Hello,
I'm attempting to read all auras applied to a unit using an external application. Thus far I've had some success, but it has been unreliable. For example, my application is able to find all of the hidden auras like mastery and weapon skills, but it is unable to find proc auras like Hotstreak (4810
, or Heating Up (48107). Also, the aura count is always 256, which makes me think my offsets are off.
Running a few searches led to
this forum thread which makes reference to the function Unit_GetAuraByIndex. I could not find this function using my usual methods, and later discovered that @
ejt produced an application that is able to find this function via pattern search. Decompiling the function yields the following result:
Code:
signed __int64 __fastcall sub_B88BC0(__int64 a1, unsigned int a2)
{
unsigned int v2; // er8@1
__int64 v3; // rcx@1
unsigned int v4; // eax@2
signed __int64 v5; // rdx@5
signed __int64 result; // rax@7
v2 = *(_DWORD *)(a1 + 4224); // 0x1080 - Count
v3 = a1 + 1536; // 0x600 - Table
// If count == -1, then the AURA_MAX is at UnitBase + 0x600
if ( v2 == -1 )
{
v4 = *(_DWORD *)v3;
}
else
{
// Otherwise, the AURA_MAX is at UnitBase + 0x1080
v4 = v2;
}
// If the index is out of bounds, return 0
if ( a2 >= v4 )
{
result = 0i64;
}
else
{
// The information for the current aura is at sizeof(Aura) multiplied by index
v5 = 168i64 * a2;
// If count == -1, the table is at 0x608
if ( v2 == -1 )
v3 = *(_QWORD *)(v3 + 8);
// The aura info can be found at sizeof(Aura) + table
result = v5 + v3;
}
return result;
}
Given that, and looking at
this post, I wrote the following:
Code:
std::vector<Aura> MemoryMgr::GetUnitAuras(GameWindow* window, uintptr pointer)
{
std::vector<Aura> auras;
int32 count = Read<int32>(window->m_process, pointer + 0x1080);
uint64 table = pointer + 0x600;
int32 auraMax = count;
if (count == -1)
{
auraMax = Read<int32>(window->m_process, pointer + 0x600);
table = Read<uint64>(window->m_process, pointer + 0x608);
}
for (int32 i = 0; i < auraMax; ++i)
{
Aura aura = Read<Aura>(window->m_process, (sizeof(Aura) * i) + table);
auras.emplace_back(aura);
}
return auras;
}
Code:
struct Aura
{
uint32 unknown_00;
uint32 unknown_04;
uint32 unknown_08;
uint32 unknown_0C;
uint32 unknown_10;
uint32 unknown_14;
uint32 unknown_18;
uint32 unknown_1C;
uint32 unknown_20;
uint32 unknown_24;
ObjectGuid CasterGuid;
uint32 unknown_38;
uint32 unknown_3C;
uint32 unknown_40;
uint32 unknown_44;
uint32 SpellId;
uint32 unknown_4C;
uint32 unknown_50;
uint32 unknown_54;
uint32 unknown_58;
uint32 unknown_5C;
uint32 unknown_60;
uint32 unknown_64;
uint32 unknown_68;
uint32 unknown_6C;
uint32 unknown_70;
uint32 unknown_74;
uint32 unknown_78;
uint32 unknown_7C;
uint32 unknown_80;
uint32 unknown_84;
uint32 unknown_88;
uint32 unknown_8C;
uint32 unknown_90;
uint32 unknown_94;
uint32 unknown_98;
uint32 unknown_9C;
uint32 unknown_A0;
uint32 unknown_A4;
};
The pointer in my code snippet is the base address for the current object in s_curMgr (some of you know it as ObjectMgr). When I use this address, the aura count is always 0. I also used current object + 0x18 (offset to GUID) entirely by mistake, which results in aura count always being 256, which, in turn, yields a lot of bad results. However, using this point in memory does return a lot of auras including debuffs on enemies. Unfotunately, I do not get any proc auras like Hotstreak (4810
, or Heating Up (48107).
What am I missing?