[WoW] [5.4.0 17399] Release x86 Info Dump Thread

**DarthTon** · 10-02-2013

Code:

LuaState         = 0x00B91530
lua_gettop       = 0x000D163E
luaL_loadbuffer  = 0x000D311C
lua_pcall        = 0x000D26B6
lua_tolstring    = 0x000D1BBE
lua_load         = 0x000D271C
lua_settop       = 0x000D164F

Anyone got the cooldown list offset?

0x00C8D158 ?

**SKU** · 10-04-2013

Code:

enum
{
	klua_gettop = 0x4d163e,
	klua_settop = 0x4d164f,
	klua_insert = 0x4d173c,
	klua_remove = 0x4d16a2,
	klua_isnumber = 0x4d1a3e,
	klua_isstring = 0x4d1a6c,
	klua_pushvalue = 0x4d195c,
	klua_type = 0x4d19df,
	klua_typename = 0x4d19fe,
	klua_tonumber = 0x4d1b05,
	klua_tointeger = 0x4d1b34,
	klua_toboolean = 0x4d1b96,
	klua_tolstring = 0x4d1bbe,
	klua_pushnil = 0x4d1ce7,
	klua_pushnumber = 0x4d1d03,
	klua_pushinteger = 0x4d1d27,
	klua_pushlstring = 0x4d1d4b,
	klua_pushstring = 0x4d1d90,
	klua_pushcclosure = 0x4d1e14,
	klua_pushboolean = 0x4d1ef4,
	klua_gettable = 0x4d1f6f,
	klua_getfield = 0x4d1f95,
	klua_rawget = 0x4d1fe9,
	klua_rawgeti = 0x4d2079,
	klua_createtable = 0x4d2108,
	klua_settable = 0x4d2338,
	klua_setfield = 0x4d2365,
	klua_rawset = 0x4d23bd,
	klua_rawseti = 0x4d247e,
	klua_call = 0x4d2667,
	klua_pcall = 0x4d26b6,
	klua_load = 0x4d271c,
	klua_next = 0x4d28ef,
};

Edit: 0x00400000 based

**~~broly7~~** · 10-04-2013

Originally Posted by SKU

Code:

enum
{
	klua_gettop = 0x4d163e,
	klua_settop = 0x4d164f,
	klua_insert = 0x4d173c,
	klua_remove = 0x4d16a2,
	klua_isnumber = 0x4d1a3e,
	klua_isstring = 0x4d1a6c,
	klua_pushvalue = 0x4d195c,
	klua_type = 0x4d19df,
	klua_typename = 0x4d19fe,
	klua_tonumber = 0x4d1b05,
	klua_tointeger = 0x4d1b34,
	klua_toboolean = 0x4d1b96,
	klua_tolstring = 0x4d1bbe,
	klua_pushnil = 0x4d1ce7,
	klua_pushnumber = 0x4d1d03,
	klua_pushinteger = 0x4d1d27,
	klua_pushlstring = 0x4d1d4b,
	klua_pushstring = 0x4d1d90,
	klua_pushcclosure = 0x4d1e14,
	klua_pushboolean = 0x4d1ef4,
	klua_gettable = 0x4d1f6f,
	klua_getfield = 0x4d1f95,
	klua_rawget = 0x4d1fe9,
	klua_rawgeti = 0x4d2079,
	klua_createtable = 0x4d2108,
	klua_settable = 0x4d2338,
	klua_setfield = 0x4d2365,
	klua_rawset = 0x4d23bd,
	klua_rawseti = 0x4d247e,
	klua_call = 0x4d2667,
	klua_pcall = 0x4d26b6,
	klua_load = 0x4d271c,
	klua_next = 0x4d28ef,
};

Edit: 0x00400000 based

I'm very grateful to meet a great person like you

**teufel123** · 10-04-2013

Originally Posted by DarthTon

0x00C8D158 ?

Thanks, works perfect

**eracer** · 10-04-2013

Here are some more if anyone needs them

Code:

000D13C6	_luaA_indexAcceptable
000D163E	_lua_gettop
000D164F	_lua_settop
000D16A2	_lua_remove
000D173C	_lua_insert
000D195C	_lua_pushvalue
000D19DF	_lua_type
000D19FE	_lua_typename
000D1A3E	_lua_isnumber
000D1A6C	_lua_isstring
000D1B05	_lua_tonumber
000D1B34	_lua_tointeger
000D1B96	_lua_toboolean
000D1BBE	_lua_tolstring
000D1C22	_lua_objlen
000D1C71	_lua_touserdata
000D1C9A	_lua_tothread
000D1CE7	_lua_pushnil
000D1D03	_lua_pushnumber
000D1D27	_lua_pushinteger
000D1D4B	_lua_pushlstring
000D1D90	_lua_pushstring
000D1DBD	_lua_pushvfstring
000D1DE8	_lua_pushfstring
000D1E14	_lua_pushcclosure
000D1EF4	_lua_pushboolean
000D1F1D	_lua_pushlightuserdata
000D1F41	_lua_pushthread
000D1F6F	_lua_gettable
000D1F95	_lua_getfield
000D1FE9	_lua_rawget
000D2079	_lua_rawgeti
000D2108	_lua_createtable
000D2338	_lua_settable
000D2365	_lua_setfield
000D23BD	_lua_rawset
000D247E	_lua_rawseti
000D25C5	_lua_setfenv
000D2667	_lua_call
000D26B6	_lua_pcall
000D271C	_lua_load
000D2761	_lua_gc
000D28DF	_lua_error
000D28EF	_lua_next
000D2923	_lua_concat
000D2BE0	_luaL_error
000D2F2F	_luaL_ref
000D3042	_luaL_unref
000D311C	_luaL_loadbuffer
000D356D	_luaL_register
000D35DC	_lua_getstack
000D36A4	_lua_getlocal
000D3F49	_lua_getinfo
000D7D5F	_luaopen_base
000D844E	_luaD_growstack
000D92B3	_luaS_newlstr
000D93CA	_luaV_tonumber
000D9FD1	_luaV_concat
000DE23D	_luaH_new

