Find assembly wow functions through /run f() menu

Shout-Out

User Tag List

Results 1 to 7 of 7
  1. #1
    R4zyel's Avatar Active Member
    Reputation
    26
    Join Date
    Apr 2009
    Posts
    63
    Thanks G/R
    12/7
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Find assembly wow functions through /run f()

    Hi there, i'm wondering which is the best way of searching for wow assembly functions that are linked to a LUA func name.

    Let's say i have input /run UnitName("target") in chatbox, this function-name should be linked somewhere in memory to the compiled asm function.
    Would like to be illuminated if anybody has ever made such method to locate functions, like place breakpoint there, and step over there.
    Thanks.

    Find assembly wow functions through /run f()
  2. #2
    Saridormi's Avatar Contributor
    Reputation
    307
    Join Date
    Mar 2007
    Posts
    556
    Thanks G/R
    19/17
    Trade Feedback
    1 (100%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Searching for strings in IDA will get you the location of most Script_ functions quite easily.


  3. #3
    R4zyel's Avatar Active Member
    Reputation
    26
    Join Date
    Apr 2009
    Posts
    63
    Thanks G/R
    12/7
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Saridormi View Post
    Searching for strings in IDA will get you the location of most Script_ functions quite easily.
    Any tip to do it through CE?

  4. #4
    Corthezz's Avatar Elite User Authenticator enabled
    Reputation
    386
    Join Date
    Nov 2011
    Posts
    325
    Thanks G/R
    191/98
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Not telling you which tools to use but beside from Scanning addresses for values I would never prefer Cheat Engine over IDA and OllyDbg. I mean its just like inserting a function name in a search mask:

    Check my blog: https://zzuks.blogspot.com

  5. Thanks culino2 (1 members gave Thanks to Corthezz for this useful post)
  6. #5
    Saridormi's Avatar Contributor
    Reputation
    307
    Join Date
    Mar 2007
    Posts
    556
    Thanks G/R
    19/17
    Trade Feedback
    1 (100%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by R4zyel View Post
    Any tip to do it through CE?
    You really want to be doing this stuff through IDA if you can. But, if you insist:

    Most script functions that take parameters will display an error informing the user how to use them if they fail. You can search for this string to find the address it's stored at, then search for that address to find the function it's used in. In your case (using 1.12 client):

    1. Set CE to search Writable, CopyOnWrite memory

    2. Search for the string "Usage: UnitName"

    3. Set CE to search for 4 bytes of Executable memory with an alignment of 1

    4. Search for the address you just found

    5. Click "Memory View", click on a line of code and then press Ctrl+G to go to the address you just found minus 1 (for the push opcode)



    From there, you can read the assembly to see how the function works.

    But like I said, you REALLY want to be using IDA if you can. Good luck
    Attached Thumbnails Attached Thumbnails Find assembly wow functions through /run f()-pzapk7r-png   Find assembly wow functions through /run f()-t5fyfue-png   Find assembly wow functions through /run f()-hyeixds-png   Find assembly wow functions through /run f()-oa17lct-png   Find assembly wow functions through /run f()-ljer3gl-jpg  

    Find assembly wow functions through /run f()-z5oujsq-jpg  


  7. Thanks culino2, R4zyel (2 members gave Thanks to Saridormi for this useful post)
  8. #6
    R4zyel's Avatar Active Member
    Reputation
    26
    Join Date
    Apr 2009
    Posts
    63
    Thanks G/R
    12/7
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Saridormi View Post
    You really want to be doing this stuff through IDA if you can. But, if you insist:

    Most script functions that take parameters will display an error informing the user how to use them if they fail. You can search for this string to find the address it's stored at, then search for that address to find the function it's used in. In your case (using 1.12 client):

    1. Set CE to search Writable, CopyOnWrite memory

    2. Search for the string "Usage: UnitName"

    3. Set CE to search for 4 bytes of Executable memory with an alignment of 1

    4. Search for the address you just found

    5. Click "Memory View", click on a line of code and then press Ctrl+G to go to the address you just found minus 1 (for the push opcode)



    From there, you can read the assembly to see how the function works.

    But like I said, you REALLY want to be using IDA if you can. Good luck
    You are a ****ing beast!
    Thanks. And Cencil seems to appreciate your effort as well. +1

  9. #7
    Corthezz's Avatar Elite User Authenticator enabled
    Reputation
    386
    Join Date
    Nov 2011
    Posts
    325
    Thanks G/R
    191/98
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    snip snip snip
    Last edited by Corthezz; 06-26-2016 at 09:49 AM.
    Check my blog: https://zzuks.blogspot.com

Similar Threads

  1. [How-To] How to Find Nice Item Sets through the WoW Model Viewer
    By MaCAppLeBiTeMe in forum WoW EMU Guides & Tutorials
    Replies: 2
    Last Post: 07-25-2010, 04:12 PM
  2. [Question] Where can I find the wow logo creator?
    By Claes in forum WoW ME Questions and Requests
    Replies: 1
    Last Post: 12-18-2008, 08:29 AM
  3. Hellfire WoW- UP AND RUNNING!
    By hawk2212 in forum WoW Emulator Server Listings
    Replies: 0
    Last Post: 10-04-2008, 06:28 PM
  4. [Question]WoW won't run "clean" without the MPQs. Help?
    By Gharran in forum WoW ME Questions and Requests
    Replies: 5
    Last Post: 09-12-2008, 07:08 AM
All times are GMT -5. The time now is 10:42 AM. Powered by vBulletin® Version 4.2.3
Copyright © 2025 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2025 DragonByte Technologies Ltd.
Google Authenticator verification provided by Two-Factor Authentication (Free) - vBulletin Mods & Addons Copyright © 2025 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search