# Forum > World of Warcraft > World of Warcraft Bots and Programs > WoW Memory Editing >  [WoW] 1.12.1.5875 Info Dump Thread

## namreeb

Just curious if anyone is still actively working on reversing the 1.12.1 client? I've been tinkering with it a bit when I found a large but vulnerable private server which runs it.

Edit: Adding some useful stuff.



```
        public static readonly IntPtr CGGameUI__EnterWorld = new IntPtr(0x4908C0);
        public static readonly IntPtr CGLootInfo__HasLoot = new IntPtr(0x4C2A70);
        public static readonly IntPtr CGPlayer_C__CanTrackObject = new IntPtr(0x5ED2B0);
        public static readonly IntPtr CGPlayer_C__CanTrackUnit = new IntPtr(0x5ED210);
        public static readonly IntPtr CGPlayer_C__ClickToMove = new IntPtr(0x00611130);
        public static readonly IntPtr ClientConnection__SendPacket = new IntPtr(0x005379A0);
        public static readonly IntPtr ClientServices__SetMessageHandler = new IntPtr(0x005AB650);
        public static readonly IntPtr ClntObjMgrEnumVisibleObjects = new IntPtr(0x00468380);
        public static readonly IntPtr ClntObjMgrGetActivePlayer = new IntPtr(0x00468550);
        public static readonly IntPtr ClntObjMgrGetMapId = new IntPtr(0x00468580);
        public static readonly IntPtr ClntObjMgrObjectPtr = new IntPtr(0x00468460);
        public static readonly IntPtr ClntObjMgrSetMapId = new IntPtr(0x004685A0);
        public static readonly IntPtr CMovement__MoveUnit = new IntPtr(0x00616620);
        public static readonly IntPtr FrameScript__Execute = new IntPtr(0x00704CD0);
        public static readonly IntPtr FrameScript__Register = new IntPtr(0x00704120);
        public static readonly IntPtr FixSwimming = new IntPtr(0x007C6E88);
        public static readonly IntPtr GetContainerGuid = new IntPtr(0x4F93E0);
        public static readonly IntPtr NetClient__ProcessMessage = new IntPtr(0x537AA0);
```

OpCode handlers:



```
[9:17:09 AM] OpCode: SMSG_WARDEN_DATA Handler: 0x6CA5C0 Unk: 0
[9:17:12 AM] OpCode: SMSG_ACCOUNT_DATA_TIMES Handler: 0x5AF8E0 Unk: 0
[9:17:12 AM] OpCode: SMSG_UPDATE_ACCOUNT_DATA Handler: 0x5AFC60 Unk: 0
[9:17:12 AM] OpCode: SMSG_UPDATE_OBJECT Handler: 0x4651A0 Unk: 0
[9:17:12 AM] OpCode: SMSG_COMPRESSED_UPDATE_OBJECT Handler: 0x4672F0 Unk: 0
[9:17:12 AM] OpCode: SMSG_DESTROY_OBJECT Handler: 0x4674A0 Unk: 0
[9:17:12 AM] OpCode: SMSG_PVP_CREDIT Handler: 0x48F690 Unk: 0
[9:17:12 AM] OpCode: MSG_CORPSE_QUERY Handler: 0x48F690 Unk: 0
[9:17:12 AM] OpCode: SMSG_CORPSE_RECLAIM_DELAY Handler: 0x48F690 Unk: 0
[9:17:12 AM] OpCode: SMSG_GM_PLAYER_INFO Handler: 0x48F690 Unk: 0
[9:17:12 AM] OpCode: CMSG_GM_REQUEST_PLAYER_INFO Handler: 0x48F690 Unk: 0
[9:17:12 AM] OpCode: SMSG_PLAY_MUSIC Handler: 0x48F690 Unk: 0
[9:17:12 AM] OpCode: SMSG_PLAY_SOUND Handler: 0x48F690 Unk: 0
[9:17:12 AM] OpCode: SMSG_PLAY_OBJECT_SOUND Handler: 0x48F690 Unk: 0
[9:17:12 AM] OpCode: SMSG_AREA_TRIGGER_MESSAGE Handler: 0x48F690 Unk: 0
[9:17:12 AM] OpCode: SMSG_INIT_WORLD_STATES Handler: 0x48F690 Unk: 0
[9:17:12 AM] OpCode: SMSG_UPDATE_WORLD_STATE Handler: 0x48F690 Unk: 0
[9:17:12 AM] OpCode: SMSG_AREA_SPIRIT_HEALER_TIME Handler: 0x48F690 Unk: 0
[9:17:12 AM] OpCode: SMSG_INVALID_PROMOTION_CODE Handler: 0x48F690 Unk: 0
[9:17:12 AM] OpCode: SMSG_WEATHER Handler: 0x48F690 Unk: 0
[9:17:12 AM] OpCode: SMSG_CHANNEL_NOTIFY Handler: 0x49BF80 Unk: 0
[9:17:12 AM] OpCode: SMSG_CHANNEL_LIST Handler: 0x49C690 Unk: 0
[9:17:12 AM] OpCode: SMSG_MESSAGECHAT Handler: 0x49D560 Unk: 0
[9:17:12 AM] OpCode: SMSG_TEXT_EMOTE Handler: 0x49DBE0 Unk: 0
[9:17:12 AM] OpCode: SMSG_ZONE_UNDER_ATTACK Handler: 0x49DCC0 Unk: 0
[9:17:12 AM] OpCode: 827 Handler: 0x49DE30 Unk: 0
[9:17:12 AM] OpCode: SMSG_SERVER_MESSAGE Handler: 0x49DF80 Unk: 0
[9:17:12 AM] OpCode: SMSG_RAID_INSTANCE_INFO Handler: 0x49E070 Unk: 0
[9:17:12 AM] OpCode: SMSG_RAID_INSTANCE_MESSAGE Handler: 0x49E1C0 Unk: 0
[9:17:12 AM] OpCode: SMSG_INSTANCE_RESET Handler: 0x49E470 Unk: 0
[9:17:12 AM] OpCode: SMSG_INSTANCE_RESET_FAILED Handler: 0x49E540 Unk: 0
[9:17:12 AM] OpCode: SMSG_UPDATE_LAST_INSTANCE Handler: 0x49E670 Unk: 0
[9:17:12 AM] OpCode: SMSG_UPDATE_INSTANCE_OWNERSHIP Handler: 0x49E6C0 Unk: 0
[9:17:12 AM] OpCode: SMSG_EXPECTED_SPAM_RECORDS Handler: 0x49E6E0 Unk: 0
[9:17:12 AM] OpCode: MSG_LOOKING_FOR_GROUP Handler: 0x4E8DC0 Unk: 0
[9:17:12 AM] OpCode: 809 Handler: 0x4E8F70 Unk: 0
[9:17:12 AM] OpCode: SMSG_INSTANCE_SAVE_CREATED Handler: 0x4E7E60 Unk: 0
[9:17:12 AM] OpCode: SMSG_GOSSIP_MESSAGE Handler: 0x4E26E0 Unk: 0
[9:17:12 AM] OpCode: SMSG_GOSSIP_COMPLETE Handler: 0x4E2800 Unk: 0
[9:17:12 AM] OpCode: SMSG_GOSSIP_POI Handler: 0x4E2840 Unk: 0
[9:17:12 AM] OpCode: SMSG_QUERY_TIME_RESPONSE Handler: 0x4DE400 Unk: 0
[9:17:12 AM] OpCode: SMSG_PET_SPELLS Handler: 0x4BD990 Unk: 0
[9:17:12 AM] OpCode: SMSG_PET_MODE Handler: 0x4BDB10 Unk: 0
[9:17:12 AM] OpCode: SMSG_PET_ACTION_FEEDBACK Handler: 0x4BDB70 Unk: 0
[9:17:12 AM] OpCode: SMSG_PET_BROKEN Handler: 0x4BDC00 Unk: 0
[9:17:12 AM] OpCode: SMSG_INITIALIZE_FACTIONS Handler: 0x4D5640 Unk: 0
[9:17:12 AM] OpCode: SMSG_SET_FACTION_ATWAR Handler: 0x4D56B0 Unk: 0
[9:17:12 AM] OpCode: SMSG_SET_FACTION_VISIBLE Handler: 0x4D5710 Unk: 0
[9:17:12 AM] OpCode: SMSG_SET_FACTION_STANDING Handler: 0x4D5760 Unk: 0
[9:17:12 AM] OpCode: SMSG_SET_FORCED_REACTIONS Handler: 0x4D59A0 Unk: 0
[9:17:12 AM] OpCode: SMSG_DUEL_REQUESTED Handler: 0x4D49D0 Unk: 0
[9:17:12 AM] OpCode: SMSG_DUEL_OUTOFBOUNDS Handler: 0x4D4AA0 Unk: 0
[9:17:12 AM] OpCode: SMSG_DUEL_INBOUNDS Handler: 0x4D4AC0 Unk: 0
[9:17:12 AM] OpCode: SMSG_DUEL_COUNTDOWN Handler: 0x4D4AE0 Unk: 0
[9:17:12 AM] OpCode: SMSG_DUEL_COMPLETE Handler: 0x4D4B20 Unk: 0
[9:17:12 AM] OpCode: SMSG_DUEL_WINNER Handler: 0x4D4BA0 Unk: 0
[9:17:12 AM] OpCode: SMSG_TUTORIAL_FLAGS Handler: 0x4B5700 Unk: 0
[9:17:12 AM] OpCode: SMSG_GUILD_ROSTER Handler: 0x4D0AD0 Unk: 0
[9:17:12 AM] OpCode: SMSG_SEND_MAIL_RESULT Handler: 0x4AD050 Unk: 0
[9:17:12 AM] OpCode: SMSG_MAIL_LIST_RESULT Handler: 0x4AD1B0 Unk: 0
[9:17:12 AM] OpCode: MSG_QUERY_NEXT_MAIL_TIME Handler: 0x4AD5F0 Unk: 0
[9:17:12 AM] OpCode: SMSG_RECEIVED_MAIL Handler: 0x4AD620 Unk: 0
[9:17:12 AM] OpCode: SMSG_BATTLEFIELD_LIST Handler: 0x4AA6C0 Unk: 0
[9:17:12 AM] OpCode: SMSG_BATTLEFIELD_STATUS Handler: 0x4AA850 Unk: 0
[9:17:12 AM] OpCode: MSG_PVP_LOG_DATA Handler: 0x4AAB30 Unk: 0
[9:17:12 AM] OpCode: SMSG_GROUP_JOINED_BATTLEGROUND Handler: 0x4AACC0 Unk: 0
[9:17:12 AM] OpCode: MSG_BATTLEGROUND_PLAYER_POSITIONS Handler: 0x4AAD40 Unk: 0
[9:17:12 AM] OpCode: SMSG_BATTLEGROUND_PLAYER_JOINED Handler: 0x4AAE10 Unk: 0
[9:17:12 AM] OpCode: SMSG_BATTLEGROUND_PLAYER_LEFT Handler: 0x4AAE10 Unk: 0
[9:17:12 AM] OpCode: MSG_AUCTION_HELLO Handler: 0x4CC420 Unk: 0
[9:17:12 AM] OpCode: SMSG_AUCTION_COMMAND_RESULT Handler: 0x4CC460 Unk: 0
[9:17:12 AM] OpCode: SMSG_AUCTION_LIST_RESULT Handler: 0x4CC7F0 Unk: 0
[9:17:12 AM] OpCode: SMSG_AUCTION_OWNER_LIST_RESULT Handler: 0x4CCA30 Unk: 0
[9:17:12 AM] OpCode: SMSG_AUCTION_BIDDER_LIST_RESULT Handler: 0x4CCC80 Unk: 0
[9:17:12 AM] OpCode: SMSG_AUCTION_BIDDER_NOTIFICATION Handler: 0x4CCED0 Unk: 0
[9:17:12 AM] OpCode: SMSG_AUCTION_OWNER_NOTIFICATION Handler: 0x4CD1F0 Unk: 0
[9:17:12 AM] OpCode: SMSG_AUCTION_REMOVED_NOTIFICATION Handler: 0x4CD480 Unk: 0
[9:17:12 AM] OpCode: MSG_LIST_STABLED_PETS Handler: 0x4CAB10 Unk: 0
[9:17:12 AM] OpCode: SMSG_STABLE_RESULT Handler: 0x4CACB0 Unk: 0
[9:17:12 AM] OpCode: MSG_RAID_TARGET_UPDATE Handler: 0x4BA220 Unk: 0
[9:17:12 AM] OpCode: MSG_RAID_READY_CHECK Handler: 0x4BA360 Unk: 0
[9:17:12 AM] OpCode: SMSG_MEETINGSTONE_JOINFAILED Handler: 0x4CA3C0 Unk: 0
[9:17:12 AM] OpCode: SMSG_MEETINGSTONE_SETQUEUE Handler: 0x4CA230 Unk: 0
[9:17:12 AM] OpCode: SMSG_MEETINGSTONE_COMPLETE Handler: 0x4CA3C0 Unk: 0
[9:17:12 AM] OpCode: SMSG_MEETINGSTONE_IN_PROGRESS Handler: 0x4CA3C0 Unk: 0
[9:17:12 AM] OpCode: SMSG_MEETINGSTONE_MEMBER_ADDED Handler: 0x4CA3C0 Unk: 0
[9:17:12 AM] OpCode: MSG_INSPECT_HONOR_STATS Handler: 0x4C6E40 Unk: 0
[9:17:12 AM] OpCode: SMSG_MINIGAME_SETUP Handler: 0x4C4C70 Unk: 0
[9:17:12 AM] OpCode: SMSG_MINIGAME_STATE Handler: 0x4C4CF0 Unk: 0
[9:17:12 AM] OpCode: SMSG_LOTTERY_QUERY_RESULT_OBSOLETE Handler: 0x4C3D50 Unk: 0
[9:17:12 AM] OpCode: SMSG_LOTTERY_RESULT_OBSOLETE Handler: 0x4C3E60 Unk: 0
[9:17:16 AM] OpCode: MSG_MOVE_START_FORWARD Handler: 0x603BB0 Unk: 0
[9:17:16 AM] OpCode: MSG_MOVE_START_BACKWARD Handler: 0x603BB0 Unk: 0
[9:17:16 AM] OpCode: MSG_MOVE_STOP Handler: 0x603BB0 Unk: 0
[9:17:16 AM] OpCode: MSG_MOVE_START_STRAFE_LEFT Handler: 0x603BB0 Unk: 0
[9:17:16 AM] OpCode: MSG_MOVE_START_STRAFE_RIGHT Handler: 0x603BB0 Unk: 0
[9:17:16 AM] OpCode: MSG_MOVE_STOP_STRAFE Handler: 0x603BB0 Unk: 0
[9:17:16 AM] OpCode: MSG_MOVE_JUMP Handler: 0x603BB0 Unk: 0
[9:17:16 AM] OpCode: MSG_MOVE_START_TURN_LEFT Handler: 0x603BB0 Unk: 0
[9:17:16 AM] OpCode: MSG_MOVE_START_TURN_RIGHT Handler: 0x603BB0 Unk: 0
[9:17:16 AM] OpCode: MSG_MOVE_STOP_TURN Handler: 0x603BB0 Unk: 0
[9:17:16 AM] OpCode: MSG_MOVE_SET_RUN_MODE Handler: 0x603BB0 Unk: 0
[9:17:16 AM] OpCode: MSG_MOVE_SET_WALK_MODE Handler: 0x603BB0 Unk: 0
[9:17:16 AM] OpCode: MSG_MOVE_TELEPORT Handler: 0x603BB0 Unk: 0
[9:17:16 AM] OpCode: MSG_MOVE_SET_FACING Handler: 0x603BB0 Unk: 0
[9:17:16 AM] OpCode: MSG_MOVE_SET_PITCH Handler: 0x603BB0 Unk: 0
[9:17:16 AM] OpCode: MSG_MOVE_TOGGLE_COLLISION_CHEAT Handler: 0x603BB0 Unk: 0
[9:17:16 AM] OpCode: MSG_MOVE_TOGGLE_GRAVITY_CHEAT Handler: 0x603BB0 Unk: 0
[9:17:16 AM] OpCode: MSG_MOVE_SET_RUN_SPEED Handler: 0x603AE0 Unk: 0
[9:17:16 AM] OpCode: MSG_MOVE_SET_RUN_BACK_SPEED Handler: 0x603AE0 Unk: 0
[9:17:16 AM] OpCode: MSG_MOVE_SET_WALK_SPEED Handler: 0x603AE0 Unk: 0
[9:17:16 AM] OpCode: MSG_MOVE_SET_SWIM_SPEED Handler: 0x603AE0 Unk: 0
[9:17:16 AM] OpCode: MSG_MOVE_SET_SWIM_BACK_SPEED Handler: 0x603AE0 Unk: 0
[9:17:16 AM] OpCode: MSG_MOVE_SET_TURN_RATE Handler: 0x603AE0 Unk: 0
[9:17:16 AM] OpCode: MSG_MOVE_ROOT Handler: 0x603BB0 Unk: 0
[9:17:16 AM] OpCode: MSG_MOVE_UNROOT Handler: 0x603BB0 Unk: 0
[9:17:16 AM] OpCode: MSG_MOVE_START_SWIM Handler: 0x603BB0 Unk: 0
[9:17:16 AM] OpCode: MSG_MOVE_STOP_SWIM Handler: 0x603BB0 Unk: 0
[9:17:16 AM] OpCode: MSG_MOVE_START_PITCH_UP Handler: 0x603BB0 Unk: 0
[9:17:16 AM] OpCode: MSG_MOVE_START_PITCH_DOWN Handler: 0x603BB0 Unk: 0
[9:17:16 AM] OpCode: MSG_MOVE_STOP_PITCH Handler: 0x603BB0 Unk: 0
[9:17:16 AM] OpCode: MSG_MOVE_HEARTBEAT Handler: 0x603BB0 Unk: 0
[9:17:16 AM] OpCode: MSG_MOVE_FALL_LAND Handler: 0x603BB0 Unk: 0
[9:17:16 AM] OpCode: MSG_MOVE_TELEPORT_ACK Handler: 0x603F90 Unk: 0
[9:17:16 AM] OpCode: MSG_MOVE_TIME_SKIPPED Handler: 0x603B40 Unk: 0
[9:17:16 AM] OpCode: SMSG_MONSTER_MOVE Handler: 0x603F00 Unk: 0
[9:17:16 AM] OpCode: SMSG_MONSTER_MOVE_TRANSPORT Handler: 0x603F00 Unk: 0
[9:17:16 AM] OpCode: SMSG_FORCE_RUN_SPEED_CHANGE Handler: 0x603F90 Unk: 0
[9:17:16 AM] OpCode: SMSG_FORCE_RUN_BACK_SPEED_CHANGE Handler: 0x603F90 Unk: 0
[9:17:16 AM] OpCode: SMSG_FORCE_SWIM_SPEED_CHANGE Handler: 0x603F90 Unk: 0
[9:17:16 AM] OpCode: SMSG_FORCE_WALK_SPEED_CHANGE Handler: 0x603F90 Unk: 0
[9:17:16 AM] OpCode: SMSG_FORCE_SWIM_BACK_SPEED_CHANGE Handler: 0x603F90 Unk: 0
[9:17:16 AM] OpCode: SMSG_FORCE_TURN_RATE_CHANGE Handler: 0x603F90 Unk: 0
[9:17:16 AM] OpCode: SMSG_FORCE_MOVE_ROOT Handler: 0x603F90 Unk: 0
[9:17:16 AM] OpCode: SMSG_FORCE_MOVE_UNROOT Handler: 0x603F90 Unk: 0
[9:17:16 AM] OpCode: SMSG_MOVE_WATER_WALK Handler: 0x603F90 Unk: 0
[9:17:16 AM] OpCode: SMSG_MOVE_LAND_WALK Handler: 0x603F90 Unk: 0
[9:17:16 AM] OpCode: SMSG_MOVE_FEATHER_FALL Handler: 0x603F90 Unk: 0
[9:17:16 AM] OpCode: SMSG_MOVE_NORMAL_FALL Handler: 0x603F90 Unk: 0
[9:17:16 AM] OpCode: SMSG_MOVE_SET_HOVER Handler: 0x603F90 Unk: 0
[9:17:16 AM] OpCode: SMSG_MOVE_UNSET_HOVER Handler: 0x603F90 Unk: 0
[9:17:16 AM] OpCode: SMSG_MOVE_KNOCK_BACK Handler: 0x603F90 Unk: 0
[9:17:16 AM] OpCode: SMSG_MOUNTSPECIAL_ANIM Handler: 0x603FF0 Unk: 0
[9:17:16 AM] OpCode: SMSG_AI_REACTION Handler: 0x604060 Unk: 0
[9:17:16 AM] OpCode: MSG_MOVE_KNOCK_BACK Handler: 0x603BB0 Unk: 0
[9:17:16 AM] OpCode: MSG_MOVE_HOVER Handler: 0x603BB0 Unk: 0
[9:17:16 AM] OpCode: MSG_MOVE_FEATHER_FALL Handler: 0x603BB0 Unk: 0
[9:17:16 AM] OpCode: MSG_MOVE_WATER_WALK Handler: 0x603BB0 Unk: 0
[9:17:16 AM] OpCode: SMSG_PET_ACTION_SOUND Handler: 0x6040C0 Unk: 0
[9:17:16 AM] OpCode: SMSG_PET_DISMISS_SOUND Handler: 0x604140 Unk: 0
[9:17:16 AM] OpCode: SMSG_SPLINE_MOVE_ROOT Handler: 0x603C80 Unk: 0
[9:17:16 AM] OpCode: SMSG_SPLINE_MOVE_UNROOT Handler: 0x603C80 Unk: 0
[9:17:16 AM] OpCode: SMSG_SPLINE_MOVE_FEATHER_FALL Handler: 0x603C80 Unk: 0
[9:17:16 AM] OpCode: SMSG_SPLINE_MOVE_NORMAL_FALL Handler: 0x603C80 Unk: 0
[9:17:16 AM] OpCode: SMSG_SPLINE_MOVE_SET_HOVER Handler: 0x603C80 Unk: 0
[9:17:16 AM] OpCode: SMSG_SPLINE_MOVE_UNSET_HOVER Handler: 0x603C80 Unk: 0
[9:17:16 AM] OpCode: SMSG_SPLINE_MOVE_WATER_WALK Handler: 0x603C80 Unk: 0
[9:17:16 AM] OpCode: SMSG_SPLINE_MOVE_LAND_WALK Handler: 0x603C80 Unk: 0
[9:17:16 AM] OpCode: SMSG_SPLINE_MOVE_START_SWIM Handler: 0x603C80 Unk: 0
[9:17:16 AM] OpCode: SMSG_SPLINE_MOVE_STOP_SWIM Handler: 0x603C80 Unk: 0
[9:17:16 AM] OpCode: SMSG_SPLINE_MOVE_SET_RUN_MODE Handler: 0x603C80 Unk: 0
[9:17:16 AM] OpCode: SMSG_SPLINE_MOVE_SET_WALK_MODE Handler: 0x603C80 Unk: 0
[9:17:16 AM] OpCode: SMSG_SPLINE_SET_RUN_SPEED Handler: 0x603C10 Unk: 0
[9:17:16 AM] OpCode: SMSG_SPLINE_SET_RUN_BACK_SPEED Handler: 0x603C10 Unk: 0
[9:17:16 AM] OpCode: SMSG_SPLINE_SET_SWIM_SPEED Handler: 0x603C10 Unk: 0
[9:17:16 AM] OpCode: SMSG_SPLINE_SET_WALK_SPEED Handler: 0x603C10 Unk: 0
[9:17:16 AM] OpCode: SMSG_SPLINE_SET_SWIM_BACK_SPEED Handler: 0x603C10 Unk: 0
[9:17:16 AM] OpCode: SMSG_SPLINE_SET_TURN_RATE Handler: 0x603C10 Unk: 0
[9:17:16 AM] OpCode: SMSG_STANDSTATE_CHANGE_FAILURE_OBSOLETE Handler: 0x603E00 Unk: 0
[9:17:16 AM] OpCode: SMSG_STANDSTATE_UPDATE Handler: 0x603E50 Unk: 0
[9:17:16 AM] OpCode: SMSG_COMPRESSED_MOVES Handler: 0x603CE0 Unk: 0
[9:17:16 AM] OpCode: SMSG_CLIENT_CONTROL_UPDATE Handler: 0x603EA0 Unk: 0
[9:17:16 AM] OpCode: SMSG_CAST_FAILED Handler: 0x6E7330 Unk: 0
[9:17:16 AM] OpCode: SMSG_SPELL_START Handler: 0x6E7640 Unk: 0
[9:17:16 AM] OpCode: SMSG_SPELL_GO Handler: 0x6E7640 Unk: 0
[9:17:16 AM] OpCode: SMSG_SPELL_FAILURE Handler: 0x6E8D80 Unk: 0
[9:17:16 AM] OpCode: SMSG_PET_CAST_FAILED Handler: 0x6E8EB0 Unk: 0
[9:17:16 AM] OpCode: SMSG_SPELL_COOLDOWN Handler: 0x6E9460 Unk: 0
[9:17:16 AM] OpCode: SMSG_ITEM_COOLDOWN Handler: 0x6E95D0 Unk: 0
[9:17:16 AM] OpCode: SMSG_COOLDOWN_EVENT Handler: 0x6E9670 Unk: 0
[9:17:16 AM] OpCode: SMSG_CLEAR_COOLDOWN Handler: 0x6E9670 Unk: 0
[9:17:16 AM] OpCode: SMSG_COOLDOWN_CHEAT Handler: 0x6E9730 Unk: 0
[9:17:16 AM] OpCode: SMSG_PET_TAME_FAILURE Handler: 0x6E97E0 Unk: 0
[9:17:16 AM] OpCode: SMSG_SPELL_DELAYED Handler: 0x6E74F0 Unk: 0
[9:17:16 AM] OpCode: MSG_CHANNEL_START Handler: 0x6E7550 Unk: 0
[9:17:16 AM] OpCode: MSG_CHANNEL_UPDATE Handler: 0x6E75F0 Unk: 0
[9:17:16 AM] OpCode: SMSG_PLAY_SPELL_VISUAL Handler: 0x6E98D0 Unk: 0
[9:17:16 AM] OpCode: SMSG_SET_FLAT_SPELL_MODIFIER Handler: 0x6E9950 Unk: 0
[9:17:16 AM] OpCode: SMSG_SET_PCT_SPELL_MODIFIER Handler: 0x6E9950 Unk: 0
[9:17:16 AM] OpCode: SMSG_CANCEL_AUTO_REPEAT Handler: 0x6E99D0 Unk: 0
[9:17:16 AM] OpCode: SMSG_SPELL_FAILED_OTHER Handler: 0x6E8E40 Unk: 0
[9:17:16 AM] OpCode: SMSG_GAMEOBJECT_RESET_STATE Handler: 0x6E9790 Unk: 0
[9:17:16 AM] OpCode: SMSG_FEIGN_DEATH_RESISTED Handler: 0x6E9800 Unk: 0
[9:17:16 AM] OpCode: SMSG_SPELL_UPDATE_CHAIN_TARGETS Handler: 0x6E9820 Unk: 0
[9:17:16 AM] OpCode: SMSG_ATTACKSTART Handler: 0x6255B0 Unk: 0
[9:17:16 AM] OpCode: SMSG_ATTACKSTOP Handler: 0x6255B0 Unk: 0
[9:17:16 AM] OpCode: SMSG_ATTACKERSTATEUPDATE Handler: 0x6255B0 Unk: 0
[9:17:16 AM] OpCode: SMSG_ATTACKSWING_NOTINRANGE Handler: 0x6255B0 Unk: 0
[9:17:16 AM] OpCode: SMSG_ATTACKSWING_BADFACING Handler: 0x6255B0 Unk: 0
[9:17:16 AM] OpCode: SMSG_ATTACKSWING_DEADTARGET Handler: 0x6255B0 Unk: 0
[9:17:16 AM] OpCode: SMSG_ATTACKSWING_CANT_ATTACK Handler: 0x6255B0 Unk: 0
[9:17:16 AM] OpCode: SMSG_ENVIRONMENTALDAMAGELOG Handler: 0x6255B0 Unk: 0
[9:17:16 AM] OpCode: SMSG_RESISTLOG Handler: 0x630170 Unk: 0
[9:17:16 AM] OpCode: SMSG_LOG_XPGAIN Handler: 0x637E30 Unk: 0
[9:17:16 AM] OpCode: SMSG_PERIODICAURALOG Handler: 0x626DD0 Unk: 0
[9:17:16 AM] OpCode: SMSG_ENCHANTMENTLOG Handler: 0x628EA0 Unk: 0
[9:17:16 AM] OpCode: SMSG_PARTYKILLLOG Handler: 0x628890 Unk: 0
[9:17:16 AM] OpCode: SMSG_PROCRESIST Handler: 0x6289A0 Unk: 0
[9:17:16 AM] OpCode: SMSG_DISPEL_FAILED Handler: 0x628C20 Unk: 0
[9:17:16 AM] OpCode: SMSG_DURABILITY_DAMAGE_DEATH Handler: 0x628E60 Unk: 0
[9:17:16 AM] OpCode: SMSG_GAMEOBJECT_PAGETEXT Handler: 0x5F88C0 Unk: 0
[9:17:16 AM] OpCode: SMSG_GAMEOBJECT_CUSTOM_ANIM Handler: 0x5F8930 Unk: 0
[9:17:16 AM] OpCode: SMSG_GAMEOBJECT_DESPAWN_ANIM Handler: 0x5F8990 Unk: 0
[9:17:16 AM] OpCode: SMSG_MOUNTRESULT Handler: 0x5E38C0 Unk: 0
[9:17:16 AM] OpCode: SMSG_DISMOUNTRESULT Handler: 0x5E38C0 Unk: 0
[9:17:16 AM] OpCode: SMSG_INVENTORY_CHANGE_FAILURE Handler: 0x5E38C0 Unk: 0
[9:17:16 AM] OpCode: SMSG_OPEN_CONTAINER Handler: 0x5E38C0 Unk: 0
[9:17:16 AM] OpCode: SMSG_ITEM_PUSH_RESULT Handler: 0x5E38C0 Unk: 0
[9:17:16 AM] OpCode: SMSG_LIST_INVENTORY Handler: 0x5E5910 Unk: 0
[9:17:16 AM] OpCode: SMSG_BUY_FAILED Handler: 0x5E5910 Unk: 0
[9:17:16 AM] OpCode: SMSG_BUY_ITEM Handler: 0x5E5910 Unk: 0
[9:17:16 AM] OpCode: SMSG_SELL_ITEM Handler: 0x5E5910 Unk: 0
[9:17:16 AM] OpCode: SMSG_LOOT_RESPONSE Handler: 0x5E6010 Unk: 0
[9:17:16 AM] OpCode: SMSG_LOOT_RELEASE_RESPONSE Handler: 0x5E6010 Unk: 0
[9:17:16 AM] OpCode: SMSG_LOOT_REMOVED Handler: 0x5E6010 Unk: 0
[9:17:16 AM] OpCode: SMSG_LOOT_MONEY_NOTIFY Handler: 0x5E6010 Unk: 0
[9:17:16 AM] OpCode: SMSG_LOOT_ITEM_NOTIFY Handler: 0x5E6010 Unk: 0
[9:17:16 AM] OpCode: SMSG_LOOT_CLEAR_MONEY Handler: 0x5E6010 Unk: 0
[9:17:16 AM] OpCode: SMSG_LEARNED_SPELL Handler: 0x5E61C0 Unk: 0
[9:17:16 AM] OpCode: SMSG_SUPERCEDED_SPELL Handler: 0x5E6330 Unk: 0
[9:17:16 AM] OpCode: SMSG_INITIAL_SPELLS Handler: 0x5E6510 Unk: 0
[9:17:16 AM] OpCode: SMSG_ACTION_BUTTONS Handler: 0x5E6680 Unk: 0
[9:17:16 AM] OpCode: SMSG_GROUP_INVITE Handler: 0x5E6730 Unk: 0
[9:17:16 AM] OpCode: SMSG_GROUP_CANCEL Handler: 0x5E6770 Unk: 0
[9:17:16 AM] OpCode: SMSG_GROUP_DECLINE Handler: 0x5E67A0 Unk: 0
[9:17:16 AM] OpCode: SMSG_GROUP_UNINVITE Handler: 0x5E6850 Unk: 0
[9:17:16 AM] OpCode: SMSG_GROUP_SET_LEADER Handler: 0x5E67D0 Unk: 0
[9:17:16 AM] OpCode: SMSG_GROUP_DESTROYED Handler: 0x5E6880 Unk: 0
[9:17:16 AM] OpCode: SMSG_PARTY_COMMAND_RESULT Handler: 0x5E68B0 Unk: 0
[9:17:16 AM] OpCode: SMSG_GROUP_LIST Handler: 0x5E6A40 Unk: 0
[9:17:16 AM] OpCode: SMSG_QUESTGIVER_QUEST_LIST Handler: 0x5E59B0 Unk: 0
[9:17:16 AM] OpCode: SMSG_QUESTGIVER_QUEST_INVALID Handler: 0x5E59B0 Unk: 0
[9:17:16 AM] OpCode: SMSG_QUESTGIVER_QUEST_DETAILS Handler: 0x5E59B0 Unk: 0
[9:17:16 AM] OpCode: SMSG_QUESTGIVER_REQUEST_ITEMS Handler: 0x5E59B0 Unk: 0
[9:17:16 AM] OpCode: SMSG_QUESTGIVER_OFFER_REWARD Handler: 0x5E59B0 Unk: 0
[9:17:16 AM] OpCode: SMSG_QUESTGIVER_QUEST_COMPLETE Handler: 0x5E59B0 Unk: 0
[9:17:16 AM] OpCode: SMSG_QUESTGIVER_QUEST_FAILED Handler: 0x5E59B0 Unk: 0
[9:17:16 AM] OpCode: SMSG_QUESTGIVER_STATUS Handler: 0x5E59B0 Unk: 0
[9:17:16 AM] OpCode: SMSG_QUESTLOG_FULL Handler: 0x5E59B0 Unk: 0
[9:17:16 AM] OpCode: SMSG_TRAINER_LIST Handler: 0x5E5F10 Unk: 0
[9:17:16 AM] OpCode: SMSG_TRAINER_BUY_FAILED Handler: 0x5E5F10 Unk: 0
[9:17:16 AM] OpCode: SMSG_SET_PROFICIENCY Handler: 0x5E7B70 Unk: 0
[9:17:16 AM] OpCode: SMSG_RESURRECT_REQUEST Handler: 0x5E7BC0 Unk: 0
[9:17:16 AM] OpCode: SMSG_PLAYER_SKINNED Handler: 0x5E7D40 Unk: 0
[9:17:16 AM] OpCode: SMSG_INSPECT Handler: 0x5E7D70 Unk: 0
[9:17:16 AM] OpCode: SMSG_READ_ITEM_OK Handler: 0x5E7D90 Unk: 0
[9:17:16 AM] OpCode: SMSG_READ_ITEM_FAILED Handler: 0x5E7D90 Unk: 0
[9:17:16 AM] OpCode: SMSG_CANCEL_COMBAT Handler: 0x5E7DD0 Unk: 0
[9:17:16 AM] OpCode: SMSG_TAXINODE_STATUS Handler: 0x5E38C0 Unk: 0
[9:17:16 AM] OpCode: SMSG_SHOWTAXINODES Handler: 0x5E38C0 Unk: 0
[9:17:16 AM] OpCode: SMSG_ACTIVATETAXIREPLY Handler: 0x5E38C0 Unk: 0
[9:17:16 AM] OpCode: SMSG_GUILD_INVITE Handler: 0x5E6F20 Unk: 0
[9:17:16 AM] OpCode: SMSG_GUILD_DECLINE Handler: 0x5E6F80 Unk: 0
[9:17:16 AM] OpCode: SMSG_GUILD_INFO Handler: 0x5E6FB0 Unk: 0
[9:17:16 AM] OpCode: SMSG_GUILD_EVENT Handler: 0x5E7180 Unk: 0
[9:17:16 AM] OpCode: SMSG_GUILD_COMMAND_RESULT Handler: 0x5E7520 Unk: 0
[9:17:16 AM] OpCode: MSG_SAVE_GUILD_EMBLEM Handler: 0x5E70F0 Unk: 0
[9:17:16 AM] OpCode: MSG_TABARDVENDOR_ACTIVATE Handler: 0x5E70C0 Unk: 0
[9:17:16 AM] OpCode: SMSG_PETITION_SHOWLIST Handler: 0x5E5050 Unk: 0
[9:17:16 AM] OpCode: SMSG_PETITION_SHOW_SIGNATURES Handler: 0x5E5050 Unk: 0
[9:17:16 AM] OpCode: SMSG_PETITION_SIGN_RESULTS Handler: 0x5E5050 Unk: 0
[9:17:16 AM] OpCode: MSG_PETITION_DECLINE Handler: 0x5E5050 Unk: 0
[9:17:16 AM] OpCode: SMSG_TURN_IN_PETITION_RESULTS Handler: 0x5E5050 Unk: 0
[9:17:16 AM] OpCode: MSG_PETITION_RENAME Handler: 0x5E5050 Unk: 0
[9:17:16 AM] OpCode: SMSG_UPDATE_AURA_DURATION Handler: 0x5E38C0 Unk: 0
[9:17:16 AM] OpCode: SMSG_BINDPOINTUPDATE Handler: 0x5E38C0 Unk: 0
[9:17:16 AM] OpCode: SMSG_BINDZONEREPLY Handler: 0x5E38C0 Unk: 0
[9:17:16 AM] OpCode: SMSG_EMOTE Handler: 0x5E66B0 Unk: 0
[9:17:16 AM] OpCode: SMSG_PLAYERBOUND Handler: 0x5E38C0 Unk: 0
[9:17:16 AM] OpCode: SMSG_PLAYERBINDERROR Handler: 0x5E38C0 Unk: 0
[9:17:16 AM] OpCode: SMSG_NEW_TAXI_PATH Handler: 0x5E38C0 Unk: 0
[9:17:16 AM] OpCode: SMSG_PET_NAME_INVALID Handler: 0x5E38C0 Unk: 0
[9:17:16 AM] OpCode: SMSG_EXPLORATION_EXPERIENCE Handler: 0x5E38C0 Unk: 0
[9:17:16 AM] OpCode: SMSG_PARTY_MEMBER_STATS Handler: 0x5E5110 Unk: 0
[9:17:16 AM] OpCode: SMSG_PARTY_MEMBER_STATS_FULL Handler: 0x5E5110 Unk: 0
[9:17:16 AM] OpCode: SMSG_QUESTUPDATE_FAILED Handler: 0x5E5AD0 Unk: 0
[9:17:16 AM] OpCode: SMSG_QUESTUPDATE_FAILEDTIMER Handler: 0x5E5AD0 Unk: 0
[9:17:16 AM] OpCode: SMSG_QUESTUPDATE_COMPLETE Handler: 0x5E5AD0 Unk: 0
[9:17:16 AM] OpCode: SMSG_QUESTUPDATE_ADD_KILL Handler: 0x5E5AD0 Unk: 0
[9:17:16 AM] OpCode: SMSG_QUESTUPDATE_ADD_ITEM Handler: 0x5E5AD0 Unk: 0
[9:17:16 AM] OpCode: SMSG_QUEST_CONFIRM_ACCEPT Handler: 0x5E5EB0 Unk: 0
[9:17:16 AM] OpCode: SMSG_SHOW_BANK Handler: 0x5E38C0 Unk: 0
[9:17:16 AM] OpCode: SMSG_BUY_BANK_SLOT_RESULT Handler: 0x5E38C0 Unk: 0
[9:17:16 AM] OpCode: SMSG_LEVELUP_INFO Handler: 0x5E38C0 Unk: 0
[9:17:16 AM] OpCode: MSG_MINIMAP_PING Handler: 0x5E38C0 Unk: 0
[9:17:16 AM] OpCode: SMSG_START_MIRROR_TIMER Handler: 0x5E7990 Unk: 0
[9:17:16 AM] OpCode: SMSG_PAUSE_MIRROR_TIMER Handler: 0x5E7990 Unk: 0
[9:17:16 AM] OpCode: SMSG_STOP_MIRROR_TIMER Handler: 0x5E7990 Unk: 0
[9:17:16 AM] OpCode: SMSG_TRIGGER_CINEMATIC Handler: 0x5E38C0 Unk: 0
[9:17:16 AM] OpCode: SMSG_ITEM_TIME_UPDATE Handler: 0x5E4F30 Unk: 0
[9:17:16 AM] OpCode: SMSG_ITEM_ENCHANT_TIME_UPDATE Handler: 0x5E4F30 Unk: 0
[9:17:16 AM] OpCode: MSG_RANDOM_ROLL Handler: 0x5E38C0 Unk: 0
[9:17:16 AM] OpCode: SMSG_FISH_NOT_HOOKED Handler: 0x5E38C0 Unk: 0
[9:17:16 AM] OpCode: SMSG_FISH_ESCAPED Handler: 0x5E38C0 Unk: 0
[9:17:16 AM] OpCode: SMSG_REMOVED_SPELL Handler: 0x5E38C0 Unk: 0
[9:17:16 AM] OpCode: SMSG_FORCEACTIONSHOW Handler: 0x5E38C0 Unk: 0
[9:17:16 AM] OpCode: SMSG_GODMODE Handler: 0x5E38C0 Unk: 0
[9:17:16 AM] OpCode: SMSG_CLEAR_FAR_SIGHT_IMMEDIATE Handler: 0x5E38C0 Unk: 0
[9:17:16 AM] OpCode: SMSG_GMTICKET_CREATE Handler: 0x5E38C0 Unk: 0
[9:17:16 AM] OpCode: SMSG_GMTICKET_UPDATETEXT Handler: 0x5E38C0 Unk: 0
[9:17:16 AM] OpCode: SMSG_GMTICKET_GETTICKET Handler: 0x5E38C0 Unk: 0
[9:17:16 AM] OpCode: SMSG_GMTICKET_DELETETICKET Handler: 0x5E38C0 Unk: 0
[9:17:16 AM] OpCode: SMSG_CHAT_WRONG_FACTION Handler: 0x5E38C0 Unk: 0
[9:17:16 AM] OpCode: SMSG_CHAT_PLAYER_NOT_FOUND Handler: 0x5E38C0 Unk: 0
[9:17:16 AM] OpCode: SMSG_CHAT_RESTRICTED Handler: 0x5E38C0 Unk: 0
[9:17:16 AM] OpCode: SMSG_GMTICKET_SYSTEMSTATUS Handler: 0x5E38C0 Unk: 0
[9:17:16 AM] OpCode: SMSG_SET_REST_START Handler: 0x5E38C0 Unk: 0
[9:17:16 AM] OpCode: SMSG_SPIRIT_HEALER_CONFIRM Handler: 0x5E38C0 Unk: 0
[9:17:16 AM] OpCode: MSG_TALENT_WIPE_CONFIRM Handler: 0x5E38C0 Unk: 0
[9:17:16 AM] OpCode: SMSG_PET_UNLEARN_CONFIRM Handler: 0x5E38C0 Unk: 0
[9:17:16 AM] OpCode: SMSG_BINDER_CONFIRM Handler: 0x5E38C0 Unk: 0
[9:17:16 AM] OpCode: SMSG_SPELLLOGEXECUTE Handler: 0x5E7F90 Unk: 0
[9:17:16 AM] OpCode: SMSG_SPELLLOGMISS Handler: 0x5E7E00 Unk: 0
[9:17:16 AM] OpCode: SMSG_SPELLDAMAGESHIELD Handler: 0x5E84E0 Unk: 0
[9:17:16 AM] OpCode: SMSG_SPELLINSTAKILLLOG Handler: 0x5E85A0 Unk: 0
[9:17:16 AM] OpCode: SMSG_SPELLNONMELEEDAMAGELOG Handler: 0x5E85E0 Unk: 0
[9:17:16 AM] OpCode: SMSG_SPELLHEALLOG Handler: 0x5E89C0 Unk: 0
[9:17:16 AM] OpCode: SMSG_SPELLENERGIZELOG Handler: 0x5E8A90 Unk: 0
[9:17:16 AM] OpCode: SMSG_SPELLDISPELLOG Handler: 0x5E8B60 Unk: 0
[9:17:16 AM] OpCode: SMSG_SPELLSTEALLOG Handler: 0x5E8C00 Unk: 0
[9:17:16 AM] OpCode: SMSG_RESURRECT_FAILED Handler: 0x5E8F10 Unk: 0
[9:17:16 AM] OpCode: SMSG_SPELLORDAMAGE_IMMUNE Handler: 0x5E8CA0 Unk: 0
[9:17:16 AM] OpCode: MSG_QUEST_PUSH_RESULT Handler: 0x5E38C0 Unk: 0
[9:17:16 AM] OpCode: SMSG_DAMAGE_CALC_LOG Handler: 0x5E8D30 Unk: 0
[9:17:16 AM] OpCode: SMSG_RAID_GROUP_ONLY Handler: 0x5E38C0 Unk: 0
[9:17:16 AM] OpCode: SMSG_LOOT_START_ROLL Handler: 0x5E6010 Unk: 0
[9:17:16 AM] OpCode: SMSG_LOOT_ALL_PASSED Handler: 0x5E6010 Unk: 0
[9:17:16 AM] OpCode: SMSG_LOOT_ROLL_WON Handler: 0x5E6010 Unk: 0
[9:17:16 AM] OpCode: SMSG_LOOT_ROLL Handler: 0x5E6010 Unk: 0
[9:17:16 AM] OpCode: SMSG_LOOT_MASTER_LIST Handler: 0x5E6010 Unk: 0
[9:17:16 AM] OpCode: SMSG_SUMMON_REQUEST Handler: 0x5E6140 Unk: 0
[9:17:16 AM] OpCode: SMSG_PLAY_TIME_WARNING Handler: 0x5E7830 Unk: 0
[9:17:16 AM] OpCode: SMSG_GM_TICKET_STATUS_UPDATE Handler: 0x5E78F0 Unk: 0
[9:17:16 AM] OpCode: SMSG_WHO Handler: 0x5ADF60 Unk: 0
[9:17:16 AM] OpCode: SMSG_WHOIS Handler: 0x5ADDA0 Unk: 0
[9:17:16 AM] OpCode: SMSG_RWHOIS Handler: 0x5ADDE0 Unk: 0
[9:17:16 AM] OpCode: SMSG_FRIEND_LIST Handler: 0x5ADD80 Unk: 0
[9:17:16 AM] OpCode: SMSG_FRIEND_STATUS Handler: 0x5ADD30 Unk: 0
[9:17:16 AM] OpCode: SMSG_IGNORE_LIST Handler: 0x5AE2B0 Unk: 0
[9:17:16 AM] OpCode: SMSG_TRADE_STATUS Handler: 0x5D47C0 Unk: 0
[9:17:16 AM] OpCode: SMSG_TRADE_STATUS_EXTENDED Handler: 0x5D4990 Unk: 0
[9:17:16 AM] OpCode: SMSG_GAMESPEED_SET Handler: 0x6C5DE0 Unk: 0
[9:17:16 AM] OpCode: SMSG_LOGIN_SETTIMESPEED Handler: 0x6C5E80 Unk: 0
[9:17:16 AM] OpCode: SMSG_GAMETIME_UPDATE Handler: 0x6C6010 Unk: 0
[9:17:16 AM] OpCode: SMSG_SERVERTIME Handler: 0x6C6080 Unk: 0
[9:17:16 AM] OpCode: SMSG_GAMETIME_SET Handler: 0x6C6120 Unk: 0
[9:17:16 AM] OpCode: SMSG_NOTIFICATION Handler: 0x401800 Unk: 0
[9:17:16 AM] OpCode: SMSG_PLAYED_TIME Handler: 0x401850 Unk: 0
[9:17:16 AM] OpCode: SMSG_NEW_WORLD Handler: 0x401B00 Unk: 0
[9:17:16 AM] OpCode: SMSG_TRANSFER_PENDING Handler: 0x401900 Unk: 0
[9:17:16 AM] OpCode: SMSG_TRANSFER_ABORTED Handler: 0x4019A0 Unk: 0
[9:17:16 AM] OpCode: SMSG_LOGIN_VERIFY_WORLD Handler: 0x401DE0 Unk: 0
```

UI error codes:

Update: According to TOM_RUS, the .Extra is the sound name and Unknown 1 is the output type of the message (0 - chat, 1 - ui info, 2 - ui error, 3 - console).



```
int __cdecl InitializeErrorMessages()
{
  g_errorMessages[0].Message = "ERR_INV_FULL";
  g_errorMessages[0].Unknown1 = 2;
  g_errorMessages[0].Extra = "NONE";
  g_errorMessages[0].Unknown2 = 0;
  g_errorMessages[0].Unknown3 = 10;
  g_errorMessages[1].Message = "ERR_BANK_FULL";
  g_errorMessages[1].Unknown1 = 2;
  g_errorMessages[1].Extra = "NONE";
  g_errorMessages[1].Unknown2 = 68;
  g_errorMessages[1].Unknown3 = 10;
  g_errorMessages[2].Message = "ERR_CANT_EQUIP_LEVEL_I";
  g_errorMessages[2].Unknown1 = 2;
  g_errorMessages[2].Extra = "NONE";
  g_errorMessages[2].Unknown2 = 2;
  g_errorMessages[2].Unknown3 = 10;
  g_errorMessages[3].Message = "ERR_CANT_EQUIP_SKILL";
  g_errorMessages[3].Unknown1 = 2;
  g_errorMessages[3].Extra = "NONE";
  g_errorMessages[3].Unknown2 = 41;
  g_errorMessages[3].Unknown3 = 10;
  g_errorMessages[4].Message = "ERR_CANT_EQUIP_EVER";
  g_errorMessages[4].Unknown1 = 2;
  g_errorMessages[4].Extra = "NONE";
  g_errorMessages[4].Unknown2 = 3;
  g_errorMessages[4].Unknown3 = 10;
  g_errorMessages[5].Message = "ERR_CANT_EQUIP_RANK";
  g_errorMessages[5].Unknown1 = 2;
  g_errorMessages[5].Extra = "NONE";
  g_errorMessages[5].Unknown2 = 68;
  g_errorMessages[5].Unknown3 = 10;
  g_errorMessages[6].Message = "ERR_CANT_EQUIP_REPUTATION";
  g_errorMessages[6].Unknown1 = 2;
  g_errorMessages[6].Extra = "NONE";
  g_errorMessages[6].Unknown2 = 68;
  g_errorMessages[6].Unknown3 = 10;
  g_errorMessages[7].Message = "ERR_PROFICIENCY_NEEDED";
  g_errorMessages[7].Unknown1 = 2;
  g_errorMessages[7].Extra = "NONE";
  g_errorMessages[7].Unknown2 = 48;
  g_errorMessages[7].Unknown3 = 10;
  g_errorMessages[8].Message = "ERR_WRONG_SLOT";
  g_errorMessages[8].Unknown1 = 2;
  g_errorMessages[8].Extra = "NONE";
  g_errorMessages[8].Unknown2 = 27;
  g_errorMessages[8].Unknown3 = 10;
  g_errorMessages[9].Message = "ERR_BAG_FULL";
  g_errorMessages[9].Unknown1 = 2;
  g_errorMessages[9].Extra = "NONE";
  g_errorMessages[9].Unknown2 = 29;
  g_errorMessages[9].Unknown3 = 10;
  g_errorMessages[10].Message = "ERR_INTERNAL_BAG_ERROR";
  g_errorMessages[10].Unknown1 = 2;
  g_errorMessages[10].Extra = "NONE";
  g_errorMessages[10].Unknown2 = 68;
  g_errorMessages[10].Unknown3 = 10;
  g_errorMessages[11].Message = "ERR_DESTROY_NONEMPTY_BAG";
  g_errorMessages[11].Unknown1 = 2;
  g_errorMessages[11].Extra = "NONE";
  g_errorMessages[11].Unknown2 = 68;
  g_errorMessages[11].Unknown3 = 10;
  g_errorMessages[12].Message = "ERR_BAG_IN_BAG";
  g_errorMessages[12].Unknown1 = 2;
  g_errorMessages[12].Extra = "NONE";
  g_errorMessages[12].Unknown2 = 26;
  g_errorMessages[12].Unknown3 = 10;
  g_errorMessages[13].Message = "ERR_TOO_MANY_SPECIAL_BAGS";
  g_errorMessages[13].Unknown1 = 2;
  g_errorMessages[13].Extra = "NONE";
  g_errorMessages[13].Unknown2 = 68;
  g_errorMessages[13].Unknown3 = 10;
  g_errorMessages[14].Message = "ERR_TRADE_EQUIPPED_BAG";
  g_errorMessages[14].Unknown1 = 2;
  g_errorMessages[14].Extra = "NONE";
  g_errorMessages[14].Unknown2 = 68;
  g_errorMessages[14].Unknown3 = 10;
  g_errorMessages[15].Message = "ERR_AMMO_ONLY";
  g_errorMessages[15].Unknown1 = 2;
  g_errorMessages[15].Extra = "NONE";
  g_errorMessages[15].Unknown2 = 28;
  g_errorMessages[15].Unknown3 = 10;
  g_errorMessages[16].Message = "ERR_NO_SLOT_AVAILABLE";
  g_errorMessages[16].Unknown1 = 2;
  g_errorMessages[16].Extra = "NONE";
  g_errorMessages[16].Unknown2 = 68;
  g_errorMessages[16].Unknown3 = 10;
  g_errorMessages[17].Message = "ERR_WRONG_BAG_TYPE";
  g_errorMessages[17].Unknown1 = 2;
  g_errorMessages[17].Extra = "NONE";
  g_errorMessages[17].Unknown2 = 68;
  g_errorMessages[17].Unknown3 = 10;
  g_errorMessages[18].Message = "ERR_ITEM_MAX_COUNT";
  g_errorMessages[18].Unknown1 = 2;
  g_errorMessages[18].Extra = "NONE";
  g_errorMessages[18].Unknown2 = 30;
  g_errorMessages[18].Unknown3 = 10;
  g_errorMessages[19].Message = "ERR_NOT_EQUIPPABLE";
  g_errorMessages[19].Unknown1 = 2;
  g_errorMessages[19].Extra = "NONE";
  g_errorMessages[19].Unknown2 = 44;
  g_errorMessages[19].Unknown3 = 10;
  g_errorMessages[20].Message = "ERR_CANT_STACK";
  g_errorMessages[20].Unknown1 = 2;
  g_errorMessages[20].Extra = "NONE";
  g_errorMessages[20].Unknown2 = 68;
  g_errorMessages[20].Unknown3 = 10;
  g_errorMessages[21].Message = "ERR_CANT_SWAP";
  g_errorMessages[21].Unknown1 = 2;
  g_errorMessages[21].Extra = "NONE";
  g_errorMessages[21].Unknown2 = 68;
  g_errorMessages[21].Unknown3 = 10;
  g_errorMessages[22].Message = "ERR_SLOT_EMPTY";
  g_errorMessages[22].Unknown1 = 2;
  g_errorMessages[22].Extra = "NONE";
  g_errorMessages[22].Unknown2 = 68;
  g_errorMessages[22].Unknown3 = 10;
  g_errorMessages[23].Message = "ERR_ITEM_NOT_FOUND";
  g_errorMessages[23].Unknown1 = 2;
  g_errorMessages[23].Extra = "NONE";
  g_errorMessages[23].Unknown2 = 68;
  g_errorMessages[23].Unknown3 = 10;
  g_errorMessages[24].Message = "ERR_TOO_FEW_TO_SPLIT";
  g_errorMessages[24].Unknown1 = 2;
  g_errorMessages[24].Extra = "NONE";
  g_errorMessages[24].Unknown2 = 68;
  g_errorMessages[24].Unknown3 = 10;
  g_errorMessages[25].Message = "ERR_SPLIT_FAILED";
  g_errorMessages[25].Unknown1 = 2;
  g_errorMessages[25].Extra = "NONE";
  g_errorMessages[25].Unknown2 = 68;
  g_errorMessages[25].Unknown3 = 10;
  g_errorMessages[26].Message = "ERR_NOT_A_BAG";
  g_errorMessages[26].Unknown1 = 2;
  g_errorMessages[26].Extra = "NONE";
  g_errorMessages[26].Unknown2 = 25;
  g_errorMessages[26].Unknown3 = 10;
  g_errorMessages[27].Message = "ERR_NOT_OWNER";
  g_errorMessages[27].Unknown1 = 2;
  g_errorMessages[27].Extra = "NONE";
  g_errorMessages[27].Unknown2 = 68;
  g_errorMessages[27].Unknown3 = 10;
  g_errorMessages[28].Message = "ERR_ONLY_ONE_QUIVER";
  g_errorMessages[28].Unknown1 = 2;
  g_errorMessages[28].Extra = "NONE";
  g_errorMessages[28].Unknown2 = 68;
  g_errorMessages[28].Unknown3 = 10;
  g_errorMessages[29].Message = "ERR_NO_BANK_SLOT";
  g_errorMessages[29].Unknown1 = 2;
  g_errorMessages[29].Extra = "NONE";
  g_errorMessages[29].Unknown2 = 68;
  g_errorMessages[29].Unknown3 = 10;
  g_errorMessages[30].Message = "ERR_NO_BANK_HERE";
  g_errorMessages[30].Unknown1 = 2;
  g_errorMessages[30].Extra = "NONE";
  g_errorMessages[30].Unknown2 = 68;
  g_errorMessages[30].Unknown3 = 10;
  g_errorMessages[31].Message = "ERR_ITEM_LOCKED";
  g_errorMessages[31].Unknown1 = 2;
  g_errorMessages[31].Extra = "NONE";
  g_errorMessages[31].Unknown2 = 61;
  g_errorMessages[31].Unknown3 = 10;
  g_errorMessages[32].Message = "ERR_2HANDED_EQUIPPED";
  g_errorMessages[32].Unknown1 = 2;
  g_errorMessages[32].Extra = "NONE";
  g_errorMessages[32].Unknown2 = 42;
  g_errorMessages[32].Unknown3 = 10;
  g_errorMessages[33].Message = "ERR_VENDOR_NOT_INTERESTED";
  g_errorMessages[33].Unknown1 = 2;
  g_errorMessages[33].Extra = "NONE";
  g_errorMessages[33].Unknown2 = 68;
  g_errorMessages[33].Unknown3 = 10;
  g_errorMessages[34].Message = "ERR_VENDOR_HATES_YOU";
  g_errorMessages[34].Unknown1 = 2;
  g_errorMessages[34].Extra = "NONE";
  g_errorMessages[34].Unknown2 = 68;
  g_errorMessages[34].Unknown3 = 10;
  g_errorMessages[35].Message = "ERR_VENDOR_SOLD_OUT";
  g_errorMessages[35].Unknown1 = 2;
  g_errorMessages[35].Extra = "NONE";
  g_errorMessages[35].Unknown2 = 68;
  g_errorMessages[35].Unknown3 = 10;
  g_errorMessages[36].Message = "ERR_VENDOR_TOO_FAR";
  g_errorMessages[36].Unknown1 = 2;
  g_errorMessages[36].Extra = "NONE";
  g_errorMessages[36].Unknown2 = 68;
  g_errorMessages[36].Unknown3 = 10;
  g_errorMessages[37].Message = "ERR_NOT_ENOUGH_MONEY";
  g_errorMessages[37].Unknown1 = 2;
  g_errorMessages[37].Extra = "NONE";
  g_errorMessages[37].Unknown2 = 40;
  g_errorMessages[37].Unknown3 = 10;
  g_errorMessages[38].Message = "ERR_RECEIVE_ITEM_S";
  g_errorMessages[38].Unknown1 = 0;
  g_errorMessages[38].Extra = "ITEMGENERICSOUND";
  g_errorMessages[38].Unknown2 = 68;
  g_errorMessages[38].Unknown3 = 10;
  g_errorMessages[39].Message = "ERR_DROP_BOUND_ITEM";
  g_errorMessages[39].Unknown1 = 2;
  g_errorMessages[39].Extra = "NONE";
  g_errorMessages[39].Unknown2 = 4;
  g_errorMessages[39].Unknown3 = 10;
  g_errorMessages[40].Message = "ERR_TRADE_BOUND_ITEM";
  g_errorMessages[40].Unknown1 = 2;
  g_errorMessages[40].Extra = "NONE";
  g_errorMessages[40].Unknown2 = 59;
  g_errorMessages[40].Unknown3 = 10;
  g_errorMessages[41].Message = "ERR_TRADE_QUEST_ITEM";
  g_errorMessages[41].Unknown1 = 2;
  g_errorMessages[41].Extra = "NONE";
  g_errorMessages[41].Unknown2 = 59;
  g_errorMessages[41].Unknown3 = 10;
  g_errorMessages[42].Message = "ERR_TRADE_GROUND_ITEM";
  g_errorMessages[42].Unknown1 = 2;
  g_errorMessages[42].Extra = "NONE";
  g_errorMessages[42].Unknown2 = 68;
  g_errorMessages[42].Unknown3 = 10;
  g_errorMessages[43].Message = "ERR_TRADE_BAG";
  g_errorMessages[43].Unknown1 = 2;
  g_errorMessages[43].Extra = "NONE";
  g_errorMessages[43].Unknown2 = 68;
  g_errorMessages[43].Unknown3 = 10;
  g_errorMessages[44].Message = "ERR_SPELL_FAILED_S";
  g_errorMessages[44].Unknown1 = 2;
  g_errorMessages[44].Extra = "NONE";
  g_errorMessages[44].Unknown2 = 68;
  g_errorMessages[44].Unknown3 = 10;
  g_errorMessages[45].Message = "ERR_ITEM_COOLDOWN";
  g_errorMessages[45].Unknown1 = 2;
  g_errorMessages[45].Extra = "NONE";
  g_errorMessages[45].Unknown2 = 5;
  g_errorMessages[45].Unknown3 = 10;
  g_errorMessages[46].Message = "ERR_POTION_COOLDOWN";
  g_errorMessages[46].Unknown1 = 2;
  g_errorMessages[46].Extra = "NONE";
  g_errorMessages[46].Unknown2 = 47;
  g_errorMessages[46].Unknown3 = 10;
  g_errorMessages[47].Message = "ERR_FOOD_COOLDOWN";
  g_errorMessages[47].Unknown1 = 2;
  g_errorMessages[47].Extra = "NONE";
  g_errorMessages[47].Unknown2 = 7;
  g_errorMessages[47].Unknown3 = 10;
  g_errorMessages[48].Message = "ERR_SPELL_COOLDOWN";
  g_errorMessages[48].Unknown1 = 2;
  g_errorMessages[48].Extra = "NONE";
  g_errorMessages[48].Unknown2 = 12;
  g_errorMessages[48].Unknown3 = 10;
  g_errorMessages[49].Message = "ERR_ABILITY_COOLDOWN";
  g_errorMessages[49].Unknown1 = 2;
  g_errorMessages[49].Extra = "NONE";
  g_errorMessages[49].Unknown2 = 50;
  g_errorMessages[49].Unknown3 = 10;
  g_errorMessages[50].Message = "ERR_SPELL_ALREADY_KNOWN_S";
  g_errorMessages[50].Unknown1 = 2;
  g_errorMessages[50].Extra = "NONE";
  g_errorMessages[50].Unknown2 = 13;
  g_errorMessages[50].Unknown3 = 10;
  g_errorMessages[51].Message = "ERR_PET_SPELL_ALREADY_KNOWN_S";
  g_errorMessages[51].Unknown1 = 2;
  g_errorMessages[51].Extra = "NONE";
  g_errorMessages[51].Unknown2 = 68;
  g_errorMessages[51].Unknown3 = 10;
  g_errorMessages[52].Message = "ERR_PROFICIENCY_GAINED_S";
  g_errorMessages[52].Unknown1 = 0;
  g_errorMessages[52].Extra = "NONE";
  g_errorMessages[52].Unknown2 = 68;
  g_errorMessages[52].Unknown3 = 23;
  g_errorMessages[53].Message = "ERR_SKILL_GAINED_S";
  g_errorMessages[53].Unknown1 = 0;
  g_errorMessages[53].Extra = "NONE";
  g_errorMessages[53].Unknown2 = 68;
  g_errorMessages[53].Unknown3 = 23;
  g_errorMessages[54].Message = "ERR_SKILL_UP_SI";
  g_errorMessages[54].Unknown1 = 0;
  g_errorMessages[54].Extra = "NONE";
  g_errorMessages[54].Unknown2 = 68;
  g_errorMessages[54].Unknown3 = 23;
  g_errorMessages[55].Message = "ERR_LEARN_SPELL_S";
  g_errorMessages[55].Unknown1 = 0;
  g_errorMessages[55].Extra = "NONE";
  g_errorMessages[55].Unknown2 = 68;
  g_errorMessages[55].Unknown3 = 10;
  g_errorMessages[56].Message = "ERR_LEARN_ABILITY_S";
  g_errorMessages[56].Unknown1 = 0;
  g_errorMessages[56].Extra = "NONE";
  g_errorMessages[56].Unknown2 = 68;
  g_errorMessages[56].Unknown3 = 10;
  g_errorMessages[57].Message = "ERR_LEARN_RECIPE_S";
  g_errorMessages[57].Unknown1 = 0;
  g_errorMessages[57].Extra = "NONE";
  g_errorMessages[57].Unknown2 = 68;
  g_errorMessages[57].Unknown3 = 10;
  g_errorMessages[58].Message = "ERR_INVITE_PLAYER_S";
  g_errorMessages[58].Unknown1 = 0;
  g_errorMessages[58].Extra = "NONE";
  g_errorMessages[58].Unknown2 = 68;
  g_errorMessages[58].Unknown3 = 10;
  g_errorMessages[59].Message = "ERR_INVITE_SELF";
  g_errorMessages[59].Unknown1 = 2;
  g_errorMessages[59].Extra = "NONE";
  g_errorMessages[59].Unknown2 = 68;
  g_errorMessages[59].Unknown3 = 10;
  g_errorMessages[60].Message = "ERR_INVITED_TO_GROUP_S";
  g_errorMessages[60].Unknown1 = 0;
  g_errorMessages[60].Extra = "NONE";
  g_errorMessages[60].Unknown2 = 68;
  g_errorMessages[60].Unknown3 = 10;
  g_errorMessages[61].Message = "ERR_ALREADY_IN_GROUP_S";
  g_errorMessages[61].Unknown1 = 0;
  g_errorMessages[61].Extra = "NONE";
  g_errorMessages[61].Unknown2 = 20;
  g_errorMessages[61].Unknown3 = 10;
  g_errorMessages[62].Message = "ERR_PLAYER_BUSY_S";
  g_errorMessages[62].Unknown1 = 0;
  g_errorMessages[62].Extra = "NONE";
  g_errorMessages[62].Unknown2 = 68;
  g_errorMessages[62].Unknown3 = 10;
  g_errorMessages[63].Message = "ERR_NEW_LEADER_S";
  g_errorMessages[63].Unknown1 = 0;
  g_errorMessages[63].Extra = "NONE";
  g_errorMessages[63].Unknown2 = 68;
  g_errorMessages[63].Unknown3 = 10;
  g_errorMessages[64].Message = "ERR_NEW_LEADER_YOU";
  g_errorMessages[64].Unknown1 = 0;
  g_errorMessages[64].Extra = "NONE";
  g_errorMessages[64].Unknown2 = 68;
  g_errorMessages[64].Unknown3 = 10;
  g_errorMessages[65].Message = "ERR_LEFT_GROUP_S";
  g_errorMessages[65].Unknown1 = 0;
  g_errorMessages[65].Extra = "NONE";
  g_errorMessages[65].Unknown2 = 68;
  g_errorMessages[65].Unknown3 = 10;
  g_errorMessages[66].Message = "ERR_LEFT_GROUP_YOU";
  g_errorMessages[66].Unknown1 = 0;
  g_errorMessages[66].Extra = "NONE";
  g_errorMessages[66].Unknown2 = 68;
  g_errorMessages[66].Unknown3 = 10;
  g_errorMessages[67].Message = "ERR_GROUP_DISBANDED";
  g_errorMessages[67].Unknown1 = 0;
  g_errorMessages[67].Extra = "NONE";
  g_errorMessages[67].Unknown2 = 68;
  g_errorMessages[67].Unknown3 = 10;
  g_errorMessages[68].Message = "ERR_DECLINE_GROUP_S";
  g_errorMessages[68].Unknown1 = 0;
  g_errorMessages[68].Extra = "igPlayerInviteDecline";
  g_errorMessages[68].Unknown2 = 68;
  g_errorMessages[68].Unknown3 = 10;
  g_errorMessages[69].Message = "ERR_JOINED_GROUP_S";
  g_errorMessages[69].Unknown1 = 0;
  g_errorMessages[69].Extra = "NONE";
  g_errorMessages[69].Unknown2 = 68;
  g_errorMessages[69].Unknown3 = 10;
  g_errorMessages[70].Message = "ERR_UNINVITE_YOU";
  g_errorMessages[70].Unknown1 = 0;
  g_errorMessages[70].Extra = "NONE";
  g_errorMessages[70].Unknown2 = 68;
  g_errorMessages[70].Unknown3 = 10;
  g_errorMessages[71].Message = "ERR_BAD_PLAYER_NAME_S";
  g_errorMessages[71].Unknown1 = 0;
  g_errorMessages[71].Extra = "NONE";
  g_errorMessages[71].Unknown2 = 68;
  g_errorMessages[71].Unknown3 = 10;
  g_errorMessages[72].Message = "ERR_NOT_IN_GROUP";
  g_errorMessages[72].Unknown1 = 0;
  g_errorMessages[72].Extra = "NONE";
  g_errorMessages[72].Unknown2 = 68;
  g_errorMessages[72].Unknown3 = 10;
  g_errorMessages[73].Message = "ERR_TARGET_NOT_IN_GROUP_S";
  g_errorMessages[73].Unknown1 = 0;
  g_errorMessages[73].Extra = "NONE";
  g_errorMessages[73].Unknown2 = 68;
  g_errorMessages[73].Unknown3 = 10;
  g_errorMessages[74].Message = "ERR_GROUP_FULL";
  g_errorMessages[74].Unknown1 = 0;
  g_errorMessages[74].Extra = "NONE";
  g_errorMessages[74].Unknown2 = 8;
  g_errorMessages[74].Unknown3 = 10;
  g_errorMessages[75].Message = "ERR_NOT_LEADER";
  g_errorMessages[75].Unknown1 = 0;
  g_errorMessages[75].Extra = "NONE";
  g_errorMessages[75].Unknown2 = 68;
  g_errorMessages[75].Unknown3 = 10;
  g_errorMessages[76].Message = "ERR_PLAYER_DIED_S";
  g_errorMessages[76].Unknown1 = 0;
  g_errorMessages[76].Extra = "NONE";
  g_errorMessages[76].Unknown2 = 68;
  g_errorMessages[76].Unknown3 = 10;
  g_errorMessages[77].Message = "ERR_GUILD_CREATE_S";
  g_errorMessages[77].Unknown1 = 0;
  g_errorMessages[77].Extra = "LEVELUP";
  g_errorMessages[77].Unknown2 = 68;
  g_errorMessages[77].Unknown3 = 10;
  g_errorMessages[78].Message = "ERR_GUILD_INVITE_S";
  g_errorMessages[78].Unknown1 = 0;
  g_errorMessages[78].Extra = "NONE";
  g_errorMessages[78].Unknown2 = 68;
  g_errorMessages[78].Unknown3 = 10;
  g_errorMessages[79].Message = "ERR_INVITED_TO_GUILD_SS";
  g_errorMessages[79].Unknown1 = 0;
  g_errorMessages[79].Extra = "LEVELUP";
  g_errorMessages[79].Unknown2 = 68;
  g_errorMessages[79].Unknown3 = 10;
  g_errorMessages[80].Message = "ERR_ALREADY_IN_GUILD_S";
  g_errorMessages[80].Unknown1 = 0;
  g_errorMessages[80].Extra = "NONE";
  g_errorMessages[80].Unknown2 = 68;
  g_errorMessages[80].Unknown3 = 10;
  g_errorMessages[81].Message = "ERR_ALREADY_INVITED_TO_GUILD_S";
  g_errorMessages[81].Unknown1 = 0;
  g_errorMessages[81].Extra = "NONE";
  g_errorMessages[81].Unknown2 = 68;
  g_errorMessages[81].Unknown3 = 10;
  g_errorMessages[82].Message = "ERR_INVITED_TO_GUILD";
  g_errorMessages[82].Unknown1 = 0;
  g_errorMessages[82].Extra = "NONE";
  g_errorMessages[82].Unknown2 = 68;
  g_errorMessages[82].Unknown3 = 10;
  g_errorMessages[83].Message = "ERR_ALREADY_IN_GUILD";
  g_errorMessages[83].Unknown1 = 0;
  g_errorMessages[83].Extra = "NONE";
  g_errorMessages[83].Unknown2 = 68;
  g_errorMessages[83].Unknown3 = 10;
  g_errorMessages[84].Message = "ERR_GUILD_ACCEPT";
  g_errorMessages[84].Unknown1 = 0;
  g_errorMessages[84].Extra = "NONE";
  g_errorMessages[84].Unknown2 = 68;
  g_errorMessages[84].Unknown3 = 10;
  g_errorMessages[85].Message = "ERR_GUILD_DECLINE_S";
  g_errorMessages[85].Unknown1 = 0;
  g_errorMessages[85].Extra = "NONE";
  g_errorMessages[85].Unknown2 = 68;
  g_errorMessages[85].Unknown3 = 10;
  g_errorMessages[86].Message = "ERR_GUILD_PERMISSIONS";
  g_errorMessages[86].Unknown1 = 0;
  g_errorMessages[86].Extra = "NONE";
  g_errorMessages[86].Unknown2 = 62;
  g_errorMessages[86].Unknown3 = 10;
  g_errorMessages[87].Message = "ERR_GUILD_JOIN_S";
  g_errorMessages[87].Unknown1 = 0;
  g_errorMessages[87].Extra = "NONE";
  g_errorMessages[87].Unknown2 = 68;
  g_errorMessages[87].Unknown3 = 10;
  g_errorMessages[88].Message = "ERR_GUILD_FOUNDER_S";
  g_errorMessages[88].Unknown1 = 0;
  g_errorMessages[88].Extra = "NONE";
  g_errorMessages[88].Unknown2 = 68;
  g_errorMessages[88].Unknown3 = 10;
  g_errorMessages[89].Message = "ERR_GUILD_PROMOTE_SSS";
  g_errorMessages[89].Unknown1 = 0;
  g_errorMessages[89].Extra = "NONE";
  g_errorMessages[89].Unknown2 = 68;
  g_errorMessages[89].Unknown3 = 10;
  g_errorMessages[90].Message = "ERR_GUILD_DEMOTE_SSS";
  g_errorMessages[90].Unknown1 = 0;
  g_errorMessages[90].Extra = "NONE";
  g_errorMessages[90].Unknown2 = 68;
  g_errorMessages[90].Unknown3 = 10;
  g_errorMessages[91].Message = "ERR_GUILD_QUIT_S";
  g_errorMessages[91].Unknown1 = 0;
  g_errorMessages[91].Extra = "NONE";
  g_errorMessages[91].Unknown2 = 68;
  g_errorMessages[91].Unknown3 = 10;
  g_errorMessages[92].Message = "ERR_GUILD_LEAVE_S";
  g_errorMessages[92].Unknown1 = 0;
  g_errorMessages[92].Extra = "NONE";
  g_errorMessages[92].Unknown2 = 68;
  g_errorMessages[92].Unknown3 = 10;
  g_errorMessages[93].Message = "ERR_GUILD_REMOVE_SS";
  g_errorMessages[93].Unknown1 = 0;
  g_errorMessages[93].Extra = "NONE";
  g_errorMessages[93].Unknown2 = 68;
  g_errorMessages[93].Unknown3 = 10;
  g_errorMessages[94].Message = "ERR_GUILD_REMOVE_SELF";
  g_errorMessages[94].Unknown1 = 0;
  g_errorMessages[94].Extra = "NONE";
  g_errorMessages[94].Unknown2 = 68;
  g_errorMessages[94].Unknown3 = 10;
  g_errorMessages[95].Message = "ERR_GUILD_DISBAND_S";
  g_errorMessages[95].Unknown1 = 0;
  g_errorMessages[95].Extra = "NONE";
  g_errorMessages[95].Unknown2 = 68;
  g_errorMessages[95].Unknown3 = 10;
  g_errorMessages[96].Message = "ERR_GUILD_DISBAND_SELF";
  g_errorMessages[96].Unknown1 = 0;
  g_errorMessages[96].Extra = "NONE";
  g_errorMessages[96].Unknown2 = 68;
  g_errorMessages[96].Unknown3 = 10;
  g_errorMessages[97].Message = "ERR_GUILD_LEADER_S";
  g_errorMessages[97].Unknown1 = 0;
  g_errorMessages[97].Extra = "NONE";
  g_errorMessages[97].Unknown2 = 68;
  g_errorMessages[97].Unknown3 = 10;
  g_errorMessages[98].Message = "ERR_GUILD_LEADER_SELF";
  g_errorMessages[98].Unknown1 = 0;
  g_errorMessages[98].Extra = "NONE";
  g_errorMessages[98].Unknown2 = 68;
  g_errorMessages[98].Unknown3 = 10;
  g_errorMessages[99].Message = "ERR_GUILD_PLAYER_NOT_FOUND_S";
  g_errorMessages[99].Unknown1 = 0;
  g_errorMessages[99].Extra = "NONE";
  g_errorMessages[99].Unknown2 = 68;
  g_errorMessages[99].Unknown3 = 10;
  g_errorMessages[100].Message = "ERR_GUILD_PLAYER_NOT_IN_GUILD_S";
  g_errorMessages[100].Unknown1 = 0;
  g_errorMessages[100].Extra = "NONE";
  g_errorMessages[100].Unknown2 = 68;
  g_errorMessages[100].Unknown3 = 10;
  g_errorMessages[101].Message = "ERR_GUILD_PLAYER_NOT_IN_GUILD";
  g_errorMessages[101].Unknown1 = 0;
  g_errorMessages[101].Extra = "NONE";
  g_errorMessages[101].Unknown2 = 68;
  g_errorMessages[101].Unknown3 = 10;
  g_errorMessages[102].Message = "ERR_GUILD_CANT_PROMOTE_S";
  g_errorMessages[102].Unknown1 = 0;
  g_errorMessages[102].Extra = "NONE";
  g_errorMessages[102].Unknown2 = 68;
  g_errorMessages[102].Unknown3 = 10;
  g_errorMessages[103].Message = "ERR_GUILD_CANT_DEMOTE_S";
  g_errorMessages[103].Unknown1 = 0;
  g_errorMessages[103].Extra = "NONE";
  g_errorMessages[103].Unknown2 = 68;
  g_errorMessages[103].Unknown3 = 10;
  g_errorMessages[104].Message = "ERR_GUILD_NOT_IN_A_GUILD";
  g_errorMessages[104].Unknown1 = 0;
  g_errorMessages[104].Extra = "NONE";
  g_errorMessages[104].Unknown2 = 68;
  g_errorMessages[104].Unknown3 = 10;
  g_errorMessages[105].Message = "ERR_GUILD_INTERNAL";
  g_errorMessages[105].Unknown1 = 0;
  g_errorMessages[105].Extra = "NONE";
  g_errorMessages[105].Unknown2 = 68;
  g_errorMessages[105].Unknown3 = 10;
  g_errorMessages[106].Message = "ERR_GUILD_LEADER_IS_S";
  g_errorMessages[106].Unknown1 = 0;
  g_errorMessages[106].Extra = "NONE";
  g_errorMessages[106].Unknown2 = 68;
  g_errorMessages[106].Unknown3 = 10;
  g_errorMessages[107].Message = "ERR_GUILD_LEADER_CHANGED_SS";
  g_errorMessages[107].Unknown1 = 0;
  g_errorMessages[107].Extra = "NONE";
  g_errorMessages[107].Unknown2 = 68;
  g_errorMessages[107].Unknown3 = 10;
  g_errorMessages[108].Message = "ERR_GUILD_DISBANDED";
  g_errorMessages[108].Unknown1 = 0;
  g_errorMessages[108].Extra = "NONE";
  g_errorMessages[108].Unknown2 = 68;
  g_errorMessages[108].Unknown3 = 10;
  g_errorMessages[109].Message = "ERR_GUILD_NOT_ALLIED";
  g_errorMessages[109].Unknown1 = 0;
  g_errorMessages[109].Extra = "NONE";
  g_errorMessages[109].Unknown2 = 68;
  g_errorMessages[109].Unknown3 = 10;
  g_errorMessages[110].Message = "ERR_GUILD_LEADER_LEAVE";
  g_errorMessages[110].Unknown1 = 0;
  g_errorMessages[110].Extra = "NONE";
  g_errorMessages[110].Unknown2 = 68;
  g_errorMessages[110].Unknown3 = 10;
  g_errorMessages[111].Message = "ERR_GUILD_RANKS_LOCKED";
  g_errorMessages[111].Unknown1 = 0;
  g_errorMessages[111].Extra = "NONE";
  g_errorMessages[111].Unknown2 = 68;
  g_errorMessages[111].Unknown3 = 10;
  g_errorMessages[112].Message = "ERR_GUILD_RANK_IN_USE";
  g_errorMessages[112].Unknown1 = 0;
  g_errorMessages[112].Extra = "NONE";
  g_errorMessages[112].Unknown2 = 68;
  g_errorMessages[112].Unknown3 = 10;
  g_errorMessages[113].Message = "ERR_GUILD_RANK_TOO_HIGH_S";
  g_errorMessages[113].Unknown1 = 0;
  g_errorMessages[113].Extra = "NONE";
  g_errorMessages[113].Unknown2 = 68;
  g_errorMessages[113].Unknown3 = 10;
  g_errorMessages[114].Message = "ERR_GUILD_RANK_TOO_LOW_S";
  g_errorMessages[114].Unknown1 = 0;
  g_errorMessages[114].Extra = "NONE";
  g_errorMessages[114].Unknown2 = 68;
  g_errorMessages[114].Unknown3 = 10;
  g_errorMessages[115].Message = "ERR_GUILD_NAME_INVALID";
  g_errorMessages[115].Unknown1 = 2;
  g_errorMessages[115].Extra = "NONE";
  g_errorMessages[115].Unknown2 = 68;
  g_errorMessages[115].Unknown3 = 10;
  g_errorMessages[116].Message = "ERR_GUILD_NAME_EXISTS_S";
  g_errorMessages[116].Unknown1 = 2;
  g_errorMessages[116].Extra = "NONE";
  g_errorMessages[116].Unknown2 = 68;
  g_errorMessages[116].Unknown3 = 10;
  g_errorMessages[117].Message = "ERR_GUILD_ENTER_NAME";
  g_errorMessages[117].Unknown1 = 2;
  g_errorMessages[117].Extra = "NONE";
  g_errorMessages[117].Unknown2 = 68;
  g_errorMessages[117].Unknown3 = 10;
  g_errorMessages[118].Message = "ERR_GUILD_NAME_TOO_SHORT";
  g_errorMessages[118].Unknown1 = 2;
  g_errorMessages[118].Extra = "NONE";
  g_errorMessages[118].Unknown2 = 68;
  g_errorMessages[118].Unknown3 = 10;
  g_errorMessages[119].Message = "ERR_GUILD_NAME_MIXED_LANGUAGES";
  g_errorMessages[119].Unknown1 = 2;
  g_errorMessages[119].Extra = "NONE";
  g_errorMessages[119].Unknown2 = 68;
  g_errorMessages[119].Unknown3 = 10;
  g_errorMessages[120].Message = "ERR_GUILD_NAME_PROFANE";
  g_errorMessages[120].Unknown1 = 2;
  g_errorMessages[120].Extra = "NONE";
  g_errorMessages[120].Unknown2 = 68;
  g_errorMessages[120].Unknown3 = 10;
  g_errorMessages[121].Message = "ERR_GUILD_NAME_RESERVED";
  g_errorMessages[121].Unknown1 = 2;
  g_errorMessages[121].Extra = "NONE";
  g_errorMessages[121].Unknown2 = 68;
  g_errorMessages[121].Unknown3 = 10;
  g_errorMessages[122].Message = "ERR_GUILD_NAME_INVALID_SPACE";
  g_errorMessages[122].Unknown1 = 2;
  g_errorMessages[122].Extra = "NONE";
  g_errorMessages[122].Unknown2 = 68;
  g_errorMessages[122].Unknown3 = 10;
  g_errorMessages[123].Message = "ERR_GUILD_NAME_NAME_CONSECUTIVE_SPACES";
  g_errorMessages[123].Unknown1 = 2;
  g_errorMessages[123].Extra = "NONE";
  g_errorMessages[123].Unknown2 = 68;
  g_errorMessages[123].Unknown3 = 10;
  g_errorMessages[124].Message = "ERR_NO_GUILD_CHARTER";
  g_errorMessages[124].Unknown1 = 2;
  g_errorMessages[124].Extra = "NONE";
  g_errorMessages[124].Unknown2 = 68;
  g_errorMessages[124].Unknown3 = 10;
  g_errorMessages[125].Message = "ERR_OUT_OF_RANGE";
  g_errorMessages[125].Unknown1 = 2;
  g_errorMessages[125].Extra = "NONE";
  g_errorMessages[125].Unknown2 = 10;
  g_errorMessages[125].Unknown3 = 10;
  g_errorMessages[126].Message = "ERR_PLAYER_DEAD";
  g_errorMessages[126].Unknown1 = 2;
  g_errorMessages[126].Extra = "NONE";
  g_errorMessages[126].Unknown2 = 68;
  g_errorMessages[126].Unknown3 = 10;
  g_errorMessages[127].Message = "ERR_CLIENT_LOCKED_OUT";
  g_errorMessages[127].Unknown1 = 2;
  g_errorMessages[127].Extra = "NONE";
  g_errorMessages[127].Unknown2 = 68;
  g_errorMessages[127].Unknown3 = 10;
  g_errorMessages[128].Message = "ERR_KILLED_BY_S";
  g_errorMessages[128].Unknown1 = 0;
  g_errorMessages[128].Extra = "NONE";
  g_errorMessages[128].Unknown2 = 68;
  g_errorMessages[128].Unknown3 = 10;
  g_errorMessages[129].Message = "ERR_LOOT_LOCKED";
  g_errorMessages[129].Unknown1 = 2;
  g_errorMessages[129].Extra = "NONE";
  g_errorMessages[129].Unknown2 = 33;
  g_errorMessages[129].Unknown3 = 10;
  g_errorMessages[130].Message = "ERR_LOOT_TOO_FAR";
  g_errorMessages[130].Unknown1 = 2;
  g_errorMessages[130].Extra = "NONE";
  g_errorMessages[130].Unknown2 = 35;
  g_errorMessages[130].Unknown3 = 10;
  g_errorMessages[131].Message = "ERR_LOOT_DIDNT_KILL";
  g_errorMessages[131].Unknown1 = 2;
  g_errorMessages[131].Extra = "NONE";
  g_errorMessages[131].Unknown2 = 31;
  g_errorMessages[131].Unknown3 = 10;
  g_errorMessages[132].Message = "ERR_LOOT_BAD_FACING";
  g_errorMessages[132].Unknown1 = 2;
  g_errorMessages[132].Extra = "NONE";
  g_errorMessages[132].Unknown2 = 32;
  g_errorMessages[132].Unknown3 = 10;
  g_errorMessages[133].Message = "ERR_LOOT_NOTSTANDING";
  g_errorMessages[133].Unknown1 = 2;
  g_errorMessages[133].Extra = "NONE";
  g_errorMessages[133].Unknown2 = 68;
  g_errorMessages[133].Unknown3 = 10;
  g_errorMessages[134].Message = "ERR_LOOT_STUNNED";
  g_errorMessages[134].Unknown1 = 2;
  g_errorMessages[134].Extra = "NONE";
  g_errorMessages[134].Unknown2 = 68;
  g_errorMessages[134].Unknown3 = 10;
  g_errorMessages[135].Message = "ERR_LOOT_NO_UI";
  g_errorMessages[135].Unknown1 = 2;
  g_errorMessages[135].Extra = "NONE";
  g_errorMessages[135].Unknown2 = 68;
  g_errorMessages[135].Unknown3 = 10;
  g_errorMessages[136].Message = "ERR_LOOT_WHILE_INVULNERABLE";
  g_errorMessages[136].Unknown1 = 2;
  g_errorMessages[136].Extra = "NONE";
  g_errorMessages[136].Unknown2 = 68;
  g_errorMessages[136].Unknown3 = 10;
  g_errorMessages[137].Message = "ERR_QUEST_ACCEPTED_S";
  g_errorMessages[137].Unknown1 = 0;
  g_errorMessages[137].Extra = "QUESTADDED";
  g_errorMessages[137].Unknown2 = 68;
  g_errorMessages[137].Unknown3 = 10;
  g_errorMessages[138].Message = "ERR_QUEST_COMPLETE_S";
  g_errorMessages[138].Unknown1 = 0;
  g_errorMessages[138].Extra = "igQuestListComplete";
  g_errorMessages[138].Unknown2 = 68;
  g_errorMessages[138].Unknown3 = 10;
  g_errorMessages[139].Message = "ERR_QUEST_FAILED_S";
  g_errorMessages[139].Unknown1 = 0;
  g_errorMessages[139].Extra = "igQuestFailed";
  g_errorMessages[139].Unknown2 = 68;
  g_errorMessages[139].Unknown3 = 10;
  g_errorMessages[140].Message = "ERR_QUEST_FAILED_BAG_FULL_S";
  g_errorMessages[140].Unknown1 = 0;
  g_errorMessages[140].Extra = "igQuestFailed";
  g_errorMessages[140].Unknown2 = 68;
  g_errorMessages[140].Unknown3 = 10;
  g_errorMessages[141].Message = "ERR_QUEST_FAILED_MAX_COUNT_S";
  g_errorMessages[141].Unknown1 = 0;
  g_errorMessages[141].Extra = "igQuestFailed";
  g_errorMessages[141].Unknown2 = 68;
  g_errorMessages[141].Unknown3 = 10;
  g_errorMessages[142].Message = "ERR_QUEST_FAILED_LOW_LEVEL";
  g_errorMessages[142].Unknown1 = 0;
  g_errorMessages[142].Extra = "igQuestFailed";
  g_errorMessages[142].Unknown2 = 68;
  g_errorMessages[142].Unknown3 = 10;
  g_errorMessages[143].Message = "ERR_QUEST_FAILED_MISSING_ITEMS";
  g_errorMessages[143].Unknown1 = 0;
  g_errorMessages[143].Extra = "igQuestFailed";
  g_errorMessages[143].Unknown2 = 68;
  g_errorMessages[143].Unknown3 = 10;
  g_errorMessages[144].Message = "ERR_QUEST_FAILED_WRONG_RACE";
  g_errorMessages[144].Unknown1 = 0;
  g_errorMessages[144].Extra = "igQuestFailed";
  g_errorMessages[144].Unknown2 = 68;
  g_errorMessages[144].Unknown3 = 10;
  g_errorMessages[145].Message = "ERR_QUEST_FAILED_NOT_ENOUGH_MONEY";
  g_errorMessages[145].Unknown1 = 0;
  g_errorMessages[145].Extra = "igQuestFailed";
  g_errorMessages[145].Unknown2 = 68;
  g_errorMessages[145].Unknown3 = 10;
  g_errorMessages[146].Message = "ERR_QUEST_ONLY_ONE_TIMED";
  g_errorMessages[146].Unknown1 = 0;
  g_errorMessages[146].Extra = "igQuestFailed";
  g_errorMessages[146].Unknown2 = 68;
  g_errorMessages[146].Unknown3 = 10;
  g_errorMessages[147].Message = "ERR_QUEST_NEED_PREREQS";
  g_errorMessages[147].Unknown1 = 0;
  g_errorMessages[147].Extra = "igQuestFailed";
  g_errorMessages[147].Unknown2 = 68;
  g_errorMessages[147].Unknown3 = 10;
  g_errorMessages[148].Message = "ERR_QUEST_ALREADY_ON";
  g_errorMessages[148].Unknown1 = 0;
  g_errorMessages[148].Extra = "igQuestFailed";
  g_errorMessages[148].Unknown2 = 68;
  g_errorMessages[148].Unknown3 = 10;
  g_errorMessages[149].Message = "ERR_QUEST_REWARD_EXP_I";
  g_errorMessages[149].Unknown1 = 0;
  g_errorMessages[149].Extra = "NONE";
  g_errorMessages[149].Unknown2 = 68;
  g_errorMessages[149].Unknown3 = 10;
  g_errorMessages[150].Message = "ERR_QUEST_REWARD_ITEM_S";
  g_errorMessages[150].Unknown1 = 0;
  g_errorMessages[150].Extra = "NONE";
  g_errorMessages[150].Unknown2 = 68;
  g_errorMessages[150].Unknown3 = 10;
  g_errorMessages[151].Message = "ERR_QUEST_REWARD_MONEY_S";
  g_errorMessages[151].Unknown1 = 0;
  g_errorMessages[151].Extra = "NONE";
  g_errorMessages[151].Unknown2 = 68;
  g_errorMessages[151].Unknown3 = 10;
  g_errorMessages[152].Message = "ERR_QUEST_MUST_CHOOSE";
  g_errorMessages[152].Unknown1 = 2;
  g_errorMessages[152].Extra = "igQuestFailed";
  g_errorMessages[152].Unknown2 = 68;
  g_errorMessages[152].Unknown3 = 10;
  g_errorMessages[153].Message = "ERR_QUEST_LOG_FULL";
  g_errorMessages[153].Unknown1 = 2;
  g_errorMessages[153].Extra = "igQuestFailed";
  g_errorMessages[153].Unknown2 = 68;
  g_errorMessages[153].Unknown3 = 10;
  g_errorMessages[154].Message = "ERR_COMBAT_DAMAGE_SSI";
  g_errorMessages[154].Unknown1 = 0;
  g_errorMessages[154].Extra = "NONE";
  g_errorMessages[154].Unknown2 = 68;
  g_errorMessages[154].Unknown3 = 10;
  g_errorMessages[155].Message = "ERR_INSPECT_S";
  g_errorMessages[155].Unknown1 = 0;
  g_errorMessages[155].Extra = "NONE";
  g_errorMessages[155].Unknown2 = 68;
  g_errorMessages[155].Unknown3 = 10;
  g_errorMessages[156].Message = "ERR_CANT_USE_ITEM";
  g_errorMessages[156].Unknown1 = 2;
  g_errorMessages[156].Extra = "NONE";
  g_errorMessages[156].Unknown2 = 51;
  g_errorMessages[156].Unknown3 = 10;
  g_errorMessages[157].Message = "ERR_MUST_EQUIP_ITEM";
  g_errorMessages[157].Unknown1 = 2;
  g_errorMessages[157].Extra = "NONE";
  g_errorMessages[157].Unknown2 = 49;
  g_errorMessages[157].Unknown3 = 10;
  g_errorMessages[158].Message = "ERR_PASSIVE_ABILITY";
  g_errorMessages[158].Unknown1 = 2;
  g_errorMessages[158].Extra = "NONE";
  g_errorMessages[158].Unknown2 = 68;
  g_errorMessages[158].Unknown3 = 10;
  g_errorMessages[159].Message = "ERR_2HSKILLNOTFOUND";
  g_errorMessages[159].Unknown1 = 2;
  g_errorMessages[159].Extra = "NONE";
  g_errorMessages[159].Unknown2 = 68;
  g_errorMessages[159].Unknown3 = 10;
  g_errorMessages[160].Message = "ERR_NO_ATTACK_TARGET";
  g_errorMessages[160].Unknown1 = 2;
  g_errorMessages[160].Extra = "NONE";
  g_errorMessages[160].Unknown2 = 38;
  g_errorMessages[160].Unknown3 = 10;
  g_errorMessages[161].Message = "ERR_INVALID_ATTACK_TARGET";
  g_errorMessages[161].Unknown1 = 2;
  g_errorMessages[161].Extra = "NONE";
  g_errorMessages[161].Unknown2 = 11;
  g_errorMessages[161].Unknown3 = 10;
  g_errorMessages[162].Message = "ERR_ATTACK_STUNNED";
  g_errorMessages[162].Unknown1 = 2;
  g_errorMessages[162].Extra = "NONE";
  g_errorMessages[162].Unknown2 = 68;
  g_errorMessages[162].Unknown3 = 10;
  g_errorMessages[163].Message = "ERR_ATTACK_PACIFIED";
  g_errorMessages[163].Unknown1 = 2;
  g_errorMessages[163].Extra = "NONE";
  g_errorMessages[163].Unknown2 = 68;
  g_errorMessages[163].Unknown3 = 10;
  g_errorMessages[164].Message = "ERR_ATTACK_MOUNTED";
  g_errorMessages[164].Unknown1 = 2;
  g_errorMessages[164].Extra = "NONE";
  g_errorMessages[164].Unknown2 = 68;
  g_errorMessages[164].Unknown3 = 10;
  g_errorMessages[165].Message = "ERR_ATTACK_FLEEING";
  g_errorMessages[165].Unknown1 = 2;
  g_errorMessages[165].Extra = "NONE";
  g_errorMessages[165].Unknown2 = 68;
  g_errorMessages[165].Unknown3 = 10;
  g_errorMessages[166].Message = "ERR_ATTACK_CONFUSED";
  g_errorMessages[166].Unknown1 = 2;
  g_errorMessages[166].Extra = "NONE";
  g_errorMessages[166].Unknown2 = 68;
  g_errorMessages[166].Unknown3 = 10;
  g_errorMessages[167].Message = "ERR_ATTACK_CHARMED";
  g_errorMessages[167].Unknown1 = 2;
  g_errorMessages[167].Extra = "NONE";
  g_errorMessages[167].Unknown2 = 68;
  g_errorMessages[167].Unknown3 = 10;
  g_errorMessages[168].Message = "ERR_ATTACK_DEAD";
  g_errorMessages[168].Unknown1 = 2;
  g_errorMessages[168].Extra = "NONE";
  g_errorMessages[168].Unknown2 = 68;
  g_errorMessages[168].Unknown3 = 10;
  g_errorMessages[169].Message = "ERR_ATTACK_PREVENTED_BY_MECHANIC_S";
  g_errorMessages[169].Unknown1 = 2;
  g_errorMessages[169].Extra = "NONE";
  g_errorMessages[169].Unknown2 = 68;
  g_errorMessages[169].Unknown3 = 10;
  g_errorMessages[170].Message = "ERR_TAXISAMENODE";
  g_errorMessages[170].Unknown1 = 2;
  g_errorMessages[170].Extra = "NONE";
  g_errorMessages[170].Unknown2 = 68;
  g_errorMessages[170].Unknown3 = 10;
  g_errorMessages[171].Message = "ERR_TAXINOSUCHPATH";
  g_errorMessages[171].Unknown1 = 1;
  g_errorMessages[171].Extra = "NONE";
  g_errorMessages[171].Unknown2 = 68;
  g_errorMessages[171].Unknown3 = 10;
  g_errorMessages[172].Message = "ERR_TAXIUNSPECIFIEDSERVERERROR";
  g_errorMessages[172].Unknown1 = 2;
  g_errorMessages[172].Extra = "NONE";
  g_errorMessages[172].Unknown2 = 68;
  g_errorMessages[172].Unknown3 = 10;
  g_errorMessages[173].Message = "ERR_TAXINOTENOUGHMONEY";
  g_errorMessages[173].Unknown1 = 1;
  g_errorMessages[173].Extra = "NONE";
  g_errorMessages[173].Unknown2 = 54;
  g_errorMessages[173].Unknown3 = 10;
  g_errorMessages[174].Message = "ERR_TAXITOOFARAWAY";
  g_errorMessages[174].Unknown1 = 1;
  g_errorMessages[174].Extra = "NONE";
  g_errorMessages[174].Unknown2 = 68;
  g_errorMessages[174].Unknown3 = 10;
  g_errorMessages[175].Message = "ERR_TAXINOVENDORNEARBY";
  g_errorMessages[175].Unknown1 = 1;
  g_errorMessages[175].Extra = "NONE";
  g_errorMessages[175].Unknown2 = 68;
  g_errorMessages[175].Unknown3 = 10;
  g_errorMessages[176].Message = "ERR_TAXINOTVISITED";
  g_errorMessages[176].Unknown1 = 1;
  g_errorMessages[176].Extra = "NONE";
  g_errorMessages[176].Unknown2 = 68;
  g_errorMessages[176].Unknown3 = 10;
  g_errorMessages[177].Message = "ERR_TAXIPLAYERBUSY";
  g_errorMessages[177].Unknown1 = 2;
  g_errorMessages[177].Extra = "NONE";
  g_errorMessages[177].Unknown2 = 68;
  g_errorMessages[177].Unknown3 = 10;
  g_errorMessages[178].Message = "ERR_TAXIPLAYERALREADYMOUNTED";
  g_errorMessages[178].Unknown1 = 2;
  g_errorMessages[178].Extra = "NONE";
  g_errorMessages[178].Unknown2 = 68;
  g_errorMessages[178].Unknown3 = 10;
  g_errorMessages[179].Message = "ERR_TAXIPLAYERSHAPESHIFTED";
  g_errorMessages[179].Unknown1 = 2;
  g_errorMessages[179].Extra = "NONE";
  g_errorMessages[179].Unknown2 = 68;
  g_errorMessages[179].Unknown3 = 10;
  g_errorMessages[180].Message = "ERR_TAXIPLAYERMOVING";
  g_errorMessages[180].Unknown1 = 1;
  g_errorMessages[180].Extra = "NONE";
  g_errorMessages[180].Unknown2 = 68;
  g_errorMessages[180].Unknown3 = 10;
  g_errorMessages[181].Message = "ERR_TAXINOPATHS";
  g_errorMessages[181].Unknown1 = 2;
  g_errorMessages[181].Extra = "NONE";
  g_errorMessages[181].Unknown2 = 68;
  g_errorMessages[181].Unknown3 = 10;
  g_errorMessages[182].Message = "ERR_TAXINOTSTANDING";
  g_errorMessages[182].Unknown1 = 1;
  g_errorMessages[182].Extra = "NONE";
  g_errorMessages[182].Unknown2 = 68;
  g_errorMessages[182].Unknown3 = 10;
  g_errorMessages[183].Message = "ERR_NO_REPLY_TARGET";
  g_errorMessages[183].Unknown1 = 0;
  g_errorMessages[183].Extra = "NONE";
  g_errorMessages[183].Unknown2 = 68;
  g_errorMessages[183].Unknown3 = 10;
  g_errorMessages[184].Message = "ERR_GENERIC_NO_TARGET";
  g_errorMessages[184].Unknown1 = 2;
  g_errorMessages[184].Extra = "NONE";
  g_errorMessages[184].Unknown2 = 45;
  g_errorMessages[184].Unknown3 = 10;
  g_errorMessages[185].Message = "ERR_INITIATE_TRADE_S";
  g_errorMessages[185].Unknown1 = 0;
  g_errorMessages[185].Extra = "NONE";
  g_errorMessages[185].Unknown2 = 68;
  g_errorMessages[185].Unknown3 = 10;
  g_errorMessages[186].Message = "ERR_TRADE_REQUEST_S";
  g_errorMessages[186].Unknown1 = 0;
  g_errorMessages[186].Extra = "LEVELUP";
  g_errorMessages[186].Unknown2 = 68;
  g_errorMessages[186].Unknown3 = 10;
  g_errorMessages[187].Message = "ERR_TRADE_BLOCKED_S";
  g_errorMessages[187].Unknown1 = 0;
  g_errorMessages[187].Extra = "NONE";
  g_errorMessages[187].Unknown2 = 68;
  g_errorMessages[187].Unknown3 = 10;
  g_errorMessages[188].Message = "ERR_TRADE_TARGET_DEAD";
  g_errorMessages[188].Unknown1 = 2;
  g_errorMessages[188].Extra = "NONE";
  g_errorMessages[188].Unknown2 = 68;
  g_errorMessages[188].Unknown3 = 10;
  g_errorMessages[189].Message = "ERR_TRADE_TOO_FAR";
  g_errorMessages[189].Unknown1 = 2;
  g_errorMessages[189].Extra = "NONE";
  g_errorMessages[189].Unknown2 = 68;
  g_errorMessages[189].Unknown3 = 10;
  g_errorMessages[190].Message = "ERR_TRADE_CANCELLED";
  g_errorMessages[190].Unknown1 = 1;
  g_errorMessages[190].Extra = "NONE";
  g_errorMessages[190].Unknown2 = 68;
  g_errorMessages[190].Unknown3 = 10;
  g_errorMessages[191].Message = "ERR_TRADE_COMPLETE";
  g_errorMessages[191].Unknown1 = 1;
  g_errorMessages[191].Extra = "NONE";
  g_errorMessages[191].Unknown2 = 68;
  g_errorMessages[191].Unknown3 = 10;
  g_errorMessages[192].Message = "ERR_TRADE_BAG_FULL";
  g_errorMessages[192].Unknown1 = 2;
  g_errorMessages[192].Extra = "NONE";
  g_errorMessages[192].Unknown2 = 68;
  g_errorMessages[192].Unknown3 = 10;
  g_errorMessages[193].Message = "ERR_TRADE_TARGET_BAG_FULL";
  g_errorMessages[193].Unknown1 = 2;
  g_errorMessages[193].Extra = "NONE";
  g_errorMessages[193].Unknown2 = 68;
  g_errorMessages[193].Unknown3 = 10;
  g_errorMessages[194].Message = "ERR_TRADE_MAX_COUNT_EXCEEDED";
  g_errorMessages[194].Unknown1 = 2;
  g_errorMessages[194].Extra = "NONE";
  g_errorMessages[194].Unknown2 = 68;
  g_errorMessages[194].Unknown3 = 10;
  g_errorMessages[195].Message = "ERR_TRADE_TARGET_MAX_COUNT_EXCEEDED";
  g_errorMessages[195].Unknown1 = 2;
  g_errorMessages[195].Extra = "NONE";
  g_errorMessages[195].Unknown2 = 68;
  g_errorMessages[195].Unknown3 = 10;
  g_errorMessages[196].Message = "ERR_ALREADY_TRADING";
  g_errorMessages[196].Unknown1 = 2;
  g_errorMessages[196].Extra = "NONE";
  g_errorMessages[196].Unknown2 = 68;
  g_errorMessages[196].Unknown3 = 10;
  g_errorMessages[197].Message = "ERR_MOUNT_INVALIDMOUNTEE";
  g_errorMessages[197].Unknown1 = 2;
  g_errorMessages[197].Extra = "NONE";
  g_errorMessages[197].Unknown2 = 68;
  g_errorMessages[197].Unknown3 = 10;
  g_errorMessages[198].Message = "ERR_MOUNT_TOOFARAWAY";
  g_errorMessages[198].Unknown1 = 2;
  g_errorMessages[198].Extra = "NONE";
  g_errorMessages[198].Unknown2 = 68;
  g_errorMessages[198].Unknown3 = 10;
  g_errorMessages[199].Message = "ERR_MOUNT_ALREADYMOUNTED";
  g_errorMessages[199].Unknown1 = 2;
  g_errorMessages[199].Extra = "NONE";
  g_errorMessages[199].Unknown2 = 68;
  g_errorMessages[199].Unknown3 = 10;
  g_errorMessages[200].Message = "ERR_MOUNT_NOTMOUNTABLE";
  g_errorMessages[200].Unknown1 = 2;
  g_errorMessages[200].Extra = "NONE";
  g_errorMessages[200].Unknown2 = 68;
  g_errorMessages[200].Unknown3 = 10;
  g_errorMessages[201].Message = "ERR_MOUNT_NOTYOURPET";
  g_errorMessages[201].Unknown1 = 2;
  g_errorMessages[201].Extra = "NONE";
  g_errorMessages[201].Unknown2 = 68;
  g_errorMessages[201].Unknown3 = 10;
  g_errorMessages[202].Message = "ERR_MOUNT_OTHER";
  g_errorMessages[202].Unknown1 = 2;
  g_errorMessages[202].Extra = "NONE";
  g_errorMessages[202].Unknown2 = 68;
  g_errorMessages[202].Unknown3 = 10;
  g_errorMessages[203].Message = "ERR_MOUNT_LOOTING";
  g_errorMessages[203].Unknown1 = 2;
  g_errorMessages[203].Extra = "NONE";
  g_errorMessages[203].Unknown2 = 68;
  g_errorMessages[203].Unknown3 = 10;
  g_errorMessages[204].Message = "ERR_MOUNT_RACECANTMOUNT";
  g_errorMessages[204].Unknown1 = 2;
  g_errorMessages[204].Extra = "NONE";
  g_errorMessages[204].Unknown2 = 68;
  g_errorMessages[204].Unknown3 = 10;
  g_errorMessages[205].Message = "ERR_MOUNT_SHAPESHIFTED";
  g_errorMessages[205].Unknown1 = 2;
  g_errorMessages[205].Extra = "NONE";
  g_errorMessages[205].Unknown2 = 68;
  g_errorMessages[205].Unknown3 = 10;
  g_errorMessages[206].Message = "ERR_DISMOUNT_NOPET";
  g_errorMessages[206].Unknown1 = 2;
  g_errorMessages[206].Extra = "NONE";
  g_errorMessages[206].Unknown2 = 68;
  g_errorMessages[206].Unknown3 = 10;
  g_errorMessages[207].Message = "ERR_DISMOUNT_NOTMOUNTED";
  g_errorMessages[207].Unknown1 = 2;
  g_errorMessages[207].Extra = "NONE";
  g_errorMessages[207].Unknown2 = 68;
  g_errorMessages[207].Unknown3 = 10;
  g_errorMessages[208].Message = "ERR_DISMOUNT_NOTYOURPET";
  g_errorMessages[208].Unknown1 = 2;
  g_errorMessages[208].Extra = "NONE";
  g_errorMessages[208].Unknown2 = 68;
  g_errorMessages[208].Unknown3 = 10;
  g_errorMessages[209].Message = "ERR_SPELL_FAILED_TOTEMS";
  g_errorMessages[209].Unknown1 = 2;
  g_errorMessages[209].Extra = "NONE";
  g_errorMessages[209].Unknown2 = 68;
  g_errorMessages[209].Unknown3 = 10;
  g_errorMessages[210].Message = "ERR_SPELL_FAILED_REAGENTS";
  g_errorMessages[210].Unknown1 = 2;
  g_errorMessages[210].Extra = "NONE";
  g_errorMessages[210].Unknown2 = 68;
  g_errorMessages[210].Unknown3 = 10;
  g_errorMessages[211].Message = "ERR_SPELL_FAILED_REAGENTS_GENERIC";
  g_errorMessages[211].Unknown1 = 2;
  g_errorMessages[211].Extra = "NONE";
  g_errorMessages[211].Unknown2 = 68;
  g_errorMessages[211].Unknown3 = 10;
  g_errorMessages[212].Message = "ERR_SPELL_FAILED_EQUIPPED_ITEM";
  g_errorMessages[212].Unknown1 = 2;
  g_errorMessages[212].Extra = "NONE";
  g_errorMessages[212].Unknown2 = 68;
  g_errorMessages[212].Unknown3 = 10;
  g_errorMessages[213].Message = "ERR_SPELL_FAILED_EQUIPPED_ITEM_CLASS_S";
  g_errorMessages[213].Unknown1 = 2;
  g_errorMessages[213].Extra = "NONE";
  g_errorMessages[213].Unknown2 = 68;
  g_errorMessages[213].Unknown3 = 10;
  g_errorMessages[214].Message = "ERR_SPELL_FAILED_SHAPESHIFT_FORM_S";
  g_errorMessages[214].Unknown1 = 2;
  g_errorMessages[214].Extra = "NONE";
  g_errorMessages[214].Unknown2 = 68;
  g_errorMessages[214].Unknown3 = 10;
  g_errorMessages[215].Message = "ERR_BADATTACKFACING";
  g_errorMessages[215].Unknown1 = 2;
  g_errorMessages[215].Extra = "NONE";
  g_errorMessages[215].Unknown2 = 68;
  g_errorMessages[215].Unknown3 = 10;
  g_errorMessages[216].Message = "ERR_BADATTACKPOS";
  g_errorMessages[216].Unknown1 = 2;
  g_errorMessages[216].Extra = "NONE";
  g_errorMessages[216].Unknown2 = 68;
  g_errorMessages[216].Unknown3 = 10;
  g_errorMessages[217].Message = "ERR_CHEST_IN_USE";
  g_errorMessages[217].Unknown1 = 2;
  g_errorMessages[217].Extra = "NONE";
  g_errorMessages[217].Unknown2 = 52;
  g_errorMessages[217].Unknown3 = 10;
  g_errorMessages[218].Message = "ERR_USE_CANT_OPEN";
  g_errorMessages[218].Unknown1 = 2;
  g_errorMessages[218].Extra = "NONE";
  g_errorMessages[218].Unknown2 = 68;
  g_errorMessages[218].Unknown3 = 10;
  g_errorMessages[219].Message = "ERR_USE_LOCKED";
  g_errorMessages[219].Unknown1 = 2;
  g_errorMessages[219].Extra = "NONE";
  g_errorMessages[219].Unknown2 = 61;
  g_errorMessages[219].Unknown3 = 10;
  g_errorMessages[220].Message = "ERR_DOOR_LOCKED";
  g_errorMessages[220].Unknown1 = 2;
  g_errorMessages[220].Extra = "NONE";
  g_errorMessages[220].Unknown2 = 61;
  g_errorMessages[220].Unknown3 = 10;
  g_errorMessages[221].Message = "ERR_BUTTON_LOCKED";
  g_errorMessages[221].Unknown1 = 2;
  g_errorMessages[221].Extra = "NONE";
  g_errorMessages[221].Unknown2 = 61;
  g_errorMessages[221].Unknown3 = 10;
  g_errorMessages[222].Message = "ERR_USE_LOCKED_WITH_ITEM_S";
  g_errorMessages[222].Unknown1 = 2;
  g_errorMessages[222].Extra = "NONE";
  g_errorMessages[222].Unknown2 = 68;
  g_errorMessages[222].Unknown3 = 10;
  g_errorMessages[223].Message = "ERR_USE_LOCKED_WITH_SPELL_S";
  g_errorMessages[223].Unknown1 = 2;
  g_errorMessages[223].Extra = "NONE";
  g_errorMessages[223].Unknown2 = 68;
  g_errorMessages[223].Unknown3 = 10;
  g_errorMessages[224].Message = "ERR_USE_LOCKED_WITH_SPELL_KNOWN_SI";
  g_errorMessages[224].Unknown1 = 2;
  g_errorMessages[224].Extra = "NONE";
  g_errorMessages[224].Unknown2 = 68;
  g_errorMessages[224].Unknown3 = 10;
  g_errorMessages[225].Message = "ERR_USE_TOO_FAR";
  g_errorMessages[225].Unknown1 = 2;
  g_errorMessages[225].Extra = "NONE";
  g_errorMessages[225].Unknown2 = 57;
  g_errorMessages[225].Unknown3 = 10;
  g_errorMessages[226].Message = "ERR_USE_BAD_ANGLE";
  g_errorMessages[226].Unknown1 = 2;
  g_errorMessages[226].Extra = "NONE";
  g_errorMessages[226].Unknown2 = 68;
  g_errorMessages[226].Unknown3 = 10;
  g_errorMessages[227].Message = "ERR_USE_OBJECT_MOVING";
  g_errorMessages[227].Unknown1 = 2;
  g_errorMessages[227].Extra = "NONE";
  g_errorMessages[227].Unknown2 = 68;
  g_errorMessages[227].Unknown3 = 10;
  g_errorMessages[228].Message = "ERR_USE_SPELL_FOCUS";
  g_errorMessages[228].Unknown1 = 1;
  g_errorMessages[228].Extra = "NONE";
  g_errorMessages[228].Unknown2 = 68;
  g_errorMessages[228].Unknown3 = 10;
  g_errorMessages[229].Message = "ERR_USE_DESTROYED";
  g_errorMessages[229].Unknown1 = 2;
  g_errorMessages[229].Extra = "NONE";
  g_errorMessages[229].Unknown2 = 68;
  g_errorMessages[229].Unknown3 = 10;
  g_errorMessages[230].Message = "ERR_SET_LOOT_FREEFORALL";
  g_errorMessages[230].Unknown1 = 0;
  g_errorMessages[230].Extra = "NONE";
  g_errorMessages[230].Unknown2 = 68;
  g_errorMessages[230].Unknown3 = 10;
  g_errorMessages[231].Message = "ERR_SET_LOOT_ROUNDROBIN";
  g_errorMessages[231].Unknown1 = 0;
  g_errorMessages[231].Extra = "NONE";
  g_errorMessages[231].Unknown2 = 68;
  g_errorMessages[231].Unknown3 = 10;
  g_errorMessages[232].Message = "ERR_SET_LOOT_MASTER";
  g_errorMessages[232].Unknown1 = 0;
  g_errorMessages[232].Extra = "NONE";
  g_errorMessages[232].Unknown2 = 68;
  g_errorMessages[232].Unknown3 = 10;
  g_errorMessages[233].Message = "ERR_SET_LOOT_GROUP";
  g_errorMessages[233].Unknown1 = 0;
  g_errorMessages[233].Extra = "NONE";
  g_errorMessages[233].Unknown2 = 68;
  g_errorMessages[233].Unknown3 = 10;
  g_errorMessages[234].Message = "ERR_SET_LOOT_NBG";
  g_errorMessages[234].Unknown1 = 0;
  g_errorMessages[234].Extra = "NONE";
  g_errorMessages[234].Unknown2 = 68;
  g_errorMessages[234].Unknown3 = 10;
  g_errorMessages[235].Message = "ERR_SET_LOOT_THRESHOLD_S";
  g_errorMessages[235].Unknown1 = 0;
  g_errorMessages[235].Extra = "NONE";
  g_errorMessages[235].Unknown2 = 68;
  g_errorMessages[235].Unknown3 = 10;
  g_errorMessages[236].Message = "ERR_NEW_LOOT_MASTER_S";
  g_errorMessages[236].Unknown1 = 0;
  g_errorMessages[236].Extra = "NONE";
  g_errorMessages[236].Unknown2 = 68;
  g_errorMessages[236].Unknown3 = 10;
  g_errorMessages[237].Message = "ERR_SPECIFY_MASTER_LOOTER";
  g_errorMessages[237].Unknown1 = 2;
  g_errorMessages[237].Extra = "NONE";
  g_errorMessages[237].Unknown2 = 68;
  g_errorMessages[237].Unknown3 = 10;
  g_errorMessages[238].Message = "ERR_TAME_FAILED";
  g_errorMessages[238].Unknown1 = 2;
  g_errorMessages[238].Extra = "NONE";
  g_errorMessages[238].Unknown2 = 68;
  g_errorMessages[238].Unknown3 = 10;
  g_errorMessages[239].Message = "ERR_CHAT_WHILE_DEAD";
  g_errorMessages[239].Unknown1 = 2;
  g_errorMessages[239].Extra = "NONE";
  g_errorMessages[239].Unknown2 = 68;
  g_errorMessages[239].Unknown3 = 10;
  g_errorMessages[240].Message = "ERR_CHAT_WRONG_FACTION";
  g_errorMessages[240].Unknown1 = 0;
  g_errorMessages[240].Extra = "NONE";
  g_errorMessages[240].Unknown2 = 68;
  g_errorMessages[240].Unknown3 = 10;
  g_errorMessages[241].Message = "ERR_CHAT_PLAYER_NOT_FOUND_S";
  g_errorMessages[241].Unknown1 = 0;
  g_errorMessages[241].Extra = "NONE";
  g_errorMessages[241].Unknown2 = 68;
  g_errorMessages[241].Unknown3 = 10;
  g_errorMessages[242].Message = "ERR_NEWTAXIPATH";
  g_errorMessages[242].Unknown1 = 1;
  g_errorMessages[242].Extra = "TaxiNodeDiscovered";
  g_errorMessages[242].Unknown2 = 68;
  g_errorMessages[242].Unknown3 = 10;
  g_errorMessages[243].Message = "ERR_NO_PET";
  g_errorMessages[243].Unknown1 = 2;
  g_errorMessages[243].Extra = "NONE";
  g_errorMessages[243].Unknown2 = 68;
  g_errorMessages[243].Unknown3 = 10;
  g_errorMessages[244].Message = "ERR_NOTYOURPET";
  g_errorMessages[244].Unknown1 = 2;
  g_errorMessages[244].Extra = "NONE";
  g_errorMessages[244].Unknown2 = 68;
  g_errorMessages[244].Unknown3 = 10;
  g_errorMessages[245].Message = "ERR_PET_NOT_RENAMEABLE";
  g_errorMessages[245].Unknown1 = 2;
  g_errorMessages[245].Extra = "NONE";
  g_errorMessages[245].Unknown2 = 68;
  g_errorMessages[245].Unknown3 = 10;
  g_errorMessages[246].Message = "ERR_NULL_PETNAME";
  g_errorMessages[246].Unknown1 = 2;
  g_errorMessages[246].Extra = "NONE";
  g_errorMessages[246].Unknown2 = 68;
  g_errorMessages[246].Unknown3 = 10;
  g_errorMessages[247].Message = "ERR_INVALID_PETNAME";
  g_errorMessages[247].Unknown1 = 2;
  g_errorMessages[247].Extra = "NONE";
  g_errorMessages[247].Unknown2 = 68;
  g_errorMessages[247].Unknown3 = 10;
  g_errorMessages[248].Message = "ERR_QUEST_OBJECTIVE_COMPLETE_S";
  g_errorMessages[248].Unknown1 = 1;
  g_errorMessages[248].Extra = "NONE";
  g_errorMessages[248].Unknown2 = 68;
  g_errorMessages[248].Unknown3 = 10;
  g_errorMessages[249].Message = "ERR_QUEST_UNKNOWN_COMPLETE";
  g_errorMessages[249].Unknown1 = 1;
  g_errorMessages[249].Extra = "NONE";
  g_errorMessages[249].Unknown2 = 68;
  g_errorMessages[249].Unknown3 = 10;
  g_errorMessages[250].Message = "ERR_QUEST_ADD_KILL_SII";
  g_errorMessages[250].Unknown1 = 1;
  g_errorMessages[250].Extra = "NONE";
  g_errorMessages[250].Unknown2 = 68;
  g_errorMessages[250].Unknown3 = 10;
  g_errorMessages[251].Message = "ERR_QUEST_ADD_FOUND_SII";
  g_errorMessages[251].Unknown1 = 1;
  g_errorMessages[251].Extra = "NONE";
  g_errorMessages[251].Unknown2 = 68;
  g_errorMessages[251].Unknown3 = 10;
  g_errorMessages[252].Message = "ERR_QUEST_ADD_ITEM_SII";
  g_errorMessages[252].Unknown1 = 1;
  g_errorMessages[252].Extra = "NONE";
  g_errorMessages[252].Unknown2 = 68;
  g_errorMessages[252].Unknown3 = 10;
  g_errorMessages[253].Message = "ERR_CANNOTCREATEDIRECTORY";
  g_errorMessages[253].Unknown1 = 2;
  g_errorMessages[253].Extra = "NONE";
  g_errorMessages[253].Unknown2 = 68;
  g_errorMessages[253].Unknown3 = 10;
  g_errorMessages[254].Message = "ERR_CANNOTCREATEFILE";
  g_errorMessages[254].Unknown1 = 2;
  g_errorMessages[254].Extra = "NONE";
  g_errorMessages[254].Unknown2 = 68;
  g_errorMessages[254].Unknown3 = 10;
  g_errorMessages[255].Message = "ERR_PLAYER_WRONG_FACTION";
  g_errorMessages[255].Unknown1 = 2;
  g_errorMessages[255].Extra = "NONE";
  g_errorMessages[255].Unknown2 = 68;
  g_errorMessages[255].Unknown3 = 10;
  g_errorMessages[256].Message = "ERR_BANKSLOT_FAILED_TOO_MANY";
  g_errorMessages[256].Unknown1 = 2;
  g_errorMessages[256].Extra = "NONE";
  g_errorMessages[256].Unknown2 = 68;
  g_errorMessages[256].Unknown3 = 10;
  g_errorMessages[257].Message = "ERR_BANKSLOT_INSUFFICIENT_FUNDS";
  g_errorMessages[257].Unknown1 = 2;
  g_errorMessages[257].Extra = "NONE";
  g_errorMessages[257].Unknown2 = 22;
  g_errorMessages[257].Unknown3 = 10;
  g_errorMessages[258].Message = "ERR_BANKSLOT_NOTBANKER";
  g_errorMessages[258].Unknown1 = 2;
  g_errorMessages[258].Extra = "NONE";
  g_errorMessages[258].Unknown2 = 68;
  g_errorMessages[258].Unknown3 = 10;
  g_errorMessages[259].Message = "ERR_FRIEND_DB_ERROR";
  g_errorMessages[259].Unknown1 = 0;
  g_errorMessages[259].Extra = "NONE";
  g_errorMessages[259].Unknown2 = 68;
  g_errorMessages[259].Unknown3 = 10;
  g_errorMessages[260].Message = "ERR_FRIEND_LIST_FULL";
  g_errorMessages[260].Unknown1 = 0;
  g_errorMessages[260].Extra = "NONE";
  g_errorMessages[260].Unknown2 = 68;
  g_errorMessages[260].Unknown3 = 10;
  g_errorMessages[261].Message = "ERR_FRIEND_ADDED_S";
  g_errorMessages[261].Unknown1 = 0;
  g_errorMessages[261].Extra = "NONE";
  g_errorMessages[261].Unknown2 = 68;
  g_errorMessages[261].Unknown3 = 10;
  g_errorMessages[262].Message = "ERR_FRIEND_ONLINE_SS";
  g_errorMessages[262].Unknown1 = 0;
  g_errorMessages[262].Extra = "FRIENDJOINGAME";
  g_errorMessages[262].Unknown2 = 68;
  g_errorMessages[262].Unknown3 = 10;
  g_errorMessages[263].Message = "ERR_FRIEND_OFFLINE_S";
  g_errorMessages[263].Unknown1 = 0;
  g_errorMessages[263].Extra = "NONE";
  g_errorMessages[263].Unknown2 = 68;
  g_errorMessages[263].Unknown3 = 10;
  g_errorMessages[264].Message = "ERR_FRIEND_NOT_FOUND";
  g_errorMessages[264].Unknown1 = 0;
  g_errorMessages[264].Extra = "NONE";
  g_errorMessages[264].Unknown2 = 68;
  g_errorMessages[264].Unknown3 = 10;
  g_errorMessages[265].Message = "ERR_FRIEND_WRONG_FACTION";
  g_errorMessages[265].Unknown1 = 0;
  g_errorMessages[265].Extra = "NONE";
  g_errorMessages[265].Unknown2 = 68;
  g_errorMessages[265].Unknown3 = 10;
  g_errorMessages[266].Message = "ERR_FRIEND_REMOVED_S";
  g_errorMessages[266].Unknown1 = 0;
  g_errorMessages[266].Extra = "NONE";
  g_errorMessages[266].Unknown2 = 68;
  g_errorMessages[266].Unknown3 = 10;
  g_errorMessages[267].Message = "ERR_FRIEND_ERROR";
  g_errorMessages[267].Unknown1 = 0;
  g_errorMessages[267].Extra = "NONE";
  g_errorMessages[267].Unknown2 = 68;
  g_errorMessages[267].Unknown3 = 10;
  g_errorMessages[268].Message = "ERR_FRIEND_ALREADY_S";
  g_errorMessages[268].Unknown1 = 0;
  g_errorMessages[268].Extra = "NONE";
  g_errorMessages[268].Unknown2 = 68;
  g_errorMessages[268].Unknown3 = 10;
  g_errorMessages[269].Message = "ERR_FRIEND_SELF";
  g_errorMessages[269].Unknown1 = 0;
  g_errorMessages[269].Extra = "NONE";
  g_errorMessages[269].Unknown2 = 68;
  g_errorMessages[269].Unknown3 = 10;
  g_errorMessages[270].Message = "ERR_IGNORE_FULL";
  g_errorMessages[270].Unknown1 = 0;
  g_errorMessages[270].Extra = "NONE";
  g_errorMessages[270].Unknown2 = 68;
  g_errorMessages[270].Unknown3 = 10;
  g_errorMessages[271].Message = "ERR_IGNORE_SELF";
  g_errorMessages[271].Unknown1 = 0;
  g_errorMessages[271].Extra = "NONE";
  g_errorMessages[271].Unknown2 = 68;
  g_errorMessages[271].Unknown3 = 10;
  g_errorMessages[272].Message = "ERR_IGNORE_NOT_FOUND";
  g_errorMessages[272].Unknown1 = 0;
  g_errorMessages[272].Extra = "NONE";
  g_errorMessages[272].Unknown2 = 68;
  g_errorMessages[272].Unknown3 = 10;
  g_errorMessages[273].Message = "ERR_IGNORE_ALREADY_S";
  g_errorMessages[273].Unknown1 = 0;
  g_errorMessages[273].Extra = "NONE";
  g_errorMessages[273].Unknown2 = 68;
  g_errorMessages[273].Unknown3 = 10;
  g_errorMessages[274].Message = "ERR_IGNORE_ADDED_S";
  g_errorMessages[274].Unknown1 = 0;
  g_errorMessages[274].Extra = "NONE";
  g_errorMessages[274].Unknown2 = 68;
  g_errorMessages[274].Unknown3 = 10;
  g_errorMessages[275].Message = "ERR_IGNORE_REMOVED_S";
  g_errorMessages[275].Unknown1 = 0;
  g_errorMessages[275].Extra = "NONE";
  g_errorMessages[275].Unknown2 = 68;
  g_errorMessages[275].Unknown3 = 10;
  g_errorMessages[276].Message = "ERR_IGNORE_AMBIGUOUS";
  g_errorMessages[276].Unknown1 = 0;
  g_errorMessages[276].Extra = "NONE";
  g_errorMessages[276].Unknown2 = 68;
  g_errorMessages[276].Unknown3 = 10;
  g_errorMessages[277].Message = "ERR_ONLY_ONE_BOLT";
  g_errorMessages[277].Unknown1 = 2;
  g_errorMessages[277].Extra = "NONE";
  g_errorMessages[277].Unknown2 = 68;
  g_errorMessages[277].Unknown3 = 10;
  g_errorMessages[278].Message = "ERR_ONLY_ONE_AMMO";
  g_errorMessages[278].Unknown1 = 2;
  g_errorMessages[278].Extra = "NONE";
  g_errorMessages[278].Unknown2 = 68;
  g_errorMessages[278].Unknown3 = 10;
  g_errorMessages[279].Message = "ERR_SPELL_FAILED_EQUIPPED_SPECIFIC_ITEM";
  g_errorMessages[279].Unknown1 = 2;
  g_errorMessages[279].Extra = "NONE";
  g_errorMessages[279].Unknown2 = 68;
  g_errorMessages[279].Unknown3 = 10;
  g_errorMessages[280].Message = "ERR_WRONG_BAG_TYPE_SUBCLASS";
  g_errorMessages[280].Unknown1 = 2;
  g_errorMessages[280].Extra = "NONE";
  g_errorMessages[280].Unknown2 = 28;
  g_errorMessages[280].Unknown3 = 10;
  g_errorMessages[281].Message = "ERR_CANT_WRAP_STACKABLE";
  g_errorMessages[281].Unknown1 = 2;
  g_errorMessages[281].Extra = "NONE";
  g_errorMessages[281].Unknown2 = 68;
  g_errorMessages[281].Unknown3 = 10;
  g_errorMessages[282].Message = "ERR_CANT_WRAP_EQUIPPED";
  g_errorMessages[282].Unknown1 = 2;
  g_errorMessages[282].Extra = "NONE";
  g_errorMessages[282].Unknown2 = 68;
  g_errorMessages[282].Unknown3 = 10;
  g_errorMessages[283].Message = "ERR_CANT_WRAP_WRAPPED";
  g_errorMessages[283].Unknown1 = 2;
  g_errorMessages[283].Extra = "NONE";
  g_errorMessages[283].Unknown2 = 68;
  g_errorMessages[283].Unknown3 = 10;
  g_errorMessages[284].Message = "ERR_CANT_WRAP_BOUND";
  g_errorMessages[284].Unknown1 = 2;
  g_errorMessages[284].Extra = "NONE";
  g_errorMessages[284].Unknown2 = 68;
  g_errorMessages[284].Unknown3 = 10;
  g_errorMessages[285].Message = "ERR_CANT_WRAP_UNIQUE";
  g_errorMessages[285].Unknown1 = 2;
  g_errorMessages[285].Extra = "NONE";
  g_errorMessages[285].Unknown2 = 68;
  g_errorMessages[285].Unknown3 = 10;
  g_errorMessages[286].Message = "ERR_CANT_WRAP_BAGS";
  g_errorMessages[286].Unknown1 = 2;
  g_errorMessages[286].Extra = "NONE";
  g_errorMessages[286].Unknown2 = 68;
  g_errorMessages[286].Unknown3 = 10;
  g_errorMessages[287].Message = "ERR_OUT_OF_MANA";
  g_errorMessages[287].Unknown1 = 2;
  g_errorMessages[287].Extra = "NONE";
  g_errorMessages[287].Unknown2 = 15;
  g_errorMessages[287].Unknown3 = 10;
  g_errorMessages[288].Message = "ERR_OUT_OF_RAGE";
  g_errorMessages[288].Unknown1 = 2;
  g_errorMessages[288].Extra = "NONE";
  g_errorMessages[288].Unknown2 = 63;
  g_errorMessages[288].Unknown3 = 10;
  g_errorMessages[289].Message = "ERR_OUT_OF_FOCUS";
  g_errorMessages[289].Unknown1 = 2;
  g_errorMessages[289].Extra = "NONE";
  g_errorMessages[289].Unknown2 = 68;
  g_errorMessages[289].Unknown3 = 10;
  g_errorMessages[290].Message = "ERR_OUT_OF_ENERGY";
  g_errorMessages[290].Unknown1 = 2;
  g_errorMessages[290].Extra = "NONE";
  g_errorMessages[290].Unknown2 = 64;
  g_errorMessages[290].Unknown3 = 10;
  g_errorMessages[291].Message = "ERR_OUT_OF_HEALTH";
  g_errorMessages[291].Unknown1 = 2;
  g_errorMessages[291].Extra = "NONE";
  g_errorMessages[291].Unknown2 = 68;
  g_errorMessages[291].Unknown3 = 10;
  g_errorMessages[292].Message = "ERR_LOOT_GONE";
  g_errorMessages[292].Unknown1 = 2;
  g_errorMessages[292].Extra = "NONE";
  g_errorMessages[292].Unknown2 = 68;
  g_errorMessages[292].Unknown3 = 10;
  g_errorMessages[293].Message = "ERR_MOUNT_FORCEDDISMOUNT";
  g_errorMessages[293].Unknown1 = 2;
  g_errorMessages[293].Extra = "NONE";
  g_errorMessages[293].Unknown2 = 68;
  g_errorMessages[293].Unknown3 = 10;
  g_errorMessages[294].Message = "ERR_AUTOFOLLOW_TOO_FAR";
  g_errorMessages[294].Unknown1 = 2;
  g_errorMessages[294].Extra = "NONE";
  g_errorMessages[294].Unknown2 = 68;
  g_errorMessages[294].Unknown3 = 10;
  g_errorMessages[295].Message = "ERR_UNIT_NOT_FOUND";
  g_errorMessages[295].Unknown1 = 2;
  g_errorMessages[295].Extra = "NONE";
  g_errorMessages[295].Unknown2 = 68;
  g_errorMessages[295].Unknown3 = 10;
  g_errorMessages[296].Message = "ERR_INVALID_FOLLOW_TARGET";
  g_errorMessages[296].Unknown1 = 2;
  g_errorMessages[296].Extra = "NONE";
  g_errorMessages[296].Unknown2 = 68;
  g_errorMessages[296].Unknown3 = 10;
  g_errorMessages[297].Message = "ERR_INVALID_INSPECT_TARGET";
  g_errorMessages[297].Unknown1 = 2;
  g_errorMessages[297].Extra = "NONE";
  g_errorMessages[297].Unknown2 = 68;
  g_errorMessages[297].Unknown3 = 10;
  g_errorMessages[298].Message = "ERR_GUILDEMBLEM_SUCCESS";
  g_errorMessages[298].Unknown1 = 2;
  g_errorMessages[298].Extra = "NONE";
  g_errorMessages[298].Unknown2 = 68;
  g_errorMessages[298].Unknown3 = 10;
  g_errorMessages[299].Message = "ERR_GUILDEMBLEM_INVALID_TABARD_COLORS";
  g_errorMessages[299].Unknown1 = 2;
  g_errorMessages[299].Extra = "NONE";
  g_errorMessages[299].Unknown2 = 68;
  g_errorMessages[299].Unknown3 = 10;
  g_errorMessages[300].Message = "ERR_GUILDEMBLEM_NOGUILD";
  g_errorMessages[300].Unknown1 = 2;
  g_errorMessages[300].Extra = "NONE";
  g_errorMessages[300].Unknown2 = 68;
  g_errorMessages[300].Unknown3 = 10;
  g_errorMessages[301].Message = "ERR_GUILDEMBLEM_NOTGUILDMASTER";
  g_errorMessages[301].Unknown1 = 2;
  g_errorMessages[301].Extra = "NONE";
  g_errorMessages[301].Unknown2 = 68;
  g_errorMessages[301].Unknown3 = 10;
  g_errorMessages[302].Message = "ERR_GUILDEMBLEM_NOTENOUGHMONEY";
  g_errorMessages[302].Unknown1 = 2;
  g_errorMessages[302].Extra = "NONE";
  g_errorMessages[302].Unknown2 = 40;
  g_errorMessages[302].Unknown3 = 10;
  g_errorMessages[303].Message = "ERR_GUILDEMBLEM_INVALIDVENDOR";
  g_errorMessages[303].Unknown1 = 2;
  g_errorMessages[303].Extra = "NONE";
  g_errorMessages[303].Unknown2 = 68;
  g_errorMessages[303].Unknown3 = 10;
  g_errorMessages[304].Message = "ERR_EMBLEMERROR_NOTABARDGEOSET";
  g_errorMessages[304].Unknown1 = 2;
  g_errorMessages[304].Extra = "NONE";
  g_errorMessages[304].Unknown2 = 68;
  g_errorMessages[304].Unknown3 = 10;
  g_errorMessages[305].Message = "ERR_SPELL_OUT_OF_RANGE";
  g_errorMessages[305].Unknown1 = 2;
  g_errorMessages[305].Extra = "NONE";
  g_errorMessages[305].Unknown2 = 46;
  g_errorMessages[305].Unknown3 = 10;
  g_errorMessages[306].Message = "ERR_COMMAND_NEEDS_TARGET";
  g_errorMessages[306].Unknown1 = 0;
  g_errorMessages[306].Extra = "NONE";
  g_errorMessages[306].Unknown2 = 68;
  g_errorMessages[306].Unknown3 = 10;
  g_errorMessages[307].Message = "ERR_NOAMMO_S";
  g_errorMessages[307].Unknown1 = 2;
  g_errorMessages[307].Extra = "NONE";
  g_errorMessages[307].Unknown2 = 1;
  g_errorMessages[307].Unknown3 = 10;
  g_errorMessages[308].Message = "ERR_TOOBUSYTOFOLLOW";
  g_errorMessages[308].Unknown1 = 2;
  g_errorMessages[308].Extra = "NONE";
  g_errorMessages[308].Unknown2 = 68;
  g_errorMessages[308].Unknown3 = 10;
  g_errorMessages[309].Message = "ERR_DUEL_REQUESTED";
  g_errorMessages[309].Unknown1 = 0;
  g_errorMessages[309].Extra = "LEVELUP";
  g_errorMessages[309].Unknown2 = 68;
  g_errorMessages[309].Unknown3 = 10;
  g_errorMessages[310].Message = "ERR_DUEL_CANCELLED";
  g_errorMessages[310].Unknown1 = 1;
  g_errorMessages[310].Extra = "NONE";
  g_errorMessages[310].Unknown2 = 68;
  g_errorMessages[310].Unknown3 = 10;
  g_errorMessages[311].Message = "ERR_DEATHBINDALREADYBOUND";
  g_errorMessages[311].Unknown1 = 2;
  g_errorMessages[311].Extra = "NONE";
  g_errorMessages[311].Unknown2 = 68;
  g_errorMessages[311].Unknown3 = 10;
  g_errorMessages[312].Message = "ERR_DEATHBIND_SUCCESS_S";
  g_errorMessages[312].Unknown1 = 0;
  g_errorMessages[312].Extra = "NONE";
  g_errorMessages[312].Unknown2 = 68;
  g_errorMessages[312].Unknown3 = 10;
  g_errorMessages[313].Message = "ERR_NOEMOTEWHILERUNNING";
  g_errorMessages[313].Unknown1 = 2;
  g_errorMessages[313].Extra = "NONE";
  g_errorMessages[313].Unknown2 = 68;
  g_errorMessages[313].Unknown3 = 10;
  g_errorMessages[314].Message = "ERR_ZONE_EXPLORED";
  g_errorMessages[314].Unknown1 = 1;
  g_errorMessages[314].Extra = "NONE";
  g_errorMessages[314].Unknown2 = 68;
  g_errorMessages[314].Unknown3 = 10;
  g_errorMessages[315].Message = "ERR_ZONE_EXPLORED_XP";
  g_errorMessages[315].Unknown1 = 0;
  g_errorMessages[315].Extra = "NONE";
  g_errorMessages[315].Unknown2 = 68;
  g_errorMessages[315].Unknown3 = 10;
  g_errorMessages[316].Message = "ERR_INVALID_ITEM_TARGET";
  g_errorMessages[316].Unknown1 = 2;
  g_errorMessages[316].Extra = "NONE";
  g_errorMessages[316].Unknown2 = 51;
  g_errorMessages[316].Unknown3 = 10;
  g_errorMessages[317].Message = "ERR_IGNORING_YOU_S";
  g_errorMessages[317].Unknown1 = 0;
  g_errorMessages[317].Extra = "NONE";
  g_errorMessages[317].Unknown2 = 68;
  g_errorMessages[317].Unknown3 = 10;
  g_errorMessages[318].Message = "ERR_FISH_NOT_HOOKED";
  g_errorMessages[318].Unknown1 = 1;
  g_errorMessages[318].Extra = "NONE";
  g_errorMessages[318].Unknown2 = 68;
  g_errorMessages[318].Unknown3 = 10;
  g_errorMessages[319].Message = "ERR_FISH_ESCAPED";
  g_errorMessages[319].Unknown1 = 1;
  g_errorMessages[319].Extra = "NONE";
  g_errorMessages[319].Unknown2 = 68;
  g_errorMessages[319].Unknown3 = 10;
  g_errorMessages[320].Message = "ERR_SPELL_FAILED_NOTUNSHEATHED";
  g_errorMessages[320].Unknown1 = 1;
  g_errorMessages[320].Extra = "NONE";
  g_errorMessages[320].Unknown2 = 68;
  g_errorMessages[320].Unknown3 = 10;
  g_errorMessages[321].Message = "ERR_PETITION_OFFERED_S";
  g_errorMessages[321].Unknown1 = 0;
  g_errorMessages[322].Extra = "igPlayerInviteAccept";
  g_errorMessages[323].Extra = "igPlayerInviteAccept";
  g_errorMessages[321].Extra = "NONE";
  g_errorMessages[321].Unknown2 = 68;
  g_errorMessages[321].Unknown3 = 10;
  g_errorMessages[322].Message = "ERR_PETITION_SIGNED";
  g_errorMessages[322].Unknown1 = 0;
  g_errorMessages[322].Unknown2 = 68;
  g_errorMessages[322].Unknown3 = 10;
  g_errorMessages[323].Message = "ERR_PETITION_SIGNED_S";
  g_errorMessages[323].Unknown1 = 0;
  g_errorMessages[323].Unknown2 = 68;
  g_errorMessages[323].Unknown3 = 10;
  g_errorMessages[324].Message = "ERR_PETITION_DECLINED_S";
  g_errorMessages[324].Unknown1 = 0;
  g_errorMessages[324].Extra = "igPlayerInviteDecline";
  g_errorMessages[324].Unknown2 = 68;
  g_errorMessages[324].Unknown3 = 10;
  g_errorMessages[325].Message = "ERR_PETITION_ALREADY_SIGNED";
  g_errorMessages[325].Unknown1 = 2;
  g_errorMessages[325].Extra = "igPlayerInviteDecline";
  g_errorMessages[325].Unknown2 = 68;
  g_errorMessages[325].Unknown3 = 10;
  g_errorMessages[326].Message = "ERR_PETITION_IN_GUILD";
  g_errorMessages[326].Unknown1 = 2;
  g_errorMessages[326].Extra = "igPlayerInviteDecline";
  g_errorMessages[326].Unknown2 = 68;
  g_errorMessages[326].Unknown3 = 10;
  g_errorMessages[327].Message = "ERR_PETITION_CREATOR";
  g_errorMessages[327].Unknown1 = 2;
  g_errorMessages[327].Extra = "igPlayerInviteDecline";
  g_errorMessages[327].Unknown2 = 68;
  g_errorMessages[327].Unknown3 = 10;
  g_errorMessages[328].Message = "ERR_PETITION_NOT_ENOUGH_SIGNATURES";
  g_errorMessages[328].Unknown1 = 2;
  g_errorMessages[328].Extra = "igPlayerInviteDecline";
  g_errorMessages[328].Unknown2 = 68;
  g_errorMessages[328].Unknown3 = 10;
  g_errorMessages[329].Message = "ERR_PETITION_NOT_SAME_SERVER";
  g_errorMessages[329].Unknown1 = 2;
  g_errorMessages[329].Extra = "igPlayerInviteDecline";
  g_errorMessages[329].Unknown2 = 68;
  g_errorMessages[329].Unknown3 = 10;
  g_errorMessages[330].Message = "ERR_SPELL_UNLEARNED_S";
  g_errorMessages[330].Unknown1 = 0;
  g_errorMessages[330].Extra = "NONE";
  g_errorMessages[330].Unknown2 = 68;
  g_errorMessages[330].Unknown3 = 10;
  g_errorMessages[331].Message = "ERR_PET_SPELL_ROOTED";
  g_errorMessages[331].Unknown1 = 2;
  g_errorMessages[331].Extra = "NONE";
  g_errorMessages[331].Unknown2 = 68;
  g_errorMessages[331].Unknown3 = 10;
  g_errorMessages[332].Message = "ERR_PET_SPELL_AFFECTING_COMBAT";
  g_errorMessages[332].Unknown1 = 2;
  g_errorMessages[332].Extra = "NONE";
  g_errorMessages[332].Unknown2 = 68;
  g_errorMessages[332].Unknown3 = 10;
  g_errorMessages[333].Message = "ERR_PET_SPELL_OUT_OF_RANGE";
  g_errorMessages[333].Unknown1 = 2;
  g_errorMessages[333].Extra = "NONE";
  g_errorMessages[333].Unknown2 = 68;
  g_errorMessages[333].Unknown3 = 10;
  g_errorMessages[334].Message = "ERR_PET_SPELL_NOT_BEHIND";
  g_errorMessages[334].Unknown1 = 2;
  g_errorMessages[334].Extra = "NONE";
  g_errorMessages[334].Unknown2 = 68;
  g_errorMessages[334].Unknown3 = 10;
  g_errorMessages[335].Message = "ERR_PET_SPELL_TARGETS_DEAD";
  g_errorMessages[335].Unknown1 = 2;
  g_errorMessages[335].Extra = "NONE";
  g_errorMessages[335].Unknown2 = 68;
  g_errorMessages[335].Unknown3 = 10;
  g_errorMessages[336].Message = "ERR_PET_SPELL_DEAD";
  g_errorMessages[336].Unknown1 = 2;
  g_errorMessages[336].Extra = "NONE";
  g_errorMessages[336].Unknown2 = 68;
  g_errorMessages[336].Unknown3 = 10;
  g_errorMessages[337].Message = "ERR_PET_SPELL_NOPATH";
  g_errorMessages[337].Unknown1 = 2;
  g_errorMessages[337].Extra = "NONE";
  g_errorMessages[337].Unknown2 = 68;
  g_errorMessages[337].Unknown3 = 10;
  g_errorMessages[338].Message = "ERR_ITEM_CANT_BE_DESTROYED";
  g_errorMessages[338].Unknown1 = 2;
  g_errorMessages[338].Extra = "NONE";
  g_errorMessages[338].Unknown2 = 68;
  g_errorMessages[338].Unknown3 = 10;
  g_errorMessages[339].Message = "ERR_TICKET_ALREADY_EXISTS";
  g_errorMessages[339].Unknown1 = 2;
  g_errorMessages[339].Extra = "NONE";
  g_errorMessages[339].Unknown2 = 68;
  g_errorMessages[339].Unknown3 = 10;
  g_errorMessages[340].Message = "ERR_TICKET_CREATE_ERROR";
  g_errorMessages[340].Unknown1 = 2;
  g_errorMessages[340].Extra = "NONE";
  g_errorMessages[340].Unknown2 = 68;
  g_errorMessages[340].Unknown3 = 10;
  g_errorMessages[341].Message = "ERR_TICKET_UPDATE_ERROR";
  g_errorMessages[341].Unknown1 = 2;
  g_errorMessages[341].Extra = "NONE";
  g_errorMessages[341].Unknown2 = 68;
  g_errorMessages[341].Unknown3 = 10;
  g_errorMessages[342].Message = "ERR_TICKET_DB_ERROR";
  g_errorMessages[342].Unknown1 = 2;
  g_errorMessages[342].Extra = "NONE";
  g_errorMessages[342].Unknown2 = 68;
  g_errorMessages[342].Unknown3 = 10;
  sub_488410(&g_errorMessages[343], "ERR_TICKET_NO_TEXT", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[344], "ERR_OBJECT_IS_BUSY", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[345], "ERR_EXHAUSTION_WELLRESTED", 0, "NONE", 68, 10);
  sub_488410(&g_errorMessages[346], "ERR_EXHAUSTION_RESTED", 0, "NONE", 68, 10);
  sub_488410(&g_errorMessages[347], "ERR_EXHAUSTION_NORMAL", 0, "NONE", 68, 10);
  sub_488410(&g_errorMessages[348], "ERR_EXHAUSTION_TIRED", 0, "NONE", 68, 10);
  sub_488410(&g_errorMessages[349], "ERR_EXHAUSTION_EXHAUSTED", 0, "NONE", 68, 10);
  sub_488410(&g_errorMessages[350], "ERR_NO_ITEMS_WHILE_SHAPESHIFTED", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[351], "ERR_CANT_INTERACT_SHAPESHIFTED", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[352], "ERR_MAIL_QUEST_ITEM", 2, "NONE", 59, 10);
  sub_488410(&g_errorMessages[353], "ERR_MAIL_BOUND_ITEM", 2, "NONE", 59, 10);
  sub_488410(&g_errorMessages[354], "ERR_MAIL_CONJURED_ITEM", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[355], "ERR_MAIL_BAG", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[356], "ERR_MAIL_TO_SELF", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[357], "ERR_MAIL_TARGET_NOT_FOUND", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[358], "ERR_MAIL_DATABASE_ERROR", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[359], "ERR_MAIL_SENT", 1, "NONE", 68, 10);
  sub_488410(&g_errorMessages[360], "ERR_NOT_HAPPY_ENOUGH", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[361], "ERR_USE_CANT_IMMUNE", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[362], "ERR_CANT_BE_DISENCHANTED", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[363], "ERR_CANT_USE_DISARMED", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[364], "ERR_AUCTION_QUEST_ITEM", 2, "NONE", 59, 10);
  sub_488410(&g_errorMessages[365], "ERR_AUCTION_BOUND_ITEM", 2, "NONE", 59, 10);
  sub_488410(&g_errorMessages[366], "ERR_AUCTION_CONJURED_ITEM", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[367], "ERR_AUCTION_WRAPPED_ITEM", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[368], "ERR_AUCTION_LOOT_ITEM", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[369], "ERR_AUCTION_BAG", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[370], "ERR_AUCTION_DATABASE_ERROR", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[371], "ERR_AUCTION_BID_OWN", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[372], "ERR_AUCTION_BID_INCREMENT", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[373], "ERR_AUCTION_HIGHER_BID", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[374], "ERR_AUCTION_MIN_BID", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[375], "ERR_AUCTION_REPAIR_ITEM", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[376], "ERR_AUCTION_STARTED", 0, "NONE", 68, 10);
  sub_488410(&g_errorMessages[377], "ERR_AUCTION_REMOVED", 0, "NONE", 68, 10);
  sub_488410(&g_errorMessages[378], "ERR_AUCTION_OUTBID_S", 0, "NONE", 68, 10);
  sub_488410(&g_errorMessages[379], "ERR_AUCTION_WON_S", 0, "NONE", 68, 10);
  sub_488410(&g_errorMessages[380], "ERR_AUCTION_SOLD_S", 0, "NONE", 68, 10);
  sub_488410(&g_errorMessages[381], "ERR_AUCTION_EXPIRED_S", 0, "NONE", 68, 10);
  sub_488410(&g_errorMessages[382], "ERR_AUCTION_REMOVED_S", 0, "NONE", 68, 10);
  sub_488410(&g_errorMessages[383], "ERR_AUCTION_BID_PLACED", 0, "NONE", 68, 10);
  sub_488410(&g_errorMessages[384], "ERR_LOGOUT_FAILED", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[385], "ERR_QUEST_PUSH_SUCCESS_S", 0, "NONE", 68, 10);
  sub_488410(&g_errorMessages[386], "ERR_QUEST_PUSH_INVALID_S", 0, "NONE", 68, 10);
  sub_488410(&g_errorMessages[387], "ERR_QUEST_PUSH_ACCEPTED_S", 0, "NONE", 68, 10);
  sub_488410(&g_errorMessages[388], "ERR_QUEST_PUSH_DECLINED_S", 0, "NONE", 68, 10);
  sub_488410(&g_errorMessages[389], "ERR_QUEST_PUSH_TOO_FAR_S", 0, "NONE", 68, 10);
  sub_488410(&g_errorMessages[390], "ERR_QUEST_PUSH_BUSY_S", 0, "NONE", 68, 10);
  sub_488410(&g_errorMessages[391], "ERR_QUEST_PUSH_LOG_FULL_S", 0, "NONE", 68, 10);
  sub_488410(&g_errorMessages[392], "ERR_QUEST_PUSH_ONQUEST_S", 0, "NONE", 68, 10);
  sub_488410(&g_errorMessages[393], "ERR_QUEST_PUSH_ALREADY_DONE_S", 0, "NONE", 68, 10);
  sub_488410(&g_errorMessages[394], "ERR_RAID_GROUP_ONLY", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[395], "ERR_RAID_GROUP_FULL", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[396], "ERR_PVP_KILL_HONORABLE", 1, "NONE", 68, 10);
  sub_488410(&g_errorMessages[397], "ERR_PVP_KILL_DISHONORABLE", 1, "NONE", 68, 10);
  sub_488410(&g_errorMessages[398], "ERR_SPELL_FAILED_ALREADY_AT_FULL_HEALTH", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[399], "ERR_SPELL_FAILED_ALREADY_AT_FULL_POWER_S", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[400], "ERR_AUTOLOOT_MONEY_S", 0, "NONE", 68, 10);
  sub_488410(&g_errorMessages[401], "ERR_GENERIC_STUNNED", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[402], "ERR_TARGET_STUNNED", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[403], "ERR_MUST_REPAIR_DURABILITY", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[404], "ERR_RAID_YOU_JOINED", 0, "NONE", 68, 10);
  sub_488410(&g_errorMessages[405], "ERR_RAID_YOU_LEFT", 0, "NONE", 68, 10);
  sub_488410(&g_errorMessages[406], "ERR_RAID_MEMBER_ADDED_S", 0, "NONE", 68, 10);
  sub_488410(&g_errorMessages[407], "ERR_RAID_MEMBER_REMOVED_S", 0, "NONE", 68, 10);
  sub_488410(&g_errorMessages[408], "ERR_CLICK_ON_ITEM_TO_FEED", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[409], "ERR_TOO_MANY_CHAT_CHANNELS", 0, "NONE", 68, 10);
  sub_488410(&g_errorMessages[410], "ERR_LOOT_ROLL_PENDING", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[411], "ERR_LOOT_PLAYER_NOT_FOUND", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[412], "ERR_NOT_IN_RAID", 0, "NONE", 68, 10);
  sub_488410(&g_errorMessages[413], "ERR_LOGGING_OUT", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[414], "ERR_TARGET_LOGGING_OUT", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[415], "ERR_NOT_WHILE_MOUNTED", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[416], "ERR_NOT_WHILE_SHAPESHIFTED", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[417], "ERR_NOT_IN_COMBAT", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[418], "ERR_NOT_WHILE_DISARMED", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[419], "ERR_PET_BROKEN", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[420], "ERR_TALENT_WIPE_ERROR", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[421], "ERR_FEIGN_DEATH_RESISTED", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[422], "ERR_MEETING_STONE_IN_QUEUE_S", 0, "NONE", 68, 10);
  sub_488410(&g_errorMessages[423], "ERR_MEETING_STONE_LEFT_QUEUE_S", 0, "NONE", 68, 10);
  sub_488410(&g_errorMessages[424], "ERR_MEETING_STONE_OTHER_MEMBER_LEFT", 0, "NONE", 68, 10);
  sub_488410(&g_errorMessages[425], "ERR_MEETING_STONE_PARTY_KICKED_FROM_QUEUE", 0, "NONE", 68, 10);
  sub_488410(&g_errorMessages[426], "ERR_MEETING_STONE_MEMBER_STILL_IN_QUEUE", 0, "NONE", 68, 10);
  sub_488410(&g_errorMessages[427], "ERR_MEETING_STONE_SUCCESS", 0, "NONE", 68, 10);
  sub_488410(&g_errorMessages[428], "ERR_MEETING_STONE_IN_PROGRESS", 0, "NONE", 68, 10);
  sub_488410(&g_errorMessages[429], "ERR_MEETING_STONE_MEMBER_ADDED_S", 0, "NONE", 68, 10);
  sub_488410(&g_errorMessages[430], "ERR_MEETING_STONE_GROUP_FULL", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[431], "ERR_MEETING_STONE_NOT_LEADER", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[432], "ERR_MEETING_STONE_INVALID_LEVEL", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[433], "ERR_MEETING_STONE_MUST_BE_LEADER", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[434], "ERR_MEETING_STONE_NO_RAID_GROUP", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[435], "ERR_GUILDEMBLEM_SAME", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[436], "ERR_EQUIP_TRADE_ITEM", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[437], "ERR_PVP_TOGGLE_ON", 1, "NONE", 68, 10);
  sub_488410(&g_errorMessages[438], "ERR_PVP_TOGGLE_OFF", 1, "NONE", 68, 10);
  sub_488410(&g_errorMessages[439], "ERR_GROUP_JOIN_BATTLEGROUND_DESERTERS", 1, "NONE", 68, 10);
  sub_488410(&g_errorMessages[440], "ERR_GROUP_JOIN_BATTLEGROUND_S", 1, "NONE", 68, 10);
  sub_488410(&g_errorMessages[441], "ERR_GROUP_JOIN_BATTLEGROUND_FAIL", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[442], "ERR_GROUP_JOIN_BATTLEGROUND_TOO_MANY", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[443], "ERR_INVALID_PROMOTION_CODE", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[444], "ERR_BG_PLAYER_JOINED_SS", 0, "NONE", 68, 10);
  sub_488410(&g_errorMessages[445], "ERR_BG_PLAYER_LEFT_S", 0, "NONE", 68, 10);
  sub_488410(&g_errorMessages[446], "ERR_RESTRICTED_ACCOUNT", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[447], "ERR_PLAY_TIME_EXCEEDED", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[448], "ERR_APPROACHING_PARTIAL_PLAY_TIME", 0, "NONE", 68, 10);
  sub_488410(&g_errorMessages[449], "ERR_APPROACHING_NO_PLAY_TIME", 0, "NONE", 68, 10);
  sub_488410(&g_errorMessages[450], "ERR_UNHEALTHY_TIME", 0, "NONE", 68, 10);
  sub_488410(&g_errorMessages[451], "ERR_CHAT_RESTRICTED", 0, "NONE", 68, 10);
  sub_488410(&g_errorMessages[452], "ERR_MAIL_REACHED_CAP", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[453], "ERR_INVALID_RAID_TARGET", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[454], "ERR_RAID_LEADER_READY_CHECK_START_S", 0, "NONE", 68, 10);
  sub_488410(&g_errorMessages[455], "ERR_READY_CHECK_IN_PROGRESS", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[456], "ERR_DUNGEON_DIFFICULTY_FAILED", 0, "NONE", 68, 10);
  sub_488410(&g_errorMessages[457], "ERR_DUNGEON_DIFFICULTY_CHANGED_S", 0, "NONE", 68, 10);
  sub_488410(&g_errorMessages[458], "ERR_TRADE_WRONG_REALM", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[459], "ERR_CHAT_PLAYER_AMBIGUOUS_S", 0, "NONE", 68, 10);
  sub_488410(&g_errorMessages[460], "ERR_LOOT_CANT_LOOT_THAT_NOW", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[461], "ERR_LOOT_MASTER_INV_FULL", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[462], "ERR_LOOT_MASTER_UNIQUE_ITEM", 2, "NONE", 68, 10);
  sub_488410(&g_errorMessages[463], "ERR_LOOT_MASTER_OTHER", 2, "NONE", 68, 10);
  return sub_488410(&unk_B4D8D8, "ERR_FILTERING_YOU_S", 0, "NONE", 68, 10);
}
```

