[CLASSIC] Reversing castSpellBySlot for fishing bot

**Sellingmydruidlol** · 06-10-2021

Hello, I'm currently trying to reverse castSpellBySlot for a fishing bot.
The function I'm referring can be found at base + 0x1567D00 as of the latest build (38921). I'm unsure if they made any changes going into TBC, but my initial assumption was yes after comparing it to an older client.
Afaik the params it took before 2.5.1 were:

Code:

typedef int64_t(__fastcall* __castSpellBySlot)(int32_t, int32_t, WowGuid*, int8_t, int8_t);

When calling it like:

Code:

_castSpellBySlot(fishSpellSlot, 0, &player->guid, 0, 0);

I get occasional crashes, even though I am in the main thread.

After looking at the decompiler for a bit I figured that maybe the second argument was a 1byte, but that doesn't seem to have much of an effect, still having occasional crashes. Also tried passing a null guid, also did not seem to make much of a difference. Maybe someone else has it figured out already.

My discord is siggestardust#8016 if someone wants to discuss it over DMs.

**ChrisIsMe** · 06-10-2021

auto v8 = (char *)lua_tostring(a1, 1LL, 0LL);
auto v10 = CGSpellBook::FindSpellByName(v8, (const char *)&v64);
auto v15 = CGSpellBook::GetOverridenSpell(v10, 0LL);
Spell_C_ClickSpell(v15, (CGItem)&v55, 0LL, (GUID)&v60);

// Script_CastSpellByName (TBC)

**Sellingmydruidlol** · 06-10-2021

Could you give some context to what you've sent here, I'm unable to decompile the function which references the CastSpellByName string in IDA. I'm assuming this is where it's from?

**ChrisIsMe** · 06-10-2021

Originally Posted by Sellingmydruidlol

Could you give some context to what you've sent here, I'm unable to decompile the function which references the CastSpellByName string in IDA. I'm assuming this is where it's from?

Need to decompile `Usage: CastSpellByName`... function.

I do not have a binary for you version to test, I cannot help more.

**scimmy** · 06-10-2021

Very likely that this script function is obfuscated already, like many of the others, which is why your decompilation isn't working.

Lucky for you, I've documented and uploaded old classic dumps in case this kind of bullshit continues to happen for analysis purposes: GitHub - notscimmy/wow_classic_dumps: Binary dumps of World of Warcraft Classic...for educational purposes of course

**ChrisIsMe** · 06-10-2021

Originally Posted by scimmy

Very likely that this script function is obfuscated already, like many of the others, which is why your decompilation isn't working.

Lucky for you, I've documented and uploaded old classic dumps in case this kind of bullshit continues to happen for analysis purposes: GitHub - notscimmy/wow_classic_dumps: Binary dumps of World of Warcraft Classic...for educational purposes of course

Biggest problem is just patching the opaque predicates then decompilation should work okay.

Manually fixing opaque predicates and using X-Rays for decryption [Malware Reverse Engineering video] : ReverseEngineering