4.0 Migration

**TOM_RUS** · 10-16-2010

Originally Posted by Apoc

If anybody has happened to have reversed the new item cache struct, it'd be much appreciated.

Seems they doubled the size of it. (It's no longer a .wdb file, so finding the loader func is fairly useless, as it reads in a few different files generically.)

Spent the last 36hrs reversing it, and not make a whole lot of progress.

dbclayout.xml - mywowtools - Project Hosting on Google Code
dbclayout.xml - mywowtools - Project Hosting on Google Code
Structs for Item.db2(adb) and Item-sparse.db2(adb). I guess they should match in-memory structs.

**Apoc** · 10-16-2010

Originally Posted by TOM_RUS

dbclayout.xml - mywowtools - Project Hosting on Google Code
dbclayout.xml - mywowtools - Project Hosting on Google Code
Structs for Item.db2(adb) and Item-sparse.db2(adb). I guess they should match in-memory structs.

Not perfect matches, but very very close. Thank you. Saved me the headache of doing it all bit by bit.

Any idea why there are 4 names now? I assume they're just related to display names and whatnot.

**TOM_RUS** · 10-16-2010

Originally Posted by Apoc

Any idea why there are 4 names now? I assume they're just related to display names and whatnot.

Isn't it was like that since vanilla wow? 4 names and 3 if them are empty...

**Apoc** · 10-16-2010

Originally Posted by TOM_RUS

Isn't it was like that since vanilla wow? 4 names and 3 if them are empty...

Honestly; I never noticed. The name field was at the very end of the in-memory struct. (And according to the loading func for it, it wasn't the last thing read in.)

**boredevil** · 10-16-2010

Here you go:
I had to make some changes to make it hopefully useful for others, so if any problems occur, let me know. It´s not idiot proof but in return allows some flexibility... make sure to set the config vars to your needs.

Code:

    // Functions that don´t match #define Macro Naming conventions are Dumped but commented out !!!!!
    //  dump all Functions:     sPrefix = ""     bCompare = 0
    //  dump only Functions with special prefix :  sPrefix = "whatever"   bCompare = 0
    //  dump only Functions listed in compareName()     sPrefix = ""   bCompare = 1    CaseSensitive!!!!
    //  ...
    
    sPrefix = "";                // only dump functions with prefix    leave blank "", to dump all functions    
    sNewPrefix = "OFFSET_";        // new prefix for dumped functionnames
    bKeepOldPrefix = 1;            // set to 0 to replace Prefix with newone
    bCompare = 0;                //  0 = Dump all   1 = Dump only the Functions listed in  compareName() 
    sFileName = "FunctionsDump.h";
    sNameBaseOffsetMacro = "BaseOffset"; // Change if conflicts with namings in our code occur

Script:

Code:

#include <idc.idc>


/************************************************************************
   Desc:     Dump Functions by Name and or prefix  as #defines to a File
   Author:  BoredEvil

   Credits To: Bobbysing GetWoWVersionString(), static ExtractPath( sPath ),static GetTargetPath()

*************************************************************************/



// set bCompare in Main() to 1 to use this function
// list all functions, you want to dump here. CASE SENSITIVE exactly as your naming in ida
static compareName(sFuncName)
{	
	
	if( sFuncName == "_WinMain@16" ) return 1;
	if( sFuncName == "Thread32Next" ) return 1;
	//if( sFuncName == "Thread32Next" ) return 1;
	//if( sFuncName == "Thread32Next" ) return 1;
	//if( sFuncName == "Thread32Next" ) return 1;

	return -1;
}


static main()
{
	
	auto dwCurrent,sFuncname,pos, sPrefix, hFile,sOutput,sAddress,sNewPrefix,isgood,iswanted,bCompare,sFileName,bKeepOldPrefix, sNameBaseOffsetMacro;

	
	////////////////////////////////////////
	////  Config Start
	////////////////////////////////////////
	
	// Functions that don´t match #define Macro Naming conventions are Dumped but commented out !!!!!
	//  dump all Functions:     sPrefix = ""     bCompare = 0
	//  dump only Functions with special prefix :  sPrefix = "whatever"   bCompare = 0
	//  dump only Functions listed in compareName()     sPrefix = ""   bCompare = 1    CaseSensitive!!!!
	//  ...
	
