And again spell Cooldowns question

[HexNeo]

Please help with finding blue (or red) pill
I will describe what I have tryed already:

Was looking inside Spell_C::GetSpellCooldown
trying to make working code

uint spellsOnCooldown = 0x998600; // according g_SpellDB was trying both this
// uint spellsOnCooldown = 0x998360; // according g_SpellCooldownsDB and this also

uint currentListObject = ReadUInt(spellsOnCooldown + 0x8 );
// uint currentListObject = ReadUInt(spellsOnCooldown); // such variant was tryed also

while ((currentListObject != 0) /* && ((currentListObject & 1) == 0) */) {
int currentSpellId = ReadInt(currentListObject + 0x8 );
int start = ReadInt(currentListObject + 0x10);
int cd1 = ReadInt(currentListObject + 0x14);
int cd2 = ReadInt(currentListObject + 0x20);

//Get next list object
currentListObject = ReadUInt(currentListObject + 4);
}

Even currentListObject looking like wrong value and not right value.

This method of getting cooldowns is depricated? Or? What is right way to get cooldowns?

Thanks a lot

[Bananenbrot]

Assuming that you took TOM_RUS' IDA database which does no dynamic relocation of the address space (google aslr at msdn if unknown) and you didn't disable ASLR for yourself, you have to substract a static 0x400000 (WoW's standard image base) from your offset and add that offset to WoW's actual base address, obtainable via Process.MainModule.BaseAddress. e.g.

Code:

uint currentListObject = ReadUInt(wowProcess.MainModule.BaseAddress + spellsOnCooldown + 0x8 );

May be only one of several other errors.

[HexNeo]

I am using

uint spellsOnCooldown = 0x998600; // according g_SpellDB TOM_RUS one is 0xD98600 was trying both this
// uint spellsOnCooldown = 0x998360; // according g_SpellCooldownsDB TOM_RUS one is 0xD98360 and this also

already rebased by 0x400000



and my ReadUInt adding wowProcess.MainModule.BaseAddress also

any ideas ?

[_Mike]

and my ReadUInt adding wowProcess.MainModule.BaseAddress also

Don't do that. Only add the module address for static offsets. Any pointers you read are already "rebased".

[HexNeo]

Don't do that. Only add the module address for static offsets. Any pointers you read are already "rebased".

what do you mean under module address? wowProcess.MainModule.BaseAddress?

took so, long to reply because tried all variants

uint currentListObject = ReadUInt(wowProcess.MainModule.BaseAddress + spellsOnCooldown + 0x8 ); // returns 9902 strange number not like offset
uint currentListObject = ReadUInt(spellsOnCooldown + 0x8 ); // returns 0
uint currentListObject = ReadUInt(spellsOnCooldown); // returns 0

uint currentListObject = ReadUInt(wowProcess.MainModule.BaseAddress + spellsOnCooldown ); // returns 27034656, better, but next move
int currentSpellId = ReadInt(wowProcess.MainModule.BaseAddress + currentListObject + 0x8 ); // returned bytes that can not be translated as int
and
int currentSpellId = ReadInt(currentListObject + 0x8 ); // returned 19640384 not spell_ID

still not understand, what is right way? why?

thnx all who reading this post.

[matamore]

uint currentListObject = ReadUInt(wowProcess.MainModule.BaseAddress + spellsOnCooldown + 0x8 );
should be right.

but uint spellsOnCooldown = 0x998600; is wrong

look for "this" in function: sub_4AD6A0

btw - your arent looking for g_SpellCooldownsDB

[HexNeo]

look for "this" in function: sub_4AD6A0

Are you sure you gived me right name?

I did not found such even using alt+t

[_Mike]

what do you mean under module address? wowProcess.MainModule.BaseAddress?

I mean that you shouldn't explicitly add the base address in your read function. Do it when it's needed, not all the time.

Are you sure you gived me right name?

I did not found such even using alt+t

The address is right, but also wrong, depending on if your database is rebased or not.

[HexNeo]

brr now I am totally confused?

How can I find is it rebased or not? May be some good post here on forum?

search -> reabsed not helped

As I understand under database you mean g_SpellCooldownsDB? or?

[_Mike]

brr now I am totally confused?

