[WoW] [5.3.0 17055] Release x86 Info Dump Thread

[george2978]

Anyone got new (SpellCooldown = 0xC238B8//old) ?

[Endecs]

Code:

public class Offsets
{
    /*
        Fly = 27
        Cat = 1
        Travel = 3
        Bear = 5
        Moonkin = 31
        Unshifted = 0
     */
    public enum Player
    {
        PlayerName = 0xE3CB40,      // 5.3.0.17055
        MyGUID = 0xC8A7B0,          // 5.3.0.17055
        PetGUID = 0xD4B4A0,         // 5.3.0.17055
        Target = 0xCDC878,          // 5.3.0.17055
        Descriptor = 0x4,           // 5.3.0.17055

        Mounted = 0xBBC,            // 5.3.0.17055
        Druid1 = 0xDC,              // 5.3.0.17055
        Druid2 = 0x1D3,             // 5.3.0.17055
        Combat1 = 0xDC,             // 5.3.0.17055
        Combat2 = 0xC8,             // 5.3.0.17055
        MoveState = 0x788,          // 5.3.0.17055
        Cast = 0xC60,               // 5.3.0.17055
        Channeling = 0xC78,         // 5.3.0.17055
        Health = 0x78,              // 5.3.0.17055
        MaxHealth = 0x90,           // 5.3.0.17055
        MouseOver = 0xCDC860,       // 5.3.0.17055
        LootWindow = 0xD49DAC,      // 5.3.0.17055
        X = 0x7F8,                  // 5.3.0.17055
        Y = X + 0x4,                // 5.3.0.17055
        Z = Y + 0x4,                // 5.3.0.17055
        R = Z + 0x4,                // 5.3.0.17055
        LastHardwareAction = 0xB30824, // 5.3.0.17055
        SelfGUID = 0x0,             // 
        Race = 0xE3CCBD,             // 5.3.0.17055
        CharPosition = 0xABC6C0,    // 5.3.0.17055
        IsLoading = 0xD816F8,       // 5.3.0.17055
        IsConnecting = 0xC11FE0,    // 5.3.0.17055
        MailBoxOpen = 0xCDC868,     // 5.3.0.17055
        nbSpells = 0xD393B8,         // 5.3.0.17055
        SpellBookInfoPtr = 0xD393BC, // 5.3.0.17055
        WoWVersion = 0xB12B44,      // 5.3.0.17055
        AutoLoot = 0xCDCA88,        // 5.3.0.17055
        AutoLootPtr = 0x30,         // 5.3.0.17055
        WaterWalk = 0x5106F8        // 5.1.0.16357

    } // 5.2.0 16669

    public enum EndScene // 5.3.0.17055
    {
        FrameScript_ExecuteBuffer = 0x55347,            // 5.3.0.17055
        ClntObjMgrGetActivePlayerObj = 0x2CB4,          // 5.3.0.17055
        FrameScript__GetLocalizedText = 0x3DD8F9,       // 5.3.0.17055
        FrameScript_GetText = 0x563AB                   // 5.3.0.17055
    }

    public enum Chat // 5.3.0.17055
    {
        Chat_Base = 0xCDE728,           // 5.3.0.17055
        Chat_Ptr1 = 0x17C8,             // 5.3.0.17055
        Chat_Ptr2 = 0x3C                // 5.3.0.17055
    }

    public enum ObjectManager
    {
        ObjMgr = 0xE416A0,              // 5.3
        ObjMgrOffset1 = 0x462C,         // 5.3
        FirstObject = 0xCC,             // 5.3
        NextObj = 0x34,                 // 5.3
        Type = 0xC,                    // 5.3
        Obj_DisplayID = 0x28,           // 5.3
        Descriptor = 0x4,               // 5.3
        ObjectName1 = 0x1B8,            // 5.3
        ObjectName2 = 0xB0,             // 5.3
        ObjectAnim = 0xC4,              // 5.3
        Object_CreatedBy = 0x20,        // 5.3
        UnitName1 = 0x974,              // 5.3
        UnitName2 = 0x6C,               // 5.3
        NPC_Flags = 0x150,              // 5.3
        X = 0x1EC,                      // 5.3
        Y = 0x1F0,                      // 5.3
        Z = 0x1F4,                      // 5.3
        GUID = 0x0,                     // 5.3
        Unit_Target = 0x50,             // 5.3
        Unit_DisplayID = 0x108           // 5.3
    } // 5.2.0 16669

    public enum Corpse
    {
        X = 0xCDCC00,        // 5.3.0.17055
        Y = X + 0x4,         // 5.3.0.17055
        Z = X + 0x8,         // 5.3.0.17055
    } // 5.3.0.17055

    public enum CTM
    {
        CGPlayer_C__ClickToMove = 0x358080,     // 5.3
        CTM_Base = 0xC8F2F8,                    // 5.3
        CTM_Push = 0x1C,                        // 5.3
        CTM_X = 0x8C,                           // 5.3
        CTM_Y = CTM_X + 0x4,                    // 5.3
        CTM_Z = CTM_X + 0x8,                    // 5.3
        CTM_GUID = 0x20,                        // 5.3
        CTM_Distance = 0xC                      // 5.3
    } //5.3

    public enum ASM // 5.3
    {
        IsOutDoors = 0x46AE89,           // 5.3.0.17055
        TerrainClick = 0x45100A          // 5.3.0.17055
    }
}

greets,
Endecs

[Holico]

NameCache anyone?

