3.3.5a 12340 Offsets menu

These ads disappear when you log in.

Page 4 of 4 FirstFirst 1234
Results 46 to 55 of 55
  1. #46
    macintelk's Avatar Member
    Reputation
    1
    Join Date
    Feb 2014
    Posts
    8
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Dark, do you have a clue what might be the check at 0081922E ?

    and how to test it ?

    Code:
    .text:00819210 ; Attributes: bp-based frame
    .text:00819210
    .text:00819210 sub_819210      proc near               ; CODE XREF: sub_4DD490+30p
    .text:00819210                                         ; sub_510B30+35p ...
    .text:00819210
    .text:00819210 var_4           = dword ptr -4
    .text:00819210 arg_0           = dword ptr  8
    .text:00819210 arg_4           = dword ptr  0Ch
    .text:00819210 arg_8           = dword ptr  10h
    .text:00819210
    .text:00819210                 push    ebp
    .text:00819211                 mov     ebp, esp
    .text:00819213                 push    ecx
    .text:00819214                 add     dword_D413A0, 1
    .text:0081921B                 mov     eax, dword_D4139C
    .text:00819220                 mov     [ebp+var_4], eax
    .text:00819223                 jz      short loc_819237
    .text:00819225                 cmp     dword_D413A4, 0
    .text:0081922C                 jnz     short loc_819237
    .text:0081922E                mov     ecx, [ebp+arg_8]
    .text:00819231                 mov     dword_D4139C, ecx
    .text:00819237
    .text:00819237 loc_819237:                             ; CODE XREF: sub_819210+13j
    .text:00819237                                         ; sub_819210+1Cj
    .text:00819237                 push    ebx
    .text:00819238                 push    esi
    .text:00819239                 push    edi
    .text:0081923A                 mov     edi, [ebp+arg_0]
    .text:0081923D                 push    edi
    .text:0081923E                 call    sub_76EE30

    These ads disappear when you log in.

  2. #47
    danwins's Avatar Contributor CoreCoins User
    Reputation
    188
    Join Date
    Mar 2013
    Posts
    141
    Thanks G/R
    6/61
    Trade Feedback
    1 (100%)
    use a debugger? and breakpoint @ 0081922E?

    Code:
    .text:00819210                   FrameScript__Execute proc near          ; CODE XREF: Lua_RunScript+30p
    .text:00819210                                                           ; Lua_RunScript_0+35p ...
    .text:00819210
    .text:00819210                   var_4           = dword ptr -4
    .text:00819210                   arg_0           = dword ptr  8
    .text:00819210                   arg_4           = dword ptr  0Ch
    .text:00819210                   arg_8           = dword ptr  10h
    .text:00819210
    .text:00819210 55                                push    ebp
    .text:00819211 8B EC                             mov     ebp, esp
    .text:00819213 51                                push    ecx
    .text:00819214 83 05 A0 13 D4 00+                add     dword_D413A0, 1
    .text:0081921B A1 9C 13 D4 00                    mov     eax, dword_D4139C
    .text:00819220 89 45 FC                          mov     [ebp+var_4], eax
    .text:00819223 74 12                             jz      short loc_819237
    .text:00819225 83 3D A4 13 D4 00+                cmp     dword_D413A4, 0
    .text:0081922C 75 09                             jnz     short loc_819237
    .text:0081922E 8B 4D 10                          mov     ecx, [ebp+arg_8]
    .text:00819231 89 0D 9C 13 D4 00                 mov     dword_D4139C, ecx
    .text:00819237
    .text:00819237                   loc_819237:                             ; CODE XREF: FrameScript__Execute+13j
    .text:00819237                                                           ; FrameScript__Execute+1Cj
    .text:00819237 53                                push    ebx
    .text:00819238 56                                push    esi
    .text:00819239 57                                push    edi
    .text:0081923A 8B 7D 08                          mov     edi, [ebp+arg_0]
    .text:0081923D 57                                push    edi
    .text:0081923E E8 ED 5B F5 FF                    call    SStrLen
    whatever its grabbing is getting stored in 0xD4139C which is xrefed here with some string information:

    Code:
    .text:00404D86 8B 15 9C 13 D4 00                 mov     edx, dword_D4139C
    .text:00404D8C 52                                push    edx
    .text:00404D8D 68 C8 22 9E 00                    push    offset aCurrentAddonS ; "Current Addon: %s\n"
    .text:00404D92 8D 85 00 FC FF FF                 lea     eax, [ebp+var_400]
    .text:00404D98 68 00 04 00 00                    push    400h            ; a2
    .text:00404D9D 50                                push    eax             ; a1
    .text:00404D9E E8 CD A2 36 00                    call    SStrPrintf
    so my best guess with no debugger is that its a string buffer with addon info.

