[WoW] 1.12.1.5875 Info Dump Thread menu

User Tag List

Page 37 of 41 FirstFirst ... 333435363738394041 LastLast
Results 541 to 555 of 614
  1. #541
    DarkLinux's Avatar Former Staff
    CoreCoins Purchaser Authenticator enabled
    Reputation
    1584
    Join Date
    May 2010
    Posts
    1,824
    Thanks G/R
    188/531
    Trade Feedback
    16 (100%)
    Mentioned
    6 Post(s)
    Tagged
    0 Thread(s)
    Some MEM_CHECK warden info that I have logged based on Elysium. Sig scan the function works for all modules, but I needed the caller offset.

    Code:
    struct WardenInfo
    {
    	DWORD m_ver
    	DWORD m_offset
    	DWORD m_offsetCall
    
    ...
    
    }
    
    WardenInfo(0x00003E2D, 0x00001C5D, 0x00001F73);
    WardenInfo(0x00001982, 0x00006DC4, 0x0000196B);
    WardenInfo(0x00006270, 0x00004A8D, 0x000038C3);
    WardenInfo(0x00005ACC, 0x00004E7C, 0x00002AE8);
    WardenInfo(0x00004BE0, 0x000071D8, 0x00004FC6);
    WardenInfo(0x00001B20, 0x00005F06, 0x00003CA4);
    WardenInfo(0x00004DE0, 0x00005F1F, 0x000022B8);
    WardenInfo(0x00004389, 0x000029E8, 0x000031D0);
    WardenInfo(0x00001BD7, 0x00004FB9, 0x00005FC0);
    WardenInfo(0x000011A0, 0x0000116E, 0x0000509F);
    WardenInfo(0x00001438, 0x0000137D, 0x0000292F);
    WardenInfo(0x00003150, 0x0000263E, 0x000036EB);
    WardenInfo(0x00001EB0, 0x00002B6F, 0x0000391B);
    WardenInfo(0x00002839, 0x00003917, 0x000029EB);
    WardenInfo(0x000071B0, 0x0000710C, 0x00005A1B);
    WardenInfo(0x00003890, 0x00001F1F, 0x00003881);
    WardenInfo(0x00003DAC, 0x000018EE, 0x00004D2B);
    WardenInfo(0x000036F0, 0x000060AA, 0x000057A7);
    WardenInfo(0x0000540D, 0x000026C6, 0x0000193B);
    WardenInfo(0x00007452, 0x000054C6, 0x00005F7D);
    WardenInfo(0x00005496, 0x0000159C, 0x000046DB);
    WardenInfo(0x00006980, 0x00005525, 0x00001136);
    WardenInfo(0x000040A0, 0x000037A1, 0x000066C0);
    WardenInfo(0x00003EA0, 0x00001696, 0x00004BEB);
    WardenInfo(0x000019FB, 0x00001088, 0x0000240B);
    WardenInfo(0x00005E1C, 0x0000140D, 0x0000597B);
    WardenInfo(0x00003124, 0x0000542D, 0x00001B8B);
    WardenInfo(0x00003D08, 0x000044CB, 0x0000461C);
    WardenInfo(0x00005C2B, 0x000025A6, 0x00005D5B);
    WardenInfo(0x000028D2, 0x000014C1, 0x0000210B);
    WardenInfo(0x000055C0, 0x000018D9, 0x0000407B);
    WardenInfo(0x00004997, 0x00002587, 0x0000172B);
    WardenInfo(0x00005E40, 0x00003233, 0x00001BBB);
    WardenInfo(0x00004DDD, 0x0000281A, 0x0000672B);
    WardenInfo(0x000044A0, 0x00003866, 0x00003561);
    WardenInfo(0x00004030, 0x0000480C, 0x00004B1B);
    WardenInfo(0x000063B8, 0x00002A7F, 0x0000178B);
    WardenInfo(0x00006DC0, 0x00004B1B, 0x00006506);
    WardenInfo(0x00004ED7, 0x00001C6A, 0x0000492F);
    WardenInfo(0x000030F0, 0x00004626, 0x00004ADB);
    WardenInfo(0x00001A42, 0x00006F20, 0x00006D45);
    WardenInfo(0x000077FA, 0x00003F07, 0x0000260B);
    WardenInfo(0x00002890, 0x00001837, 0x00006BD7);
    WardenInfo(0x00002070, 0x000047B8, 0x000036EB);
    WardenInfo(0x000014A0, 0x0000486D, 0x0000377B);
    WardenInfo(0x00001000, 0x00006192, 0x000023B8);
    WardenInfo(0x000011F5, 0x00005204, 0x000011DA);
    WardenInfo(0x00002E58, 0x000025B8, 0x000010D7);
    WardenInfo(0x000043E0, 0x000061C6, 0x0000199B);
    WardenInfo(0x000040F0, 0x00005FDA, 0x0000141B);
    WardenInfo(0x000050D0, 0x00003F52, 0x00001FFB);
    WardenInfo(0x000047E0, 0x000038D3, 0x00006F30);
    WardenInfo(0x00002D30, 0x00003446, 0x00002506);
    WardenInfo(0x00004D99, 0x0000100A, 0x0000273F);
    WardenInfo(0x00006210, 0x000081D6, 0x000081CB);
    WardenInfo(0x00006135, 0x0000274B, 0x00001DBB);
    WardenInfo(0x00006798, 0x000063FA, 0x0000279B);
    WardenInfo(0x00004184, 0x00004FF8, 0x00003889);
    WardenInfo(0x00001E40, 0x000059B3, 0x000053ED);
    WardenInfo(0x000023B0, 0x000029EA, 0x0000459D);
    WardenInfo(0x00004533, 0x00006395, 0x000046DB);
    WardenInfo(0x00001065, 0x00001E08, 0x00005D17);
    WardenInfo(0x00003181, 0x000023F2, 0x000043F7);
    WardenInfo(0x00006456, 0x0000614C, 0x0000516B);
    WardenInfo(0x00006376, 0x00003734, 0x000063EB);
    WardenInfo(0x00001DB0, 0x00001E27, 0x0000406B);
    WardenInfo(0x00004390, 0x00005A6F, 0x00006C7B);
    WardenInfo(0x000015D0, 0x0000618D, 0x000017AB);
    WardenInfo(0x00002240, 0x00002C57, 0x00002DBD);
    WardenInfo(0x000053B9, 0x00001D76, 0x00007254);
    WardenInfo(0x00002AF6, 0x00005BDD, 0x0000339B);
    WardenInfo(0x00005083, 0x00005499, 0x00004C1B);
    