How can I find is it rebased or not? May be some good post here on forum?

search -> reabsed not helped

As I understand under database you mean g_SpellCooldownsDB? or?

I mean your IDA database.
Go to the top of the disassembly listing. If it says "Imagebase: 400000" it's not rebased. Any other number (but usually 0, any other base wouldn't make much sense) and it is.
matamore posted a rebased offset, so add (whatever your image base is) to it to get the correct address.
As for how to know if an address is rebased or not.. Try jumping to it (hotkey 'g' in ida, you can enter either an address or a name) and if it doesn't exist or if it doesn't make any sense then there's a high chance that you have to recalculate it. Sometimes it can be hard to tell if an address "makes sense" or not, but in this case he gave the name "sub_4AD6A0" so we know that it should be the start of a function.

[HexNeo]

I am trying and trying

my Imagebase is 400000 because I am loking to TOM_RUS WoW_15354.idb

I do not have sub_AD6A0 (substract 400000) and I do not have sub_8AD6A0 (add 400000).

I understand that sub_4AD6A0 is function but, can not find it.

I used some post from here ([3.1.3] [Info] Getting Spell Cooldowns) to get cooldowns, so code was taken from it.


uint spellsOnCooldown = 0x998360; // according g_SpellCooldownsDB
uint currentListObject = ReadUInt(spellsOnCooldown + 0x8 );
while ((currentListObject != 0) /* && ((currentListObject & 1) == 0) */) {
int currentSpellId = ReadInt(currentListObject + 0x8 );
int start = ReadInt(currentListObject + 0x10);
int cd1 = ReadInt(currentListObject + 0x14);
int cd2 = ReadInt(currentListObject + 0x20);

//Get next list object
currentListObject = ReadUInt(currentListObject + 4);
}

Somebody please help :confused: I am so confused already.

[TOM_RUS]

Code:

.text:008AD6A0                   Spell_C::GetSpellCooldown

in my IDB

Code:

int __cdecl Spell_C::GetSpellCooldown_Proxy(int spellid, int type, int *a3, int *a4, int *a5, int *a6)
{
  // type 0 - player?
  // type 1 - pet?
  return Spell_C::GetSpellCooldown(&dword_ECB924[6 * type], spellid, 0, a3, a4, a5, a6);
}

I guess dword_ECB924 is what you looking for?

[HexNeo]

first of all TOM_RUS is za best! and my favorite here
TOM I was in Spell_C::GetSpellCooldow million times in this week and more than 1 000 times today

so the whole idea is to get v8 from g_SpellDB and that why I asking how to read it

I see that right place is v8 (v8 = *((_DWORD *)g_SpellDB.Rows + spell_ID - g_SpellDB.minIndex), (v48 = v8 ) == 0) , but did not understand how to get g_SpellDB

I know that g_SpellDB is WoWClientDB and accordiing to your IDB it must be at 0x998600 (rebased from D98600 by 400000) pointer to db but I was ReadUInt from this address by diffrent ways (rebased not rebase and so on) and got nothing


uint currentListObject = ReadUInt(wowProcess.MainModule.BaseAddress + spellsOnCooldown + 0x8 ); // returns 9902 strange number not like offset
uint currentListObject = ReadUInt(spellsOnCooldown + 0x8 ); // returns 0
uint currentListObject = ReadUInt(spellsOnCooldown); // returns 0

uint currentListObject = ReadUInt(wowProcess.MainModule.BaseAddress + spellsOnCooldown ); // returns 27034656, better, but next move
int currentSpellId = ReadInt(wowProcess.MainModule.BaseAddress + currentListObject + 0x8 ); // returned bytes that can not be translated as int
and
int currentSpellId = ReadInt(currentListObject + 0x8 ); // returned 19640384 not spell_ID


so where is my mistake?

[TOM_RUS]

You don't need g_SpellDB, it stores only static spell data. Read my previous post again.

[_Mike]

Just a little FYI: (I've got an OCD for naming things correctly )

dword_ECB924 is s_spellHistory
sub_8AD6A0 is SpellHistory::GetCooldown
sub_8AF370 is Spell_C_GetSpellCooldown (not a class method)

Based on the 4.1.0 debug build. (the names that is, offsets are from 15354)