[wow][mac] Finding keybindings in memory

[Tanaris4]

I'm trying to find a list of the keybindings stored somewhere in memory, I can find the spells of each hotbar easily enough, but I'm struggling w/finding were the bindings are stored.

Anyone have any ideas on how I can start searching for this? Thanks!

[Kryso]

Look at lua functions GetBindingByKey, GetBinding, GetBindingKey, GetBindingAction

[Tanaris4]

any ideas on where to find a static pointer to a list of these hotkeys? I search for these values like "SHIFT-1" or "TOGGLEFRIENDSTAB" and can't make any sense of them in memory.

[Apoc]

Cba to download the mac binary; however the code should be more or less the same.

Keybindings work on a similar premise as the object manager. (Think of it as a binding manager... and the way of iterating it's linked list of bindings, is exactly the same. [Excluding the obvious offset difference])

Here's the ASM for GetBindingKey (The func that allows you to get an actual key back via a binding 'command')

Code:

.text:004DC640     lua_GetBindingKey proc near             ; DATA XREF: .data:010457C4o
.text:004DC640
.text:004DC640     pszCommand2     = dword ptr -8
.text:004DC640     var_4           = dword ptr -4
.text:004DC640     L               = dword ptr  8
.text:004DC640
.text:004DC640 000                 push    ebp
.text:004DC641 004                 mov     ebp, esp
.text:004DC643 004                 sub     esp, 8          ; Integer Subtraction
.text:004DC646 00C                 push    edi
.text:004DC647 010                 mov     edi, [ebp+L]
.text:004DC64A 010                 push    1               ; index
.text:004DC64C 014                 push    edi             ; pL
.text:004DC64D 018                 call    FrameScript__IsString ; Call Procedure
.text:004DC64D
.text:004DC652 018                 add     esp, 8          ; Add
.text:004DC655 010                 test    eax, eax        ; Logical Compare
.text:004DC657 010                 jz      loc_4DC6E2      ; Jump if Zero (ZF=1)
.text:004DC657
.text:004DC65D 010                 push    2               ; index
.text:004DC65F 014                 push    edi             ; L
.text:004DC660 018                 mov     [ebp+var_4], 4
.text:004DC667 018                 call    FrameScript__IsNumber ; Call Procedure
.text:004DC667
.text:004DC66C 018                 add     esp, 8          ; Add
.text:004DC66F 010                 test    eax, eax        ; Logical Compare
.text:004DC671 010                 jz      short loc_4DC68E ; Jump if Zero (ZF=1)
.text:004DC671
.text:004DC673 010                 push    2               ; index
.text:004DC675 014                 push    edi             ; pL
.text:004DC676 018                 call    FrameScript_ToNumber ; Call Procedure
.text:004DC676
.text:004DC67B 018                 add     esp, 8          ; Add
.text:004DC67E 010                 call    __ftol2_sse     ; Call Procedure
.text:004DC67E
.text:004DC683 010                 sub     eax, 1          ; Integer Subtraction
.text:004DC686 010                 cmp     eax, 3          ; Compare Two Operands
.text:004DC689 010                 ja      short loc_4DC68E ; Jump if Above (CF=0 & ZF=0)
.text:004DC689
.text:004DC68B 010                 mov     [ebp+var_4], eax
.text:004DC68B
.text:004DC68E
.text:004DC68E     loc_4DC68E:                             ; CODE XREF: lua_GetBindingKey+31j
.text:004DC68E                                             ; lua_GetBindingKey+49j
.text:004DC68E 010                 push    ebx
.text:004DC68F 014                 mov     ebx, dword_113F5E4
.text:004DC695 014                 push    esi
.text:004DC696 018                 xor     esi, esi        ; Logical Exclusive OR
.text:004DC698 018                 push    esi             ; len
.text:004DC699 01C                 push    1               ; index
.text:004DC69B 020                 push    edi             ; pL
.text:004DC69C 024                 call    FrameScript_ToLString ; Call Procedure