    DWORD CWarden::GetWardenBase()
    {
    	DWORD ppWarden = read<DWORD>(0x0CE8978);
    
    	if (!ppWarden)
    	{
    		return NULL;
    	}
    
    	return read<DWORD>(ppWarden);
    }
    
    DWORD CWarden::GetWardenVersion()
    {
    	DWORD ppWarden = read<DWORD>(0x00CE897C);
    
    	if (!ppWarden)
    	{
    		return NULL;
    	}
    
    	DWORD pWarden = read<DWORD>(ppWarden);
    
    	if (!pWarden)
    	{
    		return NULL;
    	}
    
    	DWORD WardenBase = GetWardenBase();
    
    	if (!WardenBase)
    	{
    		return NULL;
    	}
    
    	return read<DWORD>(pWarden + 0xC) - WardenBase;
    }
    Last edited by DarkLinux; 01-13-2018 at 04:50 AM.

    [WoW] 1.12.1.5875 Info Dump Thread
  2. #542
    namreeb's Avatar Legendary

    Reputation
    658
    Join Date
    Sep 2008
    Posts
    1,023
    Thanks G/R
    7/215
    Trade Feedback
    0 (0%)
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by tutrakan View Post
    Which portals you mean?
    Shattrah City and Dalaran have portals to the major cities (yes I realize you probably only mean classic so this is not relevant). Some private servers add custom portals as a quality of life enhancement. gamer-district.org has this, Feenix did (I think?) and maybe vanillagaming.org? In most cases, you can send the game object interaction packet to produce the desired teleport and it will work regardless of client-side restrictions.

  3. Thanks tutrakan (1 members gave Thanks to namreeb for this useful post)
  4. #543
    DarkLinux's Avatar Former Staff
    CoreCoins Purchaser Authenticator enabled
    Reputation
    1584
    Join Date
    May 2010
    Posts
    1,824
    Thanks G/R
    188/531
    Trade Feedback
    16 (100%)
    Mentioned
    6 Post(s)
    Tagged
    0 Thread(s)
    Loot while moving,
    Code:
    0x005DF2F0
    Last edited by DarkLinux; 01-13-2018 at 12:37 AM.

  5. Thanks tutrakan, Dirktooth (2 members gave Thanks to DarkLinux for this useful post)
  6. #544
    DarkLinux's Avatar Former Staff
    CoreCoins Purchaser Authenticator enabled
    Reputation
    1584
    Join Date
    May 2010
    Posts
    1,824
    Thanks G/R
    188/531
    Trade Feedback
    16 (100%)
    Mentioned
    6 Post(s)
    Tagged
    0 Thread(s)
    Finished logging all modules info to bypass MEM_CHECK and PAGE_CHECK. You can sig scan all offsets, but I like to manually check each one.

