[WoW][3.2.2] Info Dump Thread

[FenixTX2]

Thats really nice. +rep

[attn]

On login screen:

[ 0x010d7914 ] + 0x50 - username
[ 0x010d7914 ] + 0xc8 - password

Note that if you change those values, it will not reflect in ui, however it will work when you click on login button.

Doesn't work for me. I think it depends of server announcement.

Anyone get info how to get error message during login ?

Also in character selection screen these 3 offsets reflect total # of characters on account

0x00010d8914
0x000E53E484
0x000E53E488

What difference between each atm I don't know.

Trying find how to detect character selection (to implement auto-login) but no luck atm.

[Jadd]

Doesn't work for me. I think it depends of server announcement.

Anyone get info how to get error message during login ?

Also in character selection screen these 3 offsets reflect total # of characters on account

0x00010d8914
0x000E53E484
0x000E53E488

What difference between each atm I don't know.

Trying find how to detect character selection (to implement auto-login) but no luck atm.

Offsets? O.o

Also whats up with the 10 character addresses?

[Kryso]

Doesn't work for me. I think it depends of server announcement.

http://dl.getdropbox.com/u/1799304/accpass.png

However they doesn't work after logout. I've found them with memory scanning and didn't bother to test them properly, sorry about that.

[attn]

Offsets? O.o

Ok, memory address if u wish. Don't be picky, it was 4 a.m post

[Cypher]

Offsets? O.o

Also whats up with the 10 character addresses?

Technically it is an offset. As far as the processor is concerned it's an offset from the DS (which always has a base of zero in the memory model used by Windows).

http://dl.getdropbox.com/u/1799304/accpass.png

However they doesn't work after logout. I've found them with memory scanning and didn't bother to test them properly, sorry about that.

If you just use Lua to set the text, press the buttons, etc you could have this done in about 10 minutes.

[JuJuBoSc]

Party Member 1 GUID : 0x01143B10
Party Member 2 GUID : 0x01143B18
Party Member 3 GUID : 0x01143B20
Party Member 4 GUID : 0x01143B28
Party Leader GUID : 0x01143B30

[mightypirate]

thanks for this

[nitrogrlie]

Just to add on to your list...

Code:

    public enum VFTableIndex
    {
        GetBagPtr = 10,
        GetPosition = 11,
        GetFacing = 12,
        GetScale = 14,
        GetModel = 22,
        Interact = 41,
        GetName = 51,
    }

Haven't tested all these yet, but I can vouch for GetPosition and GetFacing being correct. However, I'm finding GetName to be 48, not 51, and I don't believe it works for your own name for some reason. Perhaps I'm doing something wrong?

[_Mike]

Haven't tested all these yet, but I can vouch for GetPosition and GetFacing being correct. However, I'm finding GetName to be 48, not 51, and I don't believe it works for your own name for some reason. Perhaps I'm doing something wrong?

You are doing something wrong. It is 51, and it does work for the local player.

[nitrogrlie]

I see, I am going to have to check on something when i get home from work because I'm starting to think that what I refer to as the VFTable is different from what people here seem to mean. I call the VFTable the virtual function table that exists in each object that inherits virtual functions from a parent class and comprises the first (or more if inheriting from more than one class) DWORD(s) of that class.

For example, the pointer to the CPlayer class in WoW has a pointer to it's VFTable as its first entry. So if you call GetObjectByGUID() with your player's guid as the argument you get back a pointer where the first DWORD is a ptr to the VFTable for that class type. The 10th & 11th entry in that table point to the GetPosition() and GetOrientation() respectively. The 51st entry doesn't point to a function that is GetName() as far as my testing showed. Rather it is the 48th entry.

It seems to me that what people call the table here is with regards to some function lookup table (probably inline - aka fastcall). If that is not correct, can someone please explain because then I'm clearly confused.

[Apoc]

I see, I am going to have to check on something when i get home from work because I'm starting to think that what I refer to as the VFTable is different from what people here seem to mean. I call the VFTable the virtual function table that exists in each object that inherits virtual functions from a parent class and comprises the first (or more if inheriting from more than one class) DWORD(s) of that class.

