How to work with PH_SMSG_*  functions in 4.2.x menu

User Tag List

Page 2 of 2 FirstFirst 12
Results 16 to 25 of 25
  1. #16
    MaiN's Avatar Elite User
    Reputation
    335
    Join Date
    Sep 2006
    Posts
    1,047
    Thanks G/R
    0/10
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by LordJZ View Post
    MaiN, my table and yours are different. The thing you've done is simple, now try getting your own copy of my table. Cheers!
    Where/how are they different (check the newest one I dumped)?

    Originally Posted by jjaa View Post
    Interesting, so, out of curiosity, what is your method for dumping all of the OpCodes?
    Code:
    internal unsafe class Program
    {
        private static void ReadRelative(Process proc, IntPtr address, void* buffer, int numBytes)
        {
            Read(proc, new IntPtr((void*)(proc.MainModule.BaseAddress.ToInt64() + address.ToInt64())), buffer, numBytes);
        }
    
        private static void Read(Process proc, IntPtr address, void* buffer, int numBytes)
        {
            int numRead;
            if (!Imports.ReadProcessMemory(proc.Handle, address, buffer, numBytes, out numRead) || numRead != numBytes)
                throw new Win32Exception();
        }
    
        private static void Main(string[] args)
        {
            Process proc = Process.GetProcessesByName("wow").FirstOrDefault();
            if (proc == null)
                return;
    
            IntPtr netClient;
            ReadRelative(proc, new IntPtr(0x97DA5C), &netClient, sizeof(IntPtr));
    
            List<Tuple<uint, uint>> found = new List<Tuple<uint, uint>>();
    
            Dictionary<uint, uint> alreadyFound = new Dictionary<uint, uint>();
    
            for (int i = 0; i <= ushort.MaxValue; i++)
            {
                uint opcode = (uint)i;
                if ((opcode & 0x2399) == 769)
                {
                    uint unscrambled = ((opcode & 6 | ((opcode & 0x60 | ((opcode & 0x1C00 | (opcode >> 1) & 0x6000) >> 3)) >> 2)) >> 1);
                    if (unscrambled - 1 > 509)
                        continue;
    
                    byte index;
                    ReadRelative(proc, new IntPtr(0x25D4E8 + unscrambled - 1), &index, sizeof(byte));
    
                    uint jumpAddr;
                    ReadRelative(proc, new IntPtr(0x25D1A0 + index * 4), &jumpAddr, sizeof(uint));
    
                    if (jumpAddr == proc.MainModule.BaseAddress.ToInt64() + 0x25D193)
                        continue;
    
                    found.Add(Tuple.Create(unscrambled, opcode));
                }
                else
                {
                    if ((opcode & 0x2322) != 8738 || opcode == 57919 || opcode == 26159)
                        continue;
    
                    uint unscrambled = opcode & 1 | ((opcode & 0x1C | (((opcode & 0xC0) | ((opcode & 0x1C00 | (opcode >> 1) & 0x6000) >> 2)) >> 1)) >> 1);
    
                    uint addressCookie;
                    Read(proc, netClient + 1376 + 4*(int)unscrambled, &addressCookie, sizeof(uint));
    
                    if (addressCookie == 0)
                        continue;
    
                    uint address = addressCookie - ((opcode | (opcode << 16)) ^ 0x62A3A31D);
    
                    MemoryBasicInformation memBasicInfo;
                    if (Imports.NtQueryVirtualMemory(proc.Handle, new IntPtr((void*)address), MemoryInformationClass.MemoryBasicInformation, &memBasicInfo, (uint)sizeof(MemoryBasicInformation), null) < 0)
                        continue;
    
                    if (memBasicInfo.Type != 0x1000000 || memBasicInfo.AllocationBase != proc.MainModule.BaseAddress)
                        continue;
    
                    if (!alreadyFound.ContainsKey(unscrambled))
                    {
                        alreadyFound.Add(unscrambled, opcode);
                        found.Add(Tuple.Create(unscrambled, opcode));
                    }
                    else
                        Console.WriteLine("0x{0:X} -> 0x{1:X} (warning: already found as 0x{2:X})", unscrambled, opcode, alreadyFound[unscrambled]);
                }
            }
    
            foreach (Tuple<uint, uint> t in found.OrderBy(t => t.Item1))
                Console.WriteLine("0x{0:X} -> 0x{1:X}", t.Item1, t.Item2);
        }
    }
    [16:15:41] Cypher: caus the CPU is a dick
    [16:16:07] kynox: CPU is mad
    [16:16:15] Cypher: CPU is all like
    [16:16:16] Cypher: whatever, i do what i want