    Code:
    struct WardenInfo
    {
    	DWORD m_ver;
    	DWORD m_offset;		/* Warden_CopyMem Function Offset (MEM_CHECK)*/
    	DWORD m_offsetCall;	/* Warden_CallCopyMem Call Offset to Warden_CopyMem (MEM_CHECK) */
    	DWORD m_offsetPageHash;	/* Warden_SHA1Update Copy Offset (PAGE_CHECK_A / PAGE_CHECK_B) */
    	DWORD m_pageHashType;	/* Hook Type*/
    ...
    }
    
    WardenOffset(0x00003E2D, 0x00001C5D, 0x00001F73, 0x000049C6, 2);
    WardenOffset(0x00001982, 0x00006DC4, 0x0000196B, 0x00003DF1, 2);
    WardenOffset(0x00006270, 0x00004A8D, 0x000038C3, 0x000028EA, 1);
    WardenOffset(0x00005ACC, 0x00004E7C, 0x00002AE8, 0x00007224, 1);
    WardenOffset(0x00004BE0, 0x000071D8, 0x00004FC6, 0x00002BB6, 2);
    WardenOffset(0x00001B20, 0x00005F06, 0x00003CA4, 0x000035E7, 3);
    WardenOffset(0x00004DE0, 0x00005F1F, 0x000022B8, 0x000039C1, 2);
    WardenOffset(0x00004389, 0x000029E8, 0x000031D0, 0x00003129, 3);
    WardenOffset(0x00001BD7, 0x00004FB9, 0x00005FC0, 0x00005193, 1);
    WardenOffset(0x000011A0, 0x0000116E, 0x0000509F, 0x00004197, 3);
    WardenOffset(0x00001438, 0x0000137D, 0x0000292F, 0x000034BB, 3);
    WardenOffset(0x00003150, 0x0000263E, 0x000036EB, 0x00002D51, 2);
    WardenOffset(0x00001EB0, 0x00002B6F, 0x0000391B, 0x00004B01, 2);
    WardenOffset(0x00002839, 0x00003917, 0x000029EB, 0x000034C6, 2);
    WardenOffset(0x000071B0, 0x0000710C, 0x00005A1B, 0x000037D1, 2);
    WardenOffset(0x00003890, 0x00001F1F, 0x00003881, 0x00006951, 2);
    WardenOffset(0x00003DAC, 0x000018EE, 0x00004D2B, 0x00001885, 1);
    WardenOffset(0x000036F0, 0x000060AA, 0x000057A7, 0x0000132B, 1);
    WardenOffset(0x0000540D, 0x000026C6, 0x0000193B, 0x00007A0C, 3);
    WardenOffset(0x00007452, 0x000054C6, 0x00005F7D, 0x000045D2, 1);
    WardenOffset(0x00005496, 0x0000159C, 0x000046DB, 0x00005925, 3);
    WardenOffset(0x00006980, 0x00005525, 0x00001136, 0x00001906, 2);
    WardenOffset(0x000040A0, 0x000037A1, 0x000066C0, 0x00002F68, 1);
    WardenOffset(0x00003EA0, 0x00001696, 0x00004BEB, 0x00001681, 2);
    WardenOffset(0x000019FB, 0x00001088, 0x0000240B, 0x00004221, 2);
    WardenOffset(0x00005E1C, 0x0000140D, 0x0000597B, 0x00006D59, 3);
    WardenOffset(0x00003124, 0x0000542D, 0x00001B8B, 0x00002DC9, 1);
    WardenOffset(0x00003D08, 0x000044CB, 0x0000461C, 0x0000118B, 1);
    WardenOffset(0x00005C2B, 0x000025A6, 0x00005D5B, 0x000043D6, 2);
    WardenOffset(0x000028D2, 0x000014C1, 0x0000210B, 0x00001937, 1);
    WardenOffset(0x000055C0, 0x000018D9, 0x0000407B, 0x000015F6, 2);
    WardenOffset(0x00004997, 0x00002587, 0x0000172B, 0x00005546, 2);
    WardenOffset(0x00005E40, 0x00003233, 0x00001BBB, 0x000024C2, 1);
    WardenOffset(0x00004DDD, 0x0000281A, 0x0000672B, 0x00004723, 3);
    WardenOffset(0x000044A0, 0x00003866, 0x00003561, 0x00006C46, 2);
    WardenOffset(0x00004030, 0x0000480C, 0x00004B1B, 0x00004E04, 1);
    WardenOffset(0x000063B8, 0x00002A7F, 0x0000178B, 0x00002B24, 1);
    WardenOffset(0x00006DC0, 0x00004B1B, 0x00006506, 0x0000682B, 1);
    WardenOffset(0x00004ED7, 0x00001C6A, 0x0000492F, 0x000049D1, 1);
    WardenOffset(0x000030F0, 0x00004626, 0x00004ADB, 0x000016CF, 1);
    WardenOffset(0x00001A42, 0x00006F20, 0x00006D45, 0x000067C1, 2);
    WardenOffset(0x000077FA, 0x00003F07, 0x0000260B, 0x00006C11, 2);
    WardenOffset(0x00002890, 0x00001837, 0x00006BD7, 0x00006479, 3);
    WardenOffset(0x00002070, 0x000047B8, 0x000036EB, 0x000015C5, 3);
    WardenOffset(0x000014A0, 0x0000486D, 0x0000377B, 0x000029F6, 2);
    WardenOffset(0x00001000, 0x00006192, 0x000023B8, 0x00006A23, 1);
    WardenOffset(0x000011F5, 0x00005204, 0x000011DA, 0x00004C3C, 3);
    WardenOffset(0x00002E58, 0x000025B8, 0x000010D7, 0x00004F96, 2);
    WardenOffset(0x000043E0, 0x000061C6, 0x0000199B, 0x00001FB6, 2);
    WardenOffset(0x000040F0, 0x00005FDA, 0x0000141B, 0x00004809, 1);
    WardenOffset(0x000050D0, 0x00003F52, 0x00001FFB, 0x00004C26, 2);
    WardenOffset(0x000047E0, 0x000038D3, 0x00006F30, 0x00007261, 3);
    WardenOffset(0x00002D30, 0x00003446, 0x00002506, 0x00002A76, 2);
    WardenOffset(0x00004D99, 0x0000100A, 0x0000273F, 0x00005F22, 1);
    WardenOffset(0x00006210, 0x000081D6, 0x000081CB, 0x00007AEA, 1);
    WardenOffset(0x00006135, 0x0000274B, 0x00001DBB, 0x00006B11, 2);
    WardenOffset(0x00006798, 0x000063FA, 0x0000279B, 0x00001766, 2);
    WardenOffset(0x00004184, 0x00004FF8, 0x00003889, 0x00004E36, 2);
    WardenOffset(0x00001E40, 0x000059B3, 0x000053ED, 0x00005DD7, 3);
    WardenOffset(0x000023B0, 0x000029EA, 0x0000459D, 0x000024AE, 3);
    WardenOffset(0x00004533, 0x00006395, 0x000046DB, 0x00004176, 2);
    WardenOffset(0x00001065, 0x00001E08, 0x00005D17, 0x00004085, 3);
    WardenOffset(0x00003181, 0x000023F2, 0x000043F7, 0x000024BD, 1);
    WardenOffset(0x00006456, 0x0000614C, 0x0000516B, 0x000053D9, 1);
    WardenOffset(0x00006376, 0x00003734, 0x000063EB, 0x00003AB4, 1);
    WardenOffset(0x00001DB0, 0x00001E27, 0x0000406B, 0x000035E1, 2);
    WardenOffset(0x00004390, 0x00005A6F, 0x00006C7B, 0x0000319C, 1);
    WardenOffset(0x000015D0, 0x0000618D, 0x000017AB, 0x000016CD, 1);
    WardenOffset(0x00002240, 0x00002C57, 0x00002DBD, 0x00001721, 2);
    WardenOffset(0x000053B9, 0x00001D76, 0x00007254, 0x00006006, 2);
    WardenOffset(0x00002AF6, 0x00005BDD, 0x0000339B, 0x00001E61, 2);
    WardenOffset(0x00005083, 0x00005499, 0x00004C1B, 0x00004981, 2);
    
