4.0 Migration

**Nesox** · 10-13-2010

Originally Posted by TOM_RUS

Updated idc script for labeling dbc offsets in IDA:

Code:

#include <ida.idc>

/************************************************************************
   Desc:                Label each database with an appropriate name and struct
   Author:  kynox
   Modified for Cataclysm by TOM_RUS
   Website: http://www.gamedeception.net
*************************************************************************/

static WoWDb_GetName( dbBase )
{
    auto dbName;

    // mov     eax, offset aDbfilesclientA ; "DBFilesClient\\Achievement.dbc"
    dbName = GetString( Dword(dbBase), -1, ASCSTR_C );

    //Message("%s", dbName);

    // Return the the token after \ and before .
    return substr( dbName, strstr( dbName, "\\" ) + 1, -5 );
}

static BuildStruct()
{
    // struct size changed, need figure out what was removed....
    auto id;
    id = AddStrucEx(-1,"WoWClientDB",0);

    AddStrucMember(id, "funcTable",   0X00,   0x20500400,     0X0,    4,      0XFFFFFFFF,     0X0,    0x000002);
    AddStrucMember(id, "numRows",     0X04,   0x20000400,     -1,     4);
    AddStrucMember(id, "maxIndex",    0X08,   0x20000400,     -1,     4);
    AddStrucMember(id, "minIndex",    0X0C,   0x20000400,     -1,     4);
    AddStrucMember(id, "stringTable", 0X10,   0x20000400,     -1,     4);
    AddStrucMember(id, "FirstRow",    0X14,   0x20000400,     -1,     4);
    AddStrucMember(id, "Rows",        0X18,   0x25500400,     0XFFFFFFFF,     4,      0XFFFFFFFF,     0X0,    0x000002);

    return id;
}

static StructBuilt()
{
    return ( GetStrucIdByName( "WoWClientDB" ) != -1 );
}

static main()
{
    auto curAddr, y, count;
    //                                     55 8B EC 51 53 56 57 8B 7D 08 8D 45 08 89 4D FC 8B 0F 50 51 E8 ? ? ? ? 83 7D 08 00 75 15 8B
    //curAddr = FindBinary( 0, SEARCH_DOWN, "55 8B EC 51 53 56 8B 75 08 57 8D 45 08 8B D9 8B 0E 50 51 E8 ? ? ? ? 83 7D 08 00 75 15 8B 16" );
    //                                     55 8B EC 81 EC 04 01 00 00 53 56 57 8B 7D 08 8D 45 08 89 4D FC 8B 0F 50 51 E8 ? ? ? ? 83 7D
    //curAddr = FindBinary( 0, SEARCH_DOWN, "55 8B EC 51 53 56 57 8B 7D 08 8D 45 08 89 4D FC 8B 0F 50 51 E8 ? ? ? ? 83 7D 08 00 75 15 8B" );
    curAddr = FindBinary( 0, SEARCH_DOWN, "55 8B EC 81 EC 04 01 00 00 53 56 57 8B 7D 08 8D 45 08 89 4D FC 8B 0F 50 51 E8 ? ? ? ? 83 7D" );

    if(curAddr == BADADDR)
    {
        Message("Can't find dbcLoadFunction, aborting...\n");
        return -1;
    }

    if ( !StructBuilt() )
    {
        Message( "Building struct..\n" );

        if( BuildStruct() == -1 )
        {
            Message( "Failed to build struct..\n" );
            return;
        }
    }

    for(y = RfirstB(curAddr); y != BADADDR; y = RnextB(curAddr, y))
    {
        auto dbNameOffset, dbStruct, dbName;

        dbStruct = ReadOperand(y, "mov", "offset");
        dbNameOffset = GetNameEffset(y);

        Message("%X %X %X\n", y, dbStruct, dbNameOffset);

        if(dbNameOffset == BADADDR)
        {
            count = count + HandleLoadLoop(dbStruct);
            continue;
        }

        SetType( dbStruct, "WoWClientDB;" );
        MakeStruct( dbStruct, "WoWClientDB" );

        dbName = WoWDb_GetName( dbNameOffset );

        Message("%s\n", dbName);

        MakeName( dbStruct, form( "g_%sDB", dbName ) );
        count++;
    }

    Message("DBC count %u\n", count);
}

static HandleLoadLoop(xref)
{
    auto count;
    do
    {
        auto dbNameOffset, dbStruct, dbName;
        
        dbStruct = Dword(xref);
        dbNameOffset = Dword(xref + 4);
        
        if(dbStruct == 0 || dbNameOffset == 0)
            break;

        dbName = WoWDb_GetName(dbNameOffset);

