[WoW][3.2.2] Info Dump Thread

[Robske]

hi
1) I dont wont to debug the code, only the offset for it

2. Requests;
3. DO NOT REQUEST UPDATED OFFSETS!

[pituxu]

WTS: Better grammar skills, you buy plx plx?

Sorry for my bad English. ok?

[flo8464]

Anyone knows if the bobbing offset has changed?
I tried to find the function which sets the bobbing byte, but [base + 0xBC] doesn't seem correct anymore.
I don't really know where to start finding that function, so a cheat engine scan "What accesses this address" sounded pretty good, but the byte stays at zero even when its bobbing.



Edit: I bruteforced it, 0xBC is still the correct offset.

[Cromon]

Hello!

Does anyone know where i find the renderflags to change? Im trying to hide mdx or wmo and the search told me that may be possible chaning the renderflags. are those a static offset or relative to somewhat (CWorldFrame?)?

Greetings
Cromon

[aGor2k]

May have been posted already (cba to look through the whole thread).

Code:

CTM_X 0x12979AC
CTM_Y 0x12979B0
CTM_Z 0x12979B4
CTM_ACTION 0x129793C

[Flowerew]

Hi, I'm very new to this whole topic, but thanks to all you great reversers out there (especially mmowned and gd). I hope this is nothing posted too often and helps here and there, since I didn't find this while crawling the forums. Here's what I found:

Code:

// Location: [unitbase+0x0d8]
// Version: 3.2.2 (10482)(Release)
// Tested on: live servers, trial account

struct MovementInfo {
	DWORD _filler_0[2];	// 0x000 - 8 bytes
	WGUID transport_guid;	// transport entity guid unit is standing on, credits to RoKFenris
	D3DXVECTOR3 position;	// position
	DWORD _filler_1;	// 0x01C - 4 bytes
	float yaw;		// horizontal rotation
	float pitch;		// vertical rotation
	DWORD _filler_3[4];	// 0x028 - 16 bytes
	D3DXVECTOR3 normal;	// ground normal under the unit, (0, 0, 1) in air
	DWORD flags;		// see MOVEMENTFLAGS
	DWORD _filler_4[6];	// 0x048 - 24 bytes
	DWORD continuity;	// counts (ms) as long as no movement change happens, zero while standing
	D3DXVECTOR2 direction;	// normalized direction vector, possible 3rd component with flying mounts
	DWORD _filler_5[5]; 	// 0x06C - 20 bytes
	DWORD fall_duration;	// fall duration
	float fell_from;	// height you fell from
	float fall_unknown;	// has something to do with falling though it's only set on very small distances like steps
	float current_speed;	// current speed, even if you're running against walls
	float walk_speed;	// walk speed, will change on speed modifiers like daze
	float run_speed;	// run speed, will change on speed modifiers like daze
	float unknown_speed;	// unknown speed
	float swim_speed;	// swim speed, will change on speed modifiers like daze
	DWORD _filler_6[4]; 	// 0x0A0 - 16 bytes
	float pi;		// seems to be PI :)
};

[lanman92]

I think you can still change movement state and use fly mode if you hook movement packets to stop ChangePitch packets and mod the flags to remove the flying flag from the packet.

[Flowerew]

p.s.: these values are for reading only since changing them will most likely get you kicked from the server

I think you can still change movement state and use fly mode if you hook movement packets to stop ChangePitch packets and mod the flags to remove the flying flag from the packet.

It's more of an advice to not change them without any preparation rather than a "rule" I wanted to establish. I removed the comment, thx for the hint lanman

[RoKFenris]

Thanks for the PlayerMovement structure, I was almost asking if someone had an upgraded version. There are, though, two details you seem to have missed:

- The second half (the 8 last bytes) of _filler_0 are the GUID of the transport the player/mob is standing upon (0 if it is not on a transport). You need that (plus the transport transformation matrix, which is at either [[mobBase + 0xf3c] + 0x10] or [objBase + 0x1a8] of the transport entity, and a bit of matrix math) if you want your project to be useful in a few circunstances (such as when either the player or his target are on a vehicle).

- This structure (or at least the position and transport GUID) is present, at least, for all players and mobs.

Also, as of the current WoW version, [playerBase + 0xd8] = playerBase + 0x788; you can use this if you want to make one less memory read.

[Flowerew]

Thanks for the info, RoKFenris (+Rep to you). Added your feedback to the structure with a credits comment to you. I also renamed the structure to UnitMovement according to your feedback since I only tested it with the player. Regarding your suggestion using one less memory read: I started to reverse the structure by looking at some functions like CGUnit_C__GetWorldMatrix and wow uses [this + 0xd8] internally, that's why I kept it this way.

[amadmonk]

This is useful. I can snare the movement speed field for a better way to test "IsMoving," I think.

[Flowerew]

This is useful. I can snare the movement speed field for a better way to test "IsMoving," I think.

For me the most useful thing is, that you can actually calculate what the expected travel time is from one point to another, and in my case I can thereby give my move commands an expiration time. Since current_speed is actually game units per second, you can do distance/current_speed + now = time of arrival.

[MaiN]

For me the most useful thing is, that you can actually calculate what the expected travel time is from one point to another, and in my case I can thereby give my move commands an expiration time. Since current_speed is actually game units per second, you can do distance/current_speed + now = time of arrival.

Don't forget to mention that the speed is yards per second.

[lanman92]

Are the float units used in the addon functions the same 'scale' as the ones in actual memory?

[RoKFenris]

I was playing a little with the movement structure and found some other values for the movement flags. Here are just the changes:

Code:

enum MOVEMENT_FLAGS {
	MF_SWIMMING = 0x200000  // in the water
	MF_UP = 0x400000  // moving up (pressing jump) either on water or when flying
	MF_DOWN = 0x800000  // Moving down (pressing crouch)
	MF_FLIGHT_CAPABLE = 0x1000000  // It is set when you are on a flying mount. Seems to be valid for NPCs also, but I couldn't test with the druid's flight form
	MF_FLYING = 0x2000000  // flying
	MF_PERMANENT_FLAG = 0x80000000  // The value is the same, but I have seen this one vanish from me at least once; not sure what was the reason, but might be because I used a vehicle.
};

BTW, when on a vehicle you have to test the vehicle's flags (and quite possibly the rest of its movement structure), and not your own.
Also, the [[mobBase + 0xf3c] + 0x10] I posted earlier seems to be wrong; it might have changed in the 3.2 patch without me noticing.