[Wow][4.0.0.11927][Cata Alpha Client] Info Dump Thread

[Tantur]

Disabling ASLR on a binary is a 1 second fix. Just remove the 0x40 flag from the "DLL Characteristics" field in the PE header (optional fields). Don't forget the word is saved little endian. Luckily the PE header isn't part of the checksum. So all lazy people don't even need to change any code

[Cypher]

Disabling ASLR on a binary is a 1 second fix. Just remove the 0x40 flag from the "DLL Characteristics" field in the PE header (optional fields). Don't forget the word is saved little endian. Luckily the PE header isn't part of the checksum. So all lazy people don't even need to change any code

Sigh .

[Jadd]

Its interesting to see some of the fundamental changes the the client.
I just HATE how the game no longer loads relative to the camera position but to the position of your toon. But just love that they re-added the camera roll function, Finally!

You mean we get to look at everything upside down?

...Hurray! xD

Disabling ASLR on a binary is a 1 second fix. Just remove the 0x40 flag from the "DLL Characteristics" field in the PE header (optional fields). Don't forget the word is saved little endian. Luckily the PE header isn't part of the checksum. So all lazy people don't even need to change any code

Wouldn't it be easier to fix your code rather than the executable every patch?

[Nesox]

Disabling ASLR on a binary is a 1 second fix. Just remove the 0x40 flag from the "DLL Characteristics" field in the PE header (optional fields). Don't forget the word is saved little endian. Luckily the PE header isn't part of the checksum. So all lazy people don't even need to change any code

Im pretty sure they enabled it for a reason..

[mnbvc]

but winxp doesn't support aslr

[UnknOwned]

You mean we get to look at everything upside down?

...Hurray! xD

MachinimaTool you know...

[Cypher]

but winxp doesn't support aslr

So? That just means WoW's memory location won't be randomized on XP... I don't get what you're complaining about.

Just write your code to retrieve WoW's location in memory at runtime and use relative offsets and your code will work on all OS's and all modes regardless of whether ASLR is enabled for that given machine/os.

I don't get what's so ****ing hard to grasp about this. It's really ****ing simple. Seriously, there shouldn't even need to be a discussion. Just use relative offsets. It's common sense. >_>

The fact that I need to keep rehashing this is depressing. The Blizzard devs must be laughing their asses off if they're reading this thread. Heck, any competent programmer would be.

[Xarg0]

don't tell people about the secret GetModuleHandle function, please don't do it

[Cypher]

don't tell people about the secret GetModuleHandle function, please don't do it

Rofl. Ssshhh. Itz a sekrut.

[Tanaris4]

anyone have the mac binary? would love to take a look

[Cypher]

It seems WoW now installs a low-level keyboard hook (WH_KEYBOARD_LL). The hook procedure is at 0x0075BCA0.

Of course, it's nothing dangerous at all. At a glance it looks like it's being used to disable certain key combinations. (Ctrl+Escape, Alt+Tab, etc)

Maybe they're adding an option to disable any key combinations that could potentially dump you out of full screen mode (other than Ctrl+Alt+Del of course because that can't be disabled using a keyboard hook)? Kinda like a 'prevent accidental window minimizing' option.

Nothing all that exciting I know, I just thought it was interesting.

EDIT:

Inb4keyloggerconspiracies.

EDIT:

Main actually bothered to look at the xrefs (I'm lazy) and noticed that the hook is only set if the 'blizzcon' cvar is enabled:

Code:

.text:0040404C                 push    0               ; char
.text:0040404E                 push    0               ; int
.text:00404050                 push    0               ; char
.text:00404052                 push    5               ; int
.text:00404054                 push    0               ; int
.text:00404056                 push    offset a0       ; "0"
.text:0040405B                 push    0               ; int
.text:0040405D                 push    offset aBlizzconSpecia ; "Blizzcon special behavior"
.text:00404062                 push    offset aBlizzcon ; "blizzcon"
.text:00404067                 call    sub_5DBCC0
.text:0040406C                 add     esp, 44h
.text:0040406F                 mov     dword_B1B00C, eax
.text:00404074                 cmp     dword ptr [eax+30h], 0 ; <-- Hook only set if flag enabled
.text:00404078                 jz      short loc_404089
.text:0040407A                 call    sub_75BD10
.text:0040407F                 push    0
.text:00404081                 call    sub_5DC0F0
.text:00404086                 add     esp, 4

So it seems this may just be leftover code from the demonstration client.