	sPrefix = "";				// only dump functions with prefix    leave blank "", to dump all functions    
	sNewPrefix = "OFFSET_";		// new prefix for dumped functionnames
	bKeepOldPrefix = 1;			// set to 0 to replace Prefix with newone
	bCompare = 1;				//  0 = Dump all   1 = Dump only the Functions listed in  compareName() 
	sFileName = "FunctionsDump.h";
	sNameBaseOffsetMacro = "BaseOffset"; // Change if conflicts with namings in our code occur
	
	////////////////////////////////////////
	////  Config End
	////////////

	
	hFile = fopen(GetTargetPath() + sFileName ,"w");

	fprintf( hFile, "#ifndef __" + sNewPrefix + "ENUM_H__\n#define __" + sNewPrefix +  "ENUM_H__\n\n" );
	
	Message(GetWoWVersionString());
	fprintf(hFile,"//" + GetWoWVersionString() + "\n");
	
	fprintf( hFile, "// Replace NULL with your Function or variable, that holds the BaseOffset\n");
	fprintf( hFile, "#define " + sNewPrefix + sNameBaseOffsetMacro +" ( NULL )\n\n" );
	
	dwCurrent = INF_BASEADDR;
	while(dwCurrent != BADADDR)
	{

		sFuncname = GetFunctionName(dwCurrent);


		pos = strstr(sFuncname,sPrefix);
		if(pos == 0)
		{
			if(bCompare != 0)
			{
				if(compareName(sFuncname) == -1)
				{
					dwCurrent = NextFunction(dwCurrent);
					continue;
				}
				
			}
			
			
			isgood = validateName(sFuncname);
			sAddress = form("%08X",dwCurrent);
			
			if(bKeepOldPrefix == 0)
			{
				sFuncname = substr(sFuncname,strlen(sPrefix),strlen(sFuncname));
			}

			
			sOutput = "#define "+ sNewPrefix + sFuncname + " ( " + sNewPrefix + sNameBaseOffsetMacro +" + 0x" + sAddress  + " )\n";
			if(isgood == -1)
			{
				sOutput = "//" + sOutput;
			}
			
			Message(sOutput);
			fprintf (hFile, sOutput );
		}
		dwCurrent = NextFunction(dwCurrent);
	}

	fprintf( hFile, "\n#endif //__"+ sNewPrefix + "ENUM_H__" );	
	fclose(hFile);
	Message("--------------Done-------------------------");
	Message("--------------Done-------------------------");
}

static validateName(sFuncName)
{
	auto sAllowed,len, i, pos;
	sAllowed = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_1234567890";
	
	len = strlen(sFuncName);
	for (i = 0; i < len; i++)
	{
		pos =  strstr(sAllowed,substr(sFuncName,i,i+1));
		
		if(pos == -1)
		{
			Message("Function: " + sFuncName + " - doesn´t match naming conventions %d\n",pos);
			return pos;
		}
	}
	return 1;
	
}




static GetWoWVersionString()
{
	auto sVersion, sBuild, sDate;

	sVersion = FindBinary( INF_BASEADDR, SEARCH_DOWN, "\"=> WoW Version %s (%s) %s\"" );

	if( sVersion == BADADDR )
	{
		Message( "Version format string not found" );
		return 0;
	}

	sVersion = DfirstB( sVersion );

	if( sVersion == BADADDR )
	{
		Message( "Version string unreferences" );
		return 0;
	}
	
	sVersion = PrevHead( sVersion, 0 );
	sBuild = PrevHead( sVersion, 0 );
	sDate = PrevHead( sBuild, 0 );

	sVersion = GetOperandValue( sVersion, 0 );
	sBuild = GetOperandValue( sBuild, 0 );
	sDate = GetOperandValue( sDate, 0 );

	sVersion = GetString( sVersion, -1, ASCSTR_C );
	sBuild = GetString( sBuild, -1, ASCSTR_C );
	sDate = GetString( sDate, -1, ASCSTR_C );

	return form( "Version: %s  Build number: %s  Build date: %s\n", sVersion, sBuild, sDate );
}

static ExtractPath( sPath )
{
	auto dwIndex;
	for( dwIndex = strlen( sPath ); strstr( substr( sPath, dwIndex, -1 ), "\\" ); dwIndex-- );
	return substr( sPath, 0, dwIndex + 1 );
}

static GetTargetPath()
{
	return ExtractPath( GetIdbPath() ) + "IDC\\Output\\";
}

