RETAIL  HELP!  Unable to find Unit/Object Name. menu

User Tag List

Results 1 to 13 of 13
  1. #1
    34D's Avatar Member
    Reputation
    4
    Join Date
    May 2020
    Posts
    57
    Thanks G/R
    10/3
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    RETAIL HELP! Unable to find Unit/Object Name.

    I am new here. At present, I can traverse such as type, race, class, xyzr, etc.,
    Now looking for Unit/Object Name

    Approved by previously posted. It maybe [m_curObj + Name_base] + Name_off

    Code:
    uintptr_t m_CurObj = ReadMemory<uintptr_t>(hProcess, ObjectMgr.VisibleObjects.Next)
    
    for (auto k = 0; k < 1000; k++)
    {
    	uintptr_t nameptr = ReadMemory<uintptr_t>(hProcess, m_CurObj - 0x18 + 0x4 * k);
    	for (auto i = 0; i < 200; i++)
    	{
    		std::string name = ReadString(hProcess, nameptr + 0x4 * i);
    	}
    }
    So I want to go through the above 0x4 Entry to find it but I failed.

    Of course I tried increasing the number of 0x4 too

    Where am I wrong? HELP!
    Last edited by 34D; 06-23-2020 at 07:57 AM.

    RETAIL  HELP!  Unable to find Unit/Object Name.
  2. #2
    counted's Avatar Contributor Authenticator enabled
    Reputation
    203
    Join Date
    Mar 2008
    Posts
    183
    Thanks G/R
    11/108
    Trade Feedback
    0 (0%)
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Look at the prior posts for Binary Update Offsets like

    https://www.ownedcore.com/forums/wor...ml#post4069879 (8.2.5.31960)

    evil2 Offsets for the 31960 binary are

    Aura_Count2 = 0x5f8
    Aura_Count1 = Aura_Count2 + 0xA80
    Aura_Table1 = Aura_Count2
    Aura_Table2 = Aura_Count2 + 0x8
    Obj_Id = 0x98
    Obj_Pos = 0x140 // xyz
    Obj_Bobbing = 0x64
    NameUnit_Base = 0x2D0
    NameUnit_Off = 0xE8
    NameObj_Base = 0x108
    NameObj_Off = 0xE0
    Camera_Off = 0x3438

    NameUnit_Base is really UnitCacheOffset

    So read Read<int64>(objBase + UnitCacheOffset)

    This will give you row address for the particular unit of interest.

    Then Read<int64>( RowAddress + NameObj_Off )

    This will give you the address of the name string

    unitname = Read<CString>( namestringaddress )

    same method with the correct offsets works for gameobjects.

    after you get this working look at Script_GetUnit to reverse where you can find the offsets for yourself.

    you can find the GameObject Offsets in Script_UnitName

  3. Thanks Miksu, GlittPrizes, sendeos23 (3 members gave Thanks to counted for this useful post)
  4. #3
    34D's Avatar Member
    Reputation
    4
    Join Date
    May 2020
    Posts
    57
    Thanks G/R
    10/3
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by counted View Post
    Look at the prior posts for Binary Update Offsets like

    https://www.ownedcore.com/forums/wor...ml#post4069879 (8.2.5.31960)

    evil2 Offsets for the 31960 binary are

    Aura_Count2 = 0x5f8
    Aura_Count1 = Aura_Count2 + 0xA80
    Aura_Table1 = Aura_Count2
    Aura_Table2 = Aura_Count2 + 0x8
    Obj_Id = 0x98
    Obj_Pos = 0x140 // xyz
    Obj_Bobbing = 0x64
    NameUnit_Base = 0x2D0
    NameUnit_Off = 0xE8
    NameObj_Base = 0x108
    NameObj_Off = 0xE0
    Camera_Off = 0x3438

    NameUnit_Base is really UnitCacheOffset

    So read Read<int64>(objBase + UnitCacheOffset)

    This will give you row address for the particular unit of interest.

