[Help]how to find CGObject's VMT indies? menu

User Tag List

Results 1 to 8 of 8
  1. #1
    rik.chong's Avatar Member
    Reputation
    7
    Join Date
    Oct 2009
    Posts
    35
    Thanks G/R
    0/2
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    [Help]how to find CGObject's VMT indies?

    Hi, I'm having problem on getting VMT indies, such as GetObjectName, Interact.
    Before 3.3.5 patch (CN server 3.2.2), I searched for the VMT indies from this forum, and there are 2-3 different results for GetObjectName (47/51/4, so I tried it one by one, and finally got 47 works. That was a stupid way.
    Now 3.3.5 patch updated, the old VMT indies are not working
    How can I find these indies by myself instead of trying those 47/48/51 one by one?

    (Sorry for my english)

    Thanks in advanced

    [Help]how to find CGObject's VMT indies?
  2. #2
    Cypher's Avatar Kynox's Sister's Pimp
    Reputation
    1358
    Join Date
    Apr 2006
    Posts
    5,368
    Thanks G/R
    0/6
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

  3. #3
    rik.chong's Avatar Member
    Reputation
    7
    Join Date
    Oct 2009
    Posts
    35
    Thanks G/R
    0/2
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I'm serious.
    Could u pls give me some tips to find these indies?

  4. #4
    Azzie2k8's Avatar Member
    Reputation
    11
    Join Date
    Apr 2009
    Posts
    190
    Thanks G/R
    0/0
    Trade Feedback
    1 (100%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by rik.chong View Post
    I'm serious.
    Could u pls give me some tips to find these indies?
    I think the VMT or at least a pointer to it is always stored at the beginning of on object so I think all you have to do is find a memory representation of the class you are searching for or an object of that class. I am not pro at this so please correct me if I am wrong

  5. #5
    rik.chong's Avatar Member
    Reputation
    7
    Join Date
    Oct 2009
    Posts
    35
    Thanks G/R
    0/2
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Azzie2k8 View Post
    I think the VMT or at least a pointer to it is always stored at the beginning of on object so I think all you have to do is find a memory representation of the class you are searching for or an object of that class. I am not pro at this so please correct me if I am wrong
    so I should find the virtual function pointers and 'decode' those function?
    I'm not skilled at ASM, if this is the only way, must be a hard work for me. Thanks anyway

  6. #6
    amadmonk's Avatar Active Member
    Reputation
    124
    Join Date
    Apr 2008
    Posts
    772
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The simple fact is that it's not trivial to find VMT's from static analysis alone. It's *possible* at times (if you can find name-mangled symbols that give you hints what you're looking at, if you use things like the class inspector plugin for IDA), but it's not easy.

    On the other hand, if you're live debugging, it's almost trivial; once you know you have a CGPlayer object, for instance, you can just do a couple of pointer derefs to get to the VMT. Then you break on calls to those and track back to what's happening at each call (set facing, etc.).

    This tends to be what separates the men from the boys, in reversing (countdown to Cypher making a smartass remark in 3... 2...)
    Don't believe everything you think.

  7. #7
    Cypher's Avatar Kynox's Sister's Pimp
    Reputation
    1358
    Join Date
    Apr 2006
    Posts
    5,368
    Thanks G/R
    0/6
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by amadmonk View Post
    The simple fact is that it's not trivial to find VMT's from static analysis alone. It's *possible* at times (if you can find name-mangled symbols that give you hints what you're looking at, if you use things like the class inspector plugin for IDA), but it's not easy.

    On the other hand, if you're live debugging, it's almost trivial; once you know you have a CGPlayer object, for instance, you can just do a couple of pointer derefs to get to the VMT. Then you break on calls to those and track back to what's happening at each call (set facing, etc.).

    This tends to be what separates the men from the boys, in reversing (countdown to Cypher making a smartass remark in 3... 2...)
    It's no fun when you set it up like that.

  8. #8
    rik.chong's Avatar Member
    Reputation
    7
    Join Date
    Oct 2009
    Posts
    35
    Thanks G/R
    0/2
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yeah yeah I got that, it sounds that way is really not easy, so I am gonna try IDA + patchdiff2 + Info dump thread to find out those known function offsets, and then comparing with the VMT pointers, I can find the indies easier.
    Thanks very much!!

Similar Threads

  1. [help]how to find faction offset?
    By chlycooper in forum WoW Memory Editing
    Replies: 4
    Last Post: 10-28-2014, 04:22 PM
  2. [Help]How to find some addresses/offsets 5.0.5
    By broly7 in forum WoW Memory Editing
    Replies: 3
    Last Post: 01-09-2013, 05:32 PM
  3. [Help] How to find out Display ID's
    By Litenith in forum WoW ME Questions and Requests
    Replies: 4
    Last Post: 08-23-2009, 04:46 AM
  4. [Help] How to find WoW version as pointer?
    By Jadd in forum WoW Memory Editing
    Replies: 3
    Last Post: 08-23-2008, 06:19 AM
  5. [help] How to find fly hack address for the wow alpha ?
    By Phobe in forum WoW Memory Editing
    Replies: 4
    Last Post: 06-27-2008, 11:30 AM
All times are GMT -5. The time now is 02:55 PM. Powered by vBulletin® Version 4.2.3
Copyright © 2025 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2025 DragonByte Technologies Ltd.
Google Authenticator verification provided by Two-Factor Authentication (Free) - vBulletin Mods & Addons Copyright © 2025 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search