UI event codes:


```
  g_eventNames[128] = "UNIT_DAMAGE";
  g_eventNames[129] = "UNIT_DAMAGE";
  g_eventNames[130] = "UNIT_DAMAGE";
  g_eventNames[131] = "UNIT_DAMAGE";
  g_eventNames[120] = "UNIT_ATTACK_SPEED";
  g_eventNames[121] = "UNIT_ATTACK_SPEED";
  g_eventNames[41] = "UNIT_AURA";
  g_eventNames[107] = "UNIT_AURA";
  g_eventNames[144] = "UNIT_STATS";
  g_eventNames[145] = "UNIT_STATS";
  g_eventNames[146] = "UNIT_STATS";
  g_eventNames[147] = "UNIT_STATS";
  g_eventNames[148] = "UNIT_STATS";
  g_eventNames[149] = "UNIT_RESISTANCES";
  g_eventNames[150] = "UNIT_RESISTANCES";
  g_eventNames[151] = "UNIT_RESISTANCES";
  g_eventNames[152] = "UNIT_RESISTANCES";
  g_eventNames[153] = "UNIT_RESISTANCES";
  g_eventNames[154] = "UNIT_RESISTANCES";
  g_eventNames[155] = "UNIT_RESISTANCES";
  g_eventNames[159] = "UNIT_ATTACK_POWER";
  g_eventNames[160] = "UNIT_ATTACK_POWER";
  g_eventNames[161] = "UNIT_ATTACK_POWER";
  g_eventNames[135] = "UNIT_PET_EXPERIENCE";
  g_eventNames[136] = "UNIT_PET_EXPERIENCE";
  g_eventNames[162] = "UNIT_RANGED_ATTACK_POWER";
  g_eventNames[163] = "UNIT_RANGED_ATTACK_POWER";
  g_eventNames[164] = "UNIT_RANGED_ATTACK_POWER";
  g_eventNames[16] = "UNIT_HEALTH";
  g_eventNames[17] = "UNIT_MANA";
  g_eventNames[18] = "UNIT_RAGE";
  g_eventNames[19] = "UNIT_FOCUS";
  g_eventNames[20] = "UNIT_ENERGY";
  g_eventNames[21] = "UNIT_HAPPINESS";
  g_eventNames[22] = "UNIT_MAXHEALTH";
  g_eventNames[23] = "UNIT_MAXMANA";
  g_eventNames[24] = "UNIT_MAXRAGE";
  g_eventNames[25] = "UNIT_MAXFOCUS";
  g_eventNames[26] = "UNIT_MAXENERGY";
  g_eventNames[27] = "UNIT_MAXHAPPINESS";
  g_eventNames[30] = "UNIT_DISPLAYPOWER";
  g_eventNames[29] = "UNIT_FACTION";
  g_eventNames[28] = "UNIT_LEVEL";
  g_eventNames[122] = "UNIT_RANGEDDAMAGE";
  g_eventNames[137] = "UNIT_DYNAMIC_FLAGS";
  g_eventNames[40] = "UNIT_FLAGS";
  g_eventNames[143] = "UNIT_PET_TRAINING_POINTS";
  g_eventNames[132] = "UNIT_LOYALTY";
  g_eventNames[165] = "UNIT_RANGEDDAMAGE";
  g_eventNames[166] = "UNIT_RANGEDDAMAGE";
  g_eventNames[0] = "UNIT_PET";
  g_eventNames[2] = "UNIT_PET";
  g_eventNames[167] = "UNIT_MANA";
  g_eventNames[174] = "UNIT_MANA";
  g_eventNames[182] = "UNIT_COMBAT";
  g_eventNames[183] = "UNIT_NAME_UPDATE";
  g_eventNames[184] = "UNIT_PORTRAIT_UPDATE";
  g_eventNames[185] = "UNIT_MODEL_CHANGED";
  g_eventNames[186] = "UNIT_INVENTORY_CHANGED";
  g_eventNames[187] = "UNIT_CLASSIFICATION_CHANGED";
  g_eventNames[188] = "ITEM_LOCK_CHANGED";
  g_eventNames[189] = "PLAYER_XP_UPDATE";
  g_eventNames[190] = "PLAYER_REGEN_DISABLED";
  g_eventNames[191] = "PLAYER_REGEN_ENABLED";
  g_eventNames[192] = "PLAYER_AURAS_CHANGED";
  g_eventNames[193] = "PLAYER_ENTER_COMBAT";
  g_eventNames[194] = "PLAYER_LEAVE_COMBAT";
  g_eventNames[195] = "PLAYER_TARGET_CHANGED";
  g_eventNames[196] = "PLAYER_CONTROL_LOST";
  g_eventNames[197] = "PLAYER_CONTROL_GAINED";
  g_eventNames[198] = "PLAYER_FARSIGHT_FOCUS_CHANGED";
  g_eventNames[199] = "PLAYER_LEVEL_UP";
  g_eventNames[200] = "PLAYER_MONEY";
  g_eventNames[201] = "PLAYER_DAMAGE_DONE_MODS";
  g_eventNames[202] = "PLAYER_COMBO_POINTS";
  g_eventNames[203] = "ZONE_CHANGED";
  g_eventNames[204] = "ZONE_CHANGED_INDOORS";
  g_eventNames[205] = "ZONE_CHANGED_NEW_AREA";
  g_eventNames[206] = "MINIMAP_ZONE_CHANGED";
  g_eventNames[207] = "MINIMAP_UPDATE_ZOOM";
  g_eventNames[208] = "SCREENSHOT_SUCCEEDED";
  g_eventNames[209] = "SCREENSHOT_FAILED";
  g_eventNames[210] = "ACTIONBAR_SHOWGRID";
  g_eventNames[211] = "ACTIONBAR_HIDEGRID";
  g_eventNames[212] = "ACTIONBAR_PAGE_CHANGED";
  g_eventNames[213] = "ACTIONBAR_SLOT_CHANGED";
  g_eventNames[214] = "ACTIONBAR_UPDATE_STATE";
  g_eventNames[215] = "ACTIONBAR_UPDATE_USABLE";
  g_eventNames[216] = "ACTIONBAR_UPDATE_COOLDOWN";
  g_eventNames[217] = "UPDATE_BONUS_ACTIONBAR";
  g_eventNames[218] = "PARTY_MEMBERS_CHANGED";
  g_eventNames[219] = "PARTY_LEADER_CHANGED";
  g_eventNames[220] = "PARTY_MEMBER_ENABLE";
  g_eventNames[221] = "PARTY_MEMBER_DISABLE";
  g_eventNames[222] = "PARTY_LOOT_METHOD_CHANGED";
  g_eventNames[223] = "SYSMSG";
  g_eventNames[224] = "UI_ERROR_MESSAGE";
  g_eventNames[225] = "UI_INFO_MESSAGE";
  g_eventNames[226] = "UPDATE_CHAT_COLOR";
  g_eventNames[227] = "CHAT_MSG_ADDON";
  g_eventNames[228] = "CHAT_MSG_SAY";
  g_eventNames[229] = "CHAT_MSG_PARTY";
  g_eventNames[230] = "CHAT_MSG_RAID";
  g_eventNames[231] = "CHAT_MSG_GUILD";
  g_eventNames[232] = "CHAT_MSG_OFFICER";
  g_eventNames[233] = "CHAT_MSG_YELL";
  g_eventNames[234] = "CHAT_MSG_WHISPER";
  g_eventNames[235] = "CHAT_MSG_WHISPER_INFORM";
  g_eventNames[236] = "CHAT_MSG_EMOTE";
  g_eventNames[237] = "CHAT_MSG_TEXT_EMOTE";
  g_eventNames[238] = "CHAT_MSG_SYSTEM";
  g_eventNames[239] = "CHAT_MSG_MONSTER_SAY";
  g_eventNames[240] = "CHAT_MSG_MONSTER_YELL";
  g_eventNames[241] = "CHAT_MSG_MONSTER_WHISPER";
  g_eventNames[242] = "CHAT_MSG_MONSTER_EMOTE";
  g_eventNames[243] = "CHAT_MSG_CHANNEL";
  g_eventNames[244] = "CHAT_MSG_CHANNEL_JOIN";
  g_eventNames[245] = "CHAT_MSG_CHANNEL_LEAVE";
  g_eventNames[246] = "CHAT_MSG_CHANNEL_LIST";
  g_eventNames[247] = "CHAT_MSG_CHANNEL_NOTICE";
  g_eventNames[248] = "CHAT_MSG_CHANNEL_NOTICE_USER";
  g_eventNames[249] = "CHAT_MSG_AFK";
  g_eventNames[250] = "CHAT_MSG_DND";
  g_eventNames[251] = "CHAT_MSG_COMBAT_LOG";
  g_eventNames[252] = "CHAT_MSG_IGNORED";
  g_eventNames[253] = "CHAT_MSG_SKILL";
  g_eventNames[254] = "CHAT_MSG_LOOT";
  g_eventNames[255] = "CHAT_MSG_MONEY";
  g_eventNames[256] = "CHAT_MSG_RAID_LEADER";
  g_eventNames[257] = "CHAT_MSG_RAID_WARNING";
  g_eventNames[258] = "LANGUAGE_LIST_CHANGED";
  g_eventNames[259] = "TIME_PLAYED_MSG";
  g_eventNames[260] = "SPELLS_CHANGED";
  g_eventNames[261] = "CURRENT_SPELL_CAST_CHANGED";
  g_eventNames[262] = "SPELL_UPDATE_COOLDOWN";
  g_eventNames[263] = "SPELL_UPDATE_USABLE";
  g_eventNames[264] = "CHARACTER_POINTS_CHANGED";
  g_eventNames[265] = "SKILL_LINES_CHANGED";
  g_eventNames[266] = "ITEM_PUSH";
  g_eventNames[267] = "LOOT_OPENED";
  g_eventNames[268] = "LOOT_SLOT_CLEARED";
  g_eventNames[269] = "LOOT_CLOSED";
  g_eventNames[270] = "PLAYER_LOGIN";
  g_eventNames[271] = "PLAYER_LOGOUT";
  g_eventNames[272] = "PLAYER_ENTERING_WORLD";
  g_eventNames[273] = "PLAYER_LEAVING_WORLD";
  g_eventNames[274] = "PLAYER_ALIVE";
  g_eventNames[275] = "PLAYER_DEAD";
  g_eventNames[276] = "PLAYER_CAMPING";
  g_eventNames[277] = "PLAYER_QUITING";
  g_eventNames[278] = "LOGOUT_CANCEL";
  g_eventNames[280] = "PARTY_INVITE_REQUEST";
  g_eventNames[281] = "PARTY_INVITE_CANCEL";
  g_eventNames[282] = "GUILD_INVITE_REQUEST";
  g_eventNames[283] = "GUILD_INVITE_CANCEL";
  g_eventNames[284] = "GUILD_MOTD";
  g_eventNames[285] = "TRADE_REQUEST";
  g_eventNames[286] = "TRADE_REQUEST_CANCEL";
  g_eventNames[279] = "RESURRECT_REQUEST";
  g_eventNames[287] = "LOOT_BIND_CONFIRM";
  g_eventNames[288] = "EQUIP_BIND_CONFIRM";
  g_eventNames[289] = "AUTOEQUIP_BIND_CONFIRM";
  g_eventNames[290] = "USE_BIND_CONFIRM";
  g_eventNames[291] = "DELETE_ITEM_CONFIRM";
  g_eventNames[292] = "CURSOR_UPDATE";
  g_eventNames[293] = "ITEM_TEXT_BEGIN";
  g_eventNames[294] = "ITEM_TEXT_TRANSLATION";
  g_eventNames[295] = "ITEM_TEXT_READY";
  g_eventNames[296] = "ITEM_TEXT_CLOSED";
  g_eventNames[297] = "GOSSIP_SHOW";
  g_eventNames[298] = "GOSSIP_ENTER_CODE";
  g_eventNames[299] = "GOSSIP_CLOSED";
  g_eventNames[300] = "QUEST_GREETING";
  g_eventNames[301] = "QUEST_DETAIL";
  g_eventNames[302] = "QUEST_PROGRESS";
  g_eventNames[303] = "QUEST_COMPLETE";
  g_eventNames[304] = "QUEST_FINISHED";
  g_eventNames[305] = "QUEST_ITEM_UPDATE";
  g_eventNames[306] = "TAXIMAP_OPENED";
  g_eventNames[307] = "TAXIMAP_CLOSED";
  g_eventNames[308] = "QUEST_LOG_UPDATE";
  g_eventNames[309] = "TRAINER_SHOW";
  g_eventNames[310] = "TRAINER_UPDATE";
  g_eventNames[311] = "TRAINER_CLOSED";
  g_eventNames[312] = "CVAR_UPDATE";
  g_eventNames[313] = "TRADE_SKILL_SHOW";
  g_eventNames[314] = "TRADE_SKILL_UPDATE";
  g_eventNames[315] = "TRADE_SKILL_CLOSE";
  g_eventNames[316] = "MERCHANT_SHOW";
  g_eventNames[317] = "MERCHANT_UPDATE";
  g_eventNames[318] = "MERCHANT_CLOSED";
  g_eventNames[319] = "TRADE_SHOW";
  g_eventNames[320] = "TRADE_CLOSED";
  g_eventNames[321] = "TRADE_UPDATE";
  g_eventNames[322] = "TRADE_ACCEPT_UPDATE";
  g_eventNames[323] = "TRADE_TARGET_ITEM_CHANGED";
  g_eventNames[324] = "TRADE_PLAYER_ITEM_CHANGED";
  g_eventNames[325] = "TRADE_MONEY_CHANGED";
  g_eventNames[326] = "PLAYER_TRADE_MONEY";
  g_eventNames[327] = "BAG_OPEN";
  g_eventNames[328] = "BAG_UPDATE";
  g_eventNames[329] = "BAG_CLOSED";
  g_eventNames[330] = "BAG_UPDATE_COOLDOWN";
  g_eventNames[331] = "LOCALPLAYER_PET_RENAMED";
  g_eventNames[332] = "UNIT_ATTACK";
  g_eventNames[333] = "UNIT_DEFENSE";
  g_eventNames[334] = "PET_ATTACK_START";
  g_eventNames[335] = "PET_ATTACK_STOP";
  g_eventNames[336] = "UPDATE_MOUSEOVER_UNIT";
  g_eventNames[337] = "SPELLCAST_START";
  g_eventNames[338] = "SPELLCAST_STOP";
  g_eventNames[339] = "SPELLCAST_FAILED";
  g_eventNames[340] = "SPELLCAST_INTERRUPTED";
  g_eventNames[341] = "SPELLCAST_DELAYED";
  g_eventNames[342] = "SPELLCAST_CHANNEL_START";
  g_eventNames[343] = "SPELLCAST_CHANNEL_UPDATE";
  g_eventNames[344] = "SPELLCAST_CHANNEL_STOP";
  g_eventNames[345] = "PLAYER_GUILD_UPDATE";
  g_eventNames[346] = "QUEST_ACCEPT_CONFIRM";
  g_eventNames[347] = "PLAYERBANKSLOTS_CHANGED";
  g_eventNames[348] = "BANKFRAME_OPENED";
  g_eventNames[349] = "BANKFRAME_CLOSED";
  g_eventNames[350] = "PLAYERBANKBAGSLOTS_CHANGED";
  g_eventNames[351] = "FRIENDLIST_UPDATE";
  g_eventNames[352] = "IGNORELIST_UPDATE";
  g_eventNames[354] = "PET_BAR_UPDATE_COOLDOWN";
  g_eventNames[353] = "PET_BAR_UPDATE";
  g_eventNames[355] = "PET_BAR_SHOWGRID";
  g_eventNames[356] = "PET_BAR_HIDEGRID";
  g_eventNames[357] = "MINIMAP_PING";
  g_eventNames[358] = "CHAT_MSG_COMBAT_MISC_INFO";
  g_eventNames[359] = "CRAFT_SHOW";
  g_eventNames[360] = "CRAFT_UPDATE";
  g_eventNames[361] = "CRAFT_CLOSE";
  g_eventNames[362] = "MIRROR_TIMER_START";
  g_eventNames[363] = "MIRROR_TIMER_PAUSE";
  g_eventNames[364] = "MIRROR_TIMER_STOP";
  g_eventNames[365] = "WORLD_MAP_UPDATE";
  g_eventNames[366] = "WORLD_MAP_NAME_UPDATE";
  g_eventNames[367] = "AUTOFOLLOW_BEGIN";
  g_eventNames[368] = "AUTOFOLLOW_END";
  g_eventNames[370] = "CINEMATIC_START";
  g_eventNames[371] = "CINEMATIC_STOP";
  g_eventNames[372] = "UPDATE_FACTION";
  g_eventNames[373] = "CLOSE_WORLD_MAP";
  g_eventNames[374] = "OPEN_TABARD_FRAME";
  g_eventNames[375] = "CLOSE_TABARD_FRAME";
  g_eventNames[377] = "SHOW_COMPARE_TOOLTIP";
  g_eventNames[376] = "TABARD_CANSAVE_CHANGED";
  g_eventNames[378] = "GUILD_REGISTRAR_SHOW";
  g_eventNames[379] = "GUILD_REGISTRAR_CLOSED";
  g_eventNames[380] = "DUEL_REQUESTED";
  g_eventNames[381] = "DUEL_OUTOFBOUNDS";
  g_eventNames[382] = "DUEL_INBOUNDS";
  g_eventNames[383] = "DUEL_FINISHED";
  g_eventNames[384] = "TUTORIAL_TRIGGER";
  g_eventNames[385] = "PET_DISMISS_START";
  g_eventNames[386] = "UPDATE_BINDINGS";
  g_eventNames[387] = "UPDATE_SHAPESHIFT_FORMS";
  g_eventNames[388] = "WHO_LIST_UPDATE";
  g_eventNames[389] = "UPDATE_LFG";
  g_eventNames[390] = "PETITION_SHOW";
  g_eventNames[391] = "PETITION_CLOSED";
  g_eventNames[392] = "EXECUTE_CHAT_LINE";
  g_eventNames[393] = "UPDATE_MACROS";
  g_eventNames[394] = "UPDATE_TICKET";
  g_eventNames[395] = "UPDATE_CHAT_WINDOWS";
  g_eventNames[396] = "CONFIRM_XP_LOSS";
  g_eventNames[397] = "CORPSE_IN_RANGE";
  g_eventNames[398] = "CORPSE_IN_INSTANCE";
  g_eventNames[399] = "CORPSE_OUT_OF_RANGE";
  g_eventNames[400] = "UPDATE_GM_STATUS";
  g_eventNames[401] = "PLAYER_UNGHOST";
  g_eventNames[402] = "BIND_ENCHANT";
  g_eventNames[403] = "REPLACE_ENCHANT";
  g_eventNames[404] = "TRADE_REPLACE_ENCHANT";
  g_eventNames[405] = "PLAYER_UPDATE_RESTING";
  g_eventNames[406] = "UPDATE_EXHAUSTION";
  g_eventNames[407] = "PLAYER_FLAGS_CHANGED";
  g_eventNames[408] = "GUILD_ROSTER_UPDATE";
  g_eventNames[409] = "GM_PLAYER_INFO";
  g_eventNames[410] = "MAIL_SHOW";
  g_eventNames[411] = "MAIL_CLOSED";
  g_eventNames[412] = "SEND_MAIL_MONEY_CHANGED";
  g_eventNames[413] = "SEND_MAIL_COD_CHANGED";
  g_eventNames[414] = "MAIL_SEND_INFO_UPDATE";
  g_eventNames[415] = "MAIL_SEND_SUCCESS";
  g_eventNames[416] = "MAIL_INBOX_UPDATE";
  g_eventNames[417] = "BATTLEFIELDS_SHOW";
  g_eventNames[418] = "BATTLEFIELDS_CLOSED";
  g_eventNames[419] = "UPDATE_BATTLEFIELD_STATUS";
  g_eventNames[420] = "UPDATE_BATTLEFIELD_SCORE";
  g_eventNames[421] = "AUCTION_HOUSE_SHOW";
  g_eventNames[422] = "AUCTION_HOUSE_CLOSED";
  g_eventNames[423] = "NEW_AUCTION_UPDATE";
  g_eventNames[424] = "AUCTION_ITEM_LIST_UPDATE";
  g_eventNames[425] = "AUCTION_OWNED_LIST_UPDATE";
  g_eventNames[426] = "AUCTION_BIDDER_LIST_UPDATE";
  g_eventNames[427] = "PET_UI_UPDATE";
  g_eventNames[428] = "PET_UI_CLOSE";
  g_eventNames[429] = "ADDON_LOADED";
  g_eventNames[430] = "VARIABLES_LOADED";
  g_eventNames[431] = "MACRO_ACTION_FORBIDDEN";
  g_eventNames[432] = "ADDON_ACTION_FORBIDDEN";
  g_eventNames[433] = "MEMORY_EXHAUSTED";
  g_eventNames[434] = "MEMORY_RECOVERED";
  g_eventNames[435] = "START_AUTOREPEAT_SPELL";
  g_eventNames[436] = "STOP_AUTOREPEAT_SPELL";
  g_eventNames[437] = "PET_STABLE_SHOW";
  g_eventNames[438] = "PET_STABLE_UPDATE";
  g_eventNames[439] = "PET_STABLE_UPDATE_PAPERDOLL";
  g_eventNames[440] = "PET_STABLE_CLOSED";
  g_eventNames[441] = "CHAT_MSG_COMBAT_SELF_HITS";
  g_eventNames[442] = "CHAT_MSG_COMBAT_SELF_MISSES";
  g_eventNames[443] = "CHAT_MSG_COMBAT_PET_HITS";
  g_eventNames[444] = "CHAT_MSG_COMBAT_PET_MISSES";
  g_eventNames[445] = "CHAT_MSG_COMBAT_PARTY_HITS";
  g_eventNames[446] = "CHAT_MSG_COMBAT_PARTY_MISSES";
  g_eventNames[447] = "CHAT_MSG_COMBAT_FRIENDLYPLAYER_HITS";
  g_eventNames[448] = "CHAT_MSG_COMBAT_FRIENDLYPLAYER_MISSES";
  g_eventNames[449] = "CHAT_MSG_COMBAT_HOSTILEPLAYER_HITS";
  g_eventNames[450] = "CHAT_MSG_COMBAT_HOSTILEPLAYER_MISSES";
  g_eventNames[451] = "CHAT_MSG_COMBAT_CREATURE_VS_SELF_HITS";
  g_eventNames[452] = "CHAT_MSG_COMBAT_CREATURE_VS_SELF_MISSES";
  g_eventNames[453] = "CHAT_MSG_COMBAT_CREATURE_VS_PARTY_HITS";
  g_eventNames[454] = "CHAT_MSG_COMBAT_CREATURE_VS_PARTY_MISSES";
  g_eventNames[455] = "CHAT_MSG_COMBAT_CREATURE_VS_CREATURE_HITS";
  g_eventNames[456] = "CHAT_MSG_COMBAT_CREATURE_VS_CREATURE_MISSES";
  g_eventNames[457] = "CHAT_MSG_COMBAT_FRIENDLY_DEATH";
  g_eventNames[458] = "CHAT_MSG_COMBAT_HOSTILE_DEATH";
  g_eventNames[459] = "CHAT_MSG_COMBAT_XP_GAIN";
  g_eventNames[460] = "CHAT_MSG_COMBAT_HONOR_GAIN";
  g_eventNames[461] = "CHAT_MSG_SPELL_SELF_DAMAGE";
  g_eventNames[462] = "CHAT_MSG_SPELL_SELF_BUFF";
  g_eventNames[463] = "CHAT_MSG_SPELL_PET_DAMAGE";
  g_eventNames[464] = "CHAT_MSG_SPELL_PET_BUFF";
  g_eventNames[465] = "CHAT_MSG_SPELL_PARTY_DAMAGE";
  g_eventNames[466] = "CHAT_MSG_SPELL_PARTY_BUFF";
  g_eventNames[467] = "CHAT_MSG_SPELL_FRIENDLYPLAYER_DAMAGE";
  g_eventNames[468] = "CHAT_MSG_SPELL_FRIENDLYPLAYER_BUFF";
  g_eventNames[469] = "CHAT_MSG_SPELL_HOSTILEPLAYER_DAMAGE";
  g_eventNames[470] = "CHAT_MSG_SPELL_HOSTILEPLAYER_BUFF";
  g_eventNames[471] = "CHAT_MSG_SPELL_CREATURE_VS_SELF_DAMAGE";
  g_eventNames[472] = "CHAT_MSG_SPELL_CREATURE_VS_SELF_BUFF";
  g_eventNames[473] = "CHAT_MSG_SPELL_CREATURE_VS_PARTY_DAMAGE";
  g_eventNames[474] = "CHAT_MSG_SPELL_CREATURE_VS_PARTY_BUFF";
  g_eventNames[475] = "CHAT_MSG_SPELL_CREATURE_VS_CREATURE_DAMAGE";
  g_eventNames[476] = "CHAT_MSG_SPELL_CREATURE_VS_CREATURE_BUFF";
  g_eventNames[477] = "CHAT_MSG_SPELL_TRADESKILLS";
  g_eventNames[478] = "CHAT_MSG_SPELL_DAMAGESHIELDS_ON_SELF";
  g_eventNames[479] = "CHAT_MSG_SPELL_DAMAGESHIELDS_ON_OTHERS";
  g_eventNames[480] = "CHAT_MSG_SPELL_AURA_GONE_SELF";
  g_eventNames[481] = "CHAT_MSG_SPELL_AURA_GONE_PARTY";
  g_eventNames[482] = "CHAT_MSG_SPELL_AURA_GONE_OTHER";
  g_eventNames[483] = "CHAT_MSG_SPELL_ITEM_ENCHANTMENTS";
  g_eventNames[484] = "CHAT_MSG_SPELL_BREAK_AURA";
  g_eventNames[485] = "CHAT_MSG_SPELL_PERIODIC_SELF_DAMAGE";
  g_eventNames[486] = "CHAT_MSG_SPELL_PERIODIC_SELF_BUFFS";
  g_eventNames[487] = "CHAT_MSG_SPELL_PERIODIC_PARTY_DAMAGE";
  g_eventNames[488] = "CHAT_MSG_SPELL_PERIODIC_PARTY_BUFFS";
  g_eventNames[489] = "CHAT_MSG_SPELL_PERIODIC_FRIENDLYPLAYER_DAMAGE";
  g_eventNames[490] = "CHAT_MSG_SPELL_PERIODIC_FRIENDLYPLAYER_BUFFS";
  g_eventNames[491] = "CHAT_MSG_SPELL_PERIODIC_HOSTILEPLAYER_DAMAGE";
  g_eventNames[492] = "CHAT_MSG_SPELL_PERIODIC_HOSTILEPLAYER_BUFFS";
  g_eventNames[493] = "CHAT_MSG_SPELL_PERIODIC_CREATURE_DAMAGE";
  g_eventNames[494] = "CHAT_MSG_SPELL_PERIODIC_CREATURE_BUFFS";
  g_eventNames[495] = "CHAT_MSG_SPELL_FAILED_LOCALPLAYER";
  g_eventNames[496] = "CHAT_MSG_BG_SYSTEM_NEUTRAL";
  g_eventNames[497] = "CHAT_MSG_BG_SYSTEM_ALLIANCE";
  g_eventNames[498] = "CHAT_MSG_BG_SYSTEM_HORDE";
  g_eventNames[499] = "RAID_ROSTER_UPDATE";
  g_eventNames[500] = "UPDATE_PENDING_MAIL";
  g_eventNames[501] = "UPDATE_INVENTORY_ALERTS";
  g_eventNames[502] = "UPDATE_TRADESKILL_RECAST";
  g_eventNames[503] = "OPEN_MASTER_LOOT_LIST";
  g_eventNames[504] = "UPDATE_MASTER_LOOT_LIST";
  g_eventNames[505] = "START_LOOT_ROLL";
  g_eventNames[506] = "CANCEL_LOOT_ROLL";
  g_eventNames[507] = "CONFIRM_LOOT_ROLL";
  g_eventNames[508] = "INSTANCE_BOOT_START";
  g_eventNames[509] = "INSTANCE_BOOT_STOP";
  g_eventNames[510] = "LEARNED_SPELL_IN_TAB";
  g_eventNames[511] = "DISPLAY_SIZE_CHANGED";
  g_eventNames[512] = "CONFIRM_TALENT_WIPE";
  g_eventNames[513] = "CONFIRM_BINDER";
  g_eventNames[514] = "MAIL_FAILED";
  g_eventNames[515] = "CLOSE_INBOX_ITEM";
  g_eventNames[516] = "CONFIRM_SUMMON";
  g_eventNames[517] = "BILLING_NAG_DIALOG";
  g_eventNames[518] = "IGR_BILLING_NAG_DIALOG";
  g_eventNames[519] = "MEETINGSTONE_CHANGED";
  g_eventNames[520] = "PLAYER_SKINNED";
  g_eventNames[521] = "TABARD_SAVE_PENDING";
  g_eventNames[522] = "UNIT_QUEST_LOG_CHANGED";
  g_eventNames[523] = "PLAYER_PVP_KILLS_CHANGED";
  g_eventNames[524] = "PLAYER_PVP_RANK_CHANGED";
  g_eventNames[525] = "INSPECT_HONOR_UPDATE";
  g_eventNames[526] = "UPDATE_WORLD_STATES";
  g_eventNames[527] = "AREA_SPIRIT_HEALER_IN_RANGE";
  g_eventNames[528] = "AREA_SPIRIT_HEALER_OUT_OF_RANGE";
  g_eventNames[529] = "CONFIRM_PET_UNLEARN";
  g_eventNames[530] = "PLAYTIME_CHANGED";
  g_eventNames[531] = "UPDATE_LFG_TYPES";
  g_eventNames[532] = "UPDATE_LFG_LIST";
  g_eventNames[533] = "CHAT_MSG_COMBAT_FACTION_CHANGE";
  g_eventNames[534] = "START_MINIGAME";
  g_eventNames[535] = "MINIGAME_UPDATE";
  g_eventNames[536] = "READY_CHECK";
  g_eventNames[537] = "RAID_TARGET_UPDATE";
  g_eventNames[538] = "GMSURVEY_DISPLAY";
  g_eventNames[539] = "UPDATE_INSTANCE_INFO";
  g_eventNames[541] = "CHAT_MSG_RAID_BOSS_EMOTE";
  g_eventNames[542] = "COMBAT_TEXT_UPDATE";
  g_eventNames[543] = "LOTTERY_SHOW";
  g_eventNames[544] = "CHAT_MSG_FILTERED";
  g_eventNames[545] = "QUEST_WATCH_UPDATE";
  g_eventNames[546] = "CHAT_MSG_BATTLEGROUND";
  g_eventNames[547] = "CHAT_MSG_BATTLEGROUND_LEADER";
  g_eventNames[548] = "LOTTERY_ITEM_UPDATE";
```

----------


## Robske

Some of my friends tried out a private server a while back, I joined in to see how the client worked back then. The actual playing experience was so horrible compared to live that I just lost interest. I only got the basics (object iteration, some framescript) and a (heartbeat) based packet teleporter working.


ClientConnection__SendPacket 0x005379A0
Framescript__Execute 0x00704CD0
PerformanceCounter 0x42C010

GetPosition 5
GetFacing 6
GetName 28

ObjectManager 0x00B41414
FirstObject 0xAC
NextObject 0x3C
ActivePlayerGuid 0xC0

I wasn't able to correctly invoke EnumVisibleObjects from C#, hence the 'manual' iteration of the linked list.

----------


## sitnspinlock

If you are interested, I wrote my own crappy sandbox server for 1.12.1 that I still use with some of my friends once and while. By crappy I mean tends to shit bricks with more then 10 clients, and uses a text based database :P

----------


## namreeb

That's interesting, Robske. I suppose it depends when you start playing the game and what you're used to. I basically stopped playing retail when TBC came out and haven't looked back much since. If they gave a paid option for vanilla, I would definitely go with that over a private server. As for the R/E stuff, we're at about the same place. Got fly hack working last night. Looking for lua_register presently to hook into the client a bit better.

Thank you, everdox, but I'm already on vanillagaming.org's server.

Edit:

FrameScript::Register: 0x704120
FrameScript::GetContext: 0x7040D0

Woot!

Edit 2: Scratch that. In 1.12.1 these functions are __fastcall and I'm not starting over in C++. **** it!

----------


## sitnspinlock

Being on an emulator you could probably call OnSwimStart() and start swimming anywhere, considering most emulators don't properly handle the packet checksums. I know at least mangos never handled this properly.

----------


## TOM_RUS

> Being on an emulator you could probably call OnSwimStart() and start swimming anywhere, considering most emulators don't properly handle the packet checksums. I know at least mangos never handled this properly.


FYI: there's no packet checksums (except for warden packets).

----------


## sitnspinlock

I guess what I meant to say was checking the movement type, if you sent something like swim forward on live you would get booted. Most emulators (like mine) don't handle this properly and just allow anything, no matter your coordinates.

edit - actually I think groups like mangos added a 'vmaps' system but I dont know if its used entirely for that, because it would of course have many uses.

----------


## namreeb

I already have the fly hack working. Hooking my travelling salesman code up to wowhead atm, then finding noclip, then win  :Smile:

----------


## namreeb

Robske,

I don't know what your problem iterating was, but I had one of my own which I just solved. For some reason, in this version of the binary, they take the filter parameter to ClntObjMgrObjectPtr via the ecx register. So you have to prototype as follows:



```
        [UnmanagedFunctionPointer(CallingConvention.ThisCall)]
        private delegate IntPtr ClntObjMgrGetObjectPtrDelegate(uint filter, ulong guid);

        public static Object GetObjectByGuid(ulong guid)
        {
            var func =
                (ClntObjMgrGetObjectPtrDelegate)
                Marshal.GetDelegateForFunctionPointer(Locator.ClntObjMgrObjectPtr,
                                                      typeof(ClntObjMgrGetObjectPtrDelegate));
            var loc = func(0xFFFFFFFF, guid);

            if (loc == IntPtr.Zero)
                throw new NullReferenceException("Cannot find object with GUID: 0x" + guid.ToString("X16"));

            return new Object(loc);
        }
```

----------


## Robske

Correct,

.text:0048991E push edx
.text:0048991F push eax
.text:00489920 mov edx, offset a__ObjectObject ; "..\\Object/ObjectClient/Player_C.h"
.text:00489925 mov ecx, 10h
.text:0048992A call sub_468460

This wasn't my problem (yet?) though  :Smile:  If I remember correctly EnumVisibleObjects was fastcall, which would've been tricky to invoke from C#.

----------


## namreeb

Well when I saw that I thought they were using __fastcall to track the code and line number or something.

----------


## namreeb

Ahh, damn. EnumVisibleObjects is indeed __fastcall. Alternatively I suppose one could write a small wrapper function to set the registers appropriately and just inject the machine code.

----------


## mute

here are some offsets for teleport/speedhack

Player_Base +
Player_Y 09B8
Player_X 09BC
Player_Z 09C0
Player_Facing 09C4
Player_Speed 0A2C
Player_SpeedModifierRun 0A34

@namreeb
how did you get your flyhack to work, any hints?

----------


## lanman92

Hook SendMovementPacket so that it never sends a swimming flag. Simple as that. You can then write to your movement state so that you can swim client side, and appear to be walking up through the air to everyone else.

----------


## namreeb

All I had to do to avoid detection on the realm I am playing on was to enable swimming locally. This by implication forces the client to build corresponding movement packets. Note that in addition to updating the movement flag there is a NOP to be written in a function which resets the flag. Just put a BP on write in Olly and you'll find it. If you can't, let me know.

----------


## namreeb

My code to call __fastcall from C#:



```
    static class FastCall
    {
        public static T CreateToFastcall<T>(IntPtr functionPtr, string patchName) where T : class
        {
            var method = typeof(T).GetMethod("Invoke");
            if (method.GetParameters().Any(param => Marshal.SizeOf(param.ParameterType) != 4))
                throw new ArgumentException("Only supports functions with 32 bit parameters");

            var parameterCount = method.GetParameters().Length;

            var payload = new List<byte>();

            payload.Add(0x55);                                  // push ebp
            payload.AddRange(new byte[] { 0x89, 0xE5 });        // mov ebp, esp
            payload.AddRange(new byte[] { 0x8B, 0x4D, 0x08 });  // mov ecx, [ebp+0x08]
            payload.AddRange(new byte[] { 0x8B, 0x55, 0x0C });  // mov edx, [ebp+0x0C]

            if (parameterCount > 2)
                for (var i = 0; i < parameterCount - 2; i++)
                {
                    payload.AddRange(new byte[] { 0x8B, 0x5D, (byte)(0x10 + 4*i) });    // mov ebx, [ebp+0x10+4*i]
                    payload.Add(0x53);                                                  // push ebx
                }

            var callOpcodeLocation = payload.Count + 1;

            payload.AddRange(new byte[] { 0xE8, 0x00, 0x00, 0x00, 0x00 });  // call function

            if (parameterCount > 2)
            {
                payload.AddRange(new byte[] {0x89, 0xEC }); // mov esp, ebp
                payload.Add(0x5D);                          // pop ebp
            }

            payload.Add(0xC2);
            payload.AddRange(BitConverter.GetBytes((ushort)(parameterCount * 4)));     // retn 4 * paramCount

            var payloadPtr = Locator.PayloadSpace(payload.Count);

            var functionCall = functionPtr.ToInt32() - payloadPtr.ToInt32() - callOpcodeLocation - 5;

            // update payload
            payload[callOpcodeLocation + 0] = (byte)functionCall;
            payload[callOpcodeLocation + 1] = (byte)(functionCall >> 8);
            payload[callOpcodeLocation + 2] = (byte)(functionCall >> 16);
            payload[callOpcodeLocation + 3] = (byte)(functionCall >> 24);

            // deposit payload
            Patcher.CreatePatch(new Patcher.Patch(payloadPtr, payload.ToArray(), patchName));

            return Utilities.RegisterDelegate<T>(payloadPtr);
        }

        public static void RemoveToFastcall(string patchName)
        {
            Patcher.RemovePatch(patchName);
        }
    }
```

----------


## namreeb

Bump to let people know this thread has been renamed to the info dump thread for 1.12.1.5875 and I've added some useful function addresses to the first post.

----------


## LogicWin

Anyone got the Endscene offset?

----------


## namreeb

EndScene is not always in the same place, but this is the function that calls it (at 0x5A17B6)



```
.text:005A17A0                         CGxDeviceD3d__ISceneEnd proc near       ; CODE XREF: sub_59A870+2Dp
.text:005A17A0                                                                 ; CGxDeviceD3d__ScenePresent+2Ap
.text:005A17A0 56                                      push    esi
.text:005A17A1 8B F1                                   mov     esi, ecx
.text:005A17A3 8B 86 38 3A 00 00                       mov     eax, [esi+3A38h]
.text:005A17A9 85 C0                                   test    eax, eax
.text:005A17AB 74 19                                   jz      short loc_5A17C6
.text:005A17AD 8B 86 A8 38 00 00                       mov     eax, [esi+38A8h]
.text:005A17B3 8B 08                                   mov     ecx, [eax]
.text:005A17B5 50                                      push    eax
.text:005A17B6 FF 91 A8 00 00 00                       call    dword ptr [ecx+0A8h]
.text:005A17BC C7 86 38 3A 00 00 00 00+                mov     dword ptr [esi+3A38h], 0
.text:005A17C6
.text:005A17C6                         loc_5A17C6:                             ; CODE XREF: CGxDeviceD3d__ISceneEnd+Bj
.text:005A17C6 5E                                      pop     esi
.text:005A17C7 C3                                      retn
.text:005A17C7                         CGxDeviceD3d__ISceneEnd endp
```

----------


## namreeb

Speaking of EndScene, an easy way to disable rendering is:



```
        public static bool Enabled
        {
            get { return Marshal.ReadInt32(Locator.CGxDeviceD3d__device, 0xF2C) == 0; }
            set { Marshal.WriteInt32(Locator.CGxDeviceD3d__device, 0xF2C, value ? 0 : 1); }
        }

        #region CGxDeviceD3d::device
        public static IntPtr CGxDeviceD3d__device
        {
            get { return Marshal.ReadIntPtr(new IntPtr(0xC0ED38)); }
        }
        #endregion
```

Note that 'Enabled' means enabling the feature which disables rendering.

Edit: Note also that this will prevent EndScene from being called, so if you do stuff there that stuff won't happen with this enabled.

----------


## namreeb

Bumping because I changed my __fastcall trampoline code above.

----------


## MartyT

hihi

my code to fastcall



```
extern "C"
{
  void __declspec(dllexport) __declspec(naked) InvokeFastcall()
  {
    __asm
    {
      pop edx
      XCHG DWORD PTR SS:[ESP+8],EDX
      pop eax
      pop ecx
      jmp eax
    }
  }
}
```



```
		[DllImport("AppdomainManager.dll", EntryPoint = "InvokeFastcall", CallingConvention = CallingConvention.StdCall)] private unsafe static extern int Player_GetProperty_Stub(IntPtr address, Player* playerObject, int property);

		public unsafe static int Player_GetProperty(Player* player, int property)
		{
			return Player_GetProperty_Stub(Pointer_Player_GetProperty, player, property);
		}
```

----------


## hamburger12

```
MinimapZoneText = 0x74DA28
SubZoneText = 0x74E280
RealZoneText = 0x74B404
ZoneText = 0x74B3F8
ClickToMoveX = 0x84DA84
ClickToMovePus = 0x84D93C / 0/1
ObjectManager 0x741414
FirstObj = 0xAC
NextObj = 0x3C
Playerbase = 0x853D40
```

//Untested

----------


## namreeb

Moved to first post.

----------


## Jadd

No patching is needed for swim hack - just use 0x00200000 | 0x00000400.

I'll post some more hacks here soon.

----------


## namreeb

Hmm, yeah that work's better  :Smile:

----------


## drassian

So, I've found player x/y/z and camera angle



```
	  $CurrentRotationOfCam 			= _MemoryRead(0x00CE9B90, $DLLInformation, 'float')
	  $CurrentZ					= _MemoryRead(0x00225C28, $DLLInformation, 'float')
	  $CurrentX					= _MemoryRead(0x00C62524, $DLLInformation, 'float')
	  $CurrentY					= _MemoryRead(0x00C62528, $DLLInformation, 'float')
```

For some reason the static pointers came up straight away?

However for 'player roation' I've found the dynamic addresses and tried to find the static pointer but I seem to be going wrong somewhere and end up looping around?

If anyone can help me find the static address for 'player rotation' that would be a huge help - thanks (or a tut)

----------


## Frosttall

> If anyone can help me find the static address for 'player rotation' that would be a huge help - thanks (*or a tut*)


Try this tutorial  :Wink: 
http://www.ownedcore.com/forums/worl...ple-stuff.html ([Tutorial] How to find simple stuff)

----------


## racoon1993

I found:
playername: wowBaseAddress + 0x827D88
targetGUID: wowBaseAddress + 0x74E2D4
playerfacing: (wowBaseAddress + 0x86326C) + 0x78
playerX: wowBaseAddress + 0x862520
playerY: wowBaseAddress + 0x862524
playerZ: wowBaseAddress + 0x862528

//it is a bit buggy and not every time correct... i dont know why
player health: ((0x18C2E0) + 0x110) + 0x40

im searching for the correct x y z from players target...
if someone pls could look into it :/

----------


## Frosttall

> I found:
> playername: wowBaseAddress + 0x827D88
> targetGUID: wowBaseAddress + 0x74E2D4
> playerfacing: (wowBaseAddress + 0x86326C) + 0x78
> playerX: wowBaseAddress + 0x862520
> playerY: wowBaseAddress + 0x862524
> playerZ: wowBaseAddress + 0x862528
> 
> //it is a bit buggy and not every time correct... i dont know why
> ...


You have to use the object manager for that. Loop trough the objectlist and compare the GUID of the objects with TargetGUID and return the object which has the same GUID.

----------


## racoon1993

> You have to use the object manager for that. Loop trough the objectlist and compare the GUID of the objects with TargetGUID and return the object which has the same GUID.


Thanks at first...  :Big Grin: 
i think i have not the right addresses to read through
are these right?



```
UInt64 localGUID;
            localGUID = bm.ReadUInt64(0xB41414 + 0xC0);
            curObj = bm.ReadUInt(0xB41414  + 0xAC);
            nextObj = curObj;
            while (curObj != 0 && (curObj & 1) == 0)
            {
                UInt64 cGUID = 0;
                try
                {
                    cGUID = bm.ReadUInt64(curObj + 0x30);
                }
                catch { }

                try
                {
                    float x = bm.ReadFloat(curObj + 0xBF0);
                    float y = bm.ReadFloat(curObj + 0xBF4);
                    float z = bm.ReadFloat(curObj + 0xBF8);

                    if (cGUID == localGUID)
                    {
                        localObj = curObj;
                    }
                    Logging.OnNewLog(string.Format("GUID: {0} - X: {1} Y: {2} Z: {3}", cGUID, x, y, z));
                }
                catch { }
                try
                {
                    nextObj = bm.ReadUInt(curObj + 0x3C);
                }
```

----------


## Frosttall

> Thanks at first... 
> i think i have not the right addresses to read through
> are these right?
> 
> 
> 
> ```
> UInt64 localGUID;
>             localGUID = bm.ReadUInt64(0xB41414 + 0xC0);
> ...


Haven't checked the address, but looks good so far.

----------


## racoon1993

> Haven't checked the address, but looks good so far.


 :Big Grin:  thanks but its not my own method :/ thx shynd

but the adresses are the big question :/ if someone could check it

thanks in previous

racoon

----------


## namreeb

I'm not going to check it for you. I will tell you, though, that unless the example you're working from is from 1.12.1, they are very likely incorrect.

----------


## Jadd

```
namespace Offsets
{
	namespace General
	{
		DWORD_PTR
			IsInGame                   = 0x00B4B424, // 1.12.1.5875 (Byte)
	}
	
	namespace Camera
	{
		DWORD_PTR
			CameraPtr                  = 0x0074B2BC, // 1.12.1.5875
			CameraPtrOffset            = 0x000065B8, // 1.12.1.5875
			CameraPosition             = 0x00000008, // 1.12.1.5875 (CVec3)
			CameraFollowingGUID        = 0x00000088; // 1.12.1.5875 (GUID)
	}

	namespace ObjectManager
	{
		DWORD_PTR
			ObjectDescriptors          = 0x00000008, // 1.12.1.5875
			ObjectMovementData         = 0x00000118, // 1.12.1.5875 (UInt)
			ObjectMovementDataPosition = 0x00000010, // 1.12.1.5875 (CVec3)
			ObjectMovementDataRotation = 0x0000001C, // 1.12.1.5875 (Float)
			ObjectMovementDataState    = 0x000000A0, // 1.12.1.5875 (UInt)
			ObjectMovementDataFlags    = 0x00000040, // 1.12.1.5875 (UInt)
			ObjectMovementDataRunSpeed = 0x0000008C, // 1.12.1.5875 (Float)
			PlayerObjectTracking       = 0x00002EB0; // 1.12.1.5875 (Byte)
	}
		
	namespace Hacks
	{
		DWORD_PTR
			SuperFly                   = 0x006341BC, // 1.12.1.5875 (Array) - On: { 0x90, 0x90 } - Off: { 0x74, 0x25 }
			NoFallDamage               = 0x007C63DA, // 1.12.1.5875 (Array) - On: { 0x31, 0xC9, 0x90 } - Off: { 0x8B, 0x4F, 0x78 }
			AntiJump                   = 0x007C625F, // 1.12.1.5875 (Array) - On: { 0xEB } - Off: { 0x75 }
			AntiMove                   = 0x00615CF5, // 1.12.1.5875 (Array) - On: { 0xFE } - Off: { 0xF8 }
			AntiRoot                   = 0x006163DB, // 1.12.1.5875 (Array) - On: { 0xEB, 0xF9 } - Off: { 0x8A, 0x47 }
			InfiniteJump               = 0x007C625E, // 1.12.1.5875 (Array) - On: { 0x10 } - Off: { 0x30 }
			JumpGravity                = 0x007C6272, // 1.12.1.5875 (Float)
			JumpGravityWater           = 0x007C6269, // 1.12.1.5875 (Float)
			WallClimb                  = 0x0080DFFC, // 1.12.1.5875 (Float)
			HeartbeatInterval          = 0x00615BA7; // 1.12.1.5875 (UInt)  - Speedhack anti-disconnect
	}
}
```

----------


## reallydude

Guys, what *program* would I need to utilize this code that you're discovering/making ? I'm not a programmer myself but I could test these out for you on a 1.12.1 private server and give you feedback :confused:

----------


## Lysolfs

What I've found when I made my MultiHack for version 1.12.1:
Most of these are static addresses, not really suited for a bot.
Whatever  :Wink: 

WoW.exe + 0x0087BCD4 + 0x88 + 0x18 pointers to player guid

0x00B4E2D8 (4 bytes) NPC ID, Player GUID
0x00B4E2DA (4 bytes) GUID of NPC

0x00B41E30
0x00C27D80
0x00C4DA98 (all 4 bytes) your own guid

0x00884e44 X position of mouse
0x00884e48 Y position of mouse

0x00C7B548 (float) Player X
0x00C7B544 (float) Player Y
0x00C7B54C (float) Player Z

0x00837C04 (6 character string) Game version

0x00B4E2C8 (2 bytes) Mouseover NPC/Player ID

0x0087D894 (float) Falling speed

0x00B4E284
0x00B4E288
0x00B4E28C (all floats) X/Y/Z of corpse

PLAYERBASE
+0x8 (4 bytes) own guid
+0x20 (4 bytes) own guid
+0x9C0 (float) changeable X-coordinate
+0x9C4 (float) changeable Y-coordinate
+0x9C8 (float) changeable Z-coordinate
+0x9EF (4 bytes, Hex) state of movement
+0x9F3 (byte) type of movement, the following are useful values: 16 (whisp, waterwalk), 80 (levitation), 144 (dead, waterwalk), 34 (slowfall)
+0xA2C (float) jump starting height
+0xA34 (float) movement speed
+0xA38 (float) walking default speed
+0xA3C (float) swimming speed
+0xA4C (float) camera speed
+0x1DD0 (4 bytes) Health (for maximum health/mana/rage/whatever just check in intervals of 4 bytes from this one, they're near  :Wink:  )
+0x1DB8 2 bytes -> id of targeted npc
4 bytes -> id of targeted player
+0x2EB8 (4 bytes) hunter tracking, 255 for everything
+0x2EBC (4 bytes) herb/mineral tracking, 255 for everything

For airswim modify:
0x007C620D [Array of bytes with the length of 2]
Change value of 
0x007C620D to 00 and the value of 0x007C620E to 20, then your characters default movement type is swimming. change those back to 20|00 instead of 00|20 and default movement is walking again.

----------


## daCoder

I started playing around with 1.12.1 yesterday. Here are some script offsets.



```
0x488B00 Script_RegisterCVar
0x488BA0 Script_GetCVar
0x488C10 Script_SetCVar
0x488CF0 Script_SetCVarDefault
0x488DD0 Script_SetWorldDetail
0x488ED0 Script_SetWaterDetail
0x488F30 Script_SetFarclip
0x488FE0 Script_SetTerrainMip
0x489090 Script_SetDoodadAnim
0x489140 Script_SetTexLodBias
0x4891F0 Script_SetGamma
0x4892B0 Script_SetBaseMip
0x489490 Script_SetCursor
0x489660 Script_EquipCursorItem
0x4899D0 Script_TargetUnit
0x489B80 Script_AssistUnit
0x489C40 Script_AssistByName
0x489D60 Script_TargetByName
0x489E00 Script_FollowUnit
0x489EC0 Script_FollowByName
0x48A120 Script_InitiateTrade
0x48A1B0 Script_CanInspect
0x48A310 Script_NotifyInspect
0x48A3B0 Script_InviteToParty
0x48A420 Script_InviteByName
0x48A510 Script_UninviteFromParty
0x48A580 Script_UninviteFromRaid
0x48A610 Script_UninviteByName
0x48A7C0 Script_PromoteToPartyLeader
0x48A830 Script_PromoteByName
0x48ABC0 Script_PickupPlayerMoney
0x48AFB0 Script_GuildUninviteByName
0x48B050 Script_GuildPromoteByName
0x48B0F0 Script_GuildDemoteByName
0x48B190 Script_GuildSetLeaderByName
0x48B270 Script_GuildSetMOTD
0x48BA00 Script_CheckInteractDistance
0x48C270 Script_SetupFullscreenScale
0x48C7B0 Script_RandomRoll
0x48C9D0 Script_NewGMTicket
0x48CA60 Script_UpdateGMTicket
0x48CC00 Script_GMSurveyGetQuestion
0x48CD30 Script_GMSurveyAnswerSubmit
0x48CEF0 Script_GMSurveyCommentSubmit
0x48D4E0 Script_GetCoinIcon
0x48D960 Script_DropItemOnUnit
0x48DFB0 Script_GetItemQualityColor
0x48E070 Script_GetItemInfo
0x48E390 Script_GetAddOnInfo
0x48E530 Script_GetAddOnMetadata
0x48E5E0 Script_GetAddOnDependencies
0x48E690 Script_EnableAddOn
0x48E760 Script_DisableAddOn
0x48E840 Script_IsAddOnLoadOnDemand
0x48E8E0 Script_IsAddOnLoaded
0x48E980 Script_LoadAddOn
0x49F1E0 Script_SendChatMessage
0x49F920 Script_SendAddonMessage
0x49FBE0 Script_GetLanguageByIndex
0x49FD30 Script_DoEmote
0x49FF00 Script_JoinChannelByName
0x4A0000 Script_LeaveChannelByName
0x4A0060 Script_SetGuildRecruitmentMode
0x4A03A0 Script_SetChannelPassword
0x4A05E0 Script_GetChannelName
0x4A0A80 Script_GetChatTypeIndex
0x4A0BA0 Script_GetChatWindowInfo
0x4A0D20 Script_GetChatWindowMessages
0x4A0DC0 Script_GetChatWindowChannels
0x4A0E80 Script_AddChatWindowMessages
0x4A0F40 Script_RemoveChatWindowMessages
0x4A1000 Script_AddChatWindowChannel
0x4A1260 Script_RemoveChatWindowChannel
0x4A13F0 Script_SetChatWindowName
0x4A1470 Script_SetChatWindowSize
0x4A14F0 Script_SetChatWindowColor
0x4A15D0 Script_SetChatWindowAlpha
0x4A1650 Script_SetChatWindowLocked
0x4A16B0 Script_SetChatWindowDocked
0x4A1730 Script_SetChatWindowShown
0x4A1920 Script_GetSavedInstanceInfo
0x4A7D10 Script_GetMapZones
0x4A7DB0 Script_SetMapZoom
0x4A7F30 Script_ProcessMapClick
0x4A7FA0 Script_UpdateMapHighlight
0x4A8610 Script_GetPlayerMapPosition
0x4A8740 Script_GetMapLandmarkInfo
0x4A88F0 Script_GetWorldLocMapPosition
0x4A8A00 Script_GetMapOverlayInfo
0x4A8BB0 Script_CreateWorldMapArrowFrame
0x4A8C60 Script_CreateMiniWorldMapArrowFrame
0x4A8D20 Script_PositionWorldMapArrowFrame
0x4A8F20 Script_PositionMiniWorldMapArrowFrame
0x4AB1F0 Script_GetBattlefieldInfo
0x4AB290 Script_JoinBattlefield
0x4AB300 Script_SetSelectedBattlefield
0x4AB3B0 Script_AcceptBattlefieldPort
0x4AB4A0 Script_GetBattlefieldStatus
0x4AB620 Script_GetBattlefieldPortExpiration
0x4AB790 Script_GetBattlefieldEstimatedWaitTime
0x4AB820 Script_GetBattlefieldTimeWaited
0x4AB8C0 Script_ShowBattlefieldList
0x4AB9D0 Script_GetBattlefieldScore
0x4ABD00 Script_GetBattlefieldStatInfo
0x4ABDC0 Script_GetBattlefieldStatData
0x4ABF90 Script_GetBattlefieldPosition
0x4AC230 Script_GetBattlefieldFlagPosition
0x4AE0F0 Script_SetSendMailMoney
0x4AE180 Script_SetSendMailCOD
0x4AE230 Script_GetStationeryInfo
0x4AE380 Script_SelectStationery
0x4AE450 Script_GetPackageInfo
0x4AE550 Script_SelectPackage
0x4AE800 Script_SendMail
0x4AEBC0 Script_GetInboxHeaderInfo
0x4AF110 Script_GetInboxText
0x4AF360 Script_GetInboxInvoiceInfo
0x4AF5D0 Script_GetInboxItem
0x4AF7D0 Script_TakeInboxMoney
0x4AF8E0 Script_TakeInboxItem
0x4AFA60 Script_TakeInboxTextItem
0x4AFBA0 Script_ReturnInboxItem
0x4AFCD0 Script_DeleteInboxItem
0x4AFE00 Script_InboxItemCanDelete
0x4B3CE0 Script_GetSpellTabInfo
0x4B45C0 Script_GetShapeshiftFormInfo
0x4B4810 Script_CastShapeshiftForm
0x4B49A0 Script_GetShapeshiftFormCooldown
0x4B4AB0 Script_CastSpellByName
0x4B59B0 Script_FlagTutorial
0x4B7F60 Script_GetBinding
0x4B8000 Script_SetBinding
0x4B80A0 Script_GetBindingKey
0x4B8120 Script_GetBindingAction
0x4B8180 Script_RunBinding
0x4B8220 Script_LoadBindings
0x4B8260 Script_SaveBindings
0x4BB4B0 Script_GetRaidTargetIndex
0x4BB560 Script_GetRaidRosterInfo
0x4BB820 Script_SetRaidRosterSelection
0x4BB990 Script_SetRaidSubgroup
0x4BBB00 Script_SwapRaidSubgroup
0x4BBD20 Script_PromoteToAssistant
0x4BBDF0 Script_DemoteAssistant
0x4BBEC0 Script_SetRaidTarget
0x4BDC50 Script_GetPetActionInfo
0x4BDFA0 Script_GetPetActionCooldown
0x4BE0E0 Script_IsPetAttackActive
0x4BE180 Script_PickupPetAction
0x4BE290 Script_TogglePetAutocast
0x4BE330 Script_CastPetAction
0x4BFDF0 Script_ClickTradeButton
0x4C0080 Script_ClickTargetTradeButton
0x4C00F0 Script_GetTradeTargetItemInfo
0x4C0360 Script_GetTradeTargetItemLink
0x4C0450 Script_GetTradePlayerItemInfo
0x4C0650 Script_GetTradePlayerItemLink
0x4C0790 Script_PickupTradeMoney
0x4C0820 Script_SetTradeMoney
0x4C1880 Script_SetSlot
0x4C2C60 Script_GetLootSlotInfo
0x4C2D20 Script_GetLootSlotLink
0x4C2D90 Script_LootSlotIsItem
0x4C2E00 Script_LootSlotIsCoin
0x4C2E70 Script_LootSlot
0x4C2F10 Script_GetMasterLootCandidate
0x4C2FD0 Script_GiveMasterLoot
0x4C3050 Script_GetLootRollItemInfo
0x4C31F0 Script_GetLootRollItemLink
0x4C32D0 Script_GetLootRollTimeLeft
0x4C3370 Script_RollOnLoot
0x4C33E0 Script_ConfirmLootRoll
0x4C4D80 Script_MakeMinigameMove
0x4C5A70 Script_GetWorldStateUIInfo
0x4C8150 Script_KeyRingButtonIDToInvSlotID
0x4C82A0 Script_GetInventoryItemTexture
0x4C8590 Script_GetInventoryItemBroken
0x4C8680 Script_GetInventoryItemCount
0x4C88D0 Script_GetInventoryItemQuality
0x4C8A60 Script_GetInventoryItemCooldown
0x4C8C10 Script_GetInventoryItemLink
0x4C9150 Script_SetInventoryPortaitTexture
0x4C9330 Script_GetGuildInfo
0x4C94B0 Script_GetInventoryAlertStatus
0x4CAF20 Script_UnstablePet
0x4CB230 Script_GetStablePetInfo
0x4CB420 Script_ClickStablePet
0x4CB7A0 Script_PickupStablePet
0x4CB870 Script_SetPetStablePaperdoll
0x4CE1C0 Script_CalculateAuctionDeposit
0x4CE770 Script_StartAuction
0x4CED20 Script_GetNumAuctionItems
0x4CEE40 Script_GetAuctionItemInfo
0x4CF2F0 Script_GetAuctionItemLink
0x4CF470 Script_GetAuctionItemTimeLeft
0x4CF610 Script_PlaceAuctionBid
0x4CF9C0 Script_GetAuctionItemSubClasses
0x4CFAB0 Script_GetAuctionInvTypes
0x4CFC00 Script_SortAuctionItems
0x4CFDA0 Script_SetSelectedAuctionItem
0x4CFEC0 Script_GetSelectedAuctionItem
0x4D0030 Script_IsAuctionSortReversed
0x4D0260 Script_SetSelectedAuctionItem
0x4D1200 Script_GetGuildRosterInfo
0x4D14A0 Script_GetGuildRosterLastOnline
0x4D15E0 Script_GuildRosterSetPublicNote
0x4D1700 Script_GuildRosterSetOfficerNote
0x4D1820 Script_SetGuildRosterSelection
0x4D1E90 Script_GuildControlGetRankName
0x4D1FA0 Script_GuildControlSetRank
0x4D2070 Script_GuildControlSetRankFlag
0x4D20D0 Script_GuildControlSaveRank
0x4D2210 Script_GuildControlAddRank
0x4D2380 Script_SetGuildInfoText
0x4D3610 Script_GetSkillLineInfo
0x4D3AB0 Script_AbandonSkill
0x4D3B70 Script_CollapseSkillHeader
0x4D3BD0 Script_ExpandSkillHeader
0x4D3C30 Script_AddSkillUp
0x4D3C70 Script_RemoveSkillUp
0x4D3E50 Script_BuySkillTier
0x4D4020 Script_SetSelectedSkill
0x4D4C90 Script_StartDuelUnit
0x4D64F0 Script_GetFactionInfo
0x4D6950 Script_FactionToggleAtWar
0x4D69B0 Script_SetFactionInactive
0x4D6A00 Script_SetFactionActive
0x4D6A50 Script_CollapseFactionHeader
0x4D6AA0 Script_ExpandFactionHeader
0x4D6AF0 Script_IsFactionInactive
0x4D6B60 Script_SetWatchedFactionIndex
0x4D6BB0 Script_SetSelectedFaction
0x4D8DC0 Script_GetTrainerServiceInfo
0x4D8E60 Script_SelectTrainerService
0x4D8F50 Script_GetTrainerServiceIcon
0x4D9160 Script_GetTrainerServiceSkillLine
0x4D92F0 Script_GetTrainerServiceCost
0x4D93A0 Script_GetTrainerServiceLevelReq
0x4D9410 Script_GetTrainerServiceSkillReq
0x4D9600 Script_GetTrainerServiceAbilityReq
0x4D9930 Script_GetTrainerServiceStepReq
0x4D9B40 Script_GetTrainerServiceDescription
0x4D9DD0 Script_IsTrainerServiceSkillStep
0x4D9E70 Script_IsTrainerServiceLearnSpell
0x4D9F70 Script_IsTrainerServiceTradeSkill
0x4DA030 Script_GetTrainerServiceStepIncrease
0x4DA210 Script_BuyTrainerService
0x4DA260 Script_SetTrainerServiceTypeFilter
0x4DA3F0 Script_SetTrainerSkillLineFilter
0x4DA510 Script_GetTrainerServiceTypeFilter
0x4DA590 Script_GetTrainerSkillLineFilter
0x4DA6C0 Script_CollapseTrainerSkillLine
0x4DA740 Script_ExpandTrainerSkillLine
0x4DCB30 Script_TaxiNodeName
0x4DCB80 Script_TaxiNodeTaxiNodeLocation
0x4DCC20 Script_TaxiNodeCost
0x4DCCA0 Script_TakeTaxiNode
0x4DCCF0 Script_TaxiNodeGetType
0x4DCD40 Script_TaxiNodeSetCurrent
0x4DF930 Script_GetQuestLogTitle
0x4DFAE0 Script_SelectQuestLogEntry
0x4DFE10 Script_IsUnitOnQuest
0x4E0110 Script_GetQuestLogLeaderBoard
0x4E0B00 Script_GetQuestLogRewardInfo
0x4E0EE0 Script_GetQuestLogItemLink
0x4E15F0 Script_GetQuestIndexForTimer
0x4E1730 Script_CollapseQuestHeader
0x4E1780 Script_ExpandQuestHeader
0x4E1890 Script_IsQuestWatched
0x4E19B0 Script_GetQuestIndexForWatch
0x4E2A30 Script_SelectGossipOption
0x4E2AA0 Script_SelectGossipAvailableQuest
0x4E2AE0 Script_SelectGossipActiveQuest
0x4E45D0 Script_GetPlayerBuff
0x4E4740 Script_GetPlayerBuffTexture
0x4E4800 Script_GetPlayerBuffDispelType
0x4E48B0 Script_GetPlayerBuffTimeLeft
0x4E49A0 Script_CancelPlayerBuff
0x4E6E10 Script_GetActionTexture
0x4E6E70 Script_GetActionCount
0x4E6ED0 Script_GetActionCooldown
0x4E6F90 Script_GetActionAutocast
0x4E7050 Script_GetActionText
0x4E70D0 Script_HasAction
0x4E7140 Script_UseAction
0x4E71D0 Script_PickupAction
0x4E7240 Script_PlaceAction
0x4E7280 Script_IsAttackAction
0x4E72F0 Script_IsCurrentAction
0x4E7360 Script_IsAutorepeatAction
0x4E73D0 Script_IsUsableAction
0x4E7470 Script_IsConsumableAction
0x4E74E0 Script_IsEquippedAction
0x4E9090 Script_GetPartyMember
0x4E92A0 Script_SetLootMethod
0x4E9500 Script_SetLooThreshold
0x4E9760 Script_LFGQuery
0x4E98C0 Script_GetLFGResults
0x4E9AA0 Script_GetLFGTypeEntries
0x4EE4A0 Script_%s:SetMaskTexture
0x4EE640 Script_%s:SetIconTexture
0x4EE7E0 Script_%s:SetBlipTexture
0x4EE980 Script_%s:SetArrowModel
0x4EEAB0 Script_%s:SetPlayerModel
0x4EEC60 Script_SetZoom
0x4F15B0 Script_CreateMacro
0x4F1760 Script_GetMacroInfo
0x4F1850 Script_DeleteMacro
0x4F18B0 Script_EditMacro
0x4F1A30 Script_GetMacroIconInfo
0x4F1AE0 Script_PickupMacro
0x4F1B30 Script_GetMacroIndexByName
0x4F3040 Script_GetTalentTabInfo
0x4F3160 Script_GetNumTalents
0x4F3200 Script_GetTalentInfo
0x4F34D0 Script_GetTalentPrereqs
0x4F36A0 Script_LearnTalent
0x4F4510 Script_GetPetitionNameInfo
0x4F5260 Script_BuyGuildCharter
0x4F6E90 Script_GetCraftInfo
0x4F70F0 Script_SelectCraft
0x4F7160 Script_GetTradeSkillIcon
0x4F7210 Script_GetCraftSkillLine
0x4F72A0 Script_GetCraftItemLink
0x4F7420 Script_GetCraftNumReagents
0x4F74D0 Script_GetCraftReagentInfo
0x4F7730 Script_GetCraftReagentItemLink
0x4F78B0 Script_GetCraftSpellFocus
0x4F7A90 Script_GetCraftDescription
0x4F7C10 Script_CollapseCraftSkillLine
0x4F7C90 Script_ExpandCraftSkillLine
0x4F7D10 Script_DoCraft
0x4F8530 Script_BankButtonIDToInvSlotID
0x4F94E0 Script_ContainerIDToInventoryID
0x4F9560 Script_GetContainerNumSlots
0x4F9670 Script_GetContainerItemInfo
0x4F9930 Script_GetContainerItemLink
0x4F99B0 Script_GetContainerItemCooldown
0x4F9B30 Script_PickupContainerItem
0x4F9F70 Script_SplitContainerItem
0x4FA0E0 Script_UseContainerItem
0x4FA460 Script_ShowContainerSellCursor
0x4FA4F0 Script_SetBagPortaitTexture
0x4FA670 Script_GetBagName
0x4FB150 Script_GetMerchantItemInfo
0x4FB310 Script_GetBuybackItemInfo
0x4FB580 Script_GetMerchantItemLink
0x4FB670 Script_GetMerchantItemMaxStack
0x4FB850 Script_BuyMerchantItem
0x4FB950 Script_BuybackItem
0x4FBAB0 Script_ShowMerchantSellCursor
0x4FBBB0 Script_ShowBuybackSellCursor
0x4FD820 Script_GetTradeSkillInfo
0x4FD9B0 Script_SelectTradeSkill
0x4FDA20 Script_GetTradeSkillCooldown
0x4FDC50 Script_GetTradeSkillNumMade
0x4FDEC0 Script_GetTradeSkillItemStats
0x4FF410 Script_GetTradeSkillItemLink
0x4FF510 Script_GetTradeSkillNumReagents
0x4FF5C0 Script_GetTradeSkillReagentInfo
0x4FF800 Script_GetTradeReagentSkillItemLink
0x4FF980 Script_GetTradeSkillTools
0x4FFC70 Script_SetTradeSkillSubClassFilter
0x4FFD90 Script_GetTradeSkillSubClassFilter
0x4FFE60 Script_SetTradeSkillInvSlotFilter
0x4FFFD0 Script_GetTradeSkillInvSlotFilter
0x5000C0 Script_CollapseTradeSkillSubClass
0x500140 Script_ExpandTradeSkillSubClass
0x500280 Script_DoTradeSkill
0x501AC0 Script_GetAvailableTitle
0x501B30 Script_GetActiveTitle
0x501BA0 Script_GetGetAvailableLevel
0x501C20 Script_GetGetActiveLevel
0x501CA0 Script_SelectAvailableQuest
0x501CE0 Script_SelectActiveQuest
0x502090 Script_GetQuestItemLink
0x502CA0 Script_CycleVariation
0x503160 Script_%s:GetUpperEmblemTexture
0x503540 Script_%s:GetLowerEmblemTexture
0x505D70 Script_SetUnit
0x505F00 Script_SetRotation
```

Is anybody working on cooldown timers or other kind of damage hacks?

----------


## daCoder

I have trouble getting the first object pointer. 
I don't see any way starting from 0xB41414 to reach the first object pointer.

What i can tell so far is, that my character is the first object everytime. The nextpointer with 0x3c is working and a reverse search leads to 6 results pointing to my object.
But there is no pointer pointing to (result-0xAC). 

