[wow][mac][3.3.0] Total number of factions? (UnitReaction)

[Tanaris4]

I'm currently working on searching for the offsets listed on Shynd's thread:
GetUnitReaction Shynd’s WoW Modification Journal

Unfortunately I don't have as much knowledge as most and I don't have the function names associated w/their location so I was going to start by searching for the total # of factions in memory, then working back from there. Any chance someone can post how many factions exist on the latest version?

Thanks in advance!

[Tanaris4]

Anyone know this for the 3.3.0 windows binary? At least w/that I can find it in IDA then try to find the corresponding functions for OS X.

I found the 3.1.3 thread, which I'm trying to use those functions to find the 3.3.0 offsets in IDA, not going so hot (basically searching for immediate values that look the same)

Edit: Found them in the 3.3.0 windows binary, in function sub_6BABB0 continuing search for OS X equivalent now :-)

[Apoc]

Go to the UnitReaction Lua handler, then it's fairly simple to find from there.

Code:

signed int __cdecl lua_UnitReaction(int pL)
{
  WoWUnit *v1; // eax@3
  WoWUnit *v2; // edi@3
  char *v3; // eax@3
  char *v4; // eax@3
  signed int result; // eax@5
  int v6; // ST28_4@5
  int v7; // ST24_4@7

  if ( FrameScript__IsString((int *)pL, 1) && FrameScript__IsString((int *)pL, 2) )
  {
    v3 = FrameScript_ToLString((int *)pL, 1, 0);
    v2 = GetUnitFromName(v3);
    v4 = FrameScript_ToLString((int *)pL, 2, 0);
    v1 = GetUnitFromName(v4);
    if ( v2 && v1 )
    {
      v6 = CGUnit_C__UnitReaction(v2, v1) + 1;
      FrameScript_PushNumber((int *)pL, (long double)v6);
      result = 1;
    }
    else
    {
      FrameScript_pushnil(pL);
      result = 1;
    }
  }
  else
  {
    FrameScript_DisplayError(pL, "Usage: UnitReaction(\"unit\", \"otherUnit\")", v7);
    result = 0;
  }
  return result;
}

[mnbvc]

how can i let ida replace the function names?

[namreeb]

how can i let ida replace the function names?

Instruction on using IDA is generally beyond the scope of this forum. There are plenty of resources out there, though.

[Tanaris4]

@mnbvc - if you know what they are, just right click + rename. But I doubt that's what you're asking I don't know the methods to keep the function names the same in b/t patches. The last time I tried tracking them on the OS X binary was like 3.2

Windows offsets for 3.3.0.11xxx:
startIndex = 0xA740C0
factionPointer = 0xA740D0
totalFactions = 0xA740BC

Still working on the OS X offsets, unfortunately it's not as simple as me searching for the string "UnitReaction" as this doesn't land me in a function, if and I move back via xref I'm not really getting anywhere, clearly my skills are lacking. The text is @ 0x63AE7A.

Believe I found the offsets for OS X but it seems a little different (offsets 0xD787C0 and 0xD78800). Obviously the windows binary has 3 referenced offsets, and I can only find 2 on OS X.

I was able to find identical functions (I believe) via a floating point search + switch statement. On Windows: sub_6BABB0, OS X: sub_3BE950. This is as far as I am so far, still investigating after I order a pizza

Thanks for the help Apoc, greatly appreciated. I've lightly browsed for methods to keep your function names the same in b/t patches, so far I've done it manually, and literally the only functions I have are like ToString, and FrameScript_Execute, as I'm not 100% certain on most. Is there a script publicly (or in Elite, which I need to grab soon heh) that is specifically for this purpose? Or does it come from understanding IDA to it's true potential? (which I'm working on, slowly reading "The IDA Pro Book The Unofficial Guide" in my free time)

3.3.0a OS X binary: http://dump.ifeedr.com/WoWBinaries/W...t%203.3.0a.zip


Windows string search:


OS X string search:

(makes me sad)

Edit: OK I think I'm officially stuck here and have no idea where to go next, I 100% understand what is going on in IDA on the Windows binary but can't get anywhere to find the UnitReact function:


Edit 2: It's so odd, as I look @ the windows functions (follow the functions within the lua), it's like part of those are smeared about in the above image (almost like IDA couldn't parse the Mac version + split it into functions correctly, I could, of course, be horribly wrong )

[lanman92]

Let's break it down.

I'm not sure how Macs work, so this is gonna be rough..

sub_813A70 is popping a string off of the stack. It is called twice(for each parameter passed to the function). If two strings were not passed, it displays the error, elsewise it jumps down to the next part of the function.

I'm assuming(from the windows binary) that at the next section it grabs a pointer to the two objects. It then calls a __thiscall function with the first unit as this and the comparing object as the first parameter.

This is the function you have to reverse.

[Tanaris4]

@lanman92 - but doesn't it call sub_813A70, therefore popping off the first string, THEN it does the error check, and then pops the 2nd string after the error string - isn't that strange?

it's like it's ignoring the fact that it should check for 2 strings

[Tanaris4]

Found CGUnit_C__UnitReaction for OS X: 003BE510

that was WAY too much work. I eventually had to do it by finding a function on the windows binary that had a string I could search for on the OS X Binary (the winner happened to be "Taxi")

Edit: found the pointers (not referenced the same as in the windows binary obviously, but found them nonetheless :-) Time for implementation! )

Code:

// OS X 3.3.0a
dword_FactionStartIndex = *(&dword_D787C0 + 4)
dword_totalFactions = *(&dword_D787C0 + 3)
dword_factionPointer = *(&dword_D787C0 + 8)

Edit 2: I really think the Hex Rays Pseudocode plugin hates OS X:
(OS X) http://tanaris4.ampaste.net/f1eade801 vs (windows) http://tanaris4.ampaste.net/f7368e237

[lanman92]

Yeah, look at 0x63AF1C. It's calling that function in UnitReaction, the lua function.

[Tanaris4]

.so.close. anyone seeing any issues as to why this would ALWAYS be returning friendly? (cept when the unit is neutral) Complete opposite issue as in the other thread

tanaris4 private pastebin - collaborative debugging tool

Based on NoMorePasting.com