For example, the pointer to the CPlayer class in WoW has a pointer to it's VFTable as its first entry. So if you call GetObjectByGUID() with your player's guid as the argument you get back a pointer where the first DWORD is a ptr to the VFTable for that class type. The 10th & 11th entry in that table point to the GetPosition() and GetOrientation() respectively. The 51st entry doesn't point to a function that is GetName() as far as my testing showed. Rather it is the 48th entry.

It seems to me that what people call the table here is with regards to some function lookup table (probably inline - aka fastcall). If that is not correct, can someone please explain because then I'm clearly confused.

You're obviously reversing things wrong. (Hint: nullsubs ARE considered virtual funcs)

Here's some of the current CGPlayer_C vtable (some funcs un-named, etc... laziness ftw)

Code:

.rdata:009E6C70     off_9E6C70      dd offset CGPlayer_C__destructor
.rdata:009E6C74                     dd offset CGPlayer_C__Disable
.rdata:009E6C78                     dd offset sub_65DA10
.rdata:009E6C7C                     dd offset CGPlayer_C_virt0C
.rdata:009E6C80                     dd offset nullsub_5
.rdata:009E6C84                     dd offset CGUnit_C_virt10
.rdata:009E6C88                     dd offset sub_68D1C0
.rdata:009E6C8C                     dd offset nullsub_5
.rdata:009E6C90                     dd offset sub_698530
.rdata:009E6C94                     dd offset sub_65ED20
.rdata:009E6C98                     dd offset CGUnit_C__GetPosition
.rdata:009E6C9C                     dd offset sub_65EC60
.rdata:009E6CA0                     dd offset sub_65EC90
.rdata:009E6CA4                     dd offset sub_65ECB0
.rdata:009E6CA8                     dd offset CGObject_C__GetScale
.rdata:009E6CAC                     dd offset sub_65ECC0
.rdata:009E6CB0                     dd offset CGObject_C_GetModel
.rdata:009E6CB4                     dd offset CGUnit_C__CanGossip
.rdata:009E6CB8                     dd offset CGUnit_C_virt38
.rdata:009E6CBC                     dd offset CGUnit_C_virt3C
.rdata:009E6CC0                     dd offset sub_6916C0
.rdata:009E6CC4                     dd offset sub_691770
.rdata:009E6CC8                     dd offset CGUnit_C_virt40
.rdata:009E6CCC                     dd offset CGUnit_C_virt48
.rdata:009E6CD0                     dd offset CGUnit_C_virt4C
.rdata:009E6CD4                     dd offset CGUnit_C_virt50
.rdata:009E6CD8                     dd offset CGUnit_C_virt54
.rdata:009E6CDC                     dd offset CGUnit_C_virt58
.rdata:009E6CE0                     dd offset CGUnit_C_virt5C
.rdata:009E6CE4                     dd offset sub_694970
.rdata:009E6CE8                     dd offset CGUnit_C_virt64
.rdata:009E6CEC                     dd offset CGPlayer_C__PreAnimate
.rdata:009E6CF0                     dd offset CGUnit_C__GetWorldMatrix
.rdata:009E6CF4                     dd offset CGPlayer_C__ShouldRender
.rdata:009E6CF8                     dd offset CGUnit_C_virt74
.rdata:009E6CFC                     dd offset CGUnit_C_virt78
.rdata:009E6D00                     dd offset CGObject_C_virt18
.rdata:009E6D04                     dd offset CGObject_C_virt54
.rdata:009E6D08                     dd offset CGUnit_C_virt84
.rdata:009E6D0C                     dd offset sub_65EC10
.rdata:009E6D10                     dd offset lua_CloseGuildRoster
.rdata:009E6D14                     dd offset CGUnit_C__OnRightClick
.rdata:009E6D18                     dd offset sub_65EC20
.rdata:009E6D1C                     dd offset CGUnit_C_virt98
.rdata:009E6D20                     dd offset CGUnit_C_virt9C
.rdata:009E6D24                     dd offset CGUnit_C_virtA0
.rdata:009E6D28                     dd offset CGUnit_C_virtA4
.rdata:009E6D2C                     dd offset CGUnit_C_virtB0
.rdata:009E6D30                     dd offset CGUnit_C_virtB4
.rdata:009E6D34                     dd offset CGUnit_C_virtB8
.rdata:009E6D38                     dd offset sub_65ECD0
.rdata:009E6D3C                     dd offset CGUnit_C__GetObjectName
.rdata:009E6D40                     dd offset CGObject_C_virt54
.rdata:009E6D44                     dd offset sub_6C2630
.rdata:009E6D48                     dd offset CGUnit_C_virtA8
.rdata:009E6D4C                     dd offset sub_68E080
.rdata:009E6D50                     dd offset CGUnit_C_virtCC
.rdata:009E6D54                     dd offset sub_684480
.rdata:009E6D58                     dd offset sub_6C2610
.rdata:009E6D5C                     dd offset CGUnit_C_virtE4
.rdata:009E6D60                     dd offset sub_6B4E50
.rdata:009E6D64                     dd offset sub_6B0FB0
.rdata:009E6D68                     dd offset sub_6A2F20
.rdata:009E6D6C                     dd offset CGPlayer_C__GetAFKText
.rdata:009E6D70                     dd offset CGPlayer_C__GetDNDText
.rdata:009E6D74                     dd offset CGPlayer_C__GetGMText
.rdata:009E6D78                     dd offset CGPlayer_C_virtF4
.rdata:009E6D7C                     dd offset CGPlayer_C_virtF8
.rdata:009E6D80                     dd offset CGPlayer_C_virtFC
.rdata:009E6D84                     dd offset CGPlayer_C_virt100
.rdata:009E6D88                     dd offset sub_653AE0
.rdata:009E6D8C                     dd offset CGPlayer_C_virt108
.rdata:009E6D90                     dd offset CGPlayer_C_virt10C
.rdata:009E6D94                     dd offset CGPlayer_C_virt110
.rdata:009E6D98                     dd offset sub_64F3C0
.rdata:009E6D9C                     dd offset CGPlayer_C_virt118
.rdata:009E6DA0                     dd offset sub_658460
.rdata:009E6DA4                     dd offset sub_65A730
.rdata:009E6DA8                     dd offset CGPlayer_C_virt124
.rdata:009E6DAC                     dd offset sub_65ED10
.rdata:009E6DB0                     dd offset sub_65ED20