I also had a look into the Binary, it seems that ClntObjMgrGetActivePlayer() is using this pointer.


```
__int64 __cdecl ClntObjMgrGetActivePlayer() {
  if ( 0xB41414 )
    result = *((_QWORD *)0xB41414 + 24);
  else
    result = 0i64;
  return result;
}
```

This results named here as player is used in the following function.


```
int __stdcall sub_464890(int player, int a2)
{
  int v2; // [email protected]
  int result; // [email protected]

  v2 = *((_DWORD *)0xB41414 + 9);
  if ( v2 != -1 )
  {
    result = *(_DWORD *)(*((_DWORD *)0xB41414 + 7) + 12 * (player & v2) + 8);
    if ( result & 1 || !result )
      result = 0;
    while ( !(result & 1) && result )
    {
      if ( *(_DWORD *)(result + 24) == player && *(_DWORD *)(result + 48) == player && *(_DWORD *)(result + 52) == a2 )
        return result;
      result = *(_DWORD *)(result
                         + *(_DWORD *)(*((_DWORD *)0xB41414 + 7) + 12 * (*((_DWORD *)0xB41414 + 9) & player))
                         + 4);
    }
  }
  return 0;
}
```

But this is looking like a search, what i want is just a pointer to the first object. Something like firstobject = (*(staticaddr + offset1) + offset2) would be great  :Smile:

----------


## namreeb

If you are trying to manually iterate over the object list, you shouldn't be looking at ClntObjMgrGetActivePlayer but at ClntObjMgrEnumVisibleObjects. In 1.12.1, it is at 0x468380 and it looks like this:



```
int __fastcall ClntObjMgrEnumVisibleObjects(int (__thiscall *callback)(_DWORD, unsigned __int64), unsigned int filter)
{
  int i; // [email protected]
  int (__thiscall *callback_)(_DWORD, unsigned __int64); // [email protected]
  unsigned int filter_; // [email protected]

  i = *(s_curMgr + 43);
  filter_ = filter;
  callback_ = callback;
  if ( i & 1 || !i )
    i = 0;
  while ( !(i & 1) && i )
  {
    if ( !(callback_)(filter_, *(i + 48), *(i + 52)) )
      return 0;
    i = *(i + *(s_curMgr + 41) + 4);
  }
  return 1;
}
```

----------


## daCoder

Thanks for pointing to this function  :Smile:  It helped me to solve my problem  :Smile:

----------


## Strath

I'm a noob, how would I go about the implementation of these scripts? 

Sent from my SCH-I510 using Tapatalk 2

----------


## DarkLinux

The fact that you called them scripts indicates you need to start from the basics... Most of the code above looks to be c++ dumped from IDA

----------


## daCoder

I have started an open source project for WoW 1.12.1, if you are interested on my implementation or want to join the project:

http://www.ownedcore.com/forums/worl...-1-12-1-a.html (Open Souce Project for WoW 1.12.1)

----------


## namreeb

Noclip is at playerBase+0xA58. Just write 0x00000000. Note that this does not add the fly hack that you would also want to use to make it worthwhile.

Credit for finding it goes to Lysolfs, but he didn't post it so I did for him  :Smile:

----------


## Graype

Anyone got / know how to get the Session Key from 1.12.1?

----------


## namreeb

Moved to first post.

----------


## Sacred

I have a nostalgia for classic WoW, so i decided to write a bot for this version  :Embarrassment: 

Some functions:


```
FrameScript__GetText = 0x703BF0,
CGGameUI__Target = 0x489A40,
FrameScript_SignalEvent = 0x703E50,
FrameScript_SignalEvent2 = 0x703F50,
ItemWDBCacheGetRow = 0x55BA30,
CallAutoLoot = 0x4C1FA0,
CGGameUI__DisplayError = 0x496720,
CGWorldFrame__GetActiveCamera = 0x4818F0
```

Offsets


```
CastingSpellId = 0xCECA88,
LastHardwareAction = 0xCF0BC8,
ContinentID = 0x86F694,
ClientServiceConnection = 0xB41DA0,
EquippedBagGUID = 0xBDD060,
ChatBase = 0xB50580,
NextMessage = 0x800,
```

UIFrame


```
internal enum UIFrame
{
     CurrentFramePtr = 0xCF0BD8,
     CurrentFrameOffset = 0x7C,
     FirstFrame = 0xCC4,
     NextFrame = 0xCBC,
     UnkDivWidth = 0x832A44,
     UnkDivHeight = UnkDivWidth + 0x4,
     FrameBottom = 0x64,
     FrameLeft = FrameBottom + 0x4,
     FrameTop = FrameBottom + 0x8,
     FrameRight = FrameBottom + 0xC,
     ParentPtr = 0x9C,
     EffectiveScale = 0x7C,
     Name = 0x98,
     LabelText = 0xF0,
     EditBoxText = 0x338,
     Visible = 0xD4,
     Enabled = 0x328,
     EnabledMask = 0x20,
     ButtonChecked = 0x4DC,
}
```

Descriptors:


```
    internal enum UnitFields
    {
          UNIT_FIELD_CHARM = ObjectFields.OBJECT_END + 0x0,
          UNIT_FIELD_SUMMON = ObjectFields.OBJECT_END + 0x8,
          UNIT_FIELD_CHARMEDBY = ObjectFields.OBJECT_END + 0x10,
          UNIT_FIELD_SUMMONEDBY = ObjectFields.OBJECT_END + 0x18,
          UNIT_FIELD_CREATEDBY = ObjectFields.OBJECT_END + 0x20,
          UNIT_FIELD_TARGET = ObjectFields.OBJECT_END + 0x28,
          UNIT_FIELD_PERSUADED = ObjectFields.OBJECT_END + 0x30,
          UNIT_FIELD_CHANNEL_OBJECT = ObjectFields.OBJECT_END + 0x38,
          UNIT_FIELD_HEALTH = ObjectFields.OBJECT_END + 0x40,
          UNIT_FIELD_POWER1 = ObjectFields.OBJECT_END + 0x44,
          UNIT_FIELD_POWER2 = ObjectFields.OBJECT_END + 0x48,
          UNIT_FIELD_POWER3 = ObjectFields.OBJECT_END + 0x4C,
          UNIT_FIELD_POWER4 = ObjectFields.OBJECT_END + 0x50,
          UNIT_FIELD_POWER5 = ObjectFields.OBJECT_END + 0x54,
          UNIT_FIELD_MAXHEALTH = ObjectFields.OBJECT_END + 0x58,
          UNIT_FIELD_MAXPOWER1 = ObjectFields.OBJECT_END + 0x5C,
          UNIT_FIELD_MAXPOWER2 = ObjectFields.OBJECT_END + 0x60,
          UNIT_FIELD_MAXPOWER3 = ObjectFields.OBJECT_END + 0x64,
          UNIT_FIELD_MAXPOWER4 = ObjectFields.OBJECT_END + 0x68,
          UNIT_FIELD_MAXPOWER5 = ObjectFields.OBJECT_END + 0x6C,
          UNIT_FIELD_LEVEL = ObjectFields.OBJECT_END + 0x70,
          UNIT_FIELD_FACTIONTEMPLATE = ObjectFields.OBJECT_END + 0x74,
          UNIT_FIELD_BYTES_0 = ObjectFields.OBJECT_END + 0x78,
          UNIT_VIRTUAL_ITEM_SLOT_DISPLAY = ObjectFields.OBJECT_END + 0x7C,
          UNIT_VIRTUAL_ITEM_INFO = ObjectFields.OBJECT_END + 0x88,
          UNIT_FIELD_FLAGS = ObjectFields.OBJECT_END + 0xA0,
          UNIT_FIELD_AURA = ObjectFields.OBJECT_END + 0xA4,
          UNIT_FIELD_AURAFLAGS = ObjectFields.OBJECT_END + 0x164,
          UNIT_FIELD_AURALEVELS = ObjectFields.OBJECT_END + 0x17C,
          UNIT_FIELD_AURAAPPLICATIONS = ObjectFields.OBJECT_END + 0x1AC,
          UNIT_FIELD_AURASTATE = ObjectFields.OBJECT_END + 0x1DC,
          UNIT_FIELD_BASEATTACKTIME = ObjectFields.OBJECT_END + 0x1E0,
          UNIT_FIELD_RANGEDATTACKTIME = ObjectFields.OBJECT_END + 0x1E8,
          UNIT_FIELD_BOUNDINGRADIUS = ObjectFields.OBJECT_END + 0x1EC,
          UNIT_FIELD_COMBATREACH = ObjectFields.OBJECT_END + 0x1F0,
          UNIT_FIELD_DISPLAYID = ObjectFields.OBJECT_END + 0x1F4,
          UNIT_FIELD_NATIVEDISPLAYID = ObjectFields.OBJECT_END + 0x1F8,
          UNIT_FIELD_MOUNTDISPLAYID = ObjectFields.OBJECT_END + 0x1FC,
          UNIT_FIELD_MINDAMAGE = ObjectFields.OBJECT_END + 0x200,
          UNIT_FIELD_MAXDAMAGE = ObjectFields.OBJECT_END + 0x204,
          UNIT_FIELD_MINOFFHANDDAMAGE = ObjectFields.OBJECT_END + 0x208,
          UNIT_FIELD_MAXOFFHANDDAMAGE = ObjectFields.OBJECT_END + 0x20C,
          UNIT_FIELD_BYTES_1 = ObjectFields.OBJECT_END + 0x210,
          UNIT_FIELD_PETNUMBER = ObjectFields.OBJECT_END + 0x214,
          UNIT_FIELD_PET_NAME_TIMESTAMP = ObjectFields.OBJECT_END + 0x218,
          UNIT_FIELD_PETEXPERIENCE = ObjectFields.OBJECT_END + 0x21C,
          UNIT_FIELD_PETNEXTLEVELEXP = ObjectFields.OBJECT_END + 0x220,
          UNIT_DYNAMIC_FLAGS = ObjectFields.OBJECT_END + 0x224,
          UNIT_CHANNEL_SPELL = ObjectFields.OBJECT_END + 0x228,
          UNIT_MOD_CAST_SPEED = ObjectFields.OBJECT_END + 0x22C,
          UNIT_CREATED_BY_SPELL = ObjectFields.OBJECT_END + 0x230,
          UNIT_NPC_FLAGS = ObjectFields.OBJECT_END + 0x234,
          UNIT_NPC_EMOTESTATE = ObjectFields.OBJECT_END + 0x238,
          UNIT_TRAINING_POINTS = ObjectFields.OBJECT_END + 0x23C,
          UNIT_FIELD_STAT0 = ObjectFields.OBJECT_END + 0x240,
          UNIT_FIELD_STAT1 = ObjectFields.OBJECT_END + 0x244,
          UNIT_FIELD_STAT2 = ObjectFields.OBJECT_END + 0x248,
          UNIT_FIELD_STAT3 = ObjectFields.OBJECT_END + 0x24C,
          UNIT_FIELD_STAT4 = ObjectFields.OBJECT_END + 0x250,
          UNIT_FIELD_RESISTANCES = ObjectFields.OBJECT_END + 0x254,
          UNIT_FIELD_BASE_MANA = ObjectFields.OBJECT_END + 0x270,
          UNIT_FIELD_BASE_HEALTH = ObjectFields.OBJECT_END + 0x274,
          UNIT_FIELD_BYTES_2 = ObjectFields.OBJECT_END + 0x278,
          UNIT_FIELD_ATTACK_POWER = ObjectFields.OBJECT_END + 0x27C,
          UNIT_FIELD_ATTACK_POWER_MODS = ObjectFields.OBJECT_END + 0x280,
          UNIT_FIELD_ATTACK_POWER_MULTIPLIER = ObjectFields.OBJECT_END + 0x284,
          UNIT_FIELD_RANGED_ATTACK_POWER = ObjectFields.OBJECT_END + 0x288,
          UNIT_FIELD_RANGED_ATTACK_POWER_MODS = ObjectFields.OBJECT_END + 0x28C,
          UNIT_FIELD_RANGED_ATTACK_POWER_MULTIPLIER = ObjectFields.OBJECT_END + 0x290,
          UNIT_FIELD_MINRANGEDDAMAGE = ObjectFields.OBJECT_END + 0x294,
          UNIT_FIELD_MAXRANGEDDAMAGE = ObjectFields.OBJECT_END + 0x298,
          UNIT_FIELD_POWER_COST_MODIFIER = ObjectFields.OBJECT_END + 0x29C,
          UNIT_FIELD_POWER_COST_MULTIPLIER = ObjectFields.OBJECT_END + 0x2B8,
          UNIT_FIELD_PADDING = ObjectFields.OBJECT_END + 0x2D4,
          UNIT_END = ObjectFields.OBJECT_END + 0x2D8
    }

    internal enum ItemFields
    {
          ITEM_FIELD_OWNER = ObjectFields.OBJECT_END + 0x0,
          ITEM_FIELD_CONTAINED = ObjectFields.OBJECT_END + 0x8,
          ITEM_FIELD_CREATOR = ObjectFields.OBJECT_END + 0x10,
          ITEM_FIELD_GIFTCREATOR = ObjectFields.OBJECT_END + 0x18,
          ITEM_FIELD_STACK_COUNT = ObjectFields.OBJECT_END + 0x20,
          ITEM_FIELD_DURATION = ObjectFields.OBJECT_END + 0x24,
          ITEM_FIELD_SPELL_CHARGES = ObjectFields.OBJECT_END + 0x28,
          ITEM_FIELD_FLAGS = ObjectFields.OBJECT_END + 0x3C,
          ITEM_FIELD_ENCHANTMENT = ObjectFields.OBJECT_END + 0x40,
          ITEM_FIELD_PROPERTY_SEED = ObjectFields.OBJECT_END + 0x94,
          ITEM_FIELD_RANDOM_PROPERTIES_ID = ObjectFields.OBJECT_END + 0x98,
          ITEM_FIELD_ITEM_TEXT_ID = ObjectFields.OBJECT_END + 0x9C,
          ITEM_FIELD_DURABILITY = ObjectFields.OBJECT_END + 0xA0,
          ITEM_FIELD_MAXDURABILITY = ObjectFields.OBJECT_END + 0xA4,
          ITEM_END = ObjectFields.OBJECT_END + 0xA8
    }

    internal enum PlayerFields
    {
          PLAYER_DUEL_ARBITER = UnitFields.UNIT_END + 0x0,
          PLAYER_FLAGS = UnitFields.UNIT_END + 0x8,
          PLAYER_GUILDID = UnitFields.UNIT_END + 0xC,
          PLAYER_GUILDRANK = UnitFields.UNIT_END + 0x10,
          PLAYER_BYTES = UnitFields.UNIT_END + 0x14,
          PLAYER_BYTES_2 = UnitFields.UNIT_END + 0x18,
          PLAYER_BYTES_3 = UnitFields.UNIT_END + 0x1C,
          PLAYER_DUEL_TEAM = UnitFields.UNIT_END + 0x20,
          PLAYER_GUILD_TIMESTAMP = UnitFields.UNIT_END + 0x24,
          PLAYER_QUEST_LOG_1_1 = UnitFields.UNIT_END + 0x28,
          PLAYER_QUEST_LOG_1_2 = UnitFields.UNIT_END + 0x2C,
          PLAYER_QUEST_LOG_2_1 = UnitFields.UNIT_END + 0x34,
          PLAYER_QUEST_LOG_2_2 = UnitFields.UNIT_END + 0x38,
          PLAYER_QUEST_LOG_3_1 = UnitFields.UNIT_END + 0x40,
          PLAYER_QUEST_LOG_3_2 = UnitFields.UNIT_END + 0x44,
          PLAYER_QUEST_LOG_4_1 = UnitFields.UNIT_END + 0x4C,
          PLAYER_QUEST_LOG_4_2 = UnitFields.UNIT_END + 0x50,
          PLAYER_QUEST_LOG_5_1 = UnitFields.UNIT_END + 0x58,
          PLAYER_QUEST_LOG_5_2 = UnitFields.UNIT_END + 0x5C,
          PLAYER_QUEST_LOG_6_1 = UnitFields.UNIT_END + 0x64,
          PLAYER_QUEST_LOG_6_2 = UnitFields.UNIT_END + 0x68,
          PLAYER_QUEST_LOG_7_1 = UnitFields.UNIT_END + 0x70,
          PLAYER_QUEST_LOG_7_2 = UnitFields.UNIT_END + 0x74,
          PLAYER_QUEST_LOG_8_1 = UnitFields.UNIT_END + 0x7C,
          PLAYER_QUEST_LOG_8_2 = UnitFields.UNIT_END + 0x80,
          PLAYER_QUEST_LOG_9_1 = UnitFields.UNIT_END + 0x88,
          PLAYER_QUEST_LOG_9_2 = UnitFields.UNIT_END + 0x8C,
          PLAYER_QUEST_LOG_10_1 = UnitFields.UNIT_END + 0x94,
          PLAYER_QUEST_LOG_10_2 = UnitFields.UNIT_END + 0x98,
          PLAYER_QUEST_LOG_11_1 = UnitFields.UNIT_END + 0xA0,
          PLAYER_QUEST_LOG_11_2 = UnitFields.UNIT_END + 0xA4,
          PLAYER_QUEST_LOG_12_1 = UnitFields.UNIT_END + 0xAC,
          PLAYER_QUEST_LOG_12_2 = UnitFields.UNIT_END + 0xB0,
          PLAYER_QUEST_LOG_13_1 = UnitFields.UNIT_END + 0xB8,
          PLAYER_QUEST_LOG_13_2 = UnitFields.UNIT_END + 0xBC,
          PLAYER_QUEST_LOG_14_1 = UnitFields.UNIT_END + 0xC4,
          PLAYER_QUEST_LOG_14_2 = UnitFields.UNIT_END + 0xC8,
          PLAYER_QUEST_LOG_15_1 = UnitFields.UNIT_END + 0xD0,
          PLAYER_QUEST_LOG_15_2 = UnitFields.UNIT_END + 0xD4,
          PLAYER_QUEST_LOG_16_1 = UnitFields.UNIT_END + 0xDC,
          PLAYER_QUEST_LOG_16_2 = UnitFields.UNIT_END + 0xE0,
          PLAYER_QUEST_LOG_17_1 = UnitFields.UNIT_END + 0xE8,
          PLAYER_QUEST_LOG_17_2 = UnitFields.UNIT_END + 0xEC,
          PLAYER_QUEST_LOG_18_1 = UnitFields.UNIT_END + 0xF4,
          PLAYER_QUEST_LOG_18_2 = UnitFields.UNIT_END + 0xF8,
          PLAYER_QUEST_LOG_19_1 = UnitFields.UNIT_END + 0x100,
          PLAYER_QUEST_LOG_19_2 = UnitFields.UNIT_END + 0x104,
          PLAYER_QUEST_LOG_20_1 = UnitFields.UNIT_END + 0x10C,
          PLAYER_QUEST_LOG_20_2 = UnitFields.UNIT_END + 0x110,
          PLAYER_VISIBLE_ITEM_1_CREATOR = UnitFields.UNIT_END + 0x118,
          PLAYER_VISIBLE_ITEM_1_0 = UnitFields.UNIT_END + 0x120,
          PLAYER_VISIBLE_ITEM_1_PROPERTIES = UnitFields.UNIT_END + 0x140,
          PLAYER_VISIBLE_ITEM_1_PAD = UnitFields.UNIT_END + 0x144,
          PLAYER_VISIBLE_ITEM_2_CREATOR = UnitFields.UNIT_END + 0x148,
          PLAYER_VISIBLE_ITEM_2_0 = UnitFields.UNIT_END + 0x150,
          PLAYER_VISIBLE_ITEM_2_PROPERTIES = UnitFields.UNIT_END + 0x170,
          PLAYER_VISIBLE_ITEM_2_PAD = UnitFields.UNIT_END + 0x174,
          PLAYER_VISIBLE_ITEM_3_CREATOR = UnitFields.UNIT_END + 0x178,
          PLAYER_VISIBLE_ITEM_3_0 = UnitFields.UNIT_END + 0x180,
          PLAYER_VISIBLE_ITEM_3_PROPERTIES = UnitFields.UNIT_END + 0x1A0,
          PLAYER_VISIBLE_ITEM_3_PAD = UnitFields.UNIT_END + 0x1A4,
          PLAYER_VISIBLE_ITEM_4_CREATOR = UnitFields.UNIT_END + 0x1A8,
          PLAYER_VISIBLE_ITEM_4_0 = UnitFields.UNIT_END + 0x1B0,
          PLAYER_VISIBLE_ITEM_4_PROPERTIES = UnitFields.UNIT_END + 0x1D0,
          PLAYER_VISIBLE_ITEM_4_PAD = UnitFields.UNIT_END + 0x1D4,
          PLAYER_VISIBLE_ITEM_5_CREATOR = UnitFields.UNIT_END + 0x1D8,
          PLAYER_VISIBLE_ITEM_5_0 = UnitFields.UNIT_END + 0x1E0,
          PLAYER_VISIBLE_ITEM_5_PROPERTIES = UnitFields.UNIT_END + 0x200,
          PLAYER_VISIBLE_ITEM_5_PAD = UnitFields.UNIT_END + 0x204,
          PLAYER_VISIBLE_ITEM_6_CREATOR = UnitFields.UNIT_END + 0x208,
          PLAYER_VISIBLE_ITEM_6_0 = UnitFields.UNIT_END + 0x210,
          PLAYER_VISIBLE_ITEM_6_PROPERTIES = UnitFields.UNIT_END + 0x230,
          PLAYER_VISIBLE_ITEM_6_PAD = UnitFields.UNIT_END + 0x234,
          PLAYER_VISIBLE_ITEM_7_CREATOR = UnitFields.UNIT_END + 0x238,
          PLAYER_VISIBLE_ITEM_7_0 = UnitFields.UNIT_END + 0x240,
          PLAYER_VISIBLE_ITEM_7_PROPERTIES = UnitFields.UNIT_END + 0x260,
          PLAYER_VISIBLE_ITEM_7_PAD = UnitFields.UNIT_END + 0x264,
          PLAYER_VISIBLE_ITEM_8_CREATOR = UnitFields.UNIT_END + 0x268,
          PLAYER_VISIBLE_ITEM_8_0 = UnitFields.UNIT_END + 0x270,
          PLAYER_VISIBLE_ITEM_8_PROPERTIES = UnitFields.UNIT_END + 0x290,
          PLAYER_VISIBLE_ITEM_8_PAD = UnitFields.UNIT_END + 0x294,
          PLAYER_VISIBLE_ITEM_9_CREATOR = UnitFields.UNIT_END + 0x298,
          PLAYER_VISIBLE_ITEM_9_0 = UnitFields.UNIT_END + 0x2A0,
          PLAYER_VISIBLE_ITEM_9_PROPERTIES = UnitFields.UNIT_END + 0x2C0,
          PLAYER_VISIBLE_ITEM_9_PAD = UnitFields.UNIT_END + 0x2C4,
          PLAYER_VISIBLE_ITEM_10_CREATOR = UnitFields.UNIT_END + 0x2C8,
          PLAYER_VISIBLE_ITEM_10_0 = UnitFields.UNIT_END + 0x2D0,
          PLAYER_VISIBLE_ITEM_10_PROPERTIES = UnitFields.UNIT_END + 0x2F0,
          PLAYER_VISIBLE_ITEM_10_PAD = UnitFields.UNIT_END + 0x2F4,
          PLAYER_VISIBLE_ITEM_11_CREATOR = UnitFields.UNIT_END + 0x2F8,
          PLAYER_VISIBLE_ITEM_11_0 = UnitFields.UNIT_END + 0x300,
          PLAYER_VISIBLE_ITEM_11_PROPERTIES = UnitFields.UNIT_END + 0x320,
          PLAYER_VISIBLE_ITEM_11_PAD = UnitFields.UNIT_END + 0x324,
          PLAYER_VISIBLE_ITEM_12_CREATOR = UnitFields.UNIT_END + 0x328,
          PLAYER_VISIBLE_ITEM_12_0 = UnitFields.UNIT_END + 0x330,
          PLAYER_VISIBLE_ITEM_12_PROPERTIES = UnitFields.UNIT_END + 0x350,
          PLAYER_VISIBLE_ITEM_12_PAD = UnitFields.UNIT_END + 0x354,
          PLAYER_VISIBLE_ITEM_13_CREATOR = UnitFields.UNIT_END + 0x358,
          PLAYER_VISIBLE_ITEM_13_0 = UnitFields.UNIT_END + 0x360,
          PLAYER_VISIBLE_ITEM_13_PROPERTIES = UnitFields.UNIT_END + 0x380,
          PLAYER_VISIBLE_ITEM_13_PAD = UnitFields.UNIT_END + 0x384,
          PLAYER_VISIBLE_ITEM_14_CREATOR = UnitFields.UNIT_END + 0x388,
          PLAYER_VISIBLE_ITEM_14_0 = UnitFields.UNIT_END + 0x390,
          PLAYER_VISIBLE_ITEM_14_PROPERTIES = UnitFields.UNIT_END + 0x3B0,
          PLAYER_VISIBLE_ITEM_14_PAD = UnitFields.UNIT_END + 0x3B4,
          PLAYER_VISIBLE_ITEM_15_CREATOR = UnitFields.UNIT_END + 0x3B8,
          PLAYER_VISIBLE_ITEM_15_0 = UnitFields.UNIT_END + 0x3C0,
          PLAYER_VISIBLE_ITEM_15_PROPERTIES = UnitFields.UNIT_END + 0x3E0,
          PLAYER_VISIBLE_ITEM_15_PAD = UnitFields.UNIT_END + 0x3E4,
          PLAYER_VISIBLE_ITEM_16_CREATOR = UnitFields.UNIT_END + 0x3E8,
          PLAYER_VISIBLE_ITEM_16_0 = UnitFields.UNIT_END + 0x3F0,
          PLAYER_VISIBLE_ITEM_16_PROPERTIES = UnitFields.UNIT_END + 0x410,
          PLAYER_VISIBLE_ITEM_16_PAD = UnitFields.UNIT_END + 0x414,
          PLAYER_VISIBLE_ITEM_17_CREATOR = UnitFields.UNIT_END + 0x418,
          PLAYER_VISIBLE_ITEM_17_0 = UnitFields.UNIT_END + 0x420,
          PLAYER_VISIBLE_ITEM_17_PROPERTIES = UnitFields.UNIT_END + 0x440,
          PLAYER_VISIBLE_ITEM_17_PAD = UnitFields.UNIT_END + 0x444,
          PLAYER_VISIBLE_ITEM_18_CREATOR = UnitFields.UNIT_END + 0x448,
          PLAYER_VISIBLE_ITEM_18_0 = UnitFields.UNIT_END + 0x450,
          PLAYER_VISIBLE_ITEM_18_PROPERTIES = UnitFields.UNIT_END + 0x470,
          PLAYER_VISIBLE_ITEM_18_PAD = UnitFields.UNIT_END + 0x474,
          PLAYER_VISIBLE_ITEM_19_CREATOR = UnitFields.UNIT_END + 0x478,
          PLAYER_VISIBLE_ITEM_19_0 = UnitFields.UNIT_END + 0x480,
          PLAYER_VISIBLE_ITEM_19_PROPERTIES = UnitFields.UNIT_END + 0x4A0,
          PLAYER_VISIBLE_ITEM_19_PAD = UnitFields.UNIT_END + 0x4A4,
          PLAYER_FIELD_INV_SLOT_HEAD = UnitFields.UNIT_END + 0x4A8,
          PLAYER_FIELD_PACK_SLOT_1 = UnitFields.UNIT_END + 0x560,
          PLAYER_FIELD_BANK_SLOT_1 = UnitFields.UNIT_END + 0x5E0,
          PLAYER_FIELD_BANKBAG_SLOT_1 = UnitFields.UNIT_END + 0x6A0,
          PLAYER_FIELD_VENDORBUYBACK_SLOT_1 = UnitFields.UNIT_END + 0x6D0,
          PLAYER_FIELD_KEYRING_SLOT_1 = UnitFields.UNIT_END + 0x730,
          PLAYER_FARSIGHT = UnitFields.UNIT_END + 0x830,
          PLAYER__FIELD_COMBO_TARGET = UnitFields.UNIT_END + 0x838,
          PLAYER_XP = UnitFields.UNIT_END + 0x840,
          PLAYER_NEXT_LEVEL_XP = UnitFields.UNIT_END + 0x844,
          PLAYER_SKILL_INFO_1_1 = UnitFields.UNIT_END + 0x848,
          PLAYER_CHARACTER_POINTS1 = UnitFields.UNIT_END + 0xE48,
          PLAYER_CHARACTER_POINTS2 = UnitFields.UNIT_END + 0xE4C,
          PLAYER_TRACK_CREATURES = UnitFields.UNIT_END + 0xE50,
          PLAYER_TRACK_RESOURCES = UnitFields.UNIT_END + 0xE54,
          PLAYER_BLOCK_PERCENTAGE = UnitFields.UNIT_END + 0xE58,
          PLAYER_DODGE_PERCENTAGE = UnitFields.UNIT_END + 0xE5C,
          PLAYER_PARRY_PERCENTAGE = UnitFields.UNIT_END + 0xE60,
          PLAYER_CRIT_PERCENTAGE = UnitFields.UNIT_END + 0xE64,
          PLAYER_RANGED_CRIT_PERCENTAGE = UnitFields.UNIT_END + 0xE68,
          PLAYER_EXPLORED_ZONES_1 = UnitFields.UNIT_END + 0xE6C,
          PLAYER_REST_STATE_EXPERIENCE = UnitFields.UNIT_END + 0xF6C,
          PLAYER_FIELD_COINAGE = UnitFields.UNIT_END + 0xF70,
          PLAYER_FIELD_POSSTAT0 = UnitFields.UNIT_END + 0xF74,
          PLAYER_FIELD_POSSTAT1 = UnitFields.UNIT_END + 0xF78,
          PLAYER_FIELD_POSSTAT2 = UnitFields.UNIT_END + 0xF7C,
          PLAYER_FIELD_POSSTAT3 = UnitFields.UNIT_END + 0xF80,
          PLAYER_FIELD_POSSTAT4 = UnitFields.UNIT_END + 0xF84,
          PLAYER_FIELD_NEGSTAT0 = UnitFields.UNIT_END + 0xF88,
          PLAYER_FIELD_NEGSTAT1 = UnitFields.UNIT_END + 0xF8C,
          PLAYER_FIELD_NEGSTAT2 = UnitFields.UNIT_END + 0xF90,
          PLAYER_FIELD_NEGSTAT3 = UnitFields.UNIT_END + 0xF94,
          PLAYER_FIELD_NEGSTAT4 = UnitFields.UNIT_END + 0xF98,
          PLAYER_FIELD_RESISTANCEBUFFMODSPOSITIVE = UnitFields.UNIT_END + 0xF9C,
          PLAYER_FIELD_RESISTANCEBUFFMODSNEGATIVE = UnitFields.UNIT_END + 0xFB8,
          PLAYER_FIELD_MOD_DAMAGE_DONE_POS = UnitFields.UNIT_END + 0xFD4,
          PLAYER_FIELD_MOD_DAMAGE_DONE_NEG = UnitFields.UNIT_END + 0xFF0,
          PLAYER_FIELD_MOD_DAMAGE_DONE_PCT = UnitFields.UNIT_END + 0x100C,
          PLAYER_FIELD_BYTES = UnitFields.UNIT_END + 0x1028,
          PLAYER_AMMO_ID = UnitFields.UNIT_END + 0x102C,
          PLAYER_SELF_RES_SPELL = UnitFields.UNIT_END + 0x1030,
          PLAYER_FIELD_PVP_MEDALS = UnitFields.UNIT_END + 0x1034,
          PLAYER_FIELD_BUYBACK_PRICE_1 = UnitFields.UNIT_END + 0x1038,
          PLAYER_FIELD_BUYBACK_TIMESTAMP_1 = UnitFields.UNIT_END + 0x1068,
          PLAYER_FIELD_SESSION_KILLS = UnitFields.UNIT_END + 0x1098,
          PLAYER_FIELD_YESTERDAY_KILLS = UnitFields.UNIT_END + 0x109C,
          PLAYER_FIELD_LAST_WEEK_KILLS = UnitFields.UNIT_END + 0x10A0,
          PLAYER_FIELD_THIS_WEEK_KILLS = UnitFields.UNIT_END + 0x10A4,
          PLAYER_FIELD_THIS_WEEK_CONTRIBUTION = UnitFields.UNIT_END + 0x10A8,
          PLAYER_FIELD_LIFETIME_HONORBALE_KILLS = UnitFields.UNIT_END + 0x10AC,
          PLAYER_FIELD_LIFETIME_DISHONORBALE_KILLS = UnitFields.UNIT_END + 0x10B0,
          PLAYER_FIELD_YESTERDAY_CONTRIBUTION = UnitFields.UNIT_END + 0x10B4,
          PLAYER_FIELD_LAST_WEEK_CONTRIBUTION = UnitFields.UNIT_END + 0x10B8,
          PLAYER_FIELD_LAST_WEEK_RANK = UnitFields.UNIT_END + 0x10BC,
          PLAYER_FIELD_BYTES2 = UnitFields.UNIT_END + 0x10C0,
          PLAYER_FIELD_WATCHED_FACTION_INDEX = UnitFields.UNIT_END + 0x10C4,
          PLAYER_FIELD_COMBAT_RATING_1 = UnitFields.UNIT_END + 0x10C8,
          PLAYER_END = UnitFields.UNIT_END + 0x1118
    }

    internal enum ContainerFields
    {
          CONTAINER_FIELD_NUM_SLOTS = ItemFields.ITEM_END + 0x0,
          CONTAINER_ALIGN_PAD = ItemFields.ITEM_END + 0x4,
          CONTAINER_FIELD_SLOT_1 = ItemFields.ITEM_END + 0x8,
          CONTAINER_END = ItemFields.ITEM_END + 0x128
    }

    internal enum GameObjectFields
    {
          GAMEOBJECT_DISPLAYID = ObjectFields.OBJECT_END + 0x8,
          GAMEOBJECT_FLAGS = ObjectFields.OBJECT_END + 0xC,
          GAMEOBJECT_ROTATION = ObjectFields.OBJECT_END + 0x10,
          GAMEOBJECT_STATE = ObjectFields.OBJECT_END + 0x20,
          GAMEOBJECT_POS_X = ObjectFields.OBJECT_END + 0x24,
          GAMEOBJECT_POS_Y = ObjectFields.OBJECT_END + 0x28,
          GAMEOBJECT_POS_Z = ObjectFields.OBJECT_END + 0x2C,
          GAMEOBJECT_FACING = ObjectFields.OBJECT_END + 0x30,
          GAMEOBJECT_DYN_FLAGS = ObjectFields.OBJECT_END + 0x34,
          GAMEOBJECT_FACTION = ObjectFields.OBJECT_END + 0x38,
          GAMEOBJECT_TYPE_ID = ObjectFields.OBJECT_END + 0x3C,
          GAMEOBJECT_LEVEL = ObjectFields.OBJECT_END + 0x40,
          GAMEOBJECT_ARTKIT = ObjectFields.OBJECT_END + 0x44,
          GAMEOBJECT_ANIMPROGRESS = ObjectFields.OBJECT_END + 0x48,
          GAMEOBJECT_PADDING = ObjectFields.OBJECT_END + 0x4C,
          GAMEOBJECT_END = ObjectFields.OBJECT_END + 0x50
    }

    internal enum DynamicObjectFields
    {
          DYNAMICOBJECT_CASTER = ObjectFields.OBJECT_END + 0x0,
          DYNAMICOBJECT_BYTES = ObjectFields.OBJECT_END + 0x8,
          DYNAMICOBJECT_SPELLID = ObjectFields.OBJECT_END + 0xC,
          DYNAMICOBJECT_RADIUS = ObjectFields.OBJECT_END + 0x10,
          DYNAMICOBJECT_POS_X = ObjectFields.OBJECT_END + 0x14,
          DYNAMICOBJECT_POS_Y = ObjectFields.OBJECT_END + 0x18,
          DYNAMICOBJECT_POS_Z = ObjectFields.OBJECT_END + 0x1C,
          DYNAMICOBJECT_FACING = ObjectFields.OBJECT_END + 0x20,
          DYNAMICOBJECT_PAD = ObjectFields.OBJECT_END + 0x24,
          DYNAMICOBJECT_END = ObjectFields.OBJECT_END + 0x28
    }

    internal enum CorpseFields
    {
          CORPSE_FIELD_OWNER = ObjectFields.OBJECT_END + 0x0,
          CORPSE_FIELD_FACING = ObjectFields.OBJECT_END + 0x8,
          CORPSE_FIELD_POS_X = ObjectFields.OBJECT_END + 0xC,
          CORPSE_FIELD_POS_Y = ObjectFields.OBJECT_END + 0x10,
          CORPSE_FIELD_POS_Z = ObjectFields.OBJECT_END + 0x14,
          CORPSE_FIELD_DISPLAY_ID = ObjectFields.OBJECT_END + 0x18,
          CORPSE_FIELD_ITEM = ObjectFields.OBJECT_END + 0x1C,
          CORPSE_FIELD_BYTES_1 = ObjectFields.OBJECT_END + 0x68,
          CORPSE_FIELD_BYTES_2 = ObjectFields.OBJECT_END + 0x6C,
          CORPSE_FIELD_GUILD = ObjectFields.OBJECT_END + 0x70,
          CORPSE_FIELD_FLAGS = ObjectFields.OBJECT_END + 0x74,
          CORPSE_FIELD_DYNAMIC_FLAGS = ObjectFields.OBJECT_END + 0x78,
          CORPSE_FIELD_PAD = ObjectFields.OBJECT_END + 0x7C,
          CORPSE_END = ObjectFields.OBJECT_END + 0x80
    }
```

Error enum (hook 0x496720 + 0x9, then read at ebp+0x8 ):


```
    public enum Errors
    {
        ERR_INV_FULL,
        ERR_BANK_FULL,
        ERR_CANT_EQUIP_LEVEL_I,
        ERR_CANT_EQUIP_SKILL,
        ERR_CANT_EQUIP_EVER,
        ERR_CANT_EQUIP_RANK,
        ERR_CANT_EQUIP_REPUTATION,
        ERR_PROFICIENCY_NEEDED,
        ERR_WRONG_SLOT,
        ERR_BAG_FULL,
        ERR_INTERNAL_BAG_ERROR,
        ERR_DESTROY_NONEMPTY_BAG,
        ERR_BAG_IN_BAG,
        ERR_TOO_MANY_SPECIAL_BAGS,
        ERR_TRADE_EQUIPPED_BAG,
        ERR_AMMO_ONLY,
        ERR_NO_SLOT_AVAILABLE,
        ERR_WRONG_BAG_TYPE,
        ERR_ITEM_MAX_COUNT,
        ERR_NOT_EQUIPPABLE,
        ERR_CANT_STACK,
        ERR_CANT_SWAP,
        ERR_SLOT_EMPTY,
        ERR_ITEM_NOT_FOUND,
        ERR_TOO_FEW_TO_SPLIT,
        ERR_SPLIT_FAILED,
        ERR_NOT_A_BAG,
        ERR_NOT_OWNER,
        ERR_ONLY_ONE_QUIVER,
        ERR_NO_BANK_SLOT,
        ERR_NO_BANK_HERE,
        ERR_ITEM_LOCKED,
        ERR_2HANDED_EQUIPPED,
        ERR_VENDOR_NOT_INTERESTED,
        ERR_VENDOR_HATES_YOU,
        ERR_VENDOR_SOLD_OUT,
        ERR_VENDOR_TOO_FAR,
        ERR_NOT_ENOUGH_MONEY,
        ERR_RECEIVE_ITEM_S,
        ERR_DROP_BOUND_ITEM,
        ERR_TRADE_BOUND_ITEM,
        ERR_TRADE_QUEST_ITEM,
        ERR_TRADE_GROUND_ITEM,
        ERR_TRADE_BAG,
        ERR_SPELL_FAILED_S,
        ERR_ITEM_COOLDOWN,
        ERR_POTION_COOLDOWN,
        ERR_FOOD_COOLDOWN,
        ERR_SPELL_COOLDOWN,
        ERR_ABILITY_COOLDOWN,
        ERR_SPELL_ALREADY_KNOWN_S,
        ERR_PET_SPELL_ALREADY_KNOWN_S,
        ERR_PROFICIENCY_GAINED_S,
        ERR_SKILL_GAINED_S,
        ERR_SKILL_UP_SI,
        ERR_LEARN_SPELL_S,
        ERR_LEARN_ABILITY_S,
        ERR_LEARN_RECIPE_S,
        ERR_INVITE_PLAYER_S,
        ERR_INVITE_SELF,
        ERR_INVITED_TO_GROUP_S,
        ERR_ALREADY_IN_GROUP_S,
        ERR_PLAYER_BUSY_S,
        ERR_NEW_LEADER_S,
        ERR_NEW_LEADER_YOU,
        ERR_LEFT_GROUP_S,
        ERR_LEFT_GROUP_YOU,
        ERR_GROUP_DISBANDED,
        ERR_DECLINE_GROUP_S,
        ERR_JOINED_GROUP_S,
        ERR_UNINVITE_YOU,
        ERR_BAD_PLAYER_NAME_S,
        ERR_NOT_IN_GROUP,
        ERR_TARGET_NOT_IN_GROUP_S,
        ERR_GROUP_FULL,
        ERR_NOT_LEADER,
        ERR_PLAYER_DIED_S,
        ERR_GUILD_CREATE_S,
        ERR_GUILD_INVITE_S,
        ERR_INVITED_TO_GUILD_SS,
        ERR_ALREADY_IN_GUILD_S,
        ERR_ALREADY_INVITED_TO_GUILD_S,
        ERR_INVITED_TO_GUILD,
        ERR_ALREADY_IN_GUILD,
        ERR_GUILD_ACCEPT,
        ERR_GUILD_DECLINE_S,
        ERR_GUILD_PERMISSIONS,
        ERR_GUILD_JOIN_S,
        ERR_GUILD_FOUNDER_S,
        ERR_GUILD_PROMOTE_SSS,
        ERR_GUILD_DEMOTE_SSS,
        ERR_GUILD_QUIT_S,
        ERR_GUILD_LEAVE_S,
        ERR_GUILD_REMOVE_SS,
        ERR_GUILD_REMOVE_SELF,
        ERR_GUILD_DISBAND_S,
        ERR_GUILD_DISBAND_SELF,
        ERR_GUILD_LEADER_S,
        ERR_GUILD_LEADER_SELF,
        ERR_GUILD_PLAYER_NOT_FOUND_S,
        ERR_GUILD_PLAYER_NOT_IN_GUILD_S,
        ERR_GUILD_PLAYER_NOT_IN_GUILD,
        ERR_GUILD_CANT_PROMOTE_S,
        ERR_GUILD_CANT_DEMOTE_S,
        ERR_GUILD_NOT_IN_A_GUILD,
        ERR_GUILD_INTERNAL,
        ERR_GUILD_LEADER_IS_S,
        ERR_GUILD_LEADER_CHANGED_SS,
        ERR_GUILD_DISBANDED,
        ERR_GUILD_NOT_ALLIED,
        ERR_GUILD_LEADER_LEAVE,
        ERR_GUILD_RANKS_LOCKED,
        ERR_GUILD_RANK_IN_USE,
        ERR_GUILD_RANK_TOO_HIGH_S,
        ERR_GUILD_RANK_TOO_LOW_S,
        ERR_GUILD_NAME_INVALID,
        ERR_GUILD_NAME_EXISTS_S,
        ERR_GUILD_ENTER_NAME,
        ERR_GUILD_NAME_TOO_SHORT,
        ERR_GUILD_NAME_MIXED_LANGUAGES,
        ERR_GUILD_NAME_PROFANE,
        ERR_GUILD_NAME_RESERVED,
        ERR_GUILD_NAME_INVALID_SPACE,
        ERR_GUILD_NAME_NAME_CONSECUTIVE_SPACES,
        ERR_NO_GUILD_CHARTER,
        ERR_OUT_OF_RANGE,
        ERR_PLAYER_DEAD,
        ERR_CLIENT_LOCKED_OUT,
        ERR_KILLED_BY_S,
        ERR_LOOT_LOCKED,
        ERR_LOOT_TOO_FAR,
        ERR_LOOT_DIDNT_KILL,
        ERR_LOOT_BAD_FACING,
        ERR_LOOT_NOTSTANDING,
        ERR_LOOT_STUNNED,
        ERR_LOOT_NO_UI,
        ERR_LOOT_WHILE_INVULNERABLE,
        ERR_QUEST_ACCEPTED_S,
        ERR_QUEST_COMPLETE_S,
        ERR_QUEST_FAILED_S,
        ERR_QUEST_FAILED_BAG_FULL_S,
        ERR_QUEST_FAILED_MAX_COUNT_S,
        ERR_QUEST_FAILED_LOW_LEVEL,
        ERR_QUEST_FAILED_MISSING_ITEMS,
        ERR_QUEST_FAILED_WRONG_RACE,
        ERR_QUEST_FAILED_NOT_ENOUGH_MONEY,
        ERR_QUEST_ONLY_ONE_TIMED,
        ERR_QUEST_NEED_PREREQS,
        ERR_QUEST_ALREADY_ON,
        ERR_QUEST_REWARD_EXP_I,
        ERR_QUEST_REWARD_ITEM_S,
        ERR_QUEST_REWARD_MONEY_S,
        ERR_QUEST_MUST_CHOOSE,
        ERR_QUEST_LOG_FULL,
        ERR_COMBAT_DAMAGE_SSI,
        ERR_INSPECT_S,
        ERR_CANT_USE_ITEM,
        ERR_MUST_EQUIP_ITEM,
        ERR_PASSIVE_ABILITY,
        ERR_2HSKILLNOTFOUND,
        ERR_NO_ATTACK_TARGET,
        ERR_INVALID_ATTACK_TARGET,
        ERR_ATTACK_STUNNED,
        ERR_ATTACK_PACIFIED,
        ERR_ATTACK_MOUNTED,
        ERR_ATTACK_FLEEING,
        ERR_ATTACK_CONFUSED,
        ERR_ATTACK_CHARMED,
        ERR_ATTACK_DEAD,
        ERR_ATTACK_PREVENTED_BY_MECHANIC_S,
        ERR_TAXISAMENODE,
        ERR_TAXINOSUCHPATH,
        ERR_TAXIUNSPECIFIEDSERVERERROR,
        ERR_TAXINOTENOUGHMONEY,
        ERR_TAXITOOFARAWAY,
        ERR_TAXINOVENDORNEARBY,
        ERR_TAXINOTVISITED,
        ERR_TAXIPLAYERBUSY,
        ERR_TAXIPLAYERALREADYMOUNTED,
        ERR_TAXIPLAYERSHAPESHIFTED,
        ERR_TAXIPLAYERMOVING,
        ERR_TAXINOPATHS,
        ERR_TAXINOTSTANDING,
        ERR_NO_REPLY_TARGET,
        ERR_GENERIC_NO_TARGET,
        ERR_INITIATE_TRADE_S,
        ERR_TRADE_REQUEST_S,
        ERR_TRADE_BLOCKED_S,
        ERR_TRADE_TARGET_DEAD,
        ERR_TRADE_TOO_FAR,
        ERR_TRADE_CANCELLED,
        ERR_TRADE_COMPLETE,
        ERR_TRADE_BAG_FULL,
        ERR_TRADE_TARGET_BAG_FULL,
        ERR_TRADE_MAX_COUNT_EXCEEDED,
        ERR_TRADE_TARGET_MAX_COUNT_EXCEEDED,
        ERR_ALREADY_TRADING,
        ERR_MOUNT_INVALIDMOUNTEE,
        ERR_MOUNT_TOOFARAWAY,
        ERR_MOUNT_ALREADYMOUNTED,
        ERR_MOUNT_NOTMOUNTABLE,
        ERR_MOUNT_NOTYOURPET,
        ERR_MOUNT_OTHER,
        ERR_MOUNT_LOOTING,
        ERR_MOUNT_RACECANTMOUNT,
        ERR_MOUNT_SHAPESHIFTED,
        ERR_DISMOUNT_NOPET,
        ERR_DISMOUNT_NOTMOUNTED,
        ERR_DISMOUNT_NOTYOURPET,
        ERR_SPELL_FAILED_TOTEMS,
        ERR_SPELL_FAILED_REAGENTS,
        ERR_SPELL_FAILED_REAGENTS_GENERIC,
        ERR_SPELL_FAILED_EQUIPPED_ITEM,
        ERR_SPELL_FAILED_EQUIPPED_ITEM_CLASS_S,
        ERR_SPELL_FAILED_SHAPESHIFT_FORM_S,
        ERR_BADATTACKFACING,
        ERR_BADATTACKPOS,
        ERR_CHEST_IN_USE,
        ERR_USE_CANT_OPEN,
        ERR_USE_LOCKED,
        ERR_DOOR_LOCKED,
        ERR_BUTTON_LOCKED,
        ERR_USE_LOCKED_WITH_ITEM_S,
        ERR_USE_LOCKED_WITH_SPELL_S,
        ERR_USE_LOCKED_WITH_SPELL_KNOWN_SI,
        ERR_USE_TOO_FAR,
        ERR_USE_BAD_ANGLE,
        ERR_USE_OBJECT_MOVING,
        ERR_USE_SPELL_FOCUS,
        ERR_USE_DESTROYED,
        ERR_SET_LOOT_FREEFORALL,
        ERR_SET_LOOT_ROUNDROBIN,
        ERR_SET_LOOT_MASTER,
        ERR_SET_LOOT_GROUP,
        ERR_SET_LOOT_NBG,
        ERR_SET_LOOT_THRESHOLD_S,
        ERR_NEW_LOOT_MASTER_S,
        ERR_SPECIFY_MASTER_LOOTER,
        ERR_TAME_FAILED,
        ERR_CHAT_WHILE_DEAD,
        ERR_CHAT_WRONG_FACTION,
        ERR_CHAT_PLAYER_NOT_FOUND_S,
        ERR_NEWTAXIPATH,
        ERR_NO_PET,
        ERR_NOTYOURPET,
        ERR_PET_NOT_RENAMEABLE,
        ERR_NULL_PETNAME,
        ERR_INVALID_PETNAME,
        ERR_QUEST_OBJECTIVE_COMPLETE_S,
        ERR_QUEST_UNKNOWN_COMPLETE,
        ERR_QUEST_ADD_KILL_SII,
        ERR_QUEST_ADD_FOUND_SII,
        ERR_QUEST_ADD_ITEM_SII,
        ERR_CANNOTCREATEDIRECTORY,
        ERR_CANNOTCREATEFILE,
        ERR_PLAYER_WRONG_FACTION,
        ERR_BANKSLOT_FAILED_TOO_MANY,
        ERR_BANKSLOT_INSUFFICIENT_FUNDS,
        ERR_BANKSLOT_NOTBANKER,
        ERR_FRIEND_DB_ERROR,
        ERR_FRIEND_LIST_FULL,
        ERR_FRIEND_ADDED_S,
        ERR_FRIEND_ONLINE_SS,
        ERR_FRIEND_OFFLINE_S,
        ERR_FRIEND_NOT_FOUND,
        ERR_FRIEND_WRONG_FACTION,
        ERR_FRIEND_REMOVED_S,
        ERR_FRIEND_ERROR,
        ERR_FRIEND_ALREADY_S,
        ERR_FRIEND_SELF,
        ERR_IGNORE_FULL,
        ERR_IGNORE_SELF,
        ERR_IGNORE_NOT_FOUND,
        ERR_IGNORE_ALREADY_S,
        ERR_IGNORE_ADDED_S,
        ERR_IGNORE_REMOVED_S,
        ERR_IGNORE_AMBIGUOUS,
        ERR_ONLY_ONE_BOLT,
        ERR_ONLY_ONE_AMMO,
        ERR_SPELL_FAILED_EQUIPPED_SPECIFIC_ITEM,
        ERR_WRONG_BAG_TYPE_SUBCLASS,
        ERR_CANT_WRAP_STACKABLE,
        ERR_CANT_WRAP_EQUIPPED,
        ERR_CANT_WRAP_WRAPPED,
        ERR_CANT_WRAP_BOUND,
        ERR_CANT_WRAP_UNIQUE,
        ERR_CANT_WRAP_BAGS,
        ERR_OUT_OF_MANA,
        ERR_OUT_OF_RAGE,
        ERR_OUT_OF_FOCUS,
        ERR_OUT_OF_ENERGY,
        ERR_OUT_OF_HEALTH,
        ERR_LOOT_GONE,
        ERR_MOUNT_FORCEDDISMOUNT,
        ERR_AUTOFOLLOW_TOO_FAR,
        ERR_UNIT_NOT_FOUND,
        ERR_INVALID_FOLLOW_TARGET,
        ERR_INVALID_INSPECT_TARGET,
        ERR_GUILDEMBLEM_SUCCESS,
        ERR_GUILDEMBLEM_INVALID_TABARD_COLORS,
        ERR_GUILDEMBLEM_NOGUILD,
        ERR_GUILDEMBLEM_NOTGUILDMASTER,
        ERR_GUILDEMBLEM_NOTENOUGHMONEY,
        ERR_GUILDEMBLEM_INVALIDVENDOR,
        ERR_EMBLEMERROR_NOTABARDGEOSET,
        ERR_SPELL_OUT_OF_RANGE,
        ERR_COMMAND_NEEDS_TARGET,
        ERR_NOAMMO_S,
        ERR_TOOBUSYTOFOLLOW,
        ERR_DUEL_REQUESTED,
        ERR_DUEL_CANCELLED,
        ERR_DEATHBINDALREADYBOUND,
        ERR_DEATHBIND_SUCCESS_S,
        ERR_NOEMOTEWHILERUNNING,
        ERR_ZONE_EXPLORED,
        ERR_ZONE_EXPLORED_XP,
        ERR_INVALID_ITEM_TARGET,
        ERR_IGNORING_YOU_S,
        ERR_FISH_NOT_HOOKED,
        ERR_FISH_ESCAPED,
        ERR_SPELL_FAILED_NOTUNSHEATHED,
        ERR_PETITION_OFFERED_S,
        ERR_PETITION_SIGNED,
        ERR_PETITION_SIGNED_S,
        ERR_PETITION_DECLINED_S,
        ERR_PETITION_ALREADY_SIGNED,
        ERR_PETITION_IN_GUILD,
        ERR_PETITION_CREATOR,
        ERR_PETITION_NOT_ENOUGH_SIGNATURES,
        ERR_PETITION_NOT_SAME_SERVER,
        ERR_SPELL_UNLEARNED_S,
        ERR_PET_SPELL_ROOTED,
        ERR_PET_SPELL_AFFECTING_COMBAT,
        ERR_PET_SPELL_OUT_OF_RANGE,
        ERR_PET_SPELL_NOT_BEHIND,
        ERR_PET_SPELL_TARGETS_DEAD,
        ERR_PET_SPELL_DEAD,
        ERR_PET_SPELL_NOPATH,
        ERR_ITEM_CANT_BE_DESTROYED,
        ERR_TICKET_ALREADY_EXISTS,
        ERR_TICKET_CREATE_ERROR,
        ERR_TICKET_UPDATE_ERROR,
        ERR_TICKET_DB_ERROR,
        ERR_TICKET_NO_TEXT,
        ERR_OBJECT_IS_BUSY,
        ERR_EXHAUSTION_WELLRESTED,
        ERR_EXHAUSTION_RESTED,
        ERR_EXHAUSTION_NORMAL,
        ERR_EXHAUSTION_TIRED,
        ERR_EXHAUSTION_EXHAUSTED,
        ERR_NO_ITEMS_WHILE_SHAPESHIFTED,
        ERR_CANT_INTERACT_SHAPESHIFTED,
        ERR_MAIL_QUEST_ITEM,
        ERR_MAIL_BOUND_ITEM,
        ERR_MAIL_CONJURED_ITEM,
        ERR_MAIL_BAG,
        ERR_MAIL_TO_SELF,
        ERR_MAIL_TARGET_NOT_FOUND,
        ERR_MAIL_DATABASE_ERROR,
        ERR_MAIL_SENT,
        ERR_NOT_HAPPY_ENOUGH,
        ERR_USE_CANT_IMMUNE,
        ERR_CANT_BE_DISENCHANTED,
        ERR_CANT_USE_DISARMED,
        ERR_AUCTION_QUEST_ITEM,
        ERR_AUCTION_BOUND_ITEM,
        ERR_AUCTION_CONJURED_ITEM,
        ERR_AUCTION_WRAPPED_ITEM,
        ERR_AUCTION_LOOT_ITEM,
        ERR_AUCTION_BAG,
        ERR_AUCTION_DATABASE_ERROR,
        ERR_AUCTION_BID_OWN,
        ERR_AUCTION_BID_INCREMENT,
        ERR_AUCTION_HIGHER_BID,
        ERR_AUCTION_MIN_BID,
        ERR_AUCTION_REPAIR_ITEM,
        ERR_AUCTION_STARTED,
        ERR_AUCTION_REMOVED,
        ERR_AUCTION_OUTBID_S,
        ERR_AUCTION_WON_S,
        ERR_AUCTION_SOLD_S,
        ERR_AUCTION_EXPIRED_S,
        ERR_AUCTION_REMOVED_S,
        ERR_AUCTION_BID_PLACED,
        ERR_LOGOUT_FAILED,
        ERR_QUEST_PUSH_SUCCESS_S,
        ERR_QUEST_PUSH_INVALID_S,
        ERR_QUEST_PUSH_ACCEPTED_S,
        ERR_QUEST_PUSH_DECLINED_S,
        ERR_QUEST_PUSH_TOO_FAR_S,
        ERR_QUEST_PUSH_BUSY_S,
        ERR_QUEST_PUSH_LOG_FULL_S,
        ERR_QUEST_PUSH_ONQUEST_S,
        ERR_QUEST_PUSH_ALREADY_DONE_S,
        ERR_RAID_GROUP_ONLY,
        ERR_RAID_GROUP_FULL,
        ERR_PVP_KILL_HONORABLE,
        ERR_PVP_KILL_DISHONORABLE,
        ERR_SPELL_FAILED_ALREADY_AT_FULL_HEALTH,
        ERR_SPELL_FAILED_ALREADY_AT_FULL_POWER_S,
        ERR_AUTOLOOT_MONEY_S,
        ERR_GENERIC_STUNNED,
        ERR_TARGET_STUNNED,
        ERR_MUST_REPAIR_DURABILITY,
        ERR_RAID_YOU_JOINED,
        ERR_RAID_YOU_LEFT,
        ERR_RAID_MEMBER_ADDED_S,
        ERR_RAID_MEMBER_REMOVED_S,
        ERR_CLICK_ON_ITEM_TO_FEED,
        ERR_TOO_MANY_CHAT_CHANNELS,
        ERR_LOOT_ROLL_PENDING,
        ERR_LOOT_PLAYER_NOT_FOUND,
        ERR_NOT_IN_RAID,
        ERR_LOGGING_OUT,
        ERR_TARGET_LOGGING_OUT,
        ERR_NOT_WHILE_MOUNTED,
        ERR_NOT_WHILE_SHAPESHIFTED,
        ERR_NOT_IN_COMBAT,
        ERR_NOT_WHILE_DISARMED,
        ERR_PET_BROKEN,
        ERR_TALENT_WIPE_ERROR,
        ERR_FEIGN_DEATH_RESISTED,
        ERR_MEETING_STONE_IN_QUEUE_S,
        ERR_MEETING_STONE_LEFT_QUEUE_S,
        ERR_MEETING_STONE_OTHER_MEMBER_LEFT,
        ERR_MEETING_STONE_PARTY_KICKED_FROM_QUEUE,
        ERR_MEETING_STONE_MEMBER_STILL_IN_QUEUE,
        ERR_MEETING_STONE_SUCCESS,
        ERR_MEETING_STONE_IN_PROGRESS,
        ERR_MEETING_STONE_MEMBER_ADDED_S,
        ERR_MEETING_STONE_GROUP_FULL,
        ERR_MEETING_STONE_NOT_LEADER,
        ERR_MEETING_STONE_INVALID_LEVEL,
        ERR_MEETING_STONE_MUST_BE_LEADER,
        ERR_MEETING_STONE_NO_RAID_GROUP,
        ERR_GUILDEMBLEM_SAME,
        ERR_EQUIP_TRADE_ITEM,
        ERR_PVP_TOGGLE_ON,
        ERR_PVP_TOGGLE_OFF,
        ERR_GROUP_JOIN_BATTLEGROUND_DESERTERS,
        ERR_GROUP_JOIN_BATTLEGROUND_S,
        ERR_GROUP_JOIN_BATTLEGROUND_FAIL,
        ERR_GROUP_JOIN_BATTLEGROUND_TOO_MANY,
        ERR_INVALID_PROMOTION_CODE,
        ERR_BG_PLAYER_JOINED_SS,
        ERR_BG_PLAYER_LEFT_S,
        ERR_RESTRICTED_ACCOUNT,
        ERR_PLAY_TIME_EXCEEDED,
        ERR_APPROACHING_PARTIAL_PLAY_TIME,
        ERR_APPROACHING_NO_PLAY_TIME,
        ERR_UNHEALTHY_TIME,
        ERR_CHAT_RESTRICTED,
        ERR_MAIL_REACHED_CAP,
        ERR_INVALID_RAID_TARGET,
        ERR_RAID_LEADER_READY_CHECK_START_S,
        ERR_READY_CHECK_IN_PROGRESS,
        ERR_DUNGEON_DIFFICULTY_FAILED,
        ERR_DUNGEON_DIFFICULTY_CHANGED_S,
        ERR_TRADE_WRONG_REALM,
        ERR_CHAT_PLAYER_AMBIGUOUS_S,
        ERR_LOOT_CANT_LOOT_THAT_NOW,
        ERR_LOOT_MASTER_INV_FULL,
        ERR_LOOT_MASTER_UNIQUE_ITEM,
        ERR_LOOT_MASTER_OTHER,
        ERR_FILTERING_YOU_S,
    }
```

Events enum (hook 0x703E50 + 0x6 and read at ebp+0x8, hook 0x703F50 + 0xA and read at ecx):


```
        EVENT_UNIT_PET = 0x0,
        EVENT_UNIT_PET_2 = 0x2,
        EVENT_UNIT_HEALTH = 0x10,
        EVENT_UNIT_MANA = 0x11,
        EVENT_UNIT_RAGE = 0x12,
        EVENT_UNIT_FOCUS = 0x13,
        EVENT_UNIT_ENERGY = 0x14,
        EVENT_UNIT_HAPPINESS = 0x15,
        EVENT_UNIT_MAXHEALTH = 0x16,
        EVENT_UNIT_MAXMANA = 0x17,
        EVENT_UNIT_MAXRAGE = 0x18,
        EVENT_UNIT_MAXFOCUS = 0x19,
        EVENT_UNIT_MAXENERGY = 0x1A,
        EVENT_UNIT_MAXHAPPINESS = 0x1B,
        EVENT_UNIT_LEVEL = 0x1C,
        EVENT_UNIT_FACTION = 0x1D,
        EVENT_UNIT_DISPLAYPOWER = 0x1E,
        EVENT_UNIT_FLAGS = 0x28,
        EVENT_UNIT_AURA = 0x29,
        EVENT_UNIT_AURA_2 = 0x6B,
        EVENT_UNIT_ATTACK_SPEED = 0x78,
        EVENT_UNIT_ATTACK_SPEED_2 = 0x79,
        EVENT_UNIT_RANGEDDAMAGE = 0x7A,
        EVENT_UNIT_DAMAGE = 0x80,
        EVENT_UNIT_DAMAGE_2 = 0x81,
        EVENT_UNIT_DAMAGE_3 = 0x82,
        EVENT_UNIT_DAMAGE_4 = 0x83,
        EVENT_UNIT_LOYALTY = 0x84,
        EVENT_UNIT_PET_EXPERIENCE = 0x87,
        EVENT_UNIT_PET_EXPERIENCE_2 = 0x88,
        EVENT_UNIT_DYNAMIC_FLAGS = 0x89,
        EVENT_UNIT_PET_TRAINING_POINTS = 0x8F,
        EVENT_UNIT_STATS = 0x90,
        EVENT_UNIT_STATS_2 = 0x91,
        EVENT_UNIT_STATS_3 = 0x92,
        EVENT_UNIT_STATS_4 = 0x93,
        EVENT_UNIT_STATS_5 = 0x94,
        EVENT_UNIT_RESISTANCES = 0x95,
        EVENT_UNIT_RESISTANCES_2 = 0x96,
        EVENT_UNIT_RESISTANCES_3 = 0x97,
        EVENT_UNIT_RESISTANCES_4 = 0x98,
        EVENT_UNIT_RESISTANCES_5 = 0x99,
        EVENT_UNIT_RESISTANCES_6 = 0x9A,
        EVENT_UNIT_RESISTANCES_7 = 0x9B,
        EVENT_UNIT_ATTACK_POWER = 0x9F,
        EVENT_UNIT_ATTACK_POWER_2 = 0xA0,
        EVENT_UNIT_ATTACK_POWER_3 = 0xA1,
        EVENT_UNIT_RANGED_ATTACK_POWER = 0xA2,
        EVENT_UNIT_RANGED_ATTACK_POWER_2 = 0xA3,
        EVENT_UNIT_RANGED_ATTACK_POWER_3 = 0xA4,
        EVENT_UNIT_RANGEDDAMAGE_2 = 0xA5,
        EVENT_UNIT_RANGEDDAMAGE_3 = 0xA6,
        EVENT_UNIT_MANA_2 = 0xA7,
        EVENT_UNIT_MANA_3 = 0xAE,
        EVENT_UNIT_COMBAT = 0xB6,
        EVENT_UNIT_NAME_UPDATE = 0xB7,
        EVENT_UNIT_PORTRAIT_UPDATE = 0xB8,
        EVENT_UNIT_MODEL_CHANGED = 0xB9,
        EVENT_UNIT_INVENTORY_CHANGED = 0xBA,
        EVENT_UNIT_CLASSIFICATION_CHANGED = 0xBB,
        EVENT_ITEM_LOCK_CHANGED = 0xBC,
        EVENT_PLAYER_XP_UPDATE = 0xBD,
        EVENT_PLAYER_REGEN_DISABLED = 0xBE,
        EVENT_PLAYER_REGEN_ENABLED = 0xBF,
        EVENT_PLAYER_AURAS_CHANGED = 0xC0,
        EVENT_PLAYER_ENTER_COMBAT = 0xC1,
        EVENT_PLAYER_LEAVE_COMBAT = 0xC2,
        EVENT_PLAYER_TARGET_CHANGED = 0xC3,
        EVENT_PLAYER_CONTROL_LOST = 0xC4,
        EVENT_PLAYER_CONTROL_GAINED = 0xC5,
        EVENT_PLAYER_FARSIGHT_FOCUS_CHANGED = 0xC6,
        EVENT_PLAYER_LEVEL_UP = 0xC7,
        EVENT_PLAYER_MONEY = 0xC8,
        EVENT_PLAYER_DAMAGE_DONE_MODS = 0xC9,
        EVENT_PLAYER_COMBO_POINTS = 0xCA,
        EVENT_ZONE_CHANGED = 0xCB,
        EVENT_ZONE_CHANGED_INDOORS = 0xCC,
        EVENT_ZONE_CHANGED_NEW_AREA = 0xCD,
        EVENT_MINIMAP_ZONE_CHANGED = 0xCE,
        EVENT_MINIMAP_UPDATE_ZOOM = 0xCF,
        EVENT_SCREENSHOT_SUCCEEDED = 0xD0,
        EVENT_SCREENSHOT_FAILED = 0xD1,
        EVENT_ACTIONBAR_SHOWGRID = 0xD2,
        EVENT_ACTIONBAR_HIDEGRID = 0xD3,
        EVENT_ACTIONBAR_PAGE_CHANGED = 0xD4,
        EVENT_ACTIONBAR_SLOT_CHANGED = 0xD5,
        EVENT_ACTIONBAR_UPDATE_STATE = 0xD6,
        EVENT_ACTIONBAR_UPDATE_USABLE = 0xD7,
        EVENT_ACTIONBAR_UPDATE_COOLDOWN = 0xD8,
        EVENT_UPDATE_BONUS_ACTIONBAR = 0xD9,
        EVENT_PARTY_MEMBERS_CHANGED = 0xDA,
        EVENT_PARTY_LEADER_CHANGED = 0xDB,
        EVENT_PARTY_MEMBER_ENABLE = 0xDC,
        EVENT_PARTY_MEMBER_DISABLE = 0xDD,
        EVENT_PARTY_LOOT_METHOD_CHANGED = 0xDE,
        EVENT_SYSMSG = 0xDF,
        EVENT_UI_ERROR_MESSAGE = 0xE0,
        EVENT_UI_INFO_MESSAGE = 0xE1,
        EVENT_UPDATE_CHAT_COLOR = 0xE2,
        EVENT_CHAT_MSG_ADDON = 0xE3,
        EVENT_CHAT_MSG_SAY = 0xE4,
        EVENT_CHAT_MSG_PARTY = 0xE5,
        EVENT_CHAT_MSG_RAID = 0xE6,
        EVENT_CHAT_MSG_GUILD = 0xE7,
        EVENT_CHAT_MSG_OFFICER = 0xE8,
        EVENT_CHAT_MSG_YELL = 0xE9,
        EVENT_CHAT_MSG_WHISPER = 0xEA,
        EVENT_CHAT_MSG_WHISPER_INFORM = 0xEB,
        EVENT_CHAT_MSG_EMOTE = 0xEC,
        EVENT_CHAT_MSG_TEXT_EMOTE = 0xED,
        EVENT_CHAT_MSG_SYSTEM = 0xEE,
        EVENT_CHAT_MSG_MONSTER_SAY = 0xEF,
        EVENT_CHAT_MSG_MONSTER_YELL = 0xF0,
        EVENT_CHAT_MSG_MONSTER_WHISPER = 0xF1,
        EVENT_CHAT_MSG_MONSTER_EMOTE = 0xF2,
        EVENT_CHAT_MSG_CHANNEL = 0xF3,
        EVENT_CHAT_MSG_CHANNEL_JOIN = 0xF4,
        EVENT_CHAT_MSG_CHANNEL_LEAVE = 0xF5,
        EVENT_CHAT_MSG_CHANNEL_LIST = 0xF6,
        EVENT_CHAT_MSG_CHANNEL_NOTICE = 0xF7,
        EVENT_CHAT_MSG_CHANNEL_NOTICE_USER = 0xF8,
        EVENT_CHAT_MSG_AFK = 0xF9,
        EVENT_CHAT_MSG_DND = 0xFA,
        EVENT_CHAT_MSG_COMBAT_LOG = 0xFB,
        EVENT_CHAT_MSG_IGNORED = 0xFC,
        EVENT_CHAT_MSG_SKILL = 0xFD,
        EVENT_CHAT_MSG_LOOT = 0xFE,
        EVENT_CHAT_MSG_MONEY = 0xFF,
        EVENT_CHAT_MSG_RAID_LEADER = 0x100,
        EVENT_CHAT_MSG_RAID_WARNING = 0x101,
        EVENT_LANGUAGE_LIST_CHANGED = 0x102,
        EVENT_TIME_PLAYED_MSG = 0x103,
        EVENT_SPELLS_CHANGED = 0x104,
        EVENT_CURRENT_SPELL_CAST_CHANGED = 0x105,
        EVENT_SPELL_UPDATE_COOLDOWN = 0x106,
        EVENT_SPELL_UPDATE_USABLE = 0x107,
        EVENT_CHARACTER_POINTS_CHANGED = 0x108,
        EVENT_SKILL_LINES_CHANGED = 0x109,
        EVENT_ITEM_PUSH = 0x10A,
        EVENT_LOOT_OPENED = 0x10B,
        EVENT_LOOT_SLOT_CLEARED = 0x10C,
        EVENT_LOOT_CLOSED = 0x10D,
        EVENT_PLAYER_LOGIN = 0x10E,
        EVENT_PLAYER_LOGOUT = 0x10F,
        EVENT_PLAYER_ENTERING_WORLD = 0x110,
        EVENT_PLAYER_LEAVING_WORLD = 0x111,
        EVENT_PLAYER_ALIVE = 0x112,
        EVENT_PLAYER_DEAD = 0x113,
        EVENT_PLAYER_CAMPING = 0x114,
        EVENT_PLAYER_QUITING = 0x115,
        EVENT_LOGOUT_CANCEL = 0x116,
        EVENT_RESURRECT_REQUEST = 0x117,
        EVENT_PARTY_INVITE_REQUEST = 0x118,
        EVENT_PARTY_INVITE_CANCEL = 0x119,
        EVENT_GUILD_INVITE_REQUEST = 0x11A,
        EVENT_GUILD_INVITE_CANCEL = 0x11B,
        EVENT_GUILD_MOTD = 0x11C,
        EVENT_TRADE_REQUEST = 0x11D,
        EVENT_TRADE_REQUEST_CANCEL = 0x11E,
        EVENT_LOOT_BIND_CONFIRM = 0x11F,
        EVENT_EQUIP_BIND_CONFIRM = 0x120,
        EVENT_AUTOEQUIP_BIND_CONFIRM = 0x121,
        EVENT_USE_BIND_CONFIRM = 0x122,
        EVENT_DELETE_ITEM_CONFIRM = 0x123,
        EVENT_CURSOR_UPDATE = 0x124,
        EVENT_ITEM_TEXT_BEGIN = 0x125,
        EVENT_ITEM_TEXT_TRANSLATION = 0x126,
        EVENT_ITEM_TEXT_READY = 0x127,
        EVENT_ITEM_TEXT_CLOSED = 0x128,
        EVENT_GOSSIP_SHOW = 0x129,
        EVENT_GOSSIP_ENTER_CODE = 0x12A,
        EVENT_GOSSIP_CLOSED = 0x12B,
        EVENT_QUEST_GREETING = 0x12C,
        EVENT_QUEST_DETAIL = 0x12D,
        EVENT_QUEST_PROGRESS = 0x12E,
        EVENT_QUEST_COMPLETE = 0x12F,
        EVENT_QUEST_FINISHED = 0x130,
        EVENT_QUEST_ITEM_UPDATE = 0x131,
        EVENT_TAXIMAP_OPENED = 0x132,
        EVENT_TAXIMAP_CLOSED = 0x133,
        EVENT_QUEST_LOG_UPDATE = 0x134,
        EVENT_TRAINER_SHOW = 0x135,
        EVENT_TRAINER_UPDATE = 0x136,
        EVENT_TRAINER_CLOSED = 0x137,
        EVENT_CVAR_UPDATE = 0x138,
        EVENT_TRADE_SKILL_SHOW = 0x139,
        EVENT_TRADE_SKILL_UPDATE = 0x13A,
        EVENT_TRADE_SKILL_CLOSE = 0x13B,
        EVENT_MERCHANT_SHOW = 0x13C,
        EVENT_MERCHANT_UPDATE = 0x13D,
        EVENT_MERCHANT_CLOSED = 0x13E,
        EVENT_TRADE_SHOW = 0x13F,
        EVENT_TRADE_CLOSED = 0x140,
        EVENT_TRADE_UPDATE = 0x141,
        EVENT_TRADE_ACCEPT_UPDATE = 0x142,
        EVENT_TRADE_TARGET_ITEM_CHANGED = 0x143,
        EVENT_TRADE_PLAYER_ITEM_CHANGED = 0x144,
        EVENT_TRADE_MONEY_CHANGED = 0x145,
        EVENT_PLAYER_TRADE_MONEY = 0x146,
        EVENT_BAG_OPEN = 0x147,
        EVENT_BAG_UPDATE = 0x148,
        EVENT_BAG_CLOSED = 0x149,
        EVENT_BAG_UPDATE_COOLDOWN = 0x14A,
        EVENT_LOCALPLAYER_PET_RENAMED = 0x14B,
        EVENT_UNIT_ATTACK_3 = 0x14C,
        EVENT_UNIT_DEFENSE = 0x14D,
        EVENT_PET_ATTACK_START = 0x14E,
        EVENT_PET_ATTACK_STOP = 0x14F,
        EVENT_UPDATE_MOUSEOVER_UNIT = 0x150,
        EVENT_SPELLCAST_START = 0x151,
        EVENT_SPELLCAST_STOP = 0x152,
        EVENT_SPELLCAST_FAILED = 0x153,
        EVENT_SPELLCAST_INTERRUPTED = 0x154,
        EVENT_SPELLCAST_DELAYED = 0x155,
        EVENT_SPELLCAST_CHANNEL_START = 0x156,
        EVENT_SPELLCAST_CHANNEL_UPDATE = 0x157,
        EVENT_SPELLCAST_CHANNEL_STOP = 0x158,
        EVENT_PLAYER_GUILD_UPDATE = 0x159,
        EVENT_QUEST_ACCEPT_CONFIRM = 0x15A,
        EVENT_PLAYERBANKSLOTS_CHANGED = 0x15B,
        EVENT_BANKFRAME_OPENED = 0x15C,
        EVENT_BANKFRAME_CLOSED = 0x15D,
        EVENT_PLAYERBANKBAGSLOTS_CHANGED = 0x15E,
        EVENT_FRIENDLIST_UPDATE = 0x15F,
        EVENT_IGNORELIST_UPDATE = 0x160,
        EVENT_PET_BAR_UPDATE = 0x161,
        EVENT_PET_BAR_UPDATE_COOLDOWN = 0x162,
        EVENT_PET_BAR_SHOWGRID = 0x163,
        EVENT_PET_BAR_HIDEGRID = 0x164,
        EVENT_MINIMAP_PING = 0x165,
        EVENT_CHAT_MSG_COMBAT_MISC_INFO = 0x166,
        EVENT_CRAFT_SHOW = 0x167,
        EVENT_CRAFT_UPDATE = 0x168,
        EVENT_CRAFT_CLOSE = 0x169,
        EVENT_MIRROR_TIMER_START = 0x16A,
        EVENT_MIRROR_TIMER_PAUSE = 0x16B,
        EVENT_MIRROR_TIMER_STOP = 0x16C,
        EVENT_WORLD_MAP_UPDATE = 0x16D,
        EVENT_WORLD_MAP_NAME_UPDATE = 0x16E,
        EVENT_AUTOFOLLOW_BEGIN = 0x16F,
        EVENT_AUTOFOLLOW_END = 0x170,
        EVENT_CINEMATIC_START = 0x172,
        EVENT_CINEMATIC_STOP = 0x173,
        EVENT_UPDATE_FACTION = 0x174,
        EVENT_CLOSE_WORLD_MAP = 0x175,
        EVENT_OPEN_TABARD_FRAME = 0x176,
        EVENT_CLOSE_TABARD_FRAME = 0x177,
        EVENT_TABARD_CANSAVE_CHANGED = 0x178,
        EVENT_SHOW_COMPARE_TOOLTIP = 0x179,
        EVENT_GUILD_REGISTRAR_SHOW = 0x17A,
        EVENT_GUILD_REGISTRAR_CLOSED = 0x17B,
        EVENT_DUEL_REQUESTED = 0x17C,
        EVENT_DUEL_OUTOFBOUNDS = 0x17D,
        EVENT_DUEL_INBOUNDS = 0x17E,
        EVENT_DUEL_FINISHED = 0x17F,
        EVENT_TUTORIAL_TRIGGER = 0x180,
        EVENT_PET_DISMISS_START = 0x181,
        EVENT_UPDATE_BINDINGS = 0x182,
        EVENT_UPDATE_SHAPESHIFT_FORMS = 0x183,
        EVENT_WHO_LIST_UPDATE = 0x184,
        EVENT_UPDATE_LFG = 0x185,
        EVENT_PETITION_SHOW = 0x186,
        EVENT_PETITION_CLOSED = 0x187,
        EVENT_EXECUTE_CHAT_LINE = 0x188,
        EVENT_UPDATE_MACROS = 0x189,
        EVENT_UPDATE_TICKET = 0x18A,
        EVENT_UPDATE_CHAT_WINDOWS = 0x18B,
        EVENT_CONFIRM_XP_LOSS = 0x18C,
        EVENT_CORPSE_IN_RANGE = 0x18D,
        EVENT_CORPSE_IN_INSTANCE = 0x18E,
        EVENT_CORPSE_OUT_OF_RANGE = 0x18F,
        EVENT_UPDATE_GM_STATUS = 0x190,
        EVENT_PLAYER_UNGHOST = 0x191,
        EVENT_BIND_ENCHANT = 0x192,
        EVENT_REPLACE_ENCHANT = 0x193,
        EVENT_TRADE_REPLACE_ENCHANT = 0x194,
        EVENT_PLAYER_UPDATE_RESTING = 0x195,
        EVENT_UPDATE_EXHAUSTION = 0x196,
        EVENT_PLAYER_FLAGS_CHANGED = 0x197,
        EVENT_GUILD_ROSTER_UPDATE = 0x198,
        EVENT_GM_PLAYER_INFO = 0x199,
        EVENT_MAIL_SHOW = 0x19A,
        EVENT_MAIL_CLOSED = 0x19B,
        EVENT_SEND_MAIL_MONEY_CHANGED = 0x19C,
        EVENT_SEND_MAIL_COD_CHANGED = 0x19D,
        EVENT_MAIL_SEND_INFO_UPDATE = 0x19E,
        EVENT_MAIL_SEND_SUCCESS = 0x19F,
        EVENT_MAIL_INBOX_UPDATE = 0x1A0,
        EVENT_BATTLEFIELDS_SHOW = 0x1A1,
        EVENT_BATTLEFIELDS_CLOSED = 0x1A2,
        EVENT_UPDATE_BATTLEFIELD_STATUS = 0x1A3,
        EVENT_UPDATE_BATTLEFIELD_SCORE = 0x1A4,
        EVENT_AUCTION_HOUSE_SHOW = 0x1A5,
        EVENT_AUCTION_HOUSE_CLOSED = 0x1A6,
        EVENT_NEW_AUCTION_UPDATE = 0x1A7,
        EVENT_AUCTION_ITEM_LIST_UPDATE = 0x1A8,
        EVENT_AUCTION_OWNED_LIST_UPDATE = 0x1A9,
        EVENT_AUCTION_BIDDER_LIST_UPDATE = 0x1AA,
        EVENT_PET_UI_UPDATE = 0x1AB,
        EVENT_PET_UI_CLOSE = 0x1AC,
        EVENT_ADDON_LOADED = 0x1AD,
        EVENT_VARIABLES_LOADED = 0x1AE,
        EVENT_MACRO_ACTION_FORBIDDEN = 0x1AF,
        EVENT_ADDON_ACTION_FORBIDDEN = 0x1B0,
        EVENT_MEMORY_EXHAUSTED = 0x1B1,
        EVENT_MEMORY_RECOVERED = 0x1B2,
        EVENT_START_AUTOREPEAT_SPELL = 0x1B3,
        EVENT_STOP_AUTOREPEAT_SPELL = 0x1B4,
        EVENT_PET_STABLE_SHOW = 0x1B5,
        EVENT_PET_STABLE_UPDATE = 0x1B6,
        EVENT_PET_STABLE_UPDATE_PAPERDOLL = 0x1B7,
        EVENT_PET_STABLE_CLOSED = 0x1B8,
        EVENT_CHAT_MSG_COMBAT_SELF_HITS = 0x1B9,
        EVENT_CHAT_MSG_COMBAT_SELF_MISSES = 0x1BA,
        EVENT_CHAT_MSG_COMBAT_PET_HITS = 0x1BB,
        EVENT_CHAT_MSG_COMBAT_PET_MISSES = 0x1BC,
        EVENT_CHAT_MSG_COMBAT_PARTY_HITS = 0x1BD,
        EVENT_CHAT_MSG_COMBAT_PARTY_MISSES = 0x1BE,
        EVENT_CHAT_MSG_COMBAT_FRIENDLYPLAYER_HITS = 0x1BF,
        EVENT_CHAT_MSG_COMBAT_FRIENDLYPLAYER_MISSES = 0x1C0,
        EVENT_CHAT_MSG_COMBAT_HOSTILEPLAYER_HITS = 0x1C1,
        EVENT_CHAT_MSG_COMBAT_HOSTILEPLAYER_MISSES = 0x1C2,
        EVENT_CHAT_MSG_COMBAT_CREATURE_VS_SELF_HITS = 0x1C3,
        EVENT_CHAT_MSG_COMBAT_CREATURE_VS_SELF_MISSES = 0x1C4,
        EVENT_CHAT_MSG_COMBAT_CREATURE_VS_PARTY_HITS = 0x1C5,
        EVENT_CHAT_MSG_COMBAT_CREATURE_VS_PARTY_MISSES = 0x1C6,
        EVENT_CHAT_MSG_COMBAT_CREATURE_VS_CREATURE_HITS = 0x1C7,
        EVENT_CHAT_MSG_COMBAT_CREATURE_VS_CREATURE_MISSES = 0x1C8,
        EVENT_CHAT_MSG_COMBAT_FRIENDLY_DEATH = 0x1C9,
        EVENT_CHAT_MSG_COMBAT_HOSTILE_DEATH = 0x1CA,
        EVENT_CHAT_MSG_COMBAT_XP_GAIN = 0x1CB,
        EVENT_CHAT_MSG_COMBAT_HONOR_GAIN = 0x1CC,
        EVENT_CHAT_MSG_SPELL_SELF_DAMAGE = 0x1CD,
        EVENT_CHAT_MSG_SPELL_SELF_BUFF = 0x1CE,
        EVENT_CHAT_MSG_SPELL_PET_DAMAGE = 0x1CF,
        EVENT_CHAT_MSG_SPELL_PET_BUFF = 0x1D0,
        EVENT_CHAT_MSG_SPELL_PARTY_DAMAGE = 0x1D1,
        EVENT_CHAT_MSG_SPELL_PARTY_BUFF = 0x1D2,
        EVENT_CHAT_MSG_SPELL_FRIENDLYPLAYER_DAMAGE = 0x1D3,
        EVENT_CHAT_MSG_SPELL_FRIENDLYPLAYER_BUFF = 0x1D4,
        EVENT_CHAT_MSG_SPELL_HOSTILEPLAYER_DAMAGE = 0x1D5,
        EVENT_CHAT_MSG_SPELL_HOSTILEPLAYER_BUFF = 0x1D6,
        EVENT_CHAT_MSG_SPELL_CREATURE_VS_SELF_DAMAGE = 0x1D7,
        EVENT_CHAT_MSG_SPELL_CREATURE_VS_SELF_BUFF = 0x1D8,
        EVENT_CHAT_MSG_SPELL_CREATURE_VS_PARTY_DAMAGE = 0x1D9,
        EVENT_CHAT_MSG_SPELL_CREATURE_VS_PARTY_BUFF = 0x1DA,
        EVENT_CHAT_MSG_SPELL_CREATURE_VS_CREATURE_DAMAGE = 0x1DB,
        EVENT_CHAT_MSG_SPELL_CREATURE_VS_CREATURE_BUFF = 0x1DC,
        EVENT_CHAT_MSG_SPELL_TRADESKILLS = 0x1DD,
        EVENT_CHAT_MSG_SPELL_DAMAGESHIELDS_ON_SELF = 0x1DE,
        EVENT_CHAT_MSG_SPELL_DAMAGESHIELDS_ON_OTHERS = 0x1DF,
        EVENT_CHAT_MSG_SPELL_AURA_GONE_SELF = 0x1E0,
        EVENT_CHAT_MSG_SPELL_AURA_GONE_PARTY = 0x1E1,
        EVENT_CHAT_MSG_SPELL_AURA_GONE_OTHER = 0x1E2,
        EVENT_CHAT_MSG_SPELL_ITEM_ENCHANTMENTS = 0x1E3,
        EVENT_CHAT_MSG_SPELL_BREAK_AURA = 0x1E4,
        EVENT_CHAT_MSG_SPELL_PERIODIC_SELF_DAMAGE = 0x1E5,
        EVENT_CHAT_MSG_SPELL_PERIODIC_SELF_BUFFS = 0x1E6,
        EVENT_CHAT_MSG_SPELL_PERIODIC_PARTY_DAMAGE = 0x1E7,
        EVENT_CHAT_MSG_SPELL_PERIODIC_PARTY_BUFFS = 0x1E8,
        EVENT_CHAT_MSG_SPELL_PERIODIC_FRIENDLYPLAYER_DAMAGE = 0x1E9,
        EVENT_CHAT_MSG_SPELL_PERIODIC_FRIENDLYPLAYER_BUFFS = 0x1EA,
        EVENT_CHAT_MSG_SPELL_PERIODIC_HOSTILEPLAYER_DAMAGE = 0x1EB,
        EVENT_CHAT_MSG_SPELL_PERIODIC_HOSTILEPLAYER_BUFFS = 0x1EC,
        EVENT_CHAT_MSG_SPELL_PERIODIC_CREATURE_DAMAGE = 0x1ED,
        EVENT_CHAT_MSG_SPELL_PERIODIC_CREATURE_BUFFS = 0x1EE,
        EVENT_CHAT_MSG_SPELL_FAILED_LOCALPLAYER = 0x1EF,
        EVENT_CHAT_MSG_BG_SYSTEM_NEUTRAL = 0x1F0,
        EVENT_CHAT_MSG_BG_SYSTEM_ALLIANCE = 0x1F1,
        EVENT_CHAT_MSG_BG_SYSTEM_HORDE = 0x1F2,
        EVENT_RAID_ROSTER_UPDATE = 0x1F3,
        EVENT_UPDATE_PENDING_MAIL = 0x1F4,
        EVENT_UPDATE_INVENTORY_ALERTS = 0x1F5,
        EVENT_UPDATE_TRADESKILL_RECAST = 0x1F6,
        EVENT_OPEN_MASTER_LOOT_LIST = 0x1F7,
        EVENT_UPDATE_MASTER_LOOT_LIST = 0x1F8,
        EVENT_START_LOOT_ROLL = 0x1F9,
        EVENT_CANCEL_LOOT_ROLL = 0x1FA,
        EVENT_CONFIRM_LOOT_ROLL = 0x1FB,
        EVENT_INSTANCE_BOOT_START = 0x1FC,
        EVENT_INSTANCE_BOOT_STOP = 0x1FD,
        EVENT_LEARNED_SPELL_IN_TAB = 0x1FE,
        EVENT_DISPLAY_SIZE_CHANGED = 0x1FF,
        EVENT_CONFIRM_TALENT_WIPE = 0x200,
        EVENT_CONFIRM_BINDER = 0x201,
        EVENT_MAIL_FAILED = 0x202,
        EVENT_CLOSE_INBOX_ITEM = 0x203,
        EVENT_CONFIRM_SUMMON = 0x204,
        EVENT_BILLING_NAG_DIALOG = 0x205,
        EVENT_IGR_BILLING_NAG_DIALOG = 0x206,
        EVENT_MEETINGSTONE_CHANGED = 0x207,
        EVENT_PLAYER_SKINNED = 0x208,
        EVENT_TABARD_SAVE_PENDING = 0x209,
        EVENT_UNIT_QUEST_LOG_CHANGED = 0x20A,
        EVENT_PLAYER_PVP_KILLS_CHANGED = 0x20B,
        EVENT_PLAYER_PVP_RANK_CHANGED = 0x20C,
        EVENT_INSPECT_HONOR_UPDATE = 0x20D,
        EVENT_UPDATE_WORLD_STATES = 0x20E,
        EVENT_AREA_SPIRIT_HEALER_IN_RANGE = 0x20F,
        EVENT_AREA_SPIRIT_HEALER_OUT_OF_RANGE = 0x210,
        EVENT_CONFIRM_PET_UNLEARN = 0x211,
        EVENT_PLAYTIME_CHANGED = 0x212,
        EVENT_UPDATE_LFG_TYPES = 0x213,
        EVENT_UPDATE_LFG_LIST = 0x214,
        EVENT_CHAT_MSG_COMBAT_FACTION_CHANGE = 0x215,
        EVENT_START_MINIGAME = 0x216,
        EVENT_MINIGAME_UPDATE = 0x217,
        EVENT_READY_CHECK = 0x218,
        EVENT_RAID_TARGET_UPDATE = 0x219,
        EVENT_GMSURVEY_DISPLAY = 0x21A,
        EVENT_UPDATE_INSTANCE_INFO = 0x21B,
        EVENT_CHAT_MSG_RAID_BOSS_EMOTE = 0x21D,
        EVENT_COMBAT_TEXT_UPDATE = 0x21E,
        EVENT_LOTTERY_SHOW = 0x21F,
        EVENT_CHAT_MSG_FILTERED = 0x220,
        EVENT_QUEST_WATCH_UPDATE = 0x221,
        EVENT_CHAT_MSG_BATTLEGROUND = 0x222,
        EVENT_CHAT_MSG_BATTLEGROUND_LEADER = 0x223,
        EVENT_LOTTERY_ITEM_UPDATE = 0x224,
        FRAMEXML_EVENT_COUNT = 0x272
```

Chat types:


```
public enum ChatType : byte
{
       SAY,
       PARTY,
       RAID,
       GUILD,
       OFFICER,
       YELL,
       WHISPER,
       WHISPER_INFORM,
       REPLY,
       EMOTE,
       TEXT_EMOTE,
       SYSTEM,
       MONSTER_WHISPER,
       MONSTER_SAY,
       MONSTER_YELL,
       MONSTER_EMOTE,
       CHANNEL,
       CHANNEL_JOIN,
       CHANNEL_LEAVE,
       CHANNEL_LIST,
       CHANNEL_NOTICE,
       CHANNEL_NOTICE_USER,
       AFK,
       DND,
       IGNORED,
       SKILL,
       LOOT,
       COMBAT_ERROR,
       COMBAT_MISC_INFO,
       CHANNEL1,
       CHANNEL2,
       CHANNEL3,
       CHANNEL4,
       CHANNEL5,
       CHANNEL6,
       CHANNEL7,
       CHANNEL8,
       CHANNEL9,
       CHANNEL10,
       COMBAT_SELF_HITS,
       COMBAT_SELF_MISSES,
       COMBAT_PET_HITS,
       COMBAT_PET_MISSES,
       COMBAT_PARTY_HITS,
       COMBAT_PARTY_MISSES,
       COMBAT_FRIENDLYPLAYER_HITS,
       COMBAT_FRIENDLYPLAYER_MISSES,
       COMBAT_HOSTILEPLAYER_HITS,
       COMBAT_HOSTILEPLAYER_MISSES,
       COMBAT_CREATURE_VS_SELF_HITS,
       COMBAT_CREATURE_VS_SELF_MISSES,
       COMBAT_CREATURE_VS_PARTY_HITS,
       COMBAT_CREATURE_VS_PARTY_MISSES,
       COMBAT_CREATURE_VS_CREATURE_HITS,
       COMBAT_CREATURE_VS_CREATURE_MISSES,
       COMBAT_FRIENDLY_DEATH,
       COMBAT_HOSTILE_DEATH,
       COMBAT_XP_GAIN,
       COMBAT_HONOR_GAIN,
       SPELL_SELF_DAMAGE,
       SPELL_SELF_BUFF,
       SPELL_PET_DAMAGE,
       SPELL_PET_BUFF,
       SPELL_PARTY_DAMAGE,
       SPELL_PARTY_BUFF,
       SPELL_FRIENDLYPLAYER_DAMAGE,
       SPELL_FRIENDLYPLAYER_BUFF,
       SPELL_HOSTILEPLAYER_DAMAGE,
       SPELL_HOSTILEPLAYER_BUFF,
       SPELL_CREATURE_VS_SELF_DAMAGE,
       SPELL_CREATURE_VS_SELF_BUFF,
       SPELL_CREATURE_VS_PARTY_DAMAGE,
       SPELL_CREATURE_VS_PARTY_BUFF,
       SPELL_CREATURE_VS_CREATURE_DAMAGE,
       SPELL_CREATURE_VS_CREATURE_BUFF,
       SPELL_TRADESKILLS,
       SPELL_DAMAGESHIELDS_ON_SELF,
       SPELL_DAMAGESHIELDS_ON_OTHERS,
       SPELL_AURA_GONE_SELF,
       SPELL_AURA_GONE_PARTY,
       SPELL_AURA_GONE_OTHER,
       SPELL_ITEM_ENCHANTMENTS,
       SPELL_BREAK_AURA,
       SPELL_PERIODIC_SELF_DAMAGE,
       SPELL_PERIODIC_SELF_BUFFS,
       SPELL_PERIODIC_PARTY_DAMAGE,
       SPELL_PERIODIC_PARTY_BUFFS,
       SPELL_PERIODIC_FRIENDLYPLAYER_DAMAGE,
       SPELL_PERIODIC_FRIENDLYPLAYER_BUFFS,
       SPELL_PERIODIC_HOSTILEPLAYER_DAMAGE,
       SPELL_PERIODIC_HOSTILEPLAYER_BUFFS,
       SPELL_PERIODIC_CREATURE_DAMAGE,
       SPELL_PERIODIC_CREATURE_BUFFS,
       SPELL_FAILED_LOCALPLAYER,
       BG_SYSTEM_NEUTRAL,
       BG_SYSTEM_ALLIANCE,
       BG_SYSTEM_HORDE,
       COMBAT_FACTION_CHANGE,
       MONEY,
       RAID_LEADER,
       RAID_WARNING,
       RAID_BOSS_EMOTE,
       FILTERED,
       BATTLEGROUND,
       BATTLEGROUND_LEADER
}
```

Get pointer to DBC row:


```
public static uint ClientDB__GetRow(uint dbcPointer, uint row)
{
    uint maxIndex = Memory.Read<uint>(dbcPointer + 0xC);
    uint minIndex = Memory.Read<uint>(dbcPointer + 0x10);
    uint result;
    if (row > maxIndex || row < minIndex)
    {
        result = 0;
    }
    else
    {
        result = Memory.Read<uint>((Memory.Read<uint>(DbcPointer + 0x8) + (4* row)));
    }
    return result;
}
```

If someone has already found traceline function (aka CGWorldFrame_Intersect/World_Intersect), please share  :Smile: 

I will update this post with more info later.

----------


## namreeb

I'm not sure if this helps in your search for it, but I believe that CGWorldFrame::HitTestPoint is at 0x7E57E0.

----------


## Sacred

So World::Intersect located at 0x6AA160. It's a little bit different from traceline that we all know, it takes 4 parameters World::Intersect(Vector3[] Line, float &Distance, &Vector3 Intersection, int Flags). And flags are different too, didn't check them all.

----------


## bataniq

Wow, good job!

----------


## PartyGod

> So World::Intersect located at 0x6AA160. It's a little bit different from traceline that we all know, it takes 4 parameters World::Intersect(Vector3[] Line, float &Distance, &Vector3 Intersection, int Flags). And flags are different too, didn't check them all.


Not sure if anyone is still interested in 1.12 offsets but,

Thats CMap::GetFacet....not entirely sure what its purpose is fully, it returns a plane tho as checked in alpha client. 

Traceline, aka CMap::VectorIntersect is traceline, found at 0x69BFF0; give that a shot

----------


## seasick

Does anyone have CTM base address and the GUID offset?

Actually, I have the CTM x,y,z addresses, and I tried to dissect the memory structure around them with CE but couldnt find anything that looked like a GUID.
I also scanned the GUID of my target after i CTMed on it, but I couldnt find anyhting.

this is how a GUID looks like right? 0xF1300002C1000F23

I tried with the GUID offset from the wowdev site but all I get is something like this: 0080B188C314C000.. and it never changes when I CTM on different mobs

can anyone help me abit?

edit: found it 0xC4D980

----------


## nagibator

1111111111

----------


## namreeb

Aren't the "final click to move" coordinates the coordinates you want?

----------


## SKU

Some old code to get the current world coordinates of your cursor.



```
	bool getCursorWorldPosition(Vec3* positionOut, float* distanceOut)
	{
		CGWorldFrame* frame = getCurrentWorldFrame();
		if (frame == nullptr)
			return false;

		if (frame->data == nullptr)
			return false;

		float const mouseX = frame->data->mouseX;
		float const mouseY = frame->data->mouseY;

		// TODO: Sanity check on the values.

		float mouseOutX, mouseOutY;
		NDCtoDDC(&mouseOutX, &mouseOutY, mouseX, mouseY);

		HitTestResult hitTest;
		frame->hitTestPoint(mouseOutX, mouseOutY, &hitTest);

		positionOut->x = hitTest.point.x;
		positionOut->y = hitTest.point.y;
		positionOut->z = hitTest.point.z;
		*distanceOut = hitTest.distance;
		return true;
	}
	
	CGWorldFrame* getCurrentWorldFrame()
	{
		return *reinterpret_cast<CGWorldFrame**>(0x00B4B2BC); //-V566
	}

	struct CGWorldFrame
	{
		uint32 hitTestPoint(float mouseX, float mouseY, HitTestResult* resultOut);

	private:
		uint8 fill[0xa0];

	public:
		CGWorldFrameUnk* data;
	};
	
	struct CGWorldFrameUnk
	{
	private:
		uint8 fill[0x1118];

	public:
		float mouseX;
		float mouseY;
	};
	
	struct HitTestResult
	{
	private:
		uint32 unk1;
		uint32 unk2;

	public:
		Vec3 point;
		float distance;

	private:
		uint8 filler[0x100];
	};

	typedef uint32 (__fastcall * tNDCtoDDC)(float* outx, float* outy, float inx, float iny); // 0x0041AD80
```

----------


## nagibator

1111111111

----------


## SKU

Yes, these are WoW functions. You don't need to inject a DLL, but you'll need to either execute code in the context of WoW or replicate the functionality in your own code/context. If you don't know how, I suggest you start doing some research. ZenLulz just compiled a list of starting points here (Where to get started). Google and the search function on these forums are your friends as well. Good luck.

Edit: Forgot to add this function to the code dump before:



```
	uint32 CGWorldFrame::hitTestPoint(float mouseX, float mouseY, HitTestResult* resultOut)
	{
		ASSERT_TRUE(resultOut != nullptr);
		ASSERT_TRUE(this != nullptr);

		static auto const fun = reinterpret_cast<uint32 (__fastcall *)( //-V566
			CGWorldFrame*, uint32, float, float, HitTestResult*)>(0x00481190);

		return fun(this, 0, mouseX, mouseY, resultOut);
	}
```

----------


## namreeb

Before you spend a lot of time implementing your own linear algebra functions, please re-consider that the ending position from CTM is not what you need. That is what I use for click-to-teleport in 1.12.1 and it works perfectly.

----------


## nagibator

1111111111

----------


## namreeb

Well what you do is hook the function. When click to teleport is enabled you skip calling the original function. So, for example:



```
void ClickToMove_Hook(float x, float y, float z)
{
  if (ClickToTeleportEnabled)
    Teleport(x, y, z);
  else
    ClickToMove_Original(x, y, z)
}
```

----------


## culino2

Hooking CGWorldFrame::PerformDefaultAction is a good way to realize click2port. Reverse it and you'll know how to grab x/y/z.

0x00481F60

----------


## notsentient

Here's some offsets/pointers.

I got these by manually cross referencing the old WoWSharp pointers from 1.9 to 1.12 so they may not be all accurate.



```
"AutoStoreAllLootItems", 0x4C1FA0
"CGBuffBar__m_buffs", 0xBC6040
"CGBuffBar__m_durations", 0xBC5F68
"CGChat__AddChatMessage", 0x49A870
"CGGameUI__ClearTarget", 0x493910
"CGGameUI__LeftClick", 0x4925D0
"CGGameUI__RightClick", 0x492820
"CGGameUI__m_lockedTarget", 0xB4E2D8
"CGGameUI__m_player", 0xB41E30
"CGGameUI__s_lastErrorString", 0xB4DA40
"CGInputControl__GetActive", 0x5143E0
"CGInputControl__SetControlBit", 0x5EE7F0
"CGLootInfo__LootSlot", 0x4C2790
"CGLootInfo__m_coins", 0xB71BA0
"CGLootInfo__m_loot", 0xB71968
"CGLootInfo__m_object", 0xB71B48
"CGPartyInfo__m_leader", 0xBC75F8
"CGPartyInfo__m_members", 0xBC6F48
"CGSpellBook__m_knownSpells", 0xB700F0
"CGSpellBook__m_petSpells", 0xB6F098
"CGWorldFrame__RenderWorld", 0x482D70
"CGWorldMap__m_currentContinent", 0x84506C
"OsGetAsyncTimeMs", 0x42C010
"Spell_C_CastSpell", 0x6E5AD0
"Spell_C_CastSpellByID", 0x6E5A90
"WOW_LOCALE_CURRENT_LANGUAGE", 0xC0E080
"clientDB", 0xC0D53C
"g_HardwareEvent", 0xCF4DA0
"g_SpellDB", 0xC0D788
"g_SpellDBTotalRows", 0xC0D78C
"g_charClasses", 0xC0DEF4
"g_charClassesCount", 0xC0DEF8
"g_charRaces", 0xC0DEE0
"g_charRacesCount", 0xC0DEE4
"g_factionDB", 0xC0DD50
"g_factionGroupDB", 0xC0DD3C
"g_gameObjectDisplayInfoDB", 0xC0DCE4
"g_itemDBCache", 0xC0E2A0
"g_nameDBCache", 0xC0E228
"g_slotNames", 0xC0DA00
"g_slotNamesCount", 0xC0DA04
"g_spellItemEnchantment", 0xC0D7D0
"luaState", 0xCEEF74
"lua_gettop", 0x6F3070
"lua_tostring", 0x6F3690
"s_containerDescriptors", 0xB431D8
"s_corpseDescriptors", 0xB42B70
"s_corpsePosition", 0xB4E284
"s_curMgr", 0xB41414
"s_currentWorldFrame", 0xAF3220
"s_dynamicObjectDescriptors", 0xB42E80
"s_gameObjectDescriptors", 0xB42FD0
"s_itemDescriptors", 0xB4AE50
"s_objDescriptors", 0xB4B230
"s_playerDescriptors", 0xB43B68
"s_unitDescriptors", 0xB49F90
```

----------


## abystus

I've started creation of a bot, and things seem to be going well outside my ability to distinguish between normal mobs, critters, and npcs. I've tried the faction flag along with some others, but have not found a real solution. Right now I am limiting targetted mobs by health, though as you can probably guess it doesn't work flawlessly. Does anyone have an idea on how to distinguish between them (the structure offset to use, or if it is located somewhere else)? This is what I have working so far, though it's still very very early:





Among other things, I'd like to implement some sort of buffing mechanism, along with a way to actually target things (I've tried dll injection, but have only partially succeeded in actually targeting something as the function calls in this client are very limited). The looting action from hijacking click to move (which is the basis of my movement atm) requires a target or else you will just run in circles while trying to loot. Any help is appreciated in getting some of this stuff resolved.

----------


## miceiken

At least in the later versions of WoW, there is a GetCreatureType function to WoW's Unit class. Wouldn't surprise me if it's was there in vanilla too  :Smile:

----------


## Sacred

```
        private uint CreatureCache
        {
            get { return Memory.Magic.Read<uint>(BaseAddress + 0xB30); }
        }
		
        public Enums.WoWCreatureType CreatureType
        {
            get { return (Enums.WoWCreatureType)Memory.Magic.Read<int>(CreatureCache + 0x18); }
        }

        public Enums.WoWClassification Classification
        {
            get { return (Enums.WoWClassification)Memory.Magic.Read<int>(CreatureCache + 0x20); }
        }
```

Offsets are correct for 1.12.1.

----------


## abystus

Thanks for the help on finding creature types. I'd assume that is CreatureCache = ReadInt(ObjectBase +0xB30), then ReadInt(CreatureCache +0x18) and ReadInt(CreatureCache +0x20) respectively correct? Just saw "BaseAddress" so figured I would ask (would have to be ObjectBase to display per object returned).

I appreciate the help both of you provided, and threw a little rep for your time. By the way, is there any easy way to target mobs/npcs in this client? I tried to use TargetUnit along with dll injection, and modified the entry to where I could pass it GUID, but it seems that it is not designed to be force fed a GUID, and eventually will crash the client (though it works until that point). I have resorted to tab targeting until the GUID of my target matches the next target on my bot, and well while that works there has to be a better method. Thanks again!

----------


## Sacred

> Thanks for the help on finding creature types. I'd assume that is CreatureCache = ReadInt(ObjectBase +0xB30), then ReadInt(CreatureCache +0x1 and ReadInt(CreatureCache +0x20) respectively correct?


Yes, it's correct.



```
        public static void TargetUnit(ulong guid)
        {
            uint num = Memory.Magic.AllocateMemory(8);
            Memory.Magic.Write<ulong>(num, guid);
            string[] asm =
                {
                    "mov ecx, " + num,
                    "call " + 0x489A40,
                    "retn"
                };
            Memory.Magic.Executor.Execute(asm);
            Memory.Magic.FreeMemory(num);
        }
```

----------


## abystus

> Yes, it's correct.
> 
> 
> 
> ```
>         public static void TargetUnit(ulong guid)
>         {
>             uint num = Memory.Magic.AllocateMemory(8);
>             Memory.Magic.Write<ulong>(num, guid);
> ...


Thank you for the quick response.

Looks like:



```
    public enum CreatureType
    {
        Unknown = 0,
        Beast,
        Dragon,
        Demon,
        Elemental,
        Giant,
        Undead,
        Humanoid,
        Critter,
        Mechanical,
        NotSpecified,
        Totem,
        NonCombatPet,
        GasCloud
    }
```

Though it appears that WowClaffication is always returning 0. Not exactly sure why. What exactly does the classification tell me?

I'll get to working testing some of this stuff out, and see how it goes tomorrow evening. I think you are temping me to use that magic library after all since it appears to be an all in one type thing (did not know it could allocate memory and execute asm). BTW, which library are you using (White, Black, Grey, etc...) in your example? Again, thanks for all the helpful examples, and the use of your time.

----------


## abystus

A port of RivaLfr's example ([Sample Code] EndScene Hook with ASM and blackmagic) to MemorySharp syntax. The address and asm have been updated for version 1.12.1.

*Example Calls:*


```
LuaDoString("CastSpellByName(\"Stealth\")");
LuaDoString("DoEmote(\"cry\")");
```

*FastCall LuaDoString (Using MemorySharp):*


```
public static byte[] LuaDoString(string Command)
{
	// Return Value
	byte[] tempBytes = new byte[0];

	try
	{
		//Allocate Memory For Command
		var DoStringArg_Codecave = Memory.Memory.Allocate(Encoding.UTF8.GetBytes(Command).Length + 1);

		//Execute Address
		IntPtr FrameScript_Execute = new IntPtr(0x00704CD0);

		//Write Command In Allocated Memory
		Memory.WriteString(DoStringArg_Codecave.BaseAddress, Command, false);

		var asm = new[] 
		{
			"mov ecx, " + DoStringArg_Codecave.BaseAddress,
			"mov edx, " + DoStringArg_Codecave.BaseAddress,
			"call " + FrameScript_Execute,
			"retn",    
		};

		//Inject and Execute
		tempBytes = Executor.Execute(asm);

		//Free Memory Allocated For Command
		Memory.Memory.Deallocate(DoStringArg_Codecave);
	}
	catch { }

	return tempBytes;
}
```

----------


## Corthezz

FrameScript_Execute is fastcall.
Does anyone got the function SetFacing?

----------


## abystus

> FrameScript_Execute is fastcall.
> Does anyone got the function SetFacing?


Appreciate the response. Looks like SetFacing = 0x76DCE0. Hope that helps.

----------


## Achilees

Have been looking for SpellBook and related offsets, with no luck, offset or any pointer is much appreciated.

----------


## namreeb

In general, a good way to find things is to look for the handlers for the lua functions which access the data you're interested in. In this case, there are quite a few spell book related lua functions that you could look at (if memory serves).

----------


## namreeb

Someone asked me in a private message for the location of FrameScript::GetLocalizedText. I am responding here so that more than one person may benefit from the answer.

To my knowledge, FrameScript::GetLocalizedText did not exist in the 1.12.1 binary. Instead, there is merely FrameScript::GetText, which I believe is located at 0x703BF0.

If you compare CGGameUI: :Big Grin: isplayError in a recent version of the game to the 1.12.1 version, you will see the lack of FrameScript::GetLocalizedText in 1.12.1. For example...

This is from 4.3.3.15354 (and TOM_RUS's IDB published here ([WoW][4.3.3.15354] Info Dump Thread):


```
void CGGameUI::DisplayError(UIErrors errorCode, ...)
{
  char v1; // [email protected]
  UIErrors v2; // [email protected]
  int v3; // [email protected]
  int v4; // [email protected]
  int v5; // [email protected]
  char *v6; // [email protected]
  __int64 v7; // [email protected]
  int v8; // [email protected]
  int v9; // [email protected]
  signed int v10; // [email protected]
  char v11; // [email protected]
  char v12; // [sp-4h] [bp-C98h]@8
  char Str; // [sp+0h] [bp-C94h]@13
  int v14; // [sp+BB8h] [bp-DCh]@7
  int v15; // [sp+BC4h] [bp-D0h]@7
  int v16; // [sp+C7Ch] [bp-18h]@7
  int v17; // [sp+C80h] [bp-14h]@7
  int v18; // [sp+C84h] [bp-10h]@7
  va_list va; // [sp+CA0h] [bp+Ch]@1

  va_start(va, errorCode);
  v2 = errorCode;
  if ( errorCode < ERR_COUNT )
  {
    if ( errorCode == ERR_BAG_FULL )
    {
      CGTutorial::TriggerTutorial(57);
      v2 = ERR_BAG_FULL;
    }
    v3 = 10 * v2;
    v4 = dword_D0A43C[2 * v3 / 4u];
    v5 = 2 * v3;
    if ( v4 == 0x44 )
    {
      if ( strcasecmp((&off_D0A438)[v5], "NONE") )
      {
        v16 = 0;
        v17 = 0;
        v18 = 0;
        v15 = -1;
        SE3SoundKitProperties::ResetToDefaults(&v14);
        SE3::PlaySoundKit2(
          (&off_D0A438)[20 * errorCode],
          0,
          (int)&v14,
          0,
          (int)".\\GameUI.cpp",
          15559,
          (int)"CGGameUI::DisplayError");
      }
    }
    else
    {
      sub_B33950(v4);
    }
    v12 = v1;
    v6 = (&off_D0A430)[20 * errorCode];
    if ( v6 )
    {
      if ( *v6 )
      {
        v7 = ClntObjMgrGetActivePlayer();
        if ( ClntObjMgrObjectPtr(v7, TYPEMASK_PLAYER) )
          v8 = FrameScript::GetLocalizedText(v6, -1);
        else
          v8 = FrameScript_GetText(v6, -1, 0);
        SStrVPrintf(&Str, 3000, v8, va);
        v9 = (int)byte_ED4A38;
        v10 = 2999;
        while ( 1 )
        {
          v11 = *(_BYTE *)(&Str - byte_ED4A38 + v9);
          *(_BYTE *)v9++ = v11;
          if ( !v11 )
            break;
          --v10;
          if ( !v10 )
            goto LABEL_18;
        }
        if ( v10 )
          goto LABEL_19;
LABEL_18:
        *(_BYTE *)v9 = 0;
LABEL_19:
        switch ( dword_D0A434[5 * errorCode] )
        {
          case 0:
            ChatFrame::AddMessage(&Str, dword_D0A440[5 * errorCode], 0);
            break;
          case 1:
            if ( Str )
              FrameScript_SignalEvent(EVENT_UI_INFO_MESSAGE, "%s", &Str);
            break;
          case 2:
            if ( Str )
              FrameScript_SignalEvent(EVENT_UI_ERROR_MESSAGE, "%s", &Str);
            break;
          case 3:
            ConsoleWriteA(&Str, 3, v12);
            break;
          default:
            return;
        }
      }
    }
  }
}
```

And now the same function in its 1.12.1 version:



```
void CGGameUI::DisplayError(int arg0, ...)
{
  int v1; // [email protected]
  __int64 v2; // [email protected]
  int v3; // [email protected]
  int v4; // [email protected]
  char *v5; // [email protected]
  int v6; // [email protected]
  int Format; // [sp+0h] [bp-800h]@9
  va_list va; // [sp+80Ch] [bp+Ch]@1

  va_start(va, arg0);
  if ( arg0 < 465 )
  {
    if ( g_errorMessages[arg0].Unknown2 == 68 )
    {
      if ( SStrCmpI(g_errorMessages[arg0].Extra, "NONE", 0x7FFFFFFFu) )
        SndInterfacePlayInterfaceSound(g_errorMessages[arg0].Extra);
    }
    else
    {
      v2 = ClntObjMgrGetActivePlayer();
      v3 = ClntObjMgrObjectPtr(0x10u, "..\\Object/ObjectClient/Player_C.h", v2);
      if ( v3 )
      {
        v4 = sub_5ED5B0(v3, arg0);
        SndInterfacePlayVocalUISound(v4, g_errorMessages[arg0].Unknown2);
      }
    }
    v5 = g_errorMessages[arg0].Message;
    if ( v5 && *v5 )
    {
      v6 = FrameScript::GetText(-1, v5, v1, 0);
      SStrVPrintf((int)&Format, 2048, (char *)v6, va);
      SStrCopy(&unk_B4DA40, &Format, 2048);
      switch ( g_errorMessages[arg0].Unknown1 )
      {
        case 0:
          CGChat::AddChatMessage((int)&Format, g_errorMessages[arg0].Unknown3, 0, 0, 0, 0, 0, 0i64, 0, 0i64);
          break;
        case 1:
          CGGameUI::AddErrorMessage(&Format, 0);
          break;
        case 2:
          CGGameUI::AddErrorMessage(&Format, 1);
          break;
        case 3:
          ConsoleWriteA((char *)&Format, 3, Format);
          break;
        default:
          return;
      }
    }
  }
}
```

----------


## Valediction

Some LUAs:



```
lua0_pushvfstring 006F5990
luaC_collectgarbage 006F7340
luaC_link 006F7B20
luaD_pcall 006F6960
luaD_protectedparser 006F6A00
luaF_newCclosure 006F9E70
luaH_new 006FA4F0
luaL_loadbuffer 006F5690
luaL_openlib 006F4DC0
luaM_realloc?? 006FC980
luaS_newlstr 006F9D00
luaV_gettable 006F7CF0
luaZ_init 006FB4F0
luaZ_lookahead 006FB4C0
lua_call 006F4180
lua_concat 006F44E0
lua_cpcall 006F4260
lua_dobuffer 006F57C0
lua_dostring(x,x) 006F57F0
lua_dump 006F4370
lua_enablegc 006F43C0
lua_error 006F4440
lua_getfenv 006F3D50
lua_getgccount 006F43F0
lua_getmetatable 006F3CF0
lua_gettop 006F3070
lua_getupvalue 006F4660
lua_isnumber(x,x) 006F34D0
lua_isstring(x,x) 006F3510
lua_load 006F4320
lua_newtable 006F3C90
lua_newuserdata 006F4560
lua_pcall 006F41A0
lua_pushboolean 006F39F0
lua_pushcclosure 006F3920
lua_pushfstring 006F38F0
lua_pushlightuserdata 006F3A20
lua_pushlstring 006F3840
lua_pushnil(x) 006F37F0
lua_pushnumber(x,x,x) 006F3810
lua_pushstring(x,x) 006F3890
lua_pushvfstring 006F38C0
lua_rawseti 006F3EA0
lua_setfenv 006F40D0
lua_setmetatable 006F4020
lua_settable 006F3E20
lua_settop(x,x) 006F3080
lua_tonumber(x,x) 006F3620
lua_tostring(x,x) 006F3690
lua_version 006F4430
luaopen_math 007FB470
luaopen_string 007FD810
luaopen_table 007FBCD0
```

----------


## Prodian0013

More Descriptors for 1.12.1

I saw some posted a while back with descriptors but those arent working.

