AOE spell casting, terrain click without CTM

[Sednogmah]

As I couldn't get AOE casting to work with CTM I tried my luck with something else... As of 3.3.3a this is

Code:

004DDCF0    Spell_C__HandleTerrainClick

typedef bool (*fp_Spell_C__HandleTerrainClick) (TerrainClickStruct*) __attribute__((cdecl));

"TerrainClickStruct":

Code:

typedef struct {
    uint32_t unknown0, unknown1;
    float x, y, z;
} TerrainClickStruct;

Using 0 for the unknown 8 bytes worked perfectly for me. I'm not sure about their meaning but WoW seemed to set them to 0, at least when I checked them with a breakpoint in Spell_C__HandleTerrainClick.

Decompiled function:

Code:

bool __cdecl Spell_C__HandleTerrainClick(TerrainClickStruct *tc)
{
  bool result; // eax@1
  int v2; // edx@3
  int v3; // edx@4
  float v4; // ecx@4
  float v5; // ecx@6

  result = dword_AF6940;
  if ( !dword_AF6940 )
  {
    LOBYTE(result) = 0;
    return result;
  }
  v2 = dword_AF693C;
  if ( dword_AF693C & 0x20 )
  {
    *(_DWORD *)(dword_AF6940 + 72) = tc->unknown0;
    *(_DWORD *)(result + 76) = tc->unknown1;
    *(_DWORD *)(result + 88) = LODWORD(tc->x);
    *(_DWORD *)(result + 92) = LODWORD(tc->y);
    v4 = tc->z;
    *(_DWORD *)(result + 40) |= 0x20u;
    *(_DWORD *)(result + 96) = LODWORD(v4);
    v3 = v2 & 0xFFFFFFDF;
  }
  else
  {
    if ( !(dword_AF693C & 0x40) )
    {
      LOBYTE(result) = 0;
      return result;
    }
    *(_DWORD *)(dword_AF6940 + 80) = tc->unknown0;
    *(_DWORD *)(result + 84) = tc->unknown1;
    *(_DWORD *)(result + 100) = LODWORD(tc->x);
    *(_DWORD *)(result + 104) = LODWORD(tc->y);
    v5 = tc->z;
    *(_DWORD *)(result + 40) |= 0x40u;
    *(_DWORD *)(result + 108) = LODWORD(v5);
    v3 = v2 & 0xFFFFFFBF;
  }
  dword_AF693C = v3;
  if ( !v3 )
    result = SendCast(0);
  LOBYTE(result) = 1;
  return result;
}

Even though this works very well, I'd still like to know how it's done with CTM, just out of curiosity.

[mnbvc]

from a pm:

public static bool ClickRemoteLocation(WoWPoint location)
{
return Spell_C__HandleTerrainClick(new CTerrainClickEvent {Position = location, GUID = 0, Button = MouseButton.Left});
}

And the struct is
[StructLayout(LayoutKind.Sequential)]
private struct CTerrainClickEvent
{
public ulong GUID;
public WoWPoint Position;
[MarshalAs(UnmanagedType.U4)]
public MouseButton Button;
}

-MaiN

but i did only experience that if you set the "guid" value to something different than 0 you will get a "out of range" error, thus i don't think it's actually the guid, but i also don't have any other idea what it could be :/

[Kryso]

What about guid of transport? (I haven't done any research on this, just an idea)

[MaiN]

What about guid of transport? (I haven't done any research on this, just an idea)

That is actually a very good guess.
I'm going to go with Kryso on this one. It's probably so the game knows that it needs to calculate the relative location of the transport to achieve the correct position. To do that it inverses its world matrix and then transform your click location by it.

[zzgw]

No, if you look at functions calling that function, you'll see it's mostly just the player's GUID.

[dook123]

Zero seems to work for me. Thanks for the help everyone posting info in this thread.

Code:

        
        internal static void TerrainClick(float X, float Y, float Z)
        {
            uint MyStructure = Memory.BlackMagic.AllocateMemory(20);

            Memory.BlackMagic.WriteFloat(MyStructure, 0);
            Memory.BlackMagic.WriteFloat(MyStructure + 4, 0);
            Memory.BlackMagic.WriteFloat(MyStructure + 8, X);
            Memory.BlackMagic.WriteFloat(MyStructure + 12, Y);
            Memory.BlackMagic.WriteFloat(MyStructure + 16, Z);

            Memory.BlackMagic.Asm.Clear();

            String[] asm = new String[] 
            {
            "nop",
            "nop",
            "mov eax, " + MyStructure + "",
            "push eax",
            "call " + ((uint)Memory.BaseAddress + (uint)0x49D820),
            "add esp, 0x4",
            "retn"
            };

            EndScene.InjectAndExecute(asm);
            Memory.BlackMagic.FreeMemory(MyStructure);
        }

[wag321]

Zero seems to work for me. Thanks for the help everyone posting info in this thread.

Code:

        
        internal static void TerrainClick(float X, float Y, float Z)
        {
            uint MyStructure = Memory.BlackMagic.AllocateMemory(16);

            Memory.BlackMagic.WriteFloat(MyStructure, 0);
            Memory.BlackMagic.WriteFloat(MyStructure + 4, 0);
            Memory.BlackMagic.WriteFloat(MyStructure + 8, X);
            Memory.BlackMagic.WriteFloat(MyStructure + 12, Y);
            Memory.BlackMagic.WriteFloat(MyStructure + 16, Z);

            Memory.BlackMagic.Asm.Clear();

            String[] asm = new String[] 
            {
            "nop",
            "nop",
            "mov eax, " + MyStructure + "",
            "push eax",
            "call " + ((uint)Memory.BaseAddress + (uint)0x49D820),
            "add esp, 0x4",
            "retn"
            };

            EndScene.InjectAndExecute(asm);
            Memory.BlackMagic.FreeMemory(MyStructure);
        }

I may be wrong but I think you need to replace

Code:

Memory.BlackMagic.AllocateMemory(16);

with

Code:

Memory.BlackMagic.AllocateMemory(20);

As you are writing 5 floats you could be overwriting other memory here

[dook123]

I may be wrong but I think you need to replace

Code:

Memory.BlackMagic.AllocateMemory(16);

with

Code:

Memory.BlackMagic.AllocateMemory(20);

As you are writing 5 floats you could be overwriting other memory here

You are correct. Thank you, I will edit the post as incorrect information is not what I intended to share.

[andy012345]

That "guid" is a uint64 added in wrath. It's set when you use projectile spells from a vehicle.

It's never been a valid guid.

Noones really bothered looking into it because the only place it's used it seems to be worthless, projectile spells from vehicle, the destination, speed and pitch of the projectile are all somewhere else.