[WoW][5.1.0.16309] x86 Info Dump Thread

[Holico]

Anyone got something like UnitRealmName or so?
I mean the realmname for other players, not myself.

[TOM_RUS]

Anyone got something like UnitRealmName or so?
I mean the realmname for other players, not myself.

It's in realm cache like player names...

WowCacheExample

[hardcpp]

2 spell handler

(handler are rebased for ida, my sniffer five server opcode handler at client side)

[Receive] -> [UNKNOWN] [23:28:59] Opcode : 0x09E4(2532) -> Handler 0x00801C70
[Receive] -> [UNKNOWN] [23:28:59] Opcode : 0x0C8D(3213) -> Handler 0x00801C70


(2532) = SMSG_SPELL_START ?
(3213) = SMSG_SPELL_GO ?

[demonguy]

Warden 66 scanned offsets (rebased)

Code:

Offset: 0x000701F4	Length: 7	Bytes: E8 47 2A 1F 00 8B 0D
Offset: 0x00070B0A	Length: 7	Bytes: 83 C4 08 85 C0 74 EF
Offset: 0x00075AED	Length: 5	Bytes: 8B 4D 10 89 0D
Offset: 0x001210C0	Length: 9	Bytes: 55 8B EC 83 EC 48 8B 45 08
Offset: 0x001212C0	Length: 10	Bytes: 55 8B EC 83 EC 64 56 8B 75 08
Offset: 0x00121AD0	Length: 10	Bytes: 55 8B EC 8B 45 0C 83 78 08 06
Offset: 0x00161940	Length: 8	Bytes: 55 8B EC A1 44 42 8E 01
Offset: 0x0040A9A0	Length: 9	Bytes: 55 8B EC 83 EC 18 56 8B F1
Offset: 0x0040C570	Length: 9	Bytes: 55 8B EC 83 EC 10 53 56 8B
Offset: 0x004275CD	Length: 4	Bytes: 75 27 8B CE
Offset: 0x004347D0	Length: 9	Bytes: 55 8B EC 8B 45 0C 83 EC 08
Offset: 0x0045A6D0	Length: 10	Bytes: 55 8B EC 83 EC 34 53 56 8B F1
Offset: 0x0045B860	Length: 10	Bytes: 55 8B EC 81 EC B8 00 00 00 8B
Offset: 0x0045CBC2	Length: 7	Bytes: E8 89 8B D0 FF 8B F0
Offset: 0x004A44B0	Length: 10	Bytes: 8B 81 10 08 00 00 25 00 00 80
Offset: 0x004B2750	Length: 10	Bytes: 55 8B EC 83 EC 18 53 56 8B F1
Offset: 0x004B27D8	Length: 4	Bytes: 74 79 F3 0F
Offset: 0x004C00D2	Length: 4	Bytes: 74 18 8B C8
Offset: 0x004C0C42	Length: 7	Bytes: 75 18 68 54 01 00 00
Offset: 0x004C6854	Length: 4	Bytes: 74 1E F3 0F
Offset: 0x004C7A30	Length: 9	Bytes: 55 8B EC 83 EC 20 56 8B F1
Offset: 0x004C7B4B	Length: 4	Bytes: 85 DB 74 1F
Offset: 0x004C7B4D	Length: 4	Bytes: 74 1F 8B 06
Offset: 0x0050DA61	Length: 7	Bytes: 0F 2F 44 08 08 72 06
Offset: 0x005107B5	Length: 7	Bytes: A9 00 00 00 04 74 24
Offset: 0x005107BA	Length: 7	Bytes: 74 24 A9 00 00 10 00
Offset: 0x00510F59	Length: 9	Bytes: F7 41 38 00 02 00 20 75 34
Offset: 0x005148B3	Length: 11	Bytes: 01 7E 74 8B CE E8 D3 A5 FF FF 8B
Offset: 0x00557996	Length: 4	Bytes: 7F 1D 8B 86
Offset: 0x005579B3	Length: 4	Bytes: 7E 0B 8B CE
Offset: 0x00599584	Length: 4	Bytes: 78 47 05 C0
Offset: 0x00599650	Length: 5	Bytes: 6A 01 68 F0 EE
Offset: 0x005A1DD1	Length: 6	Bytes: 8B EC 83 3D 98 15
Offset: 0x005A1DE2	Length: 7	Bytes: 74 65 83 F9 1D 77 60
Offset: 0x005ACB42	Length: 5	Bytes: 77 34 FF 24 85
Offset: 0x005AD003	Length: 7	Bytes: 56 57 E8 66 C5 FE FF
Offset: 0x005B3FE0	Length: 9	Bytes: 55 8B EC 83 EC 40 0F 57 C0
Offset: 0x005C5400	Length: 12	Bytes: 55 8B EC B8 A0 42 00 00 E8 23 8C 20
Offset: 0x005C58A4	Length: 5	Bytes: 74 13 83 F8 10
Offset: 0x005C58B7	Length: 9	Bytes: 75 0A 8B 4D 10 C7 41 04 00
Offset: 0x005C8B90	Length: 12	Bytes: 55 8B EC 81 EC 28 0E 00 00 6A 0A E8
Offset: 0x005C9034	Length: 5	Bytes: 74 52 83 FF 07
Offset: 0x0071FBA8	Length: 5	Bytes: 74 2A F6 40 34
Offset: 0x00749601	Length: 4	Bytes: 75 0B 5F 5E
Offset: 0x00749629	Length: 13	Bytes: 0F 85 4E 02 00 00 8D 55 DC 52 8D 45 CC
Offset: 0x00797770	Length: 10	Bytes: 55 8B EC 83 EC 1C 53 8B 5D 1C
Offset: 0x0079782E	Length: 8	Bytes: F7 C3 00 00 F0 00 74 28
Offset: 0x00797834	Length: 5	Bytes: 74 28 8B 4D 18
Offset: 0x0079785E	Length: 8	Bytes: F7 C3 F0 00 03 00 74 1D
Offset: 0x00797864	Length: 5	Bytes: 74 1D 8B 4D 18
Offset: 0x0079788E	Length: 8	Bytes: F7 C3 00 01 00 00 74 13
Offset: 0x00797894	Length: 5	Bytes: 74 13 8B 4D 18
Offset: 0x007978A9	Length: 5	Bytes: F6 C3 0F 74 21
Offset: 0x007978AC	Length: 5	Bytes: 74 21 8B 4D 18
Offset: 0x007CBC30	Length: 9	Bytes: 55 8B EC 8B 45 0C 8B 4D 08
Offset: 0x008E9E70	Length: 11	Bytes: 55 8B EC 83 EC 20 F3 0F 10 41 4C
Offset: 0x008E9EAF	Length: 9	Bytes: F7 41 38 00 00 10 01 74 65
Offset: 0x008E9EB6	Length: 5	Bytes: 74 65 D9 41 50
Offset: 0x008ED910	Length: 7	Bytes: A9 00 00 00 10 74 07
Offset: 0x008ED950	Length: 5	Bytes: 75 3E F6 46 3C
Offset: 0x008EE0A3	Length: 12	Bytes: 81 66 38 FF FF 9F FF 8B 4E 3C 8B 46
Offset: 0x008F55B0	Length: 9	Bytes: 55 8B EC 51 53 56 8B 75 08
Offset: 0x0096C008	Length: 8	Bytes: 2F 54 9A 41 43 4D 69 73
Offset: 0x0096FF64	Length: 4	Bytes: BB 8D 24 3F
Offset: 0x00A4BAD0	Length: 8	Bytes: D8 93 FE C0 48 8C 11 C1
Offset: 0x00AB26F4	Length: 6	Bytes: 04 00 00 00 C4 77