    DWORD CWarden::GetWardenBase()
    {
    	DWORD ppWarden = read<DWORD>(0x0CE8978);
    
    	if (!ppWarden)
    	{
    		return NULL;
    	}
    
    	return read<DWORD>(ppWarden);
    }
    
    DWORD CWarden::GetWardenVersion()
    {
    	DWORD ppWarden = read<DWORD>(0x00CE897C);
    
    	if (!ppWarden)
    	{
    		return NULL;
    	}
    
    	DWORD pWarden = read<DWORD>(ppWarden);
    
    	if (!pWarden)
    	{
    		return NULL;
    	}
    
    	DWORD WardenBase = GetWardenBase();
    
    	if (!WardenBase)
    	{
    		return NULL;
    	}
    
    	return read<DWORD>(pWarden + 0xC) - WardenBase;
    }
    
    /*Hook Type Info
    Type 1:
    SourcePointer, eax
    Counter, edi
    ObjectPointer, esi
    Size, ebx
    
    Type 2:
    SourcePointer, ebx
    Counter, esi
    ObjectPointer, edi
    Size, eax
    
    Type 3:
    SourcePointer, eax
    Counter, ebx
    ObjectPointer, edi
    Size, [ebp + 0xC];
    */

  7. Thanks wowwac (1 members gave Thanks to DarkLinux for this useful post)
  8. #545
    wowwac's Avatar Member
    Reputation
    1
    Join Date
    Feb 2011
    Posts
    9
    Thanks G/R
    8/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Nice work DarkLinux, it'll come in handy later...

    Here's a little CheatEngine script for getting all object offsets from ObjectManager
    Code:
    --Tiny ObjectManager/PlayerBase finder for WoW 1.12.1
    --Made by LBLZR_
    objType = {"None", "Item", "Container", "Unit", "Player", "GameObject", "DynamicObject", "Corpse"}
    curObj = readInteger("[0xB41414]+0xAC")
    playerGuid = readInteger("[0xB41414]+0xC0")
    playerAddress = 0
    
    while ((curObj ~= nil) and (curObj ~= 0) and ((curObj & 1) == 0)) do --iterate over all objects
      print("Obj: ", string.format('0x%0X', curObj),
                 "\t| Type: ", objType[readInteger(curObj + "0x14")+1],
                 "\t| Guid: ", readQword(curObj + "0x30"),
                 "\t| Descriptor: ", string.format('0x%0X', readInteger(curObj + "0x8")))
    
      if((readInteger(curObj + "0x14") == 4) and --if object type is player and guid is our guid
                 (readQword(curObj + "0x30") == playerGuid)) then
           playerAddress = curObj
           print("Found local player!")
      end
    
      curObj=readInteger(curObj + "0x3C") --get next object
    end
    
    print("Local player base address: ", string.format('0x%0X', playerAddress))
    Also is there a better/easier way of getting PlayerBase than looping through ObjectMgr and finding it?
    Last edited by wowwac; 01-23-2018 at 05:48 PM. Reason: forgot nil check