.text:004DC69C
.text:004DC6A1 024                 add     esp, 0Ch        ; Add
.text:004DC6A4 018                 push    esi             ; int
.text:004DC6A5 01C                 push    eax             ; char *
.text:004DC6A6 020                 mov     [ebp+pszCommand2], eax
.text:004DC6A9 020                 mov     eax, [ebp+var_4]
.text:004DC6AC 020                 push    eax             ; int
.text:004DC6AD 024                 mov     ecx, ebx
.text:004DC6AF 024                 call    sub_4DC3E0      ; Call Procedure
.text:004DC6AF
.text:004DC6B4 018                 test    eax, eax        ; Logical Compare
.text:004DC6B6 018                 jz      short loc_4DC6D9 ; Jump if Zero (ZF=1)
.text:004DC6B6
.text:004DC6B8
.text:004DC6B8     loc_4DC6B8:                             ; CODE XREF: lua_GetBindingKey+97j
.text:004DC6B8 018                 push    eax             ; pszFormat
.text:004DC6B9 01C                 push    edi             ; L
.text:004DC6BA 020                 add     esi, 1          ; Add
.text:004DC6BD 020                 call    FrameScript__PushString ; Call Procedure
.text:004DC6BD
.text:004DC6C2 020                 mov     ecx, [ebp+pszCommand2]
.text:004DC6C5 020                 mov     edx, [ebp+var_4]
.text:004DC6C8 020                 add     esp, 8          ; Add
.text:004DC6CB 018                 push    esi             ; int
.text:004DC6CC 01C                 push    ecx             ; char *
.text:004DC6CD 020                 push    edx             ; int
.text:004DC6CE 024                 mov     ecx, ebx
.text:004DC6D0 024                 call    sub_4DC3E0      ; Call Procedure
.text:004DC6D0
.text:004DC6D5 018                 test    eax, eax        ; Logical Compare
.text:004DC6D7 018                 jnz     short loc_4DC6B8 ; Jump if Not Zero (ZF=0)
.text:004DC6D7
.text:004DC6D9
.text:004DC6D9     loc_4DC6D9:                             ; CODE XREF: lua_GetBindingKey+76j
.text:004DC6D9 018                 mov     eax, esi
.text:004DC6DB 018                 pop     esi
.text:004DC6DC 014                 pop     ebx
.text:004DC6DD 010                 pop     edi
.text:004DC6DE 00C                 mov     esp, ebp
.text:004DC6E0 004                 pop     ebp
.text:004DC6E1 000                 retn                    ; Return Near from Procedure
.text:004DC6E1
.text:004DC6E2     ; ---------------------------------------------------------------------------
.text:004DC6E2
.text:004DC6E2     loc_4DC6E2:                             ; CODE XREF: lua_GetBindingKey+17j
.text:004DC6E2 010                 push    offset aUsageGetbind_0 ; "Usage: GetBindingKey(\"COMMAND\"[, mode])"...
.text:004DC6E7 014                 push    edi             ; pL
.text:004DC6E8 018                 call    FrameScript_DisplayError ; Call Procedure
.text:004DC6E8
.text:004DC6ED 018                 add     esp, 8          ; Add
.text:004DC6F0 010                 xor     eax, eax        ; Logical Exclusive OR
.text:004DC6F2 010                 pop     edi
.text:004DC6F3 00C                 mov     esp, ebp
.text:004DC6F5 004                 pop     ebp
.text:004DC6F6 000                 retn                    ; Return Near from Procedure
.text:004DC6F6
.text:004DC6F6     lua_GetBindingKey endp

Important bit is highlighted. There's your binding manager. From there; it's as simple as following some xrefs around to figure out whats what.

I believe each keybinding is stored as a struct. (Obviously would be aptly named 'SKeyBind' or something similar) It holds the command name, current key, 2ndary key, the index of the binding, and a few other tidbits of info. I leave reversing the struct as an exercise to the reader.

[Tanaris4]

ty sir, going to create a signature and pray I can find that same offset then jump around :-)

I really need to get the .pdb file you guys are using + see if it can port to the mac binary, i'm thinking it won't

Edit: what does cba mean?