Oh,i'm late... i was banned by patching InvalidPtrCheck... I still don't know how to dump Warden scanned arress by myself,,, Can you give me some hints?

[kclux]

I have a problem, I am using PQR and 2 days ago it suddenly stopped working for me. I had that exact problem before in the past and it was because of the GameState value suddenly changed for a few others and me ( kinda weird ).

Now the guy that usually found the working GameState value seems not to play anymore and I tried with Cheat Engine and with IDA but I don't really know to find it. Is there any easy way to find it, since I am not really that experienced with memory dumps and so. Thanks.

[eracer]

Oh,i'm late... i was banned by patching InvalidPtrCheck... I still don't know how to dump Warden scanned arress by myself,,, Can you give me some hints?

http://www.ownedcore.com/forums/worl...n-scanner.html

http://www.ownedcore.com/forums/worl...r-hooking.html

[fvicaria]

Code:

                MountsCount = 0xD26730,
                MountsList = MountsCount + 0x4,
                SpellsCount = 0xD266D4,
                SpellBookInfo = 0xD266D8,
                LootWindow = 0xD36C88,
                LootCount = LootWindow + 0x10,
                IsCasting = 0xC38, // (Unit.BaseAddress + 0xC38) returns the castingspellid what is channeled / 0 if not casting
                EquippedBagGUID = 0xD3A788,
                GetPowerIndex = 0xC7C91C,
                GetPower = 0x12C8,

all rebased.

Can you confirm that IsCasting is correct please?

This is always retuning 0 for me:

var ret = Memory.Read<int>(IntPtr.Add(BaseAddress, 0xC3);

Or am I doing anything wrong?

Thanks!

[fvicaria]

Can you confirm that IsCasting is correct please?

This is always retuning 0 for me:

var ret = Memory.Read<int>(IntPtr.Add(BaseAddress, 0xC3);

Or am I doing anything wrong?

Thanks!

Sorry my bad. I have just confirmed. It was my pulse interval that was too large.
Thanks!

[Jadd]

Oh,i'm late... i was banned by patching InvalidPtrCheck... I still don't know how to dump Warden scanned arress by myself,,, Can you give me some hints?

Find what accesses a scanned address (not in .text memory). If you can do that, then you've found the scan function. Hook for wins.

[fvicaria]

Hi guys,
Just got these updated for the current version...

