[WoW][5.0.4.16016] x86 Info Dump Thread

[Apoc]

there is a list in memory containing spellID/replacement SpellId, and it's complete so far.

I haven't found this list anywhere, care to share?

[mtz]

if you read currentMgr + 0xc4 it has a static size in it of 0x38.

if you look at the enumvisibleobject code it reads currentMgr + 0xc4 and adds 4 to it = 0x3c

then it adds it to current object to get the next object.

-counted

but where does +4 it came from?

[guizmows]

I haven't found this list anywhere, care to share?

check thoses two address (rebased)


TalentSpellStart = 0xA8AC98, //sub_5C0920 (Wow5.0.4) in CastSpellByName
TalentSpellNext = 0xA8AC90, //sub_5C0920 (Wow5.0.4) in CastSpellByName

Code:

var start = WowMem.ReadRebased<int>(TalentSpellStart);
var next =   WowMem.Read<int>((uint)(WowMem.ReadRebased<int>(TalentSpellNext) + start + 4));

var overridenSpellId = WowMem.Read<int>(start);
var talentSpell = WowMem.Read<int>(start + 24);

[TOM_RUS]

but where does +4 it came from?

Code:

bool __cdecl ClntObjMgrEnumVisibleObjects(bool (__cdecl *callback)(QWORD, void *), void *pData)
{
  int current; // eax@1
  int next; // esi@6

  // 0xCC - FirstObjectOfs
  current = *(_DWORD *)(s_curMgr + 0xCC);
  if ( current & 1 || !current )
    current = 0;
  while ( !(current & 1) && current )
  {
    // 0xC4 - NextObjectOfs;
    // *(_DWORD *)(s_curMgr + 0xC4) = 0x38 in this case
    next = *(_DWORD *)(*(_DWORD *)(s_curMgr + 0xC4) + current + 4);
    if ( !callback(*(QWORD *)(current + 0x30), pData) ) // 0x30 - ObjectGuidOfs
      return 0;
    current = next;
  }
  return 1;
}

[Apoc]

check thoses two address (rebased)


TalentSpellStart = 0xA8AC98, //sub_5C0920 (Wow5.0.4) in CastSpellByName
TalentSpellNext = 0xA8AC90, //sub_5C0920 (Wow5.0.4) in CastSpellByName

Code:

var start = WowMem.ReadRebased<int>(TalentSpellStart);
var next =   WowMem.Read<int>((uint)(WowMem.ReadRebased<int>(TalentSpellNext) + start + 4));

var overridenSpellId = WowMem.Read<int>(start);
var talentSpell = WowMem.Read<int>(start + 24);

Much appreciated!

Here's a quick wrapper func (do replacements where necessary) to grab a dictionary of spell overrides:

Code:

        [StructLayout(LayoutKind.Sequential)]        struct TalentSpellInfo
        {
            public int TalentSpellId;
            public IntPtr NextPtr;
            public int dword8;
            public int dwordC;
            public int dword10;
            public int dword14;
            public int OverridenSpellId;
        }
        internal Dictionary<int,int> GetSpellOverrides()
        {
            Dictionary<int,int> ret = new Dictionary<int, int>();
            var mem = StyxWoW.Memory;
            var pTalentSpell = mem.Read<IntPtr>(true, (IntPtr)PendingOffsets.SpellOverrideListStart);


            // Seems to return only 12? So its basically... pTalentSpell+16 to the next entry? It seems a bit odd.
            // Maybe a packed struct or something.
            var talentSpellNext = mem.Read<int>(true, (IntPtr)PendingOffsets.SpellOverrideListNext);


            // Iterate while the ptr is valid.
            while (((int)pTalentSpell & 1) == 0 && pTalentSpell != IntPtr.Zero)
            {
                var info = mem.Read<TalentSpellInfo>(pTalentSpell);


                var nextSpell = mem.Read<IntPtr>(pTalentSpell + 4 + talentSpellNext);
                pTalentSpell = nextSpell;


                // Sanity check?
                if (info.OverridenSpellId == 0)
                    break;


                // Add the override
                ret[info.TalentSpellId] = info.OverridenSpellId;


            }
            return ret;
        }

[Tanaris4]

Does anyone have game object animation state? I can't find a value changing (trying based on fishing bobber). I realize I could just set a timeout but that doesn't seem as efficient

Thanks!