  9. #546
    danwins's Avatar Contributor
    Reputation
    189
    Join Date
    Mar 2013
    Posts
    143
    Thanks G/R
    6/62
    Trade Feedback
    1 (100%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by wowwac View Post
    Nice work DarkLinux, it'll come in handy later...

    Here's a little CheatEngine script for getting all object offsets from ObjectManager
    Code:
    --Tiny ObjectManager/PlayerBase finder for WoW 1.12.1
    --Made by LBLZR_
    objType = {"None", "Item", "Container", "Unit", "Player", "GameObject", "DynamicObject", "Corpse"}
    curObj = readInteger("[0xB41414]+0xAC")
    playerGuid = readInteger("[0xB41414]+0xC0")
    playerAddress = 0
    
    while ((curObj ~= 0) and ((curObj & 1) == 0)) do --iterate over all objects
      print("Obj: ", string.format('0x%0X', curObj),
                 "\t| Type: ", objType[readInteger(curObj + "0x14")+1],
                 "\t| Guid: ", readQword(curObj + "0x30"),
                 "\t| Descriptor: ", string.format('0x%0X', readInteger(curObj + "0x8")))
    
      if((readInteger(curObj + "0x14") == 4) and --if object type is player and guid is our guid
                 (readQword(curObj + "0x30") == playerGuid)) then
           playerAddress = curObj
           print("Found local player!")
      end
    
      curObj=readInteger(curObj + "0x3C") --get next object
    end
    
    print("Local player base address: ", string.format('0x%0X', playerAddress))
    Also is there a better/easier way of getting PlayerBase than looping through ObjectMgr and finding it?
    there is actually, but afaik the actual function the game uses iterates through the object manager to find it.

    Not sure who should be credited for finding it(namreeb maybe?) but someone pointed out that the warden in use on elysium awhile back was being used as a server scanner by looking up the camtargentity(i think?) which has a pointer to the player object.

    referenced here:

    Originally Posted by NotJuJuBoSc View Post
    Their Warden is actually really interesting, they use memory scan warden's function as a "server side" memory reader.

    They start reading 4 bytes @ 00C7BCD4 CWorldScene__camTargEntity in the first warden scan packet, then when the client answer with those 4 bytes, (which is actually a pointer), they add 0x88 to get another pointer and so on, so they can read player object info and compare them server side.

    Really clever against clientless bot (not hard once you get it, but still, annoying to handle), great job @ Elysium
    i beleive the actual chain is

    Code:
    00C7BCD4
    +0x88
    +0x28

  10. Thanks ev0, wowwac (2 members gave Thanks to danwins for this useful post)
  11. #547
    wowwac's Avatar Member
    Reputation
    1
    Join Date
    Feb 2011
    Posts
    9
    Thanks G/R
    8/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Does 1.12.1 have FrameScript__SignalEvent?? I've tried setting access breakpoints on addresses with lua event names but all I got was some garbage scattered all over the address space, no single event entry point... Fuck, I should probably learn working with IdaPRO already because x64dbg just does not cut it anymore...

    Edit: Btw @danwins the offsets don't seem to work for me, but i've already solved it by looping through the objmanager as I wanted before...

    Edit 2: (Sorry for asking too many questions, but I'm 2 lazy to create another thread for this) Is it possible to turn player without manually constructing packets and sending them? CTM is out of question because it's total bugfest in vanilla (using 0x2 Face doesn't face the target, but north for some reason) I've tried to use the function at 0x7c6f30 but it's rotating in totally random directions when I call it...
    Last edited by wowwac; 02-19-2018 at 05:09 PM.

  12. #548
    DarkLinux's Avatar Former Staff
    CoreCoins Purchaser Authenticator enabled
    Reputation
    1584
    Join Date
    May 2010
    Posts
    1,824
    Thanks G/R
    188/531
    Trade Feedback
    16 (100%)
    Mentioned
    6 Post(s)
    Tagged
    0 Thread(s)
    @wowwac I have posted how to fix ctm, it works just fine after. Also, 0x7c6f30 works, are you using rads?