Example Output:

Code:

#ifndef __OFFSET_ENUM_H__
#define __OFFSET_ENUM_H__

//Version: 4.0.1  Build number: 13164  Build date: Oct  6 2010

// Replace NULL with your Function or variable, that holds the BaseOffset
#define OFFSET_BaseOffset ( NULL )

#define OFFSET_Lua_gettop ( OFFSET_BaseOffset + 0x000346E0 )
#define OFFSET_Lua_Settop ( OFFSET_BaseOffset + 0x00034700 )
#define OFFSET_Lua_replace ( OFFSET_BaseOffset + 0x00034880 )
#define OFFSET_Lua_Type ( OFFSET_BaseOffset + 0x000349C0 )
#define OFFSET_Lua_tonumber ( OFFSET_BaseOffset + 0x00034B40 )
#define OFFSET_Lua_tointeger ( OFFSET_BaseOffset + 0x00034B80 )
#define OFFSET_Lua_toboolean ( OFFSET_BaseOffset + 0x00034BC0 )
#define OFFSET_Lua_tostring ( OFFSET_BaseOffset + 0x00034BF0 )
#define OFFSET_Lua_touserdata ( OFFSET_BaseOffset + 0x00034D20 )
#define OFFSET_Lua_pushnil ( OFFSET_BaseOffset + 0x00034D90 )
#define OFFSET_Lua_pushnumber ( OFFSET_BaseOffset + 0x00034DB0 )
#define OFFSET_Lua_pushinteger ( OFFSET_BaseOffset + 0x00034DE0 )
#define OFFSET_Lua_pushstring ( OFFSET_BaseOffset + 0x00034E10 )
#define OFFSET_Lua_pushcclosure ( OFFSET_BaseOffset + 0x00034F10 )
#define OFFSET_Lua_pushboolean ( OFFSET_BaseOffset + 0x00034FE0 )
#define OFFSET_Lua_setfield ( OFFSET_BaseOffset + 0x00035400 )
#define OFFSET_Lua_PCall ( OFFSET_BaseOffset + 0x00035750 )
#define OFFSET_GetInputControl ( OFFSET_BaseOffset + 0x00050820 )
#define OFFSET_CInputControl_SetFlags ( OFFSET_BaseOffset + 0x00053180 )
//#define OFFSET_??_DBCache_GetInfoBlockByID ( OFFSET_BaseOffset + 0x00062B00 )
#define OFFSET_EnumVisibleObjects ( OFFSET_BaseOffset + 0x00093BB0 )
#define OFFSET_GetObjectByGUID ( OFFSET_BaseOffset + 0x00093E30 )
#define OFFSET_GetItemIDByName ( OFFSET_BaseOffset + 0x001AF120 )
#define OFFSET_CGItem_CGetUsesSpellID ( OFFSET_BaseOffset + 0x001AF270 )
#define OFFSET_UseItem ( OFFSET_BaseOffset + 0x001B1110 )
#define OFFSET_GetUnitRelation ( OFFSET_BaseOffset + 0x001C51A0 )
#define OFFSET_SetFacing2 ( OFFSET_BaseOffset + 0x001D3630 )
#define OFFSET_TraceLine ( OFFSET_BaseOffset + 0x00281A30 )
#define OFFSET_GetLuaState ( OFFSET_BaseOffset + 0x00394510 )
#define OFFSET_Lua_Register ( OFFSET_BaseOffset + 0x00394740 )
#define OFFSET_Lua_Dostring ( OFFSET_BaseOffset + 0x003958F0 )
#define OFFSET_InputEvent ( OFFSET_BaseOffset + 0x003CBF80 )
#define OFFSET_GetGameTiming ( OFFSET_BaseOffset + 0x003CF020 )
#define OFFSET_AfkCheckFunc ( OFFSET_BaseOffset + 0x00419E20 )
#define OFFSET_SelectUnit ( OFFSET_BaseOffset + 0x0042A060 )
#define OFFSET_GetSpellIdByName ( OFFSET_BaseOffset + 0x004654E0 )
#define OFFSET_Lua_getfield ( OFFSET_BaseOffset + 0x0055A760 )
#define OFFSET_Lua_LoadBuffer ( OFFSET_BaseOffset + 0x0055AC10 )

