Hello everyone, I'm sorry in advance if this is not the right place to ask for such help but I'm an newbie w/o any previous disassembler experience seeking for any knowledge on how to extract opcodes from World of Warcraft game client.
As far as I read to achieve what I want there are some things needed:
1. Ida disassembler (got v6.1)
2. Ida db for particular wow client ver. (got one by TOM_RUS for client 14480)
3. Ofsets at which handler functions are located in game client executable (Paste2: Next Generation Pastebin - Viewing Paste 1572547 by TOM_RUS for client ver 14480.)
Now, the stupid question part.
1. What does mean "offsets are not rebased"? That is, I did a full decompile of game executable in ida and then searched for any of those handler function fuctions using the TOM_RUS offsets. Ida finds everything correctly, so why should people be warned that ofsets are not rebased?
2. Whats the process of sniffing SMSG opcodes? For eg. I want to sniff opcode for SMSG_AUTH_CHALLENGE? In TOM_RUS offset list I see 3 occurences of *_SMSG_AUTH_CHALENGE function, because SMSG is server->client i should probably look into "6B47C0 PacketRead_SMSG_AUTH_CHALLENGE"? From full decompile i get this function:
Code:
char __thiscall PacketRead_SMSG_AUTH_CHALLENGE(void *this, int a2)
{
void *v2; // esi@1
v2 = this;
CDataStore::GetInt32((char *)this + 16);
CDataStore::GetInt32((char *)v2 + 24);
CDataStore::GetInt32((char *)v2 + 44);
CDataStore::GetInt32((char *)v2 + 28);
CDataStore::GetInt32((char *)v2 + 52);
CDataStore::GetInt8(a2, (int)((char *)v2 + 48));
CDataStore::GetInt32((char *)v2 + 32);
CDataStore::GetInt32((char *)v2 + 20);
CDataStore::GetInt32((char *)v2 + 36);
CDataStore::GetInt32((char *)v2 + 40);
return 1;
}
Now the question is, how I can find what opcode this function expects?
I will be extremely grateful to whomever teaches me how to do this black magic.