Code:

    /// <summary>
    ///   5.1.0.16357
    /// </summary>
    public enum InCombat
    {
        // Reversed from Script_UnitAffectingCombat
        // if ( (*(*(ObjectPointer + 0xDC) + 0xBC) >> 0x13u) & 1 ) return true;
        Offset1 = 0xDC,
        Offset2 = 0xBC,
        Mask = 0x13,
    }

    /// <summary>
    ///   5.1.0.16357
    /// </summary>
    public enum IsFalling
    {
        // Reversed from Script_IsFalling
        // if ( v3 && (v5 = *(_DWORD *)(*(_DWORD *)(v3 + 228) + 56), v5 & 0x800) && !(v5 & 0x400) )
        Offset1 = 0xE4,
        Offset2 = 0x38,
        Mask1 = 0x800,
        Mask2 = 0x400
    }

    /// <summary>
    ///   5.1.0.16357
    /// </summary>
    public enum IsSwimming
    {
        // Reversed from Script_IsSwimming
        // if ( ObjectPointer && *(*(ObjectPointer + 0xE4) + 0x38) & 0x100000 ) return true;
        Offset1 = 0xE4,
        Offset2 = 0x38,
        Mask = 0x100000,
    }

    /// <summary>
    ///   5.1.0.16357
    /// </summary>
    public enum IsSubmerged
    {
        // Reversed from Script_IsSubmerged
        // if ( ObjectPointer && *(ObjectPointer + 0xBF0) & 0x20000 ) return true;
        Offset = 0xBF0,
        Mask = 0x20000,
    }

    /// <summary>
    ///   5.1.0.16357
    /// </summary>
    public enum IsFlying
    {
        // Reversed from Script_IsFlying
        // if ( ObjectPointer && (unsigned int)&unk_1000000 & *(_DWORD *)(*(_DWORD *)(ObjectPointer + 228) + 56) )
        Offset1 = 0xE4,
        Offset2 = 0x38,
        Mask = 0x1000000,
    }

    /// <summary>
    ///   5.1.0.16357
    /// </summary>
    public enum IsMounted
    {
        // Reversed from Script_IsMounted
        //if ( !ObjectPointer || *(ObjectPointer + 0xB9C) <= 0 || *(ObjectPointer + 0xBF0) & 0x200000 ) return false;
        Offset1 = 0xB9C,
        Offset2 = 0xBF0,
        Mask = 0x200000,
    }

[Frosttall]

Hi guys,
Just got these updated for the current version...

Code:

    /// <summary>
    ///   5.1.0.16357
    /// </summary>
    public enum InCombat
    {
        // Reversed from Script_UnitAffectingCombat
        // if ( (*(*(ObjectPointer + 0xDC) + 0xBC) >> 0x13u) & 1 ) return true;
        Offset1 = 0xDC,
        Offset2 = 0xBC,
        Mask = 0x13,
    }

    /// <summary>
    ///   5.1.0.16357
    /// </summary>
    public enum IsFalling
    {
        // Reversed from Script_IsFalling
        // if ( v3 && (v5 = *(_DWORD *)(*(_DWORD *)(v3 + 228) + 56), v5 & 0x800) && !(v5 & 0x400) )
        Offset1 = 0xE4,
        Offset2 = 0x38,
        Mask1 = 0x800,
        Mask2 = 0x400
    }

    /// <summary>
    ///   5.1.0.16357
    /// </summary>
    public enum IsSwimming
    {
        // Reversed from Script_IsSwimming
        // if ( ObjectPointer && *(*(ObjectPointer + 0xE4) + 0x38) & 0x100000 ) return true;
        Offset1 = 0xE4,
        Offset2 = 0x38,
        Mask = 0x100000,
    }

    /// <summary>
    ///   5.1.0.16357
    /// </summary>
    public enum IsSubmerged
    {
        // Reversed from Script_IsSubmerged
        // if ( ObjectPointer && *(ObjectPointer + 0xBF0) & 0x20000 ) return true;
        Offset = 0xBF0,
        Mask = 0x20000,
    }

    /// <summary>
    ///   5.1.0.16357
    /// </summary>
    public enum IsFlying
    {
        // Reversed from Script_IsFlying
        // if ( ObjectPointer && (unsigned int)&unk_1000000 & *(_DWORD *)(*(_DWORD *)(ObjectPointer + 228) + 56) )
        Offset1 = 0xE4,
        Offset2 = 0x38,
        Mask = 0x1000000,
    }

    /// <summary>
    ///   5.1.0.16357
    /// </summary>
    public enum IsMounted
    {
        // Reversed from Script_IsMounted
        //if ( !ObjectPointer || *(ObjectPointer + 0xB9C) <= 0 || *(ObjectPointer + 0xBF0) & 0x200000 ) return false;
        Offset1 = 0xB9C,
        Offset2 = 0xBF0,
        Mask = 0x200000,
    }

http://www.ownedcore.com/forums/worl...mp-thread.html ([WoW][5.1.0.16357] x86 Info Dump Thread)
hm?