#endif //__OFFSET_ENUM_H__

**Zayka** · 10-17-2010

Originally Posted by boredevil

#define OFFSET_Lua_getfield ( OFFSET_BaseOffset + 0x0055A760 )

This getfield isnt working for me. Maybe im using wrong params, or maybe wrong call method, but its dioing nothing, same stack as before call. Can u tell me, is this correct params and calling method?

void __cdecl getField( DWORD luaState, DWORD index, const char *name );

Im trying to read global variable by getField( L, LUA_GLOBALSINDEX, "VarName" )

**ostapus** · 10-18-2010

Originally Posted by Zayka

This getfield isnt working for me. Maybe im using wrong params, or maybe wrong call method, but its dioing nothing, same stack as before call. Can u tell me, is this correct params and calling method?

void __cdecl getField( DWORD luaState, DWORD index, const char *name );

Im trying to read global variable by getField( L, LUA_GLOBALSINDEX, "VarName" )

lua_getfield - 0x000350A0, base on 0x1000. tested, working.

**Zayka** · 10-18-2010

Yep, this address works for me too. Thx.

**caowenyu** · 10-18-2010

Originally Posted by _Mike

This one?
[[base+0x9162A0]+0x28DC]

I've read the thread, still don't understand why.. Explain please

I tried this one. It's not always correct. When you in a building, at least for tanaris inn, it's not continent's name.
What I do is to read from 0xBFF840, an absolute address, to get the continentID, then use the ID to retrieve the continent's name.

Anyone got a better idea?

**Overon** · 10-19-2010

Playerbase:

Wow.exe + 009162A8
Offset1 = 0x38
Offset2 = 0x24

**lon3vman** · 10-20-2010

Crawling out from under my rock...

I've cut most things across by either my scrubby reversing or posting here, but I'm having issues with the spells on cooldown. It's been a while since I've had to visit it, and for a long time I've just been updating the offset.

I usually grab the offset by reversing GetSpellCooldown or via the forums, and using SpellCooldownPtr = 0x00980968 and doing the + 8 (+4, +4...) technique isn't working. I'm having issues reversing GetSpellCooldown (although it was quite late, I'm pretty sure my abilities are failing me). Any one else noticed this has changed? If not I'll dive back into it tonight.

**lon3vman** · 10-21-2010

Came home from work and figured it out in 2 seconds. Hadn't offset by the wow base address.

Crawling back under my rock...

**burdakovd** · 10-21-2010

Originally Posted by RivaLfr

Code:

 
        public static readonly uint gameState = 0x981692;

Read 0 on this pointer.

WoW starts in memory at 0x00E10000, so I read [0x00E10000+0x981692], but there are 0 there.

UPD: this works fine

**DrGonzo** · 10-21-2010

Has anyone tested the Player Skills array? I couldn't get it to work with the posted descriptors, but the one for last patch (0x9f0) works fine.

Also has anyone else calculating 3d to 2d for where to click notice it's not as accurate anymore. Did something change with the camera?

**rafalsk** · 10-23-2010

I've just noticed that I'm also having problems with world to screen, don't know yet why, offsets I've found seem to be the same as here

Shout-Out

User Tag List

Thread: 4.0 Migration

Thread Tools

Search Thread

Similar Threads

Free migration when Lich hits. True or false?

Migrate to Russian realms SUCKS

Does moving a char from 1 account to another trigger the server migration cooldown?

Easy migrate a character!

Free Character Migration

OwnedCore Forums

casino

CoreCoins

My OwnedCore

About Us

Casino