  13. Thanks doctorbeefy (1 members gave Thanks to DarkLinux for this useful post)
  14. #549
    wowwac's Avatar Member
    Reputation
    1
    Join Date
    Feb 2011
    Posts
    9
    Thanks G/R
    8/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by DarkLinux View Post
    @wowwac I have posted how to fix ctm, it works just fine after. Also, 0x7c6f30 works, are you using rads?
    Yep, i'm getting the current rotation from Player::GetBaseAddress() + 0x9c4 and then I add PI for example which should turn me 180 degrees (I'm using std::remainder for angles over 360) but it turns me into totally random direction and also crashes the game if I'm rotating manually with mouse when it tries to rotate... Is it possible that it's happening because i did not call it from main thread? I've created mainthread invoker class today, so I can try it with it...

    Also I've probably found the FrameScript__SignalEvent at 0x00703E50 but it's not processing some events like UNIT_DAMAGE,PLAYER_LEVEL_UP etc. that namreeb posted at the beginning of this thread. Is this normal behaviour?

    EDIT: Nope, even from main thread it turns me to north every time... Am I defining it right?
    Code:
    typedef void(__thiscall *tTurn) (DWORD playerbase, float *angle);
    Last edited by wowwac; 02-19-2018 at 07:54 PM.

  15. #550
    danwins's Avatar Contributor
    Reputation
    189
    Join Date
    Mar 2013
    Posts
    143
    Thanks G/R
    6/62
    Trade Feedback
    1 (100%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by wowwac View Post
    Does 1.12.1 have FrameScript__SignalEvent?? I've tried setting access breakpoints on addresses with lua event names but all I got was some garbage scattered all over the address space, no single event entry point... Fuck, I should probably learn working with IdaPRO already because x64dbg just does not cut it anymore...
    Code:
    00703E50   void __fastcall FrameScript_SignalEvent(FRAMEXML_EVENT event)
    Originally Posted by wowwac View Post
    Edit: Btw @danwins the offsets don't seem to work for me, but i've already solved it by looping through the objmanager as I wanted before...
    I don't quite know what you mean by it doesn't work?

