[Wow 5.4.0 XXXXX] Problem with some XOR calculations

[Malak044]

Hello guyz, i m trying to reverse some packets sent to the client at a time, and i've got some strange results. Here is the line that makes fun of me :

Code:

*(_DWORD *)v1 ^= (unsigned int)&unk_FFFFFF & (v2 ^ *(_DWORD *)v1);

found on :

Code:

char __thiscall sub_717E04(void *this, int a2, int a3) (build 17371) (case 244 on ClientDispatch for all build)

Where v1 is the variable stocking the result in the struct. and v2 is the variable sent by the server.

The info that i try to find is the length of name of some NPC.

Here is what i got so far :

Code:

Entry of NPC
Sent       [DEC] [BINARY]
Wanted     [DEC] [BINARY]

5479
4    0100
7    0111

5480
6   0110
11  1011

914
7   0111
13  1101

44256
5   0101
10  1010

52027
8   01000
16  10000

44251
6   0110
12  1100

44245
9   01001
17  10001

44246
8   01000
16  10000

58154
6   0110
12  1100

So what i can say with those data is that the client acts in 2 differents ways : it multiply the data sent by 2 (minus 1)

the problem i get is very simple: when do i have to minus the result or not ?! do u think a previous packet initialize the var in the struct. ?! seems that unk_FFFFFF is always 0 but i m not sure at all

P.S. : sorry for the bad english, isnt my 1st language.

All ideas are welcome.

Malak

[doityourself]

Ignore the xor. Just some shit which is not needed.

there are just simple BitUnpack::GetBitCT functions used.

[_Mike]

seems that unk_FFFFFF is always 0 but i m not sure at all

Do not blindly trust hex-rays. It's a constant, not a variable. Notice the address-of operator.