    Then Read<int64>( RowAddress + NameObj_Off )

    This will give you the address of the name string

    unitname = Read<CString>( namestringaddress )

    same method with the correct offsets works for gameobjects.

    after you get this working look at Script_GetUnit to reverse where you can find the offsets for yourself.

    you can find the GameObject Offsets in Script_UnitName
    Thanks I found it is
    UnitName 0x2d0 0xf8 //8.3.0 34769
    ObjectName 0x108 0xe4 //8.3.0 34769

    Recently I am also trying to learn IDA Pro and CE Dissector, But there is no receipt yet, I don’t know how to cooperate.

    I still use the 0x4Entry to traverse it out, I don’t know how to find it with IDA Pro.

    According to your prompt

    .data:00000000027EAA70 A8 E0 27 02 00 00 00 00 dq offset aGetunit ; "GetUnit"
    .data:00000000027EB250 E8 3C 28 02 00 00 00 00 dq offset aUnitname ; "UnitName"

    thanks again!
    Last edited by 34D; 06-24-2020 at 02:33 AM.

  5. #4
    34D's Avatar Member
    Reputation
    4
    Join Date
    May 2020
    Posts
    57
    Thanks G/R
    10/3
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Code:
    .text:000000000161E730
    .text:000000000161E730                                   ; =============== S U B R O U T I N E =======================================
    .text:000000000161E730
    .text:000000000161E730
    .text:000000000161E730                                   sub_161E730   proc near                 ; DATA XREF: .data:00000000027EAA78↓o
    .text:000000000161E730                                                                           ; .pdata:0000000002D71C94↓o
    .text:000000000161E730
    .text:000000000161E730                                   var_178       = qword ptr -178h
    .text:000000000161E730                                   var_170       = byte ptr -170h
    .text:000000000161E730                                   var_168       = xmmword ptr -168h
    .text:000000000161E730                                   var_158       = xmmword ptr -158h
    .text:000000000161E730                                   var_148       = byte ptr -148h
    .text:000000000161E730                                   var_8         = byte ptr -8
    .text:000000000161E730                                   arg_0         = qword ptr  8
    .text:000000000161E730                                   arg_8         = qword ptr  10h
    .text:000000000161E730                                   arg_10        = qword ptr  18h
    .text:000000000161E730
    .text:000000000161E730 000 48 89 5C 24 08                              mov     [rsp+arg_0], rbx
    .text:000000000161E735 000 48 89 74 24 18                              mov     [rsp+arg_10], rsi
    .text:000000000161E73A 000 57                                          push    rdi
    .text:000000000161E73B 008 48 81 EC 90 01 00 00                        sub     rsp, 190h
    .text:000000000161E742 198 48 8B D9                                    mov     rbx, rcx
    .text:000000000161E745 198 48 C7 84 24 A8 01 00 00 00 00+              mov     [rsp+198h+arg_8], 0
    .text:000000000161E751 198 E8 5A 09 03 00                              call    sub_164F0B0
    .text:000000000161E756 198 44 8B C0                                    mov     r8d, eax
    .text:000000000161E759 198 C6 44 24 28 00                              mov     [rsp+198h+var_170], 0
    .text:000000000161E75E 198 41 B9 01 00 00 00                           mov     r9d, 1
    .text:000000000161E764 198 C6 44 24 20 00                              mov     byte ptr [rsp+198h+var_178], 0
    .text:000000000161E769 198 48 8B D3                                    mov     rdx, rbx
    .text:000000000161E76C 198 48 8D 8C 24 A8 01 00 00                     lea     rcx, [rsp+198h+arg_8]
    .text:000000000161E774 198 E8 97 D4 EF FE                              call    sub_51BC10
    .text:000000000161E779 198 48 8B 94 24 A8 01 00 00                     mov     rdx, [rsp+198h+arg_8]
    .text:000000000161E781 198 48 8B F0                                    mov     rsi, rax
    .text:000000000161E784 198 48 85 D2                                    test    rdx, rdx
    .text:000000000161E787 198 74 0A                                       jz      short loc_161E793
    .text:000000000161E789 198 48 8B CB                                    mov     rcx, rbx
    .text:000000000161E78C 198 E8 DF 71 39 00                              call    sub_19B5970
    .text:000000000161E791 198 33 F6                                       xor     esi, esi
    This maybe GetUnit ?