The unit fields from this dump are working - I have not tested the others yet.

Credit goes to the guys below for this dumper script.



```
/*----------------------------------
WoW Offset Dumper 0.1 - IDC Script
by kynox, updated by namreeb

Credits:
bobbysing, Patrick, Dominik, Azorbix
-----------------------------------*/

// Descriptors: 0x0083A2C0
enum eObjectFields
{
	OBJECT_FIELD_GUID = 0x0,
	OBJECT_FIELD_TYPE = 0x8,
	OBJECT_FIELD_ENTRY = 0xC,
	OBJECT_FIELD_SCALE_X = 0x10,
	OBJECT_FIELD_PADDING = 0x14,
	TOTAL_OBJECT_FIELDS = 0x5
};

// Descriptors: 0x0083A328
enum eItemFields
{
	ITEM_FIELD_OWNER = 0x18,
	ITEM_FIELD_CONTAINED = 0x20,
	ITEM_FIELD_CREATOR = 0x28,
	ITEM_FIELD_GIFTCREATOR = 0x30,
	ITEM_FIELD_STACK_COUNT = 0x38,
	ITEM_FIELD_DURATION = 0x3C,
	ITEM_FIELD_SPELL_CHARGES = 0x40,
	ITEM_FIELD_FLAGS = 0x54,
	ITEM_FIELD_ENCHANTMENT = 0x58,
	ITEM_FIELD_PROPERTY_SEED = 0xAC,
	ITEM_FIELD_RANDOM_PROPERTIES_ID = 0xB0,
	ITEM_FIELD_ITEM_TEXT_ID = 0xB4,
	ITEM_FIELD_DURABILITY = 0xB8,
	ITEM_FIELD_MAXDURABILITY = 0xBC,
	TOTAL_ITEM_FIELDS = 0xE
};

// Descriptors: 0x0083A440
enum eContainerFields
{
	CONTAINER_FIELD_NUM_SLOTS = 0x18,
	CONTAINER_ALIGN_PAD = 0x1C,
	CONTAINER_FIELD_SLOT_1 = 0x20,
	TOTAL_CONTAINER_FIELDS = 0x3
};

// Descriptors: 0x0083B880
enum eGameObjectFields
{
	OBJECT_FIELD_CREATED_BY = 0x18,
	GAMEOBJECT_DISPLAYID = 0x20,
	GAMEOBJECT_FLAGS = 0x24,
	GAMEOBJECT_ROTATION = 0x28,
	GAMEOBJECT_STATE = 0x38,
	GAMEOBJECT_POS_X = 0x3C,
	GAMEOBJECT_POS_Y = 0x40,
	GAMEOBJECT_POS_Z = 0x44,
	GAMEOBJECT_FACING = 0x48,
	GAMEOBJECT_DYN_FLAGS = 0x4C,
	GAMEOBJECT_FACTION = 0x50,
	GAMEOBJECT_TYPE_ID = 0x54,
	GAMEOBJECT_LEVEL = 0x58,
	GAMEOBJECT_ARTKIT = 0x5C,
	GAMEOBJECT_ANIMPROGRESS = 0x60,
	GAMEOBJECT_PADDING = 0x64,
	TOTAL_GAMEOBJECT_FIELDS = 0x10
};

// Descriptors: 0x0083B9C0
enum eDynamicObjectFields
{
	DYNAMICOBJECT_CASTER = 0x18,
	DYNAMICOBJECT_BYTES = 0x20,
	DYNAMICOBJECT_SPELLID = 0x24,
	DYNAMICOBJECT_RADIUS = 0x28,
	DYNAMICOBJECT_POS_X = 0x2C,
	DYNAMICOBJECT_POS_Y = 0x30,
	DYNAMICOBJECT_POS_Z = 0x34,
	DYNAMICOBJECT_FACING = 0x38,
	DYNAMICOBJECT_PAD = 0x3C,
	TOTAL_DYNAMICOBJECT_FIELDS = 0x9
};

// Descriptors: 0x0083BA78
enum eCorpseFields
{
	CORPSE_FIELD_OWNER = 0x18,
	CORPSE_FIELD_FACING = 0x20,
	CORPSE_FIELD_POS_X = 0x24,
	CORPSE_FIELD_POS_Y = 0x28,
	CORPSE_FIELD_POS_Z = 0x2C,
	CORPSE_FIELD_DISPLAY_ID = 0x30,
	CORPSE_FIELD_ITEM = 0x34,
	CORPSE_FIELD_BYTES_1 = 0x80,
	CORPSE_FIELD_BYTES_2 = 0x84,
	CORPSE_FIELD_GUILD = 0x88,
	CORPSE_FIELD_FLAGS = 0x8C,
	CORPSE_FIELD_DYNAMIC_FLAGS = 0x90,
	CORPSE_FIELD_PAD = 0x94,
	TOTAL_CORPSE_FIELDS = 0xD
};

// Descriptors: 0x0083A480
enum eUnitFields
{
	UNIT_FIELD_CHARM = 0x18,
	UNIT_FIELD_SUMMON = 0x20,
	UNIT_FIELD_CHARMEDBY = 0x28,
	UNIT_FIELD_SUMMONEDBY = 0x30,
	UNIT_FIELD_CREATEDBY = 0x38,
	UNIT_FIELD_TARGET = 0x40,
	UNIT_FIELD_PERSUADED = 0x48,
	UNIT_FIELD_CHANNEL_OBJECT = 0x50,
	UNIT_FIELD_HEALTH = 0x58,
	UNIT_FIELD_POWER1 = 0x5C,
	UNIT_FIELD_POWER2 = 0x60,
	UNIT_FIELD_POWER3 = 0x64,
	UNIT_FIELD_POWER4 = 0x68,
	UNIT_FIELD_POWER5 = 0x6C,
	UNIT_FIELD_MAXHEALTH = 0x70,
	UNIT_FIELD_MAXPOWER1 = 0x74,
	UNIT_FIELD_MAXPOWER2 = 0x78,
	UNIT_FIELD_MAXPOWER3 = 0x7C,
	UNIT_FIELD_MAXPOWER4 = 0x80,
	UNIT_FIELD_MAXPOWER5 = 0x84,
	UNIT_FIELD_LEVEL = 0x88,
	UNIT_FIELD_FACTIONTEMPLATE = 0x8C,
	UNIT_FIELD_BYTES_0 = 0x90,
	UNIT_VIRTUAL_ITEM_SLOT_DISPLAY = 0x94,
	UNIT_VIRTUAL_ITEM_INFO = 0xA0,
	UNIT_FIELD_FLAGS = 0xB8,
	UNIT_FIELD_AURA = 0xBC,
	UNIT_FIELD_AURAFLAGS = 0x17C,
	UNIT_FIELD_AURALEVELS = 0x194,
	UNIT_FIELD_AURAAPPLICATIONS = 0x1C4,
	UNIT_FIELD_AURASTATE = 0x1F4,
	UNIT_FIELD_BASEATTACKTIME = 0x1F8,
	UNIT_FIELD_RANGEDATTACKTIME = 0x200,
	UNIT_FIELD_BOUNDINGRADIUS = 0x204,
	UNIT_FIELD_COMBATREACH = 0x208,
	UNIT_FIELD_DISPLAYID = 0x20C,
	UNIT_FIELD_NATIVEDISPLAYID = 0x210,
	UNIT_FIELD_MOUNTDISPLAYID = 0x214,
	UNIT_FIELD_MINDAMAGE = 0x218,
	UNIT_FIELD_MAXDAMAGE = 0x21C,
	UNIT_FIELD_MINOFFHANDDAMAGE = 0x220,
	UNIT_FIELD_MAXOFFHANDDAMAGE = 0x224,
	UNIT_FIELD_BYTES_1 = 0x228,
	UNIT_FIELD_PETNUMBER = 0x22C,
	UNIT_FIELD_PET_NAME_TIMESTAMP = 0x230,
	UNIT_FIELD_PETEXPERIENCE = 0x234,
	UNIT_FIELD_PETNEXTLEVELEXP = 0x238,
	UNIT_DYNAMIC_FLAGS = 0x23C,
	UNIT_CHANNEL_SPELL = 0x240,
	UNIT_MOD_CAST_SPEED = 0x244,
	UNIT_CREATED_BY_SPELL = 0x248,
	UNIT_NPC_FLAGS = 0x24C,
	UNIT_NPC_EMOTESTATE = 0x250,
	UNIT_TRAINING_POINTS = 0x254,
	UNIT_FIELD_STAT0 = 0x258,
	UNIT_FIELD_STAT1 = 0x25C,
	UNIT_FIELD_STAT2 = 0x260,
	UNIT_FIELD_STAT3 = 0x264,
	UNIT_FIELD_STAT4 = 0x268,
	UNIT_FIELD_RESISTANCES = 0x26C,
	UNIT_FIELD_BASE_MANA = 0x288,
	UNIT_FIELD_BASE_HEALTH = 0x28C,
	UNIT_FIELD_BYTES_2 = 0x290,
	UNIT_FIELD_ATTACK_POWER = 0x294,
	UNIT_FIELD_ATTACK_POWER_MODS = 0x298,
	UNIT_FIELD_ATTACK_POWER_MULTIPLIER = 0x29C,
	UNIT_FIELD_RANGED_ATTACK_POWER = 0x2A0,
	UNIT_FIELD_RANGED_ATTACK_POWER_MODS = 0x2A4,
	UNIT_FIELD_RANGED_ATTACK_POWER_MULTIPLIER = 0x2A8,
	UNIT_FIELD_MINRANGEDDAMAGE = 0x2AC,
	UNIT_FIELD_MAXRANGEDDAMAGE = 0x2B0,
	UNIT_FIELD_POWER_COST_MODIFIER = 0x2B4,
	UNIT_FIELD_POWER_COST_MULTIPLIER = 0x2D0,
	UNIT_FIELD_PADDING = 0x2EC,
	TOTAL_UNIT_FIELDS = 0x4A
};

// Descriptors: 0x0083AA48
enum ePlayerFields
{
	PLAYER_DUEL_ARBITER = 0x2F0,
	PLAYER_FLAGS = 0x2F8,
	PLAYER_GUILDID = 0x2FC,
	PLAYER_GUILDRANK = 0x300,
	PLAYER_BYTES = 0x304,
	PLAYER_BYTES_2 = 0x308,
	PLAYER_BYTES_3 = 0x30C,
	PLAYER_DUEL_TEAM = 0x310,
	PLAYER_GUILD_TIMESTAMP = 0x314,
	PLAYER_QUEST_LOG_1_1 = 0x318,
	PLAYER_QUEST_LOG_1_2 = 0x31C,
	PLAYER_QUEST_LOG_2_1 = 0x324,
	PLAYER_QUEST_LOG_2_2 = 0x328,
	PLAYER_QUEST_LOG_3_1 = 0x330,
	PLAYER_QUEST_LOG_3_2 = 0x334,
	PLAYER_QUEST_LOG_4_1 = 0x33C,
	PLAYER_QUEST_LOG_4_2 = 0x340,
	PLAYER_QUEST_LOG_5_1 = 0x348,
	PLAYER_QUEST_LOG_5_2 = 0x34C,
	PLAYER_QUEST_LOG_6_1 = 0x354,
	PLAYER_QUEST_LOG_6_2 = 0x358,
	PLAYER_QUEST_LOG_7_1 = 0x360,
	PLAYER_QUEST_LOG_7_2 = 0x364,
	PLAYER_QUEST_LOG_8_1 = 0x36C,
	PLAYER_QUEST_LOG_8_2 = 0x370,
	PLAYER_QUEST_LOG_9_1 = 0x378,
	PLAYER_QUEST_LOG_9_2 = 0x37C,
	PLAYER_QUEST_LOG_10_1 = 0x384,
	PLAYER_QUEST_LOG_10_2 = 0x388,
	PLAYER_QUEST_LOG_11_1 = 0x390,
	PLAYER_QUEST_LOG_11_2 = 0x394,
	PLAYER_QUEST_LOG_12_1 = 0x39C,
	PLAYER_QUEST_LOG_12_2 = 0x3A0,
	PLAYER_QUEST_LOG_13_1 = 0x3A8,
	PLAYER_QUEST_LOG_13_2 = 0x3AC,
	PLAYER_QUEST_LOG_14_1 = 0x3B4,
	PLAYER_QUEST_LOG_14_2 = 0x3B8,
	PLAYER_QUEST_LOG_15_1 = 0x3C0,
	PLAYER_QUEST_LOG_15_2 = 0x3C4,
	PLAYER_QUEST_LOG_16_1 = 0x3CC,
	PLAYER_QUEST_LOG_16_2 = 0x3D0,
	PLAYER_QUEST_LOG_17_1 = 0x3D8,
	PLAYER_QUEST_LOG_17_2 = 0x3DC,
	PLAYER_QUEST_LOG_18_1 = 0x3E4,
	PLAYER_QUEST_LOG_18_2 = 0x3E8,
	PLAYER_QUEST_LOG_19_1 = 0x3F0,
	PLAYER_QUEST_LOG_19_2 = 0x3F4,
	PLAYER_QUEST_LOG_20_1 = 0x3FC,
	PLAYER_QUEST_LOG_20_2 = 0x400,
	PLAYER_VISIBLE_ITEM_1_CREATOR = 0x408,
	PLAYER_VISIBLE_ITEM_1_0 = 0x410,
	PLAYER_VISIBLE_ITEM_1_PROPERTIES = 0x430,
	PLAYER_VISIBLE_ITEM_1_PAD = 0x434,
	PLAYER_VISIBLE_ITEM_2_CREATOR = 0x438,
	PLAYER_VISIBLE_ITEM_2_0 = 0x440,
	PLAYER_VISIBLE_ITEM_2_PROPERTIES = 0x460,
	PLAYER_VISIBLE_ITEM_2_PAD = 0x464,
	PLAYER_VISIBLE_ITEM_3_CREATOR = 0x468,
	PLAYER_VISIBLE_ITEM_3_0 = 0x470,
	PLAYER_VISIBLE_ITEM_3_PROPERTIES = 0x490,
	PLAYER_VISIBLE_ITEM_3_PAD = 0x494,
	PLAYER_VISIBLE_ITEM_4_CREATOR = 0x498,
	PLAYER_VISIBLE_ITEM_4_0 = 0x4A0,
	PLAYER_VISIBLE_ITEM_4_PROPERTIES = 0x4C0,
	PLAYER_VISIBLE_ITEM_4_PAD = 0x4C4,
	PLAYER_VISIBLE_ITEM_5_CREATOR = 0x4C8,
	PLAYER_VISIBLE_ITEM_5_0 = 0x4D0,
	PLAYER_VISIBLE_ITEM_5_PROPERTIES = 0x4F0,
	PLAYER_VISIBLE_ITEM_5_PAD = 0x4F4,
	PLAYER_VISIBLE_ITEM_6_CREATOR = 0x4F8,
	PLAYER_VISIBLE_ITEM_6_0 = 0x500,
	PLAYER_VISIBLE_ITEM_6_PROPERTIES = 0x520,
	PLAYER_VISIBLE_ITEM_6_PAD = 0x524,
	PLAYER_VISIBLE_ITEM_7_CREATOR = 0x528,
	PLAYER_VISIBLE_ITEM_7_0 = 0x530,
	PLAYER_VISIBLE_ITEM_7_PROPERTIES = 0x550,
	PLAYER_VISIBLE_ITEM_7_PAD = 0x554,
	PLAYER_VISIBLE_ITEM_8_CREATOR = 0x558,
	PLAYER_VISIBLE_ITEM_8_0 = 0x560,
	PLAYER_VISIBLE_ITEM_8_PROPERTIES = 0x580,
	PLAYER_VISIBLE_ITEM_8_PAD = 0x584,
	PLAYER_VISIBLE_ITEM_9_CREATOR = 0x588,
	PLAYER_VISIBLE_ITEM_9_0 = 0x590,
	PLAYER_VISIBLE_ITEM_9_PROPERTIES = 0x5B0,
	PLAYER_VISIBLE_ITEM_9_PAD = 0x5B4,
	PLAYER_VISIBLE_ITEM_10_CREATOR = 0x5B8,
	PLAYER_VISIBLE_ITEM_10_0 = 0x5C0,
	PLAYER_VISIBLE_ITEM_10_PROPERTIES = 0x5E0,
	PLAYER_VISIBLE_ITEM_10_PAD = 0x5E4,
	PLAYER_VISIBLE_ITEM_11_CREATOR = 0x5E8,
	PLAYER_VISIBLE_ITEM_11_0 = 0x5F0,
	PLAYER_VISIBLE_ITEM_11_PROPERTIES = 0x610,
	PLAYER_VISIBLE_ITEM_11_PAD = 0x614,
	PLAYER_VISIBLE_ITEM_12_CREATOR = 0x618,
	PLAYER_VISIBLE_ITEM_12_0 = 0x620,
	PLAYER_VISIBLE_ITEM_12_PROPERTIES = 0x640,
	PLAYER_VISIBLE_ITEM_12_PAD = 0x644,
	PLAYER_VISIBLE_ITEM_13_CREATOR = 0x648,
	PLAYER_VISIBLE_ITEM_13_0 = 0x650,
	PLAYER_VISIBLE_ITEM_13_PROPERTIES = 0x670,
	PLAYER_VISIBLE_ITEM_13_PAD = 0x674,
	PLAYER_VISIBLE_ITEM_14_CREATOR = 0x678,
	PLAYER_VISIBLE_ITEM_14_0 = 0x680,
	PLAYER_VISIBLE_ITEM_14_PROPERTIES = 0x6A0,
	PLAYER_VISIBLE_ITEM_14_PAD = 0x6A4,
	PLAYER_VISIBLE_ITEM_15_CREATOR = 0x6A8,
	PLAYER_VISIBLE_ITEM_15_0 = 0x6B0,
	PLAYER_VISIBLE_ITEM_15_PROPERTIES = 0x6D0,
	PLAYER_VISIBLE_ITEM_15_PAD = 0x6D4,
	PLAYER_VISIBLE_ITEM_16_CREATOR = 0x6D8,
	PLAYER_VISIBLE_ITEM_16_0 = 0x6E0,
	PLAYER_VISIBLE_ITEM_16_PROPERTIES = 0x700,
	PLAYER_VISIBLE_ITEM_16_PAD = 0x704,
	PLAYER_VISIBLE_ITEM_17_CREATOR = 0x708,
	PLAYER_VISIBLE_ITEM_17_0 = 0x710,
	PLAYER_VISIBLE_ITEM_17_PROPERTIES = 0x730,
	PLAYER_VISIBLE_ITEM_17_PAD = 0x734,
	PLAYER_VISIBLE_ITEM_18_CREATOR = 0x738,
	PLAYER_VISIBLE_ITEM_18_0 = 0x740,
	PLAYER_VISIBLE_ITEM_18_PROPERTIES = 0x760,
	PLAYER_VISIBLE_ITEM_18_PAD = 0x764,
	PLAYER_VISIBLE_ITEM_19_CREATOR = 0x768,
	PLAYER_VISIBLE_ITEM_19_0 = 0x770,
	PLAYER_VISIBLE_ITEM_19_PROPERTIES = 0x790,
	PLAYER_VISIBLE_ITEM_19_PAD = 0x794,
	PLAYER_FIELD_INV_SLOT_HEAD = 0x798,
	PLAYER_FIELD_PACK_SLOT_1 = 0x850,
	PLAYER_FIELD_BANK_SLOT_1 = 0x8D0,
	PLAYER_FIELD_BANKBAG_SLOT_1 = 0x990,
	PLAYER_FIELD_VENDORBUYBACK_SLOT_1 = 0x9C0,
	PLAYER_FIELD_KEYRING_SLOT_1 = 0xA20,
	PLAYER_FARSIGHT = 0xB20,
	PLAYER__FIELD_COMBO_TARGET = 0xB28,
	PLAYER_XP = 0xB30,
	PLAYER_NEXT_LEVEL_XP = 0xB34,
	PLAYER_SKILL_INFO_1_1 = 0xB38,
	PLAYER_CHARACTER_POINTS1 = 0x1138,
	PLAYER_CHARACTER_POINTS2 = 0x113C,
	PLAYER_TRACK_CREATURES = 0x1140,
	PLAYER_TRACK_RESOURCES = 0x1144,
	PLAYER_BLOCK_PERCENTAGE = 0x1148,
	PLAYER_DODGE_PERCENTAGE = 0x114C,
	PLAYER_PARRY_PERCENTAGE = 0x1150,
	PLAYER_CRIT_PERCENTAGE = 0x1154,
	PLAYER_RANGED_CRIT_PERCENTAGE = 0x1158,
	PLAYER_EXPLORED_ZONES_1 = 0x115C,
	PLAYER_REST_STATE_EXPERIENCE = 0x125C,
	PLAYER_FIELD_COINAGE = 0x1260,
	PLAYER_FIELD_POSSTAT0 = 0x1264,
	PLAYER_FIELD_POSSTAT1 = 0x1268,
	PLAYER_FIELD_POSSTAT2 = 0x126C,
	PLAYER_FIELD_POSSTAT3 = 0x1270,
	PLAYER_FIELD_POSSTAT4 = 0x1274,
	PLAYER_FIELD_NEGSTAT0 = 0x1278,
	PLAYER_FIELD_NEGSTAT1 = 0x127C,
	PLAYER_FIELD_NEGSTAT2 = 0x1280,
	PLAYER_FIELD_NEGSTAT3 = 0x1284,
	PLAYER_FIELD_NEGSTAT4 = 0x1288,
	PLAYER_FIELD_RESISTANCEBUFFMODSPOSITIVE = 0x128C,
	PLAYER_FIELD_RESISTANCEBUFFMODSNEGATIVE = 0x12A8,
	PLAYER_FIELD_MOD_DAMAGE_DONE_POS = 0x12C4,
	PLAYER_FIELD_MOD_DAMAGE_DONE_NEG = 0x12E0,
	PLAYER_FIELD_MOD_DAMAGE_DONE_PCT = 0x12FC,
	PLAYER_FIELD_BYTES = 0x1318,
	PLAYER_AMMO_ID = 0x131C,
	PLAYER_SELF_RES_SPELL = 0x1320,
	PLAYER_FIELD_PVP_MEDALS = 0x1324,
	PLAYER_FIELD_BUYBACK_PRICE_1 = 0x1328,
	PLAYER_FIELD_BUYBACK_TIMESTAMP_1 = 0x1358,
	PLAYER_FIELD_SESSION_KILLS = 0x1388,
	PLAYER_FIELD_YESTERDAY_KILLS = 0x138C,
	PLAYER_FIELD_LAST_WEEK_KILLS = 0x1390,
	PLAYER_FIELD_THIS_WEEK_KILLS = 0x1394,
	PLAYER_FIELD_THIS_WEEK_CONTRIBUTION = 0x1398,
	PLAYER_FIELD_LIFETIME_HONORBALE_KILLS = 0x139C,
	PLAYER_FIELD_LIFETIME_DISHONORBALE_KILLS = 0x13A0,
	PLAYER_FIELD_YESTERDAY_CONTRIBUTION = 0x13A4,
	PLAYER_FIELD_LAST_WEEK_CONTRIBUTION = 0x13A8,
	PLAYER_FIELD_LAST_WEEK_RANK = 0x13AC,
	PLAYER_FIELD_BYTES2 = 0x13B0,
	PLAYER_FIELD_WATCHED_FACTION_INDEX = 0x13B4,
	PLAYER_FIELD_COMBAT_RATING_1 = 0x13B8,
	TOTAL_PLAYER_FIELDS = 0xB6
};
```

----------


## nfx

Anyone got corpse offset yet ?

----------


## Sacred

> Anyone got corpse offset yet ?




```
        internal enum Corpse : uint
        {
            X = 0xB4E284,
            Y = X + 4,
            Z = Y + 4,
        }
```

----------


## nfx

> Thanks for the help on finding creature types. I'd assume that is CreatureCache = ReadInt(ObjectBase +0xB30), then ReadInt(CreatureCache +0x1 and ReadInt(CreatureCache +0x20) respectively correct? Just saw "BaseAddress" so figured I would ask (would have to be ObjectBase to display per object returned).
> 
> I appreciate the help both of you provided, and threw a little rep for your time. By the way, is there any easy way to target mobs/npcs in this client? I tried to use TargetUnit along with dll injection, and modified the entry to where I could pass it GUID, but it seems that it is not designed to be force fed a GUID, and eventually will crash the client (though it works until that point). I have resorted to tab targeting until the GUID of my target matches the next target on my bot, and well while that works there has to be a better method. Thanks again!



try this


```
        public static void SetTarget(ulong guid)
        {
            WoWManager.Memory.Write<UInt64>(WoWManager.BaseAddress + WoWOffset.LastTargetGuid, guid);
            DoString("RunMacroText(\"/targetlasttarget\")");
        }
```

----------


## Valediction

> By the way, is there any easy way to target mobs/npcs in this client? I tried to use TargetUnit along with dll injection, and modified the entry to where I could pass it GUID, but it seems that it is not designed to be force fed a GUID, and eventually will crash the client (though it works until that point).


I don't recall having any problems:



```
Declare: 
public delegate int D_CGGameUI__Target(ref ulong guid);

Use:
fn.CGGameUI__Target__Hooked(guid);
```

If you're going to use DLL Injection, use that function (CGGameUI::Target) which is designed to take GUIDs.

----------


## JuJuBoSc

I don't think it take a reference

----------


## Valediction

> I don't think it take a reference


I currently on Linux so I can't test this thoroughly, but a quick disasm of the function (note it's AT&T syntax):


```
 This is CGGameUI::Target
 229227   489a40:   56                      push   %esi
 229228   489a41:   8b f1                   mov    %ecx,%esi
 229229   489a43:   8b 46 04                mov    0x4(%esi),%eax
 229230   489a46:   8b 0e                   mov    (%esi),%ecx
 229231   489a48:   68 5d 01 00 00          push   $0x15d
 229232   489a4d:   50                      push   %eax
 229233   489a4e:   51                      push   %ecx
 229234   489a4f:   ba d4 25 84 00          mov    $0x8425d4,%edx
 229235   489a54:   b9 08 00 00 00          mov    $0x8,%ecx
 229236   489a59:   e8 02 ea fd ff          call   0x468460
 229237   489a5e:   85 c0                   test   %eax,%eax
 229238   489a60:   75 0b                   jne    0x489a6d
 229239   489a62:   8b ce                   mov    %esi,%ecx
 229240   489a64:   e8 97 7e 00 00          call   0x491900
 229241   489a69:   85 c0                   test   %eax,%eax
 229242   489a6b:   74 0c                   je     0x489a79
 229243   489a6d:   8b 56 04                mov    0x4(%esi),%edx
 229244   489a70:   8b 06                   mov    (%esi),%eax
 229245   489a72:   52                      push   %edx
 229246   489a73:   50                      push   %eax
 229247   489a74:   e8 c7 9a 00 00          call   0x493540
 229248   489a79:   5e                      pop    %esi
 229249   489a7a:   c3                      ret
```

You can see how the high and low DWORDS are extracted from the pointer, which is the sole argument to the function, passed in as %ecx, which is customary in this build of WoW.

----------


## DarkLinux

Anyone having problems doing WorldToScreen? I am looking over all units from the object manager and drawing a +. This is all done from an EndScene hook, but it flashes like crazy. Any ideas? I have seen this before from an external hack but that was b/c the render thread and my thread where not in sync.



```
class CameraInfo
{
public:
	__int32 *VTable;	 //0x0000 
	__int32 unknown0;	 //0x0004 
	float fPos[3];		 //0x0008 
	float fViewMat[3][3];	 //0x0014 
	float fFov;		 //0x0038 
	float zNearPlane;	 //0x003C 
	float zFarPlane;	 //0x0040 
	float aspectRatio;	 //0x0044 

};//Size=0x0048
```



---- Edit

nvm... found the delay... Looked at it about 100x lame GetTickCount()....

----------


## namreeb

That looks interesting, DarkLinux. What are you working on?

----------


## DarkLinux

@namreeb The last bot I coded for wow was back in 3.3.5 and it was all done in C#. A friend started playing 1.12.1, so I started to code a new bot. Its done in C++ and fully injected. I have some of the basics done  :Big Grin:  Working on some fun things like 3D, and I am going to start on a mesh nav system if I get time...

Has anyone done any 3D stuff yet? I just used some of my old code... But it only shows up in my mini map... I am so lost XD Worked fine in Cata beta... Guess I'm asking where is the best place to draw?

----------


## namreeb

I haven't had the need to render in the game world in WoW. Although I was thinking about doing it for my HoN hack. Are you using any kind of library to do this? Or just DirectX?

----------


## DarkLinux

I just use DirectX, I hooked CGWorldFrame::RenderWorld 0x482D70 thinking it was CWorldSceneRender::Render but nothing. Going to keep playing around with it.


It should look something like this,

----------


## namreeb

Well I am a total idiot when it comes to DirectX but presumably at some point in the process the frame is initialized, and at some point it is finalized. I presume that you need to execute your code after it is initialized, and after the terrain is rendered. Is this right? If so, what is this initialization function? Perhaps you could look for calls to it?

----------


## DarkLinux

How are you guys interacting with objects? I am working on looting, but running to a small problem. I am calling the CTM function (0x611130), but it only loots if I am not ontop of the object. I played around with world to screen and calling CGGameUI::RightClick (0x492820) but thats not working. Does anyone have the VMT for units, so I can call object interact? Or have another way of interacting with objects so I can loot? 

Thanks!

----------


## Valediction

> How are you guys interacting with objects? I am working on looting, but running to a small problem. I am calling the CTM function (0x611130), but it only loots if I am not ontop of the object. I played around with world to screen and calling CGGameUI::RightClick (0x492820) but thats not working. Does anyone have the VMT for units, so I can call object interact? Or have another way of interacting with objects so I can loot? 
> 
> Thanks!


I remember using a combination of LootUnit when sufficiently close to the corpse, to open the window, and LootSlot + GetNumLootItems (name was something like that) to perform the actual looting.

----------


## culino2

> How are you guys interacting with objects? I am working on looting, but running to a small problem. I am calling the CTM function (0x611130), but it only loots if I am not ontop of the object. I played around with world to screen and calling CGGameUI::RightClick (0x492820) but thats not working. Does anyone have the VMT for units, so I can call object interact? Or have another way of interacting with objects so I can loot? 
> 
> Thanks!


Try 0x5DF2A0 (I guess it's CGPlayer_C::LootUnit).

First arg is the unit ptr, second unknown - 0.

edit: For objects you could use

005F8660 CGGameObject_C__OnRightClick

----------


## namreeb

My method:



```
namespace ClassicWowHack.Game.Objects
{
    class GameObject : Object
    {
        public void Use()
        {
            var packet = new CDataStore(12) { OpCode = OpCode.CMSG_GAMEOBJ_USE };
            packet.Write(Guid);
            Net.Send(packet);
        }
    }
}
```

----------


## rens

Does anyone have any information about mesh creation and 1.12.1?

I can't see to find any wiki with map information for classic

----------


## namreeb

Take a look at cmangos' mmap generator. It uses recast and detour for 1.12.1. https://github.com/cmangos/mangos-cl...ntrib/mmap/src

----------


## rens

> Take a look at cmangos' mmap generator. It uses recast and detour for 1.12.1. https://github.com/cmangos/mangos-cl...ntrib/mmap/src


Great! From that i've managed to load the terrain!

However reading Azeroth_32_49.adt im sure there should be a MCLQ chunk... However I only get these:



```
MVER
MHDR
MCIN
MTEX
MMDX
MMID
MWMO
MWID
MDDF
MODF
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
MCNK
```

----------


## namreeb

If you're right that it is MCLQ and not MH20 that is because MCLQ is a subchunk of MCNK. See here for a description of the ADT files: ADT/v18 - WoWDev

----------


## rens

> If you're right that it is MCLQ and not MH20 that is because MCLQ is a subchunk of MCNK. See here for a description of the ADT files: ADT/v18 - WoWDev


Ah. Perfect!

Im sure MH20 was added in WOTLK  :Wink: 


@DarkLinux, I have replied to you PM. Im happy to help where I can.

----------


## DarkLinux

Has anyone run into any problems with ClickToMove? 90% of the time it works just fine, but in some areas it stutters. Even if my bot is not calling Click To Move, for example me clicking where I want to go it still stutters. I click, it moves 1/2 a foot then stops. And this only happens in some areas. Was thinking that I was clicking underground a little, but I added +2 for the Z axis, but that did not help. Any ideas? I would hate to rewrite my nav system. Thanks!

----------


## namreeb

Actually yes I have had this problem too. I assumed it was due to some state cleanup that I am missing by simply calling the CTM function. Never bothered checking into it.

----------


## Valediction

> Has anyone run into any problems with ClickToMove? 90% of the time it works just fine, but in some areas it stutters. Even if my bot is not calling Click To Move, for example me clicking where I want to go it still stutters. I click, it moves 1/2 a foot then stops. And this only happens in some areas. Was thinking that I was clicking underground a little, but I added +2 for the Z axis, but that did not help. Any ideas? I would hate to rewrite my nav system. Thanks!


Yes, I got exactly that too. It's annoying, I had to basically implement some sort of timeout to make it retry, not too long so the movement is fluid (but for that also had to make the CTM "steps" shorter so as not to trigger a timeout in long steps).

----------


## DarkLinux

Found a quick fix! If you go to 0x0060FC30 you will see,



```
mov [00C4D888],0000000C
```

If you NOP it out or change it to 0x4 click to move will not go away, even when you are on top of your target. But you can click on any location / surface, no more stutter! But you then need to add your own distance check, but I think thats better then it stuttering. Or you could just leave it on, have not tested.



```
mov [00C4D888],0000000C

to 

mov [00C4D888],00000004
```


----Edit

Just tested it with it on all the time, works just fine! No more stutter  :Big Grin: 

----Edit

The above changes are scanned by warden on almost all servers. 

Take a look at,
[WoW] 1.12.1.5875 Info Dump Thread

----------


## Valediction

Cool, that should make it work like it's supposed to, thanks for the tip.

----------


## Sacred

Some stuff.


```
            CWorldMap__QueryOutdoors = 0x69D830,
            Spell_C_CancelAura = 0x6E7040,
            CWorld__QueryLiquidStatus = 0x6723D0,
            Spell_C_HandleTerrainClick = 0x6E60F0,
            ItemCacheDBGetRow = 0x55BA30,
            CreatureCacheDBGetRow = 0x556AA0,
            GameObjectCacheDBGetRow = 0x558560,
```



```
        internal enum Warden : uint
        {
            LoadWardenModuleEnd = 0x7A7D72,
            CMSG_WARDEN_DATA_Handler = 0x6CA6A0,
            SMSG_WARDEN_DATA_Handler = 0x6CA5C0,
            Warden_RC4KeyPtr = 0xCE897C,
            Warden_RC4KeySize = 0x102,
            Warden_RC4KeyOffset = 0x20,
        }
```



```
        internal enum Console : uint
        {
            ConsoleWrite = 0x63CD00,
            ConsoleRegisterCommand = 0x63F9E0,
            ConsoleUnregisterCommand = 0x63FB40,
            EnableConsole = 0xC4EC20,
            InvalidfunctionPtrStart = 0x884800, //1
            InvalidfunctionPtrEnd = 0x884C00,  //7FFFFFFF
        }

        internal enum CharacterScreen : uint
        {
            Pointer = 0xB42144,
            Size = 0x120,
            NumCharacters = Pointer - 0x4,
            LoginState = 0xB41478,
        }

        internal enum Spells : uint
        {
            SpellCooldownPtr = 0xCECAEC,
            SpellCooldownOffset = 0xCECAF4,
            SpellMaxIndex = 0xC0D78C,
            SpellBookKnownSpellsPlayer = 0xB700F0,
            SpellBookKnownSpellsPet = 0xB6F098,
            SpellIsTargeting = 0xCECAC0,
        }
```

----------


## namreeb

Nice work. Have you done much work reversing the common mangos warden module?

----------


## DarkLinux

wow-one Warsong (30min scan)


```
EverScan 
By : Darklinux @ Ever-Devs.com / OwnedCore.com 

Address : 0x7c63da     Size : 0x3  //NoFallDamage
Address : 0x618919     Size : 0x4
Address : 0x7c625e     Size : 0x2  //InfiniteJump
Address : 0x7c4955     Size : 0x3
Address : 0x7c6272     Size : 0x4  //JumpGravity
Address : 0x615cf5     Size : 0x1  //AntiMove
Address : 0x7c6206     Size : 0xb
Address : 0x6163db     Size : 0x3  //AntiRoot
Address : 0x615ba7     Size : 0x4  //HeartbeatInterval
Address : 0x6341bc     Size : 0x2  //SuperFly
Address : 0x7c6269     Size : 0x4  //JumpGravityWater

Done
```

Looks like they are only scanning for Jadd's hack...
http://www.ownedcore.com/forums/worl...ml#post2436167 ([WoW] 1.12.1.5875 Info Dump Thread)

----------


## DarkLinux

@culino2 
They do a lot of pointless scans by the looks of it. They normally have a size of zero and the address are all over the place. I let it run and it was up around the 300 market lols.

Also could you not just unlink the dll to bypass the dll file name hash?

Going to look into what else they scan a little more, thanks for the info  :Big Grin:

----------


## DarkLinux

It does not look like they do any self checks, but I dont know how safe it would be to start patching all this stuff. Thanks for the tip on using mod32first/next. Anything else I should look out for? How much have they reversed? Could they load any module they want?

----------


## Master674

> I guess they can't load custom/modified modules. Dunno if there is more than one 1.12.1 module.
> They could add a signature check without using mod32, they may implement/enable it later, so watch their scans.


They could. There is a bug in warden which could allow you to use arbitrary modules. And also spread around viruses n' shit.

----------


## namreeb

Yes there is a way to perform arbitrary code execution with Warden. I highly doubt anyone there will be able to figure it out, though.




> @culino2 
> They do a lot of pointless scans by the looks of it. They normally have a size of zero and the address are all over the place. I let it run and it was up around the 300 market lols.
> 
> Also could you not just unlink the dll to bypass the dll file name hash?
> 
> Going to look into what else they scan a little more, thanks for the info


Are you sure about this? I haven't played there for six months or so but when I stopped all of their scans had a purpose..

----------


## Master674

> Yes there is a way to perform arbitrary code execution with Warden. I highly doubt anyone there will be able to figure it out, though.
> 
> 
> 
> Are you sure about this? I haven't played there for six months or so but when I stopped all of their scans had a purpose..


Let's hope so. Cuz I don't really wanna be infected with viruses next time I log in to some random private server.

----------


## namreeb

Not to sound arrogant, but to my knowledge nobody has been able to reproduce it except me, and I haven't shared the details with anyone.

----------


## DarkLinux

The trace program I'm using will not attach to wow  :Frown:  Anyone know of a function like,

RunMacro(id or "name") - Runs a macro.
RunMacroText("macro") - Interpret the given string as a macro and run it.

----------


## namreeb

I don't know how to run macros, but I can show you how to execute Lua code. Would that help? Are you in C# or C++?

----------


## DarkLinux

Well I found this addon called QuickHeal... Was going for something simple... I think I can call the lua code with RunScript, just need to find the function... I am using C++ and have doString and all that stuff working.

----------


## namreeb

Okay well one suggestion would be to put a conditional breakpoint on the packet sending function to have it pause only if the opcode is CMSG_LOGOUT_REQUEST or whatever. Then do /logout and go up a few frames in the stack to see where it came from.

----------


## Sacred

Some warden scans.



```
<?xml version="1.0"?>
<ArrayOfWardenScan xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
  <WardenScan>
    <Offset>0x00846F98</Offset>
    <Length>6</Length>
    <Bytes>77-69-6E-64-6F-77</Bytes>
    <Dynamic>0</Dynamic>
  </WardenScan>
  <WardenScan>
    <Offset>0x00000000</Offset>
    <Length>4</Length>
    <Bytes>78-AF-80-00</Bytes>
    <Dynamic>1</Dynamic>
    <Base>PlayerBase</Base>
  </WardenScan>
  <WardenScan>
    <Offset>0x000009E8</Offset>
    <Length>4</Length>
    <Bytes>00-00-00-00</Bytes>
    <Dynamic>1</Dynamic>
    <Description>MovementFlags</Description>
    <Base>PlayerBase</Base>
  </WardenScan>
  <WardenScan>
    <Offset>0x00000A2C</Offset>
    <Length>4</Length>
    <Bytes>00-00-00-00</Bytes>
    <Dynamic>1</Dynamic>
    <Base>PlayerBase</Base>
  </WardenScan>
  <WardenScan>
    <Offset>0x00000A34</Offset>
    <Length>4</Length>
    <Bytes>00-00-E0-40</Bytes>
    <Dynamic>1</Dynamic>    
    <Description>Speedhack</Description>
    <Base>PlayerBase</Base>
  </WardenScan>
  <WardenScan>
    <Offset>0x00000A60</Offset>
    <Length>4</Length>
    <Bytes>00-00-80-3F</Bytes>
    <Dynamic>1</Dynamic>
    <Description>Noclip</Description>
    <Base>PlayerBase</Base>
  </WardenScan>
  <WardenScan>
    <Offset>0x00001DC8</Offset>
    <Length>4</Length>
    <Bytes>46-00-00-00</Bytes>
    <Dynamic>1</Dynamic>
    <Base>PlayerBase</Base>
  </WardenScan>
  <WardenScan>
    <Offset>0x00846F64</Offset>
    <Length>6</Length>
    <Bytes>68-65-61-64-65-72</Bytes>
    <Dynamic>0</Dynamic>
  </WardenScan>
  <WardenScan>
    <Offset>0x007C4D41</Offset>
    <Length>7</Length>
    <Bytes>D9-81-8C-00-00-00-8B</Bytes>
    <Dynamic>0</Dynamic>
  </WardenScan>
  <WardenScan>
    <Offset>0x0080DFFC</Offset>
    <Length>4</Length>
    <Bytes>BB-8D-24-3F</Bytes>
    <Dynamic>0</Dynamic>
    <Description>WallClimb</Description>
  </WardenScan>
  <WardenScan>
    <Offset>0x007C4955</Offset>
    <Length>1</Length>
    <Bytes>8B</Bytes>
    <Dynamic>0</Dynamic>
  </WardenScan>
  <WardenScan>
    <Offset>0x00618917</Offset>
    <Length>6</Length>
    <Bytes>E8-24-DA-1A-00-5D</Bytes>
    <Dynamic>0</Dynamic>
  </WardenScan>
  <WardenScan>
    <Offset>0x007C6E83</Offset>
    <Length>7</Length>
    <Bytes>81-66-40-3F-FF-DF-FF</Bytes>
    <Dynamic>0</Dynamic>
  </WardenScan>
  <WardenScan>
    <Offset>0x004901C8</Offset>
    <Length>15</Length>
    <Bytes>5E-FF-48-00-6B-FF-48-00-78-FF-48-00-95-FF-48</Bytes>
    <Dynamic>0</Dynamic>
  </WardenScan>
  <WardenScan>
    <Offset>0x0048FF52</Offset>
    <Length>11</Length>
    <Bytes>83-F8-03-77-34-FF-24-85-C8-01-49</Bytes>
    <Dynamic>0</Dynamic>
  </WardenScan>
  <WardenScan>
    <Offset>0x006341BC</Offset>
    <Length>2</Length>
    <Bytes>74-25</Bytes>
    <Dynamic>0</Dynamic>
    <Description>SuperFly</Description>
  </WardenScan>
  <WardenScan>
    <Offset>0x007C63DA</Offset>
    <Length>3</Length>
    <Bytes>8B-4F-78</Bytes>
    <Dynamic>0</Dynamic>
    <Description>NoFallDamage</Description>
  </WardenScan>
  <WardenScan>
    <Offset>0x007C625F</Offset>
    <Length>1</Length>
    <Bytes>75</Bytes>
    <Dynamic>0</Dynamic>
    <Description>AntiJump</Description>
  </WardenScan>
  <WardenScan>
    <Offset>0x00615CF5</Offset>
    <Length>1</Length>
    <Bytes>F8</Bytes>
    <Dynamic>0</Dynamic>
    <Description>AntiMove</Description>
  </WardenScan>
  <WardenScan>
    <Offset>0x006163DB</Offset>
    <Length>3</Length>
    <Bytes>8A-47-4D</Bytes>
    <Dynamic>0</Dynamic>
    <Description>AntiRoot</Description>
  </WardenScan>
  <WardenScan>
    <Offset>0x007C625C</Offset>
    <Length>3</Length>
    <Bytes>F6-C4-30</Bytes>
    <Dynamic>0</Dynamic>
  </WardenScan>
  <WardenScan>
    <Offset>0x007C6272</Offset>
    <Length>4</Length>
    <Bytes>D8-93-FE-C0</Bytes>
    <Dynamic>0</Dynamic>
    <Description>JumpGravity</Description>
  </WardenScan>
  <WardenScan>
    <Offset>0x007C6269</Offset>
    <Length>4</Length>
    <Bytes>48-8C-11-C1</Bytes>
    <Dynamic>0</Dynamic>
    <Description>JumpGravityWater</Description>
  </WardenScan>
  <WardenScan>
    <Offset>0x007C6206</Offset>
    <Length>11</Length>
    <Bytes>25-FF-FF-DF-FB-0D-00-20-00-00-89</Bytes>
    <Dynamic>0</Dynamic>
    <Description>AirSwimHack</Description>
  </WardenScan>
</ArrayOfWardenScan>
```

Hashes:


```
SHA1: 0xC419521B6D39990C1D95329C8D94B59226CBAA98 (WpeSpy.dll)
SHA1: 0xE701343E439C74B675C72BBE2D8810A745569913 (Unknown)
```

----------


## Jadd

> Some warden scans.


You might want to include which server this was on.

----------


## Sacred

> You might want to include which server this was on.


Oh i forgot, it's valkyrie-wow


ClientDB offsets.



```
    public enum ClientDb
    {
        AnimationData = 0xC0E06C,
        AreaPOI = 0xC0E058,
        AreaTable = 0xC0E044,
        AreaTrigger = 0xC0E030,
        AttackAnimKits = 0xC0E01C,
        AttackAnimTypes = 0xC0E004,
        AuctionHouse = 0xC0DFF0,
        BankBagSlotPrices = 0xC0DFDC,
        CameraShakes = 0xC0DFC8,
        Cfg_Categories = 0xC0DFB4,
        Cfg_Configs = 0xC0DFA0,
        CharBaseInfo = 0xC0DF8C,
        CharHairGeosets = 0xC0DF78,
        CharSections = 0xC0DF64,
        CharStartOutfit = 0xC0DF50,
        CharVariations = 0xC0DF3C,
        CharacterFacialHairStyles = 0xC0DF28,
        ChatChannels = 0xC0DF14,
        ChatProfanity = 0xC0DF00,
        ChrClasses = 0xC0DEEC,
        ChrRaces = 0xC0DED8,
        CinematicCamera = 0xC0DEC4,
        CinematicSequences = 0xC0DEB0,
        CreatureDisplayInfo = 0xC0DE88,
        CreatureDisplayInfoExtra = 0xC0DE9C,
        CreatureFamily = 0xC0DE74,
        CreatureModelData = 0xC0DE60,
        CreatureSoundData = 0xC0DE4C,
        CreatureSpellData = 0xC0DE38,
        CreatureType = 0xC0DE24,
        DeathThudLookups = 0xC0DE10,
        DurabilityQuality = 0xC0DDE8,
        DurabilityCosts = 0xC0DDFC,
        Emotes = 0xC0DDD4,
        EmotesText = 0xC0DD98,
        EmotesTextData = 0xC0DDC0,
        EmotesTextSound = 0xC0DDAC,
        EnvironmentalDamage = 0xC0DD84,
        Exhaustion = 0xC0DD70,
        Faction = 0xC0DD48,
        FactionGroup = 0xC0DD5C,
        FactionTemplate = 0xC0DD34,
        FootprintTextures = 0xC0DD20,
        FootstepTerrainLookup = 0xC0DD0C,
        GameObjectArtKit = 0xC0DCF8,
        GameObjectDisplayInfo = 0xC0DCE4,
        GameTips = 0xC0DCD0,
        GMSurveyCurrentSurvey = 0xC0DCBC,
        GMSurveyQuestions = 0xC0DCA8,
        GMSurveySurveys = 0xC0DC94,
        GMTicketCategory = 0xC0DC80,
        GroundEffectDoodad = 0xC0DC6C,
        GroundEffectTexture = 0xC0DC58,
        HelmetGeosetVisData = 0xC0DC44,
        ItemBagFamily = 0xC0DC30,
        ItemClass = 0xC0DC1C,
        ItemDisplayInfo = 0xC0DC08,
        ItemGroupSounds = 0xC0DBF4,
        ItemPetFood = 0xC0DBE0,
        ItemRandomProperties = 0xC0DBCC,
        ItemSet = 0xC0DBB8,
        ItemSubClass = 0xC0DB90,
        ItemSubClassMask = 0xC0DBA4,
        ItemVisualEffects = 0xC0DB7C,
        ItemVisuals = 0xC0DB68,
        LanguageWords = 0xC0DB54,
        Languages = 0xC0DB40,
        LfgDungeons = 0xC0DB2C,
        Light = 0xCE9D60,
        LightFloatBand = 0xCE9D88,
        LightIntBand = 0xCE9D9C,
        LightParams = 0xCE9D74,
        LightSkybox = 0xCE9DB0,
        LiquidType = 0xC0DB18,
        LoadingScreens = 0xC0DB04,
        LoadingScreenTaxiSplines = 0xC0DAF0,
        Lock = 0xC0DADC,
        LockType = 0xC0DAC8,
        MailTemplate = 0xC0DAB4,
        Map = 0xC0DAA0,
        Material = 0xC0DA8C,
        NameGen = 0xC0DA78,
        NPCSounds = 0xC0DA64,
        NamesProfanity = 0xC0DA50,
        NamesReserved = 0xC0DA3C,
        Package = 0xC0DA28,
        PageTextMaterial = 0xC0DA14,
        PaperDollItemFrame = 0xC0DA00,
        PetLoyalty = 0xC0D9EC,
        PetPersonality = 0xC0D9D8,
        QuestInfo = 0xC0D9C4,
        QuestSort = 0xC0D9B0,
        Resistances = 0xC0D99C,
        ServerMessages = 0xC0D988,
        SheatheSoundLookups = 0xC0D974,
        SkillCostsData = 0xC0D960,
        SkillLineAbility = 0xC0D94C,
        SkillLineCategory = 0xC0D938,
        SkillLine = 0xC0D924,
        SkillRaceClassInfo = 0xC0D910,
        SkillTiers = 0xC0D8FC,
        SoundAmbience = 0xC0D8E8,
        SoundEntries = 0xC0D8D4,
        SoundProviderPreferences = 0xC0D8C0,
        SoundSamplePreferences = 0xC0D8AC,
        SoundWaterType = 0xC0D898,
        SpamMessages = 0xC0D884,
        SpellCastTimes = 0xC0D870,
        SpellCategory = 0xC0D85C,
        SpellChainEffects = 0xC0D848,
        Spell = 0xC0D780,
        SpellDispelType = 0xC0D834,
        SpellDuration = 0xC0D820,
        SpellEffectCameraShakes = 0xC0D80C,
        SpellFocusObject = 0xC0D7F8,
        SpellIcon = 0xC0D7E4,
        SpellItemEnchantment = 0xC0D7D0,
        SpellMechanic = 0xC0D7BC,
        SpellRadius = 0xC0D7A8,
        SpellRange = 0xC0D794,
        SpellShapeshiftForm = 0xC0D76C,
        SpellVisual = 0xC0D730,
        SpellVisualEffectName = 0xC0D758,
        SpellVisualKit = 0xC0D744,
        StableSlotPrices = 0xC0D71C,
        Stationery = 0xC0D708,
        StringLookups = 0xC0D6F4,
        Talent = 0xC0D6E0,
        TalentTab = 0xC0D6CC,
        TaxiNodes = 0xC0D6B8,
        TaxiPath = 0xC0D690,
        TaxiPathNode = 0xC0D6A4,
        TerrainType = 0xC0D67C,
        TerrainTypeSounds = 0xC0D668,
        TransportAnimation = 0xC0D654,
        UISoundLookups = 0xC0D640,
        UnitBlood = 0xC0D618,
        UnitBloodLevels = 0xC0D62C,
        VocalUISounds = 0xC0D604,
        WMOAreaTable = 0xC0D5F0,
        WeaponImpactSounds = 0xC0D5DC,
        WeaponSwingSounds2 = 0xC0D5C8,
        WorldMapArea = 0xC0D5B4,
        WorldMapContinent = 0xC0D5A0,
        WorldMapOverlay = 0xC0D58C,
        WorldSafeLocs = 0xC0D578,
        WorldStateUI = 0xC0D564,
        ZoneIntroMusic = 0xC0D550,
        ZoneMusic = 0xC0D53C,
    }
```

Some hacks


```
WaterWalk = 0x631610,
RemoveLuaProtection = 0x494A57,
ShowAllLevels = 0x518062,
UnderstandAllLanguages = 0x5EC720
```

----------


## DarkLinux

Thanks Sacred for the UnderstandAllLanguages hack  :Big Grin:  

Has anyone run into the function that updates the player model, for something like a morph hack?

----------


## Sacred

> Thanks Sacred for the UnderstandAllLanguages hack  
> 
> Has anyone run into the function that updates the player model, for something like a morph hack?


This should work.


```
CGUnit_C__UpdateDisplayInfo = 0x60ABE0
```

----------


## DarkLinux

Thanks again! Works perfect! 

 :Frown: 
"You must spread some Reputation around before giving it to Sacred again."


--Edit

nvm it does not work...

----------


## DarkLinux

Sorry about that, it does work for the player ID, but its not loading the gear. Was thinking it was the same function but I guess not.

Playing around with this function atm 0x004667A0 / 0x00467160

----------


## Corthezz

Enjoy +3 rape Sacred  :Stick Out Tongue: . Pointers helped a lot.

----------


## Sacred

Warden modules download
Modules were dumped from wow-one and valkyrie-wow.
Warden memcheck function pattern is 8B CA 8B F8 C1 E9 02 74 02 (sub_2A7F in both modules), simply detour it and redirect all memchecks.

----------


## namreeb

The location of the last hardware action is 0xCF0BC8. Write tick count to that value every few seconds to avoid AFK.

Edit: some people might patch the function which checks this value in order to toggle AFK, but I prefer to update this value with a timer because it is harder (realistically is is probably impossible) for Warden to catch.

----------


## Sacred

> Sorry about that, it does work for the player ID, but its not loading the gear. Was thinking it was the same function but I guess not.
> 
> Playing around with this function atm 0x004667A0 / 0x00467160




```
            Magic.Write<int>(Manager.Me.StorageField + Offsets.PlayerFields.PLAYER_VISIBLE_ITEM_5_0, 16809); //chest
            Wow.MorphUnit(Manager.Me, 1337); //l33t
            Wow.MorphUnit(Manager.Me, Manager.Me.NativeDisplayID);
```

You can use it this way to update appearance of equipped items.

----------


## DarkLinux

Thanks @Sacred and @culino2

----------


## Sacred

```
TerrainCollision = 0x6721F3
WMOCollision = 0x6A467B
M2Collision1 = 0x6ABF13
M2Collision2 = 0x6ABC5A
RemoveAFK = 0x482ED3
FallSpeed = 0x87D894
```

----------


## drassian

Does anyone know a way to toggle autoloot on? (Or another method that is simpler than interacting with all of the loot in the window)

----------


## Sacred

> Does anyone know a way to toggle autoloot on? (Or another method that is simpler than interacting with all of the loot in the window)




```
CallAutoLoot = 0x4C1FA0
```

This function was posted 2 times in this thread.

----------


## prospectingemu

I've been trying to call functions using this code, it just seems to crash when I actually try to autoloot? Anyone able to point me in the right direction with this?



```
 
        static void Detour(uint codeCave, uint Address, byte[] hook_func, ref BlackMagic WoW)
        {

            Console.WriteLine("Detouring 0x{0:X}", Address);
            Console.WriteLine("With Function at 0x{0:X}", codeCave);


            WoW.WriteBytes(codeCave, hook_func);
            //Our function is in memory
            WoW.Asm.Clear();
            WoW.Asm.AddLine("push {0}", codeCave);
            WoW.Asm.AddLine("retn"); //pops codeCave from the stack into EIP

            WoW.WriteBytes(Address, WoW.Asm.Assemble()); //Detour the Function

        }

        static void Main(string[] args)
        {

            BlackMagic WoW = new BlackMagic(SProcess.GetProcessFromProcessName("WoW"));


            uint CodeCave = WoW.AllocateMemory();


            WoW.Asm.Clear(); //Make sure no ASM lines exist
            //An STD call that returns true
            WoW.Asm.AddLine("mov al,1");
            WoW.Asm.AddLine("retn 4");

            //0x4C1FA0 -> Autoloot

            Detour(CodeCave, 0x4C1FA0, WoW.Asm.Assemble(), ref WoW);
            //tracking all objects

            Console.ReadLine();

        }
```

----------


## Jadd

> I've been trying to call functions using this code, it just seems to crash when I actually try to autoloot? Anyone able to point me in the right direction with this?
> 
> <snip>


You're using retn 4 from the detour but this function doesn't have any arguments. Just use retn (0).

----------


## prospectingemu

> You're using retn 4 from the detour but this function doesn't have any arguments. Just use retn (0).


Thanks for the reply! I managed to get other functions working (understand all languages) but the autoloot doesn't seem to want to work. Now it doesn't crash, but I'm unable to manually autoloot - is there a trick to when I should be calling it?

Edit: If I use the above to remove LUA protection, is there code which can loot? I tried /script LootSlot(0); (and 1-2-3 ect) and while it doesn't error nothing happens

----------


## Sacred

Jeez, it's a simple function, what's the problem with calling it.



```
[UnmanagedFunctionPointer(CallingConvention.ThisCall)]
private delegate void CallAutoLoot(uint zero);
```




```
internal static void LootItems()
{
    lock (Memory.Magic.Executor.Lock)
    {
        string[] asm =
        {
            "mov ecx, 0",
            "call " + (uint) Offsets.Fuctions.CallAutoLoot,
            "retn"
        };
        Memory.Magic.Executor.Execute(asm);
    }
}
```

----------


## Jadd

> Thanks for the reply! I managed to get other functions working (understand all languages) but the autoloot doesn't seem to want to work. Now it doesn't crash, but I'm unable to manually autoloot - is there a trick to when I should be calling it?
> 
> Edit: If I use the above to remove LUA protection, is there code which can loot? I tried /script LootSlot(0); (and 1-2-3 ect) and while it doesn't error nothing happens


It's not the function which decides whether looting an object is automatic. This seems to be the function that does the automatic looting. I don't have a 1.12.1 IDB available at the moment so I can't check.

----------


## Sacred

1. Open loot window.
2. Call function.
3. ???
4. Profit.

----------


## mrvaginasoup

Since i have not seen one, Im interested in making a fish bot for 1.12.1 that is able to run in the background. how would i go about doing this? are there any guides?

----------


## namreeb

I can't say that there are, but I suspect if you have a specific question here you might be able to get an answer.

----------


## prospectingemu

Can anyone help me out with these functions? Like how to find the correct paramaters / return values? (injected dll)



```
static auto const castSpellByName = reinterpret_cast <uint32(__fastcall *)(
	std::string, boolean)>(0x4B4AB0);//Script_CastSpellByName
```

I thought this was correct from here API CastSpellByName - WoWWiki - Your guide to the World of Warcraft

so far I've only been able to call functions which are both void and have no parameters.

----------


## Nonowmana

> Can anyone help me out with these functions? Like how to find the correct paramaters / return values? (injected dll)
> 
> 
> 
> ```
> static auto const castSpellByName = reinterpret_cast <uint32(__fastcall *)(
> 	std::string, boolean)>(0x4B4AB0);//Script_CastSpellByName
> ```
> 
> ...


Note sure about this, but after checked in IDA, this function takes one string parameter, end return 0 if the spell name is not correct, or not available on the WoWLocalPlayer.

Your best option is to call this function in the game client using "/dump CastSpellByName("YourSpell Here")"to see what appens ans see what this function return.

----------


## prospectingemu

I'm not sure /dump is a function in 1.12.1 - /script CastSpellByName("spell); works when you type into chat so I don't think its a function, I think its just in-game script.

Also calling UnderstandAllLanguages = 0x5EC720 as 

```
static auto const understandAllLanguage = reinterpret_cast<uint32(__fastcall *)(
	)>(0x5EC720);
```

is crashing the game. Anyone know what i'm doing wrong here?

----------


## Corthezz

> I'm not sure /dump is a function in 1.12.1 - /script CastSpellByName("spell); works when you type into chat so I don't think its a function, I think its just in-game script.
> 
> Also calling UnderstandAllLanguages = 0x5EC720 as 
> 
> ```
> static auto const understandAllLanguage = reinterpret_cast<uint32(__fastcall *)(
> 	)>(0x5EC720);
> ```
> 
> is crashing the game. Anyone know what i'm doing wrong here?


.... sometimes I wonder if people can do anything on their own :S.
If a lua function isnt a function in memory what else should it be lol?
String search -> Find your lua function -> reverse it

There are dozen tutorials dealing with above mentioned stuff which are classified as a starting point for reversing and stil people spam dump threads with question which could be answered by just reading up a bit.

----------


## namreeb

> Can anyone help me out with these functions? Like how to find the correct paramaters / return values? (injected dll)
> 
> 
> 
> ```
> static auto const castSpellByName = reinterpret_cast <uint32(__fastcall *)(
> 	std::string, boolean)>(0x4B4AB0);//Script_CastSpellByName
> ```
> 
> ...


Script_CastSpellByName is not __fastcall. I believe that it has only one parameter, which is a pointer to the lua state object. That object will contain the lua stack. You are better off not calling that function but instead looking at how it works, and duplicating its functionality.

----------


## DarkLinux

Whats the best way to tell if the loot window is open? I found a bool value but cant find a good pointer to it. Also does anyone have a named IDA I could have?

----------


## culino2

Try 006126B0 CGPlayer_C::IsLooting

----------


## DarkLinux

> Try 006126B0 CGPlayer_C::IsLooting


Thanks, that also works! Was going to use the UnitFlags Looting (0x400) flag, but that is set even when the loot window is not open. For example, if I am lagging out the character is in the looting stance but the window is not open. I guess I should do lag detection some other place b4 trying to loot.

----------


## JuJuBoSc

If all you care about it the window, why don't just check the frame then ?

----------


## prospectingemu

```
        public Boolean isLootWindowOpen() 
        {
            return (WowReader.ReadUInt64(lootWindow) != 0L); // 0xB71B48
        }
```

I haven't had any lag with this

----------


## pkingd3vil

> ```
>         public Boolean isLootWindowOpen() 
>         {
>             return (WowReader.ReadUInt64(lootWindow) != 0L); // 0xB71B48
>         }
> ```
> 
> I haven't had any lag with this


Forgive me for I'm trying to learn this. So you made a class that handles reading wow, with a method it in that will read unsigned int 64bit so "long" and your checking if its not equal to NULL with the long suffix. so that //0xB71B48 is a memory address that you did a type def on for lootwindow?

----------


## tok_junior

> Forgive me for I'm trying to learn this. So you made a class that handles reading wow, with a method it in that will read unsigned int 64bit so "long" and your checking if its not equal to NULL with the long suffix. so that //0xB71B48 is a memory address that you did a type def on for lootwindow?


I really think you should learn the basics of your language of choice before going for these kinds of things...

----------


## JuJuBoSc

0xB71B48 contains the GUID of the current looting wowobject, so if it's != 0, then you are currently looting something.

----------


## wearecs

```

 BlackMagic _magic = Globals.Magic;
            if (_magic.IsProcessOpen)
            {
                while (true)
                {
                    //check the looting window is opened
                    if (_magic.ReadInt64((uint)0xB71B48) != 0L)
                    {
                        uint codeCave = _magic.AllocateMemory();
                        try
                        {
                            _magic.Asm.Clear();
                            _magic.Asm.AddLine("mov ecx, 0");
                            //call auto loot
                            _magic.Asm.AddLine("call " + (uint)0x4C1FA0);
                            _magic.Asm.AddLine("retn");
                            _magic.Asm.InjectAndExecute(codeCave);
                            _magic.Asm.Clear();
                        }
                        catch (Exception ee)
                        {
                            MessageBox.Show(ee.ToString());
                        }
                        _magic.FreeMemory(codeCave);
                    }
                     Thread.Sleep(1000);
                }
            }
            else
            {
                _magic.OpenProcessAndThread(SProcess.GetProcessFromProcessName("Wow"));
            } 


```

it crash some times， Who can tell me why， thx！

----------


## Sacred

```
_magic.Asm.InjectAndExecute(codeCave);
```

Wrong.

----------


## wearecs

> ```
> _magic.Asm.InjectAndExecute(codeCave);
> ```
> 
> Wrong.


how to use blackmagic to inject? 
I use InjectAndExecute it works most of time, it only crash some time

----------


## Sacred

Detour endscene or any other function that called from main thread. There are tons of examples, use search.

----------


## xalcon

```
_magic.Asm.AddLine("mov ecx, 0");
```

maybe I'm wrong, but I dont think this ^ will work. Isnt that loot function a thiscall?

----------


## Sacred

So what's the problem?

----------


## culino2

> ```
> _magic.Asm.AddLine("mov ecx, 0");
> ```
> 
> maybe I'm wrong, but I dont think this ^ will work. Isnt that loot function a thiscall?


No it's msfastcall.

----------


## wearecs

```

                Globals.Magic.SuspendThread();                try                {                    uint codeCave = Globals.Magic.AllocateMemory(8);                    if (codeCave != 0)                    {                        Globals.Magic.Asm.Clear();                        //Globals.Magic.Asm.AddLine("mov ecx, 0");                        Globals.Magic.Asm.AddLine("call " + (uint)0x4C1FA0);                        Globals.Magic.Asm.AddLine("retn");                        Globals.Magic.Asm.InjectAndExecute(codeCave);                        Globals.Magic.Asm.Clear();                    }                    Globals.Magic.FreeMemory(codeCave);                }                catch (Exception ee)                {                    MessageBox.Show("拾取call失败，原因：" + ee.ToString());                }               Globals.Magic.ResumeThread(); 


```

I change it like these, it nerver crash again

----------


## nagibator

Does anybody have SendMovementPacket address?

----------


## namreeb

Well I'm not sure where it is but ClientServices_Send is at 0x5AB630. You can put a breakpoint on that, move forward, and see which function calls ClientServices_Send.

----------


## nagibator

Thank you.

----------


## DarkLinux

wow-one / Feenix



```
EverScan 
By : Darklinux @ OwnedCore.com 

Address : 0x60ff71     Size : 0x1
Address : 0x7c69a0     Size : 0x3
Address : 0x5ec720     Size : 0x8
Address : 0x49f5dd     Size : 0x1
Address : 0x615cf5     Size : 0x1
Address : 0x7c6269     Size : 0x4
Address : 0x7c4955     Size : 0x3
Address : 0x6334f0     Size : 0x1
Address : 0x635c3a     Size : 0x1
Address : 0x60ff65     Size : 0x2
Address : 0x60bfa0     Size : 0x2
Address : 0x6ca1b5     Size : 0x1
Address : 0x60bfbf     Size : 0x2
Address : 0x6ab1bf     Size : 0x3
Address : 0x636198     Size : 0x1
Address : 0x7c6272     Size : 0x4
Address : 0x6341e3     Size : 0x2
Address : 0x615ba7     Size : 0x4
Address : 0x482be3     Size : 0x1
Address : 0x60bfb1     Size : 0x2
Address : 0x7c625e     Size : 0x2
Address : 0x6ab494     Size : 0x1
Address : 0x618919     Size : 0x4
Address : 0x7c63a8     Size : 0x4
Address : 0x5e642c     Size : 0x5
Address : 0x6163db     Size : 0x3
Address : 0x7c63dd     Size : 0x3
Address : 0x7c705f     Size : 0x3
Address : 0x482ed8     Size : 0x6
Address : 0x4711e0     Size : 0x2
Address : 0x7c6206     Size : 0xb
Address : 0x494a50     Size : 0x7
Address : 0x636598     Size : 0x1
Address : 0x5ed28d     Size : 0x6
Address : 0x636ed4     Size : 0x1
Address : 0x6d2743     Size : 0x6
Address : 0x6cee5b     Size : 0x6
Address : 0x60f7c9     Size : 0x6
Address : 0x67063e     Size : 0x1
Address : 0x680b81     Size : 0x5
Address : 0x7c705c     Size : 0x6
Address : 0x6341bc     Size : 0x2
Address : 0x4711ea     Size : 0x1
Address : 0x6cee4e     Size : 0x5
Address : 0x60f650     Size : 0x6
Address : 0x5ed2e3     Size : 0x6
Address : 0x518062     Size : 0x1
Address : 0x49f6f2     Size : 0x3
Address : 0x7c63da     Size : 0x3
Address : 0x63379c     Size : 0x1
Address : 0x6a467b     Size : 0x1
Address : 0x6abf13     Size : 0x1
Address : 0x40362b     Size : 0x3
Address : 0x6163de     Size : 0xa
```

----------


## broly7

Am i able to shift the memcopy function Warden uses to check for an address to another place? Or simply trick warden to get always the same value?
I've read this tutorial, and i managed to get the opcode for access. Then i tried to change it to an unconditional jump (jmp) or even fill it with Nops, this just makes warden catchs and ban you instantly  :Frown:

----------


## prospectingemu

Thx for share

----------


## Wesk.

Im looking for the address to see if a fish is hooked... looked through the entire thread and don't really know where to start, found everything else i need to make a simple fishbot but not this important address...

Hopefully someone can help!

Thanks

----------


## Corthezz

> Im looking for the address to see if a fish is hooked... looked through the entire thread and don't really know where to start, found everything else i need to make a simple fishbot but not this important address...
> 
> Hopefully someone can help!
> 
> Thanks


Hint: Scan inside the bobber object.

@Redarian: Reminds me of my heartbeat teleport implementation?  :Wink:   :Big Grin:

----------


## Wesk.

Thanks Corthezz!Seems to be Object.baseaddress + 0xE8 read as short !

Can you do Lua execute InteractUnit(GUID) or something to loot the bobber?

----------


## Corthezz

> Thanks Corthezz!Seems to be Object.baseaddress + 0xE8 read as short !
> 
> Can you do Lua execute InteractUnit(GUID) or something to loot the bobber?


OnRightClickObject = 0x005F8660

Gonna see if I can post an example later  :Smile:

----------


## Wesk.

That would be great, but that OnRightClickObject is that a function inside WoW?

must be something like this


```
           public byte[] RightClick(uint BaseAddress)        {
            byte[] tempBytes = new byte[0];
            if(!once)
            {
                once = true;
            // Return Value


            try
            {
                


                //Allocate Memory For Command


                //RemoteAllocation DoStringArg_Codecave = Memory.Memory.Allocate(BitConverter.GetBytes(BaseAddress).Length + 1);
                //Memory.Write<uint>(DoStringArg_Codecave.BaseAddress, BaseAddress, false);
                //CallAutoLoot = 0x4C1FA0
                //Execute Address
                IntPtr RightClick_Execute = new IntPtr(0x005F8660);
                //textBox1.Text = DoStringArg_Codecave.BaseAddress.ToString() + " : " + DoStringArg_Codecave.BaseAddress.ToString("X") + " : " + DoStringArg_Codecave.Read<uint>() + " : " + DoStringArg_Codecave.Read<uint>().ToString("X") ;
                textBox1.Text = "RUNNING INJECT";
                var asm = new[] 
                {
                    "mov eax, " + 0,
                    "mov ecx, " + BaseAddress,
                    "mov esi, " + BaseAddress,
                    "mov edi, " + 0x0080C330,
                    "mov ebp, " + 0x0018FAF4,
                    //"mov esp, " + 0x0018FAE0,
                    //"mov eip, " + 0x005F8660,
                    "call " + RightClick_Execute,
                    "retn",    
                };
                //Inject and Execute
                IntPtr a = Memory.Assembly.InjectAndExecute(asm);
                //Memory.Memory.Deallocate(DoStringArg_Codecave);
                


                


            }
            catch { }
            }
            return tempBytes;
        }
```

Using the cheatengine trace i seem to be missing information.'

There seem to be nothing wrong with the inject code but the code it injects
Working Loot:
EAX: 0x0
EBX 0x07097D47 (This seems to be something no idea, but i think this is crashing be because i get a pointer exception from 0x0 when this isn't set)
ECX BaseAddress for GO
EDX Always changing
ESI BaseAddress for GO again
EBP ALWAYS 0x0018FAF4
ESP ALWAYS 0x0018FAE0
EIP ALWAYS 0x005F8660

Im pretty much stuck here :S

Unrelated question, how safe is it to inject into the client on private servers? Is warden active?
+5 rep for the previous help!

----------


## Jadd

I don't know the answer to your question, but I think it would be useful for someone to point this and this out.

OnRightClickObject I'm assuming to be fastcall for 1.12.1, but you may want to check. From these articles you should be able to realise the only registers you should be setting are ecx and edx, for the first two arguments, and pushing the remainders onto the stack.

----------


## Wesk.

I'll look into it, see if i can fix it.
Thanks for the help

Edit: Can't get it to work it seems :/

----------


## dognip40

Scan on Feenix / Emerald dream 10.29.2014 @ 3:00

they added a few more scans from the last time this was posted

credits go to DarkLinux for his warden scanner, without that I would not be posting this




```
EverScan 
By : Darklinux @ Ever-Devs.com / OwnedCore.com 

Address : 0x7c705f     Size : 0x3
Address : 0x618919     Size : 0x4
Address : 0x7c63dd     Size : 0x3
Address : 0x17fb58     Size : 0xd
Address : 0x6163db     Size : 0x3
Address : 0x60bfb1     Size : 0x2
Address : 0x60ff71     Size : 0x1
Address : 0x635c3a     Size : 0x1
Address : 0x60f7c9     Size : 0x6
Address : 0x63379c     Size : 0x1
Address : 0x6341bc     Size : 0x2
Address : 0x49f5dd     Size : 0x1
Address : 0x4711ea     Size : 0x1
Address : 0x615ba7     Size : 0x4
Address : 0x7c6272     Size : 0x4
Address : 0x7c63da     Size : 0x3
Address : 0x5ec720     Size : 0x8
Address : 0x7c69a0     Size : 0x3
Address : 0x5ed28d     Size : 0x6
Address : 0x7c6206     Size : 0xb
Address : 0x7c705c     Size : 0x6
Address : 0x636ed4     Size : 0x1
Address : 0x6341e3     Size : 0x2
Address : 0x7c625e     Size : 0x2
Address : 0x6cee5b     Size : 0x6
Address : 0x6ab1bf     Size : 0x3
Address : 0x60ff65     Size : 0x2
Address : 0x7c4955     Size : 0x3
Address : 0x7c6269     Size : 0x4
Address : 0x60fc30     Size : 0x4
Address : 0x60bfbf     Size : 0x2
Address : 0x6ab494     Size : 0x1
Address : 0x67063e     Size : 0x1
Address : 0x4711e0     Size : 0x2
Address : 0x518062     Size : 0x1
Address : 0x7c63a8     Size : 0x4
Address : 0x494a50     Size : 0x7
Address : 0x636598     Size : 0x1
Address : 0x6334f0     Size : 0x1
Address : 0x5ed2e3     Size : 0x6
Address : 0x482ed8     Size : 0x6
Address : 0x60bfa0     Size : 0x2
Address : 0x6cee4e     Size : 0x5
Address : 0x680b81     Size : 0x5
Address : 0x5e642c     Size : 0x5
Address : 0x538610     Size : 0x4
Address : 0x49f6f2     Size : 0x3
Address : 0x40362b     Size : 0x3
Address : 0x636198     Size : 0x1
Address : 0x6d2743     Size : 0x6
Address : 0x6ca1b5     Size : 0x1
Address : 0x6a467b     Size : 0x1
Address : 0x6abf13     Size : 0x1
Address : 0x6163de     Size : 0xa
Address : 0x615cf5     Size : 0x1
Address : 0x482be3     Size : 0x1
Address : 0x60f650     Size : 0x6
```

----------


## dognip40

LF someone to assist me with a new undetected teleport @ feenix. I am willing to pay for your time and help. Please pm me if you know how or are willing to try and find a new method for me. Thanks, hope to hear from someone soon.

----------


## namreeb

This is only marginally on-topic (but more so than the guy above me hahaha).

I wanted to have a 'smart' solution to the problem of stop-casting since my latency on European (read: all) private servers is typically in the 250-350ms range. I tried modifying the game to not give an error if you tried to cast a spell while it was already casting and it negatively affected too many other things. Then I tried adding my own lua function called CastSpellAtTarget() which takes the spell id and casts it at your current target. This bypasses all client-side checking entirely. The results were tremendous. All I had to do was this:



```
        private static int CastSpellAtTarget(IntPtr luaStatePtr)
        {
            var spellId = (uint) Lua.Core.GetNumber(luaStatePtr, 1);

            var targetGuid = (ulong) Marshal.ReadInt64(Locator.TargetGuid);

            if (targetGuid != 0)
            {
                var targetPackedGuid = new WowGuid(targetGuid).PackedGuid;

                var packet = new CDataStore(10 + targetPackedGuid.Length) {OpCode = OpCode.CMSG_CAST_SPELL};

                packet.Write(spellId);
                packet.Write((ushort) 2); // TARGET_FLAG_UNIT
                packet.Write(targetPackedGuid);

                Net.Send(packet);
            }

            return 1;
        }
```

Edit: Also, I patched two locations with 5x NOP (0x90) to prevent spamming of the error message and sound. Those two locations are 0x6E1AA6 and 0x6E21DD. This makes things run smoother.

----------


## Saridormi

> Appreciate the response. Looks like SetFacing = 0x76DCE0. Hope that helps.


This is incorrect and refers to API Model SetFacing - WoWWiki - Your guide to the World of Warcraft, I believe that CMovement::SetFacing is at 0x7c6f30

----------


## whitekidney

Does anyone have the correct playerbase offset?
0x853D40 + 0x9C8 (playerbase + Z) doesnt seem to return the correct Z coordinate

----------


## whitekidney

> 0x9C0
> 
> filleeeeeeeeeeeeeeer


That's not the playerbase offset.

----------


## nagibator

> Does anyone have the correct playerbase offset?
> 0x853D40 + 0x9C8 (playerbase + Z) doesnt seem to return the correct Z coordinate




```
DWORD
ClntObjMgrObjectPtr(
    QWORD Guid
    )
{
    UINT UnitGuid;
    UINT UnitBaseAddress;

    UnitBaseAddress = ReadDword(ReadDword(s_curMgr) + 0xAC);
    while (UnitBaseAddress != 0) {
        if ((UnitGuid = (ReadQword(UnitBaseAddress + 0x30) == Guid)) != 0) {
            return UnitBaseAddress;
        }
        UnitBaseAddress = ReadDword(UnitBaseAddress + 0x3C);
    }
    return 0;
}

QWORD
ClntObjMgrGetActivePlayer(
    VOID
    )
{
    return ReadDword(ReadDword(s_curMgr) + 0xC0);
}
```

Playerbase = ClntObjMgrObjectPtr(ClntObjMgrGetActivePlayer());

Not exactly an offset but hey it works like a charm...

Just in case these might be of use to someone:
Kill local player
Instant guild creation (not sure if it still works on Feenix though)
Heartbeat teleporter (used to work on Feenix, guessing it done got fixed by now)
Instant logout anywhere in the world

----------


## DarkLinux

https://en.nostalrius.org/
"The ultimate anticheat"



```
EverScan 
By : Darklinux @ OwnedCore.com 

Address : 0x7c6272     Size : 0x4 //JumpGravity
Address : 0x7c625e     Size : 0x2 //InfiniteJump
Address : 0x6163db     Size : 0x2 //AntiRoot
Address : 0x615cf5     Size : 0x1 //AntiMove
Address : 0x7c625f     Size : 0x1 //AntiJump
Address : 0x7c63da     Size : 0x4 //NoFallDamage
Address : 0x6341bc     Size : 0x2 //SuperFly
Address : 0x616749     Size : 0x2
Address : 0x5fe54f     Size : 0x1
Address : 0x6341e3     Size : 0x2
Address : 0x7c620d     Size : 0x2
Address : 0x6d2743     Size : 0x6
Address : 0x6cee4e     Size : 0x6
Address : 0x6cee5b     Size : 0x6
Address : 0x6ab494     Size : 0x1
Address : 0x63379c     Size : 0x1
Address : 0x60bfa0     Size : 0x2
Address : 0x615ba7     Size : 0x4 //HeartbeatInterval
Address : 0x7c6269     Size : 0x4 //JumpGravityWater
Address : 0x6ab1bf     Size : 0x3
Address : 0x60bfb1     Size : 0x2
Address : 0x60fc30     Size : 0xa //ClickToMove Patch
Address : 0x482ed8     Size : 0x6 //RemoveAFK
Address : 0x494a50     Size : 0x7 //RemoveLuaProtection
Address : 0x5abd50     Size : 0x6
Address : 0x60bfbf     Size : 0x2
Address : 0x518062     Size : 0x1 //ShowAllLevels
Address : 0x4c21c0     Size : 0x1
Address : 0x7c4955     Size : 0x1
Address : 0x618918     Size : 0x4
Address : 0x7c4d41     Size : 0xa
Address : 0x3417d8     Size : 0x4
Address : 0x3417dc     Size : 0x4
Address : 0x3417e0     Size : 0x4
Address : 0x3417e4     Size : 0x4
Address : 0x3417ec     Size : 0x4
Address : 0x3417f0     Size : 0x4
Address : 0x3417f4     Size : 0x4
Address : 0x3417f8     Size : 0x4
Address : 0x3417fc     Size : 0x4
Address : 0x341800     Size : 0x4
Address : 0x6abf13     Size : 0x1 //M2Collision1
Address : 0x6a467b     Size : 0x1 //WMOCollision
Address : 0x6163de     Size : 0xa
Address : 0x7c63bd     Size : 0x3
Address : 0x7c63d9     Size : 0x1
Address : 0x636ed4     Size : 0x1
Address : 0x6334f0     Size : 0x1
Address : 0x635c3a     Size : 0x1
Address : 0x636198     Size : 0x1
Address : 0x636598     Size : 0x1
Address : 0x7c63dd     Size : 0x3
Address : 0x49f6f2     Size : 0x3
Address : 0x49f5dd     Size : 0x1
Address : 0x3418a0     Size : 0x32
Address : 0x3418c8     Size : 0x32
Address : 0x341900     Size : 0x32
Address : 0x341948     Size : 0x32
Address : 0x3419d8     Size : 0x32
Address : 0x341a00     Size : 0x32
Address : 0x341a38     Size : 0x14
Address : 0x341a90     Size : 0x14
Address : 0x341ab8     Size : 0x32
Address : 0x341b00     Size : 0x32
```

5min Scan...

Looks like just a rip of wow-one / Feenix scans...

----------


## Jadd

> https://en.nostalrius.org/
> "The ultimate anticheat"
> 
> 
> 
> ```
> EverScan 
> By : Darklinux @ OwnedCore.com 
> 
> ...


Never been on this server, but I'm curious to know if they load Warden or a custom module. Props to them if they do. I bet teleporting and such is still totally possible though.  :Big Grin:

----------


## DarkLinux

Most methods get you kicked. The one I'm using still works. But I keep getting banned soon after. 

Its a new server "4 years in development". Looks to be the best out atm  :Big Grin:

----------


## Master674

> Never been on this server, but I'm curious to know if they load Warden or a custom module. Props to them if they do. I bet teleporting and such is still totally possible though.


If they didn't figure out the private signkey from blizz then they can't use a custom module.

And regarding their anticheat: I call bullshit. It's the same easy-to-bypass crap that every other server has, just with more scans.
Warden is easily bypassed in a matter of minutes.

----------


## Jadd

> If they didn't figure out the private signkey from blizz then they can't use a custom module.


Didn't I hear about an exploit to overcome this? I think I did.

----------


## DarkLinux

Its odd they dont create moded clients and enforce uses to use them. They could get away with a lot more.

----------


## namreeb

> Didn't I hear about an exploit to overcome this? I think I did.


If you mean mine, it is not something anyone else has the details on, and I'm pretty sure it is not suitable for use in a production environment.

----------


## prospectingemu

> https://en.nostalrius.org/
> "The ultimate anticheat"
> 
> 
> 
> ```
> EverScan 
> By : Darklinux @ OwnedCore.com 
> 
> ...


Is it possible for them to scan for endscene hooks (seeing as its not actually static memory)? More specifically the one included in Corthezz bot source?

----------


## namreeb

It is possible, but it would be dangerous. There are many legitimate applications which also hook EndScene. fraps is an example.

Edit: Another potential example is the twitch.tv streaming software.

----------


## DarkLinux

> Is it possible for them to scan for endscene hooks (seeing as its not actually static memory)? More specifically the one included in Corthezz bot source?


I dont know if they can scan other modules. They do scan dynamic memory, I only posted static addresses. It would be pointless to post all 110+ scans as most are allocated on the heap. I could post the player base but it still would only help you resolve 10 address or so...

----------


## aeo

While not ideal if you are afraid of endscene and want a simple way to call something every frame you can register a LUA function and then just write a small addon and call your registered function onUpdate. No hooks needed and you have a function that is called every frame.

----------


## prospectingemu

> While not ideal if you are afraid of endscene and want a simple way to call something every frame you can register a LUA function and then just write a small addon and call your registered function onUpdate. No hooks needed and you have a function that is called every frame.


I have moved the hook to another function, the only issue is this function isn't called every frame like the endscene, it runs fine though. I tried moving it to other functions (like the one that calls endscene - and the one after) however I get unreliable crash behaviour when the bot relogs after a DC. It's no big deal though as I don't afk when using the bot. 

Very interesting idea though, I will look into this

----------


## miceiken

> OpCode handlers:
> 
> 
> 
> ```
> [9:17:09 AM] OpCode: SMSG_WARDEN_DATA Handler: 0x6CA5C0 Unk: 0
> [9:17:12 AM] OpCode: SMSG_ACCOUNT_DATA_TIMES Handler: 0x5AF8E0 Unk: 0
> [9:17:12 AM] OpCode: SMSG_UPDATE_ACCOUNT_DATA Handler: 0x5AFC60 Unk: 0
> [9:17:12 AM] OpCode: SMSG_UPDATE_OBJECT Handler: 0x4651A0 Unk: 0
> ...


Following up by posting a few that are set from NetClient::SetMessageHandler (0x00537A60)


```
Opcode: 0x00A9 (SMSG_UPDATE_OBJECT) Handler: 0x004651A0 Func: Packet_SMSG_UPDATE_OBJECT
Opcode: 0x01F6 (SMSG_COMPRESSED_UPDATE_OBJECT) Handler: 0x004672F0 Func: Packet_SMSG_COMPRESSED_UPDATE_OBJECT
Opcode: 0x00AA (SMSG_DESTROY_OBJECT) Handler: 0x004674A0 Func: Packet_SMSG_DESTROY_OBJECT
Opcode: 0x0001 (CMSG_BOOTME) Handler: 0x0085D608 Func: Packet_CMSG_BOOTME
Opcode: 0x01EC (SMSG_AUTH_CHALLENGE) Handler: 0x005B3EA0 Func: Packet_SMSG_AUTH_CHALLENGE
Opcode: 0x01EE (SMSG_AUTH_RESPONSE) Handler: 0x005B3EA0 Func: Packet_SMSG_AUTH_RESPONSE
Opcode: 0x02EF (SMSG_ADDON_INFO) Handler: 0x005B3EA0 Func: Packet_SMSG_ADDON_INFO
Opcode: 0x003B (SMSG_CHAR_ENUM) Handler: 0x005B3EA0 Func: Packet_SMSG_CHAR_ENUM
Opcode: 0x003A (SMSG_CHAR_CREATE) Handler: 0x005B3EA0 Func: Packet_SMSG_CHAR_CREATE
Opcode: 0x0041 (SMSG_CHARACTER_LOGIN_FAILED) Handler: 0x005B3EA0 Func: Packet_SMSG_CHARACTER_LOGIN_FAILED
Opcode: 0x004D (SMSG_LOGOUT_COMPLETE) Handler: 0x005B3EA0 Func: Packet_SMSG_LOGOUT_COMPLETE
Opcode: 0x004F (SMSG_LOGOUT_CANCEL_ACK) Handler: 0x005B3EA0 Func: Packet_SMSG_LOGOUT_CANCEL_ACK
Opcode: 0x004C (SMSG_LOGOUT_RESPONSE) Handler: 0x005B3EA0 Func: Packet_SMSG_LOGOUT_RESPONSE
Opcode: 0x003C (SMSG_CHAR_DELETE) Handler: 0x005B3EA0 Func: Packet_SMSG_CHAR_DELETE
```

Found some VMT functions:


```
28 GetObjectName
5 GetObjectLocation
6 GetObjectFacing
24 Interact/OnRightClick
```

