Looking for Handlers Guides

[ehsan619]

hi
i am a C++ developer and i have started to work on mop. since last 2 weeks i had no idea about how to work on a new patch but after reading some articles here i found how to begin! for now i have finished sniffing most of the opcodes and also i have write some handles but my problem is i don't have enough knowledge about the Handles!
i searched the forum but i couldn't find any good tutorial about that.
I can give a example about what confuses me in Handles :
for example we want to handle the CMSG_SET_ACTIVE_MOVER opcode in TC4.3.4 the handler for this opcode is HandleSetActiveMoverOpcode in MovementHandler.cpp and this is a part of code that i dont understand it :

Code:

    ObjectGuid guid;

    guid[7] = recvPacket.ReadBit();
    guid[2] = recvPacket.ReadBit();
    guid[1] = recvPacket.ReadBit();
    guid[0] = recvPacket.ReadBit();
    guid[4] = recvPacket.ReadBit();
    guid[5] = recvPacket.ReadBit();
    guid[6] = recvPacket.ReadBit();
    guid[3] = recvPacket.ReadBit();

    recvPacket.ReadByteSeq(guid[3]);
    recvPacket.ReadByteSeq(guid[2]);
    recvPacket.ReadByteSeq(guid[4]);
    recvPacket.ReadByteSeq(guid[0]);
    recvPacket.ReadByteSeq(guid[5]);
    recvPacket.ReadByteSeq(guid[1]);
    recvPacket.ReadByteSeq(guid[6]);
    recvPacket.ReadByteSeq(guid[7]);

1.where can i find the correct numbers of guid when you recv the bits?
2.what are they stand for?
3.also what is the byte seq here?
4.can i get them using IDA or i need another tools?
5.is there any tutorial about them?
please help me

[ZealX]

Well Im playing with this in IDA for 2 days now and Ill share what I learned so far.

All SMSG opcodes seem to be primarily handled by the NetClientDispatcher function inside the client. There is an argument-formula inside the switch-case block that does some bitwise operations with the opcode and then assigns a case to it - that is a handler function for that opcode. Currently in 541 the dispatcher is located at 0x0065261C (not rebased).

There are also functions inside the client that read from packets, CDataStore_Get*, for bit, byte, int, string etc. You need to identify those first - you can do that by downloading an IDB file for an older version of wow to see its structure - or wait for a 541 version of the IDB.

When looking inside the opcode handler, it seems to be as simple as looking at the mentioned method calls of CDataStore_Get*. Of course it can get complicated when there are several subroutine calls included.

[ehsan619]

First of all Thanks For your help. but I couldn't find the function NetClientDispatcher in 4.3.4 idb also i looked at the info dump of 4.3.4 in this forum and i couldn't find that function in IDA.

----------
I don't know why i cann't post the code it says it contains forbidden words

[ehsan619]

lets talk about HandlePlayerLoginOpcode that handles CMSG_PLAYER_LOGIN opcode the handle just take the guid of player from packet structure of the opcode and then adds player to world and continues... this handle works on TC 4.3.4 :

Code:

playerGuid[2] = recvData.ReadBit();
    playerGuid[3] = recvData.ReadBit();
    playerGuid[0] = recvData.ReadBit();
    playerGuid[6] = recvData.ReadBit();
    playerGuid[4] = recvData.ReadBit();
    playerGuid[5] = recvData.ReadBit();
    playerGuid[1] = recvData.ReadBit();
    playerGuid[7] = recvData.ReadBit();

    recvData.ReadByteSeq(playerGuid[2]);
    recvData.ReadByteSeq(playerGuid[7]);
    recvData.ReadByteSeq(playerGuid[0]);
    recvData.ReadByteSeq(playerGuid[3]);
    recvData.ReadByteSeq(playerGuid[5]);
    recvData.ReadByteSeq(playerGuid[6]);
    recvData.ReadByteSeq(playerGuid[1]);
    recvData.ReadByteSeq(playerGuid[4]);

I searched for that function in IDA and i found sub_625150 function and then i pseudocode the asemmbly code to C code and this is our code now :

Code:

int __stdcall ClientConnection__SendPlayerLoginOpcode(int a1, int a2, int a3)
{
  int result;
  char v4
  int v5; 
  int v6; 
  int v7; 
  int v8; 
  int v9; 
  int v10;

  v6 = 0;
  v7 = 0;
  v8 = 0;
  v9 = 0;
  v5 = (int)off_B898C4;
  v10 = -1;
  sub_66D6F0((int)&v4, a1, a2);
  NetClient__Send(&v4, 2);
  result = sub_66BC20(&v4);
  v5 = (int)off_B898C4;
  if ( v8 != -1 )
    result = off_B898C8(&v5, &v6, &v7, &v8);
  return result;
}

so the problem is how can i find that packet structure when this function sends it?

thanks for your helping