[WoW][4.0.3.13329] Info Dump Thread

**~~mnbvc~~** · 11-28-2010

http://rapidshare.com/files/433634900/PatternMaker.plw

**Syltex** · 11-28-2010

Originally Posted by mnbvc

http://rapidshare.com/files/433634900/PatternMaker.plw

+rep +rep +rep !

**LordJZ** · 11-28-2010

New AUTH_CHALLENGE structure:

Code:

00000000 vTable          dd ?
00000004 connection      dd ?
00000008 servConn        dd ?
0000000C field_C         dd ?
00000010 serverSeed      dd ?
00000014 keys            dd 8 dup(?)
00000034 count           db ?

And packet:

Code:

                        keys[4] = br.ReadUInt32();
                        keys[7] = br.ReadUInt32();
                        seed = br.ReadUInt32();
                        keys[0] = br.ReadUInt32();
                        count = br.ReadByte();
                        keys[6] = br.ReadUInt32();
                        keys[3] = br.ReadUInt32();
                        keys[1] = br.ReadUInt32();
                        keys[5] = br.ReadUInt32();
                        keys[2] = br.ReadUInt32();

**~~GameAssist~~** · 11-29-2010

Hello
Does anyone know the correct indent camera_pointer & camera_offset?
I've found on the first page 83A8A0 CGWorldFrame:: GetActiveCamera - this is camera_pointer?
What do you mean "offsets NOT rebased"? I should add to your values process.MainModule.BaseAddress?

**-Ryuk-** · 11-29-2010

Originally Posted by wlastas

Hello
Does anyone know the correct indent camera_pointer & camera_offset?
I've found on the first page 83A8A0 CGWorldFrame:: GetActiveCamera - this is camera_pointer?
What do you mean "offsets NOT rebased"? I should add to your values process.MainModule.BaseAddress?

If there not rebased you need to - 0x400000 from the address. And then add process.MainModule.BaseAddress to it.

**Bobbysing** · 11-29-2010

The PatternMaker plugin can also be found at https://www.gamedeception.net/thread...-maker-for-ida along with the sourcecode, if anyone is interested.
Why don't you guys use 0x00000000 as base-address, then you'll never have to ask what the base address was?

**dd7** · 11-29-2010

Originally Posted by Bobbysing

Why don't you guys use 0x00000000 as base-address, then you'll never have to ask what the base address was?

While new here, I've been using IDA for a long time and am well experienced in reverse engineering, so I'll weigh in.

Ideally, all rebasing should be done to 0 so that anyone using offsets merely need to know the base load address of the module (typically 0x400000 for an exe). However, IDA is a little bit inconsistent here. Most often IDA will consider the base address of a module as the address of the first loaded section (often 0x401000). From time to time, I've seen IDA include the MZ/PE headers as the first section (in which case rebasing to 0 would be correct) but that's not too common. So when rebasing in IDA, you need to be a little bit smarter than IDA and know that you need to rebase based upon the first section and not on the real base load address. Therefore, to correctly rebase to 0 (load address), you will actually rebase in IDA to 0x1000 (first section address).

Confused? Of course. I wish IDA would fix this.

In summary, if you see someone saying they've rebased to 0x1000, it means they're playing with IDA and they really have actually rebased to 0 for the offsets.

**Azzie2k8** · 12-09-2010

Don't get me wrong I love that you contributed but shouldnt it be like below since containers inherit from Items as far as I can tell...

Code:

internal enum WoWContainerFields
{
    CONTAINER_FIELD_NUM_SLOTS = 0x48,
    CONTAINER_ALIGN_PAD = 0x49,
    CONTAINER_FIELD_SLOT_1 = 0x4A,
    //TOTAL_CONTAINER_FIELDS = 0x3
}

Originally Posted by Nesox

Guess i'll contribute some too

Code:

internal enum WoWContainerFields
{
    CONTAINER_FIELD_NUM_SLOTS = 0x8,
    CONTAINER_ALIGN_PAD = 0x9,
    CONTAINER_FIELD_SLOT_1 = 0xA,
    //TOTAL_CONTAINER_FIELDS = 0x3
}

**JabbaTheCunt** · 12-10-2010

Originally Posted by wlastas

Hello
Does anyone know the correct indent camera_pointer & camera_offset?
I've found on the first page 83A8A0 CGWorldFrame:: GetActiveCamera - this is camera_pointer?
What do you mean "offsets NOT rebased"? I should add to your values process.MainModule.BaseAddress?