This should be a complete list of lua handlers (IDC script)


```
0x004586D0 "Script_PlaySound"
0x00458720 "Script_PlayMusic"
0x00458780 "Script_PlaySoundFile"
0x00458770 "Script_StopMusic"
0x0046CD70 "Script_GetBuildInfo"
0x0046CE40 "Script_GetLocale"
0x0046CDD0 "Script_GetSavedAccountName"
0x0046CDF0 "Script_SetSavedAccountName"
0x0046CE60 "Script_SetCurrentScreen"
0x0046CEA0 "Script_QuitGame"
0x0046CEB0 "Script_PlayGlueMusic"
0x0046CEF0 "Script_PlayCreditsMusic"
0x0046CF00 "Script_StopGlueMusic"
0x0046CF10 "Script_GetMovieResolution"
0x0046DD30 "Script_GetScreenWidth"
0x0046DD80 "Script_GetScreenHeight"
0x0046CF60 "Script_LaunchURL"
0x0046CFA0 "Script_ShowTOSNotice"
0x0046CFD0 "Script_TOSAccepted"
0x0046D000 "Script_AcceptTOS"
0x0046D010 "Script_ShowEULANotice"
0x0046D040 "Script_EULAAccepted"
0x0046D070 "Script_AcceptEULA"
0x0046D080 "Script_ShowScanningNotice"
0x0046D0B0 "Script_ScanningAccepted"
0x0046D0E0 "Script_AcceptScanning"
0x0046D0F0 "Script_ShowContestNotice"
0x0046D120 "Script_ContestAccepted"
0x0046D150 "Script_AcceptContest"
0x0046D160 "Script_DefaultServerLogin"
0x0046D270 "Script_StatusDialogClick"
0x0046D280 "Script_GetServerName"
0x0046D340 "Script_DisconnectFromServer"
0x0046D380 "Script_IsConnectedToServer"
0x0046D3C0 "Script_EnterWorld"
0x0046D3D0 "Script_Screenshot"
0x0046D3E0 "Script_PatchDownloadProgress"
0x0046D400 "Script_PatchDownloadCancel"
0x0046D410 "Script_PatchDownloadApply"
0x0046D420 "Script_GetNumAddOns"
0x0046D460 "Script_GetAddOnInfo"
0x0046D5E0 "Script_LaunchAddOnURL"
0x0046D650 "Script_GetAddOnDependencies"
0x0046D6F0 "Script_GetAddOnEnableState"
0x0046D7B0 "Script_EnableAddOn"
0x0046D850 "Script_EnableAllAddOns"
0x0046D8A0 "Script_DisableAddOn"
0x0046D940 "Script_DisableAllAddOns"
0x0046D990 "Script_SaveAddOns"
0x0046D9A0 "Script_ResetAddOns"
0x0046D9B0 "Script_IsAddonVersionCheckEnabled"
0x0046D9E0 "Script_SetAddonVersionCheck"
0x0046DA10 "Script_GetScriptMemory"
0x0046DA50 "Script_SetScriptMemory"
0x0046DAD0 "Script_GetCursorPosition"
0x0046DB60 "Script_ShowCursor"
0x0046DB70 "Script_HideCursor"
0x0046DB80 "Script_SetMovieSubtitles"
0x0046DBC0 "Script_GetMovieSubtitles"
0x0046DBF0 "Script_GetBillingTimeRemaining"
0x0046DC40 "Script_GetBillingPlan"
0x0046DCF0 "Script_GetBillingTimeRested"
0x0046DDD0 "Script_SurveyNotificationDone"
0x0046D1C0 "Script_PINEntered"
0x0046ECF0 "Script_RequestRealmList"
0x0046ED10 "Script_CancelRealmListQuery"
0x0046ED30 "Script_GetNumRealms"
0x0046EE40 "Script_GetRealmInfo"
0x0046F0E0 "Script_ChangeRealm"
0x0046F1F0 "Script_GetRealmCategories"
0x0046F2C0 "Script_SetPreferredInfo"
0x0046F330 "Script_SortRealms"
0x0046F400 "Script_GetSelectedCategory"
0x0046ED20 "Script_RealmListDialogCancelled"
0x00471330 "Script_SetCharCustomizeFrame"
0x004713A0 "Script_SetCharCustomizeBackground"
0x004713E0 "Script_ResetCharCustomize"
0x004713F0 "Script_GetNameForRace"
0x00471450 "Script_GetFactionForRace"
0x00471520 "Script_GetAvailableRaces"
0x00471560 "Script_GetClassesForRace"
0x004715D0 "Script_GetHairCustomization"
0x00471620 "Script_GetFacialHairCustomization"
0x00471680 "Script_GetSelectedRace"
0x004716B0 "Script_GetSelectedSex"
0x004716E0 "Script_GetSelectedClass"
0x00471740 "Script_SetSelectedRace"
0x00471780 "Script_SetSelectedSex"
0x004717C0 "Script_SetSelectedClass"
0x00471800 "Script_UpdateCustomizationBackground"
0x00471810 "Script_UpdateCustomizationScene"
0x00471820 "Script_HasCharCustomization"
0x00471890 "Script_CycleCharCustomization"
0x00471900 "Script_RandomizeCharCustomization"
0x00471910 "Script_GetCharacterCreateFacing"
0x00471930 "Script_SetCharacterCreateFacing"
0x00471980 "Script_GetRandomName"
0x004719E0 "Script_CreateCharacter"
0x004731C0 "Script_SetCharSelectModelFrame"
0x00473230 "Script_SetCharSelectBackground"
0x00473270 "Script_GetCharacterListUpdate"
0x00473280 "Script_GetNumCharacters"
0x004732A0 "Script_GetCharacterInfo"
0x00473470 "Script_SelectCharacter"
0x004734C0 "Script_DeleteCharacter"
0x00473520 "Script_RenameCharacter"
0x00473640 "Script_UpdateSelectionCustomizationScene"
0x00473650 "Script_GetCharacterSelectFacing"
0x00473670 "Script_SetCharacterSelectFacing"
0x00488440 "Script_FrameXML_Debug"
0x004884A0 "Script_GetBuildInfo"
0x004884D0 "Script_ReloadUI"
0x004884E0 "Script_RegisterForSave"
0x00488540 "Script_SetLayoutMode"
0x00488590 "Script_IsShiftKeyDown"
0x004885C0 "Script_IsControlKeyDown"
0x00488600 "Script_IsAltKeyDown"
0x00488640 "Script_SetConsoleKey"
0x004893D0 "Script_Screenshot"
0x004893E0 "Script_GetFramerate"
0x00489400 "Script_TogglePerformanceDisplay"
0x00489420 "Script_TogglePerformanceValues"
0x00489430 "Script_ResetPerformanceValues"
0x00488AF0 "Script_GetDebugStats"
0x00488B00 "Script_RegisterCVar"
0x00488BA0 "Script_GetCVar"
0x00488C10 "Script_SetCVar"
0x00488CF0 "Script_GetCVarDefault"
0x00488D70 "Script_GetWorldDetail"
0x00488DD0 "Script_SetWorldDetail"
0x00488EC0 "Script_GetWaterDetail"
0x00488ED0 "Script_SetWaterDetail"
0x00488F00 "Script_GetFarclip"
0x00488F30 "Script_SetFarclip"
0x00488FB0 "Script_GetTerrainMip"
0x00488FE0 "Script_SetTerrainMip"
0x00489060 "Script_GetDoodadAnim"
0x00489090 "Script_SetDoodadAnim"
0x00489110 "Script_GetTexLodBias"
0x00489140 "Script_SetTexLodBias"
0x004892B0 "Script_SetBaseMip"
0x00489280 "Script_GetBaseMip"
0x004891C0 "Script_GetGamma"
0x004891F0 "Script_SetGamma"
0x00489330 "Script_ToggleTris"
0x00489340 "Script_TogglePortals"
0x00489350 "Script_ToggleCollision"
0x00489360 "Script_ToggleCollisionDisplay"
0x00489440 "Script_TogglePlayerBounds"
0x00489370 "Script_Stuck"
0x00489390 "Script_Logout"
0x004893B0 "Script_Quit"
0x00489450 "Script_ShowNameplates"
0x00489460 "Script_HideNameplates"
0x00489470 "Script_ShowFriendNameplates"
0x00489480 "Script_HideFriendNameplates"
0x00489490 "Script_SetCursor"
0x004895B0 "Script_ClearCursor"
0x004895D0 "Script_CursorHasItem"
0x00489600 "Script_CursorHasSpell"
0x00489630 "Script_CursorHasMoney"
0x00489660 "Script_EquipCursorItem"
0x004897B0 "Script_DeleteCursorItem"
0x004898F0 "Script_EquipPendingItem"
0x00489960 "Script_CancelPendingEquip"
0x004899D0 "Script_TargetUnit"
0x00489A80 "Script_TargetNearestEnemy"
0x00489AA0 "Script_TargetNearestFriend"
0x00489AC0 "Script_TargetNearestPartyMember"
0x00489AE0 "Script_TargetNearestRaidMember"
0x00489B00 "Script_TargetLastTarget"
0x00489B40 "Script_TargetLastEnemy"
0x00489B50 "Script_AttackTarget"
0x00489B80 "Script_AssistUnit"
0x00489C40 "Script_AssistByName"
0x00489D60 "Script_TargetByName"
0x00489E00 "Script_FollowUnit"
0x00489EC0 "Script_FollowByName"
0x00489FF0 "Script_ClearTarget"
0x0048A040 "Script_AutoEquipCursorItem"
0x0048A070 "Script_ToggleSheath"
0x0048A0A0 "Script_GetZoneText"
0x0048A0C0 "Script_GetRealZoneText"
0x0048A0E0 "Script_GetSubZoneText"
0x0048A100 "Script_GetMinimapZoneText"
0x0048A120 "Script_InitiateTrade"
0x0048A1B0 "Script_CanInspect"
0x0048A310 "Script_NotifyInspect"
0x0048A3B0 "Script_InviteToParty"
0x0048A420 "Script_InviteByName"
0x0048A510 "Script_UninviteFromParty"
0x0048A580 "Script_UninviteFromRaid"
0x0048A610 "Script_UninviteByName"
0x0048A7C0 "Script_PromoteToPartyLeader"
0x0048A830 "Script_PromoteByName"
0x0048A900 "Script_RequestTimePlayed"
0x0048A970 "Script_RepopMe"
0x0048A9A0 "Script_AcceptResurrect"
0x0048A9D0 "Script_DeclineResurrect"
0x0048AA00 "Script_ResurrectHasSickness"
0x0048AA30 "Script_ResurrectHasTimer"
0x0048AA60 "Script_BeginTrade"
0x0048AA70 "Script_CancelTrade"
0x0048AA80 "Script_AcceptGroup"
0x0048AAB0 "Script_DeclineGroup"
0x0048AAE0 "Script_AcceptGuild"
0x0048AB10 "Script_DeclineGuild"
0x0048AB40 "Script_CancelLogout"
0x0048AB50 "Script_ForceLogout"
0x0048AB60 "Script_ForceQuit"
0x0048AB70 "Script_GetCursorMoney"
0x0048ABA0 "Script_DropCursorMoney"
0x0048ABC0 "Script_PickupPlayerMoney"
0x0048AC60 "Script_ShowInspectCursor"
0x0048AC70 "Script_ResetCursor"
0x0048AC80 "Script_HasSoulstone"
0x0048AD70 "Script_UseSoulstone"
0x0048AE90 "Script_HasKey"
0x0048AEF0 "Script_GuildInviteByName"
0x0048AFB0 "Script_GuildUninviteByName"
0x0048B050 "Script_GuildPromoteByName"
0x0048B0F0 "Script_GuildDemoteByName"
0x0048B190 "Script_GuildSetLeaderByName"
0x0048B270 "Script_GuildSetMOTD"
0x0048B330 "Script_GuildLeave"
0x0048B3A0 "Script_GuildDisband"
0x0048B410 "Script_GuildInfo"
0x0048B480 "Script_GetScreenWidth"
0x0048B4D0 "Script_GetScreenHeight"
0x0048B520 "Script_GetDamageBonusStat"
0x0048B5A0 "Script_GetReleaseTimeRemaining"
0x0048B5E0 "Script_GetCorpseRecoveryDelay"
0x0048B620 "Script_GetInstanceBootTimeRemaining"
0x0048B660 "Script_GetSummonConfirmTimeLeft"
0x0048B6A0 "Script_GetSummonConfirmSummoner"
0x0048B720 "Script_GetSummonConfirmAreaName"
0x0048B770 "Script_ConfirmSummon"
0x0048B820 "Script_GetCursorPosition"
0x0048B8B0 "Script_GetNetStats"
0x0048B920 "Script_SitOrStand"
0x0048B970 "Script_StopCinematic"
0x0048B980 "Script_RunScript"
0x0048BA00 "Script_CheckInteractDistance"
0x0048BC20 "Script_GetScreenResolutions"
0x0048BF10 "Script_GetCurrentResolution"
0x0048BFD0 "Script_SetScreenResolution"
0x0048C0D0 "Script_GetRefreshRates"
0x0048C270 "Script_SetupFullscreenScale"
0x0048C360 "Script_GetMultisampleFormats"
0x0048C580 "Script_GetCurrentMultisampleFormat"
0x0048C640 "Script_SetMultisampleFormat"
0x0048C7B0 "Script_RandomRoll"
0x0048C8C0 "Script_OpeningCinematic"
0x0048C930 "Script_InCinematic"
0x0048C960 "Script_IsWindowsClient"
0x0048C980 "Script_IsMacClient"
0x0048C990 "Script_IsLinuxClient"
0x0048C9A0 "Script_GetGMTicket"
0x0048C9D0 "Script_NewGMTicket"
0x0048CA60 "Script_UpdateGMTicket"
0x0048CB70 "Script_DeleteGMTicket"
0x0048CC00 "Script_GMSurveyQuestion"
0x0048CD30 "Script_GMSurveyAnswerSubmit"
0x0048CEF0 "Script_GMSurveyCommentSubmit"
0x0048CF80 "Script_GMSurveySubmit"
0x0048CFC0 "Script_GetGMStatus"
0x0048D0C0 "Script_AcceptXPLoss"
0x0048D120 "Script_CheckSpiritHealerDist"
0x0048D170 "Script_CheckTalentMasterDist"
0x0048D1C0 "Script_CheckPetUntrainerDist"
0x0048D210 "Script_CheckBinderDist"
0x0048D260 "Script_RetrieveCorpse"
0x0048D2E0 "Script_BindEnchant"
0x0048D300 "Script_ReplaceEnchant"
0x0048D330 "Script_ReplaceTradeEnchant"
0x0048D340 "Script_NotWhileDeadError"
0x0048D350 "Script_GetRestState"
0x0048D3F0 "Script_GetXPExhaustion"
0x0048D4B0 "Script_GetTimeToWellRested"
0x0048D4C0 "Script_GMRequestPlayerInfo"
0x0048D4E0 "Script_GetCoinIcon"
0x0048D540 "Script_GetZonePVPInfo"
0x0048D700 "Script_TogglePVP"
0x0048D770 "Script_ConfirmBindOnUse"
0x0048D780 "Script_SetPortraitToTexture"
0x0048D8B0 "Script_GetLocale"
0x0048D8D0 "Script_GetGMTicketCategories"
0x0048D960 "Script_DropItemOnUnit"
0x0048DAB0 "Script_RestartGx"
0x0048DAD0 "Script_RestoreVideoDefaults"
0x0048DAE0 "Script_GetBindLocation"
0x0048DB40 "Script_GetVideoCaps"
0x0048DC40 "Script_ConfirmTalentWipe"
0x0048DCA0 "Script_ConfirmPetUnlearn"
0x0048DD00 "Script_ConfirmBinder"
0x0048DD60 "Script_ShowingHelm"
0x0048DDC0 "Script_ShowingCloak"
0x0048DE20 "Script_ShowHelm"
0x0048DE70 "Script_ShowCloak"
0x0048DEC0 "Script_SetEuropeanNumbers"
0x0048DEE0 "Script_GetAreaSpiritHealerTime"
0x0048DF20 "Script_AcceptAreaSpiritHeal"
0x0048DF30 "Script_CancelAreaSpiritHeal"
0x0048DF40 "Script_GetMouseFocus"
0x0048DF90 "Script_GetRealmName"
0x0048DFB0 "Script_GetItemQualityColor"
0x0048E070 "Script_GetItemInfo"
0x0048E350 "Script_GetNumAddOns"
0x0048E390 "Script_GetAddOnInfo"
0x0048E530 "Script_GetAddOnMetadata"
0x0048E5E0 "Script_GetAddOnDependencies"
0x0048E690 "Script_EnableAddOn"
0x0048E720 "Script_EnableAllAddOns"
0x0048E760 "Script_DisableAddOn"
0x0048E7F0 "Script_DisableAllAddOns"
0x0048E830 "Script_ResetDisabledAddOns"
0x0048E840 "Script_IsAddOnLoadOnDemand"
0x0048E8E0 "Script_IsAddOnLoaded"
0x0048E980 "Script_LoadAddOn"
0x0048EB70 "Script_PartialPlayTime"
0x0048EBE0 "Script_NoPlayTime"
0x0048EC50 "Script_GetBillingTimeRested"
0x0048A6B0 "Script_ResetInstances"
0x0048A720 "Script_CanShowResetInstances"
0x0048A750 "Script_IsInInstance"
0x0049F1E0 "Script_SendChatMessage"
0x0049F920 "Script_SendAddonMessage"
0x0049FB30 "Script_GetNumLaguages"
0x0049FBE0 "Script_GetLanguageByIndex"
0x0049FCD0 "Script_GetDefaultLanguage"
0x0049FD30 "Script_DoEmote"
0x0049FE40 "Script_LoggingChat"
0x0049FEF0 "Script_LoggingCombat"
0x0049FF00 "Script_JoinChannelByName"
0x004A0000 "Script_LeaveChannelByName"
0x004A00D0 "Script_ListChannelByName"
0x004A01C0 "Script_ListChannels"
0x004A02D0 "Script_GetChannelList"
0x004A03A0 "Script_SetChannelPassword"
0x004A0490 "Script_SetChannelOwner"
0x004A05C0 "Script_DisplayChannelOwner"
0x004A05E0 "Script_GetChannelName"
0x004A06B0 "Script_ChannelModerator"
0x004A06D0 "Script_ChannelUnmoderator"
0x004A06F0 "Script_ChannelMute"
0x004A0710 "Script_ChannelUnmute"
0x004A0730 "Script_ChannelInvite"
0x004A0750 "Script_ChannelKick"
0x004A0770 "Script_ChannelBan"
0x004A0790 "Script_ChannelUnban"
0x004A07B0 "Script_ChannelToggleAnnouncements"
0x004A07D0 "Script_ChannelModerate"
0x004A07F0 "Script_ChangeChatColor"
0x004A09E0 "Script_ResetChatColors"
0x004A0A80 "Script_GetChatTypeIndex"
0x004A0BA0 "Script_GetChatWindowInfo"
0x004A0D20 "Script_GetChatWindowMessages"
0x004A0DC0 "Script_GetChatWindowChannels"
0x004A0E80 "Script_AddChatWindowMessages"
0x004A0F40 "Script_RemoveChatWindowMessages"
0x004A1000 "Script_AddChatWindowChannel"
0x004A1260 "Script_RemoveChatWindowChannel"
0x004A13F0 "Script_SetChatWindowName"
0x004A1470 "Script_SetChatWindowSize"
0x004A14F0 "Script_SetChatWindowColor"
0x004A15D0 "Script_SetChatWindowAlpha"
0x004A1650 "Script_SetChatWindowLocked"
0x004A16B0 "Script_SetChatWindowDocked"
0x004A1730 "Script_SetChatWindowShown"
0x004A1790 "Script_EnumerateServerChannels"
0x004A1850 "Script_RequestRaidInfo"
0x004A0040 "Script_GetGuildRecruitmentMode"
0x004A0060 "Script_SetGuildRecruitmentMode"
0x004A18F0 "Script_GetNumSavedInstances"
0x004A1920 "Script_GetSavedInstanceInfo"
0x004A7CE0 "Script_GetMapContinents"
0x004A7D10 "Script_GetMapZones"
0x004A7DB0 "Script_SetMapZoom"
0x004A7E20 "Script_SetMapToCurrentZone"
0x004A7E30 "Script_GetMapInfo"
0x004A7ED0 "Script_GetCurrentMapContinent"
0x004A7F00 "Script_GetCurrentMapZone"
0x004A7F30 "Script_ProcessMapClick"
0x004A7FA0 "Script_UpdateMapHighlight"
0x004A8610 "Script_GetPlayerMapPosition"
0x004A86D0 "Script_GetCorpseMapPosition"
0x004A8710 "Script_GetNumMapLandmarks"
0x004A8740 "Script_GetMapLandmarkInfo"
0x004A88F0 "Script_GetWorldLocMapPosition"
0x004A89D0 "Script_GetNumMapOverlays"
0x004A8A00 "Script_GetMapOverlayInfo"
0x004A8BB0 "Script_CreateWorldMapArrowFrame"
0x004A8C60 "Script_CreateMiniWorldMapArrowFrame"
0x004A8D10 "Script_UpdateWorldMapArrowFrames"
0x004A8D20 "Script_PositionWorldMapArrowFrame"
0x004A8F20 "Script_PositionMiniWorldMapArrowFrame"
0x004A9120 "Script_ShowWorldMapArrowFrame"
0x004A9170 "Script_ShowMiniWorldMapArrowFrame"
0x004AB080 "Script_GetNumBattlefields"
0x004AB0B0 "Script_GetBattlefieldInfo"
0x004AB1F0 "Script_GetBattlefieldInstanceInfo"
0x004AB290 "Script_JoinBattlefield"
0x004AB300 "Script_SetSelectedBattlefield"
0x004AB360 "Script_GetSelectedBattlefield"
0x004AB3B0 "Script_AcceptBattlefieldPort"
0x004AB4A0 "Script_GetBattlefieldStatus"
0x004AB620 "Script_GetBattlefieldPortExpiration"
0x004AB6D0 "Script_GetBattlefieldInstanceExpiration"
0x004AB730 "Script_GetBattlefieldInstanceRunTime"
0x004AB790 "Script_GetBattlefieldEstimatedWaitTime"
0x004AB820 "Script_GetBattlefieldTimeWaited"
0x004AB2F0 "Script_CloseBattlefield"
0x004AB8C0 "Script_ShowBattlefieldList"
0x004AB990 "Script_RequestBattlefieldScoreData"
0x004AB9A0 "Script_GetNumBattlefieldScores"
0x004AB9D0 "Script_GetBattlefieldScore"
0x004ABC40 "Script_GetBattlefieldWinner"
0x004ABC90 "Script_SetBattlefieldScoreFaction"
0x004ABE60 "Script_LeaveBattlefield"
0x004ABCD0 "Script_GetNumBattlefieldStats"
0x004ABD00 "Script_GetBattlefieldStatInfo"
0x004ABDC0 "Script_GetBattlefieldStatData"
0x004ABEF0 "Script_RequestBattlefieldPositions"
0x004ABF00 "Script_GetNumBattlefieldPositions"
0x004ABF90 "Script_GetBattlefieldPosition"
0x004AC1C0 "Script_GetNumBattlefieldFlagPositions"
0x004AC230 "Script_GetBattlefieldFlagPosition"
0x004AC380 "Script_CanJoinBattlefieldAsGroup"
0x004AC3D0 "Script_GetBattlefieldMapIconScale"
0x004ADED0 "Script_CloseMail"
0x004ADEE0 "Script_ClearSendMail"
0x004ADEF0 "Script_ClickSendMailItemButton"
0x004AE0F0 "Script_SetSendMailMoney"
0x004AE150 "Script_GetSendMailMoney"
0x004AE180 "Script_SetSendMailCOD"
0x004AE1C0 "Script_GetSendMailCOD"
0x004AE1F0 "Script_GetNumStationeries"
0x004AE230 "Script_GetStationeryInfo"
0x004AE380 "Script_SelectStationery"
0x004AE3F0 "Script_GetSelectedStationeryTexture"
0x004AE430 "Script_GetNumPackages"
0x004AE450 "Script_GetPackageInfo"
0x004AE550 "Script_SelectPackage"
0x004AE590 "Script_GetSendMailItem"
0x004AE730 "Script_GetSendMailPrice"
0x004AE800 "Script_SendMail"
0x004AEAB0 "Script_CheckInbox"
0x004AEB90 "Script_GetInboxNumItems"
0x004AEBC0 "Script_GetInboxHeaderInfo"
0x004AF110 "Script_GetInboxText"
0x004AF360 "Script_GetInboxInvoiceInfo"
0x004AF5D0 "Script_GetInboxItem"
0x004AF7D0 "Script_TakeInboxMoney"
0x004AF8E0 "Script_TakeInboxItem"
0x004AFA60 "Script_TakeInboxTextItem"
0x004AFBA0 "Script_ReturnInboxItem"
0x004AFCD0 "Script_DeleteInboxItem"
0x004AFE00 "Script_InboxItemCanDelete"
0x004AFEA0 "Script_HasNewMail"
0x004B3CB0 "Script_GetNumSpellTabs"
0x004B3CE0 "Script_GetSpellTabInfo"
0x004B3E50 "Script_GetSpellTexture"
0x004B3FE0 "Script_GetSpellName"
0x004B40A0 "Script_GetSpellCooldown"
0x004B4180 "Script_GetSpellAutocast"
0x004B4240 "Script_ToggleSpellAutocast"
0x004B42A0 "Script_PickupSpell"
0x004B42F0 "Script_CastSpell"
0x004B4370 "Script_IsCurrentCast"
0x004B43E0 "Script_UpdateSpells"
0x004B43F0 "Script_PlayerHasSpells"
0x004B4410 "Script_HasPetSpells"
0x004B44E0 "Script_IsSpellPassive"
0x004B4590 "Script_GetNumShapeshiftForms"
0x004B45C0 "Script_GetShapeshiftFormInfo"
0x004B4810 "Script_CastShapeshiftForm"
0x004B49A0 "Script_GetShapeshiftFormCooldown"
0x004B4AB0 "Script_CastSpellByName"
0x004B5960 "Script_TutorialsEnabled"
0x004B59B0 "Script_FlagTutorial"
0x004B5A00 "Script_ClearTutorials"
0x004B5A10 "Script_ResetTutorials"
0x004B7F40 "Script_GetNumBindings"
0x004B7F60 "Script_GetBinding"
0x004B8000 "Script_SetBinding"
0x004B80A0 "Script_GetBindingKey"
0x004B8120 "Script_GetBindingAction"
0x004B8180 "Script_RunBinding"
0x004B8200 "Script_GetCurrentBindingSet"
0x004B8220 "Script_LoadBindings"
0x004B8260 "Script_SaveBindings"
0x004BB530 "Script_GetNumRaidMembers"
0x004BB560 "Script_GetRaidRosterInfo"
0x004BB820 "Script_SetRaidRosterSelection"
0x004BB890 "Script_GetRaidRosterSelection"
0x004BB8C0 "Script_IsRaidLeader"
0x004BB910 "Script_IsRaidOfficer"
0x004BB990 "Script_SetRaidSubgroup"
0x004BBB00 "Script_SwapRaidSubgroup"
0x004BBC90 "Script_ConvertToRaid"
0x004BBD20 "Script_PromoteToAssistant"
0x004BBDF0 "Script_DemoteAssistant"
0x004BBEC0 "Script_SetRaidTarget"
0x004BB4B0 "Script_GetRaidTargetIndex"
0x004BC080 "Script_DoReadyCheck"
0x004BC090 "Script_ConfirmReadyCheck"
0x004BC120 "Script_CheckReadyCheckTime"
0x004BDC20 "Script_PetHasActionBar"
0x004BDC50 "Script_GetPetActionInfo"
0x004BDFA0 "Script_GetPetActionCooldown"
0x004BE0B0 "Script_GetPetActionsUsable"
0x004BE0E0 "Script_IsPetAttackActive"
0x004BE180 "Script_PickupPetAction"
0x004BE290 "Script_TogglePetAutocast"
0x004BE330 "Script_CastPetAction"
0x004BE450 "Script_PetPassiveMode"
0x004BE460 "Script_PetDefensiveMode"
0x004BE470 "Script_PetAggressiveMode"
0x004BE480 "Script_PetWait"
0x004BE490 "Script_PetFollow"
0x004BE4A0 "Script_PetAttack"
0x004BE4B0 "Script_PetStopAttack"
0x004BE4C0 "Script_PetAbandon"
0x004BE4D0 "Script_PetDismiss"
0x004BE4E0 "Script_PetRename"
0x004BE500 "Script_PetCanBeAbandoned"
0x004BE580 "Script_PetCanBeRenamed"
0x004BE600 "Script_GetPetTimeRemaining"
0x004BE670 "Script_HasPetUI"
0x004BE700 "Script_GetPetLoyalty"
0x004BE790 "Script_GetPetTrainingPoints"
0x004BE840 "Script_GetPetExperience"
0x004BE900 "Script_GetPetHappiness"
0x004BEA10 "Script_GetPetFoodTypes"
0x004BEB10 "Script_GetPetIcon"
0x004BFDC0 "Script_CloseTrade"
0x004BFDF0 "Script_ClickTradeButton"
0x004C0080 "Script_ClickTargetTradeButton"
0x004C00F0 "Script_GetTradeTargetItemInfo"
0x004C0360 "Script_GetTradeTargetItemLink"
0x004C0450 "Script_GetTradePlayerItemInfo"
0x004C0650 "Script_GetTradePlayerItemLink"
0x004C06E0 "Script_AcceptTrade"
0x004C06F0 "Script_CancelTradeAccept"
0x004C0700 "Script_GetPlayerTradeMoney"
0x004C0750 "Script_GetTargetTradeMoney"
0x004C0790 "Script_PickupTradeMoney"
0x004C07F0 "Script_AddTradeMoney"
0x004C0820 "Script_SetTradeMoney"
0x004C2B40 "Script_SetLootPortrait"
0x004C2C30 "Script_GetNumLootItems"
0x004C2C60 "Script_GetLootSlotInfo"
0x004C2D20 "Script_GetLootSlotLink"
0x004C2D90 "Script_LootSlotIsItem"
0x004C2E00 "Script_LootSlotIsCoin"
0x004C2E70 "Script_LootSlot"
0x004C2EC0 "Script_CloseLoot"
0x004C2EE0 "Script_IsFishingLoot"
0x004C2F10 "Script_GetMasterLootCandidate"
0x004C2FD0 "Script_GiveMasterLoot"
0x004C3050 "Script_GetLootRollItemInfo"
0x004C31F0 "Script_GetLootRollItemLink"
0x004C32D0 "Script_GetLootRollTimeLeft"
0x004C3370 "Script_RollOnLoot"
0x004C33E0 "Script_ConfirmLootRoll"
0x004C4210 "Script_CloseLottery"
0x004C4220 "Script_GetLastLotteryNumbers"
0x004C4290 "Script_SubmitNumbers"
0x004C43D0 "Script_IsVendorActive"
0x004C4400 "Script_BuyRandomPicks"
0x004C44B0 "Script_GetNumLotteryPrizes"
0x004C44E0 "Script_GetLotteryPrizeInfo"
0x004C45D0 "Script_GetJackpotAmount"
0x004C45F0 "Script_GetMoneyPrizes"
0x004C4630 "Script_GetNextDrawTime"
0x004C4660 "Script_GetNumPastDrawResults"
0x004C4690 "Script_GetPastDrawResult"
0x004C4D50 "Script_GetMinigameType"
0x004C4D80 "Script_MakeMinigameMove"
0x004C4DF0 "Script_GetMinigameState"
0x004C5A40 "Script_GetNumWorldStateUI"
0x004C5A70 "Script_GetWorldStateUIInfo"
0x004C81B0 "Script_GetInventorySlotInfo"
0x004C82A0 "Script_GetInventoryItemTexture"
0x004C8590 "Script_GetInventoryItemBroken"
0x004C8680 "Script_GetInventoryItemCount"
0x004C88D0 "Script_GetInventoryItemQuality"
0x004C8A60 "Script_GetInventoryItemCooldown"
0x004C8C10 "Script_GetInventoryItemLink"
0x004C8150 "Script_KeyRingButtonIDToInvSlotID"
0x004C8DA0 "Script_PickupInventoryItem"
0x004C8DE0 "Script_UseInventoryItem"
0x004C8E60 "Script_IsInventoryItemLocked"
0x004C8F00 "Script_PutItemInBag"
0x004C8F70 "Script_PutItemInBackpack"
0x004C8FA0 "Script_PickupBagFromSlot"
0x004C8FF0 "Script_CursorCanGoInSlot"
0x004C90B0 "Script_ShowInventorySellCursor"
0x004C9150 "Script_SetInventoryPortaitTexture"
0x004C9330 "Script_GetGuildInfo"
0x004C94B0 "Script_GetInventoryAlertStatus"
0x004C9560 "Script_UpdateInventoryAlertStatus"
0x004C9570 "Script_OffhandHasWeapon"
0x004C95E0 "Script_HasInspectHonorData"
0x004C9610 "Script_RequestInspectHonorData"
0x004C9620 "Script_GetInspectHonorData"
0x004C9780 "Script_ClearInspectPlayer"
0x004C9790 "Script_GetWeaponEnchantInfo"
0x004C99A0 "Script_HasWandEquipped"
0x004CA570 "Script_IsInMeetingStoneQueue"
0x004CA5A0 "Script_CancelMeetingStoneRequest"
0x004CA5B0 "Script_GetMeetingStoneStatusText"
0x004CAE40 "Script_ClosePetStables"
0x004CAE50 "Script_StablePet"
0x004CAF20 "Script_UnstablePet"
0x004CB080 "Script_BuyStableSlot"
0x004CB1D0 "Script_GetNumStablePets"
0x004CB200 "Script_GetNumStableSlots"
0x004CB230 "Script_GetStablePetInfo"
0x004CB3D0 "Script_GetNextStableSlotCost"
0x004CB420 "Script_ClickStablePet"
0x004CB7A0 "Script_PickupStablePet"
0x004CB810 "Script_GetSelectedStablePet"
0x004CB870 "Script_SetPetStablePaperdoll"
0x004CBA70 "Script_GetStablePetFoodTypes"
0x004CE160 "Script_CloseAuctionHouse"
0x004CE170 "Script_GetAuctionHouseDepositRate"
0x004CE1C0 "Script_CalculateAuctionDeposit"
0x004CE310 "Script_ClickAuctionSellItemButton"
0x004CE590 "Script_GetAuctionSellItemInfo"
0x004CE770 "Script_StartAuction"
0x004CE980 "Script_QueryAuctionItems"
0x004CEC80 "Script_GetOwnerAuctionItems"
0x004CECD0 "Script_GetBidderAuctionItems"
0x004CED20 "Script_GetNumAuctionItems"
0x004CEE40 "Script_GetAuctionItemInfo"
0x004CF2F0 "Script_GetAuctionItemLink"
0x004CF470 "Script_GetAuctionItemTimeLeft"
0x004CF610 "Script_PlaceAuctionBid"
0x004CF970 "Script_GetAuctionItemClasses"
0x004CF9C0 "Script_GetAuctionItemSubClasses"
0x004CFAB0 "Script_GetAuctionInvTypes"
0x004CFBB0 "Script_CanSendAuctionQuery"
0x004CFC00 "Script_SortAuctionItems"
0x004CFDA0 "Script_SetSelectedAuctionItem"
0x004CFEC0 "Script_GetSelectedAuctionItem"
0x004D0030 "Script_IsAuctionSortReversed"
0x004D0260 "Script_CancelAuction"
0x004D1190 "Script_GetNumGuildMembers"
0x004D11F0 "Script_GetGuildRosterMOTD"
0x004D1200 "Script_GetGuildRosterInfo"
0x004D14A0 "Script_GetGuildRosterLastOnline"
0x004D15E0 "Script_GuildRosterSetPublicNote"
0x004D1700 "Script_GuildRosterSetOfficerNote"
0x004D1820 "Script_SetGuildRosterSelection"
0x004D1890 "Script_GetGuildRosterSelection"
0x004D18C0 "Script_CanGuildPromote"
0x004D1930 "Script_CanGuildDemote"
0x004D19A0 "Script_CanGuildInvite"
0x004D1A10 "Script_CanGuildRemove"
0x004D1A80 "Script_CanEditMOTD"
0x004D1AF0 "Script_CanEditPublicNote"
0x004D1B60 "Script_CanEditOfficerNote"
0x004D1BD0 "Script_CanViewOfficerNote"
0x004D1C40 "Script_CanEditGuildInfo"
0x004D1CB0 "Script_SortGuildRoster"
0x004D1E10 "Script_SetGuildRosterShowOffline"
0x004D1E30 "Script_GetGuildRosterShowOffline"
0x004D1E60 "Script_GuildControlGetNumRanks"
0x004D1E90 "Script_GuildControlGetRankName"
0x004D1FA0 "Script_GuildControlSetRank"
0x004D1FE0 "Script_GuildControlGetRankFlags"
0x004D2070 "Script_GuildControlSetRankFlag"
0x004D20D0 "Script_GuildControlSaveRank"
0x004D2210 "Script_GuildControlAddRank"
0x004D22E0 "Script_GuildControlDelRank"
0x004D2350 "Script_CloseGuildRoster"
0x004D2360 "Script_GuildRoster"
0x004D2370 "Script_GetGuildInfoText"
0x004D2380 "Script_SetGuildInfoText"
0x004D35E0 "Script_GetNumSkillLines"
0x004D3610 "Script_GetSkillLineInfo"
0x004D3AB0 "Script_AbandonSkill"
0x004D3B70 "Script_CollapseSkillHeader"
0x004D3BD0 "Script_ExpandSkillHeader"
0x004D3C30 "Script_AddSkillUp"
0x004D3C70 "Script_RemoveSkillUp"
0x004D3CB0 "Script_GetAdjustedSkillPoints"
0x004D3D40 "Script_AcceptSkillUps"
0x004D3E30 "Script_CancelSkillUps"
0x004D3E50 "Script_BuySkillTier"
0x004D4020 "Script_SetSelectedSkill"
0x004D4090 "Script_GetSelectedSkill"
0x004D4C40 "Script_StartDuel"
0x004D4C90 "Script_StartDuelUnit"
0x004D4CE0 "Script_AcceptDuel"
0x004D4CF0 "Script_CancelDuel"
0x004D64C0 "Script_GetNumFactions"
0x004D64F0 "Script_GetFactionInfo"
0x004D6820 "Script_GetWatchedFactionInfo"
0x004D6B60 "Script_SetWatchedFactionIndex"
0x004D6950 "Script_FactionToggleAtWar"
0x004D6A50 "Script_CollapseFactionHeader"
0x004D69B0 "Script_SetFactionInactive"
0x004D6A00 "Script_SetFactionActive"
0x004D6AF0 "Script_IsFactionInactive"
0x004D6AA0 "Script_ExpandFactionHeader"
0x004D6BB0 "Script_SetSelectedFaction"
0x004D6C00 "Script_GetSelectedFaction"
0x004D8CF0 "Script_OpenTrainer"
0x004D8D50 "Script_CloseTrainer"
0x004D8D90 "Script_GetNumTrainerServices"
0x004D8DC0 "Script_GetTrainerServiceInfo"
0x004D8E60 "Script_SelectTrainerService"
0x004D8EA0 "Script_IsTradeskillTrainer"
0x004D8ED0 "Script_IsTalentTrainer"
0x004D8F10 "Script_GetTrainerSelectionIndex"
0x004D8F40 "Script_GetTrainerGreetingText"
0x004D8F50 "Script_GetTrainerServiceIcon"
0x004D9160 "Script_GetTrainerServiceSkillLine"
0x004D92F0 "Script_GetTrainerServiceCost"
0x004D93A0 "Script_GetTrainerServiceLevelReq"
0x004D9410 "Script_GetTrainerServiceSkillReq"
0x004D9600 "Script_GetTrainerServiceNumAbilityReq"
0x004D96E0 "Script_GetTrainerServiceAbilityReq"
0x004D9930 "Script_GetTrainerServiceStepReq"
0x004D9B40 "Script_GetTrainerServiceDescription"
0x004D9DD0 "Script_IsTrainerServiceSkillStep"
0x004D9E70 "Script_IsTrainerServiceLearnSpell"
0x004D9F70 "Script_IsTrainerServiceTradeSkill"
0x004DA030 "Script_GetTrainerServiceStepIncrease"
0x004DA210 "Script_BuyTrainerService"
0x004DA260 "Script_SetTrainerServiceTypeFilter"
0x004DA3F0 "Script_SetTrainerSkillLineFilter"
0x004DA510 "Script_GetTrainerServiceTypeFilter"
0x004DA590 "Script_GetTrainerSkillLineFilter"
0x004DA660 "Script_GetTrainerSkillLines"
0x004DA6C0 "Script_CollapseTrainerSkillLine"
0x004DA740 "Script_ExpandTrainerSkillLine"
0x004DCA50 "Script_SetTaxiMap"
0x004DCB00 "Script_NumTaxiNodes"
0x004DCB30 "Script_TaxiNodeName"
0x004DCB80 "Script_TaxiNodePosition"
0x004DCC20 "Script_TaxiNodeCost"
0x004DCCA0 "Script_TakeTaxiNode"
0x004DCCE0 "Script_CloseTaxiMap"
0x004DCCF0 "Script_TaxiNodeGetType"
0x004DCD40 "Script_TaxiNodeSetCurrent"
0x004DCD90 "Script_TaxiGetSrcX"
0x004DCDE0 "Script_TaxiGetSrcY"
0x004DCE30 "Script_TaxiGetDestX"
0x004DCE80 "Script_TaxiGetDestY"
0x004DCED0 "Script_GetNumRoutes"
0x004DF8B0 "Script_GetNumQuestLogEntries"
0x004DF930 "Script_GetQuestLogTitle"
0x004DFAE0 "Script_SelectQuestLogEntry"
0x004DFB20 "Script_GetQuestLogSelection"
0x004DFB50 "Script_SetAbandonQuest"
0x004DFB60 "Script_GetAbandonQuestName"
0x004DFBE0 "Script_GetAbandonQuestItems"
0x004DFE00 "Script_AbandonQuest"
0x004DFE10 "Script_IsUnitOnQuest"
0x004DFF20 "Script_GetQuestLogQuestText"
0x004E0000 "Script_GetNumQuestLeaderBoards"
0x004E0110 "Script_GetQuestLogLeaderBoard"
0x004E08A0 "Script_GetQuestLogTimeLeft"
0x004E0960 "Script_IsCurrentQuestFailed"
0x004E09E0 "Script_GetNumQuestLogRewards"
0x004E0A70 "Script_GetNumQuestLogChoices"
0x004E0B00 "Script_GetQuestLogRewardInfo"
0x004E0CF0 "Script_GetQuestLogChoiceInfo"
0x004E0EE0 "Script_GetQuestLogItemLink"
0x004E1070 "Script_GetQuestLogRewardMoney"
0x004E1130 "Script_GetQuestLogRewardSpell"
0x004E1220 "Script_GetQuestLogRequiredMoney"
0x004E12B0 "Script_GetQuestLogPushable"
0x004E1340 "Script_QuestLogPushQuest"
0x004E13D0 "Script_GetQuestTimers"
0x004E15F0 "Script_GetQuestIndexForTimer"
0x004E1730 "Script_CollapseQuestHeader"
0x004E1780 "Script_ExpandQuestHeader"
0x004E17D0 "Script_GetQuestGreenRange"
0x004E1860 "Script_GetNumQuestWatches"
0x004E1890 "Script_IsQuestWatched"
0x004E1930 "Script_AddQuestWatch"
0x004E1970 "Script_RemoveQuestWatch"
0x004E19B0 "Script_GetQuestIndexForWatch"
0x004E28C0 "Script_GetGossipText"
0x004E28D0 "Script_GetGossipOptions"
0x004E2930 "Script_GetGossipAvailableQuests"
0x004E29B0 "Script_GetGossipActiveQuests"
0x004E2A30 "Script_SelectGossipOption"
0x004E2AA0 "Script_SelectGossipAvailableQuest"
0x004E2AE0 "Script_SelectGossipActiveQuest"
0x004E2B20 "Script_CloseGossip"
0x004E38F0 "Script_ItemTextGetItem"
0x004E3940 "Script_ItemTextGetCreator"
0x004E39F0 "Script_ItemTextGetMaterial"
0x004E3AD0 "Script_ItemTextGetPage"
0x004E3B00 "Script_ItemTextGetText"
0x004E3B10 "Script_ItemTextHasNextPage"
0x004E3B50 "Script_ItemTextPrevPage"
0x004E3B60 "Script_ItemTextNextPage"
0x004E3B70 "Script_CloseItemText"
0x004E45D0 "Script_GetPlayerBuff"
0x004E4740 "Script_GetPlayerBuffTexture"
0x004E4800 "Script_GetPlayerBuffDispelType"
0x004E48B0 "Script_GetPlayerBuffApplications"
0x004E4930 "Script_GetPlayerBuffTimeLeft"
0x004E49A0 "Script_CancelPlayerBuff"
0x004E4A20 "Script_GetTrackingTexture"
0x004E4A80 "Script_CancelTrackingBuff"
0x004E6E10 "Script_GetActionTexture"
0x004E6E70 "Script_GetActionCount"
0x004E6ED0 "Script_GetActionCooldown"
0x004E6F90 "Script_GetActionAutocast"
0x004E7050 "Script_GetActionText"
0x004E70D0 "Script_HasAction"
0x004E7140 "Script_UseAction"
0x004E71D0 "Script_PickupAction"
0x004E7240 "Script_PlaceAction"
0x004E7280 "Script_IsAttackAction"
0x004E72F0 "Script_IsCurrentAction"
0x004E7360 "Script_IsAutoRepeatAction"
0x004E73D0 "Script_IsUsableAction"
0x004E7470 "Script_IsConsumableAction"
0x004E74E0 "Script_IsEquippedAction"
0x004E7550 "Script_IsActionInRange"
0x004E75D0 "Script_ActionHasRange"
0x004E7620 "Script_GetBonusBarOffset"
0x004E7650 "Script_ChangeActionBarPage"
0x004E7660 "Script_GetActionBarToggles"
0x004E76E0 "Script_SetActionBarToggles"
0x004E9050 "Script_GetNumPartyMembers"
0x004E9090 "Script_GetPartyMember"
0x004E9100 "Script_GetPartyLeaderIndex"
0x004E9130 "Script_IsPartyLeader"
0x004E9180 "Script_LeaveParty"
0x004E91B0 "Script_GetLootMethod"
0x004E92A0 "Script_SetLootMethod"
0x004E94E0 "Script_GetLootThreshold"
0x004E9500 "Script_SetLootThreshold"
0x004E95D0 "Script_GetLookingForGroup"
0x004E96B0 "Script_SetLookingForGroup"
0x004E9760 "Script_LFGQuery"
0x004E9870 "Script_GetNumLFGResults"
0x004E98C0 "Script_GetLFGResults"
0x004E9A70 "Script_GetLFGTypes"
0x004E9AA0 "Script_GetLFGTypeEntries"
0x004F15B0 "Script_CreateMacro"
0x004F1710 "Script_GetNumMacros"
0x004F1760 "Script_GetMacroInfo"
0x004F1850 "Script_DeleteMacro"
0x004F18B0 "Script_EditMacro"
0x004F19F0 "Script_GetNumMacroIcons"
0x004F1A30 "Script_GetMacroIconInfo"
0x004F1AE0 "Script_PickupMacro"
0x004F1B30 "Script_GetMacroIndexByName"
0x004F3010 "Script_GetNumTalentTabs"
0x004F3040 "Script_GetTalentTabInfo"
0x004F3160 "Script_GetNumTalents"
0x004F3200 "Script_GetTalentInfo"
0x004F34D0 "Script_GetTalentPrereqs"
0x004F36A0 "Script_LearnTalent"
0x004F43C0 "Script_ClosePetition"
0x004F43D0 "Script_GetPetitionInfo"
0x004F44E0 "Script_GetNumPetitionNames"
0x004F4510 "Script_GetPetitionNameInfo"
0x004F45E0 "Script_CanSignPetition"
0x004F46D0 "Script_SignPetition"
0x004F4790 "Script_OfferPetition"
0x004F4930 "Script_RenamePetition"
0x004F5220 "Script_CloseGuildRegistrar"
0x004F5230 "Script_GetGuildCharterCost"
0x004F5260 "Script_BuyGuildCharter"
0x004F52D0 "Script_TurnInGuildCharter"
0x004F5300 "Script_GetTabardInfo"
0x004F5900 "Script_CloseTabardCreation"
0x004F5910 "Script_GetTabardCreationCost"
0x004F6C00 "Script_CloseCraft"
0x004F6C10 "Script_GetCraftName"
0x004F6C90 "Script_GetCraftButtonToken"
0x004F6CB0 "Script_GetCraftDisplaySkillLine"
0x004F6E70 "Script_GetNumCrafts"
0x004F6E90 "Script_GetCraftInfo"
0x004F70F0 "Script_SelectCraft"
0x004F7130 "Script_GetCraftSelectionIndex"
0x004F7160 "Script_GetCraftIcon"
0x004F7210 "Script_GetCraftSkillLine"
0x004F72A0 "Script_GetCraftItemLink"
0x004F7420 "Script_GetCraftNumReagents"
0x004F74D0 "Script_GetCraftReagentInfo"
0x004F7730 "Script_GetCraftReagentItemLink"
0x004F78B0 "Script_GetCraftSpellFocus"
0x004F7A90 "Script_GetCraftDescription"
0x004F7C10 "Script_CollapseCraftSkillLine"
0x004F7C90 "Script_ExpandCraftSkillLine"
0x004F7D10 "Script_DoCraft"
0x004F8530 "Script_BankButtonIDToInvSlotID"
0x004F85B0 "Script_GetNumBankSlots"
0x004F8630 "Script_GetBankSlotCost"
0x004F86B0 "Script_PurchaseSlot"
0x004F87D0 "Script_CloseBankFrame"
0x004F94E0 "Script_ContainerIDToInventoryID"
0x004F9560 "Script_GetContainerNumSlots"
0x004F9670 "Script_GetContainerItemInfo"
0x004F9930 "Script_GetContainerItemLink"
0x004F99B0 "Script_GetContainerItemCooldown"
0x004F9B30 "Script_PickupContainerItem"
0x004F9F70 "Script_SplitContainerItem"
0x004FA0E0 "Script_UseContainerItem"
0x004FA460 "Script_ShowContainerSellCursor"
0x004FA4F0 "Script_SetBagPortaitTexture"
0x004FA670 "Script_GetBagName"
0x004FB120 "Script_CloseMerchant"
0x004FB130 "Script_GetMerchantNumItems"
0x004FB150 "Script_GetMerchantItemInfo"
0x004FB310 "Script_GetBuybackItemInfo"
0x004FB580 "Script_GetMerchantItemLink"
0x004FB670 "Script_GetMerchantItemMaxStack"
0x004FB760 "Script_PickupMerchantItem"
0x004FB850 "Script_BuyMerchantItem"
0x004FB950 "Script_BuybackItem"
0x004FBA80 "Script_CanMerchantRepair"
0x004FBAB0 "Script_ShowMerchantSellCursor"
0x004FBBB0 "Script_ShowBuybackSellCursor"
0x004FBCC0 "Script_ShowRepairCursor"
0x004FBD00 "Script_HideRepairCursor"
0x004FBD30 "Script_InRepairMode"
0x004FBD60 "Script_GetRepairAllCost"
0x004FBFE0 "Script_RepairAllItems"
0x004FC160 "Script_GetNumBuybackItems"
0x004FD7F0 "Script_CloseTradeSkill"
0x004FD800 "Script_GetNumTradeSkills"
0x004FD820 "Script_GetTradeSkillInfo"
0x004FD9B0 "Script_SelectTradeSkill"
0x004FD9F0 "Script_GetTradeSkillSelectionIndex"
0x004FDA20 "Script_GetTradeSkillCooldown"
0x004FDAE0 "Script_GetTradeSkillIcon"
0x004FDC50 "Script_GetTradeSkillNumMade"
0x004FDD40 "Script_GetTradeSkillLine"
0x004FDEC0 "Script_GetTradeSkillItemStats"
0x004FF410 "Script_GetTradeSkillItemLink"
0x004FF510 "Script_GetTradeSkillNumReagents"
0x004FF5C0 "Script_GetTradeSkillReagentInfo"
0x004FF800 "Script_GetTradeSkillReagentItemLink"
0x004FF980 "Script_GetTradeSkillTools"
0x004FFB60 "Script_GetTradeSkillSubClasses"
0x004FFC20 "Script_GetTradeSkillInvSlots"
0x004FFC70 "Script_SetTradeSkillSubClassFilter"
0x004FFD90 "Script_GetTradeSkillSubClassFilter"
0x004FFE60 "Script_SetTradeSkillInvSlotFilter"
0x004FFFD0 "Script_GetTradeSkillInvSlotFilter"
0x005000C0 "Script_CollapseTradeSkillSubClass"
0x00500140 "Script_ExpandTradeSkillSubClass"
0x005001C0 "Script_GetFirstTradeSkill"
0x00500230 "Script_GetTradeskillRepeatCount"
0x00500280 "Script_DoTradeSkill"
0x00501A10 "Script_CloseQuest"
0x00501A20 "Script_GetTitleText"
0x00501A30 "Script_GetGreetingText"
0x00501A40 "Script_GetQuestText"
0x00501A50 "Script_GetObjectiveText"
0x00501A60 "Script_GetProgressText"
0x00501A70 "Script_GetRewardText"
0x00501A80 "Script_GetNumAvailableQuests"
0x00501AA0 "Script_GetNumActiveQuests"
0x00501AC0 "Script_GetAvailableTitle"
0x00501B30 "Script_GetActiveTitle"
0x00501BA0 "Script_GetAvailableLevel"
0x00501C20 "Script_GetActiveLevel"
0x00501CA0 "Script_SelectAvailableQuest"
0x00501CE0 "Script_SelectActiveQuest"
0x00501D20 "Script_AcceptQuest"
0x00501D30 "Script_DeclineQuest"
0x00501D40 "Script_IsQuestCompletable"
0x00501D70 "Script_CompleteQuest"
0x00501D80 "Script_GetQuestReward"
0x00501DD0 "Script_GetRewardMoney"
0x00501DF0 "Script_GetRewardSpell"
0x00501EA0 "Script_GetQuestMoneyToGet"
0x00501EC0 "Script_GetNumQuestRewards"
0x00501F00 "Script_GetNumQuestChoices"
0x00501F40 "Script_GetNumQuestItems"
0x00501F80 "Script_GetQuestItemInfo"
0x00502090 "Script_GetQuestItemLink"
0x005021A0 "Script_QuestChooseRewardError"
0x005021B0 "Script_ConfirmAcceptQuest"
0x00502230 "Script_GetQuestBackgroundMaterial"
0x0050B400 "Script_CameraZoomIn"
0x0050B450 "Script_CameraZoomOut"
0x0050B4A0 "Script_MoveViewInStart"
0x0050B4D0 "Script_MoveViewInStop"
0x0050B500 "Script_MoveViewOutStart"
0x0050B510 "Script_MoveViewOutStop"
0x0050B540 "Script_MoveViewLeftStart"
0x0050B550 "Script_MoveViewLeftStop"
0x0050B520 "Script_MoveViewRightStart"
0x0050B530 "Script_MoveViewRightStop"
0x0050B560 "Script_MoveViewUpStart"
0x0050B570 "Script_MoveViewUpStop"
0x0050B580 "Script_MoveViewDownStart"
0x0050B590 "Script_MoveViewDownStop"
0x0050B5A0 "Script_ToggleMouseMove"
0x0050B5B0 "Script_SetView"
0x0050B600 "Script_SaveView"
0x0050B640 "Script_ResetView"
0x0050B680 "Script_NextView"
0x0050B690 "Script_PrevView"
0x0050B6A0 "Script_FlipCameraYaw"
0x00513BD0 "Script_Jump"
0x00513D50 "Script_ToggleRun"
0x00513DE0 "Script_ToggleAutoRun"
0x00513E20 "Script_MoveForwardStart"
0x00513E50 "Script_MoveForwardStop"
0x00513E80 "Script_MoveBackwardStart"
0x00513EB0 "Script_MoveBackwardStop"
0x00513EE0 "Script_TurnLeftStart"
0x00513F10 "Script_TurnLeftStop"
0x00513F40 "Script_TurnRightStart"
0x00513F70 "Script_TurnRightStop"
0x00513FA0 "Script_StrafeLeftStart"
0x00513FD0 "Script_StrafeLeftStop"
0x00514000 "Script_StrafeRightStart"
0x00514030 "Script_StrafeRightStop"
0x00514060 "Script_PitchUpStart"
0x00514090 "Script_PitchUpStop"
0x005140C0 "Script_PitchDownStart"
0x005140F0 "Script_PitchDownStop"
0x00514120 "Script_TurnOrActionStart"
0x00514160 "Script_TurnOrActionStop"
0x00514190 "Script_CameraOrSelectOrMoveStart"
0x005141D0 "Script_CameraOrSelectOrMoveStop"
0x00514210 "Script_MouselookStart"
0x00514240 "Script_MouselookStop"
0x00514270 "Script_IsMouselooking"
0x00515EA0 "Script_GetTime"
0x00515EE0 "Script_GetGameTime"
0x00515F10 "Script_ConsoleExec"
0x00515F50 "Script_ReadFile"
0x00515F70 "Script_DeleteFile"
0x00515F90 "Script_AppendToFile"
0x00515FB0 "Script_UnitExists"
0x00516030 "Script_UnitIsVisible"
0x00516070 "Script_UnitIsUnit"
0x00516150 "Script_UnitIsPlayer"
0x005161C0 "Script_UnitIsCorpse"
0x00516210 "Script_UnitIsPartyLeader"
0x00516290 "Script_UnitInParty"
0x005162F0 "Script_UnitPlayerOrPetInParty"
0x00516350 "Script_UnitInRaid"
0x005163B0 "Script_UnitPlayerOrPetInRaid"
0x00516410 "Script_UnitPlayerControlled"
0x00516460 "Script_UnitIsPVP"
0x00516540 "Script_UnitIsPVPFreeForAll"
0x00516630 "Script_UnitFactionGroup"
0x005167E0 "Script_UnitReaction"
0x00516890 "Script_UnitIsEnemy"
0x00516930 "Script_UnitIsFriend"
0x00516A70 "Script_UnitCanCooperate"
0x00516BB0 "Script_UnitCanAssist"
0x00516C50 "Script_UnitCanAttack"
0x00516CF0 "Script_UnitIsCharmed"
0x00516D40 "Script_UnitIsPlusMob"
0x00516D90 "Script_UnitClassification"
0x00517020 "Script_UnitName"
0x005172B0 "Script_UnitPVPName"
0x00517350 "Script_UnitXP"
0x00517410 "Script_UnitXPMax"
0x005174D0 "Script_UnitHealth"
0x005175B0 "Script_UnitHealthMax"
0x00517670 "Script_UnitMana"
0x005177E0 "Script_UnitManaMax"
0x00517940 "Script_UnitPowerType"
0x00517A40 "Script_UnitOnTaxi"
0x00517AC0 "Script_UnitIsDead"
0x00517B90 "Script_UnitIsGhost"
0x00517C70 "Script_UnitIsDeadOrGhost"
0x00517D50 "Script_UnitIsConnected"
0x00517E10 "Script_UnitAffectingCombat"
0x00517E90 "Script_UnitSex"
0x00517FC0 "Script_UnitLevel"
0x00518160 "Script_GetMoney"
0x00518200 "Script_UnitRace"
0x00518350 "Script_UnitClass"
0x005184A0 "Script_UnitResistance"
0x00518600 "Script_UnitStat"
0x00518810 "Script_UnitAttackBothHands"
0x00518C20 "Script_UnitDamage"
0x00518910 "Script_UnitRangedDamage"
0x00518B90 "Script_UnitRangedAttack"
0x00518E50 "Script_UnitAttackSpeed"
0x00518F80 "Script_UnitAttackPower"
0x005190C0 "Script_UnitRangedAttackPower"
0x00519200 "Script_UnitDefense"
0x005192E0 "Script_UnitArmor"
0x00519420 "Script_UnitCharacterPoints"
0x00519500 "Script_UnitBuff"
0x005198F0 "Script_UnitDebuff"
0x00519C90 "Script_UnitIsTapped"
0x00519D00 "Script_UnitIsTappedByPlayer"
0x00519D70 "Script_UnitIsTrivial"
0x00519DE0 "Script_UnitIsCivilian"
0x00519E50 "Script_UnitHasRelicSlot"
0x00519EF0 "Script_SetPortraitTexture"
0x0051A120 "Script_HasFullControl"
0x0051A190 "Script_GetComboPoints"
0x00516DE0 "Script_IsInGuild"
0x00516E40 "Script_IsGuildLeader"
0x00516EA0 "Script_IsResting"
0x00516F00 "Script_GetDodgeChance"
0x00516F60 "Script_GetBlockChance"
0x00516FC0 "Script_GetParryChance"
0x0051A280 "Script_UnitCreatureType"
0x0051A310 "Script_UnitCreatureFamily"
0x0051A3A0 "Script_GetResSicknessDuration"
0x0051A4B0 "Script_GetPVPSessionStats"
0x0051A550 "Script_GetPVPYesterdayStats"
0x0051A620 "Script_GetPVPThisWeekStats"
0x0051A6C0 "Script_GetPVPLastWeekStats"
0x0051A7C0 "Script_GetPVPLifetimeStats"
0x0051A8A0 "Script_UnitPVPRank"
0x0051A930 "Script_GetPVPRankInfo"
0x0051AA90 "Script_GetPVPRankProgress"
0x0051AB00 "Script_GetInspectPVPRankProgress"
0x005AD000 "Script_GetNumFriends"
0x005AD060 "Script_GetFriendInfo"
0x005AD210 "Script_SetSelectedFriend"
0x005AD260 "Script_GetSelectedFriend"
0x005AD290 "Script_AddFriend"
0x005AD2D0 "Script_RemoveFriend"
0x005AD340 "Script_ShowFriends"
0x005AD400 "Script_GetNumIgnores"
0x005AD460 "Script_GetIgnoreName"
0x005AD520 "Script_SetSelectedIgnore"
0x005AD570 "Script_GetSelectedIgnore"
0x005AD5A0 "Script_AddOrDelIgnore"
0x005AD5F0 "Script_AddIgnore"
0x005AD640 "Script_DelIgnore"
0x005AD3B0 "Script_SendWho"
0x005AD690 "Script_GetNumWhoResults"
0x005AD6E0 "Script_GetWhoInfo"
0x005AD870 "Script_SetWhoToUI"
0x005AD890 "Script_SortWho"
0x006E6CD0 "Script_SpellIsTargeting"
0x006E6D00 "Script_SpellCanTargetUnit"
0x006E6D90 "Script_SpellTargetUnit"
0x006E6E30 "Script_SpellStopTargeting"
0x006E6E80 "Script_SpellStopCasting"
0x00705F00 "Script_GetNumFrames"
0x00705F60 "Script_EnumerateFrames"
0x00706040 "Script_CreateFont"
0x007060B0 "Script_CreateFrame"
```

----------


## miceiken

> ```
> class CameraInfo
> {
> public:
>     __int32 *VTable;     //0x0000 
>     __int32 unknown0;     //0x0004 
>     float fPos[3];         //0x0008 
>     float fViewMat[3][3];     //0x0014 
>     float fFov;         //0x0038 
> ...


I think this is wrong. NearClip and FarClip are definitely at 0x38 and 0x3C respectively.

I think this is correct:


```
        public unsafe struct CGCamera
        {
            public IntPtr vTable;           // 0x0
            private int unk0;               // 0x4
            public Vector3 Position;        // 0x8
            public fixed float Facing[9];   // 0x14 (3x3 Matrix)
            public float NearClip;          // 0x38
            public float FarClip;           // 0x3C
            public float FieldOfView;       // 0x40
            public float Aspect;            // 0x44
        }
```

----------


## lumpy.123

Hey there,

I'm trying to get the item template or item cache information.

For now, I was able to find a static address, where the first entry of the item cache is located: *WoW.exe+80E2AC*

Is there a direct connection between an item BaseAddress and the given item cache entry? (e.g. Memory.Magic.Read<uint>(BaseAddress + 0xB30) for units).
Or does someone know a function to get the cache entry by the item entry?

I would really appreciate it, if someone could give me a hint!

Here is the cheat engine 6.4 structure of an item cache entry:


```
<Structures>
  <Structure Name="ItemCache" AutoFill="0" AutoCreate="1" DefaultHex="0" AutoDestroy="0" DoNotSaveLocal="0" AutoCreateStructsize="4096">
    <Elements>
      <Element Offset="0" Vartype="4 Bytes" Bytesize="4" Description="Entry" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="4" Vartype="4 Bytes" Bytesize="4" Description="Unknown0" DisplayMethod="Hexadecimal" BackgroundColor="80000005"/>
      <Element Offset="8" Vartype="4 Bytes" Bytesize="4" Description="Unknown1" DisplayMethod="Hexadecimal" BackgroundColor="80000005"/>
      <Element Offset="12" Vartype="4 Bytes" Bytesize="4" Description="Unknown2" DisplayMethod="Hexadecimal" BackgroundColor="80000005"/>
      <Element Offset="16" Vartype="4 Bytes" Bytesize="4" Description="NextCachedItemAddress" DisplayMethod="Hexadecimal" BackgroundColor="80000005"/>
      <Element Offset="20" Vartype="4 Bytes" Bytesize="4" Description="Unknown3" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="24" Vartype="4 Bytes" Bytesize="4" Description="ItemClass" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="28" Vartype="4 Bytes" Bytesize="4" Description="ItemSubClass" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="32" Vartype="Pointer" Bytesize="4" Description="NameAddress0" DisplayMethod="Unsigned Integer" BackgroundColor="80000005">
        <Structure Name="Autocreated from 17A87408" AutoFill="0" AutoCreate="1" DefaultHex="0" AutoDestroy="0" DoNotSaveLocal="0" AutoCreateStructsize="4096">
          <Elements>
            <Element Offset="0" Vartype="String" Bytesize="255" Description="Name" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
          </Elements>
        </Structure>
      </Element>
      <Element Offset="36" Vartype="Pointer" Bytesize="4" Description="NameAddress1" DisplayMethod="Unsigned Integer" BackgroundColor="80000005">
        <Structure Name="Autocreated from 119F1648" AutoFill="0" AutoCreate="1" DefaultHex="0" AutoDestroy="0" DoNotSaveLocal="0" AutoCreateStructsize="4096">
          <Elements>
            <Element Offset="0" Vartype="String" Bytesize="45" Description="Name" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
          </Elements>
        </Structure>
      </Element>
      <Element Offset="40" Vartype="Pointer" Bytesize="4" Description="NameAddress2" DisplayMethod="Unsigned Integer" BackgroundColor="80000005">
        <Structure Name="Autocreated from 119F17C8" AutoFill="0" AutoCreate="1" DefaultHex="0" AutoDestroy="0" DoNotSaveLocal="0" AutoCreateStructsize="4096">
          <Elements>
            <Element Offset="0" Vartype="String" Bytesize="45" Description="Name" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
          </Elements>
        </Structure>
      </Element>
      <Element Offset="44" Vartype="Pointer" Bytesize="4" Description="NameAddress3" DisplayMethod="Unsigned Integer" BackgroundColor="80000005">
        <Structure Name="Autocreated from 12A1F2C8" AutoFill="0" AutoCreate="1" DefaultHex="0" AutoDestroy="0" DoNotSaveLocal="0" AutoCreateStructsize="4096">
          <Elements>
            <Element Offset="0" Vartype="String" Bytesize="45" Description="Name" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
          </Elements>
        </Structure>
      </Element>
      <Element Offset="48" Vartype="4 Bytes" Bytesize="4" Description="DisplayId" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="52" Vartype="4 Bytes" Bytesize="4" Description="Quality" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="56" Vartype="4 Bytes" Bytesize="4" Description="Flags" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="60" Vartype="4 Bytes" Bytesize="4" Description="BuyPrice" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="64" Vartype="4 Bytes" Bytesize="4" Description="SellPrice" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="68" Vartype="4 Bytes" Bytesize="4" Description="InventoryType" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="72" Vartype="4 Bytes" Bytesize="4" Description="AllowableClass" DisplayMethod="Signed Integer" BackgroundColor="80000005"/>
      <Element Offset="76" Vartype="4 Bytes" Bytesize="4" Description="AllowableRace" DisplayMethod="Signed Integer" BackgroundColor="80000005"/>
      <Element Offset="80" Vartype="4 Bytes" Bytesize="4" Description="ItemLevel" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="84" Vartype="4 Bytes" Bytesize="4" Description="RequiredLevel" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="88" Vartype="4 Bytes" Bytesize="4" Description="RequiredSkill" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="92" Vartype="4 Bytes" Bytesize="4" Description="RequiredSkillRank" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="96" Vartype="4 Bytes" Bytesize="4" Description="RequiredSpell" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="100" Vartype="4 Bytes" Bytesize="4" Description="RequiredHonorRank" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="104" Vartype="4 Bytes" Bytesize="4" Description="RequiredCityRank" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="108" Vartype="4 Bytes" Bytesize="4" Description="RequiredReputationFaction" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="112" Vartype="4 Bytes" Bytesize="4" Description="RequiredReputationRank" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="116" Vartype="4 Bytes" Bytesize="4" Description="MaxCount" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="120" Vartype="4 Bytes" Bytesize="4" Description="Stackable" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="124" Vartype="4 Bytes" Bytesize="4" Description="ContainerSlots" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="128" Vartype="4 Bytes" Bytesize="4" Description="StatType1" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="132" Vartype="4 Bytes" Bytesize="4" Description="StatType2" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="136" Vartype="4 Bytes" Bytesize="4" Description="StatType3" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="140" Vartype="4 Bytes" Bytesize="4" Description="StatType4" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="144" Vartype="4 Bytes" Bytesize="4" Description="StatType5" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="148" Vartype="4 Bytes" Bytesize="4" Description="StatType6" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="152" Vartype="4 Bytes" Bytesize="4" Description="StatType7" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="156" Vartype="4 Bytes" Bytesize="4" Description="StatType8" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="160" Vartype="4 Bytes" Bytesize="4" Description="StatType9" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="164" Vartype="4 Bytes" Bytesize="4" Description="StatType10" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="168" Vartype="4 Bytes" Bytesize="4" Description="StatValue1" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="172" Vartype="4 Bytes" Bytesize="4" Description="StatValue2" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="176" Vartype="4 Bytes" Bytesize="4" Description="StatValue3" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="180" Vartype="4 Bytes" Bytesize="4" Description="StatValue4" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="184" Vartype="4 Bytes" Bytesize="4" Description="StatValue5" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="188" Vartype="4 Bytes" Bytesize="4" Description="StatValue6" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="192" Vartype="4 Bytes" Bytesize="4" Description="StatValue7" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="196" Vartype="4 Bytes" Bytesize="4" Description="StatValue8" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="200" Vartype="4 Bytes" Bytesize="4" Description="StatValue9" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="204" Vartype="4 Bytes" Bytesize="4" Description="StatValue10" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="208" Vartype="Float" Bytesize="4" Description="DmgMin1" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="212" Vartype="Float" Bytesize="4" Description="DmgMin2" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="216" Vartype="Float" Bytesize="4" Description="DmgMin3" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="220" Vartype="Float" Bytesize="4" Description="DmgMin4" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="224" Vartype="Float" Bytesize="4" Description="DmgMin5" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="228" Vartype="Float" Bytesize="4" Description="DmgMax1" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="232" Vartype="Float" Bytesize="4" Description="DmgMax2" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="236" Vartype="Float" Bytesize="4" Description="DmgMax3" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="240" Vartype="Float" Bytesize="4" Description="DmgMax4" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="244" Vartype="Float" Bytesize="4" Description="DmgMax5" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="248" Vartype="4 Bytes" Bytesize="4" Description="DmgType1" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="252" Vartype="4 Bytes" Bytesize="4" Description="DmgType2" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="256" Vartype="4 Bytes" Bytesize="4" Description="DmgType3" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="260" Vartype="4 Bytes" Bytesize="4" Description="DmgType4" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="264" Vartype="4 Bytes" Bytesize="4" Description="DmgType5" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="268" Vartype="4 Bytes" Bytesize="4" Description="Armor" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="272" Vartype="4 Bytes" Bytesize="4" Description="HolyRes" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="276" Vartype="4 Bytes" Bytesize="4" Description="FireRes" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="280" Vartype="4 Bytes" Bytesize="4" Description="NatureRes" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="284" Vartype="4 Bytes" Bytesize="4" Description="FrostRes" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="288" Vartype="4 Bytes" Bytesize="4" Description="ShadowRes" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="292" Vartype="4 Bytes" Bytesize="4" Description="ArcaneRes" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="296" Vartype="4 Bytes" Bytesize="4" Description="Delay" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="300" Vartype="4 Bytes" Bytesize="4" Description="AmmoType" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="304" Vartype="4 Bytes" Bytesize="4" Description="RangedModRange" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="308" Vartype="4 Bytes" Bytesize="4" Description="SpellId1" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="312" Vartype="4 Bytes" Bytesize="4" Description="SpellId2" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="316" Vartype="4 Bytes" Bytesize="4" Description="SpellId3" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="320" Vartype="4 Bytes" Bytesize="4" Description="SpellId4" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="324" Vartype="4 Bytes" Bytesize="4" Description="SpellId5" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="328" Vartype="4 Bytes" Bytesize="4" Description="SpellTrigger1" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="332" Vartype="4 Bytes" Bytesize="4" Description="SpellTrigger2" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="336" Vartype="4 Bytes" Bytesize="4" Description="SpellTrigger3" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="340" Vartype="4 Bytes" Bytesize="4" Description="SpellTrigger4" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="344" Vartype="4 Bytes" Bytesize="4" Description="SpellTrigger5" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="348" Vartype="4 Bytes" Bytesize="4" Description="SpellCharge1" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="352" Vartype="4 Bytes" Bytesize="4" Description="SpellCharge2" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="356" Vartype="4 Bytes" Bytesize="4" Description="SpellCharge3" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="360" Vartype="4 Bytes" Bytesize="4" Description="SpellCharge4" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="364" Vartype="4 Bytes" Bytesize="4" Description="SpellCharge5" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="368" Vartype="4 Bytes" Bytesize="4" Description="SpellCooldown1" DisplayMethod="Signed Integer" BackgroundColor="80000005"/>
      <Element Offset="372" Vartype="4 Bytes" Bytesize="4" Description="SpellCooldown2" DisplayMethod="Signed Integer" BackgroundColor="80000005"/>
      <Element Offset="376" Vartype="4 Bytes" Bytesize="4" Description="SpellCooldown3" DisplayMethod="Signed Integer" BackgroundColor="80000005"/>
      <Element Offset="380" Vartype="4 Bytes" Bytesize="4" Description="SpellCooldown4" DisplayMethod="Signed Integer" BackgroundColor="80000005"/>
      <Element Offset="384" Vartype="4 Bytes" Bytesize="4" Description="SpellCooldown5" DisplayMethod="Signed Integer" BackgroundColor="80000005"/>
      <Element Offset="388" Vartype="4 Bytes" Bytesize="4" Description="SpellCategory1" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="392" Vartype="4 Bytes" Bytesize="4" Description="SpellCategory2" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="396" Vartype="4 Bytes" Bytesize="4" Description="SpellCategory3" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="400" Vartype="4 Bytes" Bytesize="4" Description="SpellCategory4" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="404" Vartype="4 Bytes" Bytesize="4" Description="SpellCategory5" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="408" Vartype="4 Bytes" Bytesize="4" Description="SpellCategoryCooldown1" DisplayMethod="Signed Integer" BackgroundColor="80000005"/>
      <Element Offset="412" Vartype="4 Bytes" Bytesize="4" Description="SpellCategoryCooldown2" DisplayMethod="Signed Integer" BackgroundColor="80000005"/>
      <Element Offset="416" Vartype="4 Bytes" Bytesize="4" Description="SpellCategoryCooldown3" DisplayMethod="Signed Integer" BackgroundColor="80000005"/>
      <Element Offset="420" Vartype="4 Bytes" Bytesize="4" Description="SpellCategoryCooldown4" DisplayMethod="Signed Integer" BackgroundColor="80000005"/>
      <Element Offset="424" Vartype="4 Bytes" Bytesize="4" Description="SpellCategoryCooldown5" DisplayMethod="Signed Integer" BackgroundColor="80000005"/>
      <Element Offset="428" Vartype="4 Bytes" Bytesize="4" Description="Bonding" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="432" Vartype="4 Bytes" Bytesize="4" Description="Description" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="436" Vartype="4 Bytes" Bytesize="4" Description="PageText" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="440" Vartype="4 Bytes" Bytesize="4" Description="LanguageId" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="444" Vartype="4 Bytes" Bytesize="4" Description="PageMaterial" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="448" Vartype="4 Bytes" Bytesize="4" Description="StartQuest" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="452" Vartype="4 Bytes" Bytesize="4" Description="LockId" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="456" Vartype="4 Bytes" Bytesize="4" Description="Material" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="460" Vartype="4 Bytes" Bytesize="4" Description="Sheath" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="464" Vartype="4 Bytes" Bytesize="4" Description="RandomProperty" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="468" Vartype="4 Bytes" Bytesize="4" Description="Block" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="472" Vartype="4 Bytes" Bytesize="4" Description="ItemSet" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="476" Vartype="4 Bytes" Bytesize="4" Description="MaxDurability" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="480" Vartype="4 Bytes" Bytesize="4" Description="Area" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="484" Vartype="4 Bytes" Bytesize="4" Description="Map" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="488" Vartype="4 Bytes" Bytesize="4" Description="BagFamily" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="492" Vartype="4 Bytes" Bytesize="4" Description="Entry" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="496" Vartype="4 Bytes" Bytesize="4" Description="Unknown4" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="500" Vartype="4 Bytes" Bytesize="4" Description="Unknown5" DisplayMethod="Unsigned Integer" BackgroundColor="80000005"/>
      <Element Offset="504" Vartype="4 Bytes" Bytesize="4" Description="Unknown6" DisplayMethod="Hexadecimal" BackgroundColor="80000005"/>
      <Element Offset="508" Vartype="4 Bytes" Bytesize="4" Description="Unknown7" DisplayMethod="Hexadecimal" BackgroundColor="80000005"/>
    </Elements>
  </Structure>
</Structures>
```



```
public class ItemCacheEntry
{
    public int Entry;                           // 0x0
    //public int Unknown0;                      // 0x4
    //public int Unknown1;                      // 0x8
    //public int Unknown2;                      // 0xC
    //public uint NextCachedItemAddress;        // 0x10
    //public int Unknown3                       // 0x14
    public ItemClass Class;                     // 0x18
    public int SubClassId;                      // 0x1C
    public string Name;                         // Pointer -> 0x20, 0x24, 0x28 or 0x2C (255 Byte String)
    public int DisplayId;                       // 0x30
    public ItemQuality Quality;                 // 0x34
    public FlagsAttribute Flags;                // 0x38
    public int BuyPrice;                        // 0x3C
    public int SellPrice;                       // 0x40
    public InventoryType InventoryType;         // 0x44
    public int AllowableClass;                  // 0x48
    public int AllowableRace;                   // 0x4C
    public int ItemLevel;                       // 0x50
    public int RequiredLevel;                   // 0x54
    public int RequiredSkill;                   // 0x58
    public int RequiredSKillRank;               // 0x5C
    public int RequiredSpell;                   // 0x60
    public int RequiredHonorRank;               // 0x64
    public int RequiredCityRank;                // 0x68
    public int RequiredReputationFaction;       // 0x6C
    public int RequiredReputationRank;          // 0x70
    public int MaxCount;                        // 0x74
    public int Stackable;                       // 0x78
    public int ContainerSlots;                  // 0x7C
    public StatType[] StatTypes;                // 0x80 - 0xA0
    public int[] StatValues;                    // 0xA4 - 0xCC
    public int[] DamageMin;                     // 0xD0 - 0xE0
    public int[] DamageMax;                     // 0xE4 - 0xF4
    public Resistance[] DamageType;             // 0xF8 - 0x108
    public int Armor;                           // 0x10C
    public int HolyRes;                         // 0x110
    public int FireRes;                         // 0x114
    public int NatureRes;                       // 0x118
    public int FrostRes;                        // 0x11C
    public int ShadowRes;                       // 0x120
    public int ArcaneRes;                       // 0x124
    public int Delay;                           // 0x128
    public int AmmoType;                        // 0x12C
    public int RangedModRange;                  // 0x130
    public int[] SpellIds;                      // 0x134 - 0x144
    public ItemSpelltriggerType[] SpellTrigger; // 0x148 - 0x158
    public int[] SpellCharges;                  // 0x15C - 0x16C
    public int[] SpellCooldown;                 // 0x170 - 0x180
    public int[] SpellCategory;                 // 0x184 - 0x194
    public int[] SpellCategoryCooldown;         // 0x198 - 1A8
    public ItemBondingType Bonding;             // 0x1AC
    public string Description;                  // 0x1B0
    public int PageText;                        // 0x1B4
    public int LanguageId;                      // 0x1B8
    public int PageMaterial;                    // 0x1BC
    public int StartQuest;                      // 0x1C0
    public int LockId;                          // 0x1C4
    public int Material;                        // 0x1C8
    public int Sheath;                          // 0x1CC
    public int RandomProperty;                  // 0x1D0
    public int Block;                           // 0x1D4
    public int ItemSet;                         // 0x1D8
    public int MaxDurability;                   // 0x1DC
    public int Area;                            // 0x1E0
    public int Map;                             // 0x1E4
    public int BagFamily;                       // 0x1E8
    //public int Entry;                         // 0x1EC
    //public int Unknown4;                      // 0x1F0
    //public int Unknown5;                      // 0x1F4
    //public int Unknown6;                      // 0x1F8
    //public int Unknown7;                      // 0x1FC
}
```

Rep goes to Mangos-Zero, the IceFlake project and Sacred (Because of this post ([WoW] 1.12.1.5875 Info Dump Thread))

----------


## miceiken

> Or does someone know a function to get the cache entry by the item entry?


I believe it's already been posted here.



```
0055BA30     DbItemCache_GetInfoBlockByID
00C0E2A0     CACHE_ITEM
```

I haven't verified the entire item cache struct, but I believe it's something like this:


```
    [StructLayout(LayoutKind.Sequential)]
    public unsafe struct ItemCacheRecord
    {
        //public uint ItemId;
        public ItemClass Class; // id from ItemClass.dbc
        public uint SubClass; // id from ItemSubClass.dbc
        [MarshalAs(UnmanagedType.ByValArray, ArraySubType = UnmanagedType.LPStr, SizeConst = 4)]
        public string[] Name;
        public uint DisplayInfoID; // id from ItemDisplayInfo.dbc
        public ItemQuality Quality;
        public ItemFlags Flags;
        //public uint BuyCount;
        public uint BuyPrice;
        public uint SellPrice;
        public InventoryType InventoryType;
        public uint AllowableClass;
        public uint AllowableRace;
        public uint ItemLevel;
        public uint RequiredLevel;
        public uint RequiredSkill; // id from SkillLine.dbc
        public uint RequiredSkillRank;
        public uint RequiredSpell; // id from Spell.dbc
        public uint RequiredHonorRank;
        public uint RequiredCityRank;
        public uint RequiredReputationFaction; // id from Faction.dbc
        public uint RequiredReputationRank;
        public uint MaxCount;
        public uint Stackable;
        public uint ContainerSlots;
        [MarshalAs(UnmanagedType.ByValArray, SizeConst = 10)]
        public _ItemStat[] ItemStat;
        [MarshalAs(UnmanagedType.ByValArray, SizeConst = 5)]
        public _Damage[] Damage;
        public uint Armor;
        public uint HolyRes;
        public uint FireRes;
        public uint NatureRes;
        public uint FrostRes;
        public uint ShadowRes;
        public uint ArcaneRes;
        public uint Delay;
        public uint AmmoType;
        public float RangedModRange;
        [MarshalAs(UnmanagedType.ByValArray, SizeConst = 5)]
        public _Spell[] Spells;
        public ItemBondType Bonding;
        [MarshalAs(UnmanagedType.LPStr)]
        public string Description;
        public uint PageText;
        public uint LanguageID;
        public uint PageMaterial;
        public uint StartQuest; // id from QuestCache.wdb
        public uint LockID;
        public uint Material; // id from Material.dbc
        public uint Sheath;
        public uint RandomProperty; // id from ItemRandomProperties.dbc
        public uint Block;
        public uint ItemSet; // id from ItemSet.dbc
        public uint MaxDurability;
        public uint Area; // id from AreaTable.dbc
        public uint Map; // id from Map.dbc
        public BagFamily BagFamily;
        public uint ScriptId;
        public uint DisenchantId;
        public uint FoodType;
        public uint MinMoneyLoot;
        public uint MaxMoneyLoot;
        public uint Duration;
        public uint ExtraFlags;

        #region Sub-structs

        [StructLayout(LayoutKind.Sequential)]
        public struct _Damage
        {
            public float DamageMin;
            public float DamageMax;
            public uint DamageType; // id from Resistances.dbc
        };

        [StructLayout(LayoutKind.Sequential)]
        public struct _ItemStat
        {
            public uint ItemStatType;
            public int ItemStatValue;
        };

        [StructLayout(LayoutKind.Sequential)]
        public struct _Spell
        {
            public uint SpellId; // id from Spell.dbc
            public uint SpellTrigger;
            public int SpellCharges;
            //public float SpellPPMRate;
            public int SpellCooldown;
            public uint SpellCategory; // id from SpellCategory.dbc
            public int SpellCategoryCooldown;
        };

        [StructLayout(LayoutKind.Sequential)]
        public struct _Socket
        {
            public uint Color;
            public uint Content;
        };
   };
```

----------


## Corthezz

Hey, I managed to read spell names and other properties by its ID from the dbc (IDs from 0xB700F0). Right now I get the DBC row manually by itterating through the memory until I find my ID however I am wondering if there is also a function which I can pass my ID to obtain the row. 
I made a simple xref for the DBC pointer and could find about 20 calls taking it as parameter. I will report back here once I know more.

Did anyone succeed obtaining cooldowns using iSpellCooldownPtr = 0xCECAEC and SpellCooldownOffset = 0xCECAF4 provided by Sacred?
Just a little guess here:
0xB700F0 holding the ID of the first spell in players spellbook. Adding up 0x4 will hold the next spell ID and so on.
0xCECAEC => Somehow related to first spell in spellbook
0xCECAEC + (0x8*X) => X representing the index in the spellbook.

However I fail to see how those numbers have anything in common with spell cooldowns. Does anyone else know any reliable way to get the remaining cooldown of a spell before I can cast it again? Right now I am using a mix of DoString and GetText paired with some Lua function however this solution is pretty ugly.

----------


## miceiken

You should read the thread  :Stick Out Tongue:  There's a dump of all dbcs somewhere as well.



> ...
> Get pointer to DBC row:
> 
> 
> ```
> public static uint ClientDB__GetRow(uint dbcPointer, uint row)
> {
>     uint maxIndex = Memory.Read<uint>(dbcPointer + 0xC);
>     uint minIndex = Memory.Read<uint>(dbcPointer + 0x10);
> ...


I'll update the post with more info once I get home

----------


## Corthezz

> You should read the thread  There's a dump of all dbcs somewhere as well.


Thanks for pointing out the obvious. Missed it somehow  :Smile: 
However for items I got a function returning the pointer to the struct by item id. Was wondering if there was something equal for the spells.

What I do right now is just reading the DBC pointer and adding up 0x2B4 (size of one entry) to get to the next entry.

Some random offset:
0xB4B3E4 - IsPlayerInCc (or whatever you want to call it)

----------


## miceiken

> Thanks for pointing out the obvious. Missed it somehow 
> However for items I got a function returning the pointer to the struct by item id. Was wondering if there was something equal for the spells.
> 
> What I do right now is just reading the DBC pointer and adding up 0x2B4 (size of one entry) to get to the next entry.
> 
> Some random offset:
> 0xB4B3E4 - IsPlayerInCc (or whatever you want to call it)


I'm gonna guess the function you use for items returns the item cache record pointer, not DBC. There is no cache for spell, just DBC. you can use the dbc function from above to get the Spell DBC pointer (spell id is the index).

----------


## namreeb

If you're going to depend on the data from the item WDB cache file, it is worth mentioning that you will have to be able to deal with the scenario of the item you're interested in not being present there. In this case, you would have to query the item information from the server.

----------


## Corthezz

GetSpellCooldown at 0x006E13E0

----------


## Corthezz

Currently on the task of finding a way to check if Autoattack & Shoot (Wand) is active.
Right now my method requires Autoattack & Shoot to be on the action bars Since I am calling an underlying function of API IsAutoRepeatAction - Vanilla WoW Wiki.
GetSpellCooldown sadly returns no information which is useable in this case.

Any other idea how to accomplish that? I have a few more ideas which I will try when I am at home later.

----------


## Jadd

> Currently on the task of finding a way to check if Autoattack & Shoot (Wand) is active.
> Right now my method requires Autoattack & Shoot to be on the action bars Since I am calling an underlying function of API IsAutoRepeatAction - Vanilla WoW Wiki.
> GetSpellCooldown sadly returns no information which is useable in this case.
> 
> Any other idea how to accomplish that? I have a few more ideas which I will try when I am at home later.


006E9FD0 Spell_C_GetAutoRepeatingSpell



```
int Spell_C_GetAutoRepeatingSpell()
{
  return s_autoRepeatingSpell;                  // dword_CEAC30
}
```

----------


## stoneharry

> Never been on this server, but I'm curious to know if they load Warden or a custom module. Props to them if they do. I bet teleporting and such is still totally possible though.




At least one server does, I think.

----------


## DarkLinux

```
DWORD getRace(){
	return (this->unitFields->UNIT_FIELD_BYTES_0  & 0xFF);
}

__int32 UNIT_FIELD_BYTES_0; //0x0090
```

----------


## prospectingemu

Anyone know if it's possible to get the buff duration without lua? In the object manager buffs/debuffs seem to just have their ID and no other information.

Trying to re-create this (sorry for the formatting, was a single string)


```
function getBuffDurationFromTexture(name) 
GetSpellForBot = name 
timeleft = -1 
for i=0,31 do 
           local id,cancel = GetPlayerBuff(i,'HELPFUL|HARMFUL|PASSIVE')
                    if(name == GetPlayerBuffTexture(id)) then
                                 timeleft = GetPlayerBuffTimeLeft(id) DEFAULT_CHAT_FRAME:AddMessage(timeleft) 
                   return timeleft 
             end 
 end return 
timeleft 
end
```

I want to refresh SnD when there is 2 or less seconds left on the duration, and also see the buff durations on party members without having to target them or use Lua/GetText (which is what I have to do currently).

----------


## mikeymike

deleted fixed

----------


## namreeb

> Anyone know if it's possible to get the buff duration without lua? In the object manager buffs/debuffs seem to just have their ID and no other information.
> 
> Trying to re-create this (sorry for the formatting, was a single string)
> 
> 
> ```
> function getBuffDurationFromTexture(name) 
> GetSpellForBot = name 
> timeleft = -1 
> ...


For this kind of thing, you should just look at how the lua function does it. Script::GetPlayerBuffTimeLeft is at 0x4E48B0 in the Windows 1.12.1 client according to this same thread. Here is the output of that function from my IDB file:



```
int __thiscall Script::GetPlayerBuffTimeLeft(void *this)
{
  void *luaState; // [email protected]
  double v2; // [email protected]
  char *v3; // [email protected]
  signed int result; // [email protected]

  luaState = this;
  if ( !lua_isnumber(this, 1) )
    luaL_error(luaState, "Usage: GetPlayerBuffTimeLeft(buffIndex)");
  v2 = lua_tonumber();
  v3 = CGBuffBar::GetBuffByIndex((signed __int64)v2);
  if ( v3 )
  {
    lua_pushnumber((int)luaState, COERCE_UNSIGNED_INT64((double)(unsigned __int8)v3[9]));
    result = 1;
  }
  else
  {
    lua_pushnumber((int)luaState, 0x3FF0000000000000ui64);
    result = 1;
  }
  return result;
}
```

Edit: CGBuffBar::GetBuffByIndex is located at 0x4E4430, by the way.




> I have a question about hooking the Endscene, is the code for hooking it the same for every version? After its hooked is it always hooked until bot any other program using it closes? Or do I have to call the hook on every LuaDoString? My issue is I have luadostring working but my client likes to crash a lot and not 100% sure how to hook the Endscene, also is hooking different for windows 7 than windows 8 and 8.1 and so on? Thanks for any help someone might be able to give


This is not the right thread to ask such a question, in my opinion.

----------


## mikeymike

i was wondering if anyone could help me, for some reason when i first login to the game and attach my bot when CTM is called character just keeps running (passes up his loc) unless after the bot is started i right click somewhere on the terrain, how might i fix this issue?

----------


## prospectingemu

> i was wondering if anyone could help me, for some reason when i first login to the game and attach my bot when CTM is called character just keeps running (passes up his loc) unless after the bot is started i right click somewhere on the terrain, how might i fix this issue?


This has been answered multiple times on the forums. Either call the function directly (code to do this can be found in this thread and on the forum), click manually or use world2screen/postmessage to emulate a click.

----------


## mikeymike

i have looked i dont see a fix for this...

----------


## namreeb

I don't believe InteractUnit exists in 1.12.1.

----------


## Alfalfa

> Does anyone have MouseOverGUID? I would scan with cheatengine but this particular offset is proving impossible to find, because i cant click scan and hover over a target at the same time, how do you guys go about finding it?
> *Edit* found it in this thread with loads of searching: 0x00B4E2C8 - but im still curious how does one find it


You can set a next scan hotkey in cheat engine (settings -> hotkeys), them simply mouseover a target and press the scan hotkey.

----------


## culino2

> You can set a next scan hotkey in cheat engine (settings -> hotkeys), them simply mouseover a target and press the scan hotkey.


Or in ida, string seach for mouseover, which leads you to GetGuidFromToken

----------


## alexbleks

Does anyone have the offset for UIParent?

Also; TLSMainTable
TLSPlayerID
TLSSlot

----------


## seasick

does anyone know which unit descriptor to use to check if a mob has been tagged by someone?

----------


## prospectingemu

I took mine from here

http://www.ownedcore.com/forums/worl...urce-code.html (/ [Bot] 1.12.1 WoW Bot Source Code)

I would check out this source the object structure is relatively easy to read, you need to read the descriptor and check it's value.



```
DynamicFlags = 0x23C
tagged = 0x4
```

----------


## seasick

> I took mine from here
> 
> http://www.ownedcore.com/forums/worl...urce-code.html (/ [Bot] 1.12.1 WoW Bot Source Code)
> 
> I would check out this source the object structure is relatively easy to read, you need to read the descriptor and check it's value.
> 
> 
> 
> ```
> ...


thanks, I was hoping there was a flag that seperate your own tags+party tags from other players tags like on retail but this will do

----------


## R4zyel

Anybody has an example on C# or Delphi about calling NetClient__ProcessMessage?

not sure how many parameters should i pass.

i think clientservices can be nil. And i also have to pass Datastore, but still, i don't know in which order and if i need to make something else in the stack.

i always get wow crashing.

new(datastore);
datastore^.vTable := nil;
datastore^.Buffer := @packet[0];
datastore^.Base := 0;
datastore^.Alloc := $FFFFFFFF;
datastore^.Size := (Length(packet));
datastore^.Read := 0;
ClientServices__Recv_vanilla(nil,datastore);
dispose(datastore);

Thanks in advance.

----------


## namreeb

Here is some copy-pasta for ya!



```
static class Net
{
        [UnmanagedFunctionPointer(CallingConvention.ThisCall)]
        private delegate int SendPacketDelegate(IntPtr thisPtr, IntPtr datastorePtr);

        private static IntPtr ClientConnectionPtr
        {
            get { return Marshal.ReadIntPtr(new IntPtr(0xC28128)); }
        }

        public static int Send(CDataStore buffer)
        {
            if (!buffer.Complete)
                throw new Exception("Buffer incomplete");

            var func =
                (SendPacketDelegate)
                Marshal.GetDelegateForFunctionPointer(Locator.ClientConnection__SendPacket, typeof (SendPacketDelegate));

            return func(ClientConnectionPtr, buffer.UnmanagedPtr);
        }
}
```

Edit: Oh, you're asking about parsing phony packets, not sending yours. I'll just leave this here in case some future reader finds it useful. I would suggest using the pointer from the code above rather than a null pointer. It *absolutely* does need that value in vanilla because it will read an array indexed by the opcode of the message for the handler.

----------


## R4zyel

> Here is some copy-pasta for ya!
> 
> 
> 
> ```
> static class Net
> {
>         [UnmanagedFunctionPointer(CallingConvention.ThisCall)]
>         private delegate int SendPacketDelegate(IntPtr thisPtr, IntPtr datastorePtr);
> ...


Not pretty sure tho, but that looks like packet sending isn't it?
I'm talking about packet receiving, hence this function: NetClient__ProcessMessage = new IntPtr(0x537AA0)

----------


## namreeb

> Not pretty sure tho, but that looks like packet sending isn't it?
> I'm talking about packet receiving, hence this function: NetClient__ProcessMessage = new IntPtr(0x537AA0)


Read my "Edit:" part again. Specifically...




> I would suggest using the pointer from the code above rather than a null pointer. It *absolutely* does need that value in vanilla because it will read an array indexed by the opcode of the message for the handler.

----------


## culino2

Use NetClient::HandleData it will do the DataStore job for you.



```
procedure blah();
const
  NetClient__HandleData: procedure(__eax, __edx, __this: Pointer; Size: Integer; Data: Pointer; timeStamp: Cardinal) = Pointer($00537C50);
  ClientServices__Connection: function: Pointer = Pointer($005AB490);
var
  data: TByteBuffer;
begin
  data := TByteBuffer.Create(6);
  data.PutUInt16(SMSG_LEARNED_SPELL);
  data.PutUInt32(1);

  NetClient__HandleData(nil, nil, ClientServices__Connection(), data.WritePos, @data.Data[0], OsGetAsyncTimeMs());

  data.Free();
end;
```

----------


## namreeb

You still can't pass a null pointer for 'this'.

----------


## culino2

> You still can't pass a null pointer for 'this'.


That's right. His function looks wrong anyway, he has to pass eax and edx if he uses the magic delphi hack to call __thiscall functions, the timestamp is also missing.

But if he really wants to use datastore..



```
procedure blah();
const
  NetClient__ProcessMessage: procedure(__eax, __edx, __this: Pointer; DataStore: PDataStore; timeStamp: Cardinal) = Pointer($00537AA0);
  ClientServices__Connection: function: Pointer = Pointer($005AB490);
var
  data: TByteBuffer;
  p: TDataSTore;
begin
  data := TByteBuffer.Create(6);
  data.PutUInt16(SMSG_LEARNED_SPELL);
  data.PutUInt32(1);

  p.vTable := nil;
  p.m_buffer := @data.Data[0];
  p.m_base := 0;
  p.m_alloc := -1;
  p.m_size := data.WritePos;
  p.m_read := 0;

  NetClient__ProcessMessage(nil, nil, ClientServices__Connection(), @p, OsGetAsyncTimeMs);

  data.Free();
end;
```

----------


## R4zyel

> That's right. His function looks wrong anyway, he has to pass eax and edx if he uses the magic delphi hack to call __thiscall functions, the timestamp is also missing.
> 
> But if he really wants to use datastore..
> 
> 
> 
> ```
> procedure blah();
> const
> ...


Thanks culino2.
The only problem i found is that i'm forced to call this function through Main thread, otherwise i get crashes.  :Frown:

----------


## namreeb

Why does this always happen? I give someone an answer and it is totally ignored. I sometimes wonder if I am the only one who can see my posts.

----------


## R4zyel

> Why does this always happen? I give someone an answer and it is totally ignored. I sometimes wonder if I am the only one who can see my posts.


Culino2 Spoonfeeds, provide offsets, and writes in delphi, meanwhile i don't understand you at all.

Btw, to contribute ONTOPIC, i found out by myself that Datastore.vtable is totally necessary for NetClient_PorcessMessage.



> datastore^.vTable := Pointer($7FF9E4);

----------


## Jadd

> Culino2 Spoonfeeds, provide offsets, and writes in delphi, meanwhile i don't understand you at all.


You'll probably find you learnt only half of what you could have when you end up with a half copy-pasted hack.  :Embarrassment:

----------


## R4zyel

> You'll probably find you learnt only half of what you could have when you end up with a half copy-pasted hack.


As you can see i'm learning by myself, lonely.
But Culino spends more time in writing the post and understanding my problem than namreeb, no offence.

i know truth sometimes hurt.

----------


## namreeb

Okay, that's enough mister nice guy. You listen to this you cocky little fcker.

I did give you your answer you just didn't understand it. I'll try once more. If you still don't get it then I wash my hands of it.




> I would suggest using the pointer from the code above rather than a null pointer. It *absolutely* does need that value in vanilla because it will read an array indexed by the opcode of the message for the handler.


That is the answer to your problem. Maybe you have some other problem in that delphi code and maybe you don't, but you cannot pass null for 'this'. Here is the HexRays output for the ProcessMessage function:



```
void __thiscall NetClient::ProcessMessage(NetClient *this, int tickCount, CDataStore *dataStore)
{
  void (__fastcall *handler)(int, int, int, CDataStore *); // [email protected]
  CDataStore *packet; // [email protected]
  int opCode; // [email protected]
  NetClient *this_; // [email protected]

  packet = dataStore;
  this_ = this;
  ++s_statsDotMessagesReceived;
  CDataStore::Get16(dataStore, (__int16 *)&dataStore + 1);
  opCode = HIWORD(dataStore);
  (*((void (__thiscall **)(NetClient *, _DWORD))this_->VMT + 16))(this_, HIWORD(dataStore));
  handler = this_->m_handlers[opCode];
  if ( handler )
    handler(this_->m_deleteMe[opCode], opCode, tickCount, packet);
  else
    packet->VMT->Reset(packet);
}
```

Pay extra close attention to this line:



```
  handler = this_->m_handlers[opCode];
```

The offset into a NetClient instance of m_handlers[] is 0x74. If you pass null for 'this', it will attempt to access an array beginning at the literal address 0x00000074. This will result in an access violation and a crash. It may even crash sooner from the VMT call on the line above. I cba checking.

Now please google translate this, ask someone who understands english, maybe take a day or two to read it out loud slowly. Whatever you need to do to understand before you come back here and cry about my giving you wrong information.




> i know truth sometimes hurt.


Oh sweet irony.

Now kindly fck off pls. Thanks.

----------


## namreeb

I was asked privately to show my C# implementation for CDataStore. Instead I will give some nice copy-pasta.

Comments on my design decisions or coding style will be ignored.



```
using System;
using System.Runtime.InteropServices;
using System.Text;
using ClassicWowHack.Game.Objects;
using ClassicWowHack.Misc;
using ClassicWowHack.Native;

namespace ClassicWowHack.Packet
{
    class CDataStore
    {
        #region Properties
        public readonly bool Complete = true;
        public readonly IntPtr UnmanagedPtr;
        private readonly bool _deallocate;

        public IntPtr Data
        {
            get { return Marshal.ReadIntPtr(UnmanagedPtr, 0x4); }
            protected set { Marshal.WriteIntPtr(UnmanagedPtr, 0x4, value); }
        }

        public int Base
        {
            get { return Marshal.ReadInt32(UnmanagedPtr, 0x8); }
            protected set { Marshal.WriteInt32(UnmanagedPtr, 0x8, value); }
        }

        public int Capacity
        {
            get { return Marshal.ReadInt32(UnmanagedPtr, 0xC); }
            protected set { Marshal.WriteInt32(UnmanagedPtr, 0xC, value); }
        }

        public int BytesWritten
        {
            get { return Marshal.ReadInt32(UnmanagedPtr, 0x10); }
            protected set { Marshal.WriteInt32(UnmanagedPtr, 0x10, value); }
        }

        public int BytesRead
        {
            get { return Marshal.ReadInt32(UnmanagedPtr, 0x14); }
            protected set { Marshal.WriteInt32(UnmanagedPtr, 0x14, value); }
        }

        public OpCode OpCode
        {
            get { return (OpCode)Marshal.ReadInt16(Data); }
            set { Marshal.WriteInt32(Data, (short) value); }
        }
        #endregion

        public CDataStore(IntPtr unmanagedPtr)
        {
            UnmanagedPtr = unmanagedPtr;
            _deallocate = false;
        }

        private const int StructSize = 0x18;

        public CDataStore(int bytesRequested)
        {
            UnmanagedPtr = Marshal.AllocHGlobal(StructSize);
            Data = Marshal.AllocHGlobal(bytesRequested);

            OpCode = OpCode.MSG_NULL_ACTION;
            Capacity = bytesRequested;
            BytesRead = Base = 0;
            BytesWritten = 4;
            _deallocate = true;
        }

        public static CDataStore Copy(IntPtr dataStorePtr, bool resetRead = true)
        {
            return Copy(new CDataStore(dataStorePtr), resetRead);
        }

        public static CDataStore Copy(CDataStore dataStore, bool resetRead = true)
        {
            var ret = new CDataStore(dataStore.Capacity == -1 ? dataStore.BytesWritten : dataStore.Capacity);

            var data = new byte[ret.Capacity];

            if (dataStore.Data != IntPtr.Zero)
                Marshal.Copy(dataStore.Data, data, 0, dataStore.BytesWritten);

            Marshal.Copy(data, 0, ret.Data, data.Length);

            ret.Base = dataStore.Base;
            ret.BytesRead = resetRead ? 0 : dataStore.BytesRead;
            ret.BytesWritten = dataStore.BytesWritten;

            return ret;
        }

        ~CDataStore()
        {
            if (!_deallocate)
                return;

            Marshal.FreeHGlobal(Data);
            Data = IntPtr.Zero;
            Marshal.FreeHGlobal(UnmanagedPtr);
        }

        #region Write Functions
        public void Write(byte val)
        {
            Marshal.WriteByte(Data, BytesWritten, val);

            BytesWritten += 1;
        }

        public void Write(short val)
        {
            Marshal.WriteInt16(Data, BytesWritten, val);

            BytesWritten += 2;
        }

        public void Write(ushort val)
        {
            Write((short) val);
        }

        public void Write(int val)
        {
            Marshal.WriteInt32(Data, BytesWritten, val);
            
            BytesWritten += 4;
        }

        public void Write(uint val)
        {
            Write((int) val);
        }

        public void Write(long val)
        {
            Marshal.WriteInt64(Data, BytesWritten, val);

            BytesWritten += 8;
        }

        public void Write(ulong val)
        {
            Write((long)val);
        }

        public void Write(float val)
        {
            var destination = new IntPtr(Data.ToInt32() + BytesWritten);
            var tmp = new[] {val};
            Marshal.Copy(tmp, 0, destination, 1);

            BytesWritten += 4;
        }

        public void Write(double val)
        {
            var destination = new IntPtr(Data.ToInt32() + BytesWritten);
            var tmp = new[] {val};
            Marshal.Copy(tmp, 0, destination, 1);

            BytesWritten += 8;
        }

        public void Write(byte[] val)
        {
            var destination = new IntPtr(Data.ToInt32() + BytesWritten);
            Marshal.Copy(val, 0, destination, val.Length);

            BytesWritten += val.Length;
        }

        public void Write(string val, bool unicode = false)
        {
            var destination = new IntPtr(Data.ToInt32() + BytesWritten);

            if (unicode)
            {
                Marshal.Copy(val.ToCharArray(), 0, destination, val.ToCharArray().Length);
                BytesWritten += val.Length*2;
            }
            else
            {
                var encodedBytes = Encoding.ASCII.GetBytes(val);

                Marshal.Copy(encodedBytes, 0, destination, encodedBytes.Length);
                BytesWritten += val.Length;

                Write((byte) 0);
            }
        }
        #endregion

        #region Read Functions
        public T Read<T>()
        {
            object ret;
            var tType = typeof (T);
            var address = new IntPtr(Data.ToInt32() + BytesRead);

            // Handle types that don't have a real typecode
            if (tType == typeof (IntPtr))
            {
                ret = Marshal.ReadIntPtr(address);
                BytesRead += 4;
                return (T) ret;
            }

            int size;

            switch (Type.GetTypeCode(tType))
            {
                case TypeCode.Boolean:
                case TypeCode.Byte:
                    ret = Marshal.ReadByte(address);
                    size = 1;
                    break;
                case TypeCode.Char:
                    ret = (char) Marshal.ReadByte(address);
                    size = 1;
                    break;

                case TypeCode.Int16:
                    ret = Marshal.ReadInt16(address);
                    size = 2;
                    break;

                case TypeCode.UInt16:
                    ret = (ushort) Marshal.ReadInt16(address);
                    size = 2;
                    break;

                case TypeCode.Int32:
                    ret = Marshal.ReadInt32(address);
                    size = 4;
                    break;

                case TypeCode.UInt32:
                    ret = (uint) Marshal.ReadInt32(address);
                    size = 4;
                    break;

                case TypeCode.Int64:
                    ret = Marshal.ReadInt64(address);
                    size = 8;
                    break;

                case TypeCode.UInt64:
                    ret = (ulong) Marshal.ReadInt64(address);
                    size = 8;
                    break;

                case TypeCode.Single:
                    float[] tmp = new float[1];
                    Marshal.Copy(address, tmp, 0, 1);
                    size = 4;
                    ret = tmp[0];
                    break;

                case TypeCode.Double:
                    double[] tmp2 = new double[1];
                    Marshal.Copy(address, tmp2, 0, 1);
                    ret = tmp2[0];
                    size = 8;
                    break;

                default:
                    throw new ArgumentOutOfRangeException(tType.FullName + " is not supported with this method.");
            }

            BytesRead += size;

            return (T)ret;
        }

        public byte[] Read(int length)
        {
            if (BytesRead + length > Capacity)
                throw new OverflowException("CPacket: Read overflow");

            byte[] ret = new byte[length];
            Marshal.Copy(new IntPtr(Data.ToInt32() + BytesRead), ret, 0, length);

            BytesRead += length;

            return ret;
        }

        public string ReadAnsiString()
        {
            IntPtr stringPtr = new IntPtr(Data.ToInt32() + BytesRead);
            string ret = Marshal.PtrToStringAnsi(stringPtr);

            BytesRead += ret.Length + 1;

            return ret;
        }

        public string ReadUnicodeString()
        {
            var stringPtr = new IntPtr(Data.ToInt32() + BytesRead);
            string ret = Marshal.PtrToStringUni(stringPtr);

            if (ret == null)
                return string.Empty;

            BytesRead += (ret.Length + 1)*2;

            return ret;
        }
        #endregion

        public override string ToString()
        {
            var ret = OpCode.ToString();

            for (var i = 0; i < BytesWritten; i++)
                ret += " 0x" + Marshal.ReadByte(Data, i).ToString("X2");

            return ret;
        }
    }

    class MovementPacket : CDataStore
    {
        #region Complete
        /// <summary>
        /// Whether this packet was created by us.  Only these packets are capable of being
        /// checked for well-formness.
        /// </summary>
        private readonly bool _ourPacket;

        private bool _flagsSet;
        private bool _timeSet;
        private bool _xSet;
        private bool _ySet;
        private bool _zSet;
        private bool _orientationSet;
        private bool _transportGuidSet;
        private bool _transportXSet;
        private bool _transportYSet;
        private bool _transportZSet;
        private bool _transportOrientationSet;
        private bool _pitchSet;
        private bool _fallTimeSet;
        private bool _fallVelocitySet;
        private bool _fallSinAngleSet;
        private bool _fallCosAngleSet;
        private bool _fallLateralSpeedSet;
        private bool _splineSet;

        public new bool Complete
        {
            get
            {
                if (!_ourPacket)
                    return true;

                if (!_flagsSet || !_timeSet || !_xSet || !_ySet || !_zSet || !_orientationSet || !_fallTimeSet)
                    return false;

                if (Flags.HasFlag(MovementFlags.OnTransport) && 
                    (!_transportGuidSet || !_transportXSet || !_transportYSet || !_transportZSet || !_transportOrientationSet))
                    return false;

                if (Flags.HasFlag(MovementFlags.Swimming) && !_pitchSet)
                    return false;

                if (Flags.HasFlag(MovementFlags.Falling) &&
                    (!_fallVelocitySet || !_fallSinAngleSet || !_fallCosAngleSet || !_fallLateralSpeedSet))
                    return false;

                if (Flags.HasFlag(MovementFlags.SplineElevation) && !_splineSet)
                    return false;

                return true;
            }
        }
        #endregion

        public MovementPacket(IntPtr unmanagedPtr) : base(unmanagedPtr) {}

        public MovementPacket(MovementFlags flags) : base(BufferSize(flags))
        {
            Flags = flags;
            BytesWritten = Capacity;

            _ourPacket = true;

            _flagsSet = true;
            _timeSet = false;
            _xSet = _ySet = _zSet = _orientationSet = false;

            _transportGuidSet = false;
            _transportXSet = _transportYSet = _transportZSet = false;
            _transportOrientationSet = false;

            _pitchSet = false;

            _fallTimeSet = false;
            _fallVelocitySet = false;
            _fallSinAngleSet = false;
            _fallCosAngleSet = false;
            _fallLateralSpeedSet = false;

            _splineSet = false;
        }

        private static int BufferSize(MovementFlags flags)
        {
            var ret = 0x20;

            if (flags.HasFlag(MovementFlags.OnTransport))
                ret += 0x18;
            if (flags.HasFlag(MovementFlags.Swimming))
                ret += 0x4;
            if (flags.HasFlag(MovementFlags.Falling))
                ret += 0x10;
            if (flags.HasFlag(MovementFlags.SplineElevation))
                ret += 0x4;

            return ret;
        }

        private const int TransportSize = 24;
        private const int SwimmingSize = 4;
        private const int FallingSize = 16;

        public MovementFlags Flags
        {
            get
            {
                MovementFlags ret;

                try
                {
                    ret = (MovementFlags)Marshal.ReadInt32(Data, 4);
                }
                catch (Exception e)
                {
                    Logging.Write("MovementPacket.Flags Exception: " + e);
                    return MovementFlags.None;
                }

                return ret;
            }
            set
            {
                _flagsSet = true;
                Marshal.WriteInt32(Data, 4, (int) value);
            }
        }

        public uint Time
        {
            get { return (uint) Marshal.ReadInt32(Data, 8); }
            set
            {
                _timeSet = true;
                Marshal.WriteInt32(Data, 8, (int) value);
            }
        }

        #region Position
        public float X
        {
            get 
            {
                var ret = new float[1];
                Marshal.Copy(new IntPtr(Data.ToInt32() + 0xC), ret, 0, 1);
                return ret[0];
            }
            set
            {
                _xSet = true;
                var ins = new[] {value};
                Marshal.Copy(ins, 0, new IntPtr(Data.ToInt32() + 0xC), 1);
            }
        }

        public float Y
        {
            get
            {
                var ret = new float[1];
                Marshal.Copy(new IntPtr(Data.ToInt32() + 0x10), ret, 0, 1);
                return ret[0];
            }
            set
            {
                _ySet = true;
                var ins = new[] { value };
                Marshal.Copy(ins, 0, new IntPtr(Data.ToInt32() + 0x10), 1);
            }
        }

        public float Z
        {
            get
            {
                var ret = new float[1];
                Marshal.Copy(new IntPtr(Data.ToInt32() + 0x14), ret, 0, 1);
                return ret[0];
            }
            set
            {
                _zSet = true;
                var ins = new[] { value };
                Marshal.Copy(ins, 0, new IntPtr(Data.ToInt32() + 0x14), 1);
            }
        }

        public Point3 Position
        {
            get { return new Point3 {X = X, Y = Y, Z = Z}; }
            set
            {
                X = value.X;
                Y = value.Y;
                Z = value.Z;
            }
        }

        public float Orientation
        {
            get
            {
                var ret = new float[1];
                Marshal.Copy(new IntPtr(Data.ToInt32() + 0x18), ret, 0, 1);
                return ret[0];
            }
            set
            {
                _orientationSet = true;
                var ins = new[] { value };
                Marshal.Copy(ins, 0, new IntPtr(Data.ToInt32() + 0x18), 1);
            }
        }
        #endregion

        #region OnTransport
        public ulong TransportGuid
        {
            get
            {
                if (!Flags.HasFlag(MovementFlags.OnTransport))
                    throw new ArgumentOutOfRangeException("Not on transport");

                return (ulong)Marshal.ReadInt64(Data, 0x1C);
            }
            set
            {
                if (!Flags.HasFlag(MovementFlags.OnTransport))
                    throw new ArgumentOutOfRangeException("Not on transport");

                _transportGuidSet = true;

                Marshal.WriteInt64(Data, 0x1C, (long) value);
            }
        }

        public float TransportX
        {
            get
            {
                if (!Flags.HasFlag(MovementFlags.OnTransport))
                    throw new ArgumentOutOfRangeException("Not on transport");

                var ret = new float[1];
                Marshal.Copy(new IntPtr(Data.ToInt32() + 0x24), ret, 0, 1);
                return ret[0];
            }
            set
            {
                if (!Flags.HasFlag(MovementFlags.OnTransport))
                    throw new ArgumentOutOfRangeException("Not on transport");

                _transportXSet = true;

                var ins = new[] { value };
                Marshal.Copy(ins, 0, new IntPtr(Data.ToInt32() + 0x24), 1);
            }
        }

        public float TransportY
        {
            get
            {
                if (!Flags.HasFlag(MovementFlags.OnTransport))
                    throw new ArgumentOutOfRangeException("Not on transport");

                var ret = new float[1];
                Marshal.Copy(new IntPtr(Data.ToInt32() + 0x28), ret, 0, 1);
                return ret[0];
            }
            set
            {
                if (!Flags.HasFlag(MovementFlags.OnTransport))
                    throw new ArgumentOutOfRangeException("Not on transport");

                _transportYSet = true;

                var ins = new[] { value };
                Marshal.Copy(ins, 0, new IntPtr(Data.ToInt32() + 0x28), 1);
            }
        }

        public float TransportZ
        {
            get
            {
                if (!Flags.HasFlag(MovementFlags.OnTransport))
                    throw new ArgumentOutOfRangeException("Not on transport");

                var ret = new float[1];
                Marshal.Copy(new IntPtr(Data.ToInt32() + 0x2C), ret, 0, 1);
                return ret[0];
            }
            set
            {
                if (!Flags.HasFlag(MovementFlags.OnTransport))
                    throw new ArgumentOutOfRangeException("Not on transport");

                _transportZSet = true;

                var ins = new[] { value };
                Marshal.Copy(ins, 0, new IntPtr(Data.ToInt32() + 0x2C), 1);
            }
        }

        public Point3 TransportPosition
        {
            get { return new Point3 { X = X, Y = Y, Z = Z }; }
            set
            {
                TransportX = value.X;
                TransportY = value.Y;
                TransportZ = value.Z;
            }
        }

        public float TransportOrientation
        {
            get
            {
                if (!Flags.HasFlag(MovementFlags.OnTransport))
                    throw new ArgumentOutOfRangeException("Not on transport");

                var ret = new float[1];
                Marshal.Copy(new IntPtr(Data.ToInt32() + 0x30), ret, 0, 1);
                return ret[0];
            }
            set
            {
                if (!Flags.HasFlag(MovementFlags.OnTransport))
                    throw new ArgumentOutOfRangeException("Not on transport");

                _transportOrientationSet = true;

                var ins = new[] { value };
                Marshal.Copy(ins, 0, new IntPtr(Data.ToInt32() + 0x30), 1);
            }
        }
        #endregion

        #region Swimming
        public float Pitch
        {
            get
            {
                if (!Flags.HasFlag(MovementFlags.Swimming))
                    throw new ArgumentOutOfRangeException("Not swimming");

                var offset = Flags.HasFlag(MovementFlags.OnTransport) ? 0x34 : 0x1C;

                var ret = new float[1];

                Marshal.Copy(new IntPtr(Data.ToInt32() + offset), ret, 0, 1);

                return ret[0];
            }
            set
            {
                if (!Flags.HasFlag(MovementFlags.Swimming))
                    throw new ArgumentOutOfRangeException("Not swimming");

                _pitchSet = true;

                var offset = Flags.HasFlag(MovementFlags.OnTransport) ? 0x34 : 0x1C;

                var ins = new [] {value};

                Marshal.Copy(ins, 0, new IntPtr(Data.ToInt32() + offset), 1);
            }
        }
        #endregion

        public uint FallTime
        {
            get
            {
                var offset = 0x1C;

                if (Flags.HasFlag(MovementFlags.OnTransport))
                    offset += TransportSize;
                if (Flags.HasFlag(MovementFlags.Swimming))
                    offset += SwimmingSize;

                return (uint)Marshal.ReadInt32(Data, offset);
            }
            set
            {
                _fallTimeSet = true;

                var offset = 0x1C;

                if (Flags.HasFlag(MovementFlags.OnTransport))
                    offset += TransportSize;
                if (Flags.HasFlag(MovementFlags.Swimming))
                    offset += SwimmingSize;

                Marshal.WriteInt32(Data, offset, (int)value);
            }
        }

        #region Falling
        public float FallVelocity
        {
            get
            {
                if (!Flags.HasFlag(MovementFlags.Falling))
                    throw new ArgumentOutOfRangeException("Not falling");

                var offset = 0x20;

                if (Flags.HasFlag(MovementFlags.OnTransport))
                    offset += TransportSize;
                if (Flags.HasFlag(MovementFlags.Swimming))
                    offset += SwimmingSize;

                var ret = new float[1];
                Marshal.Copy(new IntPtr(Data.ToInt32() + offset), ret, 0, 1);
                return ret[0];
            }
            set
            {
                if (!Flags.HasFlag(MovementFlags.Falling))
                    throw new ArgumentOutOfRangeException("Not falling");

                _fallVelocitySet = true;

                var offset = 0x20;

                if (Flags.HasFlag(MovementFlags.OnTransport))
                    offset += TransportSize;
                if (Flags.HasFlag(MovementFlags.Swimming))
                    offset += SwimmingSize;

                var ins = new[] { value };
                Marshal.Copy(ins, 0, new IntPtr(Data.ToInt32() + offset), 1);
            }
        }

        public float FallSinAngle
        {
            get
            {
                if (!Flags.HasFlag(MovementFlags.Falling))
                    throw new ArgumentOutOfRangeException("Not falling");

                var offset = 0x24;

                if (Flags.HasFlag(MovementFlags.OnTransport))
                    offset += TransportSize;
                if (Flags.HasFlag(MovementFlags.Swimming))
                    offset += SwimmingSize;

                var ret = new float[1];
                Marshal.Copy(new IntPtr(Data.ToInt32() + offset), ret, 0, 1);
                return ret[0];
            }
            set
            {
                if (!Flags.HasFlag(MovementFlags.Falling))
                    throw new ArgumentOutOfRangeException("Not falling");

                _fallSinAngleSet = true;

                var offset = 0x24;

                if (Flags.HasFlag(MovementFlags.OnTransport))
                    offset += TransportSize;
                if (Flags.HasFlag(MovementFlags.Swimming))
                    offset += SwimmingSize;

                var ins = new[] { value };
                Marshal.Copy(ins, 0, new IntPtr(Data.ToInt32() + offset), 1);
            }
        }

        public float FallCosAngle
        {
            get
            {
                if (!Flags.HasFlag(MovementFlags.Falling))
                    throw new ArgumentOutOfRangeException("Not falling");

                var offset = 0x28;

                if (Flags.HasFlag(MovementFlags.OnTransport))
                    offset += TransportSize;
                if (Flags.HasFlag(MovementFlags.Swimming))
                    offset += SwimmingSize;

                var ret = new float[1];
                Marshal.Copy(new IntPtr(Data.ToInt32() + offset), ret, 0, 1);
                return ret[0];
            }
            set
            {
                if (!Flags.HasFlag(MovementFlags.Falling))
                    throw new ArgumentOutOfRangeException("Not falling");

                _fallCosAngleSet = true;

                var offset = 0x28;

                if (Flags.HasFlag(MovementFlags.OnTransport))
                    offset += TransportSize;
                if (Flags.HasFlag(MovementFlags.Swimming))
                    offset += SwimmingSize;

                var ins = new[] { value };
                Marshal.Copy(ins, 0, new IntPtr(Data.ToInt32() + offset), 1);
            }
        }

        public float FallLateralSpeed
        {
            get
            {
                if (!Flags.HasFlag(MovementFlags.Falling))
                    throw new ArgumentOutOfRangeException("Not falling");

                var offset = 0x2C;

                if (Flags.HasFlag(MovementFlags.OnTransport))
                    offset += TransportSize;
                if (Flags.HasFlag(MovementFlags.Swimming))
                    offset += SwimmingSize;

                var ret = new float[1];
                Marshal.Copy(new IntPtr(Data.ToInt32() + offset), ret, 0, 1);
                return ret[0];
            }
            set
            {
                if (!Flags.HasFlag(MovementFlags.Falling))
                    throw new ArgumentOutOfRangeException("Not falling");

                _fallLateralSpeedSet = true;

                var offset = 0x2C;

                if (Flags.HasFlag(MovementFlags.OnTransport))
                    offset += TransportSize;
                if (Flags.HasFlag(MovementFlags.Swimming))
                    offset += SwimmingSize;

                var ins = new[] { value };
                Marshal.Copy(ins, 0, new IntPtr(Data.ToInt32() + offset), 1);
            }
        }
        #endregion

        #region SplineElevation
        public int UnknownSpline
        {
            get
            {
                if (!Flags.HasFlag(MovementFlags.SplineElevation))
                    throw new ArgumentOutOfRangeException("Spline elevation missing");

                var offset = 0x20;

                if (Flags.HasFlag(MovementFlags.OnTransport))
                    offset += TransportSize;
                if (Flags.HasFlag(MovementFlags.Swimming))
                    offset += SwimmingSize;
                if (Flags.HasFlag(MovementFlags.Falling))
                    offset += FallingSize;

                return Marshal.ReadInt32(Data, offset);
            }
            set
            {
                if (!Flags.HasFlag(MovementFlags.SplineElevation))
                    throw new ArgumentOutOfRangeException("Spline elevation missing");

                _splineSet = true;

                var offset = 0x20;

                if (Flags.HasFlag(MovementFlags.OnTransport))
                    offset += TransportSize;
                if (Flags.HasFlag(MovementFlags.Swimming))
                    offset += SwimmingSize;
                if (Flags.HasFlag(MovementFlags.Falling))
                    offset += FallingSize;

                Marshal.WriteInt32(Data, offset, value);
            }
        }
        #endregion

        public override string ToString()
        {
            try
            {
                long perfCount, perfFreq;
                Win32.QueryPerformanceCounter(out perfCount);
                Win32.QueryPerformanceFrequency(out perfFreq);

                double scalar = 1000.0 / (double)perfFreq;
                double time = scalar * (double)perfCount;

                var ret = string.Format("{0} MoveFlags: {1} Time: {2} (Current system tick count = {8}, perf: {9}) Position ({3}, {4}, {5}, {6}) Fall Time: {7}",
                                        OpCode, Flags, Time, X, Y, Z, Orientation, FallTime, Environment.TickCount, time);

                if (Flags.HasFlag(MovementFlags.Falling))
                    ret += " Fall velocity: " + FallVelocity;

                if (Flags.HasFlag(MovementFlags.OnTransport))
                    ret += " Transport GUID: 0x" + TransportGuid.ToString("X");

                return ret;
            }
            catch (Exception e)
            {
                Logging.Write("MovementPacket Exception: " + e + " Data: 0x" + Data.ToString("X"));
                return string.Empty;
            }
        }
    }
}
```

----------


## Edak

> ```
> namespace Offsets
> {
> 	namespace General
> 	{
> 		DWORD_PTR
> 			IsInGame                   = 0x00B4B424, // 1.12.1.5875 (Byte)
> 	}
> 	
> ...





```
0x0074B2BC -> 0x49D85708

0x49D85708+0x000065B8 = 0x49D8BCC0

0x49D8BCC0 = ???
```

Am I missing something here?

I'm trying to get the Camera position/view matrix

----------


## R4zyel

Has anybody achieved to register ASM functions in Vanilla through "lua_loadbuffer" "lua_pushclosure" etc?

Vanilla uses LUA 5.0, and many shit is unsupported, nor there're any guides in google nor in ownedcore, what a pitty.

----------


## luckruns0ut

> ```
> 0x0074B2BC -> 0x49D85708
> 
> 0x49D85708+0x000065B8 = 0x49D8BCC0
> 
> 0x49D8BCC0 = ???
> ```
> 
> Am I missing something here?
> ...




I've got the same problem - Can someone confirm these addresses are correct? Maybe I'm just using them wrong which is more likely...

SCamera *pCam = (SCamera*)((*(DWORD*)0x0074B2BC) + 0x000065B8);

----------


## Creepwalker

Does anyone happen to have the correct lua_getstate, the previous one posted that was pulled from WoWSharp does not work

----------


## miceiken

> ```
> 0x0074B2BC -> 0x49D85708
> 
> 0x49D85708+0x000065B8 = 0x49D8BCC0
> 
> 0x49D8BCC0 = ???
> ```
> 
> Am I missing something here?
> ...





> I've got the same problem - Can someone confirm these addresses are correct? Maybe I'm just using them wrong which is more likely...
> 
> SCamera *pCam = (SCamera*)((*(DWORD*)0x0074B2BC) + 0x000065B;




```
            internal static uint WorldFrame = 0x00B4B2BC;
            internal static uint ActiveCamera = 0x65B8;
*(CGCamera**)((*(IntPtr*)Pointers.Drawing.WorldFrame) + (int)Pointers.Drawing.ActiveCamera)
```




> Does anyone happen to have the correct lua_getstate, the previous one posted that was pulled from WoWSharp does not work


I have it at
internal static uint LuaState = 0x00CEEF74;
not sure if it is correct

----------


## luckruns0ut

sorted

----------


## namreeb

CWorld::Intersect = 0x672170. The prototype is this:

bool __fastcall CWorld::Intersect(const C3Vector *p1, const C3Vector *p2, int ignored, C3Vector *intersectPoint, float *dist, unsigned int queryFlags)

----------


## namreeb

Write two NOPs (0x90, 0x90) to 0x4D1C17 to be able to view officer notes regardless of guild rank.

----------


## Valmere

How easy would it be in C++ to read my target's HP and set it to a variable that an addon like MobHealth could then read from? Instead of having to damage the mob and get some sort of estimated health.

e: Reading health would be easy if I could find the right pointers (yes I've read the thread), but I'm not sure how I would go about the second part. Would making a variable initialized to some random preset number and scanning for it be a good way to go about it?

Maybe I'm over thinking it right now, tired.

----------


## Master674

> How easy would it be in C++ to read my target's HP and set it to a variable that an addon like MobHealth could then read from? Instead of having to damage the mob and get some sort of estimated health.
> 
> e: Reading health would be easy if I could find the right pointers (yes I've read the thread), but I'm not sure how I would go about the second part. Would making a variable initialized to some random preset number and scanning for it be a good way to go about it?
> 
> Maybe I'm over thinking it right now, tired.


How about just using UnitHealth("target") which is a non-protected Lua function?

----------


## namreeb

> How easy would it be in C++ to read my target's HP and set it to a variable that an addon like MobHealth could then read from? Instead of having to damage the mob and get some sort of estimated health.
> 
> e: Reading health would be easy if I could find the right pointers (yes I've read the thread), but I'm not sure how I would go about the second part. Would making a variable initialized to some random preset number and scanning for it be a good way to go about it?
> 
> Maybe I'm over thinking it right now, tired.


If you mean as a way of bypassing the health percentage displayed in-game and instead display the literal health value, that is not possible. The client is unaware of the actual health value, only the percentage. The only way to approximate it is to do some damage and see how much percentage it lost, which you've said you don't want to do. This is my understanding at least.

----------


## Valmere

Thanks for the replies. I assumed it was possible due to the screenshot in daCoder's program (Open Souce Project for WoW 1.12.1). After testing that out and trying the Lua function which returns 100 on anything but the player, my last idea will be to pull the data straight from a 1.12 database and hope Nost isn't very different.


Edit: Due to the database using level ranges and health multipliers I'm not able to make a full rip at first glance, but did manage to grab a fair amount of mobs. If anyone's using a fresh/blank MobHealth3 on Nost and wants some initial data, plop this into your SavedVariables folder.

Edit 2: Shame that most offsets in this thread are checked by Nost's "anti-cheat". Leveling is so tedious on vanilla

----------


## prospectingemu

Doesn't xperl display the health value in vanilla?

----------


## namreeb

> Doesn't xperl display the health value in vanilla?


Not if the client is unaware of the value, which is a decision the server makes.

----------


## kingcrypto

PlayerIsIndoor = base + 0x468608. 12.1 have m2Model__IsOutdoors?

----------


## erfg12

If you're using Cheat Engine to find these, I found it easier to do an AoB scan to find the non-static player coordinates. Kronos will insta-ban if you modify these too far out.




> player x
> ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 42 ?? ?? ?? ?? 
> ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 3F 
> 78 ?? ?? ?? ?? ?? ?? ?? 00 00 00 00 00 00 00 00 
> 00 00 00 00
> 
> player y
> ?? ?? ?? ?? ?? ?? ?? 42 ?? ?? ?? ?? ?? ?? ?? ?? 
> ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 3F 78 ?? ?? ?? 
> ...


If you want to write a script, press CTRL+M and open Tools > Auto Assemble and type in...




> [ENABLE]
> aobscan(PLAYER_Y,?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 42 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 3F 78 ?? ?? ?? ?? ?? ?? ?? 00 00 00 00 00 00 00 00 00 00 00 00)
> label(_playery)
> registersymbol(_playery)
> 
> PLAYER_Y:
> _playery:
> 
> [DISABLE]
> unregistersymbol(_playery)


Then press File > Assign to current cheat table. Close the script window and go back to your cheat table and click on the checkmark box to activate the script. Now press "Add address manually" and type in _playery and switch it to float. Now you have the player Y non-static coordinates.

If you want to get player X and Player Z coordinates just add an offset to the pointer. So, press the "Add address manually" button and type in....




> _playery + 4


and to get player z...




> _playery + 8

----------


## tutrakan

> My code to call __fastcall from C#:
> 
> 
> 
> ```
>     static class FastCall
>     {
>         public static T CreateToFastcall<T>(IntPtr functionPtr, string patchName) where T : class
>         {
> ...



Thank you a lot Namreeb! Let me re post it with some corrections:



```
    static class FastCall
    {
        public static T CreateToFastcall<T>(IntPtr functionPtr, string patchName) where T : class
        {
            var method = typeof(T).GetMethod("Invoke");
            // if (method.GetParameters().Any(param => Marshal.SizeOf(param.ParameterType) != 4))
            //    throw new ArgumentException("Only supports functions with 32 bit parameters");

            var parameterCount = method.GetParameters().Length;

            var payload = new List<byte>();

            payload.Add(0x55);                                  // push ebp
            payload.AddRange(new byte[] { 0x89, 0xE5 });        // mov ebp, esp
            payload.Add(0x53);                                  // push ebx
            payload.AddRange(new byte[] { 0x8B, 0x4D, 0x08 });  // mov ecx, [ebp+0x08]
            payload.AddRange(new byte[] { 0x8B, 0x55, 0x0C });  // mov edx, [ebp+0x0C]

            if (parameterCount > 2)
            {
                int paramsToPush = parameterCount - 2; // always > 0

                for (var i = 0; i < paramsToPush; i++)
                {
                    payload.AddRange(new byte[] { 0x8B, 0x5D, (byte)(0x10 + 4 * (paramsToPush - 1 - i)) });   // mov ebx, [ebp+0x10+4*(paramToPush-1-i)]
                    payload.Add(0x53);                                                                        // push ebx
                }
            }

            var callOpcodeLocation = payload.Count + 1;

            payload.AddRange(new byte[] { 0xE8, 0x00, 0x00, 0x00, 0x00 });  // call function

            payload.Add(0x5B);                            // pop ebx
            payload.AddRange(new byte[] { 0x89, 0xEC });  // mov esp, ebp
            payload.Add(0x5D);                            // pop ebp

            payload.Add(0xC2);
            payload.AddRange(BitConverter.GetBytes((ushort)(parameterCount * 4)));     // retn 4 * paramCount

            var payloadPtr = Locator.PayloadSpace(payload.Count);

            var functionCall = functionPtr.ToInt32() - payloadPtr.ToInt32() - callOpcodeLocation - 4;

            // update payload
            payload[callOpcodeLocation + 0] = (byte)functionCall;
            payload[callOpcodeLocation + 1] = (byte)(functionCall >> 8);
            payload[callOpcodeLocation + 2] = (byte)(functionCall >> 16);
            payload[callOpcodeLocation + 3] = (byte)(functionCall >> 24);

            // deposit payload
            Patcher.CreatePatch(new Patcher.Patch(payloadPtr, payload.ToArray(), patchName));

            return Utilities.RegisterDelegate<T>(payloadPtr);
        }

        public static void RemoveToFastcall(string patchName)
        {
            Patcher.RemovePatch(patchName);
        }
    }
```

P.S I Would like someone of you guys pm me with the idb ida file for wow 1.12.1. Thanks.

Update - lesser but more readable code (Ironically, isn't often the case?):

```
internal static class Fastcall
    {
        public static List<IntPtr> FastCallWrappers;

        //Is important to pass at least two params and know that the first two parameters are ALWAYS 32bit
        public static T StdcallToFastcall<T>(IntPtr functionPtr) where T : class
        {
            var wrapper = new List<byte>();

            wrapper.Add(0x58);          // pop eax  - store the return address
            wrapper.Add(0x59);          // pop ecx  - move the 1st argument to ecx
            wrapper.Add(0x5A);          // pop edx  - move the 2nd argument to edx
            wrapper.Add(0x50);          // push eax - restore the return address

            wrapper.Add(0x68);                                                  // push ...
            wrapper.AddRange(BitConverter.GetBytes(functionPtr.ToInt32()));     // the function address to call
            wrapper.Add(0xC3);                                                  // ret - and jump to          

            var wrapperPtr = Marshal.AllocHGlobal(wrapper.Count);
            Marshal.Copy(wrapper.ToArray(), 0, wrapperPtr, wrapper.Count);

            if (FastCallWrappers == null)
                FastCallWrappers = new List<IntPtr>();
            FastCallWrappers.Add(wrapperPtr);

            return Marshal.GetDelegateForFunctionPointer<T>(wrapperPtr);
        }

        public static void RemoveFastcalls()
        {
            if (FastCallWrappers == null)
                return;
            foreach (var p in FastCallWrappers)
                Marshal.FreeHGlobal(p);
        }
    }
```

----------


## tutrakan

Hi, i have two questions so far and i ...

1_st: Solved:



```
[UnmanagedFunctionPointer(CallingConvention.StdCall)]
public delegate short IsSpellInRangeDelegate(uint localPlayerAddr, ref SpellEntry spellRec, ulong guid, int doSomeSpellChecks = 0);  
_isSpellInRange = Fastcall.CreateToFastcall<IsSpellInRangeDelegate>((IntPtr)0x006E4440, "IsSpellInRange"
```

2_nd: Solved too. I received LuaType 5 - table instead of string because of wrong indexing.


```
default:
			return "<unknown lua type>";	

public enum LuaConstant
{
	MultRet = -1,
	TypeNil = 0,
	TypeBoolean = 1,
	TypeNumber = 3,
	TypeString = 4,
}
```

P.S Some stuff:


```
[UnmanagedFunctionPointer(CallingConvention.StdCall)]
public delegate bool IsUsableSpellDelegate(ref SpellEntry spellRec, ref bool notEnoughPower);
_isUsableSpell = Fastcall.CreateToFastcall<IsUsableSpellDelegate>((IntPtr)0x006E3D60, "IsUsableSpell");

[UnmanagedFunctionPointer(CallingConvention.ThisCall)]
private delegate bool CanAttackDelegate(uint unit, uint otherUnit);
_canAttack = Marshal.GetDelegateForFunctionPointer<CanAttackDelegate>((IntPtr)0x00606980);

public bool CastPacket(Unit unit)
{
	var mask = unit == Manager.Me ? SpellCastTargetFlags.TARGET_FLAG_SELF : SpellCastTargetFlags.TARGET_FLAG_UNIT;

	var packet = new DataStore(NetMessage.CMSG_CAST_SPELL);
	packet.Write<int>((int)Id);
	packet.Write<short>((Int16)mask);
	WriteGuid(ref packet, unit.Guid);
	packet.Send();
	return true;
}

public static void WriteGuid(ref DataStore cds, ulong guid)
{
	var packGUID = new List<byte>();
	packGUID.Add(0);
	ulong g = guid;

	for (int i = 0; g != 0; ++i)
	{
		if ((g & 0xFF) != 0)
		{
			packGUID[0] |= (byte)(1 << i);
			packGUID.Add((byte)(g & 0xFF));
		}
		g >>= 8;
	}

	foreach (byte b in packGUID)
	{
		cds.Write<byte>(b);
	}
}
```


Thanks!

----------


## Jadd

> 2_nd: Why i get in my queries luatype == 5 when the enum is up to 4:


Sorry I can't help you with the first question (only ever did some simple hacks on vanilla) but this is an easy one.



```
#define LUA_MULTRET     (-1)
#define LUA_TNIL                0
#define LUA_TBOOLEAN            1
#define LUA_TLIGHTUSERDATA      2
#define LUA_TNUMBER             3
#define LUA_TSTRING             4
#define LUA_TTABLE              5
#define LUA_TFUNCTION           6
#define LUA_TUSERDATA           7
#define LUA_TTHREAD             8
```

5 indicates a table. Reading the values from the table wouldn't be too hard, but assuming you're using the typical loadbuffer approach you're probably much better off formatting the Lua code to return as multiple stack objects rather than a single table object.

