[WoW] [5.3.0 16983] Release x86 Info Dump Thread

[wecoh]

you're a thoroughly nice person. thanks
the unit name is working now.
I'm use IDA find a wrong data my self, I am very grateful to you for your advice.
I'm work over CGUnit_C__InitializeTrackingState again.
thanks your again...

[Xelper]

I know there are a lot of functions that don't match up anymore. But if you have no idea where to start finding something you need by setting breakpoints, but knew where it was in the last version that had a good IDB, just find the old function, look at the calls it makes, xrefs to/from those calls, and just try to find a function in the new version that you can pattern match. Use Search -> Sequence of Bytes, "55 8B ?? ?? " etc, etc.. Then just trace back through those calls until you find the new one. I think you will find if you right click a function in the new version, click X-Refs To, then right click that same function in the old one the tree view that IDA generates will be an exact match, and should give you a better idea of what I mean by this. Huge pain in the ass, but it works.

Thinking about it, I wonder if that's a potential way to import friendly names.. but I doubt there is an easy way to script it. Somehow having IDA analyze the calling structure/xrefs to every function in old IDB and save them in a searchable format, then generating the calling structure of every function in the new version and searching for similiar ones in the old.

[VesperCore]

I know there are a lot of functions that don't match up anymore. But if you have no idea where to start finding something you need by setting breakpoints, but knew where it was in the last version that had a good IDB, just find the old function, look at the calls it makes, xrefs to/from those calls, and just try to find a function in the new version that you can pattern match. Use Search -> Sequence of Bytes, "55 8B ?? ?? " etc, etc.. Then just trace back through those calls until you find the new one. I think you will find if you right click a function in the new version, click X-Refs To, then right click that same function in the old one the tree view that IDA generates will be an exact match, and should give you a better idea of what I mean by this. Huge pain in the ass, but it works.

Thinking about it, I wonder if that's a potential way to import friendly names.. but I doubt there is an easy way to script it. Somehow having IDA analyze the calling structure/xrefs to every function in old IDB and save them in a searchable format, then generating the calling structure of every function in the new version and searching for similiar ones in the old.

Yeap, Exactly what I did for finding those who are part of my list, xrefing until I find a mutual occurence I already know, like a LUA Script or a function I've already renamed. (Haven't debugged anything with WoW.exe though)

Sometimes, you find a big big functions that makes alot of calln, and you just found 20 corresponding functions in 1 minutes :P like the "initialize game" function.
+1

I also had to try pattern, and reduce them to the strict minimum until I can find some occurences, then check each result and compare to my actual left thing.
Sometimes, even a minimized pattern didn't found any matching function, take care of this. The call list were my best solution.
I used pattern for like 3 functions, I stopped to use it at all because it was making me lost time.

I'm work over CGUnit_C__InitializeTrackingState again.

Just so you know, it may help or not... I haven't had to modify anything to make this work, just replaced the offset, nothing to change in the previous way of injecting etc..
5.2 > 5.3

[2briards]

New offset for aura's (c++)

enum UnitAuras : uint
{
AuraCount1 = 0x10F8, // 0x10C8,
AuraCount2 = 0xDF8, // 0xdc8,
AuraTable1 = 0xDF8, // 0xdc8,
AuraTable2 = 0xDFC, // 0xdcc,
AuraOwnerGUID = 0x10,
AuraSpellId = 0x18,
AuraStack = 0x1d,
TimeLeft = 0x24,
AuraSize = 0x30
};

and

enum SpellCooldown
{
CoolDown = 0xc238B8 // 0xc973d0
};

[NitroGlycerine]

I found the Descriptorfields offset to be 0x4 instead of 0x8, previously. Does this make sense or am I doing something wrong?

[VesperCore]

I found the Descriptorfields offset to be 0x4 instead of 0x8, previously. Does this make sense or am I doing something wrong?

Read the others posts on the 5.3.0 patches.

[cskilling]

Lasterrormsg = 0xCE07F0
ZoneID = 0xCE148C
Isingame = 0xD86298
TimeStamp = 0xB28760

CurMgrCastID offset = 0xC48
CurMgrChannelCastID offset = 0xC78

CTM_Base = 0xC81B6C, // 5.3
CTM_Push = 0x5FC, // 5.3
CTM_X = 0x66C, // 5.3
CTM_Y = CTM_X + 0x4, // 5.3
CTM_Z = CTM_X + 0x8, // 5.3
CTM_GUID = 0x600, // 5.3
CTM_Distance = 0x5EC // 5.3

Need help for CTM
it's doesn't work

[-Ryuk-]

Lasterrormsg = 0xCE07F0
ZoneID = 0xCE148C
Isingame = 0xD86298
TimeStamp = 0xB28760

CurMgrCastID offset = 0xC48
CurMgrChannelCastID offset = 0xC78


Need help for CTM
it's doesn't work

This thread/patch is outdated

[kosacid]

@cskilling seems CTM been totaly restructured i looked manuely for it i cant find it, but my debugin aint that good

[siriuz]

Are there any chances for a new IDB or is someone already working on it? I really have no clue how to find my stuff without one :-/

[VesperCore]

@cskilling seems CTM been totaly restructured i looked manuely for it i cant find it, but my debugin aint that good

Code:

CGUnit_C__InitializeTrackingState = 0x3E2BAE, (latest patch 16992)

public enum ClickToMove
        {
            CTM = 0xC8F2F8, (all 5.3)
            CTM_PUSH = CTM + 0x1C,
            CTM_X = CTM + 0x8C,
            CTM_Y = CTM_X + 0x4,
            CTM_Z = CTM_Y + 0x4,
        }

Nothing important changed, if it have been included in a sub-functions, that's nothing you really want to care of. Please use the latest thread.