[4.3] GetBattlefieldStatus Help

[D3ADLiN3]

Hi,

Since the new patch I am having problems with GetBattlefieldStatus:
My code was working on the previous patch, and I have updated all the offsets, but this is the only thing which doesn't seem to work :confused:

Extract of the code I am using: (AutoIt):

Code:

#include <NomadMemory.au3>
SetPrivilege("SeDebugPrivilege", 1)

Global $PlayerName              = 0x9BE6B8
Global $GetBattleFieldStatus    = 0x012770

$ID = ProcessExists("Wow.exe")
If ProcessExists("Wow.exe") = 0 Then
    MsgBox(0, "Error!", "WoW is not running!")
    Exit
EndIf

$OpenMem      = _MemoryOpen(WinGetProcess("World of Warcraft"))
$BaseAddr     = _MemoryGetBaseAddress($OpenMem, 1)

Func get_PlayerName()
    $a_PlayerName               = "0x" & Hex($BaseAddr + $PlayerName)
    $b_PlayerName               = _MemoryRead($a_PlayerName, $OpenMem, 'char[16]')
    return $b_PlayerName
EndFunc

Func get_GetBattleFieldStatus()
    $a_GetBattleFieldStatus        = "0x" & Hex($BaseAddr + $GetBattleFieldStatus)
    $b_GetBattleFieldStatus        = _MemoryRead($a_GetBattleFieldStatus, $OpenMem)
    return $b_GetBattleFieldStatus
EndFunc

ConsoleWrite("DEBUG: $PlayerName: " & get_PlayerName() & @CRLF)
ConsoleWrite("DEBUG: $GetBattleFieldStatus: " & get_GetBattleFieldStatus() & @CRLF)

When I run my code I get a result back:

Code:

DEBUG: $PlayerName: LeeroyJenkins
DEBUG: $GetBattleFieldStatus: 3838641291

I had a look at the function 'Send_CMSG_BATTLEFIELD_STATUS" in IDA, and I *believe* the Offset I'm using is correct:

Code:

v3 = dword_D12770;
   
   ...snip...
   
   switch ( *((_DWORD *)v3 + 13) )
   {
     case 0:
    v8 = (int)"none";
    break;
     case 1:
    v8 = (int)"queued";
    break;
     case 2:
    v8 = (int)"confirm";
    break;
     case 4:
    v8 = (int)"active";
    break;
     default:
    v8 = (int)"error";
    break;
   }

Can anybody give me a hint to what I am doing wrong?

Thanks

[Robske]

*((_DWORD *)v3 + 13)

[Jadd]

Also 0x00D12770 - 0x00400000 != 0x00012770

[~Unknown~]

Also 0x00D12770 - 0x00400000 != 0x00012770

This here what Jadd pointed out seems to be your problem. Lemme fix that for ya. 0x912770 should work.

[D3ADLiN3]

This here what Jadd pointed out seems to be your problem. Lemme fix that for ya. 0x912770 should work.

Yea I saw Jadds post and /facepalmed, next time I will stick to using a Hex Calculator rather than doing it in my head

I'm still not having much luck even with the correct offset, any other hints to what I am doing wrong? :confused:
Now I am getting a response back of 'PAUWarGameType@@'

I take it 'v3' is the GetBattlefieldStatus index?

[miceiken]

It says pretty clear what v3 is.

Code:

v3 = dword_D12770;

I'm not a good reverser but it looks to me as if you need to read [[offset] + 13]

[Tanaris4]

This is what I ended up having to do on OS X, I'm sure it's very similar:

Code:

#define BG_STATUS_NEXT_PTR      0x4
#define BG_STATUS               0x2C
#define BG_ESTIMATED_WAIT_TIME  0x40
#define BG_TIME_WAITED_OFFSET   0x44

//  4.3.0 15005
// 0x4      next struct (if &1 is valid then you're only queued for one BG!)
// 0x20     BG id# (that was use in our queue macro)
// 0x2C     status
// 0x34     level 
// 0x40     average wait time in seconds
// 0x44     time waiting started

- (UInt32)getBattlegroundStructPtr:(int)index{
    
    if ( index > 1 )
		return 0;
    
    MemoryAccess *memory = [[Controller sharedInstance] wowMemoryAccess];
    
    if ( memory && [memory isValid] ){
        
        UInt32 value = 0;
        [memory readMemoryAtAddress:[[OffsetController sharedInstance] offset:@"Lua_GetBattlefieldStatus"]Buffer:(Byte*)&value BufLength:sizeof(value)];
        
        // invalid
        if ( value & 1 ){
            return 0;
        }
        
        // first BG
        if ( index == 0 ){
            return value;
        }
        // see if we have a second BG
        else{
            [memory readMemoryAtAddress:value + BG_STATUS_NEXT_PTR Buffer:(Byte*)&value BufLength:sizeof(value)];
            if ( value & 1 ){
                return 0;
            }
            
            return value;
        }
    }
    
    return 0;
}

- (unsigned int)getTimeWaited:(unsigned int)index{
	
    int ptr = [self getBattlegroundStructPtr:index];
    
    if ( ptr > 0 ){
        MemoryAccess *memory = [[Controller sharedInstance] wowMemoryAccess];
        UInt32 value = 0;
        [memory readMemoryAtAddress:ptr + BG_TIME_WAITED_OFFSET Buffer:(Byte*)&value BufLength:sizeof(value)];
        
        return ([[Controller sharedInstance] PerformanceCounter] - value) / 1000;
        