Example - rather than executing:


```
return func_that_returns_table()
```

You could instead execute this:


```
result = func_that_returns_table(); return result.foo, result.bar
```

----------


## wowwac

```
 ChanellingSpellId = (0x0084E4BC) + 0x24) + 0xec) + 0x228
```

Does someone please have ObjectFields.OBJECT_END ? Sacred dumped the descriptors, but forgot to include ObjectFields...

----------


## Jadd

> ```
>  ChanellingSpellId = (0x0084E4BC) + 0x24) + 0xec) + 0x228
> ```
> 
> Does someone please have ObjectFields.OBJECT_END ? Sacred dumped the descriptors, but forgot to include ObjectFields...




```
OBJECT_FIELD_GUID = 0,
OBJECT_FIELD_TYPE = 2,
OBJECT_FIELD_ENTRY = 3,
OBJECT_FIELD_SCALE_X = 4,
OBJECT_FIELD_PADDING = 5,
OBJECT_FIELD_END = 6
```

Keep in mind these are not already multiplied by 4 whereas Sacred's are. OBJECT_FIELD_END = 0x18 is probably what you're looking for.

----------


## wowwac

Thank you, that's what I was looking for...

----------


## tutrakan

Reversing question here:
Can someone(namreeb?) describe the 0x006E1A00 function, what it does and params please?
Signature: void __fastcall SomeSpellChecks(int spellRec, int someEnumArg, int FFFFFFFF, int FFFFFFFF, int zero)
Thanks!

----------


## namreeb

That function is this:



```
void __fastcall Spell_C_SpellFailed(int spellId, SpellCastResult spellResult, int unk1, int unk2)
```

I'm not sure what the purpose of the last two parameters are, but they're almost always -1 from what I see.

SpellCastResult comes from cmangos, but just for reference, here it is:



```
enum SpellCastResult : __int8
{
  SPELL_FAILED_AFFECTING_COMBAT = 0x0,
  SPELL_FAILED_ALREADY_AT_FULL_HEALTH = 0x1,
  SPELL_FAILED_ALREADY_AT_FULL_MANA = 0x2,
  SPELL_FAILED_ALREADY_BEING_TAMED = 0x3,
  SPELL_FAILED_ALREADY_HAVE_CHARM = 0x4,
  SPELL_FAILED_ALREADY_HAVE_SUMMON = 0x5,
  SPELL_FAILED_ALREADY_OPEN = 0x6,
  SPELL_FAILED_MORE_POWERFUL_SPELL_ACTIVE = 0x7,
  SPELL_FAILED_BAD_IMPLICIT_TARGETS = 0x9,
  SPELL_FAILED_BAD_TARGETS = 0xA,
  SPELL_FAILED_CANT_BE_CHARMED = 0xB,
  SPELL_FAILED_CANT_BE_DISENCHANTED = 0xC,
  SPELL_FAILED_CANT_BE_PROSPECTED = 0xD,
  SPELL_FAILED_CANT_CAST_ON_TAPPED = 0xE,
  SPELL_FAILED_CANT_DUEL_WHILE_INVISIBLE = 0xF,
  SPELL_FAILED_CANT_DUEL_WHILE_STEALTHED = 0x10,
  SPELL_FAILED_CANT_TOO_CLOSE_TO_ENEMY = 0x11,
  SPELL_FAILED_CANT_DO_THAT_YET = 0x12,
  SPELL_FAILED_CASTER_DEAD = 0x13,
  SPELL_FAILED_CHARMED = 0x14,
  SPELL_FAILED_CHEST_IN_USE = 0x15,
  SPELL_FAILED_CONFUSED = 0x16,
  SPELL_FAILED_DONT_REPORT = 0x17,
  SPELL_FAILED_EQUIPPED_ITEM = 0x18,
  SPELL_FAILED_EQUIPPED_ITEM_CLASS = 0x19,
  SPELL_FAILED_EQUIPPED_ITEM_CLASS_MAINHAND = 0x1A,
  SPELL_FAILED_EQUIPPED_ITEM_CLASS_OFFHAND = 0x1B,
  SPELL_FAILED_ERROR = 0x1C,
  SPELL_FAILED_FIZZLE = 0x1D,
  SPELL_FAILED_FLEEING = 0x1E,
  SPELL_FAILED_FOOD_LOWLEVEL = 0x1F,
  SPELL_FAILED_HIGHLEVEL = 0x20,
  SPELL_FAILED_IMMUNE = 0x22,
  SPELL_FAILED_INTERRUPTED = 0x23,
  SPELL_FAILED_INTERRUPTED_COMBAT = 0x24,
  SPELL_FAILED_ITEM_ALREADY_ENCHANTED = 0x25,
  SPELL_FAILED_ITEM_GONE = 0x26,
  SPELL_FAILED_ENCHANT_NOT_EXISTING_ITEM = 0x27,
  SPELL_FAILED_ITEM_NOT_READY = 0x28,
  SPELL_FAILED_LEVEL_REQUIREMENT = 0x29,
  SPELL_FAILED_LINE_OF_SIGHT = 0x2A,
  SPELL_FAILED_LOWLEVEL = 0x2B,
  SPELL_FAILED_SKILL_NOT_HIGH_ENOUGH = 0x2C,
  SPELL_FAILED_MAINHAND_EMPTY = 0x2D,
  SPELL_FAILED_MOVING = 0x2E,
  SPELL_FAILED_NEED_AMMO = 0x2F,
  SPELL_FAILED_NEED_REQUIRES_SOMETHING = 0x30,
  SPELL_FAILED_NEED_EXOTIC_AMMO = 0x31,
  SPELL_FAILED_NOPATH = 0x32,
  SPELL_FAILED_NOT_BEHIND = 0x33,
  SPELL_FAILED_NOT_FISHABLE = 0x34,
  SPELL_FAILED_NOT_HERE = 0x35,
  SPELL_FAILED_NOT_INFRONT = 0x36,
  SPELL_FAILED_NOT_IN_CONTROL = 0x37,
  SPELL_FAILED_NOT_KNOWN = 0x38,
  SPELL_FAILED_NOT_MOUNTED = 0x39,
  SPELL_FAILED_NOT_ON_TAXI = 0x3A,
  SPELL_FAILED_NOT_ON_TRANSPORT = 0x3B,
  SPELL_FAILED_NOT_READY = 0x3C,
  SPELL_FAILED_NOT_SHAPESHIFT = 0x3D,
  SPELL_FAILED_NOT_STANDING = 0x3E,
  SPELL_FAILED_NOT_TRADEABLE = 0x3F,
  SPELL_FAILED_NOT_TRADING = 0x40,
  SPELL_FAILED_NOT_UNSHEATHED = 0x41,
  SPELL_FAILED_NOT_WHILE_GHOST = 0x42,
  SPELL_FAILED_NO_AMMO = 0x43,
  SPELL_FAILED_NO_CHARGES_REMAIN = 0x44,
  SPELL_FAILED_NO_CHAMPION = 0x45,
  SPELL_FAILED_NO_COMBO_POINTS = 0x46,
  SPELL_FAILED_NO_DUELING = 0x47,
  SPELL_FAILED_NO_ENDURANCE = 0x48,
  SPELL_FAILED_NO_FISH = 0x49,
  SPELL_FAILED_NO_ITEMS_WHILE_SHAPESHIFTED = 0x4A,
  SPELL_FAILED_NO_MOUNTS_ALLOWED = 0x4B,
  SPELL_FAILED_NO_PET = 0x4C,
  SPELL_FAILED_NO_POWER = 0x4D,
  SPELL_FAILED_NOTHING_TO_DISPEL = 0x4E,
  SPELL_FAILED_NOTHING_TO_STEAL = 0x4F,
  SPELL_FAILED_ONLY_ABOVEWATER = 0x50,
  SPELL_FAILED_ONLY_DAYTIME = 0x51,
  SPELL_FAILED_ONLY_INDOORS = 0x52,
  SPELL_FAILED_ONLY_MOUNTED = 0x53,
  SPELL_FAILED_ONLY_NIGHTTIME = 0x54,
  SPELL_FAILED_ONLY_OUTDOORS = 0x55,
  SPELL_FAILED_ONLY_SHAPESHIFT = 0x56,
  SPELL_FAILED_ONLY_STEALTHED = 0x57,
  SPELL_FAILED_ONLY_UNDERWATER = 0x58,
  SPELL_FAILED_OUT_OF_RANGE = 0x59,
  SPELL_FAILED_PACIFIED = 0x5A,
  SPELL_FAILED_POSSESSED = 0x5B,
  SPELL_FAILED_REQUIRES_AREA = 0x5D,
  SPELL_FAILED_REQUIRES_SPELL_FOCUS = 0x5E,
  SPELL_FAILED_ROOTED = 0x5F,
  SPELL_FAILED_SILENCED = 0x60,
  SPELL_FAILED_SPELL_IN_PROGRESS = 0x61,
  SPELL_FAILED_SPELL_LEARNED = 0x62,
  SPELL_FAILED_SPELL_UNAVAILABLE = 0x63,
  SPELL_FAILED_STUNNED = 0x64,
  SPELL_FAILED_TARGETS_DEAD = 0x65,
  SPELL_FAILED_TARGET_AFFECTING_COMBAT = 0x66,
  SPELL_FAILED_TARGET_AURASTATE = 0x67,
  SPELL_FAILED_TARGET_DUELING = 0x68,
  SPELL_FAILED_TARGET_ENEMY = 0x69,
  SPELL_FAILED_TARGET_ENRAGED = 0x6A,
  SPELL_FAILED_TARGET_FRIENDLY = 0x6B,
  SPELL_FAILED_TARGET_IN_COMBAT = 0x6C,
  SPELL_FAILED_TARGET_IS_PLAYER = 0x6D,
  SPELL_FAILED_TARGET_NOT_DEAD = 0x6E,
  SPELL_FAILED_TARGET_NOT_IN_PARTY = 0x6F,
  SPELL_FAILED_TARGET_NOT_LOOTED = 0x70,
  SPELL_FAILED_TARGET_NOT_PLAYER = 0x71,
  SPELL_FAILED_TARGET_NO_POCKETS = 0x72,
  SPELL_FAILED_TARGET_NO_WEAPONS = 0x73,
  SPELL_FAILED_TARGET_UNSKINNABLE = 0x74,
  SPELL_FAILED_THIRST_SATIATED = 0x75,
  SPELL_FAILED_TOO_CLOSE = 0x76,
  SPELL_FAILED_TOO_MANY_OF_ITEM = 0x77,
  SPELL_FAILED_TRAINING_POINTS = 0x79,
  SPELL_FAILED_TRY_AGAIN = 0x7A,
  SPELL_FAILED_UNIT_NOT_BEHIND = 0x7B,
  SPELL_FAILED_UNIT_NOT_INFRONT = 0x7C,
  SPELL_FAILED_WRONG_PET_FOOD = 0x7D,
  SPELL_FAILED_NOT_WHILE_FATIGUED = 0x7E,
  SPELL_FAILED_TARGET_NOT_IN_INSTANCE = 0x7F,
  SPELL_FAILED_NOT_WHILE_TRADING = 0x80,
  SPELL_FAILED_TARGET_NOT_IN_RAID = 0x81,
  SPELL_FAILED_DISENCHANT_WHILE_LOOTING = 0x82,
  SPELL_FAILED_PROSPECT_WHILE_LOOTING = 0x83,
  SPELL_FAILED_TARGET_FREEFORALL = 0x85,
  SPELL_FAILED_NO_EDIBLE_CORPSES = 0x86,
  SPELL_FAILED_ONLY_BATTLEGROUNDS = 0x87,
  SPELL_FAILED_TARGET_NOT_GHOST = 0x88,
  SPELL_FAILED_TOO_MANY_SKILLS = 0x89,
  SPELL_FAILED_CANT_USE_NEW_ITEM = 0x8A,
  SPELL_FAILED_WRONG_WEATHER = 0x8B,
  SPELL_FAILED_DAMAGE_IMMUNE = 0x8C,
  SPELL_FAILED_PREVENTED_BY_MECHANIC = 0x8D,
  SPELL_FAILED_PLAY_TIME = 0x8E,
  SPELL_FAILED_REPUTATION = 0x8F,
  SPELL_FAILED_MIN_SKILL = 0x90,
  SPELL_FAILED_UNKNOWN = 0x91,
  SPELL_CAST_OK = 0xFF,
};
```

----------


## tutrakan

At first, i thought you were wrong, i was so convicted that this func. was a kind of a "Black Magic". So, thanks!

A pointer question: what these ones are for?

Addr + 0x110 - update: pointer to the the descriptors + ObjectFields.OBJECT_END (0x18)
0x00CECAC0
0x00CEAC58

Also, I'm looking for an IDA script for automated importing of enums.
For example i need to import the Opcodes https://github.com/mangoszero/server...rver/Opcodes.h in IDA.

Update:
Importing types in IDA is easy doable by local types subview (Shift-F1).

Thanks!

----------


## squiggy

Hello, sorry for this newbish question I just started playing with this stuff a couple of days ago. Ive seen others posting questions in this thread so I hope im not breaking any rules in doing the same.

Ive been working on porting an old glider like memory reading bot for wtlk to vanilla and I am almost (or possibly am) done.
Last thing ive been looking for is the aura/buff id location, this thread has been a great help for a lot of the offsets but i couldnt find it here nor anywhere else so i went digging for it.

Ive found an array which looks like its a uint[48] at wowobj+0xB58, this one contains the ids but reading a post about a similar issue for some 3.x client there should be a second one. Looking at what was accessing the address in cheat engine I identified a function which i tried studying in IDA(sub_5FF350). Its rather large though and I couldnt follow all but it doesnt look like its accessing some other array but only checking if the index is within bounds of the one Ive found. So ive started thinking that things might have worked differently in vanilla and that there was a buff cap. Id rather not continue searching for a needle which doesnt exist so Im asking here before continuing. 

I also found someone linking CGBuffBar::GetBuffByIndex (sub_4E4430) which to my eyes seem to confirm this idea. Also is there some plugin to get ida to find and name those functions? im not finding many of the named ones in this thread.

TLDR:

1. Is there an additional array with aura/buff ids in vanilla or is the one at wowobj+0xB58 it?
2. Is it possible to get IDA to identify functions like CGBuffBar::GetBuffByIndex by name?

Thanks for your time.

----------


## tutrakan

To get all unit aura id's - you have to read at



```
int id = *(int*)(*(uint*)(addr + 8) + auraPos * 4)   //the inner *(uint*) is a pointer to the descriptors
```

iterating auraPos from 0x2F to 0x5E (there are all the 48 aura Id's /0..0x1F buffs and 0x20..0x2F debuffs?/ on the given unit).

That's the way i'm reading them, but your way is even cooler: 

```
id = *(int*)(unit.Addr + 0xB58 + i * 4)   // for i = 0..47
```

.

http://www.ownedcore.com/forums/worl...names-ida.html (WOW script names in IDA) - 1-st one posted renames the lua functions just fine.

----------


## tutrakan

1 more question bothers me,

What are the server side checks for coord mods - either instant teleport or teleporting one step at a time and modifying the time-stamp to simulate a moving progress?
I suppose there is a warden (warden-like module) that kicks me out when i do instant teleport (ref Vlakyrie server).
It is the Warden or it is a custom server side check?
Can i have an example of that kind of verification. And a link to code pls.

Thanks.

----------


## Saridormi

> 1 more question bothers me,
> 
> What are the server side checks for coord mods - either instant teleport or teleporting one step at a time and modifying the time-stamp to simulate a moving progress?
> I suppose there is a warden (warden-like module) that kicks me out when i do instant teleport (ref Vlakyrie server).
> It is the Warden or it is a custom server side check?
> Can i have an example of that kind of verification. And a link to code pls.
> 
> Thanks.


Those are server side checks that have nothing to do with Warden.

The only way you can see the code for them is by looking at the server code, which isn't available on most servers.

If you want to bypass server side checks, you just have to try and guess what the server is checking for.

----------


## SatyPardus

It seems like i am the only one, who gets confused by the code examples.
Someone postet this Code:


```
public static byte[] LuaDoString(string Command)
{
	// Return Value
	byte[] tempBytes = new byte[0];

	try
	{
		//Allocate Memory For Command
		var DoStringArg_Codecave = Memory.Memory.Allocate(Encoding.UTF8.GetBytes(Command).Length + 1);

		//Execute Address
		IntPtr FrameScript_Execute = new IntPtr(0x00704CD0);

		//Write Command In Allocated Memory
		Memory.WriteString(DoStringArg_Codecave.BaseAddress, Command, false);

		var asm = new[] 
		{
			"mov ecx, " + DoStringArg_Codecave.BaseAddress,
			"mov edx, " + DoStringArg_Codecave.BaseAddress,
			"call " + FrameScript_Execute,
			"retn",    
		};

		//Inject and Execute
		tempBytes = Executor.Execute(asm);

		//Free Memory Allocated For Command
		Memory.Memory.Deallocate(DoStringArg_Codecave);
	}
	catch { }

	return tempBytes;
}
```

But i don't find any information over "Executor.Execute(asm);" - I searched now for ~2 hrs on google and can't find any libary, example or similar.
I just want to execute Lua code from my bot and get results.

Btw: I want to get quest informations from player quests (I already have it working, that i can read all quests with their id, all target info, all player info etc) but i am not able to convert the questid to any usefull information.
Like objectives, how many objectives i already have etc.
And: Is there a way to get the guildname? I get the guildid but again cant find any offset or pointer to a name. The only thing i find is the lua function "GetGuildInfo(guildid)", so when i get lua execution to work, would that solve my problem?

Any help would be really great! (I'm trying to learn all this stuff, but it's very hard)

----------


## tutrakan

API GetGuildInfo - Vanilla WoW Wiki - Wikia And if you do a search for "quest" you will have all the info that you asked.

The library in question is ManagedFasm (fasmdll_managed.dll).

And for DoString, if i remember well, the best way was to be called from the EndScene.

----------


## tutrakan

> The only way you can see the code for them is by looking at the server code, which isn't available on most servers.





> Can i have an example of that kind of verification. And a link to that server code please?


"All I can say is wow!"

----------


## SatyPardus

> API GetGuildInfo - Vanilla WoW Wiki - Wikia And if you do a search for "quest" you will have all the info that you asked.
> 
> The library in question is ManagedFasm (fasmdll_managed.dll).
> 
> And for DoString, if i remember well, the best way was to be called from the EndScene.


You probably don't understand me correctly, sorry, i'm german  :Big Grin: 

I know the lua functions and i know that dostring needs to be executed in endscene. I think i have all pointers for that, but the problem is, that i dont find the information to execute them.
Everything i find is to new, and everything for 1.12.1 has functions in it, that i cant find (Like the "Executor.Execute(asm);")

I need an function to Inject and execute the lua function and to get return value. I'm working currently on something, but till now it just crashes the client or doesnt work at all

----------


## tutrakan

I suck bad in english too  :Wink: 

https://github.com/acidburn974/Blackmagic

Now get ready for some nasty code:



```
public static readonly object inject_Lock = new object();
        public static int InjectAsm(string[] asm, uint Addr)
        {
            lock (inject_Lock)
            {
                memory.Asm.Clear();
                foreach (string str in asm)
                {
                    memory.Asm.AddLine(str);
                }
                memory.Asm.Inject(Addr);

                return memory.Asm.Assemble().Length;
            }
        }
public static uint ExecuteEnd(uint ingameEnableCodeCave = 1, bool dontReadValue = false)
        {
            lock (inject_Lock)
            {
                memory.WriteUInt(EnableCodeCavePtr, 1);
                memory.WriteUInt(IngameEnableCodeCavePtr, ingameEnableCodeCave);

                while (memory.ReadUInt(EnableCodeCavePtr) != 0) { }
            }

            if (dontReadValue) return EndData;

            return memory.ReadUInt(EndData);
        }

        public static uint InjectAndExecuteEnd(string[] asm, uint ingameEnableCodeCave = 1, bool dontReadValue = false)
        {
            InjectAsm(asm, EndCodeCave);

            return ExecuteEnd(ingameEnableCodeCave, dontReadValue);
        }

//Get Text single argument        
        public static string GetText(string command, string argument, int returnLength = 15)
        {
            string str = "";

            DoString(command);

            memory.WriteASCIIString(GetTextArgumentsBuffer, argument + "\0");

            string[] asm = new string[]
                {
                    "push 0",
                    "or edx, 0FFFFFFFFh",
                    "mov ecx, " + GetTextArgumentsBuffer,
                    "call " + (uint)Offsets.functions.GetText,
                    "retn",    
                };

            uint argumentValue = InjectAndExecuteEnd(asm, 0);
            if (argumentValue != 0)
            {
                str = memory.ReadASCIIString(argumentValue, returnLength);
            }
            return str;
        }


public static void HookEndScene(uint ptr)
        {
            memory.WriteUInt(EnableCodeCavePtr, 0);

            string[] asm = new string[]
                {
                    "mov edi, edi",
                    "push ebp",
                    "mov ebp, esp",

                    "pushfd",
                    "pushad",                            
                            
                    //Test for waiting code
                    "mov eax, [" + EnableCodeCavePtr + "]",
                    "test eax, eax",
                    "jz @out",                    

                    "mov eax, [" + DostringReadyPtr + "]",
                    "test eax, eax",
                    "jz @out",

                    "mov eax, [" + IngameEnableCodeCavePtr + "]",
                    "test eax, eax",
                    "jz @skipIngameCheck",

                    "cmp dword [0x00B4B424], 1",        //isInGame ?
                    "jne @out",
                    //"cmp dword [0x00BEBA40], 1",        //WorldLoaded = 0x00BEBA40;
                    //"jne @out",
                    "mov ecx, [0x00C7BCD4]",
                    "mov ecx, [ecx + 0x88]",
                    "mov ecx, [ecx + 0x28]",
                    "test ecx, ecx",                    //playerPtr == 0 ?
                    "jz @out",
                      
                 "@skipIngameCheck:",                      
                    "mov dword [" + EndData + "], 0",
                    "call " + EndCodeCave,
                          
                    "mov [" + EndData + "], eax",

                    "mov dword [" + EnableCodeCavePtr + "], 0",
                           
                 "@out:",
                    "popad",
                    "popfd",
                    "jmp " + (ptr + 5),
                };

            InjectAsm(asm, EndSceneCave);

            // create hook jump  
            asm = new string[]
                {
                    "jmp " + EndSceneCave
                };

            InjectAsm(asm, ptr);

            EndSceneHooked = true;
        }
```

That is working from the outside approach, witch i don't recommend you.
That way you will have ~10ms delay after every injected function call and at the end, the response time of your bot can take up to a few seconds (beside the ugly code).

The best way is to inject ALL your code inside the wow process and call wow functions with delegates.

Credits to Corthezz.

----------


## SatyPardus

I don't really care about delay  :Big Grin:  As i only want this for for learning. So what do you mean with inject code and call functions?
I was thinking that the DoLua stuff is already code injection

Edit: How would you do these lookups? Getting the Guildname, Questinfo. Start attacking, casting spells etc. I was thinking lua injection would be the best way.

----------


## tutrakan

1. I meant to inject the whole bot ( .Net assembly) in the wow process instead of injecting small pieces of machine code one at a time.

2. The Corthezz bot is a good example for learning the latter way of injection.

----------


## SatyPardus

Yep, i am already trying to use the Corthezz bot, but sadly that is not working aswell. It will doesnt attach to the endscene or (when i find the right bytes) it will crash.
I am really stuck on this execution of lua code... That's the only problem i have  :Big Grin:

----------


## tutrakan

I will appreciate if i get help on this one:


```
using (var font = new SlimDX.Direct3D9.Font(Device, new System.Drawing.Font("Consolas", 10)))
            {
                font.DrawString(null, text, x, y, color);
            }
```

Why the drawn text appears or disappears when i move the mouse cursor depending if it points to a frame or not?
I noticed this behavior only on the vanilla client.

----------


## Jadd

> I will appreciate if i get help on this one:
> 
> 
> ```
> using (var font = new SlimDX.Direct3D9.Font(Device, new System.Drawing.Font("Consolas", 10)))
>             {
>                 font.DrawString(null, text, x, y, color);
>             }
> ```
> ...


For starters, stop creating and disposing a font every frame.

----------


## tutrakan

I don't think that is the problem.
And i found that this is the best way to handle the font, otherwise it crashes when i resize the window or when in fullscreen: switching between the game and the desktop.
Creating it (and disposing it) takes ~10ms in fullscreen (in 3.3.5 client) which i find OK rather the risk of crashes at every alt-tab or WIN key press.

Even when i draw lines, they lose brightness when the cursor doesn't point to a frame.

----------


## SatyPardus

Okay, i finally get something to happen, but not the right. I still try to inject LUA code into WoW 1.12.1 - but it will not work.
Atleast it shows me now an lua error ingame "[script " "]:1: unexpected symbol near `'"

Its not much but a little win. I still use the function i posted earlier, but slightly modified:


```
//Allocate Memory For Command
                var DoStringArg_Codecave = _magic.AllocateMemory(Encoding.ASCII.GetBytes(Command).Length + 1);

                //Execute Address
                IntPtr FrameScript_Execute = new IntPtr(0x00704CD0);

                //Write Command In Allocated Memory
                _magic.Asm.Clear();
                _magic.WriteASCIIString(DoStringArg_Codecave, Command);
                _magic.Asm.AddLine("mov ecx, " + DoStringArg_Codecave);
                _magic.Asm.AddLine("mov edx, " + DoStringArg_Codecave);
                _magic.Asm.AddLine("call " + FrameScript_Execute);
                _magic.Asm.AddLine("retn");
                _magic.Asm.InjectAndExecute(DoStringArg_Codecave);
                _magic.Asm.Clear();

                _magic.FreeMemory(DoStringArg_Codecave);
```

Can someone help me to get this to work? Maybe even help me to get a return message (Like when i call "GuildInfo" that i get the information)
Thanks~

EDIT:
Also, someone postet this "0x4C9330 Script_GetGuildInfo" - That is the pointer to the function, right? But how would i call something like that? Also with asm, put in the parameters and inject it? And how would i get the data from that?  :Big Grin: 

Sorry for all the noobie questions. I'm pretty new to all of this.

----------


## Saridormi

> Okay, i finally get something to happen, but not the right. I still try to inject LUA code into WoW 1.12.1 - but it will not work.
> Atleast it shows me now an lua error ingame "[script " "]:1: unexpected symbol near `'"
> 
> Its not much but a little win. I still use the function i posted earlier, but slightly modified:
> 
> 
> ```
> //Allocate Memory For Command
>                 var DoStringArg_Codecave = _magic.AllocateMemory(Encoding.ASCII.GetBytes(Command).Length + 1);
> ...


Try calling it like this:




> mov eax, 0
> mov ecx, DoStringArg_CodeCave
> mov edx, DoStringArg_CodeCave
> call FrameScript_Execute


EDIT: (In regards to Script_GetGuildInfo) - You probably shouldn't be calling Lua functions directly if you don't know what you're doing as it's a pain to manage the lua stack manually. I'd recommend just reversing the function and calling whatever internal functions it's using directly.

----------


## SatyPardus

> You probably shouldn't be calling Lua functions directly if you don't know what you're doing as it's a pain to manage the lua stack manually. I'd recommend just reversing the function and calling whatever internal functions it's using directly.


And how would i do that? In that way i'm doing it right now, or similar? Because this is currently pain to learn  :Big Grin: 
I mean, i know how to read all player and object data, is there a way that i can read these functions also easy like that? 

(Like "_magic.ReadUInt((LocalTarget.UnitFieldsAddress + (uint)WoWUnitFields.Health))")

Edit: With the little change its now this error "[script "?"]:1: unexpected symbol near `'"  :Big Grin:  Just a questionmark more xD

----------


## Saridormi

> And how would i do that? In that way i'm doing it right now, or similar? Because this is currently pain to learn 
> I mean, i know how to read all player and object data, is there a way that i can read these functions also easy like that? 
> 
> (Like "_magic.ReadUInt((LocalTarget.UnitFieldsAddress + (uint)WoWUnitFields.Health))")


Do what, exactly?

You can call Lua functions directly by pushing your arguments onto the lua stack, calling the function with a pointer to the lua stack as a parameter, reading the number of arguments on the stack as a return value and then popping them off the stack (again, using internal lua functions).

It's much easier to just read the code and see what it's actually doing and then doing that :P

----------


## SatyPardus

OMG. That sounds way more complicated as everything else i ever did in the last 6 years  :Big Grin: 
So how would i start with that? Any good tutorials on how to push stuff to the stack?

And do i have to do that with every little function i want to use?  :Big Grin:  Like castspell, attacktarget, get quetsobjectiveinfo etc xD That would be crazy  :Embarrassment:

----------


## Saridormi

> OMG. That sounds way more complicated as everything else i ever did in the last 6 years 
> So how would i start with that? Any good tutorials on how to push stuff to the stack?
> 
> And do i have to do that with every little function i want to use?  Like castspell, attacktarget, get quetsobjectiveinfo etc xD That would be crazy


No, only if you want the return value of the function. For most things (like CastSpellByName) it's easier to just call FrameScript__Execute and let WoW deal with it.

For getting information out of lua functions, just reverse the actual functions, seriously. It's good practice and it'll get you a lot of extra information about WoW's internal data structures in the process.

----------


## SatyPardus

Okay, but the FrameScript_Execute still dont work (See edited post under your first tip).
I mean, that would already help a lot. But the most important thing is for me, to get information about quests and objectives (I mean, i already read out every quest that my character have, that works, but it's only the questID and no information about it)

"Reverse" ... you mean reverse enginering? Like IDA or something ? How would i do that with an entire function...and most important, how would i use that.
Some tutorial would be really nice, so i can read into that. Or some code examples with comments how it works. (It's really hard to find this kind of stuff, and as i am searching for stuff in this 1.12.1 version its even harder...lol  :Frown:  )

----------


## Saridormi

> Okay, but the FrameScript_Execute still dont work (See edited post under your first tip).
> I mean, that would already help a lot. But the most important thing is for me, to get information about quests and objectives (I mean, i already read out every quest that my character have, that works, but it's only the questID and no information about it)
> 
> "Reverse" ... you mean reverse enginering? Like IDA or something ? How would i do that with an entire function...and most important, how would i use that.
> Some tutorial would be really nice, so i can read into that. Or some code examples with comments how it works. (It's really hard to find this kind of stuff, and as i am searching for stuff in this 1.12.1 version its even harder...lol  )


Oops, my bad. It's




> mov eax, 0
> mov ecx, DoStringArg_Codecave
> mov edx, DoStringArg_Codecave
> call FrameScript__Execute


https://i.imgur.com/G51fGxo.png

Here's a POC if you're still struggling: https://gist.github.com/Evairfairy/d...aa1a325e9c8b16

Yes, reverse engineering. That's what this section is all about.

Open the function in IDA and start reading it, google any instructions you don't understand, use Cheat Engine to see the values of memory addresses that the function is using and try to figure out what they are. You figure out a small part of the function at a time, which gives you hints as to the rest of the function, until you end up with something like this: https://i.imgur.com/HniF0bx.png

----------


## SatyPardus

Thank you! The DoLua works now with your code. My code with BlackMagic is exactly the same...but for some reason it doesnt work. Switching to memorysharp worked a lot better  :Smile:  Thanks again  :Big Grin: 

And now! Lets look into IDA and stuff and get my head burning  :Big Grin:

----------


## Saridormi

> Thank you! The DoLua works now with your code. My code with BlackMagic is exactly the same...but for some reason it doesnt work. Switching to memorysharp worked a lot better  Thanks again 
> 
> And now! Lets look into IDA and stuff and get my head burning


MemorySharp is great, at least in my experience so far. 

I haven't used BlackMagic so I can't comment on how good it is, but I know it's very popular here so I can only assume you were doing something wrong with it. As to what, I don't know, maybe one of the people who use BlackMagic regularly can tell you

----------


## tutrakan

BlackMagic is very old and don't worth using it, when tools like MemorySharp exist nowdays. Thank you for pointing it out.

----------


## Jadd

> I don't think that is the problem.
> And i found that this is the best way to handle the font, otherwise it crashes when i resize the window or when in fullscreen: switching between the game and the desktop.
> Creating it (and disposing it) takes ~10ms in fullscreen (in 3.3.5 client) which i find OK rather the risk of crashes at every alt-tab or WIN key press.


This is really bad practice with DirectX. The correct way is quite simple too - forward OnResetDevice and OnLostDevice from the D3D9 device to each ID3DXFont instance, and release the font when the device is destroyed and recreate it when the new device is created. You're going to have a REALLY bad time in the future unless you fix this.




> Even when i draw lines, they lose brightness when the cursor doesn't point to a frame.


Most likely it's due to render states being set from the top-most drawing. This can be obviously be different for a number of reasons, even including what frame your cursor is hovering, highlighting, etc.

Try creating a state block and setting some more suitable render states before drawing. Don't forget to apply and release the state block after drawing, too.

----------


## tutrakan

Thanks for the pertinent response. Considering that I'm not experienced with directx, i will do some research and will post a feedback soon.

Update: Still I have the same problem: It occurs only when my pet is summoned - the text drawn is visible only when a tooltip is shown at the same time:

```
font.DrawString(null, text, x, y, Color.White);
```

Solved: After dumping the whole device, i realized that it was related to the viewport .

P.S. So, I understand that nobody is interested about vanilla stuff, (or nobody cares about drawing lines in 1.12.1 client) but still: if someone feel needs to do so - set up the VertexFormat = VertexFormat.Position | VertexFormat.Diffuse.

----------


## prospectingemu

Hey guys i'm playing around with lua atm, anyone know how to register a lua Event (As in create a custom one)?

The plan is to use


```
this:RegisterEvent("MY_EVENT_PULSE");
```

And trigger the event every Xms. Right now I'm doing the reverse (calling the 'pulse' function from my injected code) and really think it would be cleaner / easier if I just extend the wow API for missing funcitons and do everything else in lua

----------


## tutrakan

What do you guys think for Kronos server? (offtopic/intopic(severe warden bans))

----------


## luckruns0ut

I have only just started playing it but the fact that the org auction house is full of windrider taxis doesn't give me much hope...

----------


## Saridormi

> What do you guys think for Kronos server? (offtopic/intopic(severe warden bans))


Warden is the same on all private servers that implement it. So far, I think the only modules used are the ones to scan addresses and modules.

None of the private servers have particularly good server side detection, so you probably don't need to do a lot to humanise your bot. No idea about hacks.

----------


## tutrakan

How the warden scanning for dlls works and how to bypass it?

----------


## Vandra

You need to hook LoadWardenModule (not sure for 1.12.1 actually)

You have a nice exemple here: http://www.ownedcore.com/forums/worl...tial-code.html ([Howto]Bypassing Warden [theory with partial code])

But i'm not sure about warden back in 1.12

----------


## tutrakan

The scan function is still the same (i've already detoured it both in asm and with .net delegate), thanks for the link btw.
I was wondering how to prevent the scanning for loaded modules because now there are bans for using SlimDX.dll for example.

----------


## luckruns0ut

How do you know SlimDX causes it? I really doubt that would trigger Warden, even if they've figured out how to make it use custom modules...

----------


## tutrakan

> How do you know SlimDX causes it? I really doubt that would trigger Warden, even if they've figured out how to make it use custom modules...


That was easy  :Big Grin: 

I am doing research about how to bypass it, but this can take me some time considering it's a learning process for me.

----------


## luckruns0ut

That seems weird to me, I wonder if they have made a custom module for that or something. I think I remember Namreeb saying it was possible a while ago, but considering that its normal for innocent DirectX stuff to be injected (like Steam Overlay, Fraps etc) I don't think Blizzard's modules would be finding that.

By the way I hook EndScene in c++ by creating a new device and finding the function in the vtable. I think that's the easiest and most common way to do it but I haven't gotten banned for it.

----------


## namreeb

It is easy to check if a certain module is scanned for by having a list of module names you compare against the hashes you receive from the server. It would look something like this:



```
        private static readonly List<string> ModuleNames = new List<string>
                                                           {
                                                               "DLL1", "DLL2"
                                                           };

        private static bool HashRecognized(uint seed, byte[] hash, out string name)
        {
            name = string.Empty;

            foreach (var module in ModuleNames)
            {
                var sha = new SHA1CryptoServiceProvider();

                var bytes = new List<byte>(4 + hash.Length);

                bytes.AddRange(BitConverter.GetBytes(seed));

                var moduleBytes = new byte[module.Length];
                Buffer.BlockCopy(module.ToCharArray(), 0, moduleBytes, 0, moduleBytes.Length);

                bytes.AddRange(moduleBytes);

                var result = sha.ComputeHash(bytes.ToArray(), 0, bytes.Count);

                Logging.Write("Result: {0}", BytesToHexString(result));
                Logging.Write("Hash:   {0}", BytesToHexString(hash));
            }

                                    case CheckCode.ModuleCheck:
                                        {
                                            var seed = reader.ReadUInt32();
                                            var hash = reader.ReadBytes(20);

                                            Logging.Write("ModuleCheck: seed = 0x{0} hash = {1}", seed.ToString("X"),
                                                BytesToHexString(hash));

                                            string moduleName;
                                            if (HashRecognized(seed, hash, out moduleName))
                                            {
                                                
                                            }

                                            break;
                                        }
```

----------


## tutrakan

> By the way I hook EndScene in c++ by creating a new device and finding the function in the vtable. I think that's the easiest and most common way to do it but I haven't gotten banned for it.


Yeah, for us - the poor users of .net languages are forced to use libraries like slimdx or sharpdx, in order to deal with 3D drawing because the MS managed directx supports only .net 1.1 and 2.0 so far (i wonder if XNA can be used instead for d3d9?).

----------


## luckruns0ut

There's a post in the screenshot thread where someone is drawing to the game via XNA, so it's possible but I don't know if it's worth doing

----------


## tutrakan

> It is easy to check if a certain module is scanned for by having a list of module names you compare against the hashes you receive from the server. It would look something like this:
> 
> 
> 
> ```
> ...
> ```


I suppose you are detouring 0x006CA5C0, but how do you get CheckCode.ModuleCheck?
Thanks.

----------


## namreeb

In this code I am assuming that the standard module is in use (the same one used by virtually all private servers). For that module, the following is true:



```
        public enum CheckCode : byte
        {
            MemCheck = 0xF3,
            PageCheckA = 0xB2,
            PageCheckB = 0xBF,
            MpqCheck = 0x98,
            LuaStrCheck = 0x8B,
            DriverCheck = 0x71,
            TimingCheck = 0x57,
            ProcCheck = 0x7E,
            ModuleCheck = 0xD9,
        }
```

----------


## tutrakan

I meant, was this byte (CheckCode enum) been read between SMSG_WARDEN_DATA and the seed int?

Anyway, now I'm struggling with compiling a mangos zero server.

If ever i survive after this adventure i will be able to debug all server-side behavior and reduce the amount of stupid questions, that i normally post here.

Thanks.

----------


## luckruns0ut

I don't believe mangos actually implements warden, iirc it just sends the SMSG_WARDEN_DATA packet.

And for the check, there's probably a packet that's like a 'warden request' which specifies the check type.

----------


## tutrakan

> I don't believe mangos actually implements warden ...


The latest release of mangos does it.

----------


## tutrakan

Server works just like a charm.

Another Warden related question: what are these PAGE_CHECK_A and PAGE_CHECK_B for?

In database there are 20 bytes (some hash?), address, length, id etc...

Thanks.

----------


## Vandra

> Server works just like a charm.
> 
> Another Warden related question: what are these PAGE_CHECK_A and PAGE_CHECK_B for?
> 
> In database there are 20 bytes (some hash?), address, length, id etc...
> 
> Thanks.


These are known hack addresses, if warden scan one of them, you get banned.

----------


## tutrakan

I meant, how the page check is composed, for example how the address is formed?

Here is an example of such check (PageCheckA = 0xB2, or 178):


```
# id, groupid, build, type, data, str, address, length, result, comment

852, 63, 5875, 178, B5ED443D6CA2F6095BAC8DAFDC8F3413F7B473916357C17E, , 209352, 75, , 
857, 68, 5875, 178, 3B5955C3B498489869990F08A4CAE566A7D689C23990518B, , 156, 8, , 
858, 69, 5875, 178, F24317DAA28AA477996EEBB9538A89569ABF9B185A3EA4E4, , 718842, 23, , 
859, 70, 5875, 178, DA25A4134671325719833878E2556455EC4321A2207B6728, , 198, 10, , 
861, 72, 5875, 178, 4BB92BBD5CA8C192C9D0E1EDB6C21FF3F4A61ED1B151365F, , 673210, 23, , 
862, 73, 5875, 178, 13E8DD1C9F5501A270A59CC4B61311F6D5D18DC3F2AA351A, , 3037164, 22, , 
865, 76, 5875, 178, E37D413DC96A92D3CEAB8A482B8F5397587A0E654C9A0166, , 672954, 23, , 
866, 77, 5875, 178, E7D5551799C2C7F0072BC3149A22F37D09EA1EB83F64C655, , 3045912, 31, ,
```

As we see the address varies from 156 (0x9c) to 3045912 (0x2E7A18).
What I'm missing here, i think, is basic knowledge about memory paging and such.

----------


## namreeb

I believe that the purpose of the page check is to check the start of each memory page (offset by a given amount) for a particular byte pattern. The two different checks are for checking different types of memory pages, though I don't remember the specifics.

Edit: So to be clear, the 'addresses' you mentioned (0x9C, 0x2E7A18, etc.) are probably the offsets into each page to check for the corresponding byte patterns.

----------


## BlackRainBow

*_A - all memory pages
*_B - memory pages with MZ+PE headers

You can see it from reversing module func for checks

----------


## Erke

Hello OC, long time lurker here. Playing around with a 1.12.1 server with the resources found here and i'm having tons of fun! One problem that i've ran into and been unable to solve for a couple of days is proper morphing. I morph by writing to the nativeId and displayId and then calling CGUnit_C__UpdateDisplayInfo (think Sacred posted both the descriptor offsets and the function so +1 to him!) my problem though is that I create abominations by doing this. This is an example of doing from Nelf Female to Undead Female:



```
	void morph(uint id) {
		descriptor<uint>(0x20C, id); //0x1F4 + 0x18 (displayid)
		descriptor<uint>(0x210, id); //0x1F8 + 0x18 (nativeid)
		CGUnit_C__UpdateDisplayInfo(this);
	}
```



Wondering if anyone has any pointers on what I might be doing wrong :x

Edit: Might be worth mentioning that i'm running internally and call my code from the endscene!

----------


## Vandra

> Hello OC, long time lurker here. Playing around with a 1.12.1 server with the resources found here and i'm having tons of fun! One problem that i've ran into and been unable to solve for a couple of days is proper morphing. I morph by writing to the nativeId and displayId and then calling CGUnit_C__UpdateDisplayInfo (think Sacred posted both the descriptor offsets and the function so +1 to him!) my problem though is that I create abominations by doing this. This is an example of doing from Nelf Female to Undead Female:
> 
> 
> 
> ```
> 	void morph(uint id) {
> 		descriptor<uint>(0x20C, id); //0x1F4 + 0x18 (displayid)
> 		descriptor<uint>(0x210, id); //0x1F8 + 0x18 (nativeid)
> 		CGUnit_C__UpdateDisplayInfo(this);
> ...



Not sure what you did wrong but you don't need to change the nativeId, you need to write to unit baseaddresse + UNIT_FIELD_DISPLAYID of the unit you want to morph like this for player:
(this is wotlk/cata stuff btw, may be different on vanilla)

uint character = application.ReadUInt((uint)ObjectManager.Me.BaseAddress+0x :Cool: ;
application.WriteUInt(storage + 0xF8, displayid);

then call CGUnit_C__UpdateDisplayInfo i did it like this:


```
push 1,
mov ecx,  + ObjectManager.Me.BaseAddress,
call + application.MainModule.BaseAddress + Offsets.CGUnit_C__UpdateDisplayInfo,
retn
```

(for vanilla you don't need app.baseaddress since aslr wasn't implemented afaik)

----------


## Erke

> Not sure what you did wrong but you don't need to change the nativeId, you need to write to unit baseaddresse + UNIT_FIELD_DISPLAYID of the unit you want to morph like this for player:
> (this is wotlk/cata stuff btw, may be different on vanilla)
> 
> uint character = application.ReadUInt((uint)ObjectManager.Me.BaseAddress+0x;
> application.WriteUInt(storage + 0xF8, displayid);
> 
> then call CGUnit_C__UpdateDisplayInfo i did it like this:
> 
> 
> ...


Hey, thanks for answering! I was looking at this thread yesterday since it seemed that this guy had the same problem, don't know if he managed to get it resolved though http://www.ownedcore.com/forums/worl...her-issue.html (Morpher Issue) (maybe it'll make more sense to you than what it does to me). To the coding part that's actually exactly what i'm doing 

```
	template<typename T>
	void descriptor(dword field, T value) {
		*(T*)((*(dword*)(this + 0x8)) + field) = value;
	}
```

 this snippet writes to the descriptor successfully and I call the function via a function pointer which is also done with no problems, maybe it's a vanilla thing when more descriptors have to be changed?

----------


## Vandra

> Hey, thanks for answering! I was looking at this thread yesterday since it seemed that this guy had the same problem, don't know if he managed to get it resolved though http://www.ownedcore.com/forums/worl...her-issue.html (Morpher Issue) (maybe it'll make more sense to you than what it does to me). To the coding part that's actually exactly what i'm doing 
> 
> ```
> 	template<typename T>
> 	void descriptor(dword field, T value) {
> 		*(T*)((*(dword*)(this + 0x8)) + field) = value;
> 	}
> ```
> 
>  this snippet writes to the descriptor successfully and I call the function via a function pointer which is also done with no problems, maybe it's a vanilla thing when more descriptors have to be changed?



Are you sure the correct value is written at the correct place ?
If you have your own 1.12.1 server i'd suggest you to track (with CE or whatever) "legit" morphing with .mod morph xxx on the server.

I don't have much experience with morphing for 1.12, maybe you should take a look at a working 1.12.1 morpher to check if something is that different (darklinux's vanilla bot have a morphing feature and it's really nice)

----------


## Erke

> Are you sure the correct value is written at the correct place ?
> If you have your own 1.12.1 server i'd suggest you to track (with CE or whatever) "legit" morphing with .mod morph xxx on the server.
> 
> I don't have much experience with morphing for 1.12, maybe you should take a look at a working 1.12.1 morpher to check if something is that different (darklinux's vanilla bot have a morphing feature and it's really nice)


I'm certain it's correct, if I read the value later with both my own dll and CE it returns the value i've written. I'm messing around with Kronos atm but they use the normal 1.12.1 client so I don't think it should be any different from any other server. Tried to check out Gasai bot but he doesn't share the source afaik.

----------


## tutrakan

> Hello OC, long time lurker here. Playing around with a 1.12.1 server with the resources found here and i'm having tons of fun! ...


I've just found that the race and the gender have to be modified too: https://github.com/l0l1dk/Just-A-Mor...ource/Unit.cpp



```
public WoWRace Race
{
    get { return (WoWRace)UnitBytes0[0]; }
    set { SetAbsoluteDescriptor<byte>((int)UnitFields.UNIT_FIELD_BYTES_0 * 4, (byte)value); }      // byte at 0x78 + 0x18
}       

public WoWGender Gender
{
    get { return (WoWGender)UnitBytes0[2]; }
    set { SetAbsoluteDescriptor<byte>((int)UnitFields.UNIT_FIELD_BYTES_0 * 4 + 2, (byte)value); }     // byte at 0x7A + 0x18
}
```

However, it crashes the client (guess what? zero pointer) at /run ReloadUI() in Script_GetSkillLineInfo.

----------


## tutrakan

Any help with detouring fastcall functions using .net? Ready to use code and GreyMagic will be the best. Thanks.

Just to illustrate what a mess is in my head and how lazy i am right now:


```
_register = Marshal.GetDelegateForFunctionPointer<RegisterDelegate>((IntPtr)0x00704120);
_fastcallRegister = Fastcall.CreateToFastcall<FastcallRegisterDelegate>(Marshal.GetFunctionPointerForDelegate<FastcallRegisterDelegate>(new FastcallRegisterDelegate (RegisterHandler)), "FastcallRegisterDelegate");
_registerDetour = Manager.Memory.Detours.CreateAndApply(_register, _fastcallRegister, "RegisterDetour");
```

Of course this doesn't work.

----------


## Erke

> I've just found that the race and the gender have to be modified too: https://github.com/l0l1dk/Just-A-Mor...ource/Unit.cpp
> 
> 
> 
> ```
> public WoWRace Race
> {
>     get { return (WoWRace)UnitBytes0[0]; }
>     set { SetAbsoluteDescriptor<byte>((int)UnitFields.UNIT_FIELD_BYTES_0 * 4, (byte)value); }      // byte at 0x78 + 0x18
> ...


Thank you so much, with the help you provided I managed to fix it, haven't run into any crashes yet either!

Edit: Here's my function in case it will help anyone in a similar situation. 


```
void morph(uint displayId, uint raceId, byte female) {
	descriptor<uint>(0x20C, displayId); //0x1F4 + 0x18 (displayid)
	descriptor<uint>(0x210, displayId); //0x1F8 + 0x18 (nativeid)
	byte* bytes = (byte*)((*(dword*)(this + 0x8)) + 0x90); //unit_bytes_0
	bytes[0] = raceId;
	bytes[2] = female;
	CGUnit_C__UpdateDisplayInfo(this);
}
```

----------


## tutrakan

> Thank you so much, with the help you provided I managed to fix it, haven't run into any crashes yet either!


My client crashes when i type the command "/run ReloadUI()" after have applied the morph.

But, Hey! I thank you too opening my eyes for the world of model editing!

----------


## Corthezz

> Any help with detouring fastcall functions using .net? Ready to use code and GreyMagic will be the best. Thanks.


Since .net doesnt support FastCall you need to have a wrapper function. you can either implement a trampolin asm code which will switch the registers around from stdcall to fastcall for example or you have a c++ dll like this:



```
void __declspec(dllexport) __stdcall _DoString(char* code, unsigned int parPtr)
{
	typedef void __fastcall func(char* code, char* zero);
	func* f = (func*)parPtr;
	f(code, "Zzuk");
	return;

}
```


Call it like this after loading the dll with LoadLibrary:



```
[DllImport(Libs.FastCall, EntryPoint = "_DoString", CallingConvention = CallingConvention.StdCall)]
private static extern void _DoString(string parLuaCode, IntPtr ptr);

internal static void DoString(string parLuaCode)
{
	_DoString(parLuaCode, funcs.DoString);
	//DoString_Stub(new IntPtr((uint)Offsets.functions.DoString), parLuaCode, parScriptName);
}
```

Please ignore my crappy naming convention in this example  :Big Grin: 

Edit: Nevermind overread the word "detour". Actually I also use inline ASM here: Set a jmp at the function start to your injected asm stub which will switch the registers around and then proceed by calling your c# function.


Different story:
I also wrote a morpher a while back. It succesfully changed the model itself but some details like hair or face werent changed. Anyone know a way to work around this?

Beside from this people who want to work on a 1.12.1 quest bot and are experienced with pathfinding can pm me. Questing engine already finished but I just dont find the time to learn enough about pathfinding to come up with a proper solution.

----------


## danwins

> Thank you so much, with the help you provided I managed to fix it, haven't run into any crashes yet either!
> 
> Edit: Here's my function in case it will help anyone in a similar situation. 
> 
> 
> ```
> void morph(uint displayId, uint raceId, byte female) {
> 	descriptor<uint>(0x20C, displayId); //0x1F4 + 0x18 (displayid)
> 	descriptor<uint>(0x210, displayId); //0x1F8 + 0x18 (nativeid)
> ...


the reason i never did this on live was because it would cause issues with class restricted items (pvp trinkets etc.) causing them to be un usable.

the solution was to edit the things mentioned in the thread you linked.

----------


## tutrakan

...

Edit: Sorry for the off topic.

----------


## namreeb

This thread has gotten quite off topic. May I request that for future posts which are not related to sharing information on the 1.12.1 client that you create a new thread?

----------


## tutrakan

Nicely looking and useful struct-like formatted descriptors (and make sure pre-processor with "#pragma pack(1)" for proper alignment if used in c++):


```
struct ItemEnchantment
{
	int Id;
	int Duration;
	int Charges;
};

struct ObjectFields
{
	QWORD OBJECT_FIELD_GUID;                                // 0x00000000
	DWORD OBJECT_FIELD_TYPE;                                // 0x00000008
	DWORD OBJECT_FIELD_ENTRY;                               // 0x0000000C
	DWORD OBJECT_FIELD_SCALE_X;                             // 0x00000010
	DWORD OBJECT_FIELD_PADDING;                             // 0x00000014
};

struct ItemFields
{
	ObjectFields objectFields;
	QWORD ITEM_FIELD_OWNER;                                 // 0x00000018
	QWORD ITEM_FIELD_CONTAINED;                             // 0x00000020
	QWORD ITEM_FIELD_CREATOR;                               // 0x00000028
	QWORD ITEM_FIELD_GIFTCREATOR;                           // 0x00000030
	DWORD ITEM_FIELD_STACK_COUNT;                           // 0x00000038
	DWORD ITEM_FIELD_DURATION;                              // 0x0000003C
	DWORD ITEM_FIELD_SPELL_CHARGES[5];                      // 0x00000040
	DWORD ITEM_FIELD_FLAGS;                                 // 0x00000054
	ItemEnchantment PERM_ENCHANTMENT_SLOT;                  // 0x00000058
	ItemEnchantment TEMP_ENCHANTMENT_SLOT;                  // 0x00000064
	ItemEnchantment MAX_INSPECTED_ENCHANTMENT_SLOT;         // 0x00000070
	ItemEnchantment PROP_ENCHANTMENT_SLOT_0;                // 0x0000007C
	ItemEnchantment PROP_ENCHANTMENT_SLOT_1;                // 0x00000088
	ItemEnchantment PROP_ENCHANTMENT_SLOT_2;                // 0x00000094
	ItemEnchantment PROP_ENCHANTMENT_SLOT_3;                // 0x000000A0
	DWORD ITEM_FIELD_PROPERTY_SEED;                         // 0x000000AC
	DWORD ITEM_FIELD_RANDOM_PROPERTIES_ID;                  // 0x000000B0
	DWORD ITEM_FIELD_ITEM_TEXT_ID;                          // 0x000000B4
	DWORD ITEM_FIELD_DURABILITY;                            // 0x000000B8
	DWORD ITEM_FIELD_MAXDURABILITY;                         // 0x000000BC
};

struct ContainerFields
{
	ItemFields itemFields;
	DWORD CONTAINER_FIELD_NUM_SLOTS;                        // 0x000000C0
	DWORD CONTAINER_ALIGN_PAD;                              // 0x000000C4
	DWORD CONTAINER_FIELD_SLOT_1[72];                       // 0x000000C8
};

struct UnitFields
{
	ObjectFields objectFields;
	QWORD UNIT_FIELD_CHARM;                                 // 0x00000018
	QWORD UNIT_FIELD_SUMMON;                                // 0x00000020
	QWORD UNIT_FIELD_CHARMEDBY;                             // 0x00000028
	QWORD UNIT_FIELD_SUMMONEDBY;                            // 0x00000030
	QWORD UNIT_FIELD_CREATEDBY;                             // 0x00000038
	QWORD UNIT_FIELD_TARGET;                                // 0x00000040
	QWORD UNIT_FIELD_PERSUADED;                             // 0x00000048
	QWORD UNIT_FIELD_CHANNEL_OBJECT;                        // 0x00000050
	DWORD UNIT_FIELD_HEALTH;                                // 0x00000058
	DWORD UNIT_FIELD_POWER1;                                // 0x0000005C
	DWORD UNIT_FIELD_POWER2;                                // 0x00000060
	DWORD UNIT_FIELD_POWER3;                                // 0x00000064
	DWORD UNIT_FIELD_POWER4;                                // 0x00000068
	DWORD UNIT_FIELD_POWER5;                                // 0x0000006C
	DWORD UNIT_FIELD_MAXHEALTH;                             // 0x00000070
	DWORD UNIT_FIELD_MAXPOWER1;                             // 0x00000074
	DWORD UNIT_FIELD_MAXPOWER2;                             // 0x00000078
	DWORD UNIT_FIELD_MAXPOWER3;                             // 0x0000007C
	DWORD UNIT_FIELD_MAXPOWER4;                             // 0x00000080
	DWORD UNIT_FIELD_MAXPOWER5;                             // 0x00000084
	DWORD UNIT_FIELD_LEVEL;                                 // 0x00000088
	DWORD UNIT_FIELD_FACTIONTEMPLATE;                       // 0x0000008C
	byte  UNIT_FIELD_RACE;                                  // 0x00000090
	byte  UNIT_FIELD_CLASS;                                 // 0x00000091
	byte  UNIT_FIELD_GENDER;                                // 0x00000092
	byte  UNIT_FIELD_POWER_TYPE;                            // 0x00000093
	DWORD UNIT_VIRTUAL_ITEM_SLOT_DISPLAY[3];                // 0x00000094
	DWORD UNIT_VIRTUAL_ITEM_INFO[6];                        // 0x000000A0
	DWORD UNIT_FIELD_FLAGS;                                 // 0x000000B8
	DWORD UNIT_FIELD_AURA[48];                              // 0x000000BC
	DWORD UNIT_FIELD_AURAFLAGS[6];                          // 0x0000017C
	DWORD UNIT_FIELD_AURALEVELS[12];                        // 0x00000194
	DWORD UNIT_FIELD_AURAAPPLICATIONS[12];                  // 0x000001C4
	DWORD UNIT_FIELD_AURASTATE;                             // 0x000001F4
	QWORD UNIT_FIELD_BASEATTACKTIME;                        // 0x000001F8
	DWORD UNIT_FIELD_RANGEDATTACKTIME;                      // 0x00000200
	DWORD UNIT_FIELD_BOUNDINGRADIUS;                        // 0x00000204
	DWORD UNIT_FIELD_COMBATREACH;                           // 0x00000208
	DWORD UNIT_FIELD_DISPLAYID;                             // 0x0000020C
	DWORD UNIT_FIELD_NATIVEDISPLAYID;                       // 0x00000210
	DWORD UNIT_FIELD_MOUNTDISPLAYID;                        // 0x00000214
	DWORD UNIT_FIELD_MINDAMAGE;                             // 0x00000218
	DWORD UNIT_FIELD_MAXDAMAGE;                             // 0x0000021C
	DWORD UNIT_FIELD_MINOFFHANDDAMAGE;                      // 0x00000220
	DWORD UNIT_FIELD_MAXOFFHANDDAMAGE;                      // 0x00000224
	byte  UNIT_FIELD_BYTES_1[4];                            // 0x00000228
	DWORD UNIT_FIELD_PETNUMBER;                             // 0x0000022C
	DWORD UNIT_FIELD_PET_NAME_TIMESTAMP;                    // 0x00000230
	DWORD UNIT_FIELD_PETEXPERIENCE;                         // 0x00000234
	DWORD UNIT_FIELD_PETNEXTLEVELEXP;                       // 0x00000238
	DWORD UNIT_DYNAMIC_FLAGS;                               // 0x0000023C
	DWORD UNIT_CHANNEL_SPELL;                               // 0x00000240
	DWORD UNIT_MOD_CAST_SPEED;                              // 0x00000244
	DWORD UNIT_CREATED_BY_SPELL;                            // 0x00000248
	DWORD UNIT_NPC_FLAGS;                                   // 0x0000024C
	DWORD UNIT_NPC_EMOTESTATE;                              // 0x00000250
	DWORD UNIT_TRAINING_POINTS;                             // 0x00000254
	DWORD UNIT_FIELD_STAT0;                                 // 0x00000258
	DWORD UNIT_FIELD_STAT1;                                 // 0x0000025C
	DWORD UNIT_FIELD_STAT2;                                 // 0x00000260
	DWORD UNIT_FIELD_STAT3;                                 // 0x00000264
	DWORD UNIT_FIELD_STAT4;                                 // 0x00000268
	DWORD UNIT_FIELD_RESISTANCES[7];                        // 0x0000026C
	DWORD UNIT_FIELD_BASE_MANA;                             // 0x00000288
	DWORD UNIT_FIELD_BASE_HEALTH;                           // 0x0000028C
	byte  UNIT_FIELD_BYTES_2[4];                            // 0x00000290
	DWORD UNIT_FIELD_ATTACK_POWER;                          // 0x00000294
	DWORD UNIT_FIELD_ATTACK_POWER_MODS;                     // 0x00000298
	DWORD UNIT_FIELD_ATTACK_POWER_MULTIPLIER;               // 0x0000029C
	DWORD UNIT_FIELD_RANGED_ATTACK_POWER;                   // 0x000002A0
	DWORD UNIT_FIELD_RANGED_ATTACK_POWER_MODS;              // 0x000002A4
	DWORD UNIT_FIELD_RANGED_ATTACK_POWER_MULTIPLIER;        // 0x000002A8
	DWORD UNIT_FIELD_MINRANGEDDAMAGE;                       // 0x000002AC
	DWORD UNIT_FIELD_MAXRANGEDDAMAGE;                       // 0x000002B0
	DWORD UNIT_FIELD_POWER_COST_MODIFIER[7];                // 0x000002B4
	DWORD UNIT_FIELD_POWER_COST_MULTIPLIER[7];              // 0x000002D0
	DWORD UNIT_FIELD_PADDING;                               // 0x000002EC
};

auto ufz = sizeof(UnitFields);	//752

struct PlayerFields
{
	UnitFields unitFields;
	QWORD PLAYER_DUEL_ARBITER;                              // 0x000002F0
	DWORD PLAYER_FLAGS;                                     // 0x000002F8
	DWORD PLAYER_GUILDID;                                   // 0x000002FC
	DWORD PLAYER_GUILDRANK;                                 // 0x00000300
	byte PLAYER_BYTES[4];                                   // 0x00000304
	byte PLAYER_BYTES_2[4];                                 // 0x00000308
	byte PLAYER_BYTES_3[4];                                 // 0x0000030C
	DWORD PLAYER_DUEL_TEAM;                                 // 0x00000310
	DWORD PLAYER_GUILD_TIMESTAMP;                           // 0x00000314
	DWORD PLAYER_QUEST_LOG_1_1;                             // 0x00000318
	QWORD PLAYER_QUEST_LOG_1_2;                             // 0x0000031C
	DWORD PLAYER_QUEST_LOG_2_1;                             // 0x00000324
	QWORD PLAYER_QUEST_LOG_2_2;                             // 0x00000328
	DWORD PLAYER_QUEST_LOG_3_1;                             // 0x00000330
	QWORD PLAYER_QUEST_LOG_3_2;                             // 0x00000334
	DWORD PLAYER_QUEST_LOG_4_1;                             // 0x0000033C
	QWORD PLAYER_QUEST_LOG_4_2;                             // 0x00000340
	DWORD PLAYER_QUEST_LOG_5_1;                             // 0x00000348
	QWORD PLAYER_QUEST_LOG_5_2;                             // 0x0000034C
	DWORD PLAYER_QUEST_LOG_6_1;                             // 0x00000354
	QWORD PLAYER_QUEST_LOG_6_2;                             // 0x00000358
	DWORD PLAYER_QUEST_LOG_7_1;                             // 0x00000360
	QWORD PLAYER_QUEST_LOG_7_2;                             // 0x00000364
	DWORD PLAYER_QUEST_LOG_8_1;                             // 0x0000036C
	QWORD PLAYER_QUEST_LOG_8_2;                             // 0x00000370
	DWORD PLAYER_QUEST_LOG_9_1;                             // 0x00000378
	QWORD PLAYER_QUEST_LOG_9_2;                             // 0x0000037C
	DWORD PLAYER_QUEST_LOG_10_1;                            // 0x00000384
	QWORD PLAYER_QUEST_LOG_10_2;                            // 0x00000388
	DWORD PLAYER_QUEST_LOG_11_1;                            // 0x00000390
	QWORD PLAYER_QUEST_LOG_11_2;                            // 0x00000394
	DWORD PLAYER_QUEST_LOG_12_1;                            // 0x0000039C
	QWORD PLAYER_QUEST_LOG_12_2;                            // 0x000003A0
	DWORD PLAYER_QUEST_LOG_13_1;                            // 0x000003A8
	QWORD PLAYER_QUEST_LOG_13_2;                            // 0x000003AC
	DWORD PLAYER_QUEST_LOG_14_1;                            // 0x000003B4
	QWORD PLAYER_QUEST_LOG_14_2;                            // 0x000003B8
	DWORD PLAYER_QUEST_LOG_15_1;                            // 0x000003C0
	QWORD PLAYER_QUEST_LOG_15_2;                            // 0x000003C4
	DWORD PLAYER_QUEST_LOG_16_1;                            // 0x000003CC
	QWORD PLAYER_QUEST_LOG_16_2;                            // 0x000003D0
	DWORD PLAYER_QUEST_LOG_17_1;                            // 0x000003D8
	QWORD PLAYER_QUEST_LOG_17_2;                            // 0x000003DC
	DWORD PLAYER_QUEST_LOG_18_1;                            // 0x000003E4
	QWORD PLAYER_QUEST_LOG_18_2;                            // 0x000003E8
	DWORD PLAYER_QUEST_LOG_19_1;                            // 0x000003F0
	QWORD PLAYER_QUEST_LOG_19_2;                            // 0x000003F4
	DWORD PLAYER_QUEST_LOG_20_1;                            // 0x000003FC
	QWORD PLAYER_QUEST_LOG_20_2;                            // 0x00000400
	QWORD PLAYER_VISIBLE_ITEM_1_CREATOR;                    // 0x00000408
	DWORD PLAYER_VISIBLE_ITEM_1_0[8];                       // 0x00000410
	DWORD PLAYER_VISIBLE_ITEM_1_PROPERTIES;                 // 0x00000430
	DWORD PLAYER_VISIBLE_ITEM_1_PAD;                        // 0x00000434
	QWORD PLAYER_VISIBLE_ITEM_2_CREATOR;                    // 0x00000438
	DWORD PLAYER_VISIBLE_ITEM_2_0[8];                       // 0x00000440
	DWORD PLAYER_VISIBLE_ITEM_2_PROPERTIES;                 // 0x00000460
	DWORD PLAYER_VISIBLE_ITEM_2_PAD;                        // 0x00000464
	QWORD PLAYER_VISIBLE_ITEM_3_CREATOR;                    // 0x00000468
	DWORD PLAYER_VISIBLE_ITEM_3_0[8];                       // 0x00000470
	DWORD PLAYER_VISIBLE_ITEM_3_PROPERTIES;                 // 0x00000490
	DWORD PLAYER_VISIBLE_ITEM_3_PAD;                        // 0x00000494
	QWORD PLAYER_VISIBLE_ITEM_4_CREATOR;                    // 0x00000498
	DWORD PLAYER_VISIBLE_ITEM_4_0[8];                       // 0x000004A0
	DWORD PLAYER_VISIBLE_ITEM_4_PROPERTIES;                 // 0x000004C0
	DWORD PLAYER_VISIBLE_ITEM_4_PAD;                        // 0x000004C4
	QWORD PLAYER_VISIBLE_ITEM_5_CREATOR;                    // 0x000004C8
	DWORD PLAYER_VISIBLE_ITEM_5_0[8];                       // 0x000004D0
	DWORD PLAYER_VISIBLE_ITEM_5_PROPERTIES;                 // 0x000004F0
	DWORD PLAYER_VISIBLE_ITEM_5_PAD;                        // 0x000004F4
	QWORD PLAYER_VISIBLE_ITEM_6_CREATOR;                    // 0x000004F8
	DWORD PLAYER_VISIBLE_ITEM_6_0[8];                       // 0x00000500
	DWORD PLAYER_VISIBLE_ITEM_6_PROPERTIES;                 // 0x00000520
	DWORD PLAYER_VISIBLE_ITEM_6_PAD;                        // 0x00000524
	QWORD PLAYER_VISIBLE_ITEM_7_CREATOR;                    // 0x00000528
	DWORD PLAYER_VISIBLE_ITEM_7_0[8];                       // 0x00000530
	DWORD PLAYER_VISIBLE_ITEM_7_PROPERTIES;                 // 0x00000550
	DWORD PLAYER_VISIBLE_ITEM_7_PAD;                        // 0x00000554
	QWORD PLAYER_VISIBLE_ITEM_8_CREATOR;                    // 0x00000558
	DWORD PLAYER_VISIBLE_ITEM_8_0[8];                       // 0x00000560
	DWORD PLAYER_VISIBLE_ITEM_8_PROPERTIES;                 // 0x00000580
	DWORD PLAYER_VISIBLE_ITEM_8_PAD;                        // 0x00000584
	QWORD PLAYER_VISIBLE_ITEM_9_CREATOR;                    // 0x00000588
	DWORD PLAYER_VISIBLE_ITEM_9_0[8];                       // 0x00000590
	DWORD PLAYER_VISIBLE_ITEM_9_PROPERTIES;                 // 0x000005B0
	DWORD PLAYER_VISIBLE_ITEM_9_PAD;                        // 0x000005B4
	QWORD PLAYER_VISIBLE_ITEM_10_CREATOR;                   // 0x000005B8
	DWORD PLAYER_VISIBLE_ITEM_10_0[8];                      // 0x000005C0
	DWORD PLAYER_VISIBLE_ITEM_10_PROPERTIES;                // 0x000005E0
	DWORD PLAYER_VISIBLE_ITEM_10_PAD;                       // 0x000005E4
	QWORD PLAYER_VISIBLE_ITEM_11_CREATOR;                   // 0x000005E8
	DWORD PLAYER_VISIBLE_ITEM_11_0[8];                      // 0x000005F0
	DWORD PLAYER_VISIBLE_ITEM_11_PROPERTIES;                // 0x00000610
	DWORD PLAYER_VISIBLE_ITEM_11_PAD;                       // 0x00000614
	QWORD PLAYER_VISIBLE_ITEM_12_CREATOR;                   // 0x00000618
	DWORD PLAYER_VISIBLE_ITEM_12_0[8];                      // 0x00000620
	DWORD PLAYER_VISIBLE_ITEM_12_PROPERTIES;                // 0x00000640
	DWORD PLAYER_VISIBLE_ITEM_12_PAD;                       // 0x00000644
	QWORD PLAYER_VISIBLE_ITEM_13_CREATOR;                   // 0x00000648
	DWORD PLAYER_VISIBLE_ITEM_13_0[8];                      // 0x00000650
	DWORD PLAYER_VISIBLE_ITEM_13_PROPERTIES;                // 0x00000670
	DWORD PLAYER_VISIBLE_ITEM_13_PAD;                       // 0x00000674
	QWORD PLAYER_VISIBLE_ITEM_14_CREATOR;                   // 0x00000678
	DWORD PLAYER_VISIBLE_ITEM_14_0[8];                      // 0x00000680
	DWORD PLAYER_VISIBLE_ITEM_14_PROPERTIES;                // 0x000006A0
	DWORD PLAYER_VISIBLE_ITEM_14_PAD;                       // 0x000006A4
	QWORD PLAYER_VISIBLE_ITEM_15_CREATOR;                   // 0x000006A8
	DWORD PLAYER_VISIBLE_ITEM_15_0[8];                      // 0x000006B0
	DWORD PLAYER_VISIBLE_ITEM_15_PROPERTIES;                // 0x000006D0
	DWORD PLAYER_VISIBLE_ITEM_15_PAD;                       // 0x000006D4
	QWORD PLAYER_VISIBLE_ITEM_16_CREATOR;                   // 0x000006D8
	DWORD PLAYER_VISIBLE_ITEM_16_0[8];                      // 0x000006E0
	DWORD PLAYER_VISIBLE_ITEM_16_PROPERTIES;                // 0x00000700
	DWORD PLAYER_VISIBLE_ITEM_16_PAD;                       // 0x00000704
	QWORD PLAYER_VISIBLE_ITEM_17_CREATOR;                   // 0x00000708
	DWORD PLAYER_VISIBLE_ITEM_17_0[8];                      // 0x00000710
	DWORD PLAYER_VISIBLE_ITEM_17_PROPERTIES;                // 0x00000730
	DWORD PLAYER_VISIBLE_ITEM_17_PAD;                       // 0x00000734
	QWORD PLAYER_VISIBLE_ITEM_18_CREATOR;                   // 0x00000738
	DWORD PLAYER_VISIBLE_ITEM_18_0[8];                      // 0x00000740
	DWORD PLAYER_VISIBLE_ITEM_18_PROPERTIES;                // 0x00000760
	DWORD PLAYER_VISIBLE_ITEM_18_PAD;                       // 0x00000764
	QWORD PLAYER_VISIBLE_ITEM_19_CREATOR;                   // 0x00000768
	DWORD PLAYER_VISIBLE_ITEM_19_0[8];                      // 0x00000770
	DWORD PLAYER_VISIBLE_ITEM_19_PROPERTIES;                // 0x00000790
	DWORD PLAYER_VISIBLE_ITEM_19_PAD;                       // 0x00000794
	QWORD PLAYER_FIELD_INV_SLOT_HEAD;                       // 0x00000798
	QWORD PLAYER_FIELD_INV_SLOT_NECK;                       // 0x000007A0
	QWORD PLAYER_FIELD_INV_SLOT_SHOULDER;                   // 0x000007A8
	QWORD PLAYER_FIELD_INV_SLOT_SHIRT;                      // 0x000007B0
	QWORD PLAYER_FIELD_INV_SLOT_CHEST;                      // 0x000007B8
	QWORD PLAYER_FIELD_INV_SLOT_WAIST;                      // 0x000007C0
	QWORD PLAYER_FIELD_INV_SLOT_LEGS;                       // 0x000007C8
	QWORD PLAYER_FIELD_INV_SLOT_FEET;                       // 0x000007D0
	QWORD PLAYER_FIELD_INV_SLOT_WRIST;                      // 0x000007D8
	QWORD PLAYER_FIELD_INV_SLOT_HANDS;                      // 0x000007E0
	QWORD PLAYER_FIELD_INV_SLOT_FINGER1;                    // 0x000007E8
	QWORD PLAYER_FIELD_INV_SLOT_FINGER2;                    // 0x000007F0
	QWORD PLAYER_FIELD_INV_SLOT_TRINKET1;                   // 0x000007F8
	QWORD PLAYER_FIELD_INV_SLOT_TRINKET2;                   // 0x00000800
	QWORD PLAYER_FIELD_INV_SLOT_BACK;                       // 0x00000808
	QWORD PLAYER_FIELD_INV_SLOT_MAIN_HAND;                  // 0x00000810
	QWORD PLAYER_FIELD_INV_SLOT_OFF_HAND;                   // 0x00000818
	QWORD PLAYER_FIELD_INV_SLOT_RANGED;                     // 0x00000820
	QWORD PLAYER_FIELD_INV_SLOT_TABARD;                     // 0x00000828
	QWORD PLAYER_FIELD_INV_SLOT_BAG1;                       // 0x00000830
	QWORD PLAYER_FIELD_INV_SLOT_BAG2;                       // 0x00000838
	QWORD PLAYER_FIELD_INV_SLOT_BAG3;                       // 0x00000840
	QWORD PLAYER_FIELD_INV_SLOT_BAG4;                       // 0x00000848
	QWORD PLAYER_FIELD_PACK_SLOT_1[16];                     // 0x00000850
	QWORD PLAYER_FIELD_BANK_SLOT_1[24];                     // 0x000008D0
	QWORD PLAYER_FIELD_BANKBAG_SLOT_1[6];                   // 0x00000990
	QWORD PLAYER_FIELD_VENDORBUYBACK_SLOT_1[12];            // 0x000009C0
	QWORD PLAYER_FIELD_KEYRING_SLOT_1[32];                  // 0x00000A20
	QWORD PLAYER_FARSIGHT;                                  // 0x00000B20
	QWORD PLAYER__FIELD_COMBO_TARGET;                       // 0x00000B28
	DWORD PLAYER_XP;                                        // 0x00000B30
	DWORD PLAYER_NEXT_LEVEL_XP;                             // 0x00000B34
	DWORD PLAYER_SKILL_INFO_1_1[384];                       // 0x00000B38
	DWORD PLAYER_CHARACTER_POINTS1;                         // 0x00001138
	DWORD PLAYER_CHARACTER_POINTS2;                         // 0x0000113C
	DWORD PLAYER_TRACK_CREATURES;                           // 0x00001140
	DWORD PLAYER_TRACK_RESOURCES;                           // 0x00001144
	DWORD PLAYER_BLOCK_PERCENTAGE;                          // 0x00001148
	DWORD PLAYER_DODGE_PERCENTAGE;                          // 0x0000114C
	DWORD PLAYER_PARRY_PERCENTAGE;                          // 0x00001150
	DWORD PLAYER_CRIT_PERCENTAGE;                           // 0x00001154
	DWORD PLAYER_RANGED_CRIT_PERCENTAGE;                    // 0x00001158
	DWORD PLAYER_EXPLORED_ZONES_1[64];                      // 0x0000115C
	DWORD PLAYER_REST_STATE_EXPERIENCE;                     // 0x0000125C
	DWORD PLAYER_FIELD_COINAGE;                             // 0x00001260
	DWORD PLAYER_FIELD_POSSTAT0;                            // 0x00001264
	DWORD PLAYER_FIELD_POSSTAT1;                            // 0x00001268
	DWORD PLAYER_FIELD_POSSTAT2;                            // 0x0000126C
	DWORD PLAYER_FIELD_POSSTAT3;                            // 0x00001270
	DWORD PLAYER_FIELD_POSSTAT4;                            // 0x00001274
	DWORD PLAYER_FIELD_NEGSTAT0;                            // 0x00001278
	DWORD PLAYER_FIELD_NEGSTAT1;                            // 0x0000127C
	DWORD PLAYER_FIELD_NEGSTAT2;                            // 0x00001280
	DWORD PLAYER_FIELD_NEGSTAT3;                            // 0x00001284
	DWORD PLAYER_FIELD_NEGSTAT4;                            // 0x00001288
	DWORD PLAYER_FIELD_RESISTANCEBUFFMODSPOSITIVE[7];       // 0x0000128C
	DWORD PLAYER_FIELD_RESISTANCEBUFFMODSNEGATIVE[7];       // 0x000012A8
	DWORD PLAYER_FIELD_MOD_DAMAGE_DONE_POS[7];              // 0x000012C4
	DWORD PLAYER_FIELD_MOD_DAMAGE_DONE_NEG[7];              // 0x000012E0
	DWORD PLAYER_FIELD_MOD_DAMAGE_DONE_PCT[7];              // 0x000012FC
	DWORD PLAYER_FIELD_BYTES;                               // 0x00001318
	DWORD PLAYER_AMMO_ID;                                   // 0x0000131C
	DWORD PLAYER_SELF_RES_SPELL;                            // 0x00001320
	DWORD PLAYER_FIELD_PVP_MEDALS;                          // 0x00001324
	DWORD PLAYER_FIELD_BUYBACK_PRICE_1[12];                 // 0x00001328
	DWORD PLAYER_FIELD_BUYBACK_TIMESTAMP_1[12];             // 0x00001358
	DWORD PLAYER_FIELD_SESSION_KILLS;                       // 0x00001388
	DWORD PLAYER_FIELD_YESTERDAY_KILLS;                     // 0x0000138C
	DWORD PLAYER_FIELD_LAST_WEEK_KILLS;                     // 0x00001390
	DWORD PLAYER_FIELD_THIS_WEEK_KILLS;                     // 0x00001394
	DWORD PLAYER_FIELD_THIS_WEEK_CONTRIBUTION;              // 0x00001398
	DWORD PLAYER_FIELD_LIFETIME_HONORBALE_KILLS;            // 0x0000139C
	DWORD PLAYER_FIELD_LIFETIME_DISHONORBALE_KILLS;         // 0x000013A0
	DWORD PLAYER_FIELD_YESTERDAY_CONTRIBUTION;              // 0x000013A4
	DWORD PLAYER_FIELD_LAST_WEEK_CONTRIBUTION;              // 0x000013A8
	DWORD PLAYER_FIELD_LAST_WEEK_RANK;                      // 0x000013AC
	byte PLAYER_FIELD_BYTES2[4];                            // 0x000013B0
	DWORD PLAYER_FIELD_WATCHED_FACTION_INDEX;               // 0x000013B4
	DWORD PLAYER_FIELD_COMBAT_RATING_1;                     // 0x000013B8
};

auto pfz = sizeof(PlayerFields);	//5052

struct GameObjectFields
{
	ObjectFields objectFields;
	QWORD OBJECT_FIELD_CREATED_BY;                          // 0x00000018
	DWORD GAMEOBJECT_DISPLAYID;                             // 0x00000020
	DWORD GAMEOBJECT_FLAGS;                                 // 0x00000024
	DWORD GAMEOBJECT_ROTATION[4];                           // 0x00000028
	DWORD GAMEOBJECT_STATE;                                 // 0x00000038
	DWORD GAMEOBJECT_POS_X;                                 // 0x0000003C
	DWORD GAMEOBJECT_POS_Y;                                 // 0x00000040
	DWORD GAMEOBJECT_POS_Z;                                 // 0x00000044
	DWORD GAMEOBJECT_FACING;                                // 0x00000048
	DWORD GAMEOBJECT_DYN_FLAGS;                             // 0x0000004C
	DWORD GAMEOBJECT_FACTION;                               // 0x00000050
	DWORD GAMEOBJECT_TYPE_ID;                               // 0x00000054
	DWORD GAMEOBJECT_LEVEL;                                 // 0x00000058
	DWORD GAMEOBJECT_ARTKIT;                                // 0x0000005C
	DWORD GAMEOBJECT_ANIMPROGRESS;                          // 0x00000060
	DWORD GAMEOBJECT_PADDING;                               // 0x00000064
};

struct DynamicObjectFields
{
	ObjectFields objectFields;
	QWORD DYNAMICOBJECT_CASTER;                             // 0x00000018
	byte  DYNAMICOBJECT_BYTES[4];                           // 0x00000020
	DWORD DYNAMICOBJECT_SPELLID;                            // 0x00000024
	DWORD DYNAMICOBJECT_RADIUS;                             // 0x00000028
	DWORD DYNAMICOBJECT_POS_X;                              // 0x0000002C
	DWORD DYNAMICOBJECT_POS_Y;                              // 0x00000030
	DWORD DYNAMICOBJECT_POS_Z;                              // 0x00000034
	DWORD DYNAMICOBJECT_FACING;                             // 0x00000038
	DWORD DYNAMICOBJECT_PAD;                                // 0x0000003C
};

struct CorpseFields
{
	ObjectFields objectFields;
	QWORD CORPSE_FIELD_OWNER;                               // 0x00000018
	DWORD CORPSE_FIELD_FACING;                              // 0x00000020
	DWORD CORPSE_FIELD_POS_X;                               // 0x00000024
	DWORD CORPSE_FIELD_POS_Y;                               // 0x00000028
	DWORD CORPSE_FIELD_POS_Z;                               // 0x0000002C
	DWORD CORPSE_FIELD_DISPLAY_ID;                          // 0x00000030
	DWORD CORPSE_FIELD_ITEM[19];                            // 0x00000034
	byte  CORPSE_FIELD_BYTES_1[4];                          // 0x00000080
	byte  CORPSE_FIELD_BYTES_2[4];                          // 0x00000084
	DWORD CORPSE_FIELD_GUILD;                               // 0x00000088
	DWORD CORPSE_FIELD_FLAGS;                               // 0x0000008C
	DWORD CORPSE_FIELD_DYNAMIC_FLAGS;                       // 0x00000090
	DWORD CORPSE_FIELD_PAD;                                 // 0x00000094
};
```

----------


## tutrakan

Reversing question:

What is the size (or how can I get it?) of Object (0x110 ?), Item, Container, Unit, Player, GameObject, DynamicObject and Corpse structures in memory?

Update: Got them from here - 0x00466C70, the sub right after AllocateNewObject that namreeb mentioned.


```
Object: 0x110;      
Item: 0x348;     
Container: 0x6E0;
Unit: 0xE68;
Player: 0x1D70;
GameObject: 0x288;
DynamicObject: 0x1A0;
Corpse: 0x2B8;
```

----------


## namreeb

I'm not sure of the sizes, but the function that allocates them is this:



```
CGObject_C *__thiscall AllocateNewObject(TypeID objectType, __int64 guid)
```

It is located at 0x466E00.

----------


## tutrakan

> I dont know if they can scan other modules. They do scan dynamic memory, I only posted static addresses. It would be pointless to post all 110+ scans as most are allocated on the heap. I could post the player base but it still would only help you resolve 10 address or so...


Any example of a heap check? Is it still a MEM_CHECK?

Thanks.

----------


## _CodeMonkey

This server http://valkyrie-wow.org had implemented warden integrity check, it scans for detours in warden module (currently it scans 0x2A8E address in warden module, 21 bytes length).



```
[00:30:33] CheckType B2 (CD)
[00:30:33] Seed: 0x9888D155
[00:30:33] SHA1: 0x3A 33 C0 6F B1 F3 87 2E 71 4C 9D E1 CF 2F 41 65 EA 95 DE E8 
[00:30:33] Address: 0x00002A8E
[00:30:33] Bytes to read: 21
```

I used to detour warden memcheck function and redirect scans to binary .text/.rdata sections. But now it's seems to be impossible due to integrity check, what is the easiest and safest method to bypass PAGE_CHECK_A? Any advice?

----------


## -Ryuk-

> This server http://valkyrie-wow.org had implemented warden integrity check, it scans for detours in warden module (currently it scans 0x2A8E address in warden module, 21 bytes length).
> 
> 
> 
> ```
> [00:30:33] CheckType B2 (CD)
> [00:30:33] Seed: 0x9888D155
> [00:30:33] SHA1: 0x3A 33 C0 6F B1 F3 87 2E 71 4C 9D E1 CF 2F 41 65 EA 95 DE E8 
> [00:30:33] Address: 0x00002A8E
> ...


Detour the function that is checking the integrity or better yet... detour NtVirtualQuery and not let it have access to the area

Be aware though, that detouring VirtualQuery although without looking at the integrity check code this is the 'best way' they might flag your account if the module does not exist (or its hidden). If this is the case detouring the function that is calling the checks would be a better option.

----------


## _CodeMonkey

Apparently there's no need to detour or modify anything. As PAGE_CHECK_A scans all pages for a certain pattern, i just allocated unmodified warden module and never get detected.

----------


## tygrarius84

> Apparently there's no need to detour or modify anything. As PAGE_CHECK_A scans all pages for a certain pattern, i just allocated unmodified warden module and never get detected.


You can write more?

----------


## namreeb

> Apparently there's no need to detour or modify anything. As PAGE_CHECK_A scans all pages for a certain pattern, i just allocated unmodified warden module and never get detected.


+5 rep for an innovative solution!

----------


## _CodeMonkey

> +5 rep for an innovative solution!


Haha, thanks  :Big Grin:  I did something stupid?

----------


## namreeb

> Haha, thanks  I did something stupid?


No, I was being serious. The Warden page scans report if they find the matching page. If a server is clever enough, they can make it so the standard removing of all patches before (and re-applying after) Warden is tick'd by the client is not enough.

----------


## sparkley

Active player's current class is at 00CECAAC (the ids are from CBDClass entry +0x3C)

public enum ClassType
{
None = 0,
Warrior = 4, //1,
Paladin = 10, //2,
Hunter = 9, //3,
Rogue = 8, //4,
Priest = 6, //5,
Shaman = 11, //7,
Mage = 3, //8,
Warlock = 5, //9,
Druid = 7, //11
}

----------


## derekman007

Anyone know how to get a Unit's height? I want to draw boxes around units in Direct X and I'm stuck trying to find a Unit's height. Looking through the named idb for alpha to see if I can find anything.

----------


## Vandra

It's inside CGPlayer_C (or maybe CGUnit_C i can't remember), but for most cases you can just use tauren's height.

----------


## luckruns0ut

Does anyone know which packet opcode contains the player's gold?

----------


## namreeb

> Does anyone know which packet opcode contains the player's gold?


It is not its own packet. It's in the descriptors which come from SMSG_UPDATE_OBJECT

----------


## luckruns0ut

> It is not its own packet. It's in the descriptors which come from SMSG_UPDATE_OBJECT


Aha, I spent ages looking through Mangos for it yesterday, thanks.

----------


## djanius

Hello guys! Please, tell me how to do the movement of the character in coordinates, as is done in vanillabotter? How to read and write the coordinates into a file I know. I am interested in the implementation MoveToClick mechanism - how to make a mouse click on coordinates of which will move the character and without the participation of the mouse? Thank you very much in advance!

P.S.
Sorry for my english  :Smile: 

P.S.P.S.
I found how to send a character to a marker: mov [00C4D888], 0000000C/00000004.
Now another question - how to put a marker on the desired coordinates?

----------


## Corthezz

> Hello guys! Please, tell me how to do the movement of the character in coordinates, as is done in vanillabotter? How to read and write the coordinates into a file I know. I am interested in the implementation MoveToClick mechanism - how to make a mouse click on coordinates of which will move the character and without the participation of the mouse? Thank you very much in advance!
> 
> P.S.
> Sorry for my english 
> 
> P.S.P.S.
> I found how to send a character to a marker: mov [00C4D888], 0000000C/00000004.
> Now another question - how to put a marker on the desired coordinates?


Trigger CTM manually. Scan for changed address followed by unchanged a few time while the toon moves.
Do another manual CTM click. Scan for changed once. Scan for unchanged few times while toon is moving.
Rinse and repeat til you got them.

----------


## djanius

> Trigger CTM manually. Scan for changed address followed by unchanged a few time while the toon moves.
> Do another manual CTM click. Scan for changed once. Scan for unchanged few times while toon is moving.
> Rinse and repeat til you got them.


Thank you very much for help! All perfectly turned out.

----------


## WiNiFiX

How do I smooth CTM, in vanilla the toon seems to move 1 "block" forward not to the point you clicked is there a way to fix this?

my CTM method is 



```

public void ClickToMove(float x, float y, float z, ulong guid, int action, float precision, IntPtr playerBaseAddress){    // Offset:    IntPtr CGPlayer_C__ClickToMove = new IntPtr(0x00611130);    // Allocate Memory:    var GetNameVMT_Codecave = _wowHook.Memory.AllocateMemory(0x3332);    var Pos_Codecave = _wowHook.Memory.AllocateMemory(0x4 * 3);    var GUID_Codecave = _wowHook.Memory.AllocateMemory(0x8);    var Angle_Codecave = _wowHook.Memory.AllocateMemory(0x4);    // Write value:    _wowHook.Memory.Write(GUID_Codecave, guid);    _wowHook.Memory.Write(Angle_Codecave, precision);    _wowHook.Memory.Write(Pos_Codecave, x);    _wowHook.Memory.Write(Pos_Codecave + 0x4, y);    _wowHook.Memory.Write(Pos_Codecave + 0x8, z);    try    {        _wowHook.Memory.Asm.Clear();        _wowHook.Memory.Asm.AddLine("mov edx, [" + Angle_Codecave + "]");        _wowHook.Memory.Asm.AddLine("push edx");        _wowHook.Memory.Asm.AddLine("push " + Pos_Codecave);        _wowHook.Memory.Asm.AddLine("push " + GUID_Codecave);        _wowHook.Memory.Asm.AddLine("push " + action);        _wowHook.Memory.Asm.AddLine("mov ecx, " + playerBaseAddress);        _wowHook.Memory.Asm.AddLine("call " + CGPlayer_C__ClickToMove);        _wowHook.Memory.Asm.AddLine("retn");        _wowHook.Memory.Asm.InjectAndExecute((uint)GetNameVMT_Codecave);    }    catch    {        // ignored    }    _wowHook.Memory.FreeMemory(GetNameVMT_Codecave);    _wowHook.Memory.FreeMemory(Pos_Codecave);    _wowHook.Memory.FreeMemory(GUID_Codecave);    _wowHook.Memory.FreeMemory(Angle_Codecave);} 


```

It is then called with,


```

lua.ClickToMove(Player.x + 15, Player.y, Player.z, 0, 4, 0, Player.BaseAddress); 


```

I saw the post by DarkLinux as below, but I don't know how to go about replacing the mov, *please can someone point me in the right direction.* 

Found a quick fix! If you go to 0x0060FC30 you will see,

Code:

mov [00C4D888],0000000C 
If you NOP it out or change it to 0x4 click to move will not go away, even when you are on top of your target. But you can click on any location / surface, no more stutter! But you then need to add your own distance check, but I think thats better then it stuttering. Or you could just leave it on, have not tested.

Code:
mov [00C4D888],0000000C

to 

mov [00C4D888],00000004

I can see the value

he mentions but how to i replace it via assembler / C#



*Edit: Figured it out - however, movement still looks odd - but it moves to where i clicked.*



```

byte[] fixCTM = new byte[] { 199, 5, 136, 216, 196, 0, 4, 0 };wowHook.Memory.WriteBytes(new IntPtr(0x0060FC30), fixCTM, false); 


```

----------


## Corthezz

Be careful using this. Most 1.12.1 servers are scanning the address.

----------


## WiNiFiX

> Be careful using this. Most 1.12.1 servers are scanning the address.


Thanks for the heads up, I tested on Kronos last night safely, or do private servers also only ban in waves?
How do you manage your movement if CTM is detected?

----------


## Corthezz

Actually warden bans you as soon as they issue a scan for an address and the bytes returned are different than the one which are expected. I guess Kronos isnt scanning those bytes but Feenix does for sure.
You can quite easily detour the memory scan function of Warden and modify the byte buffer.

Just place a read breakpoint using cheat engine on an address which is scanned for sure (like wallclimb address) and look where its coming from (this will be the scan function).

----------


## WiNiFiX

> Actually warden bans you as soon as they issue a scan for an address and the bytes returned are different than the one which are expected. I guess Kronos isnt scanning those bytes but Feenix does for sure.
> You can quite easily detour the memory scan function of Warden and modify the byte buffer.
> 
> Just place a read breakpoint using cheat engine on an address which is scanned for sure (like wallclimb address) and look where its coming from (this will be the scan function).


Thanks will check it out, just to confirm the address is?

WallClimb = 0x0080DFFC, // 1.12.1.5875 (Float)

And when I find the address that scans it (warden), how do I detour it?

----------


## Corthezz

The warden module is send to the client after each authentication and then mapped into memory. You can detour VirtualAllocEx and see where the memory for warden is allocated or look somewhere in the thread for the pointers to the warden module.

After aquiring the start address of the warden module you can calculate the address of the memory scan function adding a static offset to it:
Find memory start address of Warden
Place hardware bp on scanned address and see what reads from it
Open up Disassembler of CE and jump to the address which did the read and scroll up to the function start
Function start address - module start address = Your offset

For detouring functions there are actually enough examples on OC but basically it breaks down to:
Allocate memory and write your Assembler code there
Place a jmp inside the function which will detour to your code
After your code finished doing everything it should do (replace the buffer etc.) jmp back to the next instruction of the function

----------


## WiNiFiX

Is there an equivalent to "/reload" in 1.12.1,
Edit: /console reloadui

----------


## DarkLinux

Found a better fix sometime back for click to move, just set 860A90 to 0. No more stutter and no more animation stutter.

The game also sets that value to 0, so they can't ban for it.  :Big Grin:  Just update it every frame and you should be good.

Also for WallClimb, I think they only scan the value, you can always patch the code that reads the value. I think its a total of 6 to 8 places.

----------


## WiNiFiX

> Found a better fix sometime back for click to move, just set 860A90 to 0. No more stutter and no more animation stutter.
> 
> The game also sets that value to 0, so they can't ban for it.  Just update it every frame and you should be good.
> 
> Also for WallClimb, I think they only scan the value, you can always patch the code that reads the value. I think its a total of 6 to 8 places.


Works perfectly thanks *DarkLinux*

----------


## WiNiFiX

I have been trying to find out if a spell is on CD, but cant seem to find any lua function that works like

/run usable, nomana = IsUsableSpell(20589); DEFAULT_CHAT_FRAME:AddMessage(usable); 

Where can I see the API commands that actually exist in 1.12.1?

----------


## prospectingemu

If you want to do it with lua you can use API GetSpellCooldown | Vanilla WoW Wiki | Fandom powered by Wikia 

otherwise there is a function to do this somewhere in this thread

----------


## WiNiFiX

> If you want to do it with lua you can use API GetSpellCooldown | Vanilla WoW Wiki | Fandom powered by Wikia 
> 
> otherwise there is a function to do this somewhere in this thread


Thanks figured it out



```

public int GetSpellRemainingCD(string spellName){    DoString([email protected]"function _spellNameToID(name) for i=1,999 do if GetSpellName(i,""spell"")==name then return i end end end;                 start, duration, _ = GetSpellCooldown(_spellNameToID(""{spellName}""), ""spell"");                local getTime = GetTime();                cooldownLeft = math.floor(start + duration - getTime);                if cooldownLeft < 0 then cooldownLeft = 0 end;                DEFAULT_CHAT_FRAME:AddMessage(cooldownLeft);");    string seconds = GetLocalizedText("cooldownLeft");    return int.Parse(seconds);} 


```

----------


## namreeb

> Where can I see the API commands that actually exist in 1.12.1?


In general, you can look at the various WoW Lua API wikis, and go back in their history to 2006 when 1.12.1 was live.

----------


## WiNiFiX

> In general, you can look at the various WoW Lua API wikis, and go back in their history to 2006 when 1.12.1 was live.


Yes, I tried to do this but the wiki's I used this time didn't appear to have that history, but I managed to find one now thanks.

As a side question what's the best way to go about facing the current target, currently I'm using the below, but seems to keep facing target even when I don't ask it to re-face target.
also facing seems slow compared to live (maybe it a limitation on Vanilla)



```

wow.ClickToMove(wow.Player.X,wow.Player.Y,wow.Player.Z,wow.TargetGUID,WoW.CTMAction.FaceTarget); 


```

----------


## Corthezz

> Yes, I tried to do this but the wiki's I used this time didn't appear to have that history, but I managed to find one now thanks.
> 
> As a side question what's the best way to go about facing the current target, currently I'm using the below, but seems to keep facing target even when I don't ask it to re-face target.
> also facing seems slow compared to live (maybe it a limitation on Vanilla)
> 
> 
> 
> ```
> 
> ...


About the API thing: World of Warcraft API | Vanilla WoW Wiki | Fandom powered by Wikia (first link in google btw).
What you do right now is the constant facing triggered by spells like Mind Flay which is not bad at all but needs to be canceled (set ctm state to 4 again). There are functions posted in this thread to directly set the facing IIRC.

----------


## tutrakan

> I have been trying to find out if a spell is on CD, but cant seem to find any lua function that works like
> 
> /run usable, nomana = IsUsableSpell(20589); DEFAULT_CHAT_FRAME:AddMessage(usable); 
> 
> Where can I see the API commands that actually exist in 1.12.1?




```
[UnmanagedFunctionPointer(CallingConvention.StdCall)]
public delegate bool IsUsableSpellDelegate(ref SpellEntry spellRec, ref bool notEnoughPower);
_isUsableSpell = Fastcall.StdcallToFastcall<IsUsableSpellDelegate>((IntPtr)0x006E3D60, "IsUsableSpell");
```

From here.

And for the CD:

```
[UnmanagedFunctionPointer(CallingConvention.StdCall)]
public delegate bool GetSpellCooldownDelegate(int spellId, bool isPet, ref int duration, ref int start, ref bool isEnabled);
_getSpellCooldown = Fastcall.StdcallToFastcall<GetSpellCooldownDelegate>((IntPtr)0x006E2EA0);
```





> Thanks figured it out
> 
> 
> 
> ```
> 
> public int GetSpellRemainingCD(string spellName){    DoString([email protected]"function _spellNameToID(name) for i=1,999 do if GetSpellName(i,""spell"")==name then return i end end end;                 start, duration, _ = GetSpellCooldown(_spellNameToID(""{spellName}""), ""spell"");                local getTime = GetTime();                cooldownLeft = math.floor(start + duration - getTime);                if cooldownLeft < 0 then cooldownLeft = 0 end;                DEFAULT_CHAT_FRAME:AddMessage(cooldownLeft);");    string seconds = GetLocalizedText("cooldownLeft");    return int.Parse(seconds);} 
> 
> 
> ```




```
[UnmanagedFunctionPointer(CallingConvention.ThisCall)]
public delegate int GetSpellIdByNameDelegate([MarshalAs(UnmanagedType.LPStr)] string spellName);
_getSpellIdByName = Marshal.GetDelegateForFunctionPointer<GetSpellIdByNameDelegate>((IntPtr)0x006E30A0);
```





> As a side question what's the best way to go about facing the current target, currently I'm using the below, but seems to keep facing target even when I don't ask it to re-face target. 
> also facing seems slow compared to live (maybe it a limitation on Vanilla)


(007C6F30)void __thiscall CMovement::SetFacing(int this, float angle) - for the this arg, you pass the unit(local player or possessed unit) address + 0x9A8.
Even more: you could send a movement update after the change of the facing: (00600A30)int __thiscall SendMovementPacket(int addr, int timeStamp, int opcode, float zero, int zero1).

StdcallToFastcall

----------


## WiNiFiX

Please can someone explain to me how/why a vector3 position is only 0x8 in size?



```

public unsafe struct CGCamera{    public IntPtr vTable;           // 0x0    private int unk0;               // 0x4    public Vector3 Position;        // 0x8    public fixed float Facing[9];   // 0x14 (3x3 Matrix)    public float NearClip;          // 0x38    public float FarClip;           // 0x3C    public float FieldOfView;       // 0x40    public float Aspect;            // 0x44} 


```

to my knowledge float is 0x4 in size and 0x4 * 3 [for x,y,z] = 12 not 0x8 ?

----------


## Zazazu

> Please can someone explain to me how/why a vector3 position is only 0x8 in size?
> 
> 
> 
> ```
> 
> public unsafe struct CGCamera{    public IntPtr vTable;           // 0x0    private int unk0;               // 0x4    public Vector3 Position;        // 0x8    public fixed float Facing[9];   // 0x14 (3x3 Matrix)    public float NearClip;          // 0x38    public float FarClip;           // 0x3C    public float FieldOfView;       // 0x40    public float Aspect;            // 0x44} 
> 
> 
> ...


yep.. but 12 in dec, 0x04*3=0x0C  :Smile: 

and its struct number is *offset* from start (not size) and Vector3= 0x14-0x08=0x0C .... Hex-decimal operations.... First lesson ))

----------


## WiNiFiX

Issue resolved in below post

----------


## WiNiFiX

```

using System;using SlimDX;#pragma warning disable 649#pragma warning disable 169namespace VanillaMagic{    public static class Camera    {        internal static IntPtr BaseAddress        {            get            {                var ptr = WoW.hook.Memory.Read<IntPtr>(Offsets.Camera.CameraPtr, true);                return WoW.hook.Memory.Read<IntPtr>(ptr + Offsets.Camera.CameraPtrOffset);            }        }        private static Offsets.CGCamera cam => WoW.hook.Memory.Read<Offsets.CGCamera>(BaseAddress);                public static float X => cam.Position.X;        public static float Y => cam.Position.Y;        public static float Z => cam.Position.Z;        public static float FOV => cam.FieldOfView;        public static float NearClip => cam.NearClip;        public static float FarClip => cam.FarClip;        public static float Aspect => cam.Aspect;        private static Matrix Matrix        {            get            {                var bCamera = WoW.hook.Memory.ReadBytes(BaseAddress + Offsets.Camera.CameraMatrix, 36);                var m = new Matrix();                m[0, 0] = BitConverter.ToSingle(bCamera, 0);                m[0, 1] = BitConverter.ToSingle(bCamera, 4);                m[0, 2] = BitConverter.ToSingle(bCamera, 8);                m[1, 0] = BitConverter.ToSingle(bCamera, 12);                m[1, 1] = BitConverter.ToSingle(bCamera, 16);                m[1, 2] = BitConverter.ToSingle(bCamera, 20);                m[2, 0] = BitConverter.ToSingle(bCamera, 24);                m[2, 1] = BitConverter.ToSingle(bCamera, 28);                m[2, 2] = BitConverter.ToSingle(bCamera, 32);                return m;            }        }        public static Vector2 WorldToScreen(float x, float y, float z)        {            var Projection = Matrix.PerspectiveFovRH(FOV * 0.5f, Aspect, NearClip, FarClip);            var eye = new Vector3(X, Y, Z);            var lookAt = new Vector3(X + Matrix[0, 0], Y + Matrix[0, 1], Z + Matrix[0, 2]);            var up = new Vector3(0f, 0f, 1f);            var View = Matrix.LookAtRH(eye, lookAt, up);            var World = Matrix.Identity;            var WorldPosition = new Vector3(x, y, z);            var ScreenPosition = Vector3.Project(WorldPosition, 0f, 0f, WindowHelper.WindowWidth, WindowHelper.WindowHeight, NearClip, FarClip, World*View*Projection);            return new Vector2(ScreenPosition.X, ScreenPosition.Y-20f);        }    }} 


```

----------


## WiNiFiX

Hey does anyone have offset for Target Combo Points for Rogues in 1.12.1?

----------


## tutrakan

> Hey does anyone have offset for Target Combo Points for Rogues in 1.12.1?


Edited: You can get a look at the lua function GetComboPoints() at 0x0051A190:

```
signed int __thiscall Script_GetComboPoints(void *this)
{
  void *v1; // edi
  __int64 v2; // rax
  _Player *v3; // eax
  _Player *v4; // esi
  char v5; // al
  ObjectFields *v6; // ecx
  __int64 v7; // rdi
  int v8; // ebx
  uint64 v9; // rax
  unsigned int v10; // eax
  unsigned int v11; // ecx
  PlayerFields *v12; // edx
  ObjectFields *v13; // eax
  __int64 v14; // rdi
  int v15; // ebx
  uint64 v16; // rax
  unsigned __int8 v17; // al
  void *v19; // [esp+18h] [ebp-4h]

  v1 = this;
  v19 = this;
  v2 = ClntObjMgrGetActivePlayer();
  v3 = ClntObjMgrObjectPtr(TYPEMASK_PLAYER, "..\\Object/ObjectClient/Player_C.h", v2, 0x90);
  v4 = v3;
  if ( !v3 )
  {
    goto LABEL_15;
  }
  v5 = v3->unitBase.UnitData->UNIT_FIELD_CLASS;
  if ( v5 != CLASS_ROGUE && v5 != CLASS_DRUID )
  {
    goto LABEL_15;
  }
  v6 = v4->unitBase.objectBase.objectFields;
  LODWORD(v7) = v6->OBJECT_FIELD_GUID;
  v8 = HIDWORD(v6->OBJECT_FIELD_GUID);
  v9 = ClntObjMgrGetActivePlayer();
  if ( v7 == v9 && v8 == HIDWORD(v9) )
  {
    v12 = v4->PlayerData;
    v10 = v12->PLAYER__FIELD_COMBO_TARGET;
    v11 = HIDWORD(v12->PLAYER__FIELD_COMBO_TARGET);
  }
  else
  {
    v10 = 0;
    v11 = 0;
  }
  if ( __PAIR__(v11, v10) != CGGameUI::m_lockedTarget )
  {
    v1 = v19;
LABEL_15:
    FrameScript::PushNumber(v1, 0.0);
    return 1;
  }
  v13 = v4->unitBase.objectBase.objectFields;
  LODWORD(v14) = v13->OBJECT_FIELD_GUID;
  v15 = HIDWORD(v13->OBJECT_FIELD_GUID);
  v16 = ClntObjMgrGetActivePlayer();
  if ( v14 == v16 && v15 == HIDWORD(v16) )
  {
    v17 = v4->PlayerData->PLAYER_FIELD_BYTES_COMBO_POINTS;
  }
  else
  {
    v17 = 0;
  }
  FrameScript::PushNumber(v19, v17);
  return 1;
}
```

So, it seems that you have just to check your char to be rogue or druid, the PLAYER__FIELD_COMBO_TARGET descriptor to be equal to CGGameUI::m_lockedTarget and then - just read the second byte of the decriptor PLAYER_FIELD_BYTES (Or, if you find it complicate - call the freaking function directly or use luagettext).

----------


## Corthezz

> Hey does anyone have offset for Target Combo Points for Rogues in 1.12.1?


90% of all offsets you asked for where previously mentioned in this thread + the combo point offset is found in multiple 1.12.1 public tools.

----------


## namreeb

> 90% of all offsets you asked for where previously mentioned in this thread + the combo point offset is found in multiple 1.12.1 public tools.


Quite correct. I would also add that the purpose of this thread is to post information, not ask for it.

----------


## WiNiFiX

> Quite correct. I would also add that the purpose of this thread is to post information, not ask for it.


Please show me where I asked for an offset in this thread before the post about combo-points, I asked for assistance with CTM (no offsets) and for WorldToScreen (no offsets).
Both valid queries as there was no information in this thread about either query. and I provided corrections to old users incorrect WorldToScreen functions - the last time i checked that was helping the community.

----------


## DarkLinux

movementStruct = player + 0x9A8
PlayerJump = 0x007C6230



```
__asm
{
mov ecx, movementStruct;
push 1;
call PlayerJump;};
```

----------


## namreeb

> Please show me where I asked for an offset in this thread before the post about combo-points, I asked for assistance with CTM (no offsets) and for WorldToScreen (no offsets).
> Both valid queries as there was no information in this thread about either query. and I provided corrections to old users incorrect WorldToScreen functions - the last time i checked that was helping the community.


I'm not sure why a second example is necessary. And my message was not directed solely at you. If you read through this thread, the vast majority of posts do not add any useful information. I just think this thread would be much cleaner and on-topic if people would ask their questions somewhere else.

----------


## Natrist

Has anyone had any luck registering console commands in this build?
I can't for the love of God get it working for me. SStrHashHT fails because data being passed to ConsoleCommandRegister is all shit.

Edit: It works fine on build 12340.

----------


## namreeb

> Has anyone had any luck registering console commands in this build?
> I can't for the love of God get it working for me. SStrHashHT fails because data being passed to ConsoleCommandRegister is all shit.
> 
> Edit: It works fine on build 12340.


This probably means you're calling ConsoleCommandRegister with the wrong prototype. Here is what I have for it's prototype in 1.12.1:



```
int __fastcall ConsoleCommandRegister(char *Str2, int a2, int a3, int a4)
```

The function is located at 0x63F9E0.

If you think you have the correct prototype, you should verify that ecx is set properly by putting a breakpoint on ConsoleCommandRegister with a debugger of your choice, making your call to it, and examining the value manually.

Edit: Additionally, this function is not __fastcall in 3.3.5a (build 12340).

----------


## Natrist

> This probably means you're calling ConsoleCommandRegister with the wrong prototype..


I managed to pass the data properly now, but now there's an exception elsewhere in the code...
Here's what it looks like in the IDA Debugger:



Not every variable/function in that code is named unfortunately, but v8 (on the purple line) might not get the right value. Any idea what that would be?
I feel like there's something I need to set prior to registering my command that I'm not doing properly.

----------


## namreeb

> I managed to pass the data properly now, but now there's an exception elsewhere in the code...
> Here's what it looks like in the IDA Debugger:
> 
> 
> 
> Not every variable/function in that code is named unfortunately, but v8 (on the purple line) might not get the right value. Any idea what that would be?
> I feel like there's something I need to set prior to registering my command that I'm not doing properly.


sub_64A6F0 is SStrLen(). I believe that what that while loop is doing is checking to see if the console command you're trying to register is already registered. 'v8' holds the name of the current console command it is comparing yours against.

----------


## Natrist

> sub_64A6F0 is SStrLen(). I believe that what that while loop is doing is checking to see if the console command you're trying to register is already registered. 'v8' holds the name of the current console command it is comparing yours against.


Yeah, I figured about 0064A6F0 by glancing at its body, but I don't get why SStrChr fails after calling __strnicmp. All the data I pass to ConsoleCommandRegister seems OK from what I could tell. Is there anything I need to do before registering my own command?

I call this, if it's of any help.


```
void FixInvalidPtrCheck()
{
    *((int*)0x884800) = 0x1;
    *((int*)0x884C00) = 0x7FFFFFFF;
}
```

----------


## Natrist

I finally figured it out!
Thanks a lot for your help, nambreeb.

Complimentary screen shot:

----------


## Natrist

> GetPosition 5
> GetFacing 6
> GetName 28


Does anyone have any more virtual functions they know about?

----------


## DarkLinux

Swim and Fish  :Big Grin: 



```
0x00609DA4     //JMP 00609DE3 [0xEB, 0x3D]
```

----------


## DarkLinux

Loot Mounted



```
0x0060BFA0       //nop
```

----------


## tutrakan

Woot, Awesome!  :Cool: 

I imagine then there isn't a server-side check for possessed/vehicle at loot.

----------


## DarkLinux

I patched something but still cant get mining to work. I think its b/c its a spell and the server has a check.

Also cant get cast and moving to work, I patched one thing but it allows you to move a little b4 it stops you. Anyone have any tips?



```
0x515122
0x609DF6
```

----------


## namreeb

> I patched something but still cant get mining to work. I think its b/c its a spell and the server has a check.
> 
> Also cant get cast and moving to work, I patched one thing but it allows you to move a little b4 it stops you. Anyone have any tips?
> 
> 
> 
> ```
> 0x515122
> 0x609DF6
> ```


Before digging to far into the client, I would sniff incoming packets to make sure it's not the server cancelling the spell cast. If it is, no amount of client patching is likely to help.

----------


## tutrakan

> Also cant get cast and moving to work, I patched one thing but it allows you to move a little b4 it stops you.


Maybe this server check is responsible

```
// check if the player caster has moved before the spell finished (exclude casting on vehicles)
    if (!m_caster->GetVehicle() && (m_caster->GetTypeId() == TYPEID_PLAYER && m_timer != 0) &&
        (m_castPositionX != m_caster->GetPositionX() || m_castPositionY != m_caster->GetPositionY() || m_castPositionZ != m_caster->GetPositionZ()) &&
        (m_spellInfo->Effect[EFFECT_INDEX_0] != SPELL_EFFECT_STUCK || !((Player*)m_caster)->m_movementInfo.HasMovementFlag(MOVEFLAG_FALLINGFAR)))
    {
        // always cancel for channeled spells
        if( m_spellState == SPELL_STATE_CASTING )
            cancel();
        // don't cancel for melee, autorepeat, triggered and instant spells
        else if(!IsNextMeleeSwingSpell() && !IsAutoRepeat() && !m_IsTriggeredSpell && (m_spellInfo->InterruptFlags & SPELL_INTERRUPT_FLAG_MOVEMENT))
            cancel();
}
```

 Source 

Edit: Oups, it seems i posted at the same time with Namreeb. I would stick with his advices, he is a way clever than me.

----------


## DarkLinux

Does anyone know how to get the last valid cast time? I found an address and traced it back down but I think its UI related and I cant work my way back up. Or is there a better way of checking if your cast has been interrupted / delayed. 



```
struct size 0xA4
array size 0x4 ?
00BC83A8 [] -> 0x90 -> 0x140 -> 0x20 (last updated)
                    -> 0x004 -> string (Interface\Cooldown\star4.blp)
                    -> 0x124 -> vtable
                    -> 0x154 -> previous
                    -> 0x158 -> next
```

The timer is accessed by 00594D96.

edit---

odd b/c I dont see anything like "Interface\Cooldown\star4.blp"

dump 1 Textures\Minimap\19fef36b8911de4c2730865da81d9b54.blp 2 Textures\Minimap\aa0d - Pastebin.com


```
for (int i = 0; i < 4; i++)
{
	DWORD _address = *(DWORD*)(0xBC83A8 + 0x90 + (i * 0xA4));

	int counter = 0;

	while (_address && (_address & 1) == 0)
	{
		counter++;

		char _str[256] = { 0 };
		memcpy(_str, (PVOID)(_address + 0xC), 250);

		printf("%d %s\n", counter, _str);
			
		_address = *(DWORD*)(_address + 0x158);
	}
}
```

----------


## Corthezz

> Does anyone know how to get the last valid cast time? I found an address and traced it back down but I think its UI related and I cant work my way back up. Or is there a better way of checking if your cast has been interrupted / delayed. 
> 
> 
> 
> ```
> struct size 0xA4
> array size 0x4 ?
> 00BC83A8 [] -> 0x90 -> 0x140 -> 0x20 (last updated)
>                     -> 0x158 -> next ?
> ```


Does "valid cast time" mean you want the time the current cast already took?
I should have something for this. I will post it later when at home.

----------


## DarkLinux

The value I am looking at updates when the cast is complete. I see one timer constantly updating, when a spell completes that timer updates the value. My idea was to read the 1 timer at the start of the cast and then compare until it was updated. I guess I could just check 0xCECA88 every frame and create my own timer. My problem is that I'm getting kicked, its not stopping my spell just setting the time back.

