-
Private
[PROBLEM] GetMinimapZoneText - Struggle With Getting The Address
Hello guys.
I've some problems and I ask you guys for helping me out.
I've read the tutorial "[Tutorial] How to find simple stuff" and followed his instructions but I'm not able to get my currently minimap zone text, here is the in my opinion most important part:
Code:
.text:005155D0 sub_5155D0 proc near ; DATA XREF: .data:00AC838Co
.text:005155D0
.text:005155D0 arg_0 = dword ptr 8
.text:005155D0
.text:005155D0 push ebp
.text:005155D1 mov ebp, esp
.text:005155D3 mov eax, dword_BD0784
.text:005155D8 test eax, eax
.text:005155DA jnz short loc_5155E1
.text:005155DC mov eax, offset byte_9E14FF
.text:005155E1
.text:005155E1 loc_5155E1: ; CODE XREF: sub_5155D0+Aj
.text:005155E1 push eax
.text:005155E2 mov eax, [ebp+arg_0]
.text:005155E5 push eax
.text:005155E6 call sub_84E350
.text:005155EB add esp, 8
.text:005155EE mov eax, 1
.text:005155F3 pop ebp
.text:005155F4 retn
.text:005155F4 sub_5155D0 endp
I think that (".text:005155DC mov eax, offset byte_9E14FF") 0x9E14FF is the address of the zone text, because it is a char *, so after that I opened up Cheat Engine and clicked on "Add Address Manually" and entered the following address: Wow.exe + 0x5E14FF - Type: Text - Length: 30, but nothing returned, although I was logged in WoW and stand in Stormwind.
What is the address I'm looking for?
So I hope you can help me guys! (By the way I don't have the pseudocode plugin)
Greetings
-
Looks like you're not correctly following where eax is set before it's pushed to sub_84E350. Off the top of my head, this function would something look like this:
Code:
int sub_5155D0(void *a1) {
char *some_text = *dword_BD0784;
if (some_text == nullptr)
some_text = byte_9E14FF;
sub_84E350(a1, some_text);
return 1;
}
Meaning dword_BD0784 points to the text value you're looking for, and if it points to nothing, use byte_9E14FF instead (probably just a null terminator, in other words "".)
-
Post Thanks / Like - 1 Thanks
Fruschel (1 members gave Thanks to Jadd for this useful post)
-
Private
Thank you Jadd.
This morning I got this solution too!
Problem:
My program read from the address "0x5E14FF" which was wrong, like Jadd called it.
Solution:
With using the address "0x7D0784" (0xBD0784 - 0x400000) my programm could read in which zone I am.
Here is the function with "GetMinimapZoneText", "GetSubZoneText" and "GetRealZoneText":
Code:
static public string[] GetLocation()
{
try
{
BlackMagic bmWoW = new BlackMagic();
bmWoW.OpenProcessAndThread(SProcess.GetProcessFromWindowTitle("World of Warcraft"));
IntPtr baseWoW = bmWoW.MainModule.BaseAddress;
string[] strInformation = new string[3];
// GetMinimapZoneText
strInformation[0] = bmWoW.ReadASCIIString(bmWoW.ReadUInt((uint)baseWoW + 0x7D0784, false), 30);
// GetSubZoneText
strInformation[1] = bmWoW.ReadASCIIString(bmWoW.ReadUInt((uint)baseWoW + 0x7D0780, false), 30);
// GetRealZoneText
strInformation[2] = bmWoW.ReadASCIIString(bmWoW.ReadUInt((uint)baseWoW + 0x7D0788, false), 30);
return strInformation;
}
catch (Exception ex)
{
string[] strException = new string[1];
strException[0] = ex.ToString();
return strException;
}
}
Now I got another question:
I'm trying to get the name of my player, I tried everything and nothing works. Do you got any solutions, tips etc.?
In IDA I generated a list of strings and searched for something like "UnitNameOwn" but that was not what I'm looking for...
So do you got some tips / tutorials which are relating to my problem?
Greetings,
Fruschel.
-
Originally Posted by
Fruschel
Thank you Jadd.
[...]
Greetings,
Fruschel.