    Code:
    <?xml version="1.0" encoding="utf-8"?>
    <CheatTable CheatEngineTableVersion="26">
      <CheatEntries>
        <CheatEntry>
          <ID>0</ID>
          <Description>"ActivePlayer -&gt; MovementData"</Description>
          <ShowAsHex>1</ShowAsHex>
          <VariableType>4 Bytes</VariableType>
          <Address>00C7BCD4</Address>
          <Offsets>
            <Offset>0</Offset>
            <Offset>118</Offset>
            <Offset>28</Offset>
            <Offset>88</Offset>
          </Offsets>
          <CheatEntries>
            <CheatEntry>
              <ID>7</ID>
              <Description>"m_position.x"</Description>
              <VariableType>Float</VariableType>
              <Address>+10</Address>
            </CheatEntry>
            <CheatEntry>
              <ID>1</ID>
              <Description>"m_position.y"</Description>
              <VariableType>Float</VariableType>
              <Address>+14</Address>
            </CheatEntry>
            <CheatEntry>
              <ID>2</ID>
              <Description>"m_position.z"</Description>
              <VariableType>Float</VariableType>
              <Address>+18</Address>
            </CheatEntry>
            <CheatEntry>
              <ID>3</ID>
              <Description>"m_facing"</Description>
              <VariableType>Float</VariableType>
              <Address>+1C</Address>
            </CheatEntry>
            <CheatEntry>
              <ID>33</ID>
              <Description>"m_pitch"</Description>
              <VariableType>Float</VariableType>
              <Address>+20</Address>
            </CheatEntry>
            <CheatEntry>
              <ID>5</ID>
              <Description>"m_transportGUID"</Description>
              <ShowAsHex>1</ShowAsHex>
              <VariableType>8 Bytes</VariableType>
              <Address>+38</Address>
            </CheatEntry>
            <CheatEntry>
              <ID>6</ID>
              <Description>"m_moveFlags"</Description>
              <ShowAsHex>1</ShowAsHex>
              <VariableType>4 Bytes</VariableType>
              <Address>+40</Address>
            </CheatEntry>
            <CheatEntry>
              <ID>8</ID>
              <Description>"m_anchorPosition.x"</Description>
              <VariableType>Float</VariableType>
              <Address>+44</Address>
            </CheatEntry>
            <CheatEntry>
              <ID>9</ID>
              <Description>"m_anchorPosition.y"</Description>
              <VariableType>Float</VariableType>
              <Address>+48</Address>
            </CheatEntry>
            <CheatEntry>
              <ID>10</ID>
              <Description>"m_anchorPosition.z"</Description>
              <VariableType>Float</VariableType>
              <Address>+4C</Address>
            </CheatEntry>
            <CheatEntry>
              <ID>11</ID>
              <Description>"m_anchorFacing"</Description>
              <VariableType>Float</VariableType>
              <Address>+50</Address>
            </CheatEntry>
            <CheatEntry>
              <ID>12</ID>
              <Description>"m_anchorPitch"</Description>
              <VariableType>Float</VariableType>
              <Address>+54</Address>
            </CheatEntry>
            <CheatEntry>
              <ID>13</ID>
              <Description>"m_moveStartTime"</Description>
              <ShowAsHex>1</ShowAsHex>
              <VariableType>4 Bytes</VariableType>
              <Address>+58</Address>
            </CheatEntry>
            <CheatEntry>
              <ID>14</ID>
              <Description>"m_direction.x"</Description>
              <VariableType>Float</VariableType>
              <Address>+5C</Address>
            </CheatEntry>
            <CheatEntry>
              <ID>15</ID>
              <Description>"m_direction.y"</Description>
              <VariableType>Float</VariableType>
              <Address>+60</Address>
            </CheatEntry>
            <CheatEntry>
              <ID>16</ID>
              <Description>"m_direction.z"</Description>
              <VariableType>Float</VariableType>
              <Address>+64</Address>
            </CheatEntry>
            <CheatEntry>
              <ID>17</ID>
              <Description>"m_direction2d.x"</Description>
              <VariableType>Float</VariableType>
              <Address>+68</Address>
            </CheatEntry>
            <CheatEntry>
              <ID>18</ID>
              <Description>"m_direction2d.y"</Description>
              <VariableType>Float</VariableType>
              <Address>+6C</Address>
            </CheatEntry>
            <CheatEntry>
              <ID>19</ID>
              <Description>"m_cosAnchorPitch"</Description>
              <VariableType>Float</VariableType>
              <Address>+70</Address>
            </CheatEntry>
            <CheatEntry>
              <ID>20</ID>
              <Description>"m_sinAnchorPitch"</Description>
              <VariableType>Float</VariableType>
              <Address>+74</Address>
            </CheatEntry>
            <CheatEntry>
              <ID>21</ID>
              <Description>"m_fallStartTime"</Description>
              <ShowAsHex>1</ShowAsHex>
              <VariableType>4 Bytes</VariableType>
              <Address>+78</Address>
            </CheatEntry>
            <CheatEntry>
              <ID>22</ID>
              <Description>"m_fallStartElevation"</Description>
              <VariableType>Float</VariableType>
              <Address>+7C</Address>
            </CheatEntry>
            <CheatEntry>
              <ID>23</ID>
              <Description>"unk"</Description>
              <ShowAsHex>1</ShowAsHex>
              <VariableType>4 Bytes</VariableType>
              <Address>+80</Address>
            </CheatEntry>
            <CheatEntry>
              <ID>24</ID>
              <Description>"m_currentSpeed"</Description>
              <VariableType>Float</VariableType>
              <Address>+84</Address>
            </CheatEntry>
            <CheatEntry>
              <ID>25</ID>
              <Description>"m_walkSpeed"</Description>
              <VariableType>Float</VariableType>
              <Address>+88</Address>
            </CheatEntry>
            <CheatEntry>
              <ID>26</ID>
              <Description>"m_runSpeed"</Description>
              <VariableType>Float</VariableType>
              <Address>+8C</Address>
            </CheatEntry>
            <CheatEntry>
              <ID>27</ID>
              <Description>"m_reverseRunSpeed"</Description>
              <VariableType>Float</VariableType>
              <Address>+90</Address>
            </CheatEntry>
            <CheatEntry>
              <ID>28</ID>
              <Description>"m_swimSpeed"</Description>
              <VariableType>Float</VariableType>
              <Address>+94</Address>
            </CheatEntry>
            <CheatEntry>
              <ID>29</ID>
              <Description>"m_reverseSwimSpeed"</Description>
              <VariableType>Float</VariableType>
              <Address>+98</Address>
            </CheatEntry>
            <CheatEntry>
              <ID>30</ID>
              <Description>"m_turnRate"</Description>
              <VariableType>Float</VariableType>
              <Address>+9C</Address>
            </CheatEntry>
            <CheatEntry>
              <ID>31</ID>
              <Description>"m_jumpsomething"</Description>
              <VariableType>Float</VariableType>
              <Address>+A0</Address>
            </CheatEntry>
            <CheatEntry>
              <ID>32</ID>
              <Description>"unk // m_spline?"</Description>
              <VariableType>Float</VariableType>
              <Address>+A4</Address>
            </CheatEntry>
            <CheatEntry>
              <ID>34</ID>
              <Description>"some_timestamp"</Description>
              <ShowAsHex>1</ShowAsHex>
              <VariableType>4 Bytes</VariableType>
              <Address>+A8</Address>
            </CheatEntry>
          </CheatEntries>
        </CheatEntry>
      </CheatEntries>
      <UserdefinedSymbols/>
    </CheatTable>
    That CETable shows the player movement struct via the pointer chain mentioned previously which look to be correct.

    Originally Posted by wowwac View Post
    Edit 2: (Sorry for asking too many questions, but I'm 2 lazy to create another thread for this) Is it possible to turn player without manually constructing packets and sending them? CTM is out of question because it's total bugfest in vanilla (using 0x2 Face doesn't face the target, but north for some reason) I've tried to use the function at 0x7c6f30 but it's rotating in totally random directions when I call it...
    see "m_facing" in above struct.