        Message("%X %X %s\n", dbStruct, dbNameOffset, dbName);

        SetType( dbStruct, "WoWClientDB;" );
        MakeStruct( dbStruct, "WoWClientDB" );
        MakeName( dbStruct, form( "g_%sDB", dbName ) );
        xref = xref + 8;
        count++;
    } while(1);
    return count;
}

static GetNameEffset( xref )
{
    auto offset, dbName;
    offset = ReadOperand( xref, "push", "offset" );
    dbName = GetString( Dword(offset), -1, ASCSTR_C );
    if(strstr( dbName, ".dbc" ) > -1)
        return offset;
    return BADADDR;
}

static ReadOperand( xref, operand, filter )
{
    auto prevFunc;
    prevFunc = PrevFunction( xref );
    //Message("%X %X\n", xref, prevFunc);
    do
    {
        auto disasm;
        disasm = GetDisasm( xref );

        if ( strstr( disasm, operand ) > -1 && strstr( disasm, filter ) > -1 )
            break;

        xref = PrevHead( xref, prevFunc );
    } while ( 1 );

    return GetOperandValue( xref, operand == "mov" ? 1 : 0);
}

Cheers mate! very useful +Rep

**~~JuJuBoSc~~** · 10-13-2010

Also some change for enumerate the object manager :

Code:

        public enum ObjectManager
        {

            CurMgrPointer = 0x008A5C20,                 // 4.0.1 13164
            CurMgrOffset = 0x4618,                      // 4.0.1 13164
            NextObject = 0x3C,                          // 4.0.1 13164
            FirstObject = 0xB4,                         // 4.0.1 13164
            LocalGUID = 0xC8                            // 4.0.1 13164

        }

EDIT : For who want descriptors by index : http://pastie.org/1217984

**KuRIoS** · 10-13-2010

For offsets etc wouldnt it be easier for you guys to have it in the wiki? MMOwned Wiki (members with dumb chars in their nick cant get in)

**natt_** · 10-13-2010

Originally Posted by JuJuBoSc

Also some change for enumerate the object manager :

Code:

        public enum ObjectManager
        {

            CurMgrPointer = 0x008A5C20,                 // 4.0.1 13164
            CurMgrOffset = 0x4618,                      // 4.0.1 13164
            NextObject = 0x3C,                          // 4.0.1 13164
            FirstObject = 0xB4,                         // 4.0.1 13164
            LocalGUID = 0xC8                            // 4.0.1 13164

        }

EDIT : For who want descriptors by index : #1217984 - Pastie

Thanks! +rep

**MaiN** · 10-13-2010

Originally Posted by DrakeFish

Blizzard started doing some more detailed Crash Reports or something? File: .\Movement.cpp Line: 12 - Anonymous - yfk2kGu9 - Pastebin.com (While "trying" some new swim functions)

That's a debug assertion failing.

**Mr.Sergey** · 10-13-2010

sorry, deleted

**NitroGlycerine** · 10-13-2010

Originally Posted by JuJuBoSc

Code:

        public enum ObjectManager
        {

            CurMgrPointer = 0x008A5C20,                 // 4.0.1 13164
            CurMgrOffset = 0x4618,                      // 4.0.1 13164
            NextObject = 0x3C,                          // 4.0.1 13164
            FirstObject = 0xB4,                         // 4.0.1 13164
            LocalGUID = 0xC8                            // 4.0.1 13164

        }

Anyone tested these? Not working for me.

**caytchen** · 10-13-2010

They're fine. Remember CurMgrPointer is a relative offset.

**oldmanofmen** · 10-13-2010

Originally Posted by NitroGlycerine

Not working for me.

Clap. You're reading them as absolute addresses. You have to read the addresses relative to the WoW process now.

**boredevil** · 10-13-2010

the ObjectBase is also 0x4 off

Code:

CGObject_Entry_Guid = 0x30      // unchanged
CGObjMgr_ObjectBase = 0xAC
CGObjMgr_FirstEntry = 0xB4
CGObjMgr_LocalGuid = 0xC8

**Mr.Sergey** · 10-13-2010

Originally Posted by oldmanofmen

Clap. You're reading them as absolute addresses. You have to read the addresses relative to the WoW process now.

I'm sorry, could you write it is now necessary to read a memory.
I understand that to start I need find the "process offset", and then use, but how do I do not know. Pls help.