    Sorry, Are there any related IDA tutorials to learn? I don't understand yet. THANKS A LOT!

  6. #5
    counted's Avatar Contributor Authenticator enabled
    Reputation
    203
    Join Date
    Mar 2008
    Posts
    183
    Thanks G/R
    11/108
    Trade Feedback
    0 (0%)
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    You need to compare those scripts with the Mac Binary that was release with subroutines named. You can then find the subroutines in the scripts for

    CGGameObject_C::GetName
    CGUnit_C::GetUnitName

    Or you can start with the Mac Binary and figure out what Scripts and Subroutines call the above and figure it out that way.

    Either works.

  7. #6
    34D's Avatar Member
    Reputation
    4
    Join Date
    May 2020
    Posts
    57
    Thanks G/R
    10/3
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by counted View Post
    You need to compare those scripts with the Mac Binary that was release with subroutines named. You can then find the subroutines in the scripts for

    CGGameObject_C::GetName
    CGUnit_C::GetUnitName

    Or you can start with the Mac Binary and figure out what Scripts and Subroutines call the above and figure it out that way.

    Either works.
    I am learning you wrote "How to Dump Wow from Memory..."
    I download 15662 18179 Mac Binary with subroutines. but Bindiff loading too long. I went back and reinstalled the JDK, Still unsuccessful.
    Maybe I didn't install the ida pluggin. or IDA version is 7.2 problems.
    and what's the name of pluggin can set the parameters to prioritize string matching and call hierarchy.Tell me if it's convenient .PLZ



    Through investigation, it was found that Bindiff 5 is suitable for ida 7.2 Currently it can be normal diff

    And found ClntObjMgrGetActivePlayer by manually searching and comparing Script_Dissamount

    But Script_UnitName does not match automatically, and there are more locfunctions inside

    Maybe the ida plug-in is not installed, so it is not easy to find Or do I need to decompile myself?

    So I still hope you can tell me the name of the plugin, thank you very much
    Last edited by 34D; 06-25-2020 at 05:55 AM.

  8. #7
    34D's Avatar Member
    Reputation
    4
    Join Date
    May 2020
    Posts
    57
    Thanks G/R
    10/3
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Code:
    __int64 __fastcall Script_UnitName(__int64 a1)
    {
      __int64 v1; // r12
      ClientServices *v3; // rbx
      __int64 v4; // rax
      __int64 v5; // rax
      __int64 v6; // rcx
      __int16 v7; // ax
      __int64 v8; // rbx
      ItemRecSparse_C *v9; // rdi
      __int64 v10; // rax
      _BYTE *v11; // rax
      __int64 v12; // rax
      __int64 v13; // rax
      _BYTE *v14; // rax
      char *v15; // rax
      int v16; // [rsp+0h] [rbp-50h]
      int v17; // [rsp+8h] [rbp-48h]
      unsigned __int64 v18; // [rsp+10h] [rbp-40h]
      __int64 v19; // [rsp+18h] [rbp-38h]
      unsigned __int64 v20; // [rsp+20h] [rbp-30h]
      char *v21; // [rsp+28h] [rbp-28h]
    
