# Forum > World of Warcraft > World of Warcraft Bots and Programs > WoW Memory Editing >  Opcodes...

## chemicstry

Firstly, I ask all those who knows about this not to be cocky with answers like "learn asm noob", "I know, you don't and don't ask", "[link_to_forum_rules]", "this is easy" etc.
I'm asking this because all other threads that I found on search had similar answers.

Ok, now back to topic. I have started looking on client reversing few days ago and yes I'm completely new to reverse engineering but I just need to know how to find some opcodes and their handlers so I can continue my C++ developement. CMSG and Jam packets are pretty easy but the thing I don't get is SMSG opcodes with offsets. I will numerate question so it will be easier to understand:
1. What is an opcode offset? Does it point directly to opcode handler? What is it's reference point (I mean wow base address or some dword) ?
2. Is it possible to get offset if I just have opcode handler?
3. It would be nice if someone could write step by step guide on how to get opcode offset.

Thanks!

YES I HAVE USED SEARCH AND DIDN'T FIND ANYTHING

----------


## GliderPro

LEARN ASM NOOB!  :Cool:  x86 instruction listings - Wikipedia, the free encyclopedia

Oh. Wait. Are you talking about commands in the packets sent to the server? Got no clue about those.

----------


## chemicstry

> Thats funny lolz... the guy with -4 rep and a username after a bot he did not code is calling out another noob lolz.. so funny...
> 
> What you need to do...
> http://www.ownedcore.com/forums/worl...mp-thread.html + Cheat Engine + wow = answer...
> 
> 
> And if you dont know how to use CE... 
> http://www.ownedcore.com/forums/worl...ngine-wow.html


I know how to get offset in IDA, but I get something 6-8 hex digits long and opcode offsets usually are 4 digits decimal. In CE it's 6-8 digits too.




> v127 = off_1B5E1FC;
> *(_DWORD *)(dword_1D5DA5C + 4952) = v127;


This is where handler is assigned for _SMSG_EMOTE = 0x076FE_. 4952 is the opcode offset and 0x151C40 is the handler address (with all those CDataStore). The problem is that I don't see any relationships between those numbers...

Thanks for helping

----------


## -Ryuk-

Opcodes are randomized now... so you will need to find all of them, and make "good" patterns to find them automatically.

Hint: Take a look at SendMovementUpdate, I learnt a lot about Opcodes from that  :Wink:

----------


## chemicstry

> Opcodes are randomized now... so you will need to find all of them, and make "good" patterns to find them automatically.
> 
> Hint: Take a look at SendMovementUpdate, I learnt a lot about Opcodes from that


I know that they are randomised. I just need to find some opcodes and their handlers, nothing more.

PH_SMSG_GROUP_JOINED_BATTLEGROUND function address is 0x9243C0
How do I get this opcode's offset?

----------


## DrakeFish

> I know that they are randomised. I just need to find some opcodes and their handlers, nothing more.
> 
> PH_SMSG_GROUP_JOINED_BATTLEGROUND function address is 0x9243C0
> How do I get this opcode's offset?


Look at what's calling it (or what's calling what's calling it..). It should be comparing the header of the packet (where the opcode is) with some number. This number will be your offset .

----------


## LogicWin

The big trick is to send those f*ckers

----------

