TranslateRotation strange behaviour

[Cromon]

Heyho!

Im having some problems concerning TranslateRotation.

Thats a part of my CGWoWObject-class:

Code:

	virtual float GetOrientation() = 0; // Working
	virtual float GetScale() = 0; // Working
	virtual void fnVirt15() = 0;
	virtual void TranslateRotation() = 0;
	virtual void fnVirt17() = 0;
	virtual bool CanGossip(CGWoWObject* pTarget) = 0; // Working

As the comments mention the noted functions are working good as i am using them later:

Code:

	if(pObject->m_objectType == 3 && pCurPlayer->CanGossip(pObject))
	{
		pObject->Interact();
		return 0;
	}

Now the problem is TranslateRotation. From what i got out of the __vfPtr of my object it should be at 0x006796A0:

Code:

.text:006796A0 CGPlayer__TranslateRotation proc near   ; DATA XREF: .rdata:00A0FD94o
.text:006796A0                                         ; .rdata:00A1251Co
.text:006796A0                 mov     eax, [ecx+790h]
.text:006796A6                 mov     edx, [ecx+794h]
.text:006796AC                 retn
.text:006796AC CGPlayer__TranslateRotation endp

But whats the meaning of TranslateRotation? Its just returning this + 0x790 and placing this + 0x794 in edx?

Did anyone found a way this function can be used for something?

Greetings
Cromon

[kynox]

That TranslateRotation is returning an INT64 (As indicated by the EAX/EDX usage for the return value) - so unless its returning a double weirdly, i'm betting it's returning a GUID.

[namreeb]

Are you sure what you have there is CGObject_C__TranslateRotation? I have the address for it as 0x0047CD20.

This function returns four bytes (what appears to be a struct pointer), and is the 12th function in the VMT I believe, not the 16th.

[Cromon]

@kynox: Ah thanks, learned something new, didnt know that edx is used for returns too! And yes, its not a double, its returning uint64(0) so far.

@namreeb:
I took it from apocs CGPlayer virtual table and from what i get there its the 16th. And 0x0047CD20 is the 17th according to my VMT evaluation (its right after my TranslateRotation). I know that the 18th is CanGossip and that this is at 0x006D79E0 and in the VMT this is right after 0x0047CD20

Code:

6796A0
47CD20
6D79E0 -> CanGossip

[namreeb]

Well I don't use CGObject_C__TranslateRotation but this is what Hex-Rays has to say about the function at 0x0047CD20:

Code:

int __thiscall CGObject_C__TranslateRotation(WoWUnit *this, Matrix4 *a2)
{
  W_VTable *v3; // edx@1
  void (*v4)(void); // eax@1
  int v5; // [sp+Ch] [bp-Ch]@1
  float v6; // [sp+10h] [bp-8h]@1
  float v7; // [sp+14h] [bp-4h]@1

  v3 = this->Object.VTable;
  a2->m1 = 0.0;
  a2->m2 = 0.0;
  v4 = (void (*)(void))v3->Function12;
  a2->m3 = 0.0;
  a2->m4 = 1.0;
  v7 = 1.0;
  *(float *)&v5 = 0.0;
  v6 = 0.0;
  v4();
  sub_9670A0(0.0, (int)&v5);
  return (int)a2;
}

This isn't what you're looking for?

[Apoc]

Code:

int __thiscall CGObject_C__TranslateRotation(WoWUnit *this, Matrix4 *mat)
{
  W_VTable *vftable; // edx@1
  void (*GetFacing)(void); // eax@1
  float wowposX; // [sp+Ch] [bp-Ch]@1
  float wowposY; // [sp+10h] [bp-8h]@1
  float wowposZ; // [sp+14h] [bp-4h]@1

  vftable = this->Object.VTable;
  mat->m1 = 0.0;
  mat->m2 = 0.0;
  GetFacing = vftable->GetFacing;
  mat->m3 = 0.0;
  mat->m4 = 1.0;
  wowposZ = 1.0;
  wowposX = 0.0;
  wowposY = 0.0;
  GetFacing();
  sub_9670A0(mat, 0.0, (WOWPOS *)&wowposX);
  return (int)mat;
}

Code:

float *__thiscall sub_9670A0(Matrix4 *this, float length, WOWPOS *pfOutLength)
{
  WOWPOS *result; // eax@1
  float halfLength; // ST08_4@1
  double v5; // st7@1
  float sinHalfLength; // [sp+Ch] [bp-4h]@1

  halfLength = length * 0.5;
  length = cos(halfLength);
  sinHalfLength = sin(halfLength);
  result = pfOutLength;
  this->m4 = length;
  v5 = sinHalfLength;
  this->m1 = result->X * sinHalfLength;
  this->m2 = result->Y * v5;
  this->m3 = v5 * result->Z;
  return (float *)result;
}

[Cromon]

Hm, thats very weird!

I found in your posted VMT this sequence:

Code:

.rdata:00A0FD98                 dd offset CGObject_C__TranslateRotation
.rdata:00A0FD9C                 dd offset CGObject_C__CopyMatrix
.rdata:00A0FDA0                 dd offset CGUnit_C__CanGossip

And my dump of the VMT of CGPlayer i posted above. From there 0x47CD20 is CopyMatrix. Thats also what i get the imagination when i look at the function you posted.

In addition:

Code:

	virtual UINT64 TranslateRotation(LPVOID) = 0;
	virtual void fnVirt17() = 0;
	virtual bool CanGossip(CGWoWObject* pTarget) = 0; // Working

Calling TranslateRotation -> Runtime error because ESP is not restored correctly

Code:

	virtual UINT64 TranslateRotation() = 0;
	virtual void fnVirt17() = 0;
	virtual bool CanGossip(CGWoWObject* pTarget) = 0; // Working

Working without an error.