[Frosttall]

Does anyone have game object animation state? I can't find a value changing (trying based on fishing bobber). I realize I could just set a timeout but that doesn't seem as efficient

Thanks!

WowGameObject: WowMem.Read<byte>(BaseAddress + 0xC0)

[romb0t]

Hi all,

First thanks to all the publishers in this thread that helps me a lot at this time.

Does anyone look at the Archeology stuff and in particular, how to get the direction where to go after surveying ?

Regards.

=== Edit
After some reverse debugging in IDA, I found that:
83B920 CGGameObject_C::GetFacing
6532E0 Is the function that calculates x,y,z and w of the GameObject
802820 Is the function that returns the facing in radian when having the x,y,z and w information

To get the long data representing the facing information of the survey: Memory.Read<long>(BaseAddress + 0xE0 + 0x20);

Then the calculation to get the facing information in radian:

Code:

public override float Facing
        {
            get
            {
                try
                {
                    // With Pointers.Globals.ArchFacing = 0xE0
                    var packed = Memory.Read<long>(BaseAddress + (uint)Pointers.Globals.ArchFacing + 0x20);

                    double x = (packed >> 42) * (1.0f / 2097152.0f);
                    double y = (((packed << 22) >> 32) >> 11) * (1.0f / 1048576.0f);
                    double z = (packed << 43 >> 43) * (1.0f / 1048576.0f);
                    double w = x * x + y * y + z * z;

                    if (Math.Abs(w - 1.0f) >= (1.0f / 1048576.0f))
                        w = (float)Math.Sqrt(1.0f - w);
                    else
                        w = 0.0f;

                    var Y = 2 * z * w + 2 * x * y;
                    var X = 1 - 2 * y * y - 2 * z * z;

                    var result = Math.Atan2(Y, X);  // answer in radians 

                    if (result < 0)
                    {
                        result = (float)(6.28 - -1 * result);
                    }
                    return (float) result;
                }
                catch
                {
                    return 0;
                }
            }
        }

[demonguy]

My NextObjOffset is also 0x3C ...

[Tanaris4]

check thoses two address (rebased)


TalentSpellStart = 0xA8AC98, //sub_5C0920 (Wow5.0.4) in CastSpellByName
TalentSpellNext = 0xA8AC90, //sub_5C0920 (Wow5.0.4) in CastSpellByName

Code:

var start = WowMem.ReadRebased<int>(TalentSpellStart);
var next =   WowMem.Read<int>((uint)(WowMem.ReadRebased<int>(TalentSpellNext) + start + 4));

var overridenSpellId = WowMem.Read<int>(start);
var talentSpell = WowMem.Read<int>(start + 24);

Just an FYI, from the OS X Binary the name of the function this is in is: CGSpellBook::GetOverrideSpellCastNode

[redcatH]

hi Forsall,
ths you're share.
my English is poor. I hope you do not mind with my poor writing.
I would like to ask two questions,
why my code ,v14<>-1 Use AURA_TABLE2 spellId Result Error? but v14==-1 Use AURA_TABLE1 spellId Result Correct?
can you answer my question? ths you。

[redcatH]

PHP Code:

public struct AuraStruct
        {
            public int Unk0; //0 - 3                <--------------------------------------Type guessed
            public int NbVariableEffects; //4 - 7
            public uint VariableEffectsPtr; //8 - 11
            public int Unk12; //12 - 15             <--------------------------------------Type guessed
            public ulong CreatorGuid; //16 - 23
            public int AuraId; //24 - 27
            public byte Unk28; //28                 <--------------------------------------Type guessed
            public byte StackCount; //29 
            public ushort Level; //30 - 31
            public uint Duration; //32 - 35
            public uint EndTime; //36 - 39

            //Don't know what they're used for
            public float VariableEffect1 { get { return WowMem.Read<float>(WowMem.Read<uint>(VariableEffectsPtr)); } }
            public float VariableEffect2 { get { return WowMem.Read<float>(WowMem.Read<uint>(VariableEffectsPtr) + 4); } }
            public float VariableEffect3 { get { return WowMem.Read<float>(WowMem.Read<uint>(VariableEffectsPtr) + 8); } }
        } 