    Also that function is not a player class function, its a movement class function:

    Code:
    007C6F30  void __thiscall CMovement::SetFacing(CMovement *this, float facing)
    Code:
    void __thiscall CMovement::SetFacing(CMovement *this, float facing)
    {
      CMovement *l_this; // esi@1
      int v3; // eax@2
    
      l_this = this;
      if ( fabs(facing - *&this->baseclass_0.m_facing) >= 0.00000095367432 )
      {
        *&this->baseclass_0.m_facing = facing;
        v3 = this->baseclass_0.m_moveFlags;
        if ( !(BYTE1(v3) & 0x20) )
          CMovement::UpdateAnchors(this, 0.0);
      }
      l_this->baseclass_0.m_moveFlags &= 0xFFFFFFCF;
    }
    edit: tutrakan beat me to my last edit.
    Last edited by danwins; 02-19-2018 at 08:57 PM.

  16. Thanks wowwac (1 members gave Thanks to danwins for this useful post)
  17. #551
    tutrakan's Avatar Contributor
    Reputation
    134
    Join Date
    Feb 2013
    Posts
    175
    Thanks G/R
    124/52
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by wowwac View Post
    ...
    EDIT: Nope, even from main thread it turns me to north every time... Am I defining it right?
    Code:
    typedef void(__thiscall *tTurn) (DWORD playerbase, float *angle);
    You are defining it right (except the 2nd param), but not naming it right for example:
    Code:
    void __thiscall CMovement::SetFacing(CMovement *this, float angle)
    
    or if you want a spoon feed, you have just to do this in c++:
    ((void*(__thiscall*)(int, float))0x007C6F30)(Player::GetBaseAddress() + 0x9A8, your_angle_in_radians_here);
    So, instead of passing the player pointer you have to pass the cmovement pointer for that player/unit as 1-st param and of course the second param is a value and not a pointer.

    He-he, danwins edited at the same time i answered too.
    Last edited by tutrakan; 02-19-2018 at 09:32 PM.

  18. Thanks danwins, wowwac (2 members gave Thanks to tutrakan for this useful post)
  19. #552
    wowwac's Avatar Member
    Reputation
    1
    Join Date
    Feb 2011
    Posts
    9
    Thanks G/R
    8/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thank you very much guys, it's working now... The issue was that I was not sending the angle directly, but rather the pointer to the angle... I guess I just missed it when I reversed it... Also the name "playerbase" was just first thing I came up with because I'm a lazy fuck and didn't bother finding out what it acutally was, but I was calling it like this
    Code:
    _Turn(Player::GetBaseAddress() + Offsets::TurnOffset, &angle);
    where Offsets::TurnOffset was 0x9a8, so the pointer was correct... I guess I should rename my offsets because it's getting messy af

    Also @danwins tyvm, the offsets are working for me now, I guess I'm a retard... It was also 3am when I tried it so that didn't help either...

  20. #553
    doctorbeefy's Avatar Member
    Reputation
    1
    Join Date
    Jun 2015
    Posts
    6
    Thanks G/R
    1/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    DarkLinux,

    I see 0x005DF2F0 is the address for looting NPCs while moving but it seems that Herbs and Chests are under a different address. Do you have any idea what this address is?

    also sorry about my low post count I rarely post here as I am just getting into this stuff.
    Last edited by doctorbeefy; 02-20-2018 at 07:23 PM.

  21. #554
    wowwac's Avatar Member
    Reputation
    1
    Join Date
    Feb 2011
    Posts
    9
    Thanks G/R
    8/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by doctorbeefy View Post
    DarkLinux,

    I see 0x005DF2F0 is the address for looting NPCs while moving but it seems that Herbs and Chests are under a different address. Do you have any idea what this address is?

    also sorry about my low post count I rarely post here as I am just getting into this stuff.
    You mean 0x5F8660? I use that for right clicking/looting objects...

  22. #555
    doctorbeefy's Avatar Member
    Reputation
    1
    Join Date
    Jun 2015
    Posts
    6
    Thanks G/R
    1/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    0x005DF2F0 is the check for if standing still while looting or not

Similar Threads

  1. [WoW][3.3.5.12340] Info Dump Thread
    By Nesox in forum WoW Memory Editing
    Replies: 83
    Last Post: 04-28-2018, 03:32 PM
  2. [WoW][4.0.3.13329] Info Dump Thread
    By TOM_RUS in forum WoW Memory Editing
    Replies: 73
    Last Post: 02-06-2011, 06:37 AM
  3. [WoW][4.0.1.13164] Info Dump Thread
    By Seifer in forum WoW Memory Editing
    Replies: 29
    Last Post: 01-18-2011, 09:14 AM
  4. [WoW][4.0.1.13205] Info Dump Thread
    By DrGonzo in forum WoW Memory Editing
    Replies: 12
    Last Post: 11-11-2010, 02:34 PM
  5. [WoW][3.3.3.11723] Info Dump Thread
    By miceiken in forum WoW Memory Editing
    Replies: 2
    Last Post: 03-27-2010, 04:42 PM
All times are GMT -5. The time now is 11:42 PM. Powered by vBulletin® Version 4.2.3
Copyright © 2024 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2024 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search