Thank you in advance for your reply

(Sorry fo my english)

**DrakeFish** · 10-13-2010

Originally Posted by Mr.Sergey

I'm sorry, could you write it is now necessary to read a memory.
I understand that to start I need find the "process offset", and then use, but how do I do not know. Pls help.

Thank you in advance for your reply

(Sorry fo my english)

Sure,

You can start by reading this:
Process Class (System.Diagnostics)

You will then be ready to read this:
ProcessModule Class (System.Diagnostics)

Here's an example if you don't get what's a module yet:
Enumerating All Modules For a Process (Windows)

Don't hesitate to read all of the detailed informations, it won't hurt you

**~~mnbvc~~** · 10-13-2010

what i got so far:

Code:

tEnumVisibleObjects EnumVisibleObjects = (tEnumVisibleObjects)(wowbase+0x93BB0);
tClntObjMgrObjectPtr ClntObjMgrObjectPtr = (tClntObjMgrObjectPtr)(wowbase+0x93E30);
tClntObjMgrGetActivePlayer ClntObjMgrGetActivePlayer = (tClntObjMgrGetActivePlayer)(wowbase+0x929E0);
tFrameScript__Execute FrameScript__Execute = (tFrameScript__Execute)(wowbase+0x3958F0);
tFrameScript__GetLocalizedText FrameScript__GetLocalizedText = (tFrameScript__GetLocalizedText)(wowbase+0x1C1F60);
tCGPlayer_C__CTMClickTerrain CGPlayer_C__CTMClickTerrain = (tCGPlayer_C__CTMClickTerrain)(wowbase+0x1CCFE0);
tCGPlayer_C__IsClickMoving CGPlayer_C__IsClickMoving = (tCGPlayer_C__IsClickMoving)(wowbase+0x1C1A90);
tCGPlayer_C__ClickToMove CGPlayer_C__ClickToMove = (tCGPlayer_C__ClickToMove)(wowbase+0x1C7E20);
tCGGameUI__Target CGGameUI__Target = (tCGGameUI__Target)(wowbase+0x42A060);
tGetCorpsePosition GetCorpsePosition = (tGetCorpsePosition)(wowbase+0x41E630);
tGetObjectNameFromGuid GetObjectNameFromGuid = (tGetObjectNameFromGuid)(wowbase+0x1F9520);
tCGWorldFrame__GetActiveCamera CGWorldFrame__GetActiveCamera = (tCGWorldFrame__GetActiveCamera)(wowbase+0x31B0);
tCGUnit_C__UnitReaction CGUnit_C__UnitReaction = (tCGUnit_C__UnitReaction)(wowbase+0x1C51A0);
tCMovement__CalcCurrentSpeed CMovement__CalcCurrentSpeed = (tCMovement__CalcCurrentSpeed)(wowbase+0x54ABD0);

Code:

    zonename_ptr = 0x981688,
    loginstate_ptr = 0x96D514,
    InCombatLockdown_offset = 0x8B7BFC,
    InCombatLockdown_ptr = 4700,

(everything untested)

i have a problem with endscene:
tEndScene EndScene = *(tEndScene*)(*(DWORD*)(*(DWORD*)((*(DWORD*)(wowbase+0x970F94))+0x27B4))+0xAC);
it gets hooked, but in the first call, when i call return EndScene(pDevice); it crashes:
The instruction at "0x42678AE9" referenced memory at "0x42678AE9".
The memory could not be "executed".
0x970F94 and 0x27B4 seem to be fine, i'm not sure about the 0xAC, but when i hook 0xA8 it never gets called. any ideas?

some news about traceline would be great, if anybody is able to find it

**natt_** · 10-13-2010

Hmm with some research i think i found out how to use the old method with a slight difference ?

s_curmgr = ((WowBaseAdress+MgrPtr)+MgrOffset)
curobject = (s_curmgr+firstobject)

etc
etc
etc... But still it dosent seem to work, every object is returning 0

**PiroX** · 10-13-2010

nameStorePtrAddr = 0x881988

Shout-Out

User Tag List

Thread: 4.0 Migration

Thread Tools

Search Thread

Similar Threads

Free migration when Lich hits. True or false?

Migrate to Russian realms SUCKS

Does moving a char from 1 account to another trigger the server migration cooldown?

Easy migrate a character!

Free Character Migration

OwnedCore Forums

casino

CoreCoins

My OwnedCore

About Us

Casino