      v1 = a1;
      if ( !(unsigned int)lua_isstring(a1, 1LL) )
      {
        luaL_error(a1);
        return 0LL;
      }
      v3 = (ClientServices *)lua_tolstring(a1, 1LL, 0LL);
      if ( !v3 )
      {
        v17 = 286331153;
        v16 = 0;
        SErrDisplayError(-2062548992, (unsigned __int64)"../../../Storm/H/SStr.inl", 61);
      }
      if ( !strcasecmp((const char *)v3, "player") )
      {
        v4 = ClientServices::GetCharacterName(v3);
        lua_pushstring(a1, v4);
        lua_pushnil(a1);
        return 2LL;
      }
      v21 = 0LL;
      v18 = 0LL;
      Script_GetGUIDFromToken((const char *)v3, &v18, 0, 0);
      v20 = v18;
      if ( v18 && v18 != -2LL )
      {
        v5 = ClntObjMgrObjectPtr(v18);
        v6 = v5;
        if ( v5 )
        {
          v7 = *(_WORD *)(*(_QWORD *)(v5 + 16) + 16LL);
          if ( v7 & 8 )
          {
            v8 = CGUnit_C::GetUnitNameExposed((CGUnit_C *)v6, (const char **)&v21, 1);
            goto LABEL_19;
          }
          if ( v7 & 0x20 )
          {
            v8 = CGGameObject_C::GetName((CGGameObject_C *)v6);
            goto LABEL_19;
          }
          if ( v7 & 2 )
          {
            v19 = 0LL;
            v9 = (ItemRecSparse_C *)WowClientDB2<ItemRecSparse_C>::GetRecord(
                                      &g_itemSparseDB,
                                      *(unsigned int *)(*(_QWORD *)(v6 + 16) + 20LL),
                                      &v19,
                                      0LL,
                                      0LL,
                                      0LL,
                                      v16,
                                      v17);
            if ( v9 )
            {
              v8 = ItemRecSparse_C::GetName(v9, 0);
              goto LABEL_19;
            }
          }
          else if ( (v7 & 0x80u) != 0 )
          {
            v18 = **(_QWORD **)(v6 + 384);
            v10 = DBCache<NameCache,unsigned long long,CHashKeyGUID,NameCacheXInfo>::GetRecord(
                    &g_nameDBCache,
                    v18,
                    &v18,
                    NameQueryCallback,
                    0LL,
                    1LL,
                    v16,
                    v17);
            if ( v10 )
            {
              v8 = v10;
              v11 = (_BYTE *)DBCache<RealmCache,unsigned int,HASHKEY_DWORD,NullXInfo>::GetRecord(
                               &g_realmDBCache,
                               *(unsigned int *)(v10 + 56),
                               &v18,
                               NameQueryCallback,
                               0LL,
                               1LL);
              if ( v11 )
              {
                if ( !*v11 )
                  v21 = v11 + 264;
              }
              goto LABEL_19;
            }
          }
        }
        else
        {
          v12 = CGPartyMemberStateRepository::FindPetState(
                  (CGPartyMemberStateRepository *)&v20,
                  (size_t *)((char *)&_mh_execute_header_0 + 1));
          v8 = v12 + 8;
          if ( v12 )
            goto LABEL_19;
          if ( (v20 & 0xF0F0000000000000LL) == -1134907106097364992LL )
          {
            v8 = DBCache<PetNameCache,int,HASHKEY_DWORD,NullXInfo>::GetRecord(
                   &g_petNameCache,
                   (v20 >> 24) & 0xFFFFFFF,
                   &v20,
                   NameQueryCallback,
                   0LL,
                   1LL,
                   v16,
                   v17);
            if ( v8 )
              goto LABEL_19;
          }
          else if ( !(v20 & 0xF000000000000000LL) )
          {
            if ( v20 & 0xF07FFFFFFFFFFFFFLL )
            {
              v13 = DBCache<NameCache,unsigned long long,CHashKeyGUID,NameCacheXInfo>::GetRecord(
                      &g_nameDBCache,
                      v20,
                      &v20,
                      NameQueryCallback,
                      0LL,
                      1LL,
                      v16,
                      v17);
              v8 = v13;
              if ( v13 )
              {
                v14 = (_BYTE *)DBCache<RealmCache,unsigned int,HASHKEY_DWORD,NullXInfo>::GetRecord(
                                 &g_realmDBCache,
                                 *(unsigned int *)(v13 + 56),
                                 &v20,
                                 NameQueryCallback,
                                 0LL,
                                 1LL);
                if ( !v14 || *v14 )
                  v15 = "";
                else
                  v15 = v14 + 264;
                v21 = v15;
    LABEL_19:
                if ( v8 )
                  goto LABEL_16;
                goto LABEL_15;
              }
            }
          }
        }
    LABEL_15:
        v8 = FrameScript_GetText("UNKNOWNOBJECT");
    LABEL_16:
        lua_pushstring(v1, v8);
        lua_pushstring(v1, v21);
        return 2LL;
      }
      lua_pushnil(a1);
      lua_pushnil(a1);
      return 2LL;
    }
    Code:
    __int64 __fastcall sub_1673010(__int64 a1)
    {
      __int64 v1; // rsi
      __int64 v3; // rbx
      __int64 v4; // rax
      __int64 v5; // rax
      __int64 v6; // rcx
      unsigned int v7; // edx
      __int64 v8; // rcx
      __int64 v9; // rax
      __int64 v10; // rax
      __int64 v11; // rbx
      __int64 v12; // rdi
      __int64 v13; // rax
      _BYTE *v14; // rax
      __int64 v15; // rax
      unsigned __int64 v16; // rax
      __int64 v17; // rax
      _BYTE *v18; // rax
      char v19; // al
      __int64 v20; // rax
      __int64 v21; // [rsp+30h] [rbp-D0h]
      unsigned __int64 v22; // [rsp+38h] [rbp-C8h]
      __int64 v23; // [rsp+40h] [rbp-C0h]
      __int64 v24; // [rsp+48h] [rbp-B8h]
      __int128 v25; // [rsp+50h] [rbp-B0h]
      char v26; // [rsp+60h] [rbp-A0h]
      char v27; // [rsp+1C8h] [rbp+C8h]
      const CHAR *v28; // [rsp+1D0h] [rbp+D0h]
    