  3. #48
    tutrakan's Avatar Contributor CoreCoins User
    Reputation
    134
    Join Date
    Feb 2013
    Posts
    175
    Thanks G/R
    124/52
    Trade Feedback
    0 (0%)
    Originally Posted by macintelk View Post
    Dark, do you have a clue what might be the check at 0081922E ?

    and how to test it ?
    ...
    While i'm not Dark, i wanted to notice that the instruction at 0081922E is not a check, but a mov
    Code:
    .text:00819210                         ; int __cdecl FrameScript::Execute(const char *script, const char *scriptname, bool tainted)
    .text:00819210                         FrameScript__Execute proc near          ; CODE XREF: Lua_RunScript+30↑p
    .text:00819210                                                                 ; Lua_RunScript_0+35↑p
    .text:00819210                                                                 ; FrameXML_ProcessFile+302↑p
    .text:00819210                                                                 ; FrameScript_Initialize+176↓p
    .text:00819210                                                                 ; 0FFB0016↓p
    .text:00819210                                                                 ; 123D0016↓p
    .text:00819210                                                                 ; 13F20016↓p
    .text:00819210                                                                 ; 13F30016↓p
    .text:00819210
    .text:00819210                         var_4= dword ptr -4
    .text:00819210                         script= dword ptr  8
    .text:00819210                         scriptname= dword ptr  0Ch
    .text:00819210                         tainted= dword ptr  10h
    .text:00819210
    .text:00819210 55                      push    ebp
    .text:00819211 8B EC                   mov     ebp, esp
    .text:00819213 51                      push    ecx
    .text:00819214 83 05 A0 13 D4 00 01    add     lua_taintexpected, 1
    .text:0081921B A1 9C 13 D4 00          mov     eax, lua_tainted
    .text:00819220 89 45 FC                mov     [ebp+var_4], eax
    .text:00819223 74 12                   jz      short loc_819237
    .text:00819225 83 3D A4 13 D4 00 00    cmp     lua_taintedclosure, 0
    .text:0081922C 75 09                   jnz     short loc_819237
    .text:0081922E 8B 4D 10                mov     ecx, [ebp+tainted]
    .text:00819231 89 0D 9C 13 D4 00       mov     lua_tainted, ecx
    Edit: I see now - you talk about warden MEM_CHECK (i confused it with asm instruction comparison).
    Last edited by tutrakan; 03-03-2018 at 10:34 PM.

  4. #49
    DarkLinux's Avatar ★ Elder ★ CoreCoins User Authenticator enabled
    Reputation
    1412
    Join Date
    May 2010
    Posts
    1,621
    Thanks G/R
    134/415
    Trade Feedback
    15 (100%)
    I'm guessing its related to,

    Warden Private Server Script

    if(issecure())then SendAddonMessage('B7da',"teFz",'WHISPER','l0l')else SendAddonMessage('B7da',"Vgp8",'WHISPER','l0l')end
    Some type of lua unlocker I think.

  5. #50
    macintelk's Avatar Member
    Reputation
    1
    Join Date
    Feb 2014
    Posts
    8
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    you guys are amazing- tks

    made some research and found WardenAnalysis here Home * FKilic/WardenAnalysis Wiki * GitHub

    and in this case this function

    Code:
    int __cdecl FrameScript_Execute(const char *a1, const char *a2, const char *a3)
    {
      bool luataintexpected; // [email protected]
      int luatainted; // [email protected]
      int v5; // [email protected]
      int result; // [email protected]
      int CVarContext; // [sp+Ch] [bp-4h]@1
    
