Find assembly wow functions through /run f()

**R4zyel** · 06-25-2016

Hi there, i'm wondering which is the best way of searching for wow assembly functions that are linked to a LUA func name.

Let's say i have input /run UnitName("target") in chatbox, this function-name should be linked somewhere in memory to the compiled asm function.
Would like to be illuminated if anybody has ever made such method to locate functions, like place breakpoint there, and step over there.
Thanks.

**Saridormi** · 06-25-2016

Searching for strings in IDA will get you the location of most Script_ functions quite easily.

**R4zyel** · 06-25-2016

Originally Posted by Saridormi

Searching for strings in IDA will get you the location of most Script_ functions quite easily.

Any tip to do it through CE?

**Corthezz** · 06-25-2016

Not telling you which tools to use but beside from Scanning addresses for values I would never prefer Cheat Engine over IDA and OllyDbg. I mean its just like inserting a function name in a search mask:

**Saridormi** · 06-25-2016

Originally Posted by R4zyel

Any tip to do it through CE?

You really want to be doing this stuff through IDA if you can. But, if you insist:

Most script functions that take parameters will display an error informing the user how to use them if they fail. You can search for this string to find the address it's stored at, then search for that address to find the function it's used in. In your case (using 1.12 client):

1. Set CE to search Writable, CopyOnWrite memory

2. Search for the string "Usage: UnitName"

3. Set CE to search for 4 bytes of Executable memory with an alignment of 1

4. Search for the address you just found

5. Click "Memory View", click on a line of code and then press Ctrl+G to go to the address you just found minus 1 (for the push opcode)

From there, you can read the assembly to see how the function works.

But like I said, you REALLY want to be using IDA if you can. Good luck

**R4zyel** · 06-26-2016

Originally Posted by Saridormi

You really want to be doing this stuff through IDA if you can. But, if you insist:

Most script functions that take parameters will display an error informing the user how to use them if they fail. You can search for this string to find the address it's stored at, then search for that address to find the function it's used in. In your case (using 1.12 client):

1. Set CE to search Writable, CopyOnWrite memory

2. Search for the string "Usage: UnitName"

3. Set CE to search for 4 bytes of Executable memory with an alignment of 1

4. Search for the address you just found

5. Click "Memory View", click on a line of code and then press Ctrl+G to go to the address you just found minus 1 (for the push opcode)

From there, you can read the assembly to see how the function works.

But like I said, you REALLY want to be using IDA if you can. Good luck

You are a ****ing beast!
Thanks. And Cencil seems to appreciate your effort as well. +1

**Corthezz** · 06-26-2016

snip snip snip

Shout-Out

User Tag List

Thread: Find assembly wow functions through /run f()

Thread Tools

Search Thread

Find assembly wow functions through /run f()

Similar Threads

[How-To] How to Find Nice Item Sets through the WoW Model Viewer

[Question] Where can I find the wow logo creator?

Hellfire WoW- UP AND RUNNING!

[Question]WoW won't run "clean" without the MPQs. Help?

OwnedCore Forums

casino

CoreCoins

My OwnedCore

About Us

Casino