--edit

Using 0xCECA88 to solve my problem

Also found a fix for AttackTarget() as it was a toggle and I could not find that state.



```
void AutoAttackGUID(__int64 GUID)
{
	*(__int64*)((DWORD)this + 0xC48) = GUID;
}
	
void StopAutoAttacking()
{
	*(__int64*)((DWORD)this + 0xC48) = 0;
}
```

--edit

AutoAttackGUID does not look to work all the time but is a good state check



```
__int64 GetAutoAttackGUID()
{
	return *(__int64*)((DWORD)this + 0xC48);
}

....

if (!m_LocalPlayer->GetAttackGUID())
{
	WoWClass::DoString("AttackTarget()");
}
```

----------


## tutrakan

> Does anyone know how to get the last valid cast time? I found an address and traced it back down but I think its UI related and I cant work my way back up. Or is there a better way of checking if your cast has been interrupted / delayed.


You can always detour these (see the SpellHandlersInitializer() at 006E7150 for the full list):


```
int __fastcall SMSG_SpellStartSpellGoHandler(int param, int opcode, int time, int dataStore) at 006E7640,
int __fastcall SMSG_SpellGoHandler(int pItemOrCasterGuid, int pCasterGuid, int spellid, int datastore) at 006E7A70,
int __fastcall SMSG_SPELL_DELAYEDHandler(int param, int opcode, int time, CDataStore *a2) at 006E74F0, ... etc.
```

Here is an example of implementation server side for spell handlers.

----------


## Natrist

Does anyone know how to set the namestring of a player?
I'd like to add a new line after the guild string. I was able to do it manually via a debugger, but I'd like to know if I can call a function to change it from my code.

----------


## DarkLinux

Must be a better way of get cast time, spell rank and distance. Or am I missing something key to this madness? Or is this just display info, and the real info is stored in a different place? 



```
	class CSpellInfo
	{
	public:
		__int32		m_SpellID;		//0x0000 
		char		m_0x0004[68];
		__int32		m_CastTimeType;		//0x0048 
		__int32		m_CoolDown;		//0x004C 
		__int32		m_CoolDown1;		//0x0050 
		char		m_0x0054[44];
		__int32		m_Cost;			//0x0080 
		char		m_0x0084[12];
		__int32		m_DistnaceType;		//0x0090 
		char		m_0x0094[332];
		char*		m_SpellName;    	//0x01E0 
		char		m_0x01E4[32];
		char*		m_SpellRank;   		//0x0204 
		char		m_0x0208[172];	

	};//Size=0x02B4

	static CSpellInfo* GetSpellObjectByIndex(int index, bool isPet = false)
	{
		DWORD spellID = *(DWORD*)(isPet ? 0x0B6F098 : 0x00B700F0 + (index * 4));
		if (spellID)
		{
			DWORD SpellList = *(DWORD*)(0x00C0D788);
			if (SpellList)
			{
				DWORD SpellObject = *(DWORD*)(SpellList + (spellID * 4));
				if (SpellObject)
				{
					return (CSpellInfo*)SpellObject;
				}
			}
		}
		return NULL;
	}
```




> m_DistnaceType
> 2 = 5 yd range
> 3 = 20 yd range
> 4 = 30 yd range
> 5 = 40 yd range
> 6 = 100 yd range
> 7 = 10 yd range
> 8 = 10-20 yd range
> 9 = 10-30 yd range
> ...

----------


## NotJuJuBoSc

> Must be a better way of get cast time, spell rank and distance. Or am I missing something key to this madness? Or is this just display info, and the real info is stored in a different place? 
> 
> 
> 
> ```
> 	class CSpellInfo
> 	{
> 	public:
> 		__int32		m_SpellID;		//0x0000 
> ...


To me those simply looks like DBC row ?

----------


## tutrakan

> Must be a better way of get cast time, spell rank and distance. Or am I missing something key to this madness? Or is this just display info, and the real info is stored in a different place?


The spell rank you get from the spellinfo structure, the cast time (i think this one was posted already) and range from here:


```
public delegate bool GetSpellCooldownDelegate(int spellId, bool isPet, ref int duration, ref int start, ref bool isEnabled) at 0x006E2EA0 (fastcall);
public delegate void GetSpellRangeDelegate(uint player_pointer, int spellid, ref float minrange, ref float maxrange, int zero = 0); at 0x006E3480(fastcall)
```


In fact the struct you posted is the spell info from the dbc:

```
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
    public unsafe struct SpellRecord
    {
        public uint Id;                                                     //0
        public uint School;                                                 //1
        public uint Category;                                               //2
        public uint CastUI;                                                 //3 not used
        public uint Dispel;                                                 //4
        public uint Mechanic;                                               //5
        public uint Attributes;                                             //6
        public uint AttributesEx;                                           //7
        public uint AttributesEx2;                                          //8
        public uint AttributesEx3;                                          //9
        public uint AttributesEx4;                                          //10
        public uint Stances;                                                //11
        public uint StancesNot;                                             //12
        public uint Targets;                                                //13
        public uint TargetCreatureType;                                     //14
        public uint RequiresSpellFocus;                                     //15
        public uint CasterAuraState;                                        //16
        public uint TargetAuraState;                                        //17
        public uint CastingTimeIndex;                                       //18
        public uint RecoveryTime;                                           //19
        public uint CategoryRecoveryTime;                                   //20
        public uint InterruptFlags;                                         //21
        public uint AuraInterruptFlags;                                     //22
        public uint ChannelInterruptFlags;                                  //23
        public uint procFlags;                                              //24
        public uint procChance;                                             //25
        public uint procCharges;                                            //26
        public uint maxLevel;                                               //27
        public uint baseLevel;                                              //28
        public uint spellLevel;                                             //29
        public uint DurationIndex;                                          //30
        public int powerType;                                               //31
        public uint manaCost;                                               //32
        public uint manaCostPerlevel;                                       //33
        public uint manaPerSecond;                                          //34
        public uint manaPerSecondPerLevel;                                  //35
        public uint rangeIndex;                                             //36
        public float speed;                                                 //37
        public uint modalNextSpell;                                         //38
        public uint StackAmount;                                            //39
        public fixed uint Totem[2];                                         //40-41
        public fixed int Reagent[8];                                        //42-49
        public fixed uint ReagentCount[8];                                  //50-57
        public int EquippedItemClass;                                       //58 (value)
        public int EquippedItemSubClassMask;                                //59 (mask)
        public int EquippedItemInventoryTypeMask;                           //60 (mask)
        public fixed int Effect[3];                                         //61-63
        public fixed uint EffectDieSides[3];                                //64-66
        public fixed int EffectBaceDice[3];                                 //67-69
        public fixed float EffectDicePerLevel[3];                           //70-72
        public fixed float EffectRealPointsPerLevel[3];                     //73-75
        public fixed int EffectBasePoints[3];                               //76-78
        public fixed uint EffectMechanic[3];                                //79-81
        public fixed uint EffectImplicitTargetA[3];                         //82-84
        public fixed uint EffectImplicitTargetB[3];                         //85-87
        public fixed uint EffectRadiusIndex[3];                             //88-90
        public fixed uint EffectApplyAuraName[3];                           //91-93
        public fixed uint EffectAmplitude[3];                               //94-96
        public fixed float EffectMultipleValue[3];                          //97-99
        public fixed uint EffectChainTarget[3];                             //100-102
        public fixed uint EffectItemType[3];                                //103-105
        public fixed int EffectMiscValue[3];                                //106-108
        public fixed uint EffectTriggerSpell[3];                            //109-111
        public fixed float EffectPointsPerComboPoint[3];                    //112-114
        public uint SpellVisual;                                            //115
        public uint SpellVisual2;                                           //116 not used
        public uint SpellIconID;                                            //117
        public uint activeIconID;                                           //118
        public uint spellPriority;                                          //119

        [MarshalAs(UnmanagedType.LPStr)] public string SpellName;           //120
        public fixed uint SpellNameTrash[7];                                //121-127
        public uint SpellNameFlag;                                          //128 

        [MarshalAs(UnmanagedType.LPStr)] public string Rank;                //129
        public fixed uint RankTrash[7];                                     //129-136
        public uint RankFlags;                                              //137

        [MarshalAs(UnmanagedType.LPStr)] public string Description;         //138
        public fixed uint DescriptionTrash[7];                              //139-145
        public uint DescriptionFlags;                                       //146

        [MarshalAs(UnmanagedType.LPStr)] public string ToolTip;             //147
        public fixed uint ToolTipTrash[7];                                  //148-154
        public uint ToolTipFlags;                                           //155     not used

        public uint ManaCostPercentage;                                     // 156
        public uint StartRecoveryCategory;                                  // 157
        public uint StartRecoveryTime;                                      // 158
        public uint MaxTargetLevel;                                         // 159
        public uint SpellFamilyName;                                        // 160
        public ulong SpellFamilyFlags;                                      // 161+162
        public uint MaxAffectedTargets;                                     // 163
        public uint DmgClass;                                               // 164 defenseType
        public uint PreventionType;                                         // 165
        public uint StanceBarOrder;                                         // 166 not used
        public fixed float DmgMultiplier[3];                                // 167-169
        public uint MinFactionId;                                           // 170 not used, and 0 in 2.4.2
        public uint MinReputation;                                          // 171 not used, and 0 in 2.4.2
        public uint RequiredAuraVision;                                     // 172 not used
    };
```

----------


## DarkLinux

Thanks for the help, did a little more reversing



```
	class CSpellRange
	{
	public:
		char		m_RangeIndex;					//0x0000 
		float		m_MinRange;					//0x0004 
		float		m_MaxRange;					//0x0008 
		char		m_0x000C[76];
	};//Size=0x0058

	class CSpellCastingTime
	{
	public:
		__int32		m_CastingTimeIndex;				//0x0000 
		__int32		m_CastTime;					//0x0004 
		char		m_0x0008[4];					//0x0008 
		__int32		m_CastTime2;					//0x000C 

	};//Size=0x0010
	
	class CDuration
	{
	public:
		char		m_DurationIndex;				//0x0000 
		__int32		m_Duration;					//0x0004 
		char		m_0x0008[4];					//0x0008
		__int32		m_Duration2;					//0x000C 

		__int32 GetDuration()
		{
			return ((m_Duration / 1000) / 60);
		}
	};//Size=0x0010

	class CIcon
	{
	public:
		__int32		m_SpellIconID;					//0x0000 
		char*		m_Icon;						//0x0004 

	};//Size=0x0008

	enum PowerType_e	//m_powerType
	{
		HEALTH = -2,
		MANA = 0,
		RAGE,
		FOCUS,
		ENERGY,
		HAPPINESS,
	};

	enum SpellAttributesEx_s //m_AttributesEx (soruce mangos)
	{
		SPELL_ATTR_EX_DRAIN_ALL_POWER = 0x2,			//use all power (Only paladin Lay of Hands and Bunyanize)
		SPELL_ATTR_EX_CHANNELED_1 = 0x4,			//channeled 1
		SPELL_ATTR_EX_NOT_BREAK_STEALTH = 0x20,			//Not break stealth
		SPELL_ATTR_EX_CHANNELED_2 = 0x40,			//channeled 2
		SPELL_ATTR_EX_NEGATIVE = 0x80,				//negative spell?
		SPELL_ATTR_EX_NOT_IN_COMBAT_TARGET = 0x100,		//Spell req target not to be in combat state
		SPELL_ATTR_EX_NOT_PASSIVE = 0x400,			//not passive?
		SPELL_ATTR_EX_DISPEL_AURAS_ON_IMMUNITY = 0x8000,	//remove auras on immunity
		SPELL_ATTR_EX_UNAFFECTED_BY_SCHOOL_IMMUNE = 0x10000,	//unaffected by school immunity
		SPELL_ATTR_EX_REQ_COMBO_POINTS1 = 0x100000,		//Req combo points on target
		SPELL_ATTR_EX_REQ_COMBO_POINTS2 = 0x400000,		//Req combo points on target
	};

	enum SpellAttributesEx2_s //m_AttributesEx2 (soruce mangos)
	{
		SPELL_ATTR_EX2_AUTO_SHOOT = 0x20,			//Auto Shoot?
		SPELL_ATTR_EX2_HEALTH_FUNNEL = 0x800,			//Health funnel pets?
		SPELL_ATTR_EX2_NOT_NEED_SHAPESHIFT = 0x80000,		//does not necessarly need shapeshift
		SPELL_ATTR_EX2_CANT_CRIT = 0x20000000,			//Spell can't crit
	};

	class CSpellRecord
	{
	public:
		__int32		m_SpellID;					//0x0000 
		__int32		m_School;					//0x0004 
		__int32		m_Category;					//0x0008 
		__int32		m_CastUI;					//0x000C 
		__int32		m_Dispel;					//0x0010 (list 00C0D83C)
		__int32		m_Mechanic;					//0x0014 
		__int32		m_Attributes;					//0x0018 
		__int32		m_AttributesEx;					//0x001C 
		__int32		m_AttributesEx2;				//0x0020 
		__int32		m_AttributesEx3;				//0x0024 
		__int32		m_AttributesEx4;				//0x0028 
		__int32		m_Stances;					//0x002C 
		__int32		m_StancesNot;					//0x0030 
		__int32		m_Targets;					//0x0034 
		__int32		m_TargetCreatureType;				//0x0038 
		__int32		m_RequiresSpellFocus;				//0x003C 
		__int32		m_CasterAuraState;				//0x0040 
		__int32		m_TargetAuraState;				//0x0044 
		__int32		m_CastingTimeIndex;				//0x0048 
		__int32		m_CategoryRecoveryTime;				//0x004C 
		__int32		m_RecoveryTime;					//0x0050 
		__int32		m_InterruptFlags;				//0x0054 
		__int32		m_AuraInterruptFlags;				//0x0058 
		__int32		m_ChannelInterruptFlags;			//0x005C 
		__int32		m_procFlags; 					//0x0060 
		__int32		m_procChance; 					//0x0064 
		__int32		m_procCharges; 					//0x0068 
		__int32		m_maxLevel; 					//0x006C 
		__int32		m_baseLevel; 					//0x0070 
		__int32		m_spellLevel; 					//0x0074 
		__int32		m_DurationIndex; 				//0x0078 
		__int32		m_powerType; 					//0x007C 
		__int32		m_Cost; 					//0x0080 
		__int32		m_CostPerlevel;					//0x0084 
		__int32		m_PerSecond;					//0x0088 
		__int32		m_PerSecondPerLevel;				//0x008C 
		__int32		m_rangeIndex;					//0x0090 
		float		m_speed;					//0x0094 
		__int32		m_modalNextSpell;				//0x0098 
		__int32		m_StackAmount;					//0x009C 
		__int32		m_Totem[2];					//0x00A0 
		__int32		m_Reagent[8];					//0x00A8 
		__int32		m_ReagentCount[8];				//0x00C8 
		__int32		m_EquippedItemClass;				//0x00E8 
		__int32		m_EquippedItemSubClassMask;			//0x00EC 
		__int32		m_EquippedItemInventoryTypeMask;		//0x00F0 
		__int32		m_Effect[3];					//0x00F4 
		__int32		m_EffectDieSides[3];				//0x0100 
		__int32		m_EffectBaceDice[3];				//0x010C 
		float		m_EffectDicePerLevel[3];			//0x0118 
		float		m_EffectRealPointsPerLevel[3];			//0x0124 
		__int32		m_EffectBasePoints[3];				//0x0130 
		__int32		m_EffectMechanic[3];				//0x013C 
		__int32		m_EffectImplicitTargetA[3];			//0x0148 
		__int32		m_EffectImplicitTargetB[3];			//0x0154 
		__int32		m_EffectRadiusIndex[3];				//0x0160 
		__int32		m_EffectApplyAuraName[3];			//0x016C 
		__int32		m_EffectAmplitude[3];				//0x0178 
		float		m_EffectMultipleValue[3];			//0x0184 
		__int32		m_EffectChainTarget[3];				//0x0190 
		__int32		m_EffectItemType[3];				//0x019C 
		__int32		m_EffectMiscValue[3];				//0x01A8 
		__int32		m_EffectTriggerSpell[3];			//0x01B4 
		float		m_EffectPointsPerComboPoint[3]; 		//0x01C0 
		__int32		m_SpellVisual;					//0x01CC 
		__int32		m_SpellVisual2;					//0x01D0 
		__int32		m_SpellIconID;					//0x01D4 
		__int32		m_activeIconID;					//0x01D8 
		__int32		m_spellPriority;				//0x01DC 
		char*		m_SpellName;					//0x01E0 
		__int32		m_SpellNameTrash[7];				//0x01E4 
		__int32		m_SpellNameFlag;				//0x0200 
		char*		m_Rank;						//0x0204 
		__int32		m_RankTrash[7];					//0x0208 
		__int32		RankFlags;					//0x0224 
		char*		m_Description;					//0x0228 
		__int32		m_DescriptionTrash[7];				//0x022C 
		__int32		m_DescriptionFlags;				//0x0248 
		char*		m_ToolTip;					//0x024C 
		__int32		m_ToolTipTrash[7];				//0x0250 
		__int32		m_ToolTipFlags;					//0x026C 
		__int32		m_CostPercentage;				//0x0270 
		__int32		m_StartRecoveryCategory;			//0x0274 
		__int32		m_StartRecoveryTime; 				//0x0278 
		__int32		m_MaxTargetLevel; 				//0x027C 
		__int32		m_SpellFamilyName; 				//0x0280 
		__int64		m_SpellFamilyFlags; 				//0x0284 
		__int32		m_MaxAffectedTargets; 				//0x028C 
		__int32		m_DmgClass; 					//0x0290 
		__int32		m_PreventionType; 				//0x0294 
		__int32		m_StanceBarOrder; 				//0x0298 
		float		m_DmgMultiplier[3]; 				//0x029C 
		__int32		m_MinFactionId; 				//0x02A8 
		__int32		m_MinReputation; 				//0x02AC 
		__int32		m_RequiredAuraVision;				//0x02B0 

		bool UsesComboPoints()
		{
			return (0x500000 & m_AttributesEx);
		}

		int GetCost(UnitField* unit = NULL)
		{
			int cost = m_Cost;
			if (m_CostPercentage && unit)
			{
				if (m_powerType == HEALTH)
				{
					cost = (int)((float)unit->UNIT_FIELD_BASE_HEALTH * ((float)m_CostPercentage / (float)100.f));
				}
				else
				{
					cost = (int)((float)unit->UNIT_FIELD_BASE_MANA * ((float)m_CostPercentage / (float)100.f));
				}
			}
			
			if (m_PerSecond)
			{
				cost = m_PerSecond;
			}

			if (m_AttributesEx == SPELL_ATTR_EX_DRAIN_ALL_POWER && unit)
			{
				if (m_powerType == HEALTH)
				{
					cost = unit->UNIT_FIELD_MAXHEALTH;
				}
				if (m_powerType == MANA)
				{
					cost = unit->UNIT_FIELD_MAXPOWER1;
				}
				else if (m_powerType == RAGE)
				{
					cost = unit->UNIT_FIELD_MAXPOWER2;
				}
				else if (m_powerType == FOCUS)
				{
					cost = unit->UNIT_FIELD_MAXPOWER3;
				}
				else if (m_powerType == ENERGY)
				{
					cost = unit->UNIT_FIELD_MAXPOWER4;
				}
			}

			if (m_powerType == RAGE)
			{
				return cost / 10;
			}

			return cost;
		}

		bool NeedsAura()
		{
			return (m_CasterAuraState);
		}

		bool HasAura(UnitField* unit)
		{
			return (unit->UNIT_FIELD_AURASTATE & (1 << (m_CasterAuraState - 1)));
		}

		CSpellRange* GetRangeObject()
		{
			DWORD RangeList = *(DWORD*)(0x00C0D79C);
			if (RangeList)
			{
				DWORD RangeObject = *(DWORD*)(RangeList + (m_rangeIndex * 4));
				if (RangeObject)
				{
					return (CSpellRange*)RangeObject;
				}
			}
			return NULL;
		}

		CSpellCastingTime* GetCastingTimeObject()
		{
			DWORD CastingTimeList = *(DWORD*)(0x00C0D878);
			if (CastingTimeList)
			{
				DWORD RangeObject = *(DWORD*)(CastingTimeList + (m_CastingTimeIndex * 4));
				if (RangeObject)
				{
					return (CSpellCastingTime*)RangeObject;
				}
			}
			return NULL;
		}

		CDuration* GetDurationObject()
		{
			DWORD DurationList = *(DWORD*)(0x00C0D828);
			if (DurationList)
			{
				DWORD DurationObject = *(DWORD*)(DurationList + (m_DurationIndex * 4));
				if (DurationObject)
				{
					return (CDuration*)DurationObject;
				}
			}
			return NULL;
		}

		CIcon* GetIconObject()
		{
			DWORD IconList = *(DWORD*)(0x00C0D7EC);
			if (IconList)
			{
				DWORD IconObject = *(DWORD*)(IconList + (m_SpellIconID * 4));
				if (IconObject)
				{
					return (CIcon*)IconObject;
				}
			}
			return NULL;
		}
	};//Size=0x02B4

	static CSpellRecord* GetSpellObjectByIndex(int index, bool isPet = false)
	{
		DWORD spellID = *(DWORD*)(isPet ? 0x0B6F098 : 0x00B700F0 + (index * 4));
		if (spellID)
		{
			DWORD SpellList = *(DWORD*)(0x00C0D788);
			if (SpellList)
			{
				DWORD SpellObject = *(DWORD*)(SpellList + (spellID * 4));
				if (SpellObject)
				{
					return (CSpellRecord*)SpellObject;
				}
			}
		}
		return NULL;
	}
```

--edit

I flipped m_RecoveryTime and m_CategoryRecoveryTime, I dont know if thats really m_CategoryRecoveryTime

----------


## DarkLinux

Was thinking I found something new... But I guess not  :Frown: 


```
	static bool IsSpellOnCooldown(int SpellID)
	{
		DWORD GetSpellCooldown = 0x006E13E0;
		__asm
		{
			mov ecx, 0xCECAEC	//Spell History
			push 0 			//int* ready
			push 0 			//int* start
			push 0 			//int* duration
			push 0			//false
			push SpellID
			call GetSpellCooldown
		}
	}
```

..edit, removed a push 0, had 1 too many.




> GetSpellCooldown at 0x006E13E0


Not seeing the global cool down in the Spell History



```
0x00 lastSpell
0x08 spellID
0x10 start time
0x1C start time
0x28 spellID
0x2C castTime
```

----------


## DarkLinux

Slowly moving away from lua calls. No need for such overhead.


```
	static int GetCreatureTypeIndex(PVOID creature)
	{
		DWORD _GetCreatureTypeIndex = 0x00605570;
		__asm
		{
			mov ecx, creature
			call _GetCreatureTypeIndex
		}
	}
	
	class CCreatureType
	{
	public:
		__int32		m_CreatureTypeIndex;			//0x0000 
		char*		m_CreatureType;				//0x0004 
	};//Size=0x0008

	static char* GetCreatureType(PVOID creature)
	{
		int typeIndex = GetCreatureTypeIndex(creature);

		DWORD CreatureTypeList = *(DWORD*)(0x00C0DE2C);
		if (CreatureTypeList)
		{
			DWORD CreatureTypeObject = *(DWORD*)(CreatureTypeList + (typeIndex * 4));
			if (CreatureTypeObject)
			{
				return ((CCreatureType*)CreatureTypeObject)->m_CreatureType;
			}
		}
		return "";
	}

	static bool IsCritter(PVOID creature)
	{
		return (strcmp(GetCreatureType(creature), "Critter") == 0);
	}

	static bool UnitCanAttack(PVOID unit, PVOID otherUnit)
	{
		DWORD _UnitCanAttack = 0x00606980;
		__asm
		{
			push    otherUnit
			mov     ecx, unit
			call	_UnitCanAttack
		}
	}

	enum UnitClassification_e
	{
		Normal = 0,
		Elite,
		RareElite,
		WorldBoss,
		Rare,
	};
	static int UnitClassification(PVOID unit)
	{
		DWORD _UnitClassification = 0x00605620;
		__asm
		{
			mov     ecx, unit
			call	_UnitClassification
		}
	}
```

----------


## tutrakan

Yes, UnitCanAttack is right and very usefull.

I'm really curious, how you manage to reveal such a class structures. Do you use some tool or you have a specific technique for?

----------


## DarkLinux

I use CE to debug / view structures, and then when coding I use a program called ReClass. Coded by DrUnKeN ChEeTaH but its open source so many people are updating it (GitHub - dude719/Reclass-2016: ReClass 2016)

Unless you are talking about args being sent when calling, thats just debugging with CE.

----------


## danwins

Referencing the warden scans on kronos figured i would share:



```
warden_dump ( Kronos )
Addr	  Size  Desc
0x40362B  0x03  Warden::sub_403620
0x49F6F2  0x03  Script_SendChatMessage
0x538610  0x04  some jump table warden related?
0x5E642C  0x05  func referencing some dword player_c / spell related
0x680B81  0x05  unknown
0x6CEE4E  0x05  unknown
0x60BFA0  0x02  CGUnit_C::OnRightClick -> loot while mounted
0x482ED8  0x06  CGWorldFrame::OnWorldUpdate modify unit -> desc -> UNIT_FIELD_FLAGS
0x5ED2E3  0x06  CGPlayer_C::CanTrackObject
0x6334F0  0x01  unknown some float @ 80DFFC
0x636598  0x01  unknown some float @ 80DFFC 0.6427876353f
0x494A50  0x07  CGGameUI::CanPerformAction
0x7C63A8  0x04  Movement Related
0x518062  0x01  Script_UnitLevel UnitReaction related?
0x4711E0  0x02  CCharCreateInfo::CreateCharacter
0x67063E  0x01  unknown
0x6AB494  0x01  unknown
0x60BFBF  0x02  CGUnit_C::OnRightClick loot related
0x60FC30  0x04  sub_60FB60 auto follow related
0x7C4955  0x03  CMovementData::GetPosition
0x60FF65  0x02  CGUnit_C::sub_60FED0 tracking/follow related
0x6AB1BF  0x03  unknown
0x6CEE5B  0x06  unknown
0x7C625E  0x02  Infinite Jump
0x6341E3  0x02  unknown ( movement related? )
0x636ED4  0x01  unknown some float @ 80DFFC
0x7C705C  0x06  unknown
0x7C6206  0x0B  unknown player move flags related
0x5ED28D  0x06  CGPlayer_C::CanTrackUnit
0x7C69A0  0x03  unknown
0x5EC720  0x08  CGPlayer_C::GetLanguageSkill
0x615BA7  0x04  unknown
0x4711EA  0x01  CCharCreateInfo::CreateCharacter
0x49F5DD  0x01  Script_SendChatMessage
0x63379C  0x01  unknown some float @ 80DFFC
0x60F7C9  0x06  unknown
0x635C3A  0x01  unknown some float @ 80DFFC
0x60FF71  0x01  CGUnit_C::sub_60FED0 tracking/follow related
0x60BFB1  0x02  CGUnit_C::OnRightClick
0x6163DB  0x03  Anti Root
0x7C33DA  0x03  unknown
0x7C63DD  0x03  movement related
0x618919  0x04  unknown
0x87D894  0x04  some float .data default value 60.148003f
0x7C6E83  0x07  Swimming related
0x618917  0x06  unknown
0x80DFFC  0x04  some float .data default value 0.64278764f
0x7C6269  0x04  Jump related
0x7C6272  0x04  Jump Gravity
0x615CF5  0x01  movement related jump table?
0x7C625F  0x01  Jump related
0x7C63DA  0x03  movement related?
0x6341BC  0x02  unknown
0x7C63D9  0x01  movement related?
0x7C63BD  0x03  movement related?
0x618918  0x04  movement related?
0x5ABD50  0x06  ClientServices_CharacterValidateName
0x7C620D  0x02  movement related?
0x5FE54F  0x01  CGUnit_C::UpdateBaseAnimation
0x616749  0x02  CMovement::MoveUnit
0x60F650  0x06  unknown
0x482BE3  0x01  CGWorldFrame::sub_482AD0
0x6163DE  0x0A  Anti Root
0x6ABF13  0x01  unknown
0x6A467B  0x01  unknown
0x6CA1B5  0x01  WardenClient_Process
0x6D2743  0x06  unknown
0x636198  0x01  unknown
```

Does anyone know what function is at 0x7C6340 it looks movement related, and makes calles to CMovementData::GetPosition and CMovementData::GetFacing

and also the float at 0x80DFFC its usually 0.6427876353f

----------


## namreeb

> Does anyone know what function is at 0x7C6340 it looks movement related, and makes calles to CMovementData::GetPosition and CMovementData::GetFacing


It is InitMovementStatus() and initializes the local client's movement status structure.

----------


## greenthing

> I use CE to debug / view structures, and then when coding I use a program called ReClass. Coded by DrUnKeN ChEeTaH but its open source so many people are updating it (GitHub - dude719/Reclass-2016: ReClass 2016)
> 
> Unless you are talking about args being sent when calling, thats just debugging with CE.


GitHub - KN4CK3R/ReClass.NET: A ReClass port to the .NET platform.
FYI.

----------


## DarkLinux

Looked over some of the elysium warden scan and was a little lost on some of them,



```
LocalPlayer + 0 	//VTable Scan?
LocalPlayer + A20 	//fallStartTime (edit danwins)
LocalPlayer + A2C 	//Move Speed
LocalPlayer + A34 	//Forward speed? (value = 7.f)
LocalPlayer + A60 	//collision box Z (edit NotJuJuBoSc)
LocalPlayer + 9E8  	//MovementFlags (Movement Struct)

localPayerDescriptor + 0x58 //Health
```

Why would they be scanning things like health? Why would they scan the vtable pointer, and then not scan any of the entries? I know someone could spoof the full table, but odd they dont check any other pointers.They scan some flags / states, cant the client be desynced and normal players get flagged?

They are also scanning a pointer to the LocalPlayer, must be for a clientless client check.

----------


## NotJuJuBoSc

> Looked over some of the elysium warden scan and was a little lost on some of them,
> 
> 
> 
> ```
> LocalPlayer + 0 	//VTable Scan?
> LocalPlayer + A20 	//Move state 
> LocalPlayer + A2C 	//Move Speed
> LocalPlayer + A34 	//Forward speed? (value = 7.f)
> ...


Their Warden is actually really interesting, they use memory scan warden's function as a "server side" memory reader.

They start reading 4 bytes @ 00C7BCD4 CWorldScene__camTargEntity in the first warden scan packet, then when the client answer with those 4 bytes, (which is actually a pointer), they add 0x88 to get another pointer and so on, so they can read player object info and compare them server side.

Really clever against clientless bot (not hard once you get it, but still, annoying to handle), great job @ Elysium  :Smile:

----------


## culino2

> Why would they be scanning things like health?


On MangosZero there was an exploit to gather herbs and open chests while dead by setting the health > 0.

----------


## DarkLinux

@culino2
Oh thats why, good to know  :Big Grin: 

@NotJuJuBoSc
That is so cool, they really did think outside the box. I guess they could scan anything with that method. Hmm they could even upload modules or pages. I better add some type of check for a linear scan. Warden does not have a way to write to memory I hope?

----------


## namreeb

With the currently available Warden modules from pre-cata, to my knowledge there is no way to write memory with it.

----------


## danwins

warden module as dll (since the one posted in the other thread has messed up imports)

79c0768d657977d697e10bad956cced1.zip

----------


## culino2

For the above Warden module:



```
0x4F90 Warden_AddTwoNumbers
0x1180 Warden_Return0
0x6230 Warden_Return1
0x1940 Warden_GetProcAddress
0x3520 Warden_GetModuleHandle
0x7988 Warden_TlsSetValue
0x1834 Warden_SHA1Init
0x2AA4 Warden_SHA1Update
0x5379 Warden_SHA1Final
0x5906 Warden_SHA1Hash
0x7494 Warden_SHA1Transform
0x63B8 Warden_Process (called from the client in WardenClient::Process at WoW client offset 0x006CA190)
0x2A7F Warden_CopyMem
0x1780 Warden_CallCopyMem (scanned by Nostalrius with PageCheck)
0x4099 Warden_OnPacket
0x4EB0 Warden_PacketFinialize (adds 4 byte checksum and 2 byte size iirc)
0x3DF4 Warden_RC4CryptPacket
0x2CCF Warden_WoWClientSendWardenData
0x7850 Warden_PacketPutInt8
0x7890 Warden_PacketPutInt32
0x1C80 Warden_PacketPutBytes
0x78D0 Warden_PacketGetInt8
0x7910 Warden_PacketGetInt32
0x3ED2 Warden_PacketGetString
0x62F0 Warden_PacketGetBytes
0x5BD0 Warden_StorePageScanInfo (first parameter is 1 if warden should also check pages with PE headers, second is hash, third seed, fourth offset, last size)
0x1000 Warden_PageCheckHashAndCompare
0x79A0 Warden_ComparePageCheckHash (compare calculated memory hash with server hash)
0x1190 Warden_CallProcCheckHashAndCompare (only gets called if both dll + exported function have been found (Warden_GetModuleHandle/Warden_GetProcAddress)
0x1E00 Warden_ProcCheckHashAndCompare (same as above...)
0x2713 Warden_CheckMPQFile (called in Warden_ScanCase) Nostalrius is using it, if you want to test this.
0x2CFD Warden_ScanCase (calls all checks)

Scan functions:

0x11E4 Warden_PageCheckA_B (check 0xB2, 0xBF)
0x3700 Warden_CopyRelativeAddress (check 0xF3, name stolen from Jadd)
0x14D0 Warden_ModuleCheck (check 0xD9)

vftable calls:
0x2D77 leads to Warden_PageCheckA_B
0x332C leads to Warden_CopyRelativeAddress
0x33C9 leads to Warden_ModuleScan
0x3021 leads to Warden_GetModuleHandle
0x3062 leads to Warden_GetProcAddress
0x308E leads to Warden_CallProcCheckHashAndCompare
```

----------


## luckruns0ut

I don't have much knowledge of Warden so forgive the potentially naive question, but is it possible for them to execute any arbitrary code with Warden?

----------


## Corthezz

> I don't have much knowledge of Warden so forgive the potentially naive question, but is it possible for them to execute any arbitrary code with Warden?


Quoting namreeb on this one:




> Sorry to necro this, but it's actually possible to disable this RSA signature check by sending a certain packet from the server which does not have proper sanity checking in the client, and exploit a small arbitrary code execution.

----------


## namreeb

Before anyone asks, no I will not give out the details of that. But suffice it to say the exploit I found is not usable in a production environment.

----------


## danwins

adding to culino2's post:

1.12.1.5875 client references:


```
006CA190  WardenClient_Process
006CA1E0  ActivateNextModule
006CA250  Warden::RawModule::Destroy
006CA290  WardenClient_Destroy2
006CA2F0  WardenClient_Initialize
006CA360  Warden::RawModule::DecryptAndCreate
006CA5C0  WardenClient_HandlePacket
006CA640  WardenClient_Destroy
006CA6A0  Warden::Client::OurLibrary::Data
006CA770  Warden::Client::OurLibrary::ModuleUse
006CA840  Warden::Client::OurLibrary::ModuleCache
006CA8C0  Warden::Client::OurLibrary::MemoryAlloc
006CA8E0  Warden::Client::OurLibrary::MemoryFree
006CA900  Warden::Client::OurLibrary::StateSave
006CA960  Warden::Client::OurLibrary::StateLoad
007A79D0  Warden::RawModule::Create
007A7D80  UnloadWardenModule
```

misc:



```
00811330  s_publicKeyModulus ( used for verification of the module during loading )
00811430  s_publicKeyExponent
00CE8954  s_interface ( pointer to the clients warden interface )
00CE8958  s_wardenLock
00CE8974  s_nextModule
00CE8978  s_currentModule ( pointer to the warden module )
00CE897C  s_moduleInterface ( pointer to the warden object )
00CE8980  s_stateData ( used to store RC4 send/recv key states )
00CE8984  s_stateSize ( size of the RC4 send/recv struct )
00CE8988  s_lastTick
```

warden:


```
functions:

0000185F  Warden_Init
00002707  Warden_MemAlloc ( calls Warden::Client::OurLibrary::MemoryAlloc )
00002916  Warden_MemFree ( calls Warden::Client::OurLibrary::MemoryFree )
0000563B  Warden_Sleep
00005B22  Warden_Destroy ( called from WardenClient_Destroy )
000073A6  Warden_SaveState ( calls Warden::Client::OurLibrary::StateSave saves the warden send/recv rc4 key states? )
00007E83  Warden_LoadPacketHandlers

packet handlers:

00002B77  WARDEN_SMSG_MODULE_USE_handler
000060AB  WARDEN_SMSG_MODULE_CACHE_handler
00006590  WARDEN_SMSG_CHEAT_CHECKS_REQUEST_handler
00005E1E  WARDEN_SMSG_MODULE_INITIALIZE_handler
00001410  WARDEN_SMSG_MEM_CHECKS_REQUEST_handler
00003812  WARDEN_SMSG_HASH_REQUEST_handler
```

----------


## alexsfx

UPDATE2: after 20 minutes of playing I recived 10 packets with request to check ( on Elysium PvE server) :
Elysium PvE(MPQ checks during 20min playing session):


```
 
// so it probably checks dungeons doors
World\Lordaeron\stratholme\Activedoodads\doors\nox_door_plague.m2
World\Kalimdor\onyxiaslair\doors\OnyxiasGate01.m2
World\Generic\Human\Activedoodads\doors\deadminedoor02.m2
World\Kalimdor\silithus\activedoodads\ahnqirajdoor\ahnqirajdoor02.m2
```

 Kronos 1 (drivers checks during 10min playing session):


```
ndis_x86
 IPSect
drvsys_mon
Afd32uu
```

UPDATE: I was wrong they check mpqs according this:


```

+Warden Server package+-----------------------+Command: 2            +Lenght : 484            +=======================+Payload:               0x02 0x41 0x57 0x6f 0x72 0x6c 0x64 0x5c 0x4c 0x6f 0x72 0x64 0x61 0x65 0x72 0x6f 0x6e 0x5c 0x73 0x74 0x72 0x61 0x74 0x68 0x6f 0x6c 0x6d 0x65 0x5c 0x41 0x63 0x74 0x69 0x76 0x65 0x64 0x6f 0x6f 0x64 0x61 0x64 0x73 0x5c 0x64 0x6f 0x6f 0x72 0x73 0x5c 0x6e 0x6f 0x78 0x5f 0x64 0x6f 0x6f 0x72 0x5f 0x70 0x6c 0x61 0x67 0x75 0x65 0x2e 0x6d 0x32 0x31 0x57 0x6f 0x72 0x6c 0x64 0x5c 0x4b 0x61 0x6c 0x69 0x6d 0x64 0x6f 0x72 0x5c 0x6f 0x6e 0x79 0x78 0x69 0x61 0x73 0x6c 0x61 0x69 0x72 0x5c 0x64 0x6f 0x6f 0x72 0x73 0x5c 0x4f 0x6e 0x79 0x78 0x69 0x61 0x73 0x47 0x61 0x74 0x65 0x30 0x31 0x2e 0x6d 0x32 0x39 0x57 0x6f 0x72 0x6c 0x64 0x5c 0x47 0x65 0x6e 0x65 0x72 0x69 0x63 0x5c 0x48 0x75 0x6d 0x61 0x6e 0x5c 0x41 0x63 0x74 0x69 0x76 0x65 0x64 0x6f 0x6f 0x64 0x61 0x64 0x73 0x5c 0x64 0x6f 0x6f 0x72 0x73 0x5c 0x64 0x65 0x61 0x64 0x6d 0x69 0x6e 0x65 0x64 0x6f 0x6f 0x72 0x30 0x32 0x2e 0x6d 0x32 0x44 0x57 0x6f 0x72 0x6c 0x64 0x5c 0x4b 0x61 0x6c 0x69 0x6d 0x64 0x6f 0x72 0x5c 0x73 0x69 0x6c 0x69 0x74 0x68 0x75 0x73 0x5c 0x61 0x63 0x74 0x69 0x76 0x65 0x64 0x6f 0x6f 0x64 0x61 0x64 0x73 0x5c 0x61 0x68 0x6e 0x71 0x69 0x72 0x61 0x6a 0x64 0x6f 0x6f 0x72 0x5c 0x61 0x68 0x6e 0x71 0x69 0x72 0x61 0x6a 0x64 0x6f 0x6f 0x72 0x30 0x32 0x2e 0x6d 0x32 0x00 0x28 0x8c 0x00 0x64 0x6f 0x84 0x00 0x06 0x8c 0x00 0x10 0x86 0x53 0x00 0x04 0x8c 0x00 0x2b 0x36 0x40 0x00 0x03 0x8c 0x00 0xb5 0xa1 0x6c 0x00 0x01 0x8c 0x00 0xe3 0x2b 0x48 0x00 0x01 0x8c 0x00 0x50 0xf6 0x60 0x00 0x06 0x8c 0x00 0x17 0x1c 0x4d 0x00 0x02 0xe7 0x01 0xe7 0x02 0xe7 0x03 0xe7 0x04 0xc0 0x82 0xd7 0xe5 0xcb 0xc8 0xd2 0xf7 0x8a 0x79 0x1e 0x18 0x9b 0xab 0x3f 0xd5 0xd4 0x34 0x2b 0xf7 0xeb 0x0c 0xa3 0xf1 0x29 0x3c 0x21 0x01 0x00 0x07 0xc0 0xa4 0x44 0x51 0x9c 0xc4 0x19 0x52 0x1b 0x6d 0x39 0x99 0x0c 0x1d 0x95 0x32 0x9c 0x8d 0x94 0xb5 0x92 0x26 0xcb 0xaa 0x98 0x7b 0x40 0x00 0x00 0x20 0xc0 0x3a 0x0f 0x89 0x85 0xe7 0x01 0x34 0x3e 0x43 0x9c 0x74 0xb6 0x75 0xc7 0x2b 0xbe 0x2d 0x88 0x10 0xa7 0x45 0x56 0x99 0x13 0x90 0xaf 0x05 0x00 0x0a 0xcd 0x55 0xd1 0x88 0x98 0x3a 0x33 0xc0 0x6f 0xb1 0xf3 0x87 0x2e 0x71 0x4c 0x9d 0xe1 0xcf 0x2f 0x41 0x65 0xea 0x95 0xde 0xe8 0x8e 0x2a 0x00 0x00 0x15 0xc0 0xda 0xf4 0xa6 0xd9 0xb1 0xf6 0x6a 0x35 0x2c 0xd9 0x20 0x35 0x54 0x77 0xd4 0x0b 0xac 0xef 0xf1 0xfc 0x7d 0xd1 0xcf 0x1c 0x80 0x5e 0x04 0x00 0x0b 0xcd 0xdb 0xa0 0xfb 0x45 0x2d 0x78 0x42 0x26 0x11 0x5e 0x8b 0x3e 0xcd 0xde 0x70 0xcd 0xca 0x8d 0x10 0x5f 0x77 0x82 0xf8 0x5f 0x9d 0x12 0x00 0x00 0x20 0x7f +===============================+End of package                 +=============================== 


```



Some warden server packets that I explored on Elysium. This is strange but on both servers Kronos and Elysium I havent seen any lua string,mpqs, and drivers checks. These are Elysium packets:



```

// decrypted packets+==============================++Warden Server packets++-----------------------------++Command: 2            +Lenght : 261            +==============================++Payload:               0x02 0x00 0x28 0x8c 0x00 0x64 0x6f 0x84 0x00 0x06 0x8c 0x00 0x72 0x62 0x7c 0x00 0x04 0x8c 0x00 0x5e 0x62 0x7c 0x00 0x02 0x8c 0x00 0xdb 0x63 0x61 0x00 0x02 0x8c 0x00 0xf5 0x5c 0x61 0x00 0x01 0x8c 0x00 0x5f 0x62 0x7c 0x00 0x01 0x8c 0x00 0xda 0x63 0x7c 0x00 0x04 0x8c 0x00 0xbc 0x41 0x63 0x00 0x02 0x8c 0x00 0x49 0x67 0x61 0x00 0x02 0x8c 0x00 0x4f 0xe5 0x5f 0x00 0x01 0x8c 0x00 0xe3 0x41 0x63 0x00 0x02 0xc0 0x82 0xd7 0xe5 0xcb 0xc8 0xd2 0xf7 0x8a 0x79 0x1e 0x18 0x9b 0xab 0x3f 0xd5 0xd4 0x34 0x2b 0xf7 0xeb 0x0c 0xa3 0xf1 0x29 0x3c 0x21 0x01 0x00 0x07 0xc0 0xa4 0x44 0x51 0x9c 0xc4 0x19 0x52 0x1b 0x6d 0x39 0x99 0x0c 0x1d 0x95 0x32 0x9c 0x8d 0x94 0xb5 0x92 0x26 0xcb 0xaa 0x98 0x7b 0x40 0x00 0x00 0x20 0xc0 0x3a 0x0f 0x89 0x85 0xe7 0x01 0x34 0x3e 0x43 0x9c 0x74 0xb6 0x75 0xc7 0x2b 0xbe 0x2d 0x88 0x10 0xa7 0x45 0x56 0x99 0x13 0x90 0xaf 0x05 0x00 0x0a 0xcd 0x55 0xd1 0x88 0x98 0x3a 0x33 0xc0 0x6f 0xb1 0xf3 0x87 0x2e 0x71 0x4c 0x9d 0xe1 0xcf 0x2f 0x41 0x65 0xea 0x95 0xde 0xe8 0x8e 0x2a 0x00 0x00 0x15 0xc0 0xda 0xf4 0xa6 0xd9 0xb1 0xf6 0x6a 0x35 0x2c 0xd9 0x20 0x35 0x54 0x77 0xd4 0x0b 0xac 0xef 0xf1 0xfc 0x7d 0xd1 0xcf 0x1c 0x80 0x5e 0x04 0x00 0x0b 0xcd 0xdb 0xa0 0xfb 0x45 0x2d 0x78 0x42 0x26 0x11 0x5e 0x8b 0x3e 0xcd 0xde 0x70 0xcd 0xca 0x8d 0x10 0x5f 0x77 0x82 0xf8 0x5f 0x9d 0x12 0x00 0x00 0x20 0x7f +==============================++End of packet                +==============================++==============================++Warden Server packet++-----------------------------++Command: 2            +Lenght : 18            +==============================++Payload:               0x02 0x00 0x28 0x8c 0x00          // memcheck0x10 0x2c 0x82 0x00 0x06          // 0x00822c10  reads 0x06 bytes at  wow .rdata section0x8c 0x00 0xd4 0xbc 0xc7          // 0x00c7bcd4  reads 0x04 bytes at  wow .data section0x00 0x04 0x7f +===============================++End of packet                 ++===============================++===============================++Warden Server packet++------------------------------++Command: 2            +Lenght : 18            +===============================++Payload:               0x02 0x00 0x28 0x8c 0x00          // another memcheck0x10 0x2c 0x82 0x00 0x06          // reads the same bytes as before0x8c 0x00 0xd4 0xbc 0xc7 0x00 0x04 0x7f +===============================++End of packet                 +===============================+// And so on 


```

----------


## danwins

I'm surprised you guys can even get on elysium, its perpetually down for me (ddos i guess?)

----------


## danwins

Are there any private servers that actually make use of the Lua string check in the 79c0768d657977d697e10bad956cced1 module?

Elysium seem to leave the FrameScript::GetText unchanged from the warden implementation on tom_rus github *here* ( 0x00819D40 )

the other functions are as expected:



```
006477A0  SFile::Open
006487F0  SFile::GetFileSize
00648460  SFile::Read
00648730  SFile::Close
00819D40  FrameScript::GetText     // offset from different binary
0042C010  OsGetAsyncTimeMs
```

----------


## alexsfx

> Are there any private servers that actually make use of the Lua string check in the 79c0768d657977d697e10bad956cced1 module?
> 
> Elysium seem to leave the FrameScript::GetText unchanged from the warden implementation on tom_rus github *here* ( 0x00819D40 )
> 
> the other functions are as expected:
> 
> 
> 
> ```
> ...


Does Warden module use SFile::Open to open MPQs?

Did I understand correctly?
Via packet WARDEN_SMSG_MODULE_INITIALIZE server initializes warden's module functions that it uses to check mpq files, lua strings , time check and so on .
And offsets of those functions depends on client version , right?

----------


## danwins

That is what it looks like to me.

heres my warden struct so far ( pointed to by s_moduleInterface ):


```
struct Warden
{
  int 		field_0;
  int		field_4;
  int 		field_8;
  int 		field_C;
  int 		field_10;
  int 		field_14;
  WardenLib*	m_WardenLib;		// pointer to s_interface
  void*		m_ModuleSomething;	// something to do with downloading the warden module from the server
  KeyStates	m_KeyStates;		// struct with the warden rc4 send/recv key states
  unk_vmt*	unkPointer1;		// points to the vmt at 0x8238
  char 		m_packetBuffer[516];
  int 		m_packetBufferSize;
  int 		field_434[226];
  unk1		fnFuncImports;		// array of function pointers inside the wow binary
};

struct unk1
{
  int		field_0;
  int		field_4;
  int		field_8;
  int		field_C;
  int		SFile_Open;		// points to SFile::Open in the wow binary
  int		SFile_GetFileSize;	// points to SFile::GetFileSize in the wow binary
  int		SFile_Read;		// points to SFile::Read in the wow binary
  int		SFile_Close;		// points to SFile::Close in the wow binary
  int		field_20;
  int		field_24;
  int		field_28;
  int		FrameScript_GetText;	// should point to FrameScript_GetText but doesnt?
  int		OsGetAsyncTimeMs;	// points to OsGetAsyncTimeMs in the wow binary
};

struct KeyStates
{
  rc4_state	m_RC4SendKey;		// RC4 send key state
  rc4_state	m_RC4RecvKey;		// RC4 recv key state
  int		m_index;		// some index counter
};

struct rc4_state
{
  char		perm[256];
  char		index1;
  char		index2;
};
```

example of mpq check:

1. Warden_ScanCase ( 0x2CFD ):



```
...
if ( checkType == MPQ_CHECK )
  {
    Warden_PacketGetInt8(v6, &pck);
    if ( *(v6 + 8) <= *(v6 + 4) )
    {
      if ( !Warden_PacketGetString(warden, index, &string) )
        return 4;
      a3a = &off_815C;
      sha1_init(&context);
      if ( !Warden_CheckMPQFile(&warden->fnFuncImports, &string, &a3a, warden != 0 ? &warden->field_14 : 0) )
        goto LABEL_67;
      sha1_finish(&context, &digest);
      v31 = v44;
      Warden_PacketPutInt8(*(v44 + 12), 0);
      v32 = *(v31 + 12);
      qmemcpy(&v39, &digest, 0x14u);
      Warden_PacketPutBytes(v32, 0x14u, &v39);
      return 0;
    }
    return 3;
  }
...
```

2. inside the Warden_CheckMPQFile function:



```
char __userpurge [email protected]<al>(unk1 *[email protected]<edi>, int string, void (__stdcall ***a3)(_DWORD, _DWORD), int a4)
{
  int v4; // [email protected]
  int v5; // [email protected]
  char v6; // [email protected]
  bool v7; // [email protected]
  int v8; // [email protected]
  int v9; // [email protected]
  int v10; // [email protected]
  signed int v12; // [email protected]
  bool v13; // [email protected]
  int v14; // [email protected]
  __int64 v15; // [sp+8h] [bp-18h]@13
  int v16; // [sp+14h] [bp-Ch]@22
  int v17; // [sp+18h] [bp-8h]@5
  int v18; // [sp+1Ch] [bp-4h]@1

  v4 = a4;
  v5 = (**a4)(a4, 0x4000);
  v6 = 0;
  v7 = LOBYTE(fnFuncList->field_24) == 0;
  v18 = v5;
  if ( v7 )
    goto LABEL_10;
  v8 = fnFuncList->field_20;
  if ( !v8 )
    goto LABEL_10;
  v9 = v8 - 1;
  if ( v9 )
  {
    if ( v9 != 1 )
    {
LABEL_10:
      (*(*v4 + 4))(v4, v18);
      return 0;
    }
    v10 = (fnFuncList->SFile_Open)(string, &v17);
  }
  else
  {
    v10 = (fnFuncList->field_0)(string, &v17);
  }
  if ( !v10 )
    goto LABEL_10;
  if ( !sub_5C57(v17) )
  {
    (*(*a4 + 4))(v18);
    sub_7947(v17);
    return 0;
  }
  if ( HIDWORD(v15) > 0 )
    goto LABEL_17;
LABEL_14:
  if ( v15 <= 0 )
  {
    v6 = 1;
  }
  else
  {
    while ( 1 )
    {
      if ( HIDWORD(v15) <= 0 && (v12 = v15, v15 <= 0x4000) )
      {
        if ( v15 > 0xFFFFFFFF )
          break;
      }
      else
      {
LABEL_17:
        v12 = 0x4000;
      }
      if ( fnFuncList->field_20 == 1 )
      {
        v13 = (fnFuncList->field_8)(v17, v18, v12, &v16, 0) != 0;
        v14 = v13 != 0 ? v16 : 0;
      }
      else
      {
        if ( fnFuncList->field_20 != 2 )
          break;
        v13 = (fnFuncList->SFile_Read)(v17, v18, v12, &string, 0, 0) != 0;
        v14 = v13 != 0 ? string : 0;
      }
      if ( !v13 || v12 != v14 )
        break;
      (**a3)(v18, v12);
      v15 -= v12;
      if ( !HIDWORD(v15) )
        goto LABEL_14;
    }
  }
  (*(*a4 + 4))(v18);
  sub_7947(v17);
  return v6;
}
```

----------


## alexsfx

> That is what it looks like to me.
> 
> heres my warden struct so far ( pointed to by s_moduleInterface ):
> 
> 
> ```
> struct Warden
> {
>   int 		field_0;
> ...


Thank you man alot for your research

----------


## alexsfx

I think here :



> ```
> ...
> 
> if ( checkType == MPQ_CHECK )
> {
>     Warden_PacketGetInt8(v6, &pck);
>     if ( *(v6 + 8) <= *(v6 + 4) )
>     {
>       if ( !Warden_PacketGetString(warden, pck, &string) )
> ...


should be :


```
...

if ( checkType == MPQ_CHECK )
  {
    Warden_PacketGetInt8(v6, &index);
    if ( *(v6 + 8) <= *(v6 + 4) )
    {
      if ( !Warden_PacketGetString(warden, index, &string) )
        return 4;
       ...
      return 0;
    }
    return 3;
  }
...
```

according this:


```
...
void WardenWin::RequestData()
{
    ...
    for (uint16 i = 0; i < sWorld.getConfig(CONFIG_UINT32_WARDEN_NUM_OTHER_CHECKS); ++i)
    {
         switch (wd->Type)
         {
            case MPQ_CHECK:
            case LUA_STR_CHECK:
            case DRIVER_CHECK:
                buff << uint8(wd->Str.size());
                buff.append(wd->Str.c_str(), wd->Str.size());
                break;
            default:
                break;
        }
    }
    ...
    for (std::list<uint16>::iterator itr = _currentChecks.begin(); itr != _currentChecks.end(); ++itr)
    {
        wd = sWardenCheckMgr->GetWardenDataById(build, *itr);
        type = wd->Type;
        buff << uint8(type ^ xorByte);
        if (wd)
        {
               ....
            switch (wd->Type)
            {
                ....
                case MPQ_CHECK:
                case LUA_STR_CHECK:
                {
                    buff << uint8(index++);
                    break;
                }
                ...
                default:
                    break;
            }
        }
    }
    ...

}
..
```

----------


## danwins

this is correct, mine is just broken due to horrible calling conventions and lazyness

----------


## TOM_RUS

I see you guys are digging something I already did back in 2010, may be you can make some use of this stuff warden.zip.

----------


## danwins

@tom_rus what date/build did you dump the 79c0768d657977d697e10bad956cced1 module from?

----------


## TOM_RUS

> @tom_rus what date/build did you dump the 79c0768d657977d697e10bad956cced1 module from?


I don't remember exact date/build, but that was around 3.3.x time frame.

----------


## danwins

Did you ever get the Lua check working on 1.12.1? it looks like there a two different ones with different calling conventions:



```
int (__fastcall *)(char *, _DWORD, _DWORD)	// Function1
int (__cdecl *)(char *, _DWORD, _DWORD)		// Function2
```

it looks like the first one matches the 1.12.1 GetText function:



```
const char *__fastcall FrameScript_GetText(const char *, int, int)
```

so i assume its possible to get it working but ive yet to see anyone do it.

----------


## alexsfx

> I see you guys are digging something I already did back in 2010, may be you can make some use of this stuff warden.zip.


Thank you man too. Your job is really impressive.

----------


## luckruns0ut

[player object] + 0xB4C (4 bytes)

Can be used to determine if you have an active fishing bobber. I'm not exactly sure what it is but the 4 bytes get set whenever a cast successfully lands, otherwise they are zero. It's probably a pointer to the bobber but I'm not sure.

Also does anyone have a suggestion as to why my object manager isn't finding fishing bobbers? It finds everything else fine... Am I right in thinking that they are still GameObjects (object type 5) in Vanilla?

Edit: was a problem reading the displayid descriptor (no sleep ftw)

----------


## DarkLinux

> Also does anyone have a suggestion as to why my object manager isn't finding fishing bobbers? It finds everything else fine... Am I right in thinking that they are still GameObjects (object type 5) in Vanilla?


I have not had any problems with fishing, I'm just checking GameObject == 5, GAMEOBJECT_DISPLAYID == 668 and GAMEOBJECT_STATE == 0.

----------


## DarkLinux

```
ClientDB Zones 0x00C0E048

CurrentZoneID 0x00468580
```

----------


## danwins

dbcs(not rebased)


```
00C0E06C g_animationDataDB
00C0E058 g_areaPOIDB
00C0E044 g_areaTableDB
00C0E030 g_areaTriggerDB
00C0E01C g_attackAnimKitsDB
00C0E004 g_attackAnimTypesDB
00C0DFF0 g_auctionHouseDB
00C0DFDC g_bankBagSlotPricesDB
00C0DFC8 g_cameraShakesDB
00C0DFB4 g_cfg_CategoriesDB
00C0DFA0 g_cfg_ConfigsDB
00C0DF28 g_characterFacialHairStylesDB
00C0DF8C g_charBaseInfoDB
00C0DF78 g_charHairGeosetsDB
00C0DF64 g_charSectionsDB
00C0DF50 g_charStartOutfitDB
00C0DF3C g_charVariationsDB
00C0DF14 g_chatChannelsDB
00C0DF00 g_chatProfanityDB
00C0DEEC g_chrClassesDB
00C0DED8 g_chrRacesDB
00C0DEC4 g_cinematicCameraDB
00C0DEB0 g_cinematicSequencesDB
00C0DE88 g_creatureDisplayInfoDB
00C0DE9C g_creatureDisplayInfoExtraDB
00C0DE74 g_creatureFamilyDB
00C0DE60 g_creatureModelDataDB
00C0DE4C g_creatureSoundDataDB
00C0DE38 g_creatureSpellDataDB
00C0DE24 g_creatureTypeDB
00C0DE10 g_deathThudLookupsDB
00C0DDFC g_durabilityCostsDB
00C0DDE8 g_durabilityQualityDB
00C0DDD4 g_emotesDB
00C0DD98 g_emotesTextDB
00C0DDC0 g_emotesTextDataDB
00C0DDAC g_emotesTextSoundDB
00C0DD84 g_environmentalDamageDB
00C0DD70 g_exhaustionDB
00C0DD48 g_factionDB
00C0DD5C g_factionGroupDB
00C0DD34 g_factionTemplateDB
00C0DD20 g_footprintTexturesDB
00C0DD0C g_footstepTerrainLookupDB
00C0DCF8 g_gameObjectArtKitDB
00C0DCE4 g_gameObjectDisplayInfoDB
00C0DCD0 g_gameTipsDB
00C0DCBC g_gMSurveyCurrentSurveyDB
00C0DCA8 g_gMSurveyQuestionsDB
00C0DC94 g_gMSurveySurveysDB
00C0DC80 g_gMTicketCategoryDB
00C0DC6C g_groundEffectDoodadDB
00C0DC58 g_groundEffectTextureDB
00C0DC44 g_helmetGeosetVisDataDB
00C0DC30 g_itemBagFamilyDB
00C0DC1C g_itemClassDB
00C0DC08 g_itemDisplayInfoDB
00C0DBF4 g_itemGroupSoundsDB
00C0DBE0 g_itemPetFoodDB
00C0DBCC g_itemRandomPropertiesDB
00C0DBB8 g_itemSetDB
00C0DB90 g_itemSubClassDB
00C0DBA4 g_itemSubClassMaskDB
00C0DB7C g_itemVisualEffectsDB
00C0DB68 g_itemVisualsDB
00C0DB40 g_languagesDB
00C0DB54 g_languageWordsDB
00C0DB2C g_lfgDungeonsDB
00CE9D60 g_lightDB
00CE9D88 g_lightFloatBandDB
00CE9D9C g_lightIntBandDB
00CE9D74 g_lightParamsDB
00CE9DB0 g_lightSkyboxDB
00C0DB18 g_liquidTypeDB
00C0DAF0 g_loadingScreenTaxiSplinesDB
00C0DB04 g_loadingScreensDB
00C0DADC g_lockDB
00C0DAC8 g_lockTypeDB
00C0DAB4 g_mailTemplateDB
00C0DAA0 g_mapDB
00C0DA8C g_materialDB
00C0DA64 g_nPCSoundsDB
00C0DA78 g_nameGenDB
00C0DA50 g_namesProfanityDB
00C0DA3C g_namesReservedDB
00C0DA28 g_packageDB
00C0DA14 g_pageTextMaterialDB
00C0DA00 g_paperDollItemFrameDB
00C0D9EC g_petLoyaltyDB
00C0D9D8 g_petPersonalityDB
00C0D9C4 g_questInfoDB
00C0D9B0 g_questSortDB
00C0D99C g_resistancesDB
00C0D988 g_serverMessagesDB
00C0D974 g_sheatheSoundLookupsDB
00C0D960 g_skillCostsDataDB
00C0D924 g_skillLineDB
00C0D94C g_skillLineAbilityDB
00C0D938 g_skillLineCategoryDB
00C0D910 g_skillRaceClassInfoDB
00C0D8FC g_skillTiersDB
00C0D8E8 g_soundAmbienceDB
00C0D8D4 g_soundEntriesDB
00C0D8C0 g_soundProviderPreferencesDB
00C0D8AC g_soundSamplePreferencesDB
00C0D898 g_soundWaterTypeDB
00C0D884 g_spamMessagesDB
00C0D780 g_spellDB
00C0D870 g_spellCastTimesDB
00C0D85C g_spellCategoryDB
00C0D848 g_spellChainEffectsDB
00C0D834 g_spellDispelTypeDB
00C0D820 g_spellDurationDB
00C0D80C g_spellEffectCameraShakesDB
00C0D7F8 g_spellFocusObjectDB
00C0D7E4 g_spellIconDB
00C0D7D0 g_spellItemEnchantmentDB
00C0D7BC g_spellMechanicDB
00C0D7A8 g_spellRadiusDB
00C0D794 g_spellRangeDB
00C0D76C g_spellShapeshiftFormDB
00C0D730 g_spellVisualDB
00C0D758 g_spellVisualEffectNameDB
00C0D744 g_spellVisualKitDB
00C0D71C g_stableSlotPricesDB
00C0D708 g_stationeryDB
00C0D6F4 g_stringLookupsDB
00C0D6E0 g_talentDB
00C0D6CC g_talentTabDB
00C0D6B8 g_taxiNodesDB
00C0D690 g_taxiPathDB
00C0D6A4 g_taxiPathNodeDB
00C0D67C g_terrainTypeDB
00C0D668 g_terrainTypeSoundsDB
00C0D654 g_transportAnimationDB
00C0D640 g_uISoundLookupsDB
00C0D618 g_unitBloodDB
00C0D62C g_unitBloodLevelsDB
00C0D604 g_vocalUISoundsDB
00C0D5DC g_weaponImpactSoundsDB
00C0D5C8 g_weaponSwingSounds2DB
00C0D5F0 g_wMOAreaTableDB
00C0D5B4 g_worldMapAreaDB
00C0D5A0 g_worldMapContinentDB
00C0D58C g_worldMapOverlayDB
00C0D578 g_worldSafeLocsDB
00C0D564 g_worldStateUIDB
00C0D550 g_zoneIntroMusicTableDB
00C0D53C g_zoneMusicDB
```

ida py rename script(not rebased)
Paste2.org - Viewing Paste xZKmbUFk

struct:



```
struct WowClientDB
{
  void *m_records;
  int m_numRecords;
  void **m_recordsById;
  int m_maxId;
  int m_loaded;
};
```



```
struct AreaTableRec
{
  int m_ID;				// Unique ID
  int m_map;				// The map on which the area is located.
  int m_parentAreaTable;		// Refers the parent area if set.
  signed int m_areaBit;
  signed int m_flags;
  int m_soundPreferences;		// Sound settings when moving while in this area.
  int m_soundPreferencesUnderwater;	// Sound settings when moving in water while in this area.
  int m_soundAmbience;			// Background sounds — birds, falling leafs, etc. — playing when in this area.
  int m_zoneMusic;			// The background music when playing in this area.
  int m_zoneIntroMusicTable;		// Music played upon entering the area.
  signed int m_explorationLevel;	// The suggested character level for exploring this area.
  const char* m_areaName_lang[8];	// The name of the area.
  int m_areaName_flag;
  int m_factionGroup;			// References the faction group which owns this area.
  int m_liquidType;			// References the type of liquid to be found in this area.
  signed int m_minElevation;		// Lowest possible Z coordinate for this area.
  float m_ambientMultiplier;		// Modifier for character lighting.
  int m_light;				// References the type of lighting to be seen in this area.
};

struct WowClientDB<AreaTableRec>
{
  AreaTableRec *m_records;
  int m_numRecords;
  AreaTableRec **m_recordsById;
  int m_maxId;
  int m_loaded;
};
```

----------


## jojjster

Quick question: Is it considered safe to patch in a jump into CGxDeviceD3d__ISceneEnd for use on Elysium/Nostalrius?

I have read conflicting views on this, some say it's an address checked by (mangos) Warden while others say that it's safe because other applications like fraps or similar also do this.

----------


## luckruns0ut

If that's the same function you get at entry 42 in the vtable (EndScene), its definitely ok... If its not, its probably still ok (only two I've actually used when playing most are EndScene and Reset)

----------


## luckruns0ut

Check if unit is hostile towards another unit:



```
auto unitIsEnemy = reinterpret_cast<int(__thiscall*)(void* unit1, void* unit2)>(0x6061e0);
```

Will return 2 if they are enemies, 1 if they are friendly.

Can be used to determine if an enemy will aggro to you or not.

Edit:

I just got an account banned on nost-pvp by writing (xor ecx, 0x100) to 0x482ED3 (remove-afk). I spent a while ****ing with different things at that address but when I wrote those exact bytes, it banned me. The people who care about that info probably already know it, but just in case its useful to anyone

----------


## tutrakan

Thanks for the ban info.





> Check if unit is hostile towards another unit:
> 
> 
> 
> ```
> auto unitIsEnemy = reinterpret_cast<int(__thiscall*)(void* unit1, void* unit2)>(0x6061e0);
> ```
> 
> Will return 2 if they are enemies, 1 if they are friendly.
> ...



BTW, the function at 0x006061E0 returns the unit reaction:


```
enum ReputationRank
{
    REP_HATED       = 0,
    REP_HOSTILE     = 1,
    REP_UNFRIENDLY  = 2,
    REP_NEUTRAL     = 3,
    REP_FRIENDLY    = 4,
    REP_HONORED     = 5,
    REP_REVERED     = 6,
    REP_EXALTED     = 7
};
```

If you are looking for a "can attack", there is a function that returns bool at 0x00606980 with the same params/call.conv.

----------


## luckruns0ut

Thanks, I already knew about UnitCanAttack but I intend on weighting my navmesh so that the pathfinding will attempt to avoid aggressive mobs. The other flags are useful, though.

Edit:

Current tick count is at 0xce8988. Not hard to find but I didn't find it posted

----------


## Famous

Does anybody happen to have a named idb for this patch? I ran BinDiff with patch 6.x, not the best results!  :Smile:

----------


## NotJuJuBoSc

> Does anybody happen to have a named idb for this patch? I ran BinDiff with patch 6.x, not the best results!


Just use the 1.0.X.whatever alpha build with pdb as reference, it's pretty straightforward

----------


## nengonon

Hi guys I'm not sure how PQR works internally but is there any way to get it to work with this build(actually for elysium server)? 

Here's an example of the needed offsets:

<CurrentWoWVersion>5875</CurrentWoWVersion>
<WoWVersionOffset>0x00837C0</WoWVersionOffset>
<PlayerName>0x827D88</PlayerName>
<PlayerClass>0x879E89</PlayerClass>
<GetCurrentKeyBoardFocus>0x9CE474</GetCurrentKeyBoardFocus>
<GameState>0x00B4B424</GameState>	
<Lua_DoStringAddress>0x419210</Lua_DoStringAddress>
<Lua_GetLocalizedTextAddress>0x3225E0</Lua_GetLocalizedTextAddress>
<Detour>0xBF0F0</Detour>
<Overwritten>55 8B EC 81 EC F8 00 00 00</Overwritten>

I would appreciate any tip on the matter

----------


## Famous

> Just use the 1.0.X.whatever alpha build with pdb as reference, it's pretty straightforward


Thanks, worked like a charm! Here's the source for anyone else interested (provided by jh16):
[WoW] Binary Collection (Release &amp; PTR) ([WoW] Binary Collection (Release & PTR))

----------


## NotJuJuBoSc

> Hi guys I'm not sure how PQR works internally but is there any way to get it to work with this build(actually for elysium server)? 
> 
> Here's an example of the needed offsets:
> 
> <CurrentWoWVersion>5875</CurrentWoWVersion>
> <WoWVersionOffset>0x00837C0</WoWVersionOffset>
> <PlayerName>0x827D88</PlayerName>
> <PlayerClass>0x879E89</PlayerClass>
> <GetCurrentKeyBoardFocus>0x9CE474</GetCurrentKeyBoardFocus>
> ...


I'm pretty sure Lua_GetLocalizedText doesn't exist in this build so changing the offsets won't help, PQR code need to be modified to use FrameScript_GetText instead.

----------


## tutrakan

Hi guys,
Is there anybody played with the color of the tracking units in the mini map?
I would like to have green dots for friendly, yellow for neutral, red for hostile, etc...
It's ridiculous that in vanilla they are all in red  :Frown:

----------


## f2p

> Hi guys I'm not sure how PQR works internally but is there any way to get it to work with this build(actually for elysium server)? 
> 
> Here's an example of the needed offsets:
> 
> <CurrentWoWVersion>5875</CurrentWoWVersion>
> <WoWVersionOffset>0x00837C0</WoWVersionOffset>
> <PlayerName>0x827D88</PlayerName>
> <PlayerClass>0x879E89</PlayerClass>
> <GetCurrentKeyBoardFocus>0x9CE474</GetCurrentKeyBoardFocus>
> ...


Did you have any luck getting this to work? I'm also after a rotation bot, something like PQR would be perfect for 1.12.1.

----------


## Haugli92

> WoW.exe + 0x0087BCD4 + 0x88 + 0x18 pointers to player guid


This is an old thread, but i think the correct is:

Base (wow.exe) + 0x0087BCD4 + 0x88 + 0x28

----------


## pinny

Hoping this will be useful to someone...
Here is a list of all of the buffs sorted alphabetically and uppercased with their matching ids. I tried to remove as many unused buffs as I could without going too far into it. Hopefully didn't remove any actual in use buffs.

552,ABOLISH DISEASE 2893,ABOLISH POISON 14253,ABOLISH POISON 12884,ACID - Pastebin.com

Personally i'm using this to identify buffs/debuffs on a unit/player.

----------


## Icesythe7

anyone happen to have the address of print locally ie DEFAULT_CHAT_FRAME:AddMessage("hi im here") <== the function that this calls trying to do everything without using wows lua api at all nvm got it

anyone know of a way to get quests already completed? thinking its not possible since ive searched everywhere and cant find it

----------


## DarkLinux

Looking over the leaked NostReturns/Elysium core I found a warden test function, it looks like they are calling a function. Can they do that? Like if a user does not have DEP enabled and a server dev found a way to send some shell code could they execute it? Or even just send a moded warden module? 0x5ABE10 looks like a player dump function.



```
    BigNumber n;
    n.SetHexStr("01000200A0772400F08724006084240030872400040000409D41000101010010C0020001");

    //sLog.outDebug("SERVER WARDEN: Initialize module
    //uint32 callFunc = s_currentModule + 0x5CBC;
    uint32 callFunc = 0x5ABE10;
    callFunc = callFunc - 0x400000;
    uint8 result[8];
    
    result[0] = 0x01;
    result[1] = 0x01;
    result[2] = 0x00;
    result[3] = (callFunc & 0x000000ff);
    result[4] = (callFunc & 0x0000ff00) >> 8;
    result[5] = (callFunc & 0x00ff0000) >> 16;
    result[6] = (callFunc & 0xff000000) >> 24;
    result[7] = 0x01;

    // hex string -> byte[]
    ByteBuffer buff_b, buff_c;
    uint8* temp = n.AsByteArray(0, false);
    buff_c.append(temp, 36);

    buff_b << uint8(0x03);
    buff_b << uint16(20);
    buff_b << uint32(BuildChecksum(buff_c.contents(), 20));
    buff_b.append(buff_c.contents(), 20);

    buff_b << uint8(0x03);
    buff_b << uint16(8);
    buff_b << uint32(BuildChecksum(buff_c.contents() + 20, 8));
    buff_b.append(buff_c.contents() + 20, 8);

    buff_b << uint8(0x03);
    buff_b << uint16(8);
    buff_b << uint32(BuildChecksum(result, 8));
    buff_b.append(result, 8);

    // Encrypt with warden RC4 key.
    EncryptData(const_cast<uint8*>(buff_b.contents()), buff_b.size());

    WorldPacket pkt(SMSG_WARDEN_DATA, buff_b.size());
    pkt.append(buff_b);
    _session->SendPacket(&pkt);
```

----------


## namreeb

That function is called 'ClientServices::Report' and it is used in submitting bug reports.

I imagine that the purpose of trying to call this was to get the computer information it included so as to generate a fingerprint to identify a computer despite account name and IP changes. Useful for tracking spammers etc.. It seems like they are sending it as part of the Warden module initialization packet which sets function pointers to various functions within the binary. DEP would not object. It will be an indirect call from an executable segment (the .text segment of the Warden module) to an executable segment (the .text section of wow.exe in this case). But this does not allow arbitrary code execution. At most it allows calling of an arbitrary function. Note however that if the prototype for the target function does not match the prototype for the function which that Warden module expects, it will likely corrupt the stack.

Edit: in this case it seems like it would corrupt the stack. The prototype for ClientServices::Report is:



```
bool __thiscall ClientServices::Report(int param, const char *category)
```

and the function pointer passed to Warden (assuming they use the same module everyone else does, which I'm sure they do) is invoked like this:



```
Warden:0D69319C 8B 8B 28 02 00 00                             mov     ecx, [ebx+228h]
Warden:0D6931A2 8B 9B EC 07 00 00                             mov     ebx, [ebx+7ECh]
Warden:0D6931A8 85 DB                                         test    ebx, ebx
Warden:0D6931AA 74 0C                                         jz      short loc_D6931B8
Warden:0D6931AC FF D3                                         call    ebx
```

There is no argument pushed to the stack.

Edit 2: The start of ClientServices::Report seems like it is doing something manually to the stack. No idea what. It may actually work.

----------


## DarkLinux

Right but if the server sent some code via a chat message (or some exploit), and they found the pointer to that message they could execute that code if DEP was not enabled. And like you posted, only if that shell code followed the calling convention of the Warden initialization call. Also where does warden do its module check? Do you need to send a valid warden module to make it call that function? Thanks!

--edit

ah I see, its warden doing the call.

----------


## namreeb

> Right but if the server sent some code via a chat message (or some exploit), and they found the pointer to that message they could execute that code if DEP was not enabled. And like you posted, only if that shell code followed the calling convention of the Warden initialization call. Also where does warden do its module check? Do you need to send a valid warden module to make it call that function? Thanks!


Oh, I understand what you're saying. But yes you're right that DEP would prevent that. Unless of course you could find a page of memory that is both writeable and executable and somehow make sure that what you sent to the client was written to that page.




> Also does anyone have the offset for that Warden initialization call? Going to hook it and check every call to see if its the same.


For that warden module, the handler for the opcode 3 message is offset 0x4E1E bytes from the start of the .text segment.

----------


## DarkLinux

Let just hope no one finds such a page that the server can write to. Would really shake up the emu scene. At minimum everyone should double check they have DEP enabled. Time to see if the client has any character checks on quest text  :Big Grin:  I guess it would be easy to detect warden looping over the itemDB/questDB.

----------


## namreeb

In case you didn't see it, I released some research I did into arbitrary Warden module signing in December/January: GitHub - namreeb/WardenSigning: Experimenting with Warden signature cracking

----------


## DarkLinux

Yes I have looked over your repo on WardenSigning, really nice job, wish more came of it.

I am curious if anyone has a different version of fmod.dll (MD5 - B8D0CCE2CA1CC850C8C6F25A70D855E6). It looks to be the only module with a read/write/execute page. I think it would be a stretch to get wow to load a buffer for fmod with code and not have it crash. And then to find it and execute it.

----------


## tutrakan

> Looking over the leaked NostReturns/Elysium core ...


I love you. I was looking for that kind of source for a long time.

----------


## namreeb

> Yes I have looked over your repo on WardenSigning, really nice job, wish more came of it.
> 
> I am curious if anyone has a different version of fmod.dll (MD5 - B8D0CCE2CA1CC850C8C6F25A70D855E6). It looks to be the only module with a read/write/execute page. I think it would be a stretch to get wow to load a buffer for fmod with code and not have it crash. And then to find it and execute it.


Yes I noticed that the fmod .text segment is writeable. But even that doesn't help you because even fmod's own stack and heap would be in another page. You'd have to find a way to write to, and call, an arbitrary address. You could probably use the Warden memory reading function to find the base address of the fmod .text segment, though.

Edit: For general information, I think the way you'd have the highest chance of success to find something like this would be to look at the opcode handlers which write values to global variables offset by some parameter of the server's packet. For example MSG_RAID_TARGET_UPDATE, psuedo-code here:



```
int __stdcall Handler_MSG_RAID_TARGET_UPDATE(int _58, CDataStore *a2)
{
  CDataStore *v2; // [email protected]
  unsigned int v3; // [email protected]
  int v4; // [email protected]
  CGObject_C *v5; // [email protected]
  unsigned __int64 v6; // [email protected]
  CGObject_C *v7; // [email protected]
  int v8; // [email protected]
  CGObject_C *v9; // [email protected]
  int a1; // [sp+4h] [bp-4Ch]@2
  int a4[15]; // [sp+8h] [bp-48h]@3
  unsigned __int64 a3; // [sp+44h] [bp-Ch]@8
  char v14; // [sp+4Fh] [bp-1h]@1

  v2 = a2;
  CDataStore::Get8(a2, &v14);
  if ( v14 )
  {
    qmemcpy(&a1, &dword_B71368, 0x40u);
    memset(&dword_B71368, 0, 0x40u);
    v3 = 0;
    do
    {
      v4 = a4[2 * v3];
      if ( v4 | *(&a1 + 2 * v3) )
      {
        v5 = ClntObjMgrObjectPtr(
               8u,
               "E:\\build\\buildWoW\\WoW\\Source\\Ui\\RaidInfo.cpp",
               __PAIR__(v4, *(&a1 + 2 * v3)));
        if ( v5 )
          sub_608A90(v5);
      }
      ++v3;
    }
    while ( v3 < 8 );
  }
  while ( !v2->VMT->IsRead(v2) )
  {
    CDataStore::Get8(v2, (_BYTE *)&a2 + 3);
    CDataStore::Get64(v2, &a3);
    if ( BYTE3(a2) < 8u )
    {
      HIDWORD(v6) = *(&dword_B7136C + 2 * BYTE3(a2));
      LODWORD(v6) = *((_DWORD *)&dword_B71368 + 2 * BYTE3(a2));
      v7 = ClntObjMgrObjectPtr(8u, "E:\\build\\buildWoW\\WoW\\Source\\Ui\\RaidInfo.cpp", v6);
      v8 = BYTE3(a2);
      *((_DWORD *)&dword_B71368 + 2 * v8) = a3;
      *(&dword_B7136C + 2 * v8) = HIDWORD(a3);
      if ( v7 )
        sub_608A90(v7);
      v9 = ClntObjMgrObjectPtr(8u, "E:\\build\\buildWoW\\WoW\\Source\\Ui\\RaidInfo.cpp", a3);
      if ( v9 )
        sub_608A90(v9);
    }
  }
  FrameScript_SignalEvent(0x219u);
  return 1;
}
```

Now if that 8 bit parameter were a 32 bit parameter, you could write 8 bytes at a time to any address larger than 0xB7136C, which would solve half the problem.

----------


## DarkLinux

> "01000200A0772400F08724006084240030872400040000F03B30000001010010C0020001"


They use that string when initializing the warden module. The address comes out to be 0x2C010+wow.exe OsGetAsyncTimeMs (thx @danwins), 0x303BF0+wow.exe, 0x248730+wow.exe and 0x2487F0+wow.exe.

But when setting a bp the return address is never anything inside warden. 

I also have a bp on 0x006CA227 (aka Warden_Init) so I can set a bp on 0x31AC+warden. But it also never hits that bp. 

Any ideas?

--edit

@namreeb thx, all offsets are named (mangos_warden/WardenWin.cpp at master * tomrus88/mangos_warden * GitHub)

--edit

Looks like the module gets loaded in the character screen but does not call the init function until ingame...

----------


## namreeb

That string is just the hexadecimal form of the packet that is sent. You can compare it to something like this, for example: mangos_warden/WardenWin.cpp at master * tomrus88/mangos_warden * GitHub

----------


## Icesythe7

Didn't see jump posted anywhere that was working for me found it at 0x60DEA0 if anyone was intrested


```
int Jump()
{
	typedef int(__thiscall *fnJump)(WoWObject* Player, int a2);
	fnJump JumpThePlayer = (fnJump)wowAddr->Jump;
	JumpThePlayer(Player, 0);
	return 0;
}
```

----------


## mskc33

Is there any way to read the spells that are placed on the hotbar slots 0-12?

----------


## tutrakan

> Is there any way to read the spells that are placed on the hotbar slots 0-12?


CGActionBar::m_slotActions @ 0x00BC6980.

----------


## Icesythe7

So I was messing around with loot with the usual method of interacting with the object(0x60BEA0) and then calling autoloot, when after xrefing back a bit i noticed that the interact function itself calls InteractObj at 0x60BFE4 which in turn calls AutoLoot, so i followed the disasm and turns out arg 2 is set from LocalPlayer + 0x1D30 which when autolooting is 1, so if u just call 0x60BEA0 with a 1 instead of a 0 it interacts and autoloots instantly instead of having to call autoloot and check if window open etc XD code example 
P.S. works for skinning also



```
int InteractUnit(void *obj, int a1 = 0)
{
	typedef int(__thiscall *fnInteractUnit)(void *obj, int a1);
	fnInteractUnit InteractTheUnit = (fnInteractUnit)wowAddr->RightClickUnit; //0x60BEA0
	InteractTheUnit(obj, a1);
	return 0;
}
```

some crappy test code that works great  :Smile: 


```
for (WoWObject* obj : GetObjects())
				{
					if (obj->type == Type::Unit) 
					{
						if (obj->WoWObjectData->health == 0 && obj->WoWObjectData->hasLoot)
						{
							if (GetDistance(obj, Player) < 4 && !IsMoving())
							{
								isLooting = true;
								if (Player->WoWObjectData->comLoot != 0x408)
								{
									cout << endl << "Looting...";
									InteractUnit(obj, 1);
									cout << endl << "Looted!";
									Sleep(500);
									isLooting = false;
								}
							}
```

example gif
https://i.gyazo.com/414935c83fb2dfa1...e8d19bcf42.mp4

----------


## Ashoran

> Yes I noticed that the fmod .text segment is writeable. But even that doesn't help you because even fmod's own stack and heap would be in another page. You'd have to find a way to write to, and call, an arbitrary address. You could probably use the Warden memory reading function to find the base address of the fmod .text segment, though.
> 
> Edit: For general information, I think the way you'd have the highest chance of success to find something like this would be to look at the opcode handlers which write values to global variables offset by some parameter of the server's packet. For example MSG_RAID_TARGET_UPDATE, psuedo-code here:
> 
> 
> 
> ```
> int __stdcall Handler_MSG_RAID_TARGET_UPDATE(int _58, CDataStore *a2)
> {
> ...


the real Hackerman.

----------


## Natrist

Sorry for asking, but how do I retrieve a player's speed?
I've never used the object manager pls hlp

----------


## danwins

Player movement data cheat engine table:



```
<?xml version="1.0" encoding="utf-8"?>
<CheatTable CheatEngineTableVersion="18">
  <CheatEntries>
    <CheatEntry>
      <ID>0</ID>
      <Description>"ActivePlayer -&gt; MovementData"</Description>
      <LastState Value="00000000" Activated="0" RealAddress="0EAF09B0"/>
      <ShowAsHex>1</ShowAsHex>
      <Color>80000008</Color>
      <VariableType>4 Bytes</VariableType>
      <Address>00C7BCD4</Address>
      <Offsets>
        <Offset>0</Offset>
        <Offset>118</Offset>
        <Offset>28</Offset>
        <Offset>88</Offset>
      </Offsets>
      <CheatEntries>
        <CheatEntry>
          <ID>7</ID>
          <Description>"m_position.x"</Description>
          <LastState Value="-8948.804688" Activated="0" RealAddress="0EAF09C0"/>
          <Color>80000008</Color>
          <VariableType>Float</VariableType>
          <Address>+10</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>1</ID>
          <Description>"m_position.y"</Description>
          <LastState Value="-123.137001" Activated="0" RealAddress="0EAF09C4"/>
          <Color>80000008</Color>
          <VariableType>Float</VariableType>
          <Address>+14</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>2</ID>
          <Description>"m_position.z"</Description>
          <LastState Value="83.25884247" Activated="0" RealAddress="0EAF09C8"/>
          <Color>80000008</Color>
          <VariableType>Float</VariableType>
          <Address>+18</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>3</ID>
          <Description>"m_facing"</Description>
          <LastState Value="3.064624786" Activated="0" RealAddress="0EAF09CC"/>
          <Color>80000008</Color>
          <VariableType>Float</VariableType>
          <Address>+1C</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>33</ID>
          <Description>"m_pitch"</Description>
          <LastState Value="-0.3159046471" Activated="0" RealAddress="0EAF09D0"/>
          <Color>80000008</Color>
          <VariableType>Float</VariableType>
          <Address>+20</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>5</ID>
          <Description>"m_transportGUID"</Description>
          <LastState Value="0000000000000000" Activated="0" RealAddress="0EAF09E8"/>
          <ShowAsHex>1</ShowAsHex>
          <Color>80000008</Color>
          <VariableType>8 Bytes</VariableType>
          <Address>+38</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>6</ID>
          <Description>"m_moveFlags"</Description>
          <LastState Value="00000000" Activated="0" RealAddress="0EAF09F0"/>
          <ShowAsHex>1</ShowAsHex>
          <Color>80000008</Color>
          <VariableType>4 Bytes</VariableType>
          <Address>+40</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>8</ID>
          <Description>"m_anchorPosition.x"</Description>
          <LastState Value="-8948.804688" Activated="0" RealAddress="0EAF09F4"/>
          <Color>80000008</Color>
          <VariableType>Float</VariableType>
          <Address>+44</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>9</ID>
          <Description>"m_anchorPosition.y"</Description>
          <LastState Value="-123.137001" Activated="0" RealAddress="0EAF09F8"/>
          <Color>80000008</Color>
          <VariableType>Float</VariableType>
          <Address>+48</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>10</ID>
          <Description>"m_anchorPosition.z"</Description>
          <LastState Value="83.25884247" Activated="0" RealAddress="0EAF09FC"/>
          <Color>80000008</Color>
          <VariableType>Float</VariableType>
          <Address>+4C</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>11</ID>
          <Description>"m_anchorFacing"</Description>
          <LastState Value="3.064624786" Activated="0" RealAddress="0EAF0A00"/>
          <Color>80000008</Color>
          <VariableType>Float</VariableType>
          <Address>+50</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>12</ID>
          <Description>"m_anchorPitch"</Description>
          <LastState Value="-0.3159046471" Activated="0" RealAddress="0EAF0A04"/>
          <Color>80000008</Color>
          <VariableType>Float</VariableType>
          <Address>+54</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>13</ID>
          <Description>"m_moveStartTime"</Description>
          <LastState Value="00000000" Activated="0" RealAddress="0EAF0A08"/>
          <ShowAsHex>1</ShowAsHex>
          <Color>80000008</Color>
          <VariableType>4 Bytes</VariableType>
          <Address>+58</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>14</ID>
          <Description>"m_direction.x"</Description>
          <LastState Value="-0.9970394373" Activated="0" RealAddress="0EAF0A0C"/>
          <Color>80000008</Color>
          <VariableType>Float</VariableType>
          <Address>+5C</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>15</ID>
          <Description>"m_direction.y"</Description>
          <LastState Value="0.07689189911" Activated="0" RealAddress="0EAF0A10"/>
          <Color>80000008</Color>
          <VariableType>Float</VariableType>
          <Address>+60</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>16</ID>
          <Description>"m_direction.z"</Description>
          <LastState Value="0" Activated="0" RealAddress="0EAF0A14"/>
          <Color>80000008</Color>
          <VariableType>Float</VariableType>
          <Address>+64</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>17</ID>
          <Description>"m_direction2d.x"</Description>
          <LastState Value="-0.9970394373" Activated="0" RealAddress="0EAF0A18"/>
          <Color>80000008</Color>
          <VariableType>Float</VariableType>
          <Address>+68</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>18</ID>
          <Description>"m_direction2d.y"</Description>
          <LastState Value="0.07689189911" Activated="0" RealAddress="0EAF0A1C"/>
          <Color>80000008</Color>
          <VariableType>Float</VariableType>
          <Address>+6C</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>19</ID>
          <Description>"m_cosAnchorPitch"</Description>
          <LastState Value="1" Activated="0" RealAddress="0EAF0A20"/>
          <Color>80000008</Color>
          <VariableType>Float</VariableType>
          <Address>+70</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>20</ID>
          <Description>"m_sinAnchorPitch"</Description>
          <LastState Value="0" Activated="0" RealAddress="0EAF0A24"/>
          <Color>80000008</Color>
          <VariableType>Float</VariableType>
          <Address>+74</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>21</ID>
          <Description>"m_fallStartTime"</Description>
          <LastState Value="00000000" Activated="0" RealAddress="0EAF0A28"/>
          <ShowAsHex>1</ShowAsHex>
          <Color>80000008</Color>
          <VariableType>4 Bytes</VariableType>
          <Address>+78</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>22</ID>
          <Description>"m_fallStartElevation"</Description>
          <LastState Value="83.53119659" Activated="0" RealAddress="0EAF0A2C"/>
          <Color>80000008</Color>
          <VariableType>Float</VariableType>
          <Address>+7C</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>23</ID>
          <Description>"unk"</Description>
          <LastState Value="00000000" Activated="0" RealAddress="0EAF0A30"/>
          <ShowAsHex>1</ShowAsHex>
          <Color>80000008</Color>
          <VariableType>4 Bytes</VariableType>
          <Address>+80</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>24</ID>
          <Description>"m_currentSpeed"</Description>
          <LastState Value="0" Activated="0" RealAddress="0EAF0A34"/>
          <Color>80000008</Color>
          <VariableType>Float</VariableType>
          <Address>+84</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>25</ID>
          <Description>"m_walkSpeed"</Description>
          <LastState Value="2.5" Activated="0" RealAddress="0EAF0A38"/>
          <Color>80000008</Color>
          <VariableType>Float</VariableType>
          <Address>+88</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>26</ID>
          <Description>"m_runSpeed"</Description>
          <LastState Value="7" Activated="0" RealAddress="0EAF0A3C"/>
          <Color>80000008</Color>
          <VariableType>Float</VariableType>
          <Address>+8C</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>27</ID>
          <Description>"m_unkSpeed1"</Description>
          <LastState Value="4.5" Activated="0" RealAddress="0EAF0A40"/>
          <Color>80000008</Color>
          <VariableType>Float</VariableType>
          <Address>+90</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>28</ID>
          <Description>"m_swimSpeed"</Description>
          <LastState Value="4.722221851" Activated="0" RealAddress="0EAF0A44"/>
          <Color>80000008</Color>
          <VariableType>Float</VariableType>
          <Address>+94</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>29</ID>
          <Description>"m_unkSpeed2"</Description>
          <LastState Value="2.5" Activated="0" RealAddress="0EAF0A48"/>
          <Color>80000008</Color>
          <VariableType>Float</VariableType>
          <Address>+98</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>30</ID>
          <Description>"m_turnRate"</Description>
          <LastState Value="3.141593933" Activated="0" RealAddress="0EAF0A4C"/>
          <Color>80000008</Color>
          <VariableType>Float</VariableType>
          <Address>+9C</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>31</ID>
          <Description>"m_jumpsomething"</Description>
          <LastState Value="0" Activated="0" RealAddress="0EAF0A50"/>
          <Color>80000008</Color>
          <VariableType>Float</VariableType>
          <Address>+A0</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>32</ID>
          <Description>"unk"</Description>
          <LastState Value="0" Activated="0" RealAddress="0EAF0A54"/>
          <Color>80000008</Color>
          <VariableType>Float</VariableType>
          <Address>+A4</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>34</ID>
          <Description>"some_timestamp"</Description>
          <LastState Value="0D9C6C41" Activated="0" RealAddress="0EAF0A58"/>
          <ShowAsHex>1</ShowAsHex>
          <Color>80000008</Color>
          <VariableType>4 Bytes</VariableType>
          <Address>+A8</Address>
        </CheatEntry>
      </CheatEntries>
    </CheatEntry>
  </CheatEntries>
  <UserdefinedSymbols/>
</CheatTable>
```

----------


## Natrist

Thanks a lot. I'll post my C++ functions and the structure for the data if anyone wants the easy way  :Smile:

----------


## danwins

I hope you are aware that most of this is useless if your planning on doing speed hacks.

Most servers are capable of detecting changes to these values, nost/elysium scans the offsets directly, kronos doesn't scan them but still detects speed changes server side.

----------


## Natrist

Yes, I know. I'm just registering my own script functions for an AddOn I'm writing and I wanted to get the current speed of my character.

----------


## hates_sundays

How can I append something to name plates on the client side? Is there a function to do so, or a structure/offset I can modify?

----------


## namreeb

> How can I append something to name plates on the client side? Is there a function to do so, or a structure/offset I can modify?


By 'something' I assume you mean some text appended to the end of the unit name? If I were going to do this, I would probably find the call to CGObject_C::GetName() which is made for purposes of the name plates, and replace that call with a call to my function. This function would in turn call CGObject_C::GetName(), and then do whatever post-processing (i.e. appending) is desired.

----------


## djanius

Guys, tell me please, how to check whether player is in combat? In advance many thanks!

----------


## RobertoSageto

> Guys, tell me please, how to check whether player is in combat? In advance many thanks!


You're going to want to use the "*Search Thread*" on this thread feature for better answers than mine but briefly:
Get your unit's base address from object managerCombat status can be checked via movement flags or unit flags, but unit flags are what I will use for this example.Unit Flags are a descriptor, so we will now break our code down into the following steps:


```

<?
// this is pseudo-code
// where $wow_unit_base_address is the base address of the unit whose combat status we are checking...
 // wow unit offset to descriptor ptr
$descriptor_offset = 0x8
// offset to unit flags from descriptor base address
$unit_field_unit_flags_offset = 0xB8
 // we will compare this combat flag using a bitwise operation to the value we read from the unit flags descriptor
$in_combat_flag_mask = 0x80000
 $descriptor_base_address = MemoryRead($wow_unit_base_address + $descriptor_offset, "dword")
$unit_flags = MemoryRead($descriptor_base_address + $unit_field_unit_flags_offset, "dword")
 // $unit_flags will now contain the unit's flag data in a mask format, eg. 0x00080038
// 0x00080038 as an example is a hunter pet in combat, 0x30 = hunter pet, 0x8 = player or pet, 0x80000 = in combat
 // bitwise comparison to see the combat flag exists
If BitAnd($unit_flags, $in_combat_flag_mask) = $in_combat_flag_mask{
    // unit is in combat
    // do action
    //
} else {
    // unit is not in combat
    // do action
    //
}

```

----------


## flawblure

Hi I posted a thread about this but this is probably the correct place.... I am just starting to reverse the 1.12.1 client


I've been trying to do the most basic thing I could think of - logging in via the client:

I've tried two methods of logging in, I've tried to call the DefaultServerLogin method at 0046D160 and also tried to call a method called by DefaultServerLogin that takes login/pass as arguments at 0046AFB0

When I call the nested method the function call works but all I see is the "Connecting" login box -- and when I try to call the top level DefaultServerLogin it doesnt recognize the GUI textboxes as valid....

0046D160


```
.text:0046D160 fn_DefaultServerLogin proc near         ; DATA XREF: .data:00837484o
.text:0046D160                 push    esi
.text:0046D161                 mov     edx, 1
.text:0046D166                 mov     esi, ecx
.text:0046D168                 call    sub_6F3510 // returns 1 during normal execution, but during injection returns 0
.text:0046D16D                 test    eax, eax
.text:0046D16F                 jz      short loc_46D1AA // during injection makes this jump and ends function prematurely
.text:0046D171                 mov     edx, 2
.text:0046D176                 mov     ecx, esi
.text:0046D178                 call    sub_6F3510 // returns 1 during normal execution, but during injection returns 0
.text:0046D17D                 test    eax, eax
.text:0046D17F                 jz      short loc_46D1AA // during injection never makes it to this jump
.text:0046D181                 push    edi
.text:0046D182                 mov     edx, 2          ; ID of GUI textbox
.text:0046D187                 mov     ecx, esi        ; base address
.text:0046D189                 call    fn_WoW_GetGUIData
.text:0046D18E                 mov     edx, 1          ; ID of GUI textbox
.text:0046D193                 mov     ecx, esi        ; base address
.text:0046D195                 mov     edi, eax        ; password
.text:0046D197                 call    fn_WoW_GetGUIData
.text:0046D19C                 mov     edx, edi        ; password
.text:0046D19E                 mov     ecx, eax        ; username
.text:0046D1A0                 call    fn_DefaultServerLogin_Validate
.text:0046D1A5                 pop     edi
.text:0046D1A6                 xor     eax, eax
.text:0046D1A8                 pop     esi
.text:0046D1A9                 retn
.text:0046D1AA ; ---------------------------------------------------------------------------
.text:0046D1AA
.text:0046D1AA loc_46D1AA:                             ; CODE XREF: fn_DefaultServerLogin+Fj
.text:0046D1AA                                         ; fn_DefaultServerLogin+1Fj
.text:0046D1AA                 push    offset aUsageDefaultse ; "Usage: DefaultServerLogin(\"accountName"...
.text:0046D1AF                 push    esi
.text:0046D1B0                 call    sub_6F4940
.text:0046D1B0 fn_DefaultServerLogin endp
```

Here's my code:



```
// VanillaDll.cpp : Defines the exported functions for the DLL application.
//
#include "stdafx.h"
#include "Console.h"
#include <ctime>
#include <iostream>
#include <stdio.h>
#include <sstream>
#include <iomanip>
#include "Utils.h"
 
namespace Vanilla {
 
    typedef int(__thiscall *ppLogin)(char *login, char *pass); ppLogin pLogin = NULL;
    typedef int(__thiscall *ppDefaultLoginValidate)(char *login, char *pass); ppDefaultLoginValidate pValidate = NULL;
    typedef int(__thiscall *ppDefaultLogin)(DWORD ecx); ppDefaultLogin pDefaultLogin = NULL;
   
    typedef int(__stdcall *ppGetFuncPtrBase)(); ppGetFuncPtrBase pGetFuncPtrBase = NULL;
   
    unsigned int __stdcall GETPTRBASE() {
        return pGetFuncPtrBase();
    }
 
    void __fastcall DefaultServerLogin() {
        DWORD ecx = pGetFuncPtrBase();
        pDefaultLogin(ecx);
    }
 
    void DefaultLogin(char* login, char* pass) {
        unsigned int address;
        //__asm mov edx, pass;
 
        __asm call GETPTRBASE;
        __asm mov address, eax;
 
        std::stringstream ss;
        ss << std::hex << address;
        std::string addressStr = ss.str();
        Utils::Log("Address is 0x%s", addressStr.c_str());
 
        __asm call pGetFuncPtrBase;
        __asm mov esi, eax;
        __asm mov edx, pass;
        pValidate(login, pass);
    }
 
    bool Attach(HINSTANCE DLL, VOID* Reserved) {
 
        Console::RedirectIOToConsole();
        Utils::Log("Hello were logging now....");
       
        //int(*hLogin)(char*,char*);
        pLogin = (ppLogin)0x005AB4B0;
        pDefaultLogin = (ppDefaultLogin)0x0046D160;
        pValidate = (ppDefaultLoginValidate)0x0046AFB0;
        pGetFuncPtrBase = (ppGetFuncPtrBase)0x007040D0;
        Utils::Log("Typedef set hook ready");
        Utils::Log("Calling login at address 0x0046AFB0");
        DefaultServerLogin();
        //pLogin("user", "pass");
        //DefaultLogin("user","pass");
        Utils::Log("Hook called");
 
        return true;
    }
 
    bool Detach() {
        return true;
    }
 
}
```


Calling 0046D160 should attempt to login with the current text contained in memory (expecting to get a "Enter a username" popup), but it simply gives me the invalid default info jump. One thing I notice is that naturally the method gets called from this method 006F6050

This looks to me like a function ptr handler and checks if the ptr is pointing to a valid function within the binaries .text segment but it's at this point I start to really hit trouble.

----------


## Marikafka

Hey! 

I'm trying to figure out how to work with Bit Slicer (memory editing tool for mac) to make simple cheat, however I can't manage to work any manually added address.
If i'm searching through changable value - it's fine. But i'm trying to figure out how to make a speedhack, for instance.. 

Base (wow.exe) + 0x0087BCD4 + 0x88 + 0x28 - this is what i found for player base, however how can I add it to bitslicer?
I've tried like [0x0087BCD4] + 0x88 + 0x28 because seems like [] brackets makes address as a pointer, but no success.

Any one have been using Bit Slicer?

----------


## hamgaacaan

Hello, just seeking a bit of information on converting a 3D point to a point on the screen.
When looking at recreating a World to Screen function, I found this.

World to screen
Specifically, the post that shows you can use an existing function for this.


```
0087202D                         CGWorldFrame__GetScreenCoordinates
```

The offset is for 7.1.0.22996, a client that I don't have and wouldn't know how to acquire to try and get a function signature.

Anybody found this in 1.12.1.5875? Had a search around the forums and the 1.12.1 binary, it's been proving to be a pain for me to find. Does that exact function date back this far? Should I bother, or just recreate World to Screen from reading memory?

Many thanks.

----------


## Jadd

> Anybody found this in 1.12.1.5875? Had a search around the forums and the 1.12.1 binary, it's been proving to be a pain for me to find. Does that exact function date back this far? Should I bother, or just recreate World to Screen from reading memory?
> 
> Many thanks.


It exists in the 1.0.0 binary/pdb so it most likely exists in 1.12.1 too.

----------


## culino2

> Hello, just seeking a bit of information on converting a 3D point to a point on the screen.
> When looking at recreating a World to Screen function, I found this.
> 
> World to screen
> Specifically, the post that shows you can use an existing function for this.
> 
> 
> ```
> 0087202D                         CGWorldFrame__GetScreenCoordinates
> ...


Haven't checked, just found it named in my idb:
00483EE0

----------


## badusername1234

Can anyone confirm or deny that the client is able to send hardware id information to the server? I haven't found anything to suggest that in IDA yet but maybe someone here has found something.

----------


## namreeb

There are a few cases where it can. If you submit a bug report it does. Also if the login server requests a hardware survey and streams an mpq to you with the module to run it.

----------


## RobertoSageto

*Edit:* Nevermind, found it. My apologies... I actually found this offset earlier through CE debugger but somehow managed to muck up my notes or something... not sure, so just a simple mistake costing me a lot of extra time.
Oh well  :Smile: .

For 1.12.1, to get a player's experience points, read 0xB30 from descriptor base to get current amount and 0xB34 to get total amount (the amount needed to advance to the next level). Once you reach lv60 or max level 0xB34 should = 0.
Thanks guys.

----------


## asdfx123

Anyone could help me out with pet stuff?
I am searching a function like GetActivePetPtr() or something like that.

Was looking at GetPetHappiness located at 0x004be900 which calls:
call WoW.exe+68460 to get the active pet ptr, seems like it is fastcall? and takes two parameters, not sure tho
any help is much appreciated  :Wink:

----------


## danwins

> Anyone could help me out with pet stuff?
> I am searching a function like GetActivePetPtr() or something like that.
> 
> Was looking at GetPetHappiness located at 0x004be900 which calls:
> call WoW.exe+68460 to get the active pet ptr, seems like it is fastcall? and takes two parameters, not sure tho
> any help is much appreciated


just enumerate through the object list looking for the owner guid descriptor matching the players guid.

edit: alternatively, it looks like it may store the pet guid @ 0x00B714A0 ( i cant confirm tho, as i have no pet class to test on 1.12.1 )

----------


## asdfx123

> just enumerate through the object list looking for the owner guid descriptor matching the players guid.
> 
> edit: alternatively, it looks like it may store the pet guid @ 0x00B714A0 ( i cant confirm tho, as i have no pet class to test on 1.12.1 )


just tested it, can confirm this, damn how dumb i am not looking into the guid... lolz my bad

[edit]
thx for ur help  :Wink:

----------


## NitroGlycerine

Does anyone know if you can retrieve the GUID of caster of a debuff in 1.12?

The lua function UnitDebuff does not retrieve it (was only added in 2.0 I think), but is it somewhere in the memory?

----------


## larcerkev

Does anyone know why I might be crashing when I'm calling the interact with object function?

I'm calling it remotely by making a code cave like so:




```
WoW.exe+034F - push 00 { 0 }
WoW.exe+0351 - mov ecx,OBJECTPTR
WoW.exe+0356 - call WoW.exe+1F8660
WoW.exe+035B - ret
```

I write the cave and address each time I call my interact function and then start a remote thread.



```
VirtualProtectEx(currentProcess, (LPVOID)(caveLocation), 20, 0x40, &prevAccessProtection); // Remove protection of the section of memory.
WriteProcessMemory(currentProcess, LPVOID(caveLocation), cave, sizeof(cave), NULL);
WriteProcessMemory(currentProcess, LPVOID(pointerLocation), &object.addressStart, sizeof(object.addressStart), NULL);

HANDLE hThread = CreateRemoteThread(currentProcess, 0, 0, (LPTHREAD_START_ROUTINE)caveLocation, 0, 0, 0);
//close thread handle
CloseHandle(hThread);
```

This appears to crash about 50% of the time, and then the other 50% it seems to work without a problem.

Edit: Been at this constantly for about 12 hours, and not sure why but I keep seeing errors like "0xC0000005 (ACCESS_VIOLATION) at 0023:0064B3FD" where the ending address there changes between 2-4 different locations each time. Am I supposed to be calling the function only at a certain point which would require me to be internal?

----------


## culino2

> This appears to crash about 50% of the time, and then the other 50% it seems to work without a problem.


It's a thread problem, you have to call it within WoW's main-thread.

----------


## larcerkev

Hmm, as someone still semi new to function calling would you be willing to give me a bit more of a hint how I would go about doing this? Can I even do it externally (I have a feeling I will have to inject for this now.)

Edit: I found something that someone posted for hooking the window and calling a function within that thread. Think I found the right place. Thanks for the hint.

----------


## namreeb

> Does anyone know if you can retrieve the GUID of caster of a debuff in 1.12?
> 
> The lua function UnitDebuff does not retrieve it (was only added in 2.0 I think), but is it somewhere in the memory?


I don't think it is. You can sometimes infer it from the combat log (because the caster of the aura is part of a damaging log, for example), but this is not always possible.

----------


## mskc33

Is there a static location to get the local player's XP / XP-Required values?

At the moment I am using Lua's DoString to call UnitXP('player') and UnitXPMax('player'), but is there a better way?

----------


## namreeb

> Is there a static location to get the local player's XP / XP-Required values?
> 
> At the moment I am using Lua's DoString to call UnitXP('player') and UnitXPMax('player'), but is there a better way?


There is a better way, but I don't think there is a static location. The better way is to find the local player object, and read the descriptors for current and max xp.

----------


## mskc33

Thanks for your help!

// Edit: Used the wrong offsets, doh!

----------


## larcerkev

Has anyone found a way to read what level you're at in a profession?

Edit: I found a method, it's near the region of my player's coords and other info.

----------


## RobertoSageto

Hey guys... looking for some help for anyone who knows if there is an offset for checking local player's auto-attack status or an equivalent?

For example I'm using C_getRepeatingSpell @ 0xCEAC30 to see when local player is using Auto Shot (id 75) or Wanding aka Shoot (id 5019) but it doesn't indicate Auto Attack (spell id 6603 according to Auto Attack - Spell - World of Warcraft).

Any help or suggestions would be greatly unappreciated. Unfortunately I don't have IDA and I wasn't able to download the WoW Alpha DB from the stickied thread because the link is broken.

Usually I use CE but scanning has failed me as well in this regard. 

Thanks in advance!
*
EDIT:* After taking a break to watch some trailer park boys I got back to it and thanks to CE and a hell of a lot of scanning I found:
Player Base Address + Offset 0xC48 = GUID of Auto-Attack Target

So this only shows a guid at that address if you are actively attempting to Attack (spell id 6603) aka Auto-Attack in retail WoW a mob.
Pretty useful and close-enough to what I was looking for to get the job done. 

If anyone else knows a better location in the game/CVAR/LUA Funcs I would love to learn of those too. Thanks.

----------


## everytimer

I'm trying to call a simple Function via asm (ClearTarget in my case). The issue is that I don't know the signature of that function (parameters to pass) and every single combination seems to crash WoW. I've been debugging and trying to understand what each operation does and what it calls but still haven't managed to make it. 

Code:




> string[] asm = {
> //"push, 0",
> //"mov eax, 0"
> "call " + (uint)Offsets.Functions.CGGameUI__ClearTarget, // 0x493910
> "retn"
> };


Note: this is for learning purposes, I have selected the easiest function that I might expect, to clear target, and I assumed that it takes no parameters, but I must be wrong because it results into a crash.

----------


## culino2

> I'm trying to call a simple Function via asm (ClearTarget in my case). The issue is that I don't know the signature of that function (parameters to pass) and every single combination seems to crash WoW. I've been debugging and trying to understand what each operation does and what it calls but still haven't managed to make it. 
> 
> Code:
> 
> 
> 
> Note: this is for learning purposes, I have selected the easiest function that I might expect, to clear target, and I assumed that it takes no parameters, but I must be wrong because it results into a crash.


try

push 0
push 0
mov ecx, 1

----------


## everytimer

Unfortunately this is not interterpreted corectly by the asm compiler: "Assembly failed! Error code: -109; Error Line: 2" (why is that anyway). I've also tried every permutation of your suggestion with no success.

----------


## uzzy13u

> I'm trying to call a simple Function via asm (ClearTarget in my case). The issue is that I don't know the signature of that function (parameters to pass)


hi everytimer  :Smile:  
right now i m trying to learn similar thing like you, so i think this is a good start for us :P
Tutorial Calling Conventions, and why you need to know them!

----------


## culino2

> Unfortunately this is not interterpreted corectly by the asm compiler: "Assembly failed! Error code: -109; Error Line: 2" (why is that anyway). I've also tried every permutation of your suggestion with no success.


It was just plain asm code, nothing to copy paste and hey it compiles... Did you added the quotes and of course the call, retn at the end?

----------


## everytimer

Got it working (my bad, some comma). I've PMd you about some syntax that is not related to this thread.

----------


## everytimer

MouseOver SpellID 0xB4B3C4 -> 0x39C

----------


## newfag

would anyone be so kind as to provide me with any pointers (pun intended) to the 1.12.1 sessionkey?

----------


## namreeb

> would anyone be so kind as to provide me with any pointers (pun intended) to the 1.12.1 sessionkey?


Look at this for session and auth related info: GitHub - namreeb/wowned: Authentication bypass for outdated WoW emulation authentication servers

Specifically: wowned/misc.hpp at master * namreeb/wowned * GitHub

----------


## danwins

> would anyone be so kind as to provide me with any pointers (pun intended) to the 1.12.1 sessionkey?


are you talking about this?



offsets:



```
00C28114  g_clientConnection
```

structs:



```
struct NetClient
{
  NetClientVMT *vmt;
  LoginData m_loginData;
  int m_netState;
  int (__fastcall *m_handlers[828])(void *, NETMESSAGE, unsigned int, CDataStore *);
  void *m_handlerParams[828];
  int m_netEventQueue;
  WowConnection *m_serverConnection;
  int m_refCount;
  int m_deleteMe;
  int m_pingSent;
  int m_pingSequence;
  int m_latency[16];
  int m_latencyStart;
  int m_latencyEnd;
  int m_bytesSent;
  int m_bytesReceived;
  int m_connectedTimestamp;
};
```



```
struct LoginData
{
  char m_account[64];
  int m_loginServerId;
  char m_sessionKey[40];
};
```

----------


## newfag

> Look at this for session and auth related info: GitHub - namreeb/wowned: Authentication bypass for outdated WoW emulation authentication servers
> 
> Specifically: wowned/misc.hpp at master * namreeb/wowned * GitHub


excellent, thank you!




> are you talking about this?
> 
> 
> 
> offsets:
> 
> 
> 
> ```
> ...


thanks very much!

----------


## newfag

so i just spent the better part of the last three days learning assembly/disassembly and tons of other stuff.

this post is paying it forward to the next guy - who like me two weeks ago - is looking into fidgeting with wow/vanilla on linux / bsd through means of wine and shared object preloading.

the following is a minimal, jet complete and self contained example of a chat dump functionality written in C.

it works by linking (preloading) wine with a custom 'recvmsg' function which calls the 'recvmsg' libc function and then decrypts and interprets the packet.
like this: wow.exe -> wine -> chatdump.so -> libc -> kernel

compile:


```
gcc -m32 -Wall -g -shared -fPIC -D_GNU_SOURCE chatdump.c -o chatdump.so
```

run:


```
LD_PRELOAD="$PWD/chatdump.so" wine $WOWPATH/WoW.exe 2> /dev/null
```

output:


```
[world] [00079045]:  Tank LFG, ubrs, or dm w 
[world] [000e31e7]:  LFG BFD 
[world] [0008ee3c]:  LF tank ulda
[world] [000e31e7]:  LF3M BFD tank healer and dps
[world] [000e31e7]:  LFM BFD need tank
[Trade - City] [00065101]:  no enchanters?
```

source: [chatdump.c]


```
#include <dlfcn.h>
#include <stdint.h>
#include <stdio.h>
#include <string.h>
#include <sys/socket.h>

#define SMSG_MESSAGECHAT 0x096
#define CHAT_MSG_CHANNEL 0x0e

typedef struct {
	uint8_t pad_120[0x120];
	uint8_t cryptavailable; // 0x120
	uint8_t pad_124[0x3];
	uint8_t sessionkey_i;	// 0x124
	uint8_t sessionkey_j;	// 0x125
	uint8_t opcodelen;  // 0x126
	uint8_t sessionkey_size;  // 0x127
	uint8_t *sessionkey_base; // 0x128
} serverconnection_t;

typedef struct {
	uint8_t pad_1a58[0x1a58];
	serverconnection_t *serverconnection; // 0x1a58
} netclient_t;

typedef struct {
	uint8_t pad_c28114[0xc28114];
	netclient_t *netclient; // 0x00c28114
} wow_t;

wow_t *wow = (wow_t *)0x00000000;

void decrypt(uint8_t *data, int length)
{
	uint8_t i = wow->netclient->serverconnection->sessionkey_i;
	uint8_t j = wow->netclient->serverconnection->sessionkey_j;
	uint8_t size = wow->netclient->serverconnection->sessionkey_size;
	uint8_t *key = wow->netclient->serverconnection->sessionkey_base;

	while (length--) {
		uint8_t v = (uint8_t)((*data - j) ^ key[i++]);
		j = *data;
		*data++ = v;
		i %= size;
	}
}

ssize_t recvmsg(int sockfd, struct msghdr *msg, int flags)
{
	ssize_t (*_recvmsg)(int sockfd, struct msghdr *msg, int flags);
	_recvmsg = dlsym(RTLD_NEXT, "recvmsg");
	ssize_t retval = (*_recvmsg)(sockfd, msg, flags);

	if (retval <= 2 || sockfd < 50 || wow->netclient == NULL ||
	    wow->netclient->serverconnection == NULL ||
	    wow->netclient->serverconnection->cryptavailable == 0)
		return retval;

	static uint32_t bytesread = 0;
	uint8_t *base = ((uint8_t *)msg->msg_iov->iov_base) - bytesread;
	uint8_t opcodelen = wow->netclient->serverconnection->opcodelen;

	uint16_t opcode = *((uint16_t *)base);
	if (bytesread == 0) {
		decrypt((uint8_t *)&opcode, opcodelen);
	}

	switch (opcode) {
	case SMSG_MESSAGECHAT:
		if (*((uint8_t *)(base + 2)) == CHAT_MSG_CHANNEL) {
			printf(
			    "[%s] [%08llx]:  %s\n", (char *)(base + 7),
			    *(uint64_t *)(base + 7 +
					  strlen((char *)(base + 7)) + 1 + 0x4),
			    (char *)(base + 7 + strlen((char *)(base + 7)) + 1 +
				     0x10));
		}
	}

	bytesread = 0;
	return retval;
}
```

----------


## newfag

anybody got an offset to the function which resolves a guids name?

