Question about Reversing

[fudz]

So I've taken on a project to learn about reversing, and have been successful so far. I'm updating the address's and pointers of Silly Tarre 1.75, and I'm stuck. I've found all the new address's except for one, and that's the g_clientconnection address. Now, when I debug a previous binary to find the function that writes to the known g_clientconnection address, will that function remain the same in the most recent patch? Or will that function change as well.

Thanks!

[Azzie2k8]

What do you mean with the same ?

The address of a function can change for built to built. The Pattern of a function will most likely stay the same as long as it isnt edited. Please note that this information might be wrong. I am still a newb as well.

[XTZGZoReX]

lua__GetBillingFlags or whatever it's called. Go from there.

[lanman92]

I don't see where that function matters... But search for .\ObjectMgrClient.cpp and the last reference to it has always been the function referencing gClientConnection and it's offset pointing to s_curMgr.

[fudz]

I don't see where that function matters... But search for .\ObjectMgrClient.cpp and the last reference to it has always been the function referencing gClientConnection and it's offset pointing to s_curMgr.

Awesome, I don't expect to be spoon fed the answers, I really enjoy a challenge, and this gave me the direction I was looking for.

Thanks!

[XTZGZoReX]

I don't see where that function matters...

It calls ClientServices__GetCurrent.

[Seifer]

Code:

private static string TLSPattern { get { return "EB 02 33 C0 8B D 00 00 00 00 64 8B 15 00 00 00 00 8B 34 8A 8B D 00 00 00 00 89 81 00 00 00 00"; } }
        private static string TLSMask { get { return "xxxxxx????xxx????xxxxx????xx????"; } }

ThreadLocalStorage = Memory.FindPattern(TLSPattern, TLSMask);

CConnection = Memory.ReadUInt(Memory.ReadUInt(ThreadLocalStorage + 0x16));
                    CConnectionOffset = Memory.ReadUInt(ThreadLocalStorage + 0x1C);
                    CurrentManager = Memory.ReadUInt(CConnection + CConnectionOffset);

There you go. Also:

Accessing WoW’s Game Objects « Shynd’s WoW Modification Journal

[flo8464]

If you are reading from TLS directly, just read from the TEB instead of messing around with pattern

[fudz]

Code:

private static string TLSPattern { get { return "EB 02 33 C0 8B D 00 00 00 00 64 8B 15 00 00 00 00 8B 34 8A 8B D 00 00 00 00 89 81 00 00 00 00"; } }
        private static string TLSMask { get { return "xxxxxx????xxx????xxxxx????xx????"; } }

ThreadLocalStorage = Memory.FindPattern(TLSPattern, TLSMask);

CConnection = Memory.ReadUInt(Memory.ReadUInt(ThreadLocalStorage + 0x16));
                    CConnectionOffset = Memory.ReadUInt(ThreadLocalStorage + 0x1C);
                    CurrentManager = Memory.ReadUInt(CConnection + CConnectionOffset);

There you go. Also:

Accessing WoW’s Game Objects « Shynd’s WoW Modification Journal

Awesome, so much easier this way!

Thanks!

[Seifer]

If you are reading from TLS directly, just read from the TEB instead of messing around with pattern

Why? The TLS method is perfectly viable and solid in between patches.

[Kryso]

Why? The TLS method is perfectly viable and solid in between patches.

Reading it directly is faster than searching for it with pattern.

[flo8464]

This is ripped off the dumper Kynox released some years ago, you will have to update the TLS->ObjectManager-Offset, everything else should work fine: #942245 - Pastie