      luataintexpected = lua_taintexpected++ == -1;
      luatainted = lua_tainted;
      CVarContext = s_context;
      if ( !luataintexpected && !lua_taintedclosure )
      {
        // The next line is protected by warden
        lua_tainted = (int)a3;
        if ( a3 )
        {
          if ( !lua_firstTaint )
          {
            lua_firstTaint = (int)a3;
            if ( lua_getstack(s_context, 0, &lua_firstTaintInfo) )
              lua_getinfo(CVarContext, "Snl", &lua_firstTaintInfo);
          }
        }
      }
      v5 = sub_A60B60((int)a1);
      result = FrameScript_ExecuteBuffer(a1, v5, a2, 0, 0, 0);
      if ( lua_taintexpected )
      {
        if ( !lua_taintedclosure )
        {
          lua_tainted = luatainted;
          if ( luatainted )
          {
            if ( !lua_firstTaint )
            {
              lua_firstTaint = luatainted;
              result = lua_getstack(CVarContext, 0, &lua_firstTaintInfo);
              if ( result )
                result = lua_getinfo(CVarContext, "Snl", &lua_firstTaintInfo);
            }
          }
        }
      }
      --lua_taintexpected;
      if ( lua_taintexpected <= 0 )
      {
        lua_taintexpected = 0;
        lua_firstTaint = 0;
      }
      return result;
    }
    hope it helps others - btw a warden analysis thread is a great idea

  6. #51
    Icesythe7's Avatar Contributor CoreCoins User
    Reputation
    188
    Join Date
    Feb 2017
    Posts
    122
    Thanks G/R
    5/80
    Trade Feedback
    0 (0%)
    anyone know the function that is called to update your visual gear when you equip a piece? ie "0073E410 CGUnit_C__UpdateDisplayInfo" is called by wow whenever your model changes (should be called updatemodelinfo imo) but its not called by wow when u equip a piece of gear, while you can use this to morph your gear just fine I'd like to try to use the actual function wow uses to "UpdateGearInfo" and was just curious if anyone had stumbled upon this before i dig into it myself.

  7. #52
    jjlynn27's Avatar Member
    Reputation
    1
    Join Date
    May 2019
    Posts
    2
    Thanks G/R
    1/0
    Trade Feedback
    0 (0%)
    Old thread.
    But if anyone knows offsets for 3.3.5 for

    IsUsableAction

    and

    IsUsableActionNoMana

    it would be very much appreciated.

  8. #53
    Alex__'s Avatar Member
    Reputation
    8
    Join Date
    Dec 2018
    Posts
    12
    Thanks G/R
    0/2
    Trade Feedback
    0 (0%)
    Originally Posted by jjlynn27 View Post
    Old thread.
    But if anyone knows offsets for 3.3.5 for

    IsUsableAction

    and

    IsUsableActionNoMana

    it would be very much appreciated.
    It's Lua API. Just search for these strings.
    https://www.ownedcore.com/forums/wor...ple-stuff.html ([Tutorial] How to find simple stuff)

  9. Thanks jjlynn27 (1 members gave Thanks to Alex__ for this useful post)
  10. #54
    jjlynn27's Avatar Member
    Reputation
    1
    Join Date
    May 2019
    Posts
    2
    Thanks G/R
    1/0
    Trade Feedback
    0 (0%)
    Thanks Alex, appreciated.

    Thanks to Alex I found offsets that I needed myself.

    Here they are if anyone else needs them.

    Code:
    IsUsableAction = 0x81DED8,
    IsUsableActionNoMana = 0x81DC98,
    Last edited by jjlynn27; 07-12-2019 at 02:46 PM.

  11. #55
    Cooldude's Avatar Member CoreCoins User
    Reputation
    11
    Join Date
    Sep 2006
    Posts
    125
    Thanks G/R
    6/0
    Trade Feedback
    0 (0%)
    do these offsets work for Warmane? 3.3.5a I tried getting player_XP from the posted dump on the first page : wow.exe + 0x00AC66D8 offset 0x9E8

    Just returns random numbers in that memory address.

Page 4 of 4 FirstFirst 1234

Similar Threads

  1. WoW Offsets & WPE
    By RyanoAthens in forum World of Warcraft General
    Replies: 2
    Last Post: 03-11-2014, 10:15 PM
  2. 3.3.5 12340 Offsets List
    By haku43 in forum WoW Memory Editing
    Replies: 2
    Last Post: 09-08-2010, 11:50 AM
  3. Swimming state offset
    By sabotage3d in forum World of Warcraft General
    Replies: 0
    Last Post: 03-12-2007, 03:54 PM
  4. Enemy offsets
    By sabotage3d in forum World of Warcraft General
    Replies: 0
    Last Post: 03-12-2007, 08:13 AM
  5. How do you find memory offsets in the game?
    By koalaz2004 in forum World of Warcraft General
    Replies: 0
    Last Post: 08-18-2006, 09:40 PM
All times are GMT -5. The time now is 07:53 AM. Powered by vBulletin® Version 4.2.3
Copyright © 2020 vBulletin Solutions, Inc. All rights reserved. Digital Point modules: Sphinx-based search