Go ahead... count them... then come back and tell me you're still right.

[Tanaris4]

Anyone know the WoWCvarBaseMgr offset referenced here: http://www.mmowned.com/forums/wow-me...9-c-cvars.html

I'd fire up 3.0.9 + run the pattern scan but I don't have a windows box (looking to find this on mac)

[_Mike]

Yes GetObjectByGUID() returns a c++ class pointer, and if you dereference that pointer you get the vmt address.
If the 51st entry isn't the right address for you then I guess you are either reading the vmt incorrectly or you're using a different wow version than the rest of us.

Here's how I read names.
Name is a property of the WoWObject class
GetObjectName is the function delegate for calling wow's getname function

Code:

internal readonly uint VMT_GETNAME = 51 * 4;
...
public string Name
{
	get
	{
		if(GetObjectName == null)
		{
			uint VMT = Utilities.ReadDWORD((IntPtr)this); // casting WoWObject to IntPtr returns the pointer from GetObjectByGUID()
			GetObjectName = Utilities.RegisterDelegate<GetObjectNameDelegate>((IntPtr)Utilities.ReadDWORD((IntPtr)(VMT + VMT_GETNAME)));
		}
		return GetObjectName(this);
	}
}

Edit: Meh, apoc was faster than me..

[nitrogrlie]

You're obviously reversing things wrong. (Hint: nullsubs ARE considered virtual funcs)
...
Go ahead... count them... then come back and tell me you're still right.

I'll check when I get home in 6 hrs. I'm not saying I'm right, by the way, just saying that things weren't working out for me. The day I stop making mistakes is the day I stop learning. And yes, your VFT dump looks similar to what I was seeing, but I wasn't getting any names from 51, as a matter of fact, I set a breakpoint on execution of that function and it wasn't getting hit. I'll double check everything and post my table.