    }
    
    return 0;
}

- (unsigned int)getAverageWaitTime:(unsigned int)index{
	
    int ptr = [self getBattlegroundStructPtr:index];
    
    if ( ptr > 0 ){
        MemoryAccess *memory = [[Controller sharedInstance] wowMemoryAccess];
        UInt32 value = 0;
        [memory readMemoryAtAddress:ptr + BG_ESTIMATED_WAIT_TIME Buffer:(Byte*)&value BufLength:sizeof(value)];
        return value / 1000;
    }

    return 0;
}

- (unsigned int)battlegroundStatus:(unsigned int)index{
	
    int ptr = [self getBattlegroundStructPtr:index];
    
    if ( ptr > 0 ){
        MemoryAccess *memory = [[Controller sharedInstance] wowMemoryAccess];
        
        UInt32 value = 0;
        [memory readMemoryAtAddress:ptr + BG_STATUS Buffer:(Byte*)&value BufLength:sizeof(value)];
        if ( value < BGNone || value > BGActive ){
            return -1;
        }

        return value;
    }
	
	return -1;	
}

[Jadd]

Your Hex-Rays is broken:
*((_DWORD *)v3 + 13)
Should really be
*((_DWORD *)v3 + 52)

Because it's a switch ([eax*4])



Edit: [[Base + 0x00912770] + 0x34]

You're welcome

[namreeb]

Umm, that looks right to me? 13 DWORDs away *is* +0x34.

[dowigr]

Thankx Jadd,

I was also strugleing with this because I failed to see that there is a double read. I don't have the Hex-Rays so I just read the ASM code, but that is not a big problem, it just takes a little longer to reverse the code.

I am a little disapoionted that it looks like the old battleground structure no longer existss. Until 4.3 I used to use single reads from the structure:
internal enum Battleground
{
BattlegroundInfo = 0xXXXXXXXX,

BattlegroundInfo_Id = BattlegroundInfo + 0x0,
BattlegroundInfo_Status = BattlegroundInfo + 0x0C,
selectedBattleGroundID = BattlegroundInfo + 0x94,
BattlegroundStartTickcount = BattlegroundInfo + 0xD8,
IsBattlegroundFinished = BattlegroundInfo + 0xE0,

BattlegroundWinner = BattlegroundInfo + 0xE4,
pvpExitWindow = BattlegroundInfo + 0xE8,
BattlegroundInfo_ArraySize = 0x40,
}

If this still exists in some capacity I would very much appreciate a nudge in the right direction. I am still out of commission for honor farming as of yet. Seems I am not the only one.

Thanks again!

d

[dowigr]

HAs anybody found the new:
/// <summary>
/// Battleground
/// </summary>
public enum Battleground
{
statPvp = 0xAF7EAC, <-- not this one.. we have that now in this thread.
pvpExitWindow = 0xAF7F88,
selectedBattleGroundID = 0xAF7F34,
}

SelectedBAttlegroundID and pvpexit window are proving to be very hard for me to find in IDA...

I'll take tips on how to find them. Actually I would prefer if someone would point me in the right direction to find them, so I can find them again next patch too.

[~Unknown~]

HAs anybody found the new:
/// <summary>
/// Battleground
/// </summary>
public enum Battleground
{
statPvp = 0xAF7EAC, <-- not this one.. we have that now in this thread.
pvpExitWindow = 0xAF7F88,
selectedBattleGroundID = 0xAF7F34,
}

SelectedBAttlegroundID and pvpexit window are proving to be very hard for me to find in IDA...

I'll take tips on how to find them. Actually I would prefer if someone would point me in the right direction to find them, so I can find them again next patch too.

I'm not skilled at reversing and not really familiar with the offsets your looking for. I'd suggest either listing the relevant WoW API if you know where it comes from or explain what exactly the offset is supposed to retrieve and maybe I can help. I did however look up selectedBattleGroundID and used GetBattlegroundInfo in order to perhaps help since that API returns a battlegroundID based on the index provided. I'll put the Pseudocode with some of my comments I added that might be helpful to you.