You'd have to reverse the GetActiveCamera function to get the offsets.

Code:

public enum Camera : uint {
     Base = 0x990C28,
     Offset = 0x7F48
}

Note for Camera.Base you also now need to add the base address from the main WoW process module, ie:

Code:

uint staticBasePointer = WowProcess.ReadUInt( WowProcess.BaseAddress + ( uint ) Offsets.Camera.Base );
uint camAddress = WowProcess.ReadUInt( staticBasePointer + ( uint ) Offsets.Camera.Offset );

Edit: Does anyone have any insight into changes made to the spellbook? I have the offsets from RivalLfr (and have verified them in IDA) for the number of spells and the start of the spellbook, but for some reason the spell id's that I'm finding are completely messed up.

**Scorpiona** · 12-10-2010

Originally Posted by JabbaTheCunt

Edit: Does anyone have any insight into changes made to the spellbook? I have the offsets from RivalLfr (and have verified them in IDA) for the number of spells and the start of the spellbook, but for some reason the spell id's that I'm finding are completely messed up.

Code:

    [StructLayout(LayoutKind.Sequential)]
    public struct SpellBookEntry
    {
        public SpellBookType Type;
        public uint SpellID;
    }

    public enum SpellBookType : int
    {
        Known = 1,
        Trainable = 2,
        Pet = 3,
        Flyout = 4,
    }

**~~JuJuBoSc~~** · 12-10-2010

5 scans was added to the Warden the last 2 hours :

Code:

Offset (Relative) : 0x0039CAC4
Length : 7
Bytes : 5F 5E C6 03 00 5B 8B

Offset (Relative) : 0x000D3B72
Length : 8
Bytes : 8B 80 A8 00 00 00 52 FF

Offset (Relative) : 0x002345B0
Length : 8
Bytes : 8B 4E 1C 83 C4 24 68 88

Offset (Relative) : 0x00035AC4
Length : 7
Bytes : 83 C4 0C 5E 5D C3 CC

Offset (Relative) : 0x000D60C1
Length : 8
Bytes : 8D 8D 00 FB FF FF 51 E8

**caytchen** · 12-10-2010

Originally Posted by JuJuBoSc

5 scans was added to the Warden the last 2 hours :

And they all target FrameScript or BattleNet. Move on, nothing to see here

**psyf4** · 12-10-2010

For those trying to get the value of Holy Power (the paladin's "point"), it is not at the expected UNIT_FIELD_POWER8 = OBJECT_END + 0x68, but appears to be at

Holy Power: UNIT_FIELD_POWER10 = OBJECT_END + 0x70

Note that +0x68 will always give 3 (which doesn't change either when something procs for free holy power).

**changersrwr** · 12-11-2010

adress for airwalk?

**Syltex** · 12-11-2010

Originally Posted by JuJuBoSc

5 scans was added to the Warden the last 2 hours :

Code:

Offset (Relative) : 0x0039CAC4
Length : 7
Bytes : 5F 5E C6 03 00 5B 8B

Offset (Relative) : 0x000D3B72
Length : 8
Bytes : 8B 80 A8 00 00 00 52 FF

Offset (Relative) : 0x002345B0
Length : 8
Bytes : 8B 4E 1C 83 C4 24 68 88

Offset (Relative) : 0x00035AC4
Length : 7
Bytes : 83 C4 0C 5E 5D C3 CC

Offset (Relative) : 0x000D60C1
Length : 8
Bytes : 8D 8D 00 FB FF FF 51 E8

Mind sharing the method/program that you got that info?

PM me if u do.

Shout-Out

User Tag List

Thread: [WoW][4.0.3.13329] Info Dump Thread

Thread Tools

Search Thread

Similar Threads

[WoW][3.3.5.12340] Info Dump Thread

[WoW][4.0.6.13596] Info Dump Thread

[WoW][4.0.1.13164] Info Dump Thread

[WoW][4.0.1.13205] Info Dump Thread

[WoW][3.3.3.11723] Info Dump Thread

OwnedCore Forums

casino

CoreCoins

My OwnedCore

About Us

Casino