[VesperCore]

NameCache anyone?

*sighs*
It's posted for almost 9hours already in my post.

[Holico]

*sighs*
It's posted for almost 9hours already in my thread.

This is your Thread.
NameCache:GetRecord is in there.
Now searched with Strg+F through the thread, couldnt find it. Could you please post/pm it again.
Or just look if it realy posted? Or hast it somekind of strange name

[Frosttall]

This is your Thread.
NameCache:GetRecord is in there.
Now searched with Strg+F through the thread, couldnt find it. Could you please post/pm it again.
Or just look if it realy posted? Or hast it somekind of strange name

Took me about 3 seconds, but navigating to the first page required most of the time... Searching for 'cache' took about half a second and this was the first result:

Code:

0022CB16	DBCache_NameCache::GetRecord

Com'on man... really?

[Holico]

:

0022CB16 DBCache_NameCache::GetRecord

This is not the NameCache, thats the pointer to the nameCache::GetRecord function.

[Frosttall]

This is not the NameCache, thats the pointer to the nameCache::GetRecord function.

Analyze it with Hex-Rays, search for x-refs (calls to) and note down the first static dword passed to that function as argument.

Edit1: Ooooh you requested an offsets because you don't care about the section rules?.. Sorry, haven't even thought of that....

[VesperCore]

This is not the NameCache, thats the pointer to the nameCache::GetRecord function.

Code:

        /// <summary>
        ///   Get Players name
        /// </summary>
        public enum PlayerNameStore
        {
            nameStorePtr = 0xC03D58 + 0x8,
            nameMaskOffset = 0x024,
            nameBaseOffset = 0x18,
            nameStringOffset = 0x21,
        }

in my post.

Code:

        public enum UnitField
        {
            UNIT_SPEED = 0x788,
            UNIT_FIELD_X = 0x7F8,
            UNIT_FIELD_Y = UNIT_FIELD_X + 0x4,
            UNIT_FIELD_Z = UNIT_FIELD_X + 0x8,
            UNIT_FIELD_R = UNIT_FIELD_X + 0x10,
            CastingSpellID = 0xC60, // Script_UnitCastingInfo
            ChannelSpellID = 0xC78, // Script_UnitChannelInfo
            TransportGUID = 0x7F0, // CGUnit_C__HasVehicleTransport
            DBCacheRow = 0x974, // CGUnit_C__GetUnitName
            CachedName = 0x6C, // CGUnit_C__GetUnitName
        }

[iceblockman]

any helpful soul could have a look at Script_GetSpellCooldown. It seems have a big change. I cannot find spell_history offsets which used located at

Script_GetSpellCooldown ----> Spell_C_GetSpellCooldown ----> subxx(spell_history_offsets, x, x, x..)


// edit

wtf the offset appeared just after a while I re-opened ida for double check.

int __cdecl Spell_C_GetSpellCooldown(int a1, int a2, int a3, int a4, int a5, int a6, int a7)
{
return sub_750748((char *)&unk_101ED18 + 52 * a2, a1, 0, a3, a4, a5, a6, a7);
}

so spell_history = 0xC1ED18

// edit
anyone know why after a while the offset appeared ? I just looked around functions nearby then go back it appear.

[2briards]

Anyone got new (SpellCooldown = 0xC238B8//old) ?

Give this a try:
enum SpellCooldown
{
CoolDown = 0xC1ED18 // 0xc238B8 // 0xc973d0
};


And Runes

enum Runes
{
RunesOffset = 0xD4EDB4 // 0xD53954 //0xD53970 //0xDC233C
};

[Shenlok]

// edit
anyone know why after a while the offset appeared ? I just looked around functions nearby then go back it appear.

Perhaps IDA hadn't finished analysing that part of the binary when you were looking the first time.

[Frosttall]

any helpful soul could have a look at Script_GetSpellCooldown. It seems have a big change. I cannot find spell_history offsets which used located at

Script_GetSpellCooldown ----> Spell_C_GetSpellCooldown ----> subxx(spell_history_offsets, x, x, x..)


// edit

wtf the offset appeared just after a while I re-opened ida for double check.

int __cdecl Spell_C_GetSpellCooldown(int a1, int a2, int a3, int a4, int a5, int a6, int a7)
{
return sub_750748((char *)&unk_101ED18 + 52 * a2, a1, 0, a3, a4, a5, a6, a7);
}

so spell_history = 0xC1ED18

// edit
anyone know why after a while the offset appeared ? I just looked around functions nearby then go back it appear.

The binary isn't analyzed to 100% even tho it's stated in the log. The last (and important) step is done as soon as you open that function (sub_750748 in your case) in Hex-Rays. This will start the parsing of the call-arguments - this is the most accurate way and will preserve you with the correct ones.
Analyzing a function from the inside is always more exact than analyzing it from outside (the code which actually calls it) and that's the reason the arguments may don't match up to the real function.

After you've opened and analyzed sub_750748 just go back to Spell_C_GetSpellCooldown and load it into Hex-Rays. It will use the recently parsed arguments and display them correctly.

[Empted]

Anyone got CurMgrPointer?
(16992 : 0xE416A0)

rebased:
CurMgr = 0xC30974, //55 8B EC A1 ?? ?? ?? ?? 8B 88 ?? 00 00 00 PATTERN

[Trevalous]

I don't understand, how would you define the sub_#'s to what function it is ? That's the problem i have by digging current offsets, i'm new to this. Any advice would be highly appreciated.