Extract GUIDs from a packet using Lua patterns (7.3.5)

[IFireEagle]

Hi, don't know if I'm posting in the right section, but packet and memory editing are a bit common, so.
Actually, I'm facing to a wall since I tried a whole day to extract one or multiples GUIDs from a packet. I found some patterns (this one, is the best I made but can fail %x%xA0%x-040C).
Problem, is that I can't found a pattern totally reliable, you will understand with examples below.

For example, I want to extract item GUIDs from this fake packet :

Code:

6D 32 01 00 00 00 0F A0 6F AD 3E 9C 04 0C 02 00 00 00 0F A0 2E 8B 1A 5C 04 0C

If I apply this pattern, it works without fail :

Code:

for guid in string.gmatch(UnsplitBytes(data), "%x%xA0%x-040C") do
 print(guid);
end

-- Output : 0F A0 6F AD 3E 9C 04 0C - 0F A0 2E 8B 1A 5C 04 0C

But with those packet, it fails :

Code:

6D 32 00 00 A0 02 00 00 0F A0 6F AD 3E 9C 04 0C 00 00 00 00 00 00 0F A0 2E 8B 1A 5C 04 0C
6D 32 00 00 0A 06 00 00 0F A0 6F AD 3E 9C 04 0C 00 00 00 00 00 00 0F A0 2E 8B 1A 5C 04 0C

Code:

for guid in string.gmatch(UnsplitBytes(data), "%x%xA0%x-040C") do
 print(guid);
end

-- Output : 00 A0 02 00 00 0F A0 6F AD 3E 9C 04 0C - 0F A0 2E 8B 1A 5C 04 0C
-- Output : 0 0A 02 00 00 0F A0 6F AD 3E 9C 04 0C - 0F A0 2E 8B 1A 5C 04 0C

Note : I remove all spaces between each bytes before apply the pattern.

So, I can't find how to handle this problem.
Thanks for any help.

GUID structure (simplified) for whos don't know (don't know if in memory, this is the same) :

Code:

AA BB XX (CC) 04 DD

AA = GUID length (also named GUID Low Mask).
01 for 1 byte
03 for 2 bytes
07 for 3 bytes
0F for 4 bytes
...

BB = ID length (also named GUID High Mask).
A0 if no ID
A1 for 1 byte
A3 for 2 bytes
A7 for 3 bytes
...

XX = Object GUID
CC = Object ID (some objects don't require their ID in their GUID, like Items or Players).
04 = Constant, doesn't change.
DD = Object Type ID (Item, GameObject, Unit...).

If I take a GUID from my examples above :
[0F] [A0] [2E 8B 1A 5C] [04] [0C]

[2E 8B 1A 5C] = Item GUID (of 4 bytes).
[0F] = because the GUID is 4 bytes.
[A0] = because there is no ID for an item GUID.
[04] = always the same.
[0C] = Item Type ID

[mdX7]

You cannot simply find a guid in the pure packet data using patterns. Imagine that there's a packet with 128 bits of random data that just looks like a guid but are several different fields. Patterns will always fail in this case.
You could either try to parse the whole packet (or at least until the field you want) and then extract the guid from there or hook GetPacketGuid128/WritePacketGuid128. I don't know if Warden is scanning for hooks in there though. Safest method would be parsing the packet. Keep in mind that the structure may change between patches.

[IFireEagle]

Yeah, I suspected that it wasn't possible, but I prefered to ask since I'm not super strong with patterns.
I have an idea though, I calculate how many bytes the GUID have with the low mask (0F) and if there is the same bytes number between 0F A0 and 04 0C then, this is a GUID. If this is not a guid, then continue until find a valid GUID. Have to see if is it possible to code this in Lua.
Should greatly reduce chances to extract a wrong data to near 0%.

I'm using EWT Lua API to manipulate packets directly in-game with my own AddOn, so I'm restricted to Lua only.

[DarkLinux]

No idea if this help, but should give you an idea how a guid gets converted
7.3.5-godscale/ObjectGuid.cpp at a6c03c9492fa33803e5d5abaf0f7471a717ff334 . magnah/7.3.5-godscale . GitHub
look for,

Code:

ByteBuffer& operator<<(ByteBuffer& buf, ObjectGuid const& guid)
ByteBuffer& operator>>(ByteBuffer& buf, ObjectGuid& guid)

[IFireEagle]

Thanks, I will see what I can do.

[IFireEagle]

Yeah, I suspected that it wasn't possible, but I prefered to ask since I'm not super strong with patterns.
I have an idea though, I calculate how many bytes the GUID have with the low mask (0F) and if there is the same bytes number between 0F A0 and 04 0C then, this is a GUID. If this is not a guid, then continue until find a valid GUID. Have to see if is it possible to code this in Lua.
Should greatly reduce chances to extract a wrong data to near 0%.

I'm using EWT Lua API to manipulate packets directly in-game with my own AddOn, so I'm restricted to Lua only.

My idea works great.
It can only fail in the case where there is exactly this sort of data (probability are nearly null I think) :
"07 A0 01 A0 AA 04 08"
"03 A3 01 A1 AA BB 04 20"

My function takes an entire packet or a piece, we specify what kind of guid we want (if we want items guids, npcs guids...), and the function returns in a table all guids found (with their positions in the string).