Getting g_clientConnection 3.3.0a

**xLeo123** · 01-09-2010

How can I find this? is there a dwFindPattern example anywhere? the one posted by Shynd doesnt work anymore

Thanks.

**Ellesar1** · 01-09-2010

dwFindPattern

**xLeo123** · 01-09-2010

Thanks for the reply you ass,

**namreeb** · 01-09-2010

The examples found by that google search were actually quite beneficial.

But since you obviously want to be spoonfed, and I am in a somewhat good mood, here you go. I'll even take you through the steps of how to find this.

1) We know from the 3.3.0 post that g_ClientConnection was at 0x00C923C0 thanks to RoKFenris (http://www.mmowned.com/forums/wow-me...ml#post1754547).

2) Let us open WoW 3.3.0.10958 (available on the binaries thread) in OllyDBG and insert a hardware breakpoint when that address is written to, and run the .exe.

3) Very shortly we see the function 0x00646BB0 writing to this address. The specific location of the g_ClientConnection is at 0x00646C13 (note you can jump to that location in memory within OllyDbg and see 0x00C923C0 for yourself).

4) Now you know how to find it in the previous patch. From here you should be able to find it in the current patch as well as generate your own pattern to find it in the future.

If you cannot figure it out from here, I would suggest that you have no business being in this section. This is especially true if you are going to be rude to the people whose help you are seeking.

**xLeo123** · 01-09-2010

Thank you, namreeb. I now realise I must update the values from the previous patch.

**Nesox** · 01-09-2010

That is pretty obvious...

**xLeo123** · 01-09-2010

One more question, how would you go about finding the offsets for a units name.
I know that for health it's FB0 because I applied the following logic:

Code:

for(int i=0xFB0;i<0x1FFF;i++)
  {
    if(*(DWORD*)(dwCurObj+i) == LookingFor)
    {
      MessageBox(0, "Found!", "Debug Me", 0);
    }
  }

However, it wont work like that for pointers TO pointers such as a Units Name, so any ideas? I thought that previously it was a two-level pointer like [curObj+0x968]+0x30] or something like that (C#)

**lanman92** · 01-09-2010

In the info dump there's a function called CGObject_UnitName or something like that. Look at it in IDA and you should get your offsets. You could also reverse the lua function UnitName.

EDIT: Try [[Obj+0x964]+0x5C].

**Cypher** · 01-09-2010

Originally Posted by xLeo123

One more question, how would you go about finding the offsets for a units name.
I know that for health it's FB0 because I applied the following logic:

Code:

for(int i=0xFB0;i<0x1FFF;i++)
  {
    if(*(DWORD*)(dwCurObj+i) == LookingFor)
    {
      MessageBox(0, "Found!", "Debug Me", 0);
    }
  }

However, it wont work like that for pointers TO pointers such as a Units Name, so any ideas? I thought that previously it was a two-level pointer like [curObj+0x968]+0x30] or something like that (C#)

Reverse engineering - Wikipedia, the free encyclopedia