      v1 = a1;
      if ( !(unsigned int)sub_1D8850(a1, 1i64) )
      {
        sub_19B5970(v1, aUsageUnitnameU);
        return 0i64;
      }
      v3 = sub_1D9A80(v1, 1i64);
      if ( (unsigned int)sub_265440(v3, aPlayer_0) )
      {
        v28 = 0i64;
        sub_1681590(&v21, v3, 0i64);
        if ( !(v22 >> 58) || v21 == 11 && v22 == 0x400000000000000i64 )
        {
          sub_1D8DF0(v1);
          sub_1D8DF0(v1);
          return 2i64;
        }
        v5 = sub_FB1E20(&v21, 1i64, aDBuildserverWo_409, 1777i64);
        if ( v5 )
        {
          v6 = *(unsigned __int8 *)(v5 + 16);
          v7 = dword_21F13F0[v6];
          v8 = (unsigned int)dword_21F13F0[v6] >> 5;
          if ( v8 & 1 )
          {
            v9 = sub_D72600(v5, &v28, 1i64);
          }
          else
          {
            if ( !(v7 & 0x100) )
            {
              if ( (v7 >> 1) & 1 )
              {
                v10 = sub_486230(&off_2901B60, *(unsigned int *)(v5 + 152), 0i64, &v27);
                v11 = v10;
                if ( !v10 )
                  goto LABEL_38;
                sub_38B640(v10);
                if ( !v11 )
                  goto LABEL_38;
                v12 = sub_3526F0(v11, 0i64);
                sub_38B800(v11);
              }
              else
              {
                if ( !((v7 >> 10) & 1) )
                  goto LABEL_38;
                v25 = *(_OWORD *)(v5 + 288);
                v13 = sub_565D00(&off_25A0BE0, &v25, sub_167D690, 0i64);
                if ( !v13 )
                  goto LABEL_38;
                v23 = 0i64;
                v24 = 0i64;
                v12 = v13 + 1;
                v14 = (_BYTE *)sub_564F80((__int64)&off_25A0B80);
                if ( v14 && !*v14 )
                  v28 = v14 + 264;
              }
              goto LABEL_37;
            }
            v9 = sub_E0B770(v5);
          }
        }
        else
        {
          v15 = sub_1533CF0(&v21);
          if ( v15 )
          {
            v12 = v15 + 16;
            goto LABEL_37;
          }
          v16 = v22 >> 58;
          if ( v22 >> 58 == 10 )
          {
            v12 = sub_569540(&off_25A0F00, &v21, sub_167D690, 0i64);
            if ( !v12 )
              goto LABEL_38;
            goto LABEL_37;
          }
          if ( (_DWORD)v16 == 2 )
          {
            sub_2579A0(&v26, 0i64, 306i64);
            sub_1681D60(v3, 0, (unsigned __int64)&v26);
            v17 = sub_565D00(&off_25A0BE0, &v21, sub_167D690, 0i64);
            if ( !v17 )
              goto LABEL_38;
            v23 = 0i64;
            v24 = 0i64;
            v12 = v17 + 1;
            v18 = (_BYTE *)sub_564F80((__int64)&off_25A0B80);
            if ( !v18 || *v18 )
              v28 = &ValueName;
            else
              v28 = v18 + 264;
            goto LABEL_37;
          }
          if ( (_DWORD)v16 != 20 )
            goto LABEL_38;
          v19 = sub_EC6090();
          v20 = sub_FB1DA0(&v21, (unsigned int)v19, aDBuildserverWo_409, 1816i64);
          if ( !v20 )
            goto LABEL_38;
          v9 = (*(__int64 (__fastcall **)(_QWORD))(**(_QWORD **)(v20 + 48) + 120i64))(*(_QWORD *)(v20 + 48));
        }
        v12 = v9;
    LABEL_37:
        if ( v12 )
        {
    LABEL_39:
          sub_1D8E30(v1, v12);
          sub_1D8E30(v1, v28);
          return 2i64;
        }
    LABEL_38:
        v12 = sub_517AB0(v8);
        goto LABEL_39;
      }
      v4 = sub_1C2790();
      sub_1D8E30(v1, v4);
      sub_1D8DF0(v1);
      return 2i64;
    }

