New AUTH_CHALLENGE structure:
And packet:Code:00000000 vTable dd ? 00000004 connection dd ? 00000008 servConn dd ? 0000000C field_C dd ? 00000010 serverSeed dd ? 00000014 keys dd 8 dup(?) 00000034 count db ?
Code:keys[4] = br.ReadUInt32(); keys[7] = br.ReadUInt32(); seed = br.ReadUInt32(); keys[0] = br.ReadUInt32(); count = br.ReadByte(); keys[6] = br.ReadUInt32(); keys[3] = br.ReadUInt32(); keys[1] = br.ReadUInt32(); keys[5] = br.ReadUInt32(); keys[2] = br.ReadUInt32();
Hello
Does anyone know the correct indent camera_pointer & camera_offset?
I've found on the first page 83A8A0 CGWorldFrame:: GetActiveCamera - this is camera_pointer?
What do you mean "offsets NOT rebased"? I should add to your values process.MainModule.BaseAddress?
The PatternMaker plugin can also be found at https://www.gamedeception.net/thread...-maker-for-ida along with the sourcecode, if anyone is interested.
Why don't you guys use 0x00000000 as base-address, then you'll never have to ask what the base address was?
While new here, I've been using IDA for a long time and am well experienced in reverse engineering, so I'll weigh in.
Ideally, all rebasing should be done to 0 so that anyone using offsets merely need to know the base load address of the module (typically 0x400000 for an exe). However, IDA is a little bit inconsistent here. Most often IDA will consider the base address of a module as the address of the first loaded section (often 0x401000). From time to time, I've seen IDA include the MZ/PE headers as the first section (in which case rebasing to 0 would be correct) but that's not too common. So when rebasing in IDA, you need to be a little bit smarter than IDA and know that you need to rebase based upon the first section and not on the real base load address. Therefore, to correctly rebase to 0 (load address), you will actually rebase in IDA to 0x1000 (first section address).
Confused? Of course. I wish IDA would fix this.
In summary, if you see someone saying they've rebased to 0x1000, it means they're playing with IDA and they really have actually rebased to 0 for the offsets.
Don't get me wrong I love that you contributed but shouldnt it be like below since containers inherit from Items as far as I can tell...
Code:internal enum WoWContainerFields { CONTAINER_FIELD_NUM_SLOTS = 0x48, CONTAINER_ALIGN_PAD = 0x49, CONTAINER_FIELD_SLOT_1 = 0x4A, //TOTAL_CONTAINER_FIELDS = 0x3 }
You'd have to reverse the GetActiveCamera function to get the offsets.
Note for Camera.Base you also now need to add the base address from the main WoW process module, ie:Code:public enum Camera : uint { Base = 0x990C28, Offset = 0x7F48 }
Edit: Does anyone have any insight into changes made to the spellbook? I have the offsets from RivalLfr (and have verified them in IDA) for the number of spells and the start of the spellbook, but for some reason the spell id's that I'm finding are completely messed up.Code:uint staticBasePointer = WowProcess.ReadUInt( WowProcess.BaseAddress + ( uint ) Offsets.Camera.Base ); uint camAddress = WowProcess.ReadUInt( staticBasePointer + ( uint ) Offsets.Camera.Offset );
Last edited by JabbaTheCunt; 12-10-2010 at 09:22 AM.
5 scans was added to the Warden the last 2 hours :
Code:Offset (Relative) : 0x0039CAC4 Length : 7 Bytes : 5F 5E C6 03 00 5B 8B Offset (Relative) : 0x000D3B72 Length : 8 Bytes : 8B 80 A8 00 00 00 52 FF Offset (Relative) : 0x002345B0 Length : 8 Bytes : 8B 4E 1C 83 C4 24 68 88 Offset (Relative) : 0x00035AC4 Length : 7 Bytes : 83 C4 0C 5E 5D C3 CC Offset (Relative) : 0x000D60C1 Length : 8 Bytes : 8D 8D 00 FB FF FF 51 E8
For those trying to get the value of Holy Power (the paladin's "point"), it is not at the expected UNIT_FIELD_POWER8 = OBJECT_END + 0x68, but appears to be at
Holy Power: UNIT_FIELD_POWER10 = OBJECT_END + 0x70
Note that +0x68 will always give 3 (which doesn't change either when something procs for free holy power).
adress for airwalk?