[C#][3.3.5][Help] Reversing GetRaidRosterInfo

**Borg333** · 07-24-2022

Hello,
I tryed to revers lua_GetRaidRosterInfo to get subgroup and in pseudocode i see

Code:

v8 = (double)*(int *)(v7[52] + 192);

, where v7 as I understand is a baseaddress

Code:

v7 = ClntObjMgrObjectPtr(*(WGUID *)v2, TYPEMASK_UNIT);

I cant understan what [52] is mean? As for 192 i think it is offset ->

Code:

double index = BlackMagic.ReadDouble(unit.BaseAddress + 0x192);

**air999** · 07-29-2022

Code:

    v7 = ClntObjMgrObjectPtr(*(WGUID *)v2, TYPEMASK_UNIT);
    v20 = v7;
    if ( v7 )
    {
        UNIT_FIELD_LEVEL = (double)(int)v7->UnitBase.UnitData->UNIT_FIELD_LEVEL;
    }
    else if ( (*(_BYTE *)(v2 + 24) & 1) != 0 )
    {
        v21 = *(unsigned __int16 *)(v2 + 40);
        UNIT_FIELD_LEVEL = (double)v21;
    }
    else
    {
        UNIT_FIELD_LEVEL = 0.0;
    }
    FrameScript::PushNumber(a1, UNIT_FIELD_LEVEL);

Code:

.text:0057379B 8B 88 D0 00 00 00                 mov     ecx, [eax+0D0h]
.text:005737A1 DB 81 C0 00 00 00                 fild    dword ptr [ecx+0C0h]

It's desriptor field. You should read descriptor address first, then read field. Like this:

double UnitLevel = Memory.Read<double>(Memory.Read<IntPtr>(unit.BaseAddress+0x0D0) + 0x0C0);

**Borg333** · 07-29-2022

Thanks! I have mistake with getting arg number for subgroup, it is the third, but looking on fourth. so
subgroup is FrameScript::PushNumber(a1, (double)(unsigned int)v20);
v20 = (_DWORD *)(*(_DWORD *)(v2 +

+ 1);
v2 is like GUID pointer or baseaddress + guid offset? Dont understand it.

**air999** · 07-29-2022

name, rank, subgroup, level, class, fileName, zone, online, isDead, role, isML = GetRaidRosterInfo(raidIndex);

Code:

CGPartyInfo__s_groups 00BEB568  // pointer to group info
RaidMemberPtr = Memory.Read<IntPtr>(Memory.Read<IntPtr>(CGPartyInfo__s_groups) + (raidIndex-1)*4 )
subgroup = Memory.Read<int>(RaidMemberPtr + 8) + 1

Code:

.text:005736E3 8B 45 EC                          mov     eax, [ebp+a3]
.text:005736E6 83 E8 01                          sub     eax, 1
.text:005736E9 3B 05 08 B6 BE 00                 cmp     eax, dword_BEB608
.text:005736EF D9 6D FE                          fldcw   [ebp+var_2]
.text:005736F2 0F 83 EE 02 00 00                 jnb     loc_5739E6
.text:005736F8 8B 3C 85 68 B5 BE+                mov     edi, CGPartyInfo__s_groups[eax*4]
.text:005736F8 00
.text:005736FF 33 C0                             xor     eax, eax
.text:00573701 3B F8                             cmp     edi, eax
.text:00573703 0F 84 DD 02 00 00                 jz      loc_5739E6
.text:00573709 8B 4F 04                          mov     ecx, [edi+4]
.text:0057370C 8B 17                             mov     edx, [edi]
.text:0057370E 50                                push    eax             ; a6
.text:0057370F 50                                push    eax             ; a5
.text:00573710 50                                push    eax             ; a4
.text:00573711 89 45 EC                          mov     [ebp+a3], eax
.text:00573714 89 45 F0                          mov     [ebp+a3+4], eax
.text:00573717 8D 45 EC                          lea     eax, [ebp+a3]
.text:0057371A 50                                push    eax             ; a3
.text:0057371B 51                                push    ecx
.text:0057371C 52                                push    edx             ; a2
.text:0057371D B9 38 D9 C5 00                    mov     ecx, offset WDB_CACHE_NAME ; this
.text:00573722 E8 49 A0 10 00                    call    DBCache_NameCache_GetRecord
.text:00573727 8B D8                             mov     ebx, eax
.text:00573729 85 DB                             test    ebx, ebx
.text:0057372B 0F 84 B5 02 00 00                 jz      loc_5739E6
.text:00573731 68 31 01 00 00                    push    131h
.text:00573736 8D 85 B8 FE FF FF                 lea     eax, [ebp+var_148]
.text:0057373C 50                                push    eax
.text:0057373D 8B CB                             mov     ecx, ebx
.text:0057373F E8 DC 9A F8 FF                    call    NameCache__FullName
.text:00573744 50                                push    eax
.text:00573745 56                                push    esi             ; double
.text:00573746 E8 05 AC 2D 00                    call    FrameScript__PushString
.text:0057374B DB 47 0C                          fild    dword ptr [edi+0Ch]
.text:0057374E DD 1C 24                          fstp    [esp+15Ch+var_15C]
.text:00573751 56                                push    esi             ; int
.text:00573752 E8 49 AB 2D 00                    call    FrameScript__PushNumber
.text:00573757 8B 4F 08                          mov     ecx, [edi+8]
.text:0057375A 83 C1 01                          add     ecx, 1
.text:0057375D 85 C9                             test    ecx, ecx
.text:0057375F 89 4D F4                          mov     [ebp+var_C], ecx
.text:00573762 DB 45 F4                          fild    [ebp+var_C]
.text:00573765 7D 06                             jge     short loc_57376D
.text:00573767 DC 05 B8 56 9E 00                 fadd    ds:dbl_9E56B8
.text:0057376D
.text:0057376D                   loc_57376D:                             ; CODE XREF: Lua_GetRaidRosterInfo+D5↑j
.text:0057376D 83 C4 04                          add     esp, 4
.text:00573770 DD 1C 24                          fstp    [esp+15Ch+var_15C]
.text:00573773 56                                push    esi             ; int
.text:00573774 E8 27 AB 2D 00                    call    FrameScript__PushNumber

Shout-Out

User Tag List

Thread: [C#][3.3.5][Help] Reversing GetRaidRosterInfo

Thread Tools

Search Thread

[C#][3.3.5][Help] Reversing GetRaidRosterInfo

Similar Threads

[HELP] Reversing functions with IDA (unitReaction)

Reversing a function - need some help

LUA Reversing need help

Some help needed with reversing

Account sold, money reversed. Need help

OwnedCore Forums

casino

CoreCoins

My OwnedCore

About Us

Casino