    How to work with PH_SMSG_*  functions in 4.2.x
  2. #17
    LordJZ's Avatar Member
    Reputation
    11
    Join Date
    Jan 2009
    Posts
    28
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by MaiN View Post
    Where/how are they different (check the newest one I dumped)?
    ...
    http://www.ownedcore.com/forums/worl...ml#post2095863

  3. #18
    MaiN's Avatar Elite User
    Reputation
    335
    Join Date
    Sep 2006
    Posts
    1,047
    Thanks G/R
    0/10
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Again, how are they different? Are you talking about your.. comment? Or your handler address? Because that's just outputting my "jumpAddr" and "address" in the code I showed above. Both of our tables have exactly 682 lines.
    [16:15:41] Cypher: caus the CPU is a dick
    [16:16:07] kynox: CPU is mad
    [16:16:15] Cypher: CPU is all like
    [16:16:16] Cypher: whatever, i do what i want

  4. #19
    eduard41's Avatar Private
    Reputation
    1
    Join Date
    Aug 2011
    Posts
    4
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    jjaa, thanks you very much, if not this tool would not have been born ^^
    Opcode Spitting Parrot.rar - 4shared.com - online file sharing and storage - download

  5. #20
    TOM_RUS's Avatar Legendary
    Reputation
    914
    Join Date
    May 2008
    Posts
    699
    Thanks G/R
    0/52
    Trade Feedback
    0 (0%)
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Isn't there an bit array in client binary with valid condensed opcode id's?

  6. #21
    eduard41's Avatar Private
    Reputation
    1
    Join Date
    Aug 2011
    Posts
    4
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by TOM_RUS View Post
    Isn't there an bit array in client binary with valid condensed opcode id's?
    That makes sense, client needs to somehow map external opcodes to internal ones, but uhmm, where is it?

  7. #22
    MaiN's Avatar Elite User
    Reputation
    335
    Join Date
    Sep 2006
    Posts
    1,047
    Thanks G/R
    0/10
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by TOM_RUS View Post
    Isn't there an bit array in client binary with valid condensed opcode id's?
    There may be, I didn't find it when I was looking at NetClient::Process though.
    [16:15:41] Cypher: caus the CPU is a dick
    [16:16:07] kynox: CPU is mad
    [16:16:15] Cypher: CPU is all like
    [16:16:16] Cypher: whatever, i do what i want

  8. #23
    TOM_RUS's Avatar Legendary
    Reputation
    914
    Join Date
    May 2008
    Posts
    699
    Thanks G/R
    0/52
    Trade Feedback
    0 (0%)
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by MaiN View Post
    There may be, I didn't find it when I was looking at NetClient::Process though.
    Bit array at 0x00B8B508 (not rebased) used while sending packets. Blizzard calls it "g_ClientLegacy_RoutingTable".

  9. #24
    MaiN's Avatar Elite User
    Reputation
    335
    Join Date
    Sep 2006
    Posts
    1,047
    Thanks G/R
    0/10
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by TOM_RUS View Post
    Bit array at 0x00B8B508 (not rebased) used while sending packets. Blizzard calls it "g_ClientLegacy_RoutingTable".
    Hah - that makes it even easier!

    EDIT: Actually wait, if they are valid condensed opcodes, it's not really useful.
    Last edited by MaiN; 08-13-2011 at 01:17 PM.
    [16:15:41] Cypher: caus the CPU is a dick
    [16:16:07] kynox: CPU is mad
    [16:16:15] Cypher: CPU is all like
    [16:16:16] Cypher: whatever, i do what i want

  10. #25
    LordJZ's Avatar Member
    Reputation
    11
    Join Date
    Jan 2009
    Posts
    28
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by MaiN View Post
    ...that's just outputting my "jumpAddr" and "address" in the code I showed above...
    No, it's not. ~

Page 2 of 2 FirstFirst 12

Similar Threads

  1. How to work with recruiter field in account database ?
    By supa86000 in forum WoW EMU Questions & Requests
    Replies: 1
    Last Post: 08-26-2015, 03:09 AM
  2. How can I make my server work with a static ip?
    By freezer1012 in forum World of Warcraft Emulator Servers
    Replies: 0
    Last Post: 12-01-2007, 11:57 PM
  3. [Question] How come nothing works with Vista
    By Pellydelly in forum WoW ME Questions and Requests
    Replies: 3
    Last Post: 11-02-2007, 12:46 PM
  4. How to work with multiple .blp's
    By Abcdetc in forum WoW ME Questions and Requests
    Replies: 4
    Last Post: 08-14-2007, 06:17 AM
  5. Replies: 27
    Last Post: 08-13-2007, 07:03 AM
All times are GMT -5. The time now is 10:14 AM. Powered by vBulletin® Version 4.2.3
Copyright © 2025 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2025 DragonByte Technologies Ltd.
Google Authenticator verification provided by Two-Factor Authentication (Free) - vBulletin Mods & Addons Copyright © 2025 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search