-
Member
about the function "Unit_Interact"
[Classic] 1.13.2.32089
what are the params about the function "Unit_Interact" ? any help will be great, thanks
Code:
__int64 __usercall Unit_Interact@<rax>(__int64 a1@<rdx>, __int64 a2@<rcx>, int a3@<esi>, __int64 a4@<r8>, __int64 a5@<r9>)
{
__int64 v5; // rdi
__int64 result; // rax
__int64 v7; // rax
__int64 v8; // r8
__int64 v9; // rbx
__int64 v10; // rax
__int64 v11; // r8
__int64 v12; // rbx
__int64 v13; // rax
v5 = a2;
if ( !sub_166FE0(a2, a1, a4, a5) )
return 1i64;
v7 = sub_B57DC0(a3);
v9 = v7;
if ( v7 )
{
if ( *(_BYTE *)(v7 + 32) != 5 || (v13 = *(_QWORD *)(v7 + 0x17B8)) == 0 || !(*(_DWORD *)(v13 + 0xCC) & 0x20000000) )
{
LOBYTE(v8) = 1;
(*((void (__fastcall **)(__int64 (__fastcall *(*)[12])(), __int64, __int64, _QWORD))(*off_218B7F0)[0] + 5))(
off_218B7F0,
v5,
v8,
0i64);
}
(*(void (__fastcall **)(__int64))(*(_QWORD *)v9 + 0x2C0i64))(v9);
result = 1i64;
}
else
{
v10 = sub_94C4B0();
result = sub_94C4C0(v10, v5);
v12 = result;
if ( result )
{
LOBYTE(v11) = 1;
(*((void (__fastcall **)(__int64 (__fastcall *(*)[12])(), __int64, __int64, _QWORD))(*off_218B7F0)[0] + 5))(
off_218B7F0,
v5,
v11,
0i64);
(*(void (__fastcall **)(__int64))(*(_QWORD *)v12 + 392i64))(v12);
result = 1i64;
}
}
return result;
}
Last edited by garbled; 10-29-2019 at 01:07 AM.
Reason: add
-
Member
I can be wrong, but it seems like the parameters are here: WGUID ThisUnit, int InteractType, WGUID InteractUnit.
Unfortunately now I do not have access to the IDA and it is not clear which version of WoW you are using.
Struct WGUID
{
ulong low;
ulogn hi;
}
Last edited by NightlyBlooD; 10-29-2019 at 01:09 AM.
-
Member
Originally Posted by
NightlyBlooD
I can be wrong, but it seems like the parameters are here: WGUID ThisUnit, int InteractType, WGUID InteractUnit.
Unfortunately now I do not have access to the IDA and it is not clear which version of WoW you are using
my bad, [Classic] 1.13.2.32089
but there are 5 params
-
Established Member
You need to learn to identify bad decompile jobs by ida - this is one. No calling convention passes arguments in esi register, and x64 on windows has only one calling convention where args are passed in (rcx | xmm0), (rdx | xmm1), (r8 | xmm2), (r9 | xmm3), stack
More details here x64 calling convention | Microsoft Docs
Last edited by shauren; 10-29-2019 at 04:10 AM.
-
Post Thanks / Like - 2 Thanks
Corthezz,
adde88 (2 members gave Thanks to shauren for this useful post)
-
Active Member
Originally Posted by
garbled
[Classic] 1.13.2.32089
what are the params about the function "Unit_Interact" ? any help will be great, thanks
Code:
__int64 __usercall Unit_Interact@<rax>(__int64 a1@<rdx>, __int64 a2@<rcx>, int a3@<esi>, __int64 a4@<r8>, __int64 a5@<r9>)
{
__int64 v5; // rdi
__int64 result; // rax
__int64 v7; // rax
__int64 v8; // r8
__int64 v9; // rbx
__int64 v10; // rax
__int64 v11; // r8
__int64 v12; // rbx
__int64 v13; // rax
v5 = a2;
if ( !sub_166FE0(a2, a1, a4, a5) )
return 1i64;
v7 = sub_B57DC0(a3);
v9 = v7;
if ( v7 )
{
if ( *(_BYTE *)(v7 + 32) != 5 || (v13 = *(_QWORD *)(v7 + 0x17B8)) == 0 || !(*(_DWORD *)(v13 + 0xCC) & 0x20000000) )
{
LOBYTE(v8) = 1;
(*((void (__fastcall **)(__int64 (__fastcall *(*)[12])(), __int64, __int64, _QWORD))(*off_218B7F0)[0] + 5))(
off_218B7F0,
v5,
v8,
0i64);
}
(*(void (__fastcall **)(__int64))(*(_QWORD *)v9 + 0x2C0i64))(v9);
result = 1i64;
}
else
{
v10 = sub_94C4B0();
result = sub_94C4C0(v10, v5);
v12 = result;
if ( result )
{
LOBYTE(v11) = 1;
(*((void (__fastcall **)(__int64 (__fastcall *(*)[12])(), __int64, __int64, _QWORD))(*off_218B7F0)[0] + 5))(
off_218B7F0,
v5,
v11,
0i64);
(*(void (__fastcall **)(__int64))(*(_QWORD *)v12 + 392i64))(v12);
result = 1i64;
}
}
return result;
}
That function really wants to protect emails :P
-
Member
Originally Posted by
shauren
You need to learn to identify bad decompile jobs by ida - this is one. No calling convention passes arguments in esi register, and x64 on windows has only one calling convention where args are passed in (rcx | xmm0), (rdx | xmm1), (r8 | xmm2), (r9 | xmm3), stack
More details here
x64 calling convention | Microsoft Docs
You cannot infer the number of arguments(or their order) on virtuals without reading the entire chain, and because of inheritance that chain might not be available at all with static analysis, scratch registers such as rdx, r8, r9 can be filled by the callee some 3 functions above. and might not be used at all until they get read somewhere down the chain.
Yeah just go and learn, it's that easy(not).