
  if ( auraIndex >= dwAuraCount )
  {
    result = 0;                                                 // No current auras to return.
  }
  else
  {
    if ( this->dwAuraCount2 == -1 )
      result = (AURA *)(*(_DWORD *)&this->gap_d55[0] + 24 * auraIndex);// Not entirely sure how they're doing this. Once I'm unlazy enough, I'll map out the actual offsets in the WoWObject struct.
    else
      result = (AURA *)&this->gap_d5[24 * auraIndex + 192];
  }
  return result;
}

Might be a bit clearer for those of you having a hard time.

[jockel]

Thanks for the snippets,
I'm exactly using a replication of the "Hex-Rays" function Gorzul posted.

It works awesome for my local player or npc's to detect buffs/debuffs.

But as soon I'm going to target a friendly player to get the buffs from them, the function fails and will never return a valid buffid.

[jockel]

I did some researches and analyzed the GetAura function another time,
but I'm not able to get it working to grab the auras a player has.

I'm only able to get buffs from my local player or npcs.


I tried it in process (C++)

Code:

typedef int (__thiscall * tGetAura)(void* uThis, int index);
tGetAura oGetAura = reinterpret_cast<tGetAura>(0x00566D80);

And out of process (C#)

Code:

      uint GetAuraAt(uint i)
         {
             if (ReadUInt(baseAddress + 0xDB0) == -1){

                 return ReadUInt(ReadUInt(baseAddress + 0xC38) + (0x18*i) + 8);

             }

             return ReadUInt(baseAddress + 0xC38+ (0x18*i));
         }

The C# function SHOULD return the exact same the GetAura function in Wow does, I can't see any differences, so why does it not return auras for playerobjects (except my local player) ?

[Gorzul]

Your C# code should work for all units (including other players). Have you checked the base addresses of your player objects?

edit:
Ok, your problem is the uint.

Code:

uint GetAuraAt(uint i)
         {
             if (ReadUInt(baseAddress + 0xDB0) == -1){

                 return ReadUInt(ReadUInt(baseAddress + 0xC38) + (0x18*i) + 8);

             }

             return ReadUInt(baseAddress + 0xC38+ (0x18*i));
         }

[vulcanaoc]

Code:

             if (ReadUInt(baseAddress + 0xDB0) == -1){

                 return ReadUInt(ReadUInt(baseAddress + 0xC38) + (0x18*i) + 8);

             }

             return ReadUInt(baseAddress + 0xC38+ (0x18*i));
         }

Comparing a 4 byte unsigned integer to an integer with a sign is not a very good idea.

lawl

[Tanaris4]

Anyone know if these changed in 3.2.0? I'm having an awful time trying to determine this... Sometimes the memory location at 0xDB0 is -1, and sometimes 0xDB4 is -1

Granted I am looking on a mac, but I highly doubt this would vary. Here is the binary if people want to be so kind as to check:
http://dump.ifeedr.com/WoWBinaries/W...ft%203.2.0.zip

I'm going to fire up IDA Pro and see if I can find the function listed above. (although I have a feeling i'll struggle heh)

[tdrake]

Aura count1/2 and aura table 1/2 both changed.

Size and spellid stayed the same.

Im sure its the same for mac as size and spellid havent changed in awhile as far as im aware.

[Nesox]

enum UnitBaseGetUnitAura
{
AURA_COUNT_1 = 0x0DC8, //CGUnit_C__GetUnitAura(int index)
AURA_COUNT_2 = 0x0F3C, //Wtf is this one from? /*0xC34 3.1.3*/
AURA_TABLE_1 = 0xC48, //CGUnit_C__GetUnitAura(int index)
AURA_TABLE_2 = 0xC50, //CGUnit_C__GetUnitAura(int index)
AURA_SIZE = 0x18, //Size of the Aura Struct, 6 * 4 bytes
AURA_SPELL_ID = 0x8 //Offset in the struct for the Id, "Second Integer"
} ;

theese one is correct except for AURA_COUNT_2 dunno what function that's from ..

[tdrake]

AURA_COUNT_2 = 0xC4C

[Nesox]

AURA_COUNT_2 = 0xC4C

what function is that from?