[Cypher]

From 12025:

Code:

.rdata:00A56CD0 aM_containercou db 'm_containerCount <= ( 0 * sizeof(reinterpret_cast<const volatile '
.rdata:00A56CD0                                         ; DATA XREF: sub_4064A0+209o
.rdata:00A56CD0                 db 'Arrsize_Check::IllegalArrsizeUsage *>(m_containers)) + 0 * sizeof'
.rdata:00A56CD0                 db '(Arrsize_Check::IllegalArrsizeUsage::CheckType((m_containers), &('
.rdata:00A56CD0                 db 'm_containers))) + sizeof(m_containers) / sizeof((m_containers)[0]'
.rdata:00A56CD0                 db '))',0
.rdata:00A56DD7                 align 4

Lolz.

[wraithZX]

Seeing as we haven't had any for the latest patch, here are ones from 4.0.0.12266:

Code:

             ClntObjMgrObjectPtr 0x00D4D850 (R:0x0008D850 D:0x0048D850)
       ClntObjMgrGetActivePlayer 0x00D4BD10 (R:0x0008BD10 D:0x0048BD10)

                 CGUnit_C_VTABLE 0x01386AA0 (R:0x006C6AA0 D:0x00AC6AA0)
           CGUnit_C__GetPosition 0x00E22210 (R:0x00162210 D:0x00562210) VTable index: 11
             CGUnit_C__GetFacing 0x00E22310 (R:0x00162310 D:0x00562310) VTable index: 13
              CGUnit_C__GetModel 0x00E6CF30 (R:0x001ACF30 D:0x005ACF30) VTable index: 23
          CGUnit_C__OnRightClick 0x00E7D6D0 (R:0x001BD6D0 D:0x005BD6D0) VTable index: 43
         CGUnit_C__GetObjectName 0x00E221E0 (R:0x001621E0 D:0x005621E0) VTable index: 53

         CGPlayer_C__ClickToMove 0x00E6FA20 (R:0x001AFA20 D:0x005AFA20)
   CGWorldFrame__GetActiveCamera 0x010E64A0 (R:0x004264A0 D:0x008264A0)

                GetGUIDByKeyword 0x00D12FA0 (R:0x00052FA0 D:0x00452FA0)
              EnumVisibleObjects 0x00D4D4B0 (R:0x0008D4B0 D:0x0048D4B0)

                        lua_type 0x00CEF6F0 (R:0x0002F6F0 D:0x0042F6F0)
                 luaL_loadbuffer 0x011FB4C0 (R:0x0053B4C0 D:0x0093B4C0)
                       lua_pcall 0x00CF0480 (R:0x00030480 D:0x00430480)
                   lua_toboolean 0x00CEF8F0 (R:0x0002F8F0 D:0x0042F8F0)
                   lua_tolstring 0x00CEF920 (R:0x0002F920 D:0x0042F920)
                    lua_tonumber 0x00CEF870 (R:0x0002F870 D:0x0042F870)
                      lua_gettop 0x00CEF410 (R:0x0002F410 D:0x0042F410)
                      lua_settop 0x00CEF430 (R:0x0002F430 D:0x0042F430)
                    lua_getfield 0x011FB010 (R:0x0053B010 D:0x0093B010)
                    lua_getState 0x0103A0E0 (R:0x0037A0E0 D:0x0077A0E0)