Hey Fruschel,
thanks for sharing your final solution! WoW Lua API functions arent renamed. Thus you can bring up the function window of IDA and search for a method which deals with your toons name. For example you can take a look at this one: API UnitName - WoWWiki - Wikia
I guess it will be a bit harder to reverse than the minimap function (have no idea how this function actually looks right now) but I think you should be able to manage it.
Just rename local variables, functions and everything else step by step to logical names and it will make sense.
A few starting points:
First and only parameter of Lua API functions is the stack pointer. Every function that deals with Lua will have this pointer as first argument. To retrieve the API function parameter ("unit", "player" etc.) it will call a function with the stack pointer as first and the argument index as second parameter.
Follow the branch that deals with the "player" parameter and you should be nearly there (info is based on 1.12.1 client).
Maybe I am overcomplicating stuff here and maybe you can just read the name somewhere out of the player object or the name cache but reversing Lua functions is an awesome starting point to get into the game
Last edited by Corthezz; 09-14-2016 at 09:30 AM.
Check my blog: https://zzuks.blogspot.com
-
Post Thanks / Like - 1 Thanks
Fruschel (1 members gave Thanks to Corthezz for this useful post)
-
Contributor
Originally Posted by
Fruschel
Thank you Jadd.
Now I got
another question:
I'm trying to get the name of my player, I tried everything and nothing works. Do you got any solutions, tips etc.?
In IDA I generated a list of strings and searched for something like "UnitNameOwn" but that was not what I'm looking for...
So do you got some tips / tutorials which are relating to my problem?
Greetings,
Fruschel.

For active player:
For npc and other players need use another algorithm.
-
Post Thanks / Like - 1 Thanks
Fruschel (1 members gave Thanks to Zazazu for this useful post)
-
Private
First I must say really big thanks to all of you guys! 
So, firstly @Corthezz:
Jea, I'm very interested in hacking and "changing" the programm code for my benefits and working with LUA would be a nice idea for going on, but I don't have a clue how I using the WoW-LUA-Functions in my C# code.
Something like:
Code:
LUAObject wowLuaObject = new LUAObject("world-of-warcraft.lua");
string strName = wowLuaObject.CallFunction("UnitName", "player").ToString();;
MessageBox.Show("Your player name is: " + strName);
(This is just an example showing how I'm imagine working with LUA in C#)
My next goal is to get the name of my character and after that I want try to create a function which moves my character from position 1 (before-x, before-y, before-z) to position 2 (target-x, target-y, target-z).
So my final questions are:
1. How am I able to use the World Of Warcraft (Version: 3.3.5a - Wrath Of The Lich King) LUA functions in C#?
Is there any tutorial / guide / how to?
1.1. And is there also a guide how to use this functions, like attaching to WoW.exe and call "UnitName" from my source code?
---
@Zazazu:
Thanks, but I'm worried using this address in Wrath Of The Lichking will work and how am I using this? I'd open up Cheat Engine and click on "Add Address Manually" and type in "WoW.exe + F3B088" but I guess this is not how it works. 
Greetings,
Fruschel.
-
Contributor
Originally Posted by
Fruschel
Something like:
Code:
LUAObject wowLuaObject = new LUAObject("world-of-warcraft.lua");
string strName = wowLuaObject.CallFunction("UnitName", "player").ToString();;
MessageBox.Show("Your player name is: " + strName);
(
This is just an example showing how I'm imagine working with LUA in C#)
If i understund y need inject code in WoW function Framescript_ExecuteBuffer (DoLua()) and FrameScript_GetText or FrameScript_GetLocalizedText (GetResultText())
Call like:
Code:
DoLua("time = GetTime()");
var currentTime = GetResultText("time");
its equial
Code:
/run time = GetTime() print(time)
in WoW.
Originally Posted by
Fruschel
@Zazazu:
Thanks, but I'm worried using this address in Wrath Of The Lichking will work and how am I using this? I'd open up Cheat Engine and click on "Add Address Manually" and type in "WoW.exe + F3B088" but I guess this is not how it works.

Sorry... My mistake, not see what version WoW u use )
-
Private
I didn't mentioned it either, my fault.
-
You need to inject your app/dll into WoW to call those functions or write the asm bytecode to execute the function to WoW's memory and then let it get executed by WoW.
iHook from Ryuk is a good starting point for understanding how to inject asm byte code etc. Also I released a whole bot source a wile ago which might also help (the source is ugly tho).
Zazazu is right on this one. You can use something along DoString to execute Lua but my intention was that you look at what the function does and replicate it (like you did with the the minimap function).
It might be easier and faster if you just get DoString working and than proceed by just executing Lua API functions but actually really understanding what they do and replicating them is a great starting point for reversing which you shouldnt miss out.
Check my blog: https://zzuks.blogspot.com
-
Private
-
Check my blog: https://zzuks.blogspot.com