    At present, I am comparing like this, trying to find CGGameObject_C::GetName

    So...

    sub_FB1E20(__int64 a1, int a2) = ClntObjMgrObjectPtr@<rax>(char a1@<bl>, unsigned __int64 a2@<rdi>, int a3@<esi>)

    sub_1C2790 = ClientServices::GetCharacterName(void)

    sub_565D00(__int64 a1, __int64 a2, void (__fastcall *a3)(_QWORD, _QWORD, _QWORD, _QWORD), __int64 a4) = WowClientDB2<ItemRecSparse_C>::GetRecord(__int64 a1, signed int a2, _QWORD *a3, void (__fastcall *a4)(_QWORD, _QWORD, _QWORD, _QWORD), __int64 a5, char a6)

    sub_E0B770(__int64 a1) = CGGameObject_C::GetName(CGGameObject_C *this)??

    Code:
    .text:0000000000E0B770
    .text:0000000000E0B770                               ; =============== S U B R O U T I N E =======================================
    .text:0000000000E0B770
    .text:0000000000E0B770
    .text:0000000000E0B770                               sub_E0B770      proc near               ; CODE XREF: sub_1487D90+62↓p
    .text:0000000000E0B770                                                                       ; sub_165C7B0+D7↓p ...
    .text:0000000000E0B770 48 8B 81 08 01 00 00                          mov     rax, [rcx+108h]
    .text:0000000000E0B777 48 85 C0                                      test    rax, rax
    .text:0000000000E0B77A 74 08                                         jz      short loc_E0B784
    .text:0000000000E0B77C 48 8B 80 E0 00 00 00                          mov     rax, [rax+0E0h]
    .text:0000000000E0B783 C3                                            retn
    .text:0000000000E0B784                               ; ---------------------------------------------------------------------------
    .text:0000000000E0B784
    .text:0000000000E0B784                               loc_E0B784:                             ; CODE XREF: sub_E0B770+A↑j
    .text:0000000000E0B784 48 8D 05 E6 EF 2C 01                          lea     rax, ValueName
    .text:0000000000E0B78B C3                                            retn
    .text:0000000000E0B78B                               sub_E0B770      endp
    .text:0000000000E0B78B
    .text:0000000000E0B78B                               ; ---------------------------------------------------------------------------
    .text:0000000000E0B78C CC CC CC CC                                   align 10h

    but I still can't find the offset I want . it's toooooooooo SAD AND BAD !

    There must be something wrong...
    Last edited by 34D; 06-25-2020 at 07:29 AM.