PHP Code:

int v14 = WowMem.Read<int>(Unit.BaseAddress + MemEnums.BuffOffsets.AURA_COUNT_1);
            int v15 = v14;
            if (v14 == -1)
                v15 = WowMem.Read<int>(Unit.BaseAddress + MemEnums.BuffOffsets.AURA_COUNT_2);
            for (uint i = 0; i < v15; i++)
            {
                uint v17;
                if (v14 == -1)
                    v17 = WowMem.Read<uint>(Unit.BaseAddress + (uint)MemEnums.BuffOffsets.AURA_TABLE1) + (uint)(i * (uint)MemEnums.BuffOffsets.AURA_SIZE);
                else
                    v17 = Unit.BaseAddress + (uint)MemEnums.BuffOffsets.AURA_TABLE2 + (uint)(i * (uint)MemEnums.BuffOffsets.AURA_SIZE);

                if (v17 == 0) continue;
                var spellId = WowMem.Read<uint>(v17 + (uint)MemEnums.BuffOffsets.AURA_SPELL_ID);
                if (spellId <= 0) continue;


                if (Auras.ContainsKey(v17))
                    Auras[v17].Update(v17);
                else
                    Auras.Add(v17, new WowAura(v17));
            } 


Code:

public enum BuffOffsets : uint
        {
            AURA_COUNT_1 = 0x1058, 
            AURA_COUNT_2 = 0xD5C,   
            AURA_TABLE1 = 0xD60,    
            AURA_TABLE2 = 0xD58,     
            AURA_SIZE = 0x30,      
            AURA_SPELL_ID = 0x18,   
        }

hi Forsall,
ths you're share.
my English is poor. I hope you do not mind with my poor writing.
I would like to ask two questions,
why my code ,v14<>-1 Use AURA_TABLE2 spellId Result Error? but v14==-1 Use AURA_TABLE1 spellId Result Correct?
can you answer my question? ths you。

[Frosttall]

hi Forsall,
ths you're share.
my English is poor. I hope you do not mind with my poor writing.
I would like to ask two questions,
why my code ,v14<>-1 Use AURA_TABLE2 spellId Result Error? but v14==-1 Use AURA_TABLE1 spellId Result Correct?
can you answer my question? ths you。

My name is Frosttall

I can't help you if you don't show me your code, but mine is working and confirmed.

[yossarian87]

My name is Frosttall

I can't help you if you don't show me your code, but mine is working and confirmed.

One reason Frosttall's code is confusing is because he has switched AURA_TABLE1 and AURA_TABLE2 relative to how most people would do this. The code does indeed work, but AURA_TABLE1 is used when AURA_COUNT1 is -1, so AURA_TABLE2 is used with AURA_COUNT1 and vice versa. I screwed this up the first time I read his code too. Once you realize that he's reversed the numbers, it's easy to make it work.

[redcatH]

sorry Frosttall。。。
is my code

Code:

BaseAddr = Plugin.XORRW.GetProcAddr(Hwnd)
rw = Plugin.XORRW.ReadInt(Hwnd, &HA6D420+BaseAddr)
rw = Plugin.XORRW.ReadInt(Hwnd, rw + &H48)
PlayerBase = Plugin.XORRW.ReadInt(Hwnd, rw + &H24)
TracePrint "" &PlayerBase
v14 = Plugin.XORRW.ReadInt(Hwnd, PlayerBase + &H1058)
v15 = v14
If v14 = - 1  Then 
	v15 = Plugin.XORRW.ReadInt(Hwnd, PlayerBase + &HD5C)
End If
i = 0
For v15
	Dim v17
	If v14 = - 1  Then 
	v17 = Plugin.XORRW.ReadInt(Hwnd, PlayerBase + &HD60) + (i * &H30)
	Else 
	v17 = Plugin.XORRW.ReadInt(Hwnd, PlayerBase + &HD54) + (i * &H30)
	End If
	spellId = Plugin.XORRW.ReadInt(Hwnd, v17 + &H18)
	TracePrint "ID:" & spellId
	If spellId <= 0 Then 
	End If
	i=i+1
Next

LOL.ths