Code:

signed int __cdecl Script_GetBattlegroundInfo(int a1)
{
  signed int result; // eax@2
  int v2; // esi@3
  __int64 v3; // qax@3
  void *v4; // ebx@3
  int v5; // eax@6
  int v6; // esi@6
  int v7; // esi@16
  int v8; // eax@18
  int v9; // [sp+10h] [bp-8h]@0
  char v10; // [sp+14h] [bp-4h]@7

  if ( !lua_isnumber(a1, 1) )
  {
    luaL_error(a1, "Usage: GetBattlegroundInfo(index)", v9);
    return 0;
  }
  v2 = (signed int)lua_tonumber(a1, 1) - 1;
  LODWORD(v3) = ClntObjMgrGetActivePlayer();
  v4 = ClntObjMgrObjectPtr(
         v3,
         TYPEMASK_PLAYER,
         "d:\\BuildServer\\WoW\\6\\work\\WoW-code\\branches\\wow-patch-4_3_0-branch\\WoW\\Source\\Object/ObjectClient/Player_C.h",
         176);
  if ( v4 && v2 >= 0 && v2 < (signed int)dword_B36BC4 && (v5 = sub_53E2B0(v2), (v6 = ClientDB::GetRow(v5)) != 0) )
  {
    lua_pushstring(a1, *(_DWORD *)(v6 + 44));   // Push Localized battleground name
    if ( (unsigned __int8)sub_53F280(*(_DWORD *)(*((_DWORD *)v4 + 62) + 160), v6, &v10) )
      lua_pushnumber(a1, 1.0);                  // Push canEnter Flag
    else
      lua_pushnil(a1);
    if ( GetWorldState(*(_DWORD *)(v6 + 52)) )
      lua_pushnumber(a1, 1.0);                  // push isHoliday Flag
    else
      lua_pushnil(a1);
    if ( *(_DWORD *)v6 == 32 )
      lua_pushnumber(a1, 1.0);                  // push isRandom Flag
    else
      lua_pushnil(a1);
    lua_pushnumber(a1, (double)*(signed int *)v6);             // Start BatteGroundID work
    v7 = ClientDB::GetRow(*(_DWORD *)(v6 + 4));
    if ( !v7 )
      return 5;
    v8 = CGPlayer_C::GetPVPFactionIndex(v4);
    if ( v8 )
    {
      if ( v8 == 1 )
      {
        lua_pushstring(a1, *(_DWORD *)(v7 + 36));
        return 6;
      }
    }
    else
    {
      lua_pushstring(a1, *(_DWORD *)(v7 + 32));
    }
    result = 6;
  }
  else
  {
    result = 0;
  }
  return result;
}

[MaiN]

Your Hex-Rays is broken:
*((_DWORD *)v3 + 13)
Should really be
*((_DWORD *)v3 + 52)

Someone needs to learn about pointer arithmetic..!

[dowigr]

Thanks fro the reply ~Unknown~,

and Big thanks for the psudo! That is a lot nicer to look at than the ASM i am looking at. I have yet to find a free hex-rays plugin that does not have a Trojan buried in it...

Sorry for any confusion. I'll be more specific.

pvpexitwindow used to be > 0 when the exit window poped at the end of a battleground.
SelectedBattlegroundID was an int, that would show what BG type you had highlighted in the Battleground window. ie AV == 1, TwinPeaks == 108.

This is how I used to control which BG I joined cause I have not made maps fro all the battlegrounds yet.

I have looked at GetBattlegroundInfo, and other similar functions, at nauseum before I posted here for help. I don't see anything that would refer to the enum I am looking for here. It all looks like it is returning an ID that would identify the BG instance, not the type.

If I am wrong, or anybody knows what the heck I am talking about and knows where to look, I would love some help. Thanks in advance!

[~Unknown~]

Thanks fro the reply ~Unknown~,

and Big thanks for the psudo! That is a lot nicer to look at than the ASM i am looking at. I have yet to find a free hex-rays plugin that does not have a Trojan buried in it...

Sorry for any confusion. I'll be more specific.

pvpexitwindow used to be > 0 when the exit window poped at the end of a battleground.
SelectedBattlegroundID was an int, that would show what BG type you had highlighted in the Battleground window. ie AV == 1, TwinPeaks == 108.

This is how I used to control which BG I joined cause I have not made maps fro all the battlegrounds yet.

I have looked at GetBattlegroundInfo, and other similar functions, at nauseum before I posted here for help. I don't see anything that would refer to the enum I am looking for here. It all looks like it is returning an ID that would identify the BG instance, not the type.

If I am wrong, or anybody knows what the heck I am talking about and knows where to look, I would love some help. Thanks in advance!

Ah ok thanks for being more specific. Here's what I use for seeing if the BG is done. I used the GetBattlefieldWinner API to find the offset I want to read. I rebase my database so careful.

Code:

signed int __cdecl Script_GetBattlefieldWinner(int a1)
{
  signed int result; // eax@2

  if ( dword_B365B8 )
  {
    lua_pushnumber(a1, (double)(unsigned int)dword_B365BC);
    result = 1;
  }
  else
  {
    lua_pushnil(a1);
    result = 1;
  }
  return result;
}

As far as determining the selected battlegroundID I'm not entirely sure. if you are using it to join battlegrounds I'd look at API JoinBattlefield - WoWWiki - Your guide to the World of Warcraft instead. Otherwise you might be looking for the old function GetSelectedBattlefield() which appears to have been removed in 4.0 according to the wiki.