  9. #8
    counted's Avatar Contributor Authenticator enabled
    Reputation
    203
    Join Date
    Mar 2008
    Posts
    183
    Thanks G/R
    11/108
    Trade Feedback
    0 (0%)
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Script_GetUnit + 0x117 subroutine is CGUnit_C::GetUnitName

    CGUnit_C::GetUnitName + 0x3cf is UnitCache row offset 0x2d0

    CGUnit_C::GetUnitName + 0x406 is the UnitCache Row Field offset 0xf8

  10. #9
    34D's Avatar Member
    Reputation
    4
    Join Date
    May 2020
    Posts
    57
    Thanks G/R
    10/3
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by counted View Post
    Script_GetUnit + 0x117 subroutine is CGUnit_C::GetUnitName

    CGUnit_C::GetUnitName + 0x3cf is UnitCache row offset 0x2d0

    CGUnit_C::GetUnitName + 0x406 is the UnitCache Row Field offset 0xf8
    Thank you for your patient teaching.Although I don’t know why it’s there, but I did find them.
    Thank you again for your hard work. I don't know how to express gratitude to you.

  11. #10
    counted's Avatar Contributor Authenticator enabled
    Reputation
    203
    Join Date
    Mar 2008
    Posts
    183
    Thanks G/R
    11/108
    Trade Feedback
    0 (0%)
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by 34D View Post
    Thank you for your patient teaching.Although I don’t know why it’s there, but I did find them.
    Thank you again for your hard work. I don't know how to express gratitude to you.
    One Last Attempt to Help

    34601 Binary offset ( Zero Based )

    0x15FEF80=Script_GetUnit

    0x15FF097 the call statement is to CGUnit_C::GetUnitName

    0000000000D5FC80 is CGUnit_C::GetUnitName

    0000000000D6004B mov rdx, [rbx+2D0h] 0x2d0 is unitcache row pointer offset

    0000000000D60083 mov rax, [rdx+0F8h] 0xf8 is the field offset to the unitcache row for the name string pointer

  12. #11
    34D's Avatar Member
    Reputation
    4
    Join Date
    May 2020
    Posts
    57
    Thanks G/R
    10/3
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by counted View Post
    One Last Attempt to Help

    34601 Binary offset ( Zero Based )

    0x15FEF80=Script_GetUnit

    0x15FF097 the call statement is to CGUnit_C::GetUnitName

    0000000000D5FC80 is CGUnit_C::GetUnitName

    0000000000D6004B mov rdx, [rbx+2D0h] 0x2d0 is unitcache row pointer offset

    0000000000D60083 mov rax, [rdx+0F8h] 0xf8 is the field offset to the unitcache row for the name string pointer




    I'm so sorry that Forgive me for not making it clear . I have found them already...
    I just don’t know why the line is point and the other line is unitcache row

    Code:
        v28 = *(unsigned int *)(v7 + 0x16B0);
        if ( !(_DWORD)v28 )
        {
          v31 = *(_QWORD *)(v7 + 0x2D0);
          if ( v31 )
          {
            v14 = (int *)'\0';
            result = (char *)(*(_DWORD *)(v31 + 0x140) ? *(_QWORD *)(v31 + 0x138) : (unsigned __int64)'\0');
            if ( *(_BYTE *)(v7 + 0x157F) == 1 && result )
              return result;
            result = (char *)(*(_DWORD *)(v31 + 0x100) ? *(_QWORD *)(v31 + 0xF8) : (unsigned __int64)'\0');
            if ( result )
              return result;
          }
          goto LABEL_73;
    Code:
        if ( *v18 != *(_QWORD *)(v17 + v7)
          || v18[1] != *(_QWORD *)(v17 + v7 + 8)
          || (v19 = sub_1511AA0(*(unsigned int *)(v7 + 5636))) == 0
          || (result = (char *)(v19 + 16), !*result) )
        {
          v20 = *(_QWORD *)(v7 + 0x2D0);
          if ( v20 )
            LODWORD(v20) = *(_DWORD *)(v20 + 0x34);
          v21 = (int *)sub_46A1A0(&off_291DA80, (unsigned int)v20, '\0', &v37);
          v14 = v21;
          if ( v21 )
          {
            v22 = *v21;
            if ( (_DWORD)v22 )
              return (char *)v14 + v22;
            return (char *)&ValueName;
          }
          goto LABEL_73;
        }

    The above are two similar parts in GetUnitName. Because there is a lot of offset in
    Is it experience that allows you to quickly find that he is UnitCache or is there any special logo to quickly find which offset is for cache.
    or Is the result of the actual test of each offset.