**~~broly7~~** · 10-05-2013

Here are some i've got Not Rebased

Code:

#define REBASE_ADDRESS(addr)            ((addr) - 0x400000)


_get_item_obj = REBASE_ADDRESS(0x00843A6D);

_get_active_camera = REBASE_ADDRESS(0x008CA2A8);

_mousecursor_obj = REBASE_ADDRESS(0x00F9E048);

_player_object_ptr = REBASE_ADDRESS(0x012ABE50);

_mouseover_guid = REBASE_ADDRESS(0x0114D410);

_lua_state_ptr = REBASE_ADDRESS(0x00F91530);

**Empted** · 10-06-2013

rebased:
CTM_Base = 0xCF99D0
CorpsePosition = 0xD4D7C0
FrameTimeMs = 0xB91298 //value from this one seems to be in LastHardwareAction now, instead of system time in ms.

**~~broly7~~** · 10-12-2013

Not Rebased: wow_base = 0x400000

LocalGUID = 0x010FC588
MouseOverGUID = 0x0114D410
Max_Climb_Angle = 0x00D65AC8
Jump_z_speed = 0x00EA591C

Anybody got GetBagAtIndex?

**~~JuJuBoSc~~** · 10-12-2013

Originally Posted by broly7

Max_Climb_Angle = 0x00D65AC8
Jump_z_speed = 0x00EA591C

Be careful, both are scanned by warden.

**DarkLinux** · 10-12-2013

Last time I looked warden did not scan the addresses that read the value like, mov ebx, [Max_Climb_Angle]. You then just need to change like 5 different places with your own value.

**~~broly7~~** · 10-13-2013

Originally Posted by JuJuBoSc

Be careful, both are scanned by warden.

That's not important when you play on privates

Btw, thanks to Culino2 for the address.

Here some more: REBASED

NetClient::Send2 = 0x0039199E
_player_object_ptr = 0x00EABE50
_packet_obj_vtbl = 0x00914768

**~~JuJuBoSc~~** · 10-15-2013

New warden scans :

0x00631D0B 8 Bytes
0x00631D51 7 Bytes

M2 / WMO collision related.

**redcatH** · 10-20-2013

hi.szKaXo
me jmp 0080192D find the this.
.text:0080192D sub_80192D proc near ; CODE XREF: sub_88ABAF:loc_88AC4Fp
.text:0080192D ; sub_88AC7F:loc_88B130p
.text:0080192D fld dword_10F99D0
.text:00801933 retn
.text:00801933 sub_80192D endp
but
I do not understand How Found Here

**redcatH** · 10-20-2013

Originally Posted by szKaXo

.text:0080192D GetClickToMoveStruct proc near ; CODE XREF: sub_88ABAF:loc_88AC4Fp
.text:0080192D ; sub_88AC7F:loc_88B130p
.text:0080192D fld dword_10F99D0
.text:00801933 retn
.text:00801933 GetClickToMoveStruct endp

CTM_Base = 0x10F99D0 - 0x400000

hi.szKaXo

me jmp 0080192D find the this.
.text:0080192D sub_80192D proc near ; CODE XREF: sub_88ABAF:loc_88AC4Fp
.text:0080192D ; sub_88AC7F:loc_88B130p
.text:0080192D fld dword_10F99D0
.text:00801933 retn
.text:00801933 sub_80192D endp
but
I do not understand How Found Here

**ZenLulz** · 10-20-2013

Originally Posted by redcatH

hi.szKaXo

me jmp 0080192D find the this.
.text:0080192D sub_80192D proc near ; CODE XREF: sub_88ABAF:loc_88AC4Fp
.text:0080192D ; sub_88AC7F:loc_88B130p
.text:0080192D fld dword_10F99D0
.text:00801933 retn
.text:00801933 sub_80192D endp
but
I do not understand How Found Here

The function GetClickToMoveStruct can be found in the IDA database attached in the first post of this thread. The location 0x10F99D0 is the CTM base. As IDA rebases analyzed programs at 0x400000, the offset is 0x10F99D0 - 0x400000 = CF99D0.

Shout-Out

User Tag List

Thread: [WoW] [5.4.0 17399] Release x86 Info Dump Thread

Thread Tools

Search Thread

Similar Threads

[WoW] [5.3.0 17055] Release x86 Info Dump Thread

[WoW] [5.3.0 16992] Release x86 Info Dump Thread

[WoW] [5.3.0 16983] Release x86 Info Dump Thread

[WoW] [5.3.0 16981] Release x86 Info Dump Thread

[WoW] [5.3.0 16977] Release x86 Info Dump Thread

OwnedCore Forums

casino

CoreCoins

My OwnedCore

About Us

Casino