[SourceCode & Question] CastSpell by ID with SendPacket

[RivaLfr]

Hi there,

I work in the systeme to launch aoe spell with SendPacket.

I can cast a basic spell (spell without target, and without position)

This is my code:

Code:

    [StructLayout(LayoutKind.Explicit, Size = 0x18)]
    public struct DataStore
    {
        [FieldOffset(0x0)]
        public int ptrDataStore; // pDataStore1,pDataStore2
        [FieldOffset(0x4)]
        public int ptrPacketData; //pointer to packet data
        [FieldOffset(0x8)]
        public int UnKnown1; //always 0
        [FieldOffset(0xC)]
        public int MayType; // 0x100 for normal, 0x300 for warden
        [FieldOffset(0x10)]
        public int PacketLen; //data length
        [FieldOffset(0x14)]
        public int UnKnown3; //always 0
    }

    [StructLayout(LayoutKind.Explicit, Size = 0x12)]
    public struct SpellPacket
    {
        [FieldOffset(0x0)]
        public int OpCode;
        [FieldOffset(0x4)]
        public byte Count;
        [FieldOffset(0x5)]
        public ushort SpellID;
    }

    public class SendPacket
    {
        public static void pulse(int spellId)
        {
            uint ClientConnection__SendPacket = 0x90670;
            uint dataStore1 = 0x6AECB8;
            uint currentConnection = 0x8B3F78;

            int CMSG_CAST_SPELL = 0x4C56;

            UInt32 codeCaveDatastore = Memory.Memory.MyHook.Memory.AllocateMemory(Marshal.SizeOf(typeof(DataStore)));
            UInt32 codeCavePacketData = Memory.Memory.MyHook.Memory.AllocateMemory(Marshal.SizeOf(typeof(SpellPacket)));

    
            //Packet
            SpellPacket spellPacket = new SpellPacket();
            spellPacket.OpCode = CMSG_CAST_SPELL;
            spellPacket.Count = 0;
            spellPacket.SpellID = (ushort)spellId;
            //DataStore:
            DataStore dataStore = new DataStore();
            dataStore.ptrDataStore = (int)dataStore1;
            dataStore.ptrPacketData = (int)codeCavePacketData;
            dataStore.UnKnown1 = 0;
            dataStore.MayType = 0x100;
            dataStore.PacketLen = Marshal.SizeOf(typeof(SpellPacket));       
            dataStore.UnKnown3 = 0;
            
           

            // WRITE
            // DataStore:
            Memory.Memory.MyHook.Memory.WriteObject(codeCaveDatastore, dataStore, typeof(DataStore));
            //Packet
            Memory.Memory.MyHook.Memory.WriteObject(codeCavePacketData, spellPacket, typeof(SpellPacket));
          
            string[] asm = new string[]
                {
                "mov ecx, [" + (uint)((uint)Process.Process.wowModule + (uint)currentConnection) + "]",
                "push " + (uint)codeCaveDatastore,
                "mov ebx, " + (uint)((uint)Process.Process.wowModule + (uint)ClientConnection__SendPacket),
                "call ebx",
                "@out:",
                "retn",
                 };

            Memory.Memory.MyHook.InjectAndExecute(asm);

            Memory.Memory.MyHook.Memory.FreeMemory(codeCaveDatastore);
            Memory.Memory.MyHook.Memory.FreeMemory(codeCaveDatastore);
        }
    }

This code work, but I not find the packet structure for cast spell by position.

Thank

[namreeb]

Have you looked at Mangos, etc?

[RivaLfr]

With my packet monitor I find this:

Code:

56 4C 00 00 ; OPcode +0
03 ; Count +4
01 A9 ; Spell ID +5
00 00 00 00 00 00 00 ; ??? +7
40 00 ; SpellType +14
00 00 00  ; ??? + 16
DB 72 DB 44  ; X +19
9C 1D 8D C5  ; Y +23
56 38 DD 41 ; Z + 27

In C#:

    [StructLayout(LayoutKind.Explicit, Size = 0x1F)]
    public struct SpellPositionPacket
    {
        [FieldOffset(0x0)]
        public int OpCode;
        [FieldOffset(0x4)]
        public byte Count;
        [FieldOffset(0x5)]
        public ushort SpellID;
        [FieldOffset(0xE)]
        public ushort SpellType;
        [FieldOffset(0x13)]
        public float X;
        [FieldOffset(0x17)]
        public float Y;
        [FieldOffset(0x1B)]
        public float Z;
    }

[reggggg]

Count?

padding