    Sorry again for this
    I will spend some time to learn more about IDA .Trying to find the answer by myself

    Thanks again.
    Last edited by 34D; 06-26-2020 at 09:20 PM.

  13. #12
    hfc's Avatar Member
    Reputation
    1
    Join Date
    Feb 2021
    Posts
    8
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I compared with the Mac Binary and found sub_141570470 is CGUnit_C::GetUnitName in retail 9.0.5.37899.
    And I found the unitCache offset is 0x8A0, nameOffset is 0xF8 in
    Code:
    v35 = *(unsigned int *)(a1 + 7632);
        if ( !(_DWORD)v35 )
        {
          v38 = *(_QWORD *)(a1 + 0x8A0);
          if ( v38 )
          {
            v14 = 0i64;
            result = (const char *)(*(_DWORD *)(v38 + 0x140) ? *(_QWORD *)(v38 + 0x138) : 0i64);
            if ( *(_BYTE *)(a1 + 0x1C93) == 1 && result )
              return result;
            result = (const char *)(*(_DWORD *)(v38 + 0x100) ? *(_QWORD *)(v38 + 0xF8) : 0i64);
            if ( result )
              return result;
          }
          goto LABEL_73;
        }
    And Here is my code for getting unit name.But I got nothing.I dont know which step is wrong. Can anybody help me?
    Code:
    var count = 0;
    var curMgr = ReadInt64(moduleBase + Offset.CurMgr);
    var obj = ReadInt64(curMgr + 0x120);
    while(count < 50)
    {
          var unit =  ReadInt64(obj  + Offset.UnitCache);
          var nameAddr =  ReadInt64(unit + Offset.UnitName);
          var name =  ReadString(nameAddr);
          Console.WriteLine(name);
          obj  = ReadInt64(obj  + 0x00);
          count++;
    }
    var unit = ReadInt64(obj + Offset.UnitCache); ===> var unit = ReadInt64(obj + Offset.Standard + Offset.UnitCache);

    Offset.Standard is -0x28.And obj's type must be 5(unit type).it will work.
    Last edited by hfc; 03-14-2021 at 11:10 AM. Reason: Solved

  14. #13
    Mr.Sergey's Avatar Contributor
    Reputation
    113
    Join Date
    Apr 2009
    Posts
    195
    Thanks G/R
    5/21
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by hfc View Post
    var unit = ReadInt64(obj + Offset.UnitCache);
    obj in this case is not objBase, you should subtract 0x28 from this value to get objBase. Try ReadInt64(obj - 0x28 + Offset.UnitCache);

Similar Threads

  1. Server Help(Unable To Connect)
    By NonstopXtrmn8r in forum World of Warcraft Emulator Servers
    Replies: 4
    Last Post: 04-06-2008, 04:36 PM
  2. [help] Unable to validate game version. (Sorry if already on forum)
    By Renax in forum World of Warcraft Emulator Servers
    Replies: 12
    Last Post: 03-05-2008, 07:30 PM
  3. How to find the last name on a scammed account
    By olemortenm in forum WoW Scam Prevention
    Replies: 14
    Last Post: 12-02-2007, 02:51 PM
  4. Need help unable to connect to realmlist
    By endlessbounty in forum World of Warcraft Emulator Servers
    Replies: 12
    Last Post: 11-12-2007, 03:11 PM
  5. Pls help me to find Path of this Item
    By k1ll0r in forum WoW ME Questions and Requests
    Replies: 0
    Last Post: 10-01-2007, 05:04 PM
All times are GMT -5. The time now is 06:42 AM. Powered by vBulletin® Version 4.2.3
Copyright © 2024 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2024 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search