----------


## karliky

Got working Spectate mode on WoW 1.12 - it wasn't available until 2.x -



This is the url of the project in case anyone is interested Bugcraft Studio

----------


## alwaysLate..

anyone wanna help me with dostring currently it crashes but i have seen it done this way in several other bots. 

i am calling it in a codecave when the thread is paused

Globals.Magic.Asm.AddLine("mov edx, 0");
Globals.Magic.Asm.AddLine("mov ecx, " + codecave);
Globals.Magic.Asm.AddLine("call " + 0x00704CD0);
Globals.Magic.Asm.AddLine("retn");

when done like this it occasionally crashes always unable to read mem at 006F876A

also sometimes there are weird errors like other lua functions bugging out im thinking some paramater is wrong.

----------


## tutrakan

Because you have to do these calls from the main thread (a.k.a. end scene).
As a safety check, the best thing you can do, is to verify every time before these calls if the local player is not zero:

```
var pGuid = Globals.Magic.ReadUInt64(Globals.Magic.ReadUInt(0x00B41414) + 0xC0);
var low = (uint)(pGuid & 0xFFFFFFFF);
var high = (uint)((pGuid >> 32) & 0xFFFFFFFF);
var localPlayerPtr = 0;
		
"push, 0"                       //source code line used for debugging
"push " + high,                 //local player's GUID ...
"push " + low,                  //... passed as 2 x 32 bit
"mov ecx, 0x10",                //typemask, 0x10 = player       
"call 0x00468460",              //ClntObjMgrObjectPtr(TypeMask typeMask, const char *fileName, __int64 guid, const int line)
"mov eax, [" + localPlayerPtr + "]",
"retn",
```

----------


## alwaysLate..

to check if player exists i just read a byte at 0xB4B424 if its nonzero hes ingame 

but how do i do endscene what thread is that 

im using blackmagic would it be 

magic.mainmodule.baseaddr ?

i think im already doing that because i do : magic.SuspendThread and the game freezes..

----------


## tutrakan

> to check if player exists i just read a byte at 0xB4B424 if its nonzero hes ingame ...


That's wrong.
And please, open a new thread for such basic questions, or even better: use the search options or google before asking here  :Embarrassment: 

P.S Practically, what we all do is to hook the wow client while it graphically render it's stuff. In that moment we are called from the game painting callback and we suppose that all objects are set up. That callback occurs about every 10 ms. Please, somebody correct me if i say nonsense.

----------


## schiebung

Hey can someone provide me the ChatBufferStart and NextMessage offset/address?

----------


## RivaLfr

Hello, 
chatBufferStart = 0xB50580
NextMessage = 0x800
chatBufferPos = 0xB6E5D4

----------


## thebad.cb

correct sendpacket?

Vanilla


Delphi code


```
 
  g_clientConnection        = $00C28114;
  g_clientConnection_Offset = $40;
  ClientConnection__SendPacket = $005379A0;

Procedure Sendpacket(buffer: Array of Byte);
begin
  asm
        MOV EDX, buffer
        PUSH EDX
        MOV ECX, g_clientConnection
        MOV EAX, ClientConnection__SendPacket
        CALL EAX
  end;
end;
```


what is the base address?

----------


## culino2

> correct sendpacket?
> 
> Vanilla
> 
> 
> Delphi code
> 
> 
> ```
> ...


Correct SendPacket but invalid usage.


```
type
  PDataStore = ^TDataStore;
  TDataStore = packed record
    vTable  : Pointer;
    Buffer  : PByteArray; // or Pointer to avoid SysUtils unit
    Base    : Integer;
    Alloc   : Integer;
    Size    : Integer;
    Read    : Integer;
  end;

const
  ClientServices__Connection: function: Pointer = Pointer($005AB490);
  NetClient__Send: procedure(__eax, __edx, __this: Pointer; DataStore: PDataStore) = Pointer($005379A0);

procedure SendPacket(const Data; Length: Integer);
var
  DS: TDataStore;
begin
  DS.vTable := nil;
  DS.Buffer := @Data;
  DS.Size := Length;
  DS.Alloc := $1000;
  DS.Read := 0;
  DS.Base := 0;

  NetClient__Send(nil, nil, ClientServices__Connection(), @DS);
end;
```

Base is always the same pre cata.

----------


## thebad.cb

yGcw8bQ.jpg

I'm trying to make a hook on sendpacket


005379A0 55 PUSH EBP
005379A1 8BEC MOV EBP,ESP
005379A3 56 PUSH ESI
005379A4 8BF1 MOV ESI,ECX
005379A6 837E 70 06 CMP DWORD PTR DS:[ESI+70],6
005379AA 57 PUSH EDI
005379AB 75 78 JNZ SHORT errorRep.00537A25
005379AD 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
005379B0 8B78 10 MOV EDI,DWORD PTR DS:[EAX+10]
005379B3 2B78 14 SUB EDI,DWORD PTR DS:[EAX+14]
005379B6 74 6D JE SHORT errorRep.00537A25
005379B8 8B8E 581A0000 MOV ECX,DWORD PTR DS:[ESI+1A58]
005379BE 6A 00 PUSH 0
005379C0 50 PUSH EAX
005379C1 E8 6ADC0700 CALL errorRep.005B5630
005379C6 013D 5CD4C000 ADD DWORD PTR DS:[C0D45C],EDI
005379CC 8B96 B41A0000 MOV EDX,DWORD PTR DS:[ESI+1AB4]
005379D2 8B86 581A0000 MOV EAX,DWORD PTR DS:[ESI+1A58]
005379D8 03D7 ADD EDX,EDI
005379DA 8996 B41A0000 MOV DWORD PTR DS:[ESI+1AB4],EDX
005379E0 8A88 20010000 MOV CL,BYTE PTR DS:[EAX+120]
005379E6 84C9 TEST CL,CL
005379E8 75 3B JNZ SHORT errorRep.00537A25  <<<<<
005379EA 8BCE MOV ECX,ESI
005379EC E8 5F000000 CALL errorRep.00537A50
005379F1 8B8E 581A0000 MOV ECX,DWORD PTR DS:[ESI+1A58]
005379F7 8981 28010000 MOV DWORD PTR DS:[ECX+128],EAX
005379FD C681 27010000 28 MOV BYTE PTR DS:[ECX+127],28
00537A04 8B86 581A0000 MOV EAX,DWORD PTR DS:[ESI+1A58]
00537A0A C680 23010000 04 MOV BYTE PTR DS:[EAX+123],4
00537A11 C680 26010000 02 MOV BYTE PTR DS:[EAX+126],2
00537A18 8B8E 581A0000 MOV ECX,DWORD PTR DS:[ESI+1A58]
00537A1E 6A 01 PUSH 1
00537A20 E8 9BF90700 CALL errorRep.005B73C0
00537A25 5F POP EDI
00537A26 5E POP ESI
00537A27 5D POP EBP
00537A28 C2 0400 RETN 4


procedure SetJMP(Func:Pointer; Addr: DWORD);
Var
RET: DWORD;
begin
VirtualProtect(ptr(Addr), 10, PAGE_EXECUTE_READWRITE, Ret);
asm
mov eax, Func
mov ecx, Addr
sub eax, ecx
sub eax, 05h
mov dword ptr ds:[ecx], 0E9h //
mov dword ptr ds:[ecx+1], eax
end;
VirtualProtect(ptr(Addr), 10, Ret, Ret);
end;

----------


## culino2

> Attachment 56686
> 
> I'm trying to make a hook on sendpacket
> 
> ...


What you're trying may be good for learning purposes, but there's a great library for delphi:
GitHub - MahdiSafsafi/delphi-detours-library: Delphi Detours Library



```
var
  o_NetClient__Send: procedure(__eax, __edx, __this: Pointer; DataStore: PDataStore);

procedure hook_NetClient__Send(__eax, __edx, __this: Pointer; DataStore: PDataStore);
var
  i: Integer;
  sBuffer: String;
begin
  for i := 0 to DataStore^.Size -1 do
  begin
    sBuffer := sBuffer + IntToHex(DataStore^.Buffer[i], 2) + ' ';
  end;

  { do something with the log... }

  // call original function
  o_NetClient__Send(nil, nil, __this, DataStore);
end;

procedure InstallDetours();
begin
  BeginHooks();
  @o_NetClient__Send := InterceptCreate(Pointer($005379A0), @hook_NetClient__Send);
  EndHooks();
end;
```

edit: Regarding to your edit in the post below, you don't need to use asm to call msfastcall, you could also abuse delphi's calling convention for this. Just use AnsiString/PAnsiChar ;)

----------


## thebad.cb

> What you're trying may be good for learning purposes, but there's a great library for delphi:
> GitHub - MahdiSafsafi/delphi-detours-library: Delphi Detours Library
> 
> 
> 
> ```
> var
>   o_NetClient__Send: procedure(__eax, __edx, __this: Pointer; DataStore: PDataStore);
> 
> ...


tanks

https://i.imgur.com/NtLiupC.jpg 


now it made it much easier to capture the packages





procedure ExecuteScript(CMD: String);
Var
Buffer: Array of byte;
begin
setLength(Buffer,Length(cmd));
MOve(POINTER(TEncoding.UTF8.GetBytes(CMD))^ ,Buffer[0],Length(cmd));
asm
mov eax, 0
mov ecx, buffer
mov edx, buffer
call FrameScript__Execute
end; //CastSpellByName("Lesser Heal")
//CastSpellByName("Faerie Fire (Feral)()");
end;

----------


## Logon

Does anyone have any memory addresses or information about the auction house?
looked around in the PDB and in this thread but it seems most people don't care about the AH!

----------


## namreeb

```
enum WorldEnables
{
    TerrainDoodads                  = 0x1,
    Terrain                         = 0x2,
    TerrainLOD                      = 0x4,
    TerrainCulling                  = 0x20,
    TerrainShadows                  = 0x40,
    TerrainDoodadCollisionVisuals   = 0x80,
    MapObjects                      = 0x100,
    MapObjectLighting               = 0x200,
    FootPrints                      = 0x400,
    MapObjectTextures               = 0x800,
    PortalDisplay                   = 0x1000,
    PortalVisual                    = 0x2000,
    DisableDoodadFullAlpha          = 0x4000,
    DoodadAnimation                 = 0x8000,
    TriangleStrips                  = 0x10000,
    CrappyBatches                   = 0x20000,
    ZoneBoundaryVisuals             = 0x40000,
    BSPRender                       = 0x80000,
    DetailDoodads                   = 0x100000,
    ShowQuery                       = 0x200000,
    TerrainDoodadAABoxVisuals       = 0x400000,
    TrilinearFiltering              = 0x800000,
    Water                           = 0x1000000,
    WaterParticulates               = 0x2000000,
    TerrainLowDetail                = 0x4000000,
    Specular                        = 0x8000000,
    PixelShaders                    = 0x10000000,
    Unknown6737F9                   = 0x20000000,
    Unknown673820                   = 0x40000000,
    Anisotropic                     = 0x80000000,
};

static constexpr std::uint32_t CWorld__enables = 0xC7B2A4;
```

----------


## danwins

> ```
> enum WorldEnables
> {
>     TerrainDoodads                  = 0x1,
>     Terrain                         = 0x2,
>     TerrainLOD                      = 0x4,
>     TerrainCulling                  = 0x20,
>     TerrainShadows                  = 0x40,
>     TerrainDoodadCollisionVisuals   = 0x80,
> ...


last struct i had for this showed:



```
Unknown6737F9                   = 0x20000000,
Unknown673820                   = 0x40000000,
```

as Tris and Normals been awhile since i looked at this tho

----------


## uzzy13u

can anyone tell me please updateDisplayinfo address ?  :Smile:

----------


## DarkLinux

> can anyone tell me please updateDisplayinfo address ?


really...

[WoW] 1.12.1.5875 Info Dump Thread

----------


## namreeb

> can anyone tell me please updateDisplayinfo address ?


Just going to leave this here: Memory Editing Section Rules

----------


## DarkLinux

Running into a small problem, when I press ESC it looks to clear my loaded lua scripts (does not happen in TBC). Does anyone know what gets called when you press ESC? I would like to stop it from reloading or reload my scripts after it.

Was going to do a 1/2 ass fix but failed to even find the error window. 



I set a bp on the following but they never get triggered.



```
FrameScript_DisplayError 007040E0
CGGameUI__DisplayError 00496720
ErrorDisplayCallback 00402EE0
CGGameUI__AddErrorMessage 004945B0
luaL_error 006F4940 (danwins)
```

Was thinking it was related to the exit menu, because if you click the computer button or the ESC key it reloads, but if I target something and then hit ESC it reloads, clears the target but no menu.

-----

A little more info, so I'm calling dostring 1x for something like this,



```
function ESC_TEST()
	DEFAULT_CHAT_FRAME:AddMessage('ESC_TEST was called!');
end
```

after that, I can call ESC_TEST from all my other scripts/macros. ESC clears ESC_TEST so I can't call it anymore.

-----

danwins sent me this,


```
CGUIBindings::ExecCommand 004B7B50
```

found the string TOGGLEGAMEMENU leading to this,

Blizzard-WoW-Interface/UIParent.lua at d162a4c0d198a4381b5b6573d975635ed7316702 * MOUZU/Blizzard-WoW-Interface * GitHub
Blizzard-WoW-Interface/UIParent.lua at d162a4c0d198a4381b5b6573d975635ed7316702 * MOUZU/Blizzard-WoW-Interface * GitHub

but based off the if statement, each one would need to reload so it must be called before or after...

-----



```
lua_dofile  006F5700
```

Going to see if that will save the state vs calling dostring. Anyone know what folder the files need to be in?

-----



```
lua_State GetState()
{
	return (lua_State)*(DWORD*)(0x00CEEF74);
}

typedef int(FASTCALL *p_lua_dofile) (lua_State L, const char *filename);
p_lua_dofile lua_dofile = (p_lua_dofile)0x006F5700;

int DoFile(const char *filename)
{
	return lua_dofile(GetState(), filename);
}

DoFile("core\\menu.lua")
```

Loads my file but still gets cleared.


-----

fuck me...renamed my file/class and everything works... I guess wow uses the same name...

do not use,


```
menu.lua

menu = {
	--Setup
	isSetup = false
}

function menu:draw()
	DEFAULT_CHAT_FRAME:AddMessage('menu:draw loaded!');
end
```

----------


## DarkLinux

```
006F2F30 lua_checkstack
006F2F80 lua_xmove
006F3020 lua_atpanic
006F3030 lua_newthread
006F3080 lua_settop 
006F30D0 lua_remove
006F31A0 lua_insert
006F3350 lua_pushvalue
006F3400 lua_type 
006F3480 lua_typename
006F34A0 lua_iscfunction
006F3530 lua_isuserdata
006F3550 lua_rawequal
006F3590 lua_equal
006F35E0 lua_lessthan
006F3660 lua_toboolean
006F36E0 lua_strlen
006F3720 lua_tocfunction
006F3740 lua_touserdata
006F3770 lua_tothread
006F3790 lua_topointer
006F3840 lua_pushlstring
006F3920 lua_pushcclosure
006F3A20 lua_pushlightuserdata
006F3A40 lua_gettable
006F3B00 lua_rawget
006F3BC0 lua_rawgeti
006F3C90 lua_newtable
006F3E20 lua_settable
006F3EA0 lua_rawset
006F3EA0 lua_rawseti
006F3F60 lua_rawseti
006F4020 lua_setmetatable
006F4180 lua_call
006F41A0 lua_pcall
006F43D0 lua_disablegc
006F43E0 lua_getgcthreshold
006F4400 lua_setgcthreshold
006F4430 lua_version
006F4450 lua_next
006F4560 lua_newuserdata
006F45B0 lua_pushupvalues
006F47B0 lua_setupvalue
006F4810 luaL_argerror
006F48A0 luaL_typerror
006F48E0 luaL_where
006F4940 _luaL_error
006F4980 luaL_findstring
006F49E0 luaL_newmetatable
006F4A70 luaL_getmetatable
006F4A90 luaL_checkudata
006F4B20 luaL_checkstack
006F4B50 luaL_checktype
006F4BB0 luaL_checkany
006F4BE0 luaL_checklstring
006F4C20 luaL_optlstring
006F4C80 luaL_checknumber
006F4CD0 luaL_optnumber
006F4D00 luaL_getmetafield
006F4D60 luaL_callmeta
006F4EA0 luaL_setn
006F5050 luaL_getn
006F5120 luaL_prepbuffer
006F51F0 luaL_addlstring
006F5230 luaL_addstring
006F5250 luaL_pushresult
006F5270 luaL_addvalue
006F5300 luaL_buffinit
006F5310 luaL_ref
006F5400 luaL_unref
006F5490 luaL_loadfile
006F58B0 luaO_rawequalObj
006F5D80 luaD_throw
006F5DB0 luaD_rawrunprotected
006F5E20 luaD_reallocstack
006F5EF0 luaD_reallocCI
006F5F60 luaD_growstack
006F5F80 luaD_callhook 
006F6050 luaD_precall
006F6470 luaD_poscall
006F65A0 luaD_call
006F6620 lua_resume
006F6872 lua_yield
006F6B10 luaE_newthread
006F6C90 luaE_freethread
006F6D20 lua_open
006F6F80 lua_close
006F7C80 luaV_tostring
006F8190 luaV_lessthan
006F9F60 luaF_close
006F9FE0 luaF_newproto
006FA050 luaF_freeproto
006FA110 luaF_freeclosure
006FAE90 luaM_reallocPool
006FBAA0 lua_getstack
006FBC70 lua_getinfo
006FC780 luaG_errormsg
006FC870 _luaG_runerror
006FC900 luaM_growaux
006FC980 luaM_irealloc

00703BA0 FrameScript_Destroy
004036C0 WowClientDestroy
00703B80 FrameScript_Flush
007039E0 FrameScript_Initialize
00704C70 FrameScript_CompileFunction
00704CB0 FrameScript_ReleaseFunction
00704CD0 FrameScript_Execute
00704AE0 FrameScript_ExecuteBuffer
```

----------


## tutrakan

If still anybody works with reversing and/or needs the *descriptors* offsets, here are my updated (and fixed now) structures ([WoW] 1.12.1.5875 Info Dump Thread).

----------


## DarkLinux

```
00468460 ClntObjMgrObjectPtr
00468550 ClntObjMgrGetActivePlayer

004E7F70 CGPartyInfo__IsMember
004E8250 CGPartyInfo__SetLeader
004E82D0 CGPartyInfo__AddMember
004E84A0 CGPartyInfo__RemoveAll
004E85D0 CGPartyInfo__EnableMember
004E86D0 CGPartyInfo__NumMembers
004E86F0 CGPartyInfo__SetLootMethod
004E8820 CGPartyInfo__GetRemoteStats

0084C150 CGPartyInfo__m_leaderIndex
00BC6F48 CGPartyInfo__m_members
00BC70B0 CGPartyInfo__m_remoteStats
00BC75F8 CGPartyInfo__m_leader
00BC7600 CGPartyInfo__m_lootMethod
00BC7608 CGPartyInfo__m_lootMaster

004E9050 Script_GetNumPartyMembers
004E9090 Script_GetPartyMember
00515970 Script_GetGUIDFromName

00607260 CGUnit_C__AddWorldXPGainText
00609210 CGUnit_C__GetUnitName
006094C0 CGUnit_C__GetUnitTitle
0060A0C0 CGUnit_C__StoreXPGain
006251E0 CGUnit_C__ShowPlayerXPGained

00402AD0 WowClientInit
0066F6C0 CWorld__Initialize
0046A400 CGlueMgr__Initialize
0046B930 CGlueMgr__Idle
00401570 ClientInitializeGame
006033C0 CGUnit_C__Initialize
006E7150 Spell_C_Initialize
005AB650 ClientServices_SetMessageHandler
006E7330 CastResultHandler
006E7640 SpellStartHandler
006E8D80 SpellFailedHandler
006E8EB0 PetSpellFailedHandler
006E9460 SpellCooldownHandler
006E95D0 ItemCooldownHandler
006E9670 CooldownEvent
006E9730 CooldownCheat
006E97E0 PetTameFailure
006E74F0 SpellDelayed
006E7550 SpellChannelStart

005AAE20 ClientServices_CharacterLogin
005AB490 GetCurrentConnection
00C28128 s_currentConnection
00B41E30 s_loginGUID
00C6326C g_clientConnection
```

----------


## danwins

Adding to DarkLinux:

Party:


```
004E7C70 CGPartyInfo::InitializeGame
004E7E60 PH_SMSG_INSTANCE_SAVE_CREATED
004E7F00 CGPartyInfo::EnterWorld
004E7F10 CGPartyInfo::LeaveWorld
004E7F20 CGPartyInfo::ShutdownGame
004E7F70 CGPartyInfo::IsMember
004E8250 CGPartyInfo::SetLeader
004E82D0 CGPartyInfo::AddMember
004E84A0 CGPartyInfo::RemoveAll
004E85D0 CGPartyInfo::EnableMember
004E86D0 CGPartyInfo::NumMembers
004E86F0 CGPartyInfo::SetLootMethod
004E8820 CGPartyInfo::GetRemoteStats
004E88C0 CGPartyInfo::SetLookingForGroup
004E8DC0 PH_MSG_LOOKING_FOR_GROUP
004E9BE0 PartyInfoRegisterScriptFunctions
004E9C10 PartyInfoUnregisterScriptFunctions

004E9050 Script_GetNumPartyMembers
004E9090 Script_GetPartyMember
004E9100 Script_GetPartyLeaderIndex
004E9130 Script_IsPartyLeader
004E9180 Script_LeaveParty
004E91B0 Script_GetLootMethod
004E92A0 Script_SetLootMethod
004E94E0 Script_GetLootThreshold
004E9500 Script_SetLootThreshold
004E95D0 Script_GetLookingForGroup
004E96B0 Script_SetLookingForGroup
004E9760 Script_LFGQuery
004E9870 Script_GetNumLFGResults
004E98C0 Script_GetLFGResults
004E9A70 Script_GetLFGTypes
004E9AA0 Script_GetLFGTypeEntries

0084C150 CGPartyInfo::m_leaderIndex
00BC6F48 CGPartyInfo::m_members
00BC70B0 CGPartyInfo::m_remoteStats
00BC75F8 CGPartyInfo::m_leader
00BC7600 CGPartyInfo::m_lootMethod
00BC7608 CGPartyInfo::m_lootMaster
```

Raid:


```
004BA0B0 CGRaidInfo::InitializeGame
004BA140 CGRaidInfo::EnterWorld
004BA1C0 CGRaidInfo::LeaveWorld
004BA1D0 CGRaidInfo::ShutdownGame
004BA220 PH_MSG_RAID_TARGET_UPDATE
004BA360 PH_MSG_RAID_READY_CHECK
004BB080 CGRaidInfo::IsOfficer
004BB0F0 CGRaidInfo::GetRemoteStats
004BC130 RaidInfoRegisterScriptFunctions
004BC160 RaidInfoUnregisterScriptFunctions

004BB4B0 Script_GetRaidTargetIndex
004BB530 Script_GetNumRaidMembers
004BB560 Script_GetRaidRosterInfo
004BB820 Script_SetRaidRosterSelection
004BB890 Script_GetRaidRosterSelection
004BB8C0 Script_IsRaidLeader
004BB910 Script_IsRaidOfficer
004BB990 Script_SetRaidSubgroup
004BBB00 Script_SwapRaidSubgroup
004BBC90 Script_ConvertToRaid
004BBD20 Script_PromoteToAssistant
004BBDF0 Script_DemoteAssistant
004BBEC0 Script_SetRaidTarget
004BC080 Script_DoReadyCheck
004BC090 Script_ConfirmReadyCheck
004BC120 Script_CheckReadyCheckTime

00B712A8 CGRaidInfo::m_members
00B713E0 g_curRaidMembers
```

Structs:


```
struct CGPartyInfo::RemoteStats
{
  int health;
  int maxHealth;
  POWER_TYPE powerType;
  int power;
  int maxPower;
  int classID;
  int level;
  int mapID;
  int areaID;
  C3Vector pos;
  int connected;
};

struct RAID_MEMBER
{
  __int64 m_guid;
  int m_groupNum;
  RAID_RANK m_rank;
};

enum POWER_TYPE
{
  POWER_TYPE_MANA = 0x0,
  POWER_TYPE_RAGE = 0x1,
  POWER_TYPE_FOCUS = 0x2,
  POWER_TYPE_ENERGY = 0x3,
}

enum RAID_RANK
{
  RAID_RANK_0 = 0,
  RAID_ASSIST = 1,
  RAID_LEADER = 2,
};
```

----------


## DarkLinux

Elysium Project - Main is loading a new warden module. My bot got hit, never added a version check...  :Frown:  Every server I have been on has used the same old one.

Other public bots like zzuks could be detected.

----------


## danwins

Had a quick look, Looks like they're using the one(s?) that namreeb linked with his warden project on github

First log in gave me the E191991EC6CB175A213B124019B2FEB0 module.

Lights hope still isn't running warden at all by the looks of it.

----------


## tutrakan

The most interesting is that the module seems to change on every logon. Or it loads at more random address than before?

Uploadfiles.io - 154c3f90.bin
Uploadfiles.io - 154c5f20.bin
Uploadfiles.io - 15603d00.bin

----------


## danwins

I'm guessing they're cycling from these: WardenSigning/WardenModules at master * namreeb/WardenSigning * GitHub

not really that surprising honestly. I expected to see it sooner.

You can always check what module was loaded after exiting the client by looking at this file:



```
World of Warcraft\WDB\wowcache.wdb
```

struct looks like this:



```
wowcache.wdb_header ( size 0x2C )
offset	size	desc
0x00 	0x04	'WRDN' magic
0x04	0x04	client build eg '5875'
0x08	0x04	client locale eg 'enUS'
0x0C	0x04	unk
0x10	0x04	unk2
0x14	0x10	MD5 sum of the warden module.
0x24	0x04	record length.
0x28	0x04	Length of the next field (always record length -0x4)

0x2C	0x??	encrypted module
```

at 0x14 is the module md5.

If warden was loaded during the session you should expect to see it cached in this file after exiting the client.

----------


## namreeb

> I'm guessing they're cycling from these: WardenSigning/WardenModules at master * namreeb/WardenSigning * GitHub


That is exactly where they are from  :Wink: 




> not really that surprising honestly. I expected to see it sooner.


The problem is that the numerical value of the opcodes as well as the challenge/response routine had to be identified for each one. Takes a while.

----------


## DarkLinux

Quick dump of elysiums warden scans, for logging purpose.


```
Address 007C625F, Size : 1
Address 0060BFB1, Size : 2
Address 007C625E, Size : 2
Address 00631615, Size : 2
Address 006A467B, Size : 1
Address 0060F650, Size : 6
Address 007C63DA, Size : 4
Address 00615CF5, Size : 1
Address 005EC720, Size : 8
Address 004D1C17, Size : 2
Address 007C4955, Size : 1
Address 007C63DD, Size : 3
Address 0060BFA0, Size : 2
Address 006341BC, Size : 2
Address 004711E0, Size : 2
Address 00616749, Size : 2
Address 007C705F, Size : 3
Address 006ABF13, Size : 1
Address 00482ED8, Size : 6
Address 00636598, Size : 1
Address 0087D898, Size : 4
Address 006163DE, Size : 10
Address 00635C3A, Size : 1
Address 007C63BD, Size : 3
Address 00636ED4, Size : 1
Address 006CA1B5, Size : 1
Address 005ED28D, Size : 6
Address 007C6272, Size : 4
Address 0060FF71, Size : 1
Address 007C705C, Size : 6
Address 006CEE4E, Size : 6
Address 007C6269, Size : 4
Address 006CEE5B, Size : 6
Address 00518062, Size : 1
Address 005ABD50, Size : 6
Address 006AB1BF, Size : 3
Address 005E642C, Size : 5
Address 00482BE3, Size : 1
Address 0060FC30, Size : 10
Address 0060BFBF, Size : 2
Address 00538610, Size : 4
Address 0080DFFC, Size : 4
Address 00CF0BC8, Size : 4
Address 0060FF65, Size : 2
Address 006D2743, Size : 6
Address 00494A50, Size : 7
Address 007C63A8, Size : 4
Address 007C33D9, Size : 5
Address 0049F5DD, Size : 1
Address 0063379C, Size : 1
Address 00636198, Size : 1
Address 005FE54F, Size : 1
Address 0067063E, Size : 1
Address 0040362B, Size : 3
Address 0087D894, Size : 4
Address 007C620D, Size : 2
Address 004711EA, Size : 1
Address 006334F0, Size : 1
Address 0049F6F2, Size : 3
Address 007C69A0, Size : 3
Address 007C63D9, Size : 1
Address 005ED2E3, Size : 6
Address 00C7B2A4, Size : 4
Address 007C6206, Size : 11
Address 00618913, Size : 8
Address 006AB494, Size : 1
Address 004C21C0, Size : 1
Address 007C6E83, Size : 7
Address 006163DB, Size : 2
Address 006341E3, Size : 2
Address 00846F64, Size : 6
Address 00615BA7, Size : 4
Address 007C4D41, Size : 10
Address 0060F7C9, Size : 6
Address 00822C10, Size : 6
Address 00680B81, Size : 5
```

----------


## danwins

above scans with extra detail:



```
Address 0040362B, Size : 3	// PollNet / WardenClient_Process check
Address 004711E0, Size : 2	// CCharCreateInfo::CreateCharacter / character name validation
Address 004711EA, Size : 1	// CCharCreateInfo::CreateCharacter / character name validation
Address 00482BE3, Size : 1	// CGWorldFrame::UpdateDayNightInfo / time related?
Address 00482ED8, Size : 6	// CGWorldFrame::OnWorldUpdate / anti afk?
Address 00494A50, Size : 7	// CGGameUI::CanPerformAction
Address 0049F5DD, Size : 1	// Script_SendChatMessage / chat while dead?
Address 0049F6F2, Size : 3	// Script_SendChatMessage / checking third int32 put into CMSG_MESSAGECHAT?
Address 004C21C0, Size : 1	// AutoLoot / EVENT_LOOT_BIND_CONFIRM? 
Address 004D1C17, Size : 2	// Script_CanViewOfficerNote
Address 00518062, Size : 1	// Script_UnitLevel / see unit level instead of skull?
Address 00538610, Size : 4	// NETEVENTQUEUE::Poll jumptable?
Address 005ABD50, Size : 6	// ClientServices_CharacterValidateName
Address 005E642C, Size : 5	// OnSupercededSpell?
Address 005EC720, Size : 8	// CGPlayer_C::GetLanguageSkill / hook check?
Address 005ED28D, Size : 6	// CGPlayer_C::CanTrackUnit / follow hack?
Address 005ED2E3, Size : 6	// CGPlayer_C::CanTrackObject / same as above?
Address 005FE54F, Size : 1	// CGUnit_C::UpdateBaseAnimation / CMovementShared::GetBaseSpeed / speed hack related?
Address 0060BFA0, Size : 2	// CGUnit_C::OnRightClick / loot while mounted
Address 0060BFB1, Size : 2	// CGUnit_C::OnRightClick
Address 0060BFBF, Size : 2	// CGUnit_C::OnRightClick
Address 0060F650, Size : 6	// sub_60F600 / follow hack related maybe?
Address 0060F7C9, Size : 6	// sub_60F600 / follow hack related maybe?
Address 0060FC30, Size : 10	// CGUnit_C::ClearTrackingTarget / s_trackingType check / click to move fix check?
Address 0060FF65, Size : 2	// CGUnit_C::SetTrackingTarget / follow related?
Address 0060FF71, Size : 1	// CGUnit_C::SetTrackingTarget / follow related?
Address 00615BA7, Size : 4	// movement heartbeat?
Address 00615CF5, Size : 1	// CMovement::UpdatePlayerMovement
Address 006163DB, Size : 2	// CMovement::UpdatePlayerMovement / anti root hack?
Address 006163DE, Size : 10	// CMovement::UpdatePlayerMovement / anti root hack?
Address 00616749, Size : 2	// CMovement::ExecuteMovement / MSG_MOVE_HEARTBEAT SendMovementPacket
Address 00618913, Size : 8	// sub_618900 / movement related / InitMovementStatus?
Address 00631615, Size : 2	// sub_6315F0 / unknown?
Address 006334F0, Size : 1	// wall climb
Address 0063379C, Size : 1	// wall climb
Address 006341BC, Size : 2	// super fly
Address 006341E3, Size : 2	// super fly?
Address 00635C3A, Size : 1	// wall climb
Address 00636198, Size : 1	// wall climb
Address 00636598, Size : 1	// wall climb
Address 00636ED4, Size : 1	// wall climb
Address 0067063E, Size : 1	// unknown
Address 00680B81, Size : 5	// CWorldScene::PrepareRenderLiquid / CWorldScene__camLiquid var / water related hack?
Address 006A467B, Size : 1	// sub_6A4670 / unknown CMap function?
Address 006AB1BF, Size : 3	// sub_6AADC0 / unknown CMap function?
Address 006AB494, Size : 1	// sub_6AADC0 / unknown CMap function?
Address 006ABF13, Size : 1	// collision?
Address 006CA1B5, Size : 1	// WardenClient_Process
Address 006CEE4E, Size : 6	// sub_6CEE30 / dword_CE9BD8 / unknown?
Address 006CEE5B, Size : 6	// sub_6CEE30 / dword_CE9BD8 / unknown?
Address 006D2743, Size : 6	// sub_6D2260 / flt_CE9C50 / unknown?
Address 007C33D9, Size : 5	// unknown?
Address 007C4955, Size : 1	// CMovementData::GetPosition
Address 007C4D41, Size : 10	// CMovementShared::GetBaseSpeed
Address 007C6206, Size : 11	// sub_7C61F0 / CMovement something
Address 007C620D, Size : 2	// sub_7C61F0 / CMovement something
Address 007C625E, Size : 2	// CMovement::PlayerJump / infinite jump
Address 007C625F, Size : 1	// CMovement::PlayerJump / anti jump / anti knockback?
Address 007C6269, Size : 4	// JumpGravityWater
Address 007C6272, Size : 4	// JumpGravity
Address 007C63A8, Size : 4	// InitMovementStatus / CMovementData::GetPosition?
Address 007C63BD, Size : 3	// InitMovementStatus / unk?
Address 007C63D9, Size : 1	// InitMovementStatus / m_pitch?
Address 007C63DA, Size : 4	// InitMovementStatus / m_fallStartTime - fall damage hack??
Address 007C63DD, Size : 3	// InitMovementStatus / unk?
Address 007C69A0, Size : 3	// sub_7C69A0 / CMovement?
Address 007C6E83, Size : 7	// sub_7C6E80 / Swim related?
Address 007C705C, Size : 6	// sub_7C7030 / unknown?
Address 007C705F, Size : 3	// sub_7C7030 / unk?
Address 0080DFFC, Size : 4	// .rdata flt_80DFFC / wallclimb
Address 00822C10, Size : 6	// .rdata string?
Address 00846F64, Size : 6	// .rdata string?
Address 0087D894, Size : 4	// .rdata flt_87D894 / movement related?
Address 0087D898, Size : 4	// .rdata flt_87D898 / movement related?
Address 00C7B2A4, Size : 4	// .rdata CWorld::enables / Rendering Options
Address 00CF0BC8, Size : 4	// .rdata timestamp
```

----------


## Jadd

More elegant __fastcall wrapper:


```
pop ebx          ; Store the return address.
pop ecx          ; Move 1st arg to ecx.
pop edx          ; Move 2nd arg to edx.
mov [esp], ebx   ; Restore the return address.
jmp <function>   ; Callee cleans the stack.
```

Edit: This is wrong, see below.

----------


## tutrakan

> More elegant __fastcall wrapper:
> 
> 
> ```
> pop ebx          ; Store the return address.
> pop ecx          ; Move 1st arg to ecx.
> pop edx          ; Move 2nd arg to edx.
> mov [esp], ebx   ; Restore the return address.
> jmp <function>   ; Callee cleans the stack.
> ```


There is missing "sub esp, 4" before "mov [esp], ebx". Or just put it like this:

```
pop ebx          ; Store the return address.
pop ecx          ; Move 1st arg to ecx.
pop edx          ; Move 2nd arg to edx.
push ebx         ; Restore the return address.
jmp <function>   ; Callee cleans the stack.
```

And of course there should be a check for the number of params to be always >= 2.

----------


## Jadd

> There is missing "sub esp, 4" before "mov [esp], ebx".


Did you test it? You will crash every time. Pushing ebx will move the stack frame which is wrong.




> And of course there should be a check for the number of params to be always >= 2.


AFAIK functions are never compiled as __fastcall if it takes less than two parameters.

----------


## tutrakan

> Did you test it?


Yes.

However, this is usefull when we need to call a __fastcall function from c# (while it isn't supported convention) and we are forced to make such a wrapper.
This old one can be optimized for sure, but is tested and works:
[WoW] 1.12.1.5875 Info Dump Thread
And my fastcall "greymagic" detour modification works fine too:
[RELEASE] Modification of GreyMagic to support detouring of fastcalls



> AFAIK functions are never compiled as __fastcall if it takes less than two parameters.


Go explain that to the WoW_3368-orig_32bit compiler: MEGA
There are plenty fastcall declared without even one parameter in ecx or edx - informacionsimbolos.txt.

----------


## Jadd

You're right, it should include sub esp, 4 or just use your solution. I only tested with one function and my delegate definition included one too many arguments so it was working for me. Edited my earlier post.




> Go explain that to the WoW_3368-orig_32bit compiler: MEGA
> There are plenty fastcall declared without even one parameter in ecx or edx - informacionsimbolos.txt.


In any case, fastcall with 1 parameter is identical to thiscall (at least for anything using VC++ compiler) and fastcall with no parameters is identical to stdcall, so it's better to use either of those since .NET supports it without the use of a wrapper.

----------


## tutrakan

> ...In any case, fastcall with 1 parameter is identical to thiscall (at least for anything using VC++ compiler) and fastcall with no parameters is identical to stdcall...


100% true. I was about to say the same.

P.S. For anyone else interested: x86 calling conventions - Wikipedia

----------


## badusername1234

> Does anyone have any memory addresses or information about the auction house?
> looked around in the PDB and in this thread but it seems most people don't care about the AH!


I had a similar problem. I'm not great with IDA (yet) so I just took a different approach than finding auction functions and stuff. I just send packets and parse what the server sends back. You can look at Mangos or something to see exactly how all the packets are structured so there's little reversing involved for you. A cool benefit of doing it that way is that you can reuse the same code for a clientless bot if you ever choose to make one.

While I'm posting, is anyone aware of a cross-continent teleport exploit that works on light's hope? I'm not asking for any details of it, just wondering if anyone has done it because I'm getting bored of my heartbeat teleporter and will probably be trying that soonish.

Edit: Random note - I have had accounts warden banned on either Nost/Elysium (I can't remember), and for some reason they let me log in on Light's Hope.

----------


## namreeb

> While I'm posting, is anyone aware of a cross-continent teleport exploit that works on light's hope? I'm not asking for any details of it, just wondering if anyone has done it because I'm getting bored of my heartbeat teleporter and will probably be trying that soonish.


I'd be surprised if this were possible. The client controls where it is on the map, but does not ever control which map its on.

Edit: I've been able to 'fake' this in some cases by teleporting to portals between the maps and sending a gameobject interact message with them. Most private servers do not have server-side enforcement of gameobjec interaction permissions. This doesn't solve all possible (source map, target map) pairs though.

----------


## bone91

Does anyone have an example of calling the LootSlot function directly in memory? Calling LootSlot(1) in doString has no effect (neither has sending a Lua click to LootButton1). I suspect this is because it's not accepting virtual mouse clicks. CTM/Autoloot will be of no help, because I am trying to get Pickpocketing to work, where a spell will open the loot window and I'd like to avoid something as hacky as writing mouse position to memory and then injecting a click.

Edit: After fucking around with it a little bit, it seems that injecting AutoLoot before casting Pick Pocket does the trick.

----------


## tutrakan

> ...
> Edit: I've been able to 'fake' this in some cases by teleporting to portals between the maps and sending a gameobject interact message with them. ...


Which portals you mean?

----------


## DarkLinux

Some MEM_CHECK warden info that I have logged based on Elysium. Sig scan the function works for all modules, but I needed the caller offset.



```
struct WardenInfo
{
	DWORD m_ver
	DWORD m_offset
	DWORD m_offsetCall

...

}

WardenInfo(0x00003E2D, 0x00001C5D, 0x00001F73);
WardenInfo(0x00001982, 0x00006DC4, 0x0000196B);
WardenInfo(0x00006270, 0x00004A8D, 0x000038C3);
WardenInfo(0x00005ACC, 0x00004E7C, 0x00002AE8);
WardenInfo(0x00004BE0, 0x000071D8, 0x00004FC6);
WardenInfo(0x00001B20, 0x00005F06, 0x00003CA4);
WardenInfo(0x00004DE0, 0x00005F1F, 0x000022B8);
WardenInfo(0x00004389, 0x000029E8, 0x000031D0);
WardenInfo(0x00001BD7, 0x00004FB9, 0x00005FC0);
WardenInfo(0x000011A0, 0x0000116E, 0x0000509F);
WardenInfo(0x00001438, 0x0000137D, 0x0000292F);
WardenInfo(0x00003150, 0x0000263E, 0x000036EB);
WardenInfo(0x00001EB0, 0x00002B6F, 0x0000391B);
WardenInfo(0x00002839, 0x00003917, 0x000029EB);
WardenInfo(0x000071B0, 0x0000710C, 0x00005A1B);
WardenInfo(0x00003890, 0x00001F1F, 0x00003881);
WardenInfo(0x00003DAC, 0x000018EE, 0x00004D2B);
WardenInfo(0x000036F0, 0x000060AA, 0x000057A7);
WardenInfo(0x0000540D, 0x000026C6, 0x0000193B);
WardenInfo(0x00007452, 0x000054C6, 0x00005F7D);
WardenInfo(0x00005496, 0x0000159C, 0x000046DB);
WardenInfo(0x00006980, 0x00005525, 0x00001136);
WardenInfo(0x000040A0, 0x000037A1, 0x000066C0);
WardenInfo(0x00003EA0, 0x00001696, 0x00004BEB);
WardenInfo(0x000019FB, 0x00001088, 0x0000240B);
WardenInfo(0x00005E1C, 0x0000140D, 0x0000597B);
WardenInfo(0x00003124, 0x0000542D, 0x00001B8B);
WardenInfo(0x00003D08, 0x000044CB, 0x0000461C);
WardenInfo(0x00005C2B, 0x000025A6, 0x00005D5B);
WardenInfo(0x000028D2, 0x000014C1, 0x0000210B);
WardenInfo(0x000055C0, 0x000018D9, 0x0000407B);
WardenInfo(0x00004997, 0x00002587, 0x0000172B);
WardenInfo(0x00005E40, 0x00003233, 0x00001BBB);
WardenInfo(0x00004DDD, 0x0000281A, 0x0000672B);
WardenInfo(0x000044A0, 0x00003866, 0x00003561);
WardenInfo(0x00004030, 0x0000480C, 0x00004B1B);
WardenInfo(0x000063B8, 0x00002A7F, 0x0000178B);
WardenInfo(0x00006DC0, 0x00004B1B, 0x00006506);
WardenInfo(0x00004ED7, 0x00001C6A, 0x0000492F);
WardenInfo(0x000030F0, 0x00004626, 0x00004ADB);
WardenInfo(0x00001A42, 0x00006F20, 0x00006D45);
WardenInfo(0x000077FA, 0x00003F07, 0x0000260B);
WardenInfo(0x00002890, 0x00001837, 0x00006BD7);
WardenInfo(0x00002070, 0x000047B8, 0x000036EB);
WardenInfo(0x000014A0, 0x0000486D, 0x0000377B);
WardenInfo(0x00001000, 0x00006192, 0x000023B8);
WardenInfo(0x000011F5, 0x00005204, 0x000011DA);
WardenInfo(0x00002E58, 0x000025B8, 0x000010D7);
WardenInfo(0x000043E0, 0x000061C6, 0x0000199B);
WardenInfo(0x000040F0, 0x00005FDA, 0x0000141B);
WardenInfo(0x000050D0, 0x00003F52, 0x00001FFB);
WardenInfo(0x000047E0, 0x000038D3, 0x00006F30);
WardenInfo(0x00002D30, 0x00003446, 0x00002506);
WardenInfo(0x00004D99, 0x0000100A, 0x0000273F);
WardenInfo(0x00006210, 0x000081D6, 0x000081CB);
WardenInfo(0x00006135, 0x0000274B, 0x00001DBB);
WardenInfo(0x00006798, 0x000063FA, 0x0000279B);
WardenInfo(0x00004184, 0x00004FF8, 0x00003889);
WardenInfo(0x00001E40, 0x000059B3, 0x000053ED);
WardenInfo(0x000023B0, 0x000029EA, 0x0000459D);
WardenInfo(0x00004533, 0x00006395, 0x000046DB);
WardenInfo(0x00001065, 0x00001E08, 0x00005D17);
WardenInfo(0x00003181, 0x000023F2, 0x000043F7);
WardenInfo(0x00006456, 0x0000614C, 0x0000516B);
WardenInfo(0x00006376, 0x00003734, 0x000063EB);
WardenInfo(0x00001DB0, 0x00001E27, 0x0000406B);
WardenInfo(0x00004390, 0x00005A6F, 0x00006C7B);
WardenInfo(0x000015D0, 0x0000618D, 0x000017AB);
WardenInfo(0x00002240, 0x00002C57, 0x00002DBD);
WardenInfo(0x000053B9, 0x00001D76, 0x00007254);
WardenInfo(0x00002AF6, 0x00005BDD, 0x0000339B);
WardenInfo(0x00005083, 0x00005499, 0x00004C1B);

DWORD CWarden::GetWardenBase()
{
	DWORD ppWarden = read<DWORD>(0x0CE8978);

	if (!ppWarden)
	{
		return NULL;
	}

	return read<DWORD>(ppWarden);
}

DWORD CWarden::GetWardenVersion()
{
	DWORD ppWarden = read<DWORD>(0x00CE897C);

	if (!ppWarden)
	{
		return NULL;
	}

	DWORD pWarden = read<DWORD>(ppWarden);

	if (!pWarden)
	{
		return NULL;
	}

	DWORD WardenBase = GetWardenBase();

	if (!WardenBase)
	{
		return NULL;
	}

	return read<DWORD>(pWarden + 0xC) - WardenBase;
}
```

----------


## namreeb

> Which portals you mean?


Shattrah City and Dalaran have portals to the major cities (yes I realize you probably only mean classic so this is not relevant). Some private servers add custom portals as a quality of life enhancement. gamer-district.org has this, Feenix did (I think?) and maybe vanillagaming.org? In most cases, you can send the game object interaction packet to produce the desired teleport and it will work regardless of client-side restrictions.

----------


## DarkLinux

Loot while moving,


```
0x005DF2F0
```

----------


## DarkLinux

Finished logging all modules info to bypass MEM_CHECK and PAGE_CHECK. You can sig scan all offsets, but I like to manually check each one.



```
struct WardenInfo
{
	DWORD m_ver;
	DWORD m_offset;		/* Warden_CopyMem Function Offset (MEM_CHECK)*/
	DWORD m_offsetCall;	/* Warden_CallCopyMem Call Offset to Warden_CopyMem (MEM_CHECK) */
	DWORD m_offsetPageHash;	/* Warden_SHA1Update Copy Offset (PAGE_CHECK_A / PAGE_CHECK_B) */
	DWORD m_pageHashType;	/* Hook Type*/
...
}

WardenOffset(0x00003E2D, 0x00001C5D, 0x00001F73, 0x000049C6, 2);
WardenOffset(0x00001982, 0x00006DC4, 0x0000196B, 0x00003DF1, 2);
WardenOffset(0x00006270, 0x00004A8D, 0x000038C3, 0x000028EA, 1);
WardenOffset(0x00005ACC, 0x00004E7C, 0x00002AE8, 0x00007224, 1);
WardenOffset(0x00004BE0, 0x000071D8, 0x00004FC6, 0x00002BB6, 2);
WardenOffset(0x00001B20, 0x00005F06, 0x00003CA4, 0x000035E7, 3);
WardenOffset(0x00004DE0, 0x00005F1F, 0x000022B8, 0x000039C1, 2);
WardenOffset(0x00004389, 0x000029E8, 0x000031D0, 0x00003129, 3);
WardenOffset(0x00001BD7, 0x00004FB9, 0x00005FC0, 0x00005193, 1);
WardenOffset(0x000011A0, 0x0000116E, 0x0000509F, 0x00004197, 3);
WardenOffset(0x00001438, 0x0000137D, 0x0000292F, 0x000034BB, 3);
WardenOffset(0x00003150, 0x0000263E, 0x000036EB, 0x00002D51, 2);
WardenOffset(0x00001EB0, 0x00002B6F, 0x0000391B, 0x00004B01, 2);
WardenOffset(0x00002839, 0x00003917, 0x000029EB, 0x000034C6, 2);
WardenOffset(0x000071B0, 0x0000710C, 0x00005A1B, 0x000037D1, 2);
WardenOffset(0x00003890, 0x00001F1F, 0x00003881, 0x00006951, 2);
WardenOffset(0x00003DAC, 0x000018EE, 0x00004D2B, 0x00001885, 1);
WardenOffset(0x000036F0, 0x000060AA, 0x000057A7, 0x0000132B, 1);
WardenOffset(0x0000540D, 0x000026C6, 0x0000193B, 0x00007A0C, 3);
WardenOffset(0x00007452, 0x000054C6, 0x00005F7D, 0x000045D2, 1);
WardenOffset(0x00005496, 0x0000159C, 0x000046DB, 0x00005925, 3);
WardenOffset(0x00006980, 0x00005525, 0x00001136, 0x00001906, 2);
WardenOffset(0x000040A0, 0x000037A1, 0x000066C0, 0x00002F68, 1);
WardenOffset(0x00003EA0, 0x00001696, 0x00004BEB, 0x00001681, 2);
WardenOffset(0x000019FB, 0x00001088, 0x0000240B, 0x00004221, 2);
WardenOffset(0x00005E1C, 0x0000140D, 0x0000597B, 0x00006D59, 3);
WardenOffset(0x00003124, 0x0000542D, 0x00001B8B, 0x00002DC9, 1);
WardenOffset(0x00003D08, 0x000044CB, 0x0000461C, 0x0000118B, 1);
WardenOffset(0x00005C2B, 0x000025A6, 0x00005D5B, 0x000043D6, 2);
WardenOffset(0x000028D2, 0x000014C1, 0x0000210B, 0x00001937, 1);
WardenOffset(0x000055C0, 0x000018D9, 0x0000407B, 0x000015F6, 2);
WardenOffset(0x00004997, 0x00002587, 0x0000172B, 0x00005546, 2);
WardenOffset(0x00005E40, 0x00003233, 0x00001BBB, 0x000024C2, 1);
WardenOffset(0x00004DDD, 0x0000281A, 0x0000672B, 0x00004723, 3);
WardenOffset(0x000044A0, 0x00003866, 0x00003561, 0x00006C46, 2);
WardenOffset(0x00004030, 0x0000480C, 0x00004B1B, 0x00004E04, 1);
WardenOffset(0x000063B8, 0x00002A7F, 0x0000178B, 0x00002B24, 1);
WardenOffset(0x00006DC0, 0x00004B1B, 0x00006506, 0x0000682B, 1);
WardenOffset(0x00004ED7, 0x00001C6A, 0x0000492F, 0x000049D1, 1);
WardenOffset(0x000030F0, 0x00004626, 0x00004ADB, 0x000016CF, 1);
WardenOffset(0x00001A42, 0x00006F20, 0x00006D45, 0x000067C1, 2);
WardenOffset(0x000077FA, 0x00003F07, 0x0000260B, 0x00006C11, 2);
WardenOffset(0x00002890, 0x00001837, 0x00006BD7, 0x00006479, 3);
WardenOffset(0x00002070, 0x000047B8, 0x000036EB, 0x000015C5, 3);
WardenOffset(0x000014A0, 0x0000486D, 0x0000377B, 0x000029F6, 2);
WardenOffset(0x00001000, 0x00006192, 0x000023B8, 0x00006A23, 1);
WardenOffset(0x000011F5, 0x00005204, 0x000011DA, 0x00004C3C, 3);
WardenOffset(0x00002E58, 0x000025B8, 0x000010D7, 0x00004F96, 2);
WardenOffset(0x000043E0, 0x000061C6, 0x0000199B, 0x00001FB6, 2);
WardenOffset(0x000040F0, 0x00005FDA, 0x0000141B, 0x00004809, 1);
WardenOffset(0x000050D0, 0x00003F52, 0x00001FFB, 0x00004C26, 2);
WardenOffset(0x000047E0, 0x000038D3, 0x00006F30, 0x00007261, 3);
WardenOffset(0x00002D30, 0x00003446, 0x00002506, 0x00002A76, 2);
WardenOffset(0x00004D99, 0x0000100A, 0x0000273F, 0x00005F22, 1);
WardenOffset(0x00006210, 0x000081D6, 0x000081CB, 0x00007AEA, 1);
WardenOffset(0x00006135, 0x0000274B, 0x00001DBB, 0x00006B11, 2);
WardenOffset(0x00006798, 0x000063FA, 0x0000279B, 0x00001766, 2);
WardenOffset(0x00004184, 0x00004FF8, 0x00003889, 0x00004E36, 2);
WardenOffset(0x00001E40, 0x000059B3, 0x000053ED, 0x00005DD7, 3);
WardenOffset(0x000023B0, 0x000029EA, 0x0000459D, 0x000024AE, 3);
WardenOffset(0x00004533, 0x00006395, 0x000046DB, 0x00004176, 2);
WardenOffset(0x00001065, 0x00001E08, 0x00005D17, 0x00004085, 3);
WardenOffset(0x00003181, 0x000023F2, 0x000043F7, 0x000024BD, 1);
WardenOffset(0x00006456, 0x0000614C, 0x0000516B, 0x000053D9, 1);
WardenOffset(0x00006376, 0x00003734, 0x000063EB, 0x00003AB4, 1);
WardenOffset(0x00001DB0, 0x00001E27, 0x0000406B, 0x000035E1, 2);
WardenOffset(0x00004390, 0x00005A6F, 0x00006C7B, 0x0000319C, 1);
WardenOffset(0x000015D0, 0x0000618D, 0x000017AB, 0x000016CD, 1);
WardenOffset(0x00002240, 0x00002C57, 0x00002DBD, 0x00001721, 2);
WardenOffset(0x000053B9, 0x00001D76, 0x00007254, 0x00006006, 2);
WardenOffset(0x00002AF6, 0x00005BDD, 0x0000339B, 0x00001E61, 2);
WardenOffset(0x00005083, 0x00005499, 0x00004C1B, 0x00004981, 2);

DWORD CWarden::GetWardenBase()
{
	DWORD ppWarden = read<DWORD>(0x0CE8978);

	if (!ppWarden)
	{
		return NULL;
	}

	return read<DWORD>(ppWarden);
}

DWORD CWarden::GetWardenVersion()
{
	DWORD ppWarden = read<DWORD>(0x00CE897C);

	if (!ppWarden)
	{
		return NULL;
	}

	DWORD pWarden = read<DWORD>(ppWarden);

	if (!pWarden)
	{
		return NULL;
	}

	DWORD WardenBase = GetWardenBase();

	if (!WardenBase)
	{
		return NULL;
	}

	return read<DWORD>(pWarden + 0xC) - WardenBase;
}

/*Hook Type Info
Type 1:
SourcePointer, eax
Counter, edi
ObjectPointer, esi
Size, ebx

Type 2:
SourcePointer, ebx
Counter, esi
ObjectPointer, edi
Size, eax

Type 3:
SourcePointer, eax
Counter, ebx
ObjectPointer, edi
Size, [ebp + 0xC];
*/
```

----------


## wowwac

Nice work DarkLinux, it'll come in handy later...

Here's a little CheatEngine script for getting all object offsets from ObjectManager


```
--Tiny ObjectManager/PlayerBase finder for WoW 1.12.1
--Made by LBLZR_
objType = {"None", "Item", "Container", "Unit", "Player", "GameObject", "DynamicObject", "Corpse"}
curObj = readInteger("[0xB41414]+0xAC")
playerGuid = readInteger("[0xB41414]+0xC0")
playerAddress = 0

while ((curObj ~= nil) and (curObj ~= 0) and ((curObj & 1) == 0)) do --iterate over all objects
  print("Obj: ", string.format('0x%0X', curObj),
             "\t| Type: ", objType[readInteger(curObj + "0x14")+1],
             "\t| Guid: ", readQword(curObj + "0x30"),
             "\t| Descriptor: ", string.format('0x%0X', readInteger(curObj + "0x8")))

  if((readInteger(curObj + "0x14") == 4) and --if object type is player and guid is our guid
             (readQword(curObj + "0x30") == playerGuid)) then
       playerAddress = curObj
       print("Found local player!")
  end

  curObj=readInteger(curObj + "0x3C") --get next object
end

print("Local player base address: ", string.format('0x%0X', playerAddress))
```

Also is there a better/easier way of getting PlayerBase than looping through ObjectMgr and finding it?

----------


## danwins

> Nice work DarkLinux, it'll come in handy later...
> 
> Here's a little CheatEngine script for getting all object offsets from ObjectManager
> 
> 
> ```
> --Tiny ObjectManager/PlayerBase finder for WoW 1.12.1
> --Made by LBLZR_
> objType = {"None", "Item", "Container", "Unit", "Player", "GameObject", "DynamicObject", "Corpse"}
> ...


there is actually, but afaik the actual function the game uses iterates through the object manager to find it.

Not sure who should be credited for finding it(namreeb maybe?) but someone pointed out that the warden in use on elysium awhile back was being used as a server scanner by looking up the camtargentity(i think?) which has a pointer to the player object.

referenced here:




> Their Warden is actually really interesting, they use memory scan warden's function as a "server side" memory reader.
> 
> They start reading 4 bytes @ 00C7BCD4 CWorldScene__camTargEntity in the first warden scan packet, then when the client answer with those 4 bytes, (which is actually a pointer), they add 0x88 to get another pointer and so on, so they can read player object info and compare them server side.
> 
> Really clever against clientless bot (not hard once you get it, but still, annoying to handle), great job @ Elysium


i beleive the actual chain is



```
00C7BCD4
+0x88
+0x28
```

----------


## wowwac

Does 1.12.1 have FrameScript__SignalEvent?? I've tried setting access breakpoints on addresses with lua event names but all I got was some garbage scattered all over the address space, no single event entry point... Fuck, I should probably learn working with IdaPRO already because x64dbg just does not cut it anymore...

Edit: Btw @danwins the offsets don't seem to work for me, but i've already solved it by looping through the objmanager as I wanted before...

Edit 2: (Sorry for asking too many questions, but I'm 2 lazy to create another thread for this) Is it possible to turn player without manually constructing packets and sending them? CTM is out of question because it's total bugfest in vanilla (using 0x2 Face doesn't face the target, but north for some reason) I've tried to use the function at 0x7c6f30 but it's rotating in totally random directions when I call it...

----------


## DarkLinux

@wowwac I have posted how to fix ctm, it works just fine after. Also, 0x7c6f30 works, are you using rads?

----------


## wowwac

> @wowwac I have posted how to fix ctm, it works just fine after. Also, 0x7c6f30 works, are you using rads?


Yep, i'm getting the current rotation from Player::GetBaseAddress() + 0x9c4 and then I add PI for example which should turn me 180 degrees (I'm using std::remainder for angles over 360) but it turns me into totally random direction and also crashes the game if I'm rotating manually with mouse when it tries to rotate... Is it possible that it's happening because i did not call it from main thread? I've created mainthread invoker class today, so I can try it with it... 

Also I've probably found the FrameScript__SignalEvent at 0x00703E50 but it's not processing some events like UNIT_DAMAGE,PLAYER_LEVEL_UP etc. that namreeb posted at the beginning of this thread. Is this normal behaviour?

EDIT: Nope, even from main thread it turns me to north every time... Am I defining it right?


```
typedef void(__thiscall *tTurn) (DWORD playerbase, float *angle);
```

----------


## danwins

> Does 1.12.1 have FrameScript__SignalEvent?? I've tried setting access breakpoints on addresses with lua event names but all I got was some garbage scattered all over the address space, no single event entry point... Fuck, I should probably learn working with IdaPRO already because x64dbg just does not cut it anymore...




```
00703E50   void __fastcall FrameScript_SignalEvent(FRAMEXML_EVENT event)
```




> Edit: Btw @danwins the offsets don't seem to work for me, but i've already solved it by looping through the objmanager as I wanted before...


I don't quite know what you mean by it doesn't work?



```
<?xml version="1.0" encoding="utf-8"?>
<CheatTable CheatEngineTableVersion="26">
  <CheatEntries>
    <CheatEntry>
      <ID>0</ID>
      <Description>"ActivePlayer -&gt; MovementData"</Description>
      <ShowAsHex>1</ShowAsHex>
      <VariableType>4 Bytes</VariableType>
      <Address>00C7BCD4</Address>
      <Offsets>
        <Offset>0</Offset>
        <Offset>118</Offset>
        <Offset>28</Offset>
        <Offset>88</Offset>
      </Offsets>
      <CheatEntries>
        <CheatEntry>
          <ID>7</ID>
          <Description>"m_position.x"</Description>
          <VariableType>Float</VariableType>
          <Address>+10</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>1</ID>
          <Description>"m_position.y"</Description>
          <VariableType>Float</VariableType>
          <Address>+14</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>2</ID>
          <Description>"m_position.z"</Description>
          <VariableType>Float</VariableType>
          <Address>+18</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>3</ID>
          <Description>"m_facing"</Description>
          <VariableType>Float</VariableType>
          <Address>+1C</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>33</ID>
          <Description>"m_pitch"</Description>
          <VariableType>Float</VariableType>
          <Address>+20</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>5</ID>
          <Description>"m_transportGUID"</Description>
          <ShowAsHex>1</ShowAsHex>
          <VariableType>8 Bytes</VariableType>
          <Address>+38</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>6</ID>
          <Description>"m_moveFlags"</Description>
          <ShowAsHex>1</ShowAsHex>
          <VariableType>4 Bytes</VariableType>
          <Address>+40</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>8</ID>
          <Description>"m_anchorPosition.x"</Description>
          <VariableType>Float</VariableType>
          <Address>+44</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>9</ID>
          <Description>"m_anchorPosition.y"</Description>
          <VariableType>Float</VariableType>
          <Address>+48</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>10</ID>
          <Description>"m_anchorPosition.z"</Description>
          <VariableType>Float</VariableType>
          <Address>+4C</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>11</ID>
          <Description>"m_anchorFacing"</Description>
          <VariableType>Float</VariableType>
          <Address>+50</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>12</ID>
          <Description>"m_anchorPitch"</Description>
          <VariableType>Float</VariableType>
          <Address>+54</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>13</ID>
          <Description>"m_moveStartTime"</Description>
          <ShowAsHex>1</ShowAsHex>
          <VariableType>4 Bytes</VariableType>
          <Address>+58</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>14</ID>
          <Description>"m_direction.x"</Description>
          <VariableType>Float</VariableType>
          <Address>+5C</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>15</ID>
          <Description>"m_direction.y"</Description>
          <VariableType>Float</VariableType>
          <Address>+60</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>16</ID>
          <Description>"m_direction.z"</Description>
          <VariableType>Float</VariableType>
          <Address>+64</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>17</ID>
          <Description>"m_direction2d.x"</Description>
          <VariableType>Float</VariableType>
          <Address>+68</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>18</ID>
          <Description>"m_direction2d.y"</Description>
          <VariableType>Float</VariableType>
          <Address>+6C</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>19</ID>
          <Description>"m_cosAnchorPitch"</Description>
          <VariableType>Float</VariableType>
          <Address>+70</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>20</ID>
          <Description>"m_sinAnchorPitch"</Description>
          <VariableType>Float</VariableType>
          <Address>+74</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>21</ID>
          <Description>"m_fallStartTime"</Description>
          <ShowAsHex>1</ShowAsHex>
          <VariableType>4 Bytes</VariableType>
          <Address>+78</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>22</ID>
          <Description>"m_fallStartElevation"</Description>
          <VariableType>Float</VariableType>
          <Address>+7C</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>23</ID>
          <Description>"unk"</Description>
          <ShowAsHex>1</ShowAsHex>
          <VariableType>4 Bytes</VariableType>
          <Address>+80</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>24</ID>
          <Description>"m_currentSpeed"</Description>
          <VariableType>Float</VariableType>
          <Address>+84</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>25</ID>
          <Description>"m_walkSpeed"</Description>
          <VariableType>Float</VariableType>
          <Address>+88</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>26</ID>
          <Description>"m_runSpeed"</Description>
          <VariableType>Float</VariableType>
          <Address>+8C</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>27</ID>
          <Description>"m_reverseRunSpeed"</Description>
          <VariableType>Float</VariableType>
          <Address>+90</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>28</ID>
          <Description>"m_swimSpeed"</Description>
          <VariableType>Float</VariableType>
          <Address>+94</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>29</ID>
          <Description>"m_reverseSwimSpeed"</Description>
          <VariableType>Float</VariableType>
          <Address>+98</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>30</ID>
          <Description>"m_turnRate"</Description>
          <VariableType>Float</VariableType>
          <Address>+9C</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>31</ID>
          <Description>"m_jumpsomething"</Description>
          <VariableType>Float</VariableType>
          <Address>+A0</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>32</ID>
          <Description>"unk // m_spline?"</Description>
          <VariableType>Float</VariableType>
          <Address>+A4</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>34</ID>
          <Description>"some_timestamp"</Description>
          <ShowAsHex>1</ShowAsHex>
          <VariableType>4 Bytes</VariableType>
          <Address>+A8</Address>
        </CheatEntry>
      </CheatEntries>
    </CheatEntry>
  </CheatEntries>
  <UserdefinedSymbols/>
</CheatTable>
```

That CETable shows the player movement struct via the pointer chain mentioned previously which look to be correct.




> Edit 2: (Sorry for asking too many questions, but I'm 2 lazy to create another thread for this) Is it possible to turn player without manually constructing packets and sending them? CTM is out of question because it's total bugfest in vanilla (using 0x2 Face doesn't face the target, but north for some reason) I've tried to use the function at 0x7c6f30 but it's rotating in totally random directions when I call it...


see "m_facing" in above struct.

Also that function is not a player class function, its a movement class function:



```
007C6F30  void __thiscall CMovement::SetFacing(CMovement *this, float facing)
```



```
void __thiscall CMovement::SetFacing(CMovement *this, float facing)
{
  CMovement *l_this; // [email protected]
  int v3; // [email protected]

  l_this = this;
  if ( fabs(facing - *&this->baseclass_0.m_facing) >= 0.00000095367432 )
  {
    *&this->baseclass_0.m_facing = facing;
    v3 = this->baseclass_0.m_moveFlags;
    if ( !(BYTE1(v3) & 0x20) )
      CMovement::UpdateAnchors(this, 0.0);
  }
  l_this->baseclass_0.m_moveFlags &= 0xFFFFFFCF;
}
```

edit: tutrakan beat me to my last edit.

----------


## tutrakan

> ...
> EDIT: Nope, even from main thread it turns me to north every time... Am I defining it right?
> 
> 
> ```
> typedef void(__thiscall *tTurn) (DWORD playerbase, float *angle);
> ```


You are defining it right (except the 2nd param), but not naming it right for example:

```
void __thiscall CMovement::SetFacing(CMovement *this, float angle)

or if you want a spoon feed, you have just to do this in c++:
((void*(__thiscall*)(int, float))0x007C6F30)(Player::GetBaseAddress() + 0x9A8, your_angle_in_radians_here);
```

So, instead of passing the player pointer you have to pass the cmovement pointer for that player/unit as 1-st param and of course the second param is a value and not a pointer.

He-he, danwins edited at the same time i answered too.

----------


## wowwac

Thank you very much guys, it's working now... The issue was that I was not sending the angle directly, but rather the pointer to the angle... I guess I just missed it when I reversed it... Also the name "playerbase" was just first thing I came up with because I'm a lazy fuck and didn't bother finding out what it acutally was, but I was calling it like this


```
_Turn(Player::GetBaseAddress() + Offsets::TurnOffset, &angle);
```

where Offsets::TurnOffset was 0x9a8, so the pointer was correct... I guess I should rename my offsets because it's getting messy af

Also @danwins tyvm, the offsets are working for me now, I guess I'm a retard... It was also 3am when I tried it so that didn't help either...

----------


## doctorbeefy

DarkLinux,

I see 0x005DF2F0 is the address for looting NPCs while moving but it seems that Herbs and Chests are under a different address. Do you have any idea what this address is?

also sorry about my low post count I rarely post here as I am just getting into this stuff.

----------


## wowwac

> DarkLinux,
> 
> I see 0x005DF2F0 is the address for looting NPCs while moving but it seems that Herbs and Chests are under a different address. Do you have any idea what this address is?
> 
> also sorry about my low post count I rarely post here as I am just getting into this stuff.


You mean 0x5F8660? I use that for right clicking/looting objects...

----------


## doctorbeefy

0x005DF2F0 is the check for if standing still while looting or not

----------


## excalipop

Hello,
Someone would have the offset PLAYER_SKILL please ,
I can't see my actual level in herbalism .
I program bot to pick up for vanilla

Thank you / Merci d avance  :Wink: 

----------------------------------------------------------
I found !!  :Wink:  thx

----------


## Corthezz

> Hello,
> Someone would have the offset PLAYER_SKILL please ,
> I can't see my actual level in herbalism .
> I program bot to pick up for vanilla
> 
> Thank you / Merci d avance 
> 
> ----------------------------------------------------------
> I found !!  thx


Btw: ZzukBot_V3/Skills.cs at b7396ebd4a1738928ac3a0200b5b28ea414e06de . Zz9uk3/ZzukBot_V3 . GitHub

----------


## Saridormi

Been a while since I posted, here is CSimpleCamera.

Can anyone confirm that +4h is m_scene (and what it points to?)



```
struct CSimpleCamera
{
    int32_t* m_scene; // untested
    NTempest::C3Vector m_position;
    NTempest::C33Matrix m_facing;
    float m_nearZ;
    float m_farZ;
    float m_fov;
    float m_aspect;

    virtual double FOV() = 0;
    virtual NTempest::C3Vector* Forward(NTempest::C3Vector* result) = 0;
    virtual NTempest::C3Vector* Right(NTempest::C3Vector* result) = 0;
    virtual NTempest::C3Vector* Up(NTempest::C3Vector* result) = 0;
};
```

Also, does anyone know how to convert the co-ordinates from WorldToScreen to pixel coords that DirectX can use? Right now I'm doing 



```
x = static_cast<uint32_t>(viewport.Width * (x / 0.78f));
y = static_cast<uint32_t>(viewport.Height - viewport.Height * (y / 0.625f));
```

which gives me a result that's accurate enough for my needs in 4:3 but is completely wrong at other resolutions. I'd really like to be able to do this properly  :Smile:

----------


## danwins

> Been a while since I posted, here is CSimpleCamera.
> 
> Can anyone confirm that +4h is m_scene (and what it points to?)
> 
> 
> 
> ```
> struct CSimpleCamera
> {
> ...


Fairly sure this has been discussed in an earlier post in this thread:



```
00483EE0                         CGWorldFrame__GetScreenCoordinates
0041AD80                         NDCToDDC
0041ADE0                         DDCToNDC
```

----------


## Saridormi

> Fairly sure this has been discussed in an earlier post in this thread:
> 
> 
> 
> ```
> 00483EE0                         CGWorldFrame__GetScreenCoordinates
> 0041AD80                         NDCToDDC
> 0041ADE0                         DDCToNDC
> ```


Thanks! I'll take a look at those tomorrow.

Fortunately I managed to find the multipliers that I needed so I have perfect World to Screen now  :Smile: 



```
Vector2i NormaliseScreenCoords(NTempest::C2Vector vec)
{
    D3DVIEWPORT9 viewport;
    device->GetViewport(&viewport);

    // fov modifiers
    const auto x_modifier = *reinterpret_cast<float*>(0x832a44);
    const auto y_modifier = *reinterpret_cast<float*>(0x832a48);

    const auto normalised_x = viewport.Width * (vec.x / x_modifier);
    const auto normalised_y = viewport.Height - viewport.Height * (vec.y / y_modifier);

    return Vector2i(normalised_x, normalised_y);
}
```

----------


## badusername1234

Any information regarding Lights Hope anti-cheat?

I had an account banned yesterday, I teleported around the map a lot - Not actually sure what tripped it because I was doing it for ages before it triggered

Also, CTM enabled is at 0x718A630 (byte), 1 to enable, 0 to disable

----------


## duanyiemo3

hi guys. i want make a program like MultiHack.exe . it can port player to anywhere. first i find player's x y z base address . and i try to change the address.but it not work.
What else do I need to do next to make it work?

----------


## danwins

> Any information regarding Lights Hope anti-cheat?
> 
> I had an account banned yesterday, I teleported around the map a lot - Not actually sure what tripped it because I was doing it for ages before it triggered
> 
> Also, CTM enabled is at 0x718A630 (byte), 1 to enable, 0 to disable


I'd be extremely surprised if you didn't get detected using a telehack.




> hi guys. i want make a program like MultiHack.exe . it can port player to anywhere. first i find player's x y z base address . and i try to change the address.but it not work.
> What else do I need to do next to make it work?


Struct:



```
struct CMovementData
{
  TSLink moveLink;
  TSLink transportLink;
  C3Vector m_position;
  int m_facing;
  int m_pitch;
  C3Vector m_groundNormal;
  __int64 m_guid;
  __int64 m_transportGUID;
  int m_moveFlags;
  C3Vector m_anchorPosition;
  int m_anchorFacing;
  int m_anchorPitch;
  int m_moveStartTime;
  C3Vector m_direction;
  C2Vector m_direction2d;
  int m_cosAnchorPitch;
  int m_sinAnchorPitch;
  int m_fallStartTime;
  int m_fallStartElevation;
  int field_80;
  int m_currentSpeed;
  int m_walkSpeed;
  int m_runSpeed;
  int m_runBackSpeed;
  int m_swimSpeed;
  int m_swimBackSpeed;
  int m_turnRate;
  int m_jumpVelocity;
  CMoveSpline *m_spline;
  int some_timestamp;
};
```



CE Table:



```
<?xml version="1.0" encoding="utf-8"?>
<CheatTable CheatEngineTableVersion="26">
  <CheatEntries>
    <CheatEntry>
      <ID>0</ID>
      <Description>"ActivePlayer -&gt; MovementData"</Description>
      <ShowAsHex>1</ShowAsHex>
      <VariableType>4 Bytes</VariableType>
      <Address>00C7BCD4</Address>
      <Offsets>
        <Offset>0</Offset>
        <Offset>118</Offset>
        <Offset>28</Offset>
        <Offset>88</Offset>
      </Offsets>
      <CheatEntries>
        <CheatEntry>
          <ID>7</ID>
          <Description>"m_position.x"</Description>
          <VariableType>Float</VariableType>
          <Address>+10</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>1</ID>
          <Description>"m_position.y"</Description>
          <VariableType>Float</VariableType>
          <Address>+14</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>2</ID>
          <Description>"m_position.z"</Description>
          <VariableType>Float</VariableType>
          <Address>+18</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>3</ID>
          <Description>"m_facing"</Description>
          <VariableType>Float</VariableType>
          <Address>+1C</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>33</ID>
          <Description>"m_pitch"</Description>
          <VariableType>Float</VariableType>
          <Address>+20</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>5</ID>
          <Description>"m_transportGUID"</Description>
          <ShowAsHex>1</ShowAsHex>
          <VariableType>8 Bytes</VariableType>
          <Address>+38</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>6</ID>
          <Description>"m_moveFlags"</Description>
          <ShowAsHex>1</ShowAsHex>
          <VariableType>4 Bytes</VariableType>
          <Address>+40</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>8</ID>
          <Description>"m_anchorPosition.x"</Description>
          <VariableType>Float</VariableType>
          <Address>+44</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>9</ID>
          <Description>"m_anchorPosition.y"</Description>
          <VariableType>Float</VariableType>
          <Address>+48</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>10</ID>
          <Description>"m_anchorPosition.z"</Description>
          <VariableType>Float</VariableType>
          <Address>+4C</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>11</ID>
          <Description>"m_anchorFacing"</Description>
          <VariableType>Float</VariableType>
          <Address>+50</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>12</ID>
          <Description>"m_anchorPitch"</Description>
          <VariableType>Float</VariableType>
          <Address>+54</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>13</ID>
          <Description>"m_moveStartTime"</Description>
          <ShowAsHex>1</ShowAsHex>
          <VariableType>4 Bytes</VariableType>
          <Address>+58</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>14</ID>
          <Description>"m_direction.x"</Description>
          <VariableType>Float</VariableType>
          <Address>+5C</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>15</ID>
          <Description>"m_direction.y"</Description>
          <VariableType>Float</VariableType>
          <Address>+60</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>16</ID>
          <Description>"m_direction.z"</Description>
          <VariableType>Float</VariableType>
          <Address>+64</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>17</ID>
          <Description>"m_direction2d.x"</Description>
          <VariableType>Float</VariableType>
          <Address>+68</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>18</ID>
          <Description>"m_direction2d.y"</Description>
          <VariableType>Float</VariableType>
          <Address>+6C</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>19</ID>
          <Description>"m_cosAnchorPitch"</Description>
          <VariableType>Float</VariableType>
          <Address>+70</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>20</ID>
          <Description>"m_sinAnchorPitch"</Description>
          <VariableType>Float</VariableType>
          <Address>+74</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>21</ID>
          <Description>"m_fallStartTime"</Description>
          <ShowAsHex>1</ShowAsHex>
          <VariableType>4 Bytes</VariableType>
          <Address>+78</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>22</ID>
          <Description>"m_fallStartElevation"</Description>
          <VariableType>Float</VariableType>
          <Address>+7C</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>23</ID>
          <Description>"unk"</Description>
          <ShowAsHex>1</ShowAsHex>
          <VariableType>4 Bytes</VariableType>
          <Address>+80</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>24</ID>
          <Description>"m_currentSpeed"</Description>
          <VariableType>Float</VariableType>
          <Address>+84</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>25</ID>
          <Description>"m_walkSpeed"</Description>
          <VariableType>Float</VariableType>
          <Address>+88</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>26</ID>
          <Description>"m_runSpeed"</Description>
          <VariableType>Float</VariableType>
          <Address>+8C</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>27</ID>
          <Description>"m_reverseRunSpeed"</Description>
          <VariableType>Float</VariableType>
          <Address>+90</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>28</ID>
          <Description>"m_swimSpeed"</Description>
          <VariableType>Float</VariableType>
          <Address>+94</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>29</ID>
          <Description>"m_reverseSwimSpeed"</Description>
          <VariableType>Float</VariableType>
          <Address>+98</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>30</ID>
          <Description>"m_turnRate"</Description>
          <VariableType>Float</VariableType>
          <Address>+9C</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>31</ID>
          <Description>"m_jumpsomething"</Description>
          <VariableType>Float</VariableType>
          <Address>+A0</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>32</ID>
          <Description>"unk // m_spline?"</Description>
          <VariableType>Float</VariableType>
          <Address>+A4</Address>
        </CheatEntry>
        <CheatEntry>
          <ID>34</ID>
          <Description>"some_timestamp"</Description>
          <ShowAsHex>1</ShowAsHex>
          <VariableType>4 Bytes</VariableType>
          <Address>+A8</Address>
        </CheatEntry>
      </CheatEntries>
    </CheatEntry>
  </CheatEntries>
  <UserdefinedSymbols/>
</CheatTable>
```

As i said above, Expect to be banned trying to teleport this way.

----------


## badusername1234

> I'd be extremely surprised if you didn't get detected using a telehack.


But I don't get detected when I use it for normal teleporting (it's a heartbeat teleporter, not a nub xyz changer) - the detection only happens if I teleport around the map, visiting every town/village

I can teleport huge distances with it and be absolutely fine, it always bans me before I complete full map coverage though... It's as if they have some kind of threshold for strange movements and they've set it ridiculously high to avoid false positives

----------


## Saridormi

> But I don't get detected when I use it for normal teleporting (it's a heartbeat teleporter, not a nub xyz changer) - the detection only happens if I teleport around the map, visiting every town/village
> 
> I can teleport huge distances with it and be absolutely fine, it always bans me before I complete full map coverage though... It's as if they have some kind of threshold for strange movements and they've set it ridiculously high to avoid false positives


My immediate guess would be they're tracking area changes. Try teleporting back and forth between points in the same area, and if you don't get banned, try porting between different areas.

----------


## badusername1234

> My immediate guess would be they're tracking area changes. Try teleporting back and forth between points in the same area, and if you don't get banned, try porting between different areas.


Yeah I actually have a feeling that they're tracking discovery of zones. Makes sense if you think about it, you could detect all explore hacks that way regardless of how each one internally works

----------


## Jadd

I recalled something about this from a few months ago so I looked in some chats of mine:
[3:30 AM] Jadd: I noticed that there would be an "UnknownCheat" alert if you teleport into an area trigger or discover part of the map if no moveflags are set in the teleport.

Maybe that helps.  :Smile:

----------


## tutrakan

> I recalled something about this from a few months ago so I looked in some chats of mine:
> [3:30 AM] Jadd: I noticed that there would be an "UnknownCheat" alert if you teleport into an area trigger or discover part of the map if no moveflags are set in the teleport.
> 
> Maybe that helps.


I didn't get that one. Would you indicate me where the player movement flags are exactly checked for cheat?

Here is the trinity github handling the area trigger opcode: TrinityCore/MiscHandler.cpp at master . TrinityCore/TrinityCore . GitHub

Thanks.

----------


## Saridormi

> I didn't get that one. Would you indicate me where the player movement flags are exactly checked for cheat?
> 
> Here is the trinity github handling the area trigger opcode: TrinityCore/MiscHandler.cpp at master . TrinityCore/TrinityCore . GitHub
> 
> Thanks.


Why are you looking at TrinityCore?

----------


## tutrakan

> Why are you looking at TrinityCore?


because they are all the same:
server/MiscHandler.cpp at master . mangoszero/server . GitHub
there you are. This one was harder to find, but is the same thing.
Guys, i asked a simple question. Don't try to screw all this up please!

----------


## Jadd

> because they are all the same


That's a negative. Light's Hope has additional detection for movement cheats etc. And it's closed source, so no, I can't link you a reference.

----------


## Saridormi

> because they are all the same:


this isn't true at all, you can't just look at open source emulator code to figure out what a specific server is doing

----------


## dreadcraft

Hey gents, quick question I was hoping you all could help out with.

For 1.12 - I'm writing an out of process bot in python for shits and gigs. 
I am using the red error text aka *CGGameUI__s_lastErrorString* to see when I have certain UI issues going on.
But the game leaves the last string sitting at that address until the next error occurs, so it's hard to tell if this error is relevant.
Without hooking into any functions, would you know a way to make that determination?
I see that WoW!Sharp used the same address to detect ui errors but it would wipe it down afterwards by writing an arbitrary string to it ("You are Dead").
Is writing over the address after I have grabbed the error a safe solution? 
Would elysium's warden detect me writing an empty byte string to *CGGameUI__s_lastErrorString* ?

Thanks in advance

----------


## tutrakan

> this isn't true at all, you can't just look at open source emulator code to figure out what a specific server is doing


I was talking about the open source ones that have a lot of similarities.

Beside that, you both have a very good point, i didn't think about these custom anti cheats when i asked my question.

----------


## Saridormi

> Hey gents, quick question I was hoping you all could help out with.
> 
> For 1.12 - I'm writing an out of process bot in python for shits and gigs. 
> I am using the red error text aka *CGGameUI__s_lastErrorString* to see when I have certain UI issues going on.
> But the game leaves the last string sitting at that address until the next error occurs, so it's hard to tell if this error is relevant.
> Without hooking into any functions, would you know a way to make that determination?
> I see that WoW!Sharp used the same address to detect ui errors but it would wipe it down afterwards by writing an arbitrary string to it ("You are Dead").
> Is writing over the address after I have grabbed the error a safe solution? 
> Would elysium's warden detect me writing an empty byte string to *CGGameUI__s_lastErrorString* ?
> ...


If you're writing memory you're not exactly "out of process" anymore :P

That said, if WoW never writes an empty string there then they *could* detect it, but I'd be surprised if they bothered seeing as they'd essentially have to track changes to it.

----------


## dreadcraft

Right you are Saridormi, none of my code currently does any memory writes, just reading.
For this occasion only I was considering it but I would rather not have to.
I just haven't come up with a better solution yet.
Thank you for your input.

----------


## Saridormi

> Right you are Saridormi, none of my code currently does any memory writes, just reading.
> For this occasion only I was considering it but I would rather not have to.
> I just haven't come up with a better solution yet.
> Thank you for your input.


I don't have anything off the top of my head but if I were to try and track it down, I'd maybe look for the timeout that gets set when the error message is shown.

Red errors appear on screen and fade out after a certain amount of time, so my guess is there's a member _somewhere_ that tracks that.

----------


## badusername1234

char __fastcall CGWorldMap::GetWorldPosition(float* inPos, int mapid, float *outX, float* outY) is at 0x4a7360, it converts world coordinates (inPos) to 0-1 range map coordinates

does anyone have the function that does the inverse to this?

Edit: Oh I think I've found it at 0x4a7100 - the coordinates are weird though... I think I'm gonna need to read the area dbc to get this working?

----------


## tutrakan

> char __fastcall CGWorldMap::GetWorldPosition(float* inPos, int mapid, float *outX, float* outY) is at 0x4a7360, it converts world coordinates (inPos) to 0-1 range map coordinates
> 
> does anyone have the function that does the inverse to this?
> 
> Edit: Oh I think I've found it at 0x4a7100 - the coordinates are weird though... I think I'm gonna need to read the area dbc to get this working?


I couldn't find such a func. It seems that you have to calculate it by yourself:

```
[StructLayout(LayoutKind.Sequential)]
public unsafe struct WowClientDB_Zone
{
    public Zone* m_records;
    public int m_numRecords;
    public Zone** m_recordsById;
    public int m_maxID; 
    public int m_loaded;
};

[StructLayout(LayoutKind.Sequential)]
public unsafe struct Zone
{
    public int Id;
    public int MapId;
    public int AreaId;
    public sbyte* InternalName;
    public float Left;
    public float Right;
    public float Top;
    public float Bottom;
};

[UnmanagedFunctionPointer(CallingConvention.StdCall)]
public delegate int GetMapAreaFromPos(float x, float y);
public static GetMapAreaFromPos _getMapAreaFromPos = Marshal.GetDelegateForFunctionPointer<GetMapAreaFromPos>((IntPtr)0x004A6EC0);

public static C3Vector MapToWorld(C2Vector map)
{
  	var ret = new C3Vector();

	var zoneid = _getMapAreaFromPos(map.X, map.Y);

	var zonedb = (WowClientDB_Zone*)0x00C0D5B4;

	if (zoneid >= 0 && zoneid <= zonedb->m_maxID)
	{
		var zone = zonedb->m_recordsById[zoneid];
		if (zone != null)
		{
			ret.X = zone->Top + map.Y * (zone->Bottom - zone->Top);
                        ret.Y = zone->Left + map.X * (zone->Right - zone->Left);
                        ret.Z = 25f;   // todo - FindMeshHeight
		}
	}
	return ret;
}
```

----------


## badusername1234

Not sure what the full enum is but some flags I've just found:

7 = yellow ? mark (you can hand in a quest)
5 = yellow ! mark (npc has a quest for you)
3 = silver ? mark (you have a quest in progress here)
1 = silver ! (quest too high level)

----------


## youyanruyu

I try to implement superfly hack with click-to-move in my bot, then find out that the pitch of character isn't used while walking. So it will only walk horizontally in air.
Looking for a solution to make it walk in air properly as if it is on a slope. Any ideas?
(Using air-swim hack with some fixes works fine, except it's slow speed.)

----------


## danwins

> I try to implement superfly hack with click-to-move in my bot, then find out that the pitch of character isn't used while walking. So it will only walk horizontally in air.
> Looking for a solution to make it walk in air properly as if it is on a slope. Any ideas?
> (Using air-swim hack with some fixes works fine, except it's slow speed.)


Can't you just modify the swim speed to match your walking speed? I'm pretty sure setting swim state is the only way to "fly" properly on 1.12.1, check on the last page i posted a CETable with the movement struct including swim speed..

----------


## youyanruyu

> Can't you just modify the swim speed to match your walking speed? I'm pretty sure setting swim state is the only way to "fly" properly on 1.12.1, check on the last page i posted a CETable with the movement struct including swim speed..


Pretty agree with your opinion that setting swim state is the only proper way. I realized that classic wow client itself doesn't implement any free fly function locally.
Why didn't I try to change swim speed? Some posts had mentioned that local speed of player is scanned by warden so I'm not sure if it's safe to do that. 
Anyway, I'm trying to do more modifications to make it swim locally at running speed, and change swim packets to run packets before sending them.

----------


## danwins

They may scan the static speed presets to make sure you have not modified them but i don't believe they scan the global speed variable, or if they do there is some wiggle room for how strict it is, for example, the default value is 7.5, but you can set it to about 10-12 before you get disconnected.

Also I've not seen any servers ban for this, tho things may have changed, usually they will just disconnect you.

----------


## dreadcraft

*Indoors Offset:*


```
// offset is boolean, 1 == local player is indoors, 0 == local player might be outdoors but isn't necessarily so
// where WoW.exe = 0x400000 or your wow module base address
WoW.exe + 0x468608
WoW.exe + 0x706D44
WoW.exe + 0x8EAA60
WoW.exe + 0x7C8300
```

Just thought I would share this quick tidbit lads. I couldn't find an equivalent for 1.12 by searching so I thought I would share.
I'm using it to allow my bot to mount in BG's. 
It's not perfect for this but if you add some additional checks, eg. track the distance you've covered since you were last indoors, it can be useful.
You can probably also use it for casting entangling roots and using travel form, etc.

Unfortunately I don't have any version of IDA or HexRays so I can't tell you exactly which of these offsets relates to what, but personally I am using 0x468608 as it is updated most frequently by the client in my tests. If someone has a better alternative to these or more information from an IDB please feel free to piggy-back.

----------


## badusername1234

> ```
> 0 == local player might be outdoors but isn't necessarily so
> ```


i heard rand() is pretty good too

----------


## danwins

> *Indoors Offset:*
> 
> 
> ```
> // offset is boolean, 1 == local player is indoors, 0 == local player might be outdoors but isn't necessarily so
> // where WoW.exe = 0x400000 or your wow module base address
> WoW.exe + 0x468608
> WoW.exe + 0x706D44
> WoW.exe + 0x8EAA60
> ...




```
WoW.exe + 0x468608 s_indoors     // HandleIndoorZoneChange
WoW.exe + 0x706D44               // sound ambience related
WoW.exe + 0x8EAA60 s_isInside    // used for minimap stuff
WoW.exe + 0x7C8300               // also minimap related referenced in CGMinimapFrame::Render
```

----------


## zsuperman

Never mind

----------


## xashh

anybody got any tips for finding lua_setfield? im thinking of trying to search for xrefs to something like lua_pushcclosure and looking at functions that r called after it

nevermind! i just read about it in the lua docs and ill just use something like this guy instead


```
  void setfield (const char *index, int value) {
      lua_pushstring(L, index);
      lua_pushnumber(L, (double)value/MAX_COLOR);
      lua_settable(L, -3);
    }
```

Programming in Lua : 25.1

----------


## DarkLinux

```
LoadModel = 0x00706A50
...
BoxCollide = 0x006AC060
CurrentBoundingBox = 0x00C4E5A0
BoxCollide_CollisionInfo = 0x00BE0F54
```

Has anyone gotten BoxCollide to work? I think I have the correct offsets. Going to look into it more, just seeing if anyone else has it working.

----------


## boipus

Anyone able to shed some more light on world2screen? It seems the x position is correct but the y is doing weird stuff. 

Please excuse the mess - still just trying to get it working. Also if anyone has an easy way to get the wow window that would be helpful - im currently using GetActiveWindow() so if i alt tab the drawing stops. 



```
static auto const WorldToScreen = reinterpret_cast<bool(__thiscall *)(
	DWORD framePtr, C3Vector* c3Struct, C3Vector* c2Struct)>(Offsets::FunctionOffsets::WorldToScreen); // 0x483EE0
```



```
		if (liteMgrr->Target != NULL) {
			
			C3Vector targetPos;
			auto targLoc = liteMgrr->Target->GetLocation();
			targetPos.x = *targLoc.X;
			targetPos.y = *targLoc.Y;
			targetPos.z = *targLoc.Z;

			drawVector = WorldToScreen(framePtr, &targetPos, &drawPos);

			RECT windowRect;

			bool findScreen = GetWindowRect(GetActiveWindow(), &windowRect);
			if (findScreen  && drawVector) {
				float width = windowRect.right - windowRect.left; // left is always zero
				float height = windowRect.bottom - windowRect.top; // top is always zero

				drawPos.x = (drawPos.x * width); // This seems right, it is really close
				drawPos.y = height -(drawPos.y * (height *2)); // This is the closest
                                //drawPos.y = height -(drawPos.y * height); // This initially looked like the inverse
                                // Draw code happens later but same frame
			}
			else {
				drawVector = false;
			}
		}
```

After looking at some snippets for later expacs (Jadds is floating around), I went looking and have found DDCToNDC at 0x41ADE0, but am still looking into it - the function in 1.12.1 seems different. 

Untitled.jpg

----------


## Icesythe7

> ~snip~ 
> 
> Untitled.jpg


don't use get window rect that will throw it off you should be using getclientrect something like this



```

private static bool SetOverlayPosition(string appName)        {            var hwnd = Process.GetProcessesByName(appName).FirstOrDefault().MainWindowHandle;            if (hwnd == IntPtr.Zero) return false;            GetClientRect(hwnd, out var test);            var top = new Point();            ClientToScreen(hwnd, ref top);            Overlay.Resize(top.X, top.Y, test.Right - test.Left, test.Bottom - test.Top);            return true;        } 


```

notice with getclientrect it properly overlays the window without the tittlebars (the red lines are the fake overlay window borders 


notice the difference here with getwindowrect it gets the tittlebar and the invisible borders from windows 10


iswindowtopmost maybe would be better u can use the main window handle like the above code does for this (idk how ur overlaying so this may always return false because of ur overlay window u will have to test)



```

[DllImport("user32.dll", SetLastError=true)]static extern int GetWindowLong(IntPtr hWnd, int nIndex);const int GWL_EXSTYLE = -20;const int WS_EX_TOPMOST = 0x0008;public static bool IsWindowTopMost(IntPtr hWnd){    int exStyle = GetWindowLong(hWnd, GWL_EXSTYLE);    return (exStyle & WS_EX_TOPMOST) == WS_EX_TOPMOST;} 


```

----------


## boipus

Got it fixed, two issues in the end. 

1. As Icesythe7 said getwindowrect was off - got the hWnd from (LPDIRECT3DDEVICE9)pDevice->GetCreationParameters
2. DDCtoNDC seems to fix the rest of the allignment issues 



```
// at 0x41ADE0
void __fastcall DDCToNDC(float *pfParm1,float *pfParm2,float param_1,float param_2)

{
  if (pfParm1 != (float *)0x0) {
    *pfParm1 = param_1 / _DAT_00832a44;
  }
  if (pfParm2 != (float *)0x0) {
    *pfParm2 = param_2 / _DAT_00832a48;
  }
  return;
}
```

and if anyone else needs a template for world to screen



```
// uint __thiscall GetScreenCoordinates(int iParm1,float param_1,float *param_2) // 1.12.1 
drawVector = WorldToScreen(framePtr, &targetPos, &drawPos);

RECT windowRect;

bool noVal = GetClientRect(clientHwnd, &windowRect);
if (noVal && drawVector) {
	float x, y;
	DDCToNDC(&x, &y, drawPos.x, drawPos.y);
	float width = windowRect.right - windowRect.left;
	float height = windowRect.bottom - windowRect.top;

	drawPos.x = (x * width);
	drawPos.y = height -(y * height);
}
```

fixed.jpg

----------


## Icesythe7

hmm I'm having a hard time with this function aswell



```
	ImVec2 WorldToScreen(Reclass::Vector3 inPos)
	{
		auto io = ImGui::GetIO();
		ImVec2 tempOut;
		if (reinterpret_cast<bool(__thiscall*)(uintptr_t framePtr, Reclass::Vector3* posIn, ImVec2* screenPosOut)>(0x483EE0)(*reinterpret_cast<uintptr_t*>(0xB4B2BC), &inPos, &tempOut))
		{
			tempOut.x = tempOut.x / 0.8715755343 * io.DisplaySize.x;
			tempOut.y = io.DisplaySize.y - tempOut.y / 0.4902612269 * io.DisplaySize.y;
			return tempOut;
		}
		return ImVec2(-1, -1);
	}
```

nvm had an address wrong is working now ^ (if u dont want to use ddctondc)

----------


## someone_else

full python 3 implementation of a world to screen viewer of game object coordinates for version 1.12.1
it might not work for other resolutions than 1920x1080  :Frown: 



```
"""
Made for wow 1.12.1.5875, python>=3.6

````sh
$ pip install pypiwin32==224 Pymem==1.0 psutil mss numpy matplotlib
```

# Links

### Fishbot
https://github.com/WowDevs/Fishbot-1.12.1/blob/fd3855845ae12e32ca5477526017b0b9ee680b9c/FishBot%201.12.1/GUI/MainWindow.cs
https://github.com/WowDevs/Fishbot-1.12.1/blob/fd3855845ae12e32ca5477526017b0b9ee680b9c/FishBot%201.12.1/Helpers/Offsets.cs?ts=4
https://github.com/WowDevs/Fishbot-1.12.1/blob/fd3855845ae12e32ca5477526017b0b9ee680b9c/FishBot%201.12.1/Hook/Hook.cs?ts=4

### WowObjects / offsets
https://www.ownedcore.com/forums/world-of-warcraft/world-of-warcraft-bots-programs/wow-memory-editing/208754-guide-kind-of-how-i-handle-objects.html
https://www.ownedcore.com/forums/world-of-warcraft/world-of-warcraft-bots-programs/wow-memory-editing/328263-wow-1-12-1-5875-info-dump-thread-3.html#post2436167
https://www.ownedcore.com/forums/world-of-warcraft/world-of-warcraft-bots-programs/wow-memory-editing/328263-wow-1-12-1-5875-info-dump-thread-29.html#post3680708
https://www.ownedcore.com/forums/world-of-warcraft/world-of-warcraft-bots-programs/wow-memory-editing/328263-wow-1-12-1-5875-info-dump-thread-38.html#post3859175

# world to screen
### First attempt
https://www.ownedcore.com/forums/world-of-warcraft/world-of-warcraft-bots-programs/wow-memory-editing/599004-world-screen.html#post3661355

### Second attempt
https://www.ownedcore.com/forums/world-of-warcraft/world-of-warcraft-bots-programs/wow-memory-editing/535748-world-screen.html#post3347571

### Third Attempt
https://www.ownedcore.com/forums/world-of-warcraft/world-of-warcraft-bots-programs/wow-memory-editing/271612-world-screen.html#post1754193

### Misc
https://www.ownedcore.com/forums/world-of-warcraft/world-of-warcraft-bots-programs/wow-memory-editing/328263-wow-1-12-1-5875-info-dump-thread-40.html#post4022185
https://www.ownedcore.com/forums/world-of-warcraft/world-of-warcraft-bots-programs/wow-memory-editing/544312-12-1-2016-bans-3.html#post3386119

"""

import numpy as np
import pymem
import psutil
import mss
import matplotlib.pyplot as plt

MAGIC_SCALE_FACTOR = 1 / 1.10 # TODO: Find the real formula
SCREEN_SIZE = 1920, 1080 # TODO: Find in memory

class Offset:
    player_name = 0x827D88
    obj_manager = 0x00741414
    camera = 0x0074B2BC

    class ObjectManager:
        first_obj = 0xAC

    class Object:
        type = 0x14
        next = 0x3C

    class GameObject:
        guid = 0x30
        name1 = 0x214
        name2 = 0x8
        xyz = 0x248

    class Camera:
        offset = 0x65B8
        xyz = 0x8
        facing = xyz + 3 * 4
        fov = xyz + 14 * 4
        aspect = xyz + 15 * 4

class WoW:
    def __init__(self, pid=None):
        if pid is None:
            pid, = [ps.pid for ps in psutil.process_iter() if ps.name() == 'WoW.exe']

        pm = pymem.Pymem()
        pm.open_process_from_id(pid)
        self.pid = pid
        self.pm = pm

        mod, = [mod for mod in pm.list_modules() if mod.name == 'WoW.exe']
        base_address = mod.lpBaseOfDll
        obj_mgr_addr = pm.read_uint(base_address + Offset.obj_manager)
        first_obj_addr = pm.read_uint(obj_mgr_addr + Offset.ObjectManager.first_obj)

        self.mod = mod
        self.base_address = base_address
        self.player_name = pm.read_string(self.base_address + Offset.player_name)
        self.first_obj_addr = first_obj_addr

    def pull_floats(self, addr, shape):
        a = np.empty(shape, 'float32')
        for i, idxs in enumerate(np.ndindex(*shape)):
            a[idxs] = self.pm.read_float(addr + i * 4)
        return a.astype('float64')

    def gen_objects(self):
        obj_addr = self.first_obj_addr
        while True:
            if not (obj_addr != 0 and obj_addr & 0x1 == 0):
                break
            yield obj_addr
            next_addr = self.pm.read_uint(obj_addr + Offset.Object.next)
            if next_addr == obj_addr:
                break
            obj_addr = next_addr

    def gen_game_objects(self):
        for obj_addr in self.gen_objects():
            if self.pm.read_int(obj_addr + Offset.Object.type) == 5:
                yield GameObject(self, obj_addr)

class Camera():
    def __init__(self, w):
        cam0 = w.pm.read_uint(w.base_address + Offset.camera)
        cam1 = w.pm.read_uint(cam0 + Offset.Camera.offset)

        self.xyz = w.pull_floats(cam1 + Offset.Camera.xyz, (3,))
        self.facing = w.pull_floats(cam1 + Offset.Camera.facing, (3, 3))
        self.fov = w.pull_floats(cam1 + Offset.Camera.fov, ())
        self.aspect = w.pull_floats(cam1 + Offset.Camera.aspect, ())
        self.size = np.asarray(SCREEN_SIZE)
        assert np.allclose(self.aspect, np.divide.reduce(self.size.astype(float)))

    def world_to_screen(self, xyz):
        diff = xyz - self.xyz
        """
        At this point:
        - Origin is the center of the screen
        - Unit vector is a yard long
        - Axes are right handed
               z-axis (sky)
                  ^
                  |  7 x-axis (north)
                  | /
         y-axis   |/
          <-------+
        (west)
        """

        view = diff @ np.linalg.inv(self.facing)
        """
        At this point:
        - Origin is the center of the screen
        - Unit vector is ~a yard long
        - Axes are right handed
               z-axis (top of the screen)
                  ^
                  |  7 x-axis (depth)
                  | /
         y-axis   |/
          <-------+
        (left of the screen)
        """

        cam = np.asarray([-view[1], -view[2], view[0]])
        """
        At this point:
        - Origin is the center of the screen
        - Unit vector is a yard long
        - Axes are right handed
            7 z-axis (depth)
           /
          /      x-axis
         +--------->
         |    (right of the screen)
         |
         |
         v  y-axis
        (bottom of the screen)
        """

        fov_x = (1 / (1 + 1 / self.aspect ** 2)) ** 0.5
        fov_y = fov_x / self.aspect
        fov_x *= self.fov
        fov_y *= self.fov
        fov_x *= MAGIC_SCALE_FACTOR

        screen_right_at_unit_depth = np.tan(fov_x / 2)
        screen_bottom_at_unit_depth = np.tan(fov_y / 2)

        screen_right_at_point_depth = screen_right_at_unit_depth * cam[2]
        screen_bottom_at_point_depth = screen_bottom_at_unit_depth * cam[2]

        screen = np.asarray([
            cam[0] / screen_right_at_point_depth,
            cam[1] / screen_bottom_at_point_depth,
        ])
        """
        At this point:
        - Origin is the center of the screen
        - Unit vector is half of the screen
                 x-axis
         +--------->
         |    (right of the screen)
         |
         |
         v  y-axis
        (bottom of the screen)
        """

        raster = self.size / 2 * (1 + screen)
        """
        At this point:
        - Origin is the top left of the screen
        - Unit vector is a pixel
                 x-axis
         +--------->
         |    (right of the screen)
         |
         |
         v  y-axis
        (bottom of the screen)
        """

        behind = cam[2] < 0
        in_fov = np.all(np.abs(screen) <= 1) and not behind
        return raster, in_fov, behind

class GameObject:
    def __init__(self, w, addr):
        assert w.pm.read_int(addr + Offset.Object.type) == 5
        self.addr = addr
        a = addr
        a += Offset.GameObject.name1
        a = w.pm.read_uint(a)
        a += Offset.GameObject.name2
        a = w.pm.read_uint(a)
        self.name = w.pm.read_string(a)
        self.xyz = w.pull_floats(addr + Offset.GameObject.xyz, (3,))

w = WoW()
cam = Camera(w)

print('  Snapping...')
with mss.mss() as sct:
    monitor = sct.monitors[1]
    img = sct.grab(monitor)
    img = np.asarray(img)[:, :, [2, 1, 0]]
    print('  Snaped!', img.shape)

fig = plt.figure()
ax = fig.add_subplot(111)
ax.imshow(img)

for go in list(w.gen_game_objects()):

    x, y, z = go.xyz
    ox = x - cam.xyz[0]
    dx = ['south', 'north'][int(ox > 0)]
    oy = y - cam.xyz[1]
    dy = ['east', 'west'][int(oy > 0)]

    print(f'{go.name:>30}: ('
          f'{ox:+7.2f}({dx})({x:<10.2f}), '
          f'{oy:+7.2f}({dy})({y:<10.2f}), '
          f'{z - cam.xyz[2]:+7.2f}({z:<10.2f})), '
    )

    (x, y), in_fov, behind = cam.world_to_screen(go.xyz)
    print('>', x, y, in_fov, behind)

    if in_fov:
        ax.annotate(go.name, xy=(x, y), xytext=(x - 150, y + 150),
            arrowprops=dict(facecolor='black', shrink=0.005))

plt.show()
plt.close('all')
```


Figure_wow.jpg

----------


## djanius

Hello guys. Please tell me how i can get the time that character spent in game? Maybe someone has the address where this data is stored.
Thank you in advance. And i apologize for my english.

----------


## Icesythe7

> Hello guys. Please tell me how i can get the time that character spent in game? Maybe someone has the address where this data is stored.
> Thank you in advance. And i apologize for my english.


I'm not positive but I would imagine that data is stored on the server, so you would have to just run an lua command or something similar to retrieve it.

----------


## nopz

Hey ! nice to see pymem beeing used here !

(btw I'm the author of pymem).

----------


## NoxiaZ

Hi, 
Anyone who can help with a function that can find the angle between the player and the target position. - What i want, is to figure out if the bot needs to go left or right to face its target, but i have actually no idea how to do that.

I have created the WorldToScreen function in C#, based on the python code, which is working perfectly.



```
public ScreenModel WorldToScreen(Vector3 unitPosition)
{
    var diff = unitPosition - Position;
    Matrix4x4 invertedMatrix;
    Matrix4x4.Invert(Facing, out invertedMatrix);
    var view = Vector3.Transform(diff, invertedMatrix);
    var cam = new Vector3(-view.Y, -view.Z, view.X);
    var fovx = Math.Pow((1 / (1 + 1 / Math.Pow(Aspect, 2))), 0.5);
    var fovy = fovx / Aspect;
    fovx *= Fov;
    fovy *= Fov;
    fovx *= 1 / 1.10;
    var screen_right_at_unit_depth = Math.Tan(fovx / 2);
    var screen_bottom_at_unit_depth = Math.Tan(fovy / 2);
    var screen_right_at_point_depth = screen_right_at_unit_depth * cam.Z;
    var screen_bottom_at_point_depth = screen_bottom_at_unit_depth * cam.Z;
    var screen = new Vector2((float)(cam.X / screen_right_at_point_depth), (float)(cam.Y / screen_bottom_at_point_depth));
    var raster = ScreenSize / 2 * (Vector2.One + screen);
    var behind = cam.Z < 0;
    var infov = Math.Abs(screen.X) <= 1 && Math.Abs(screen.Y) <= 1 && !behind;
    var model = new ScreenModel();
    model.Point = raster;
    model.IsBehind = behind;
    model.IsInFov = infov;
    return model;
}
```

----------


## namreeb

> Hi, 
> Anyone who can help with a function that can find the angle between the player and the target position. - What i want, is to figure out if the bot needs to go left or right to face its target, but i have actually no idea how to do that.
> 
> I have created the WorldToScreen function in C#, based on the python code, which is working perfectly.
> 
> 
> 
> ```
> public ScreenModel WorldToScreen(Vector3 unitPosition)
> ...


I don't think you need to do world-to-screen to make that decision. If you look at their position relative to yours you should be able to determine what angle you should be facing. And then you just figure out if turning right or left will get you to that orientation more quickly.

----------


## NoxiaZ

> I don't think you need to do world-to-screen to make that decision. If you look at their position relative to yours you should be able to determine what angle you should be facing. And then you just figure out if turning right or left will get you to that orientation more quickly.


Hi, i have been working on it for too long now, and i figured out that you right, no need for that, but yet im not able to get it.
But in the moment you wrote, i figured out what i needed, and found the angle of the player its looking at, and was able to find the dot product.

Thank you for you fast reply  :Smile:

----------


## NoxiaZ

Anyone who have success with getting the name of the player (Target) - I can get the name from NPC and Units, but i cant figure out how to get name from a player, anyone who can help with that?  :Smile:

----------


## Corthezz

> Anyone who have success with getting the name of the player (Target) - I can get the name from NPC and Units, but i cant figure out how to get name from a player, anyone who can help with that?


ZzukBot_V3/WoWUnit.cs at master . Zz9uk3/ZzukBot_V3 . GitHub

----------


## NoxiaZ

> ZzukBot_V3/WoWUnit.cs at master . Zz9uk3/ZzukBot_V3 . GitHub


Thank you  :Smile:

----------


## someone_else

> Hi, 
> Anyone who can help with a function that can find the angle between the player and the target position. - What i want, is to figure out if the bot needs to go left or right to face its target, but i have actually no idea how to do that.
> 
> I have created the WorldToScreen function in C#, based on the python code, which is working perfectly.
> 
> 
> 
> ```
> public ScreenModel WorldToScreen(Vector3 unitPosition)
> ...


Use atan2(target_coords_x - your_coords_x, target_coords_y - your_coords_y)

----------


## KKira

> ...


What library are you using for the overlay of the lines and text drawing?

----------


## Icesythe7

> What library are you using for the overlay of the lines and text drawing?


GitHub - ocornut/imgui: Dear ImGui: Bloat-free Immediate Mode Graphical User interface for C++ with minimal dependencies

comes with all the basic draw functions one would expect

----------


## xalcon

Holy shit, thats amazing, there is even a c# dotnet core wrapper for ImGui  :Big Grin:  I'm definitely going to play around with that.

----------


## Bogie

Hey,

this might be a stupid question, but - could anyone give me a hint on how to find the address of specific LUA functions?

For context - I'd like to find out whether the player is sitting or not. There's a lua function "SitOrStand", which I assume would allow me to reverse-engineer the condition.
I could probably just do a byte scan with CE or such to figure this out insteading of reversing the function, but I'd prefer to learn how to find this function in the first place.

I've done a string search for "SitOrStand", its defined in .data:0083EA7C, which in turn is referenced by .data:0083E278 .. but now I'm sitting here like a monkey, not a clue how to proceed - there don't seem to be any xrefs to either of these data segments. How would I go from here to actually finding out the implementation of this?

_edit: I've found that this is part of the unit flags for 1.12.1 - but the question still stands of course, would be interesting to see how to track down a LUA function_

Thanks!

----------


## krustx

open wow.exe in ghidra, ida or any other disassembler and search for your string.
some lua functions reference an error message like 'Usage: SpellTargetUnit("unit")', this reference leads you directly to into the function. 
Others (or all?) like SitOrStand are listed in a table of pointer pairs P1,P2 where P1 points to the function name and P2 points to the function:

P1 = 0083ea7c
P2 = 0048b920 i guess

I have only reversed some 3.3.5 stuff where SitOrStand was replaced by SitStandOrDescendStart. 
How ever, here is the decompiled part of the function for vanilla:


```
undefined4 UndefinedFunction_0048b920(void)
{
  int iVar1;
  undefined8 uVar2;
  undefined4 uVar3;
  
  uVar3 = 0x90;
  uVar2 = func_ClntObjMgrGetActivePlayerGUID(0x90);
  iVar1 = func_ClntObjMgrObjectPtr(uVar2,uVar3);
  if (iVar1 != 0) {
    if (*(char *)(*(int *)(iVar1 + 0x110) + 0x210) == '\0') { 
      FUN_005ed430(1);
      return 0;
    }
    FUN_005ed430(0);
  }
  return 0;
}
```

once you have identified some functions of the object manager, the reversing becomes more clear.
*(char *)(*(int *)(local_player_ptr + 0x110) + 0x210) should be what your looking for.

----------


## Bogie

> It's inside CGPlayer_C (or maybe CGUnit_C i can't remember), but for most cases you can just use tauren's height.


I know I'm about 4 years late to the party, but I was just looking for this myself and since I didn't see it posted here so far: I believe the unit's height is a float at BaseAddress + 0xA5C.

I'm using this for client side LOS "checks" (estimates) based on cmangos' VMAPs code, seems to work rather well so far.

----------


## Hareturtle

I've been trying to figure out a better quickloot by default patch. The one also described in this thread of patching 0x4c1ecf occasionally fails to autoloot on the first try, requiring a subsequent click. My best guess is that this is because a flag in Player struct gets confused; autoloot always checks if Player + 0x1d30 is true before autolooting and to reverse autoloot we change this to check that the flag is false, but occasionally it's probably getting stuck on true using this method. This is only a guess though, because I haven't found a consistent repro for the issue so it has proven difficult to debug.

As an alternative method, I have explored patching some frame event functions: OnRightClickUnit (0x0060bea0), OnRightClickObject (0x005f8660) and a third function that I call open_container_item (0x005edc80). Patching these functions seems to result in autolooting that never randomly fails. However, I have not yet found a corresponding function for pickpocketing and disenchanting.

Would anyone happen to know if there are event functions associated with these and how to find them? Any alternative ideas for making a better quickloot by default patch are also welcome.

----------


## danwins

> Hey,
> 
> this might be a stupid question, but - could anyone give me a hint on how to find the address of specific LUA functions?
> 
> For context - I'd like to find out whether the player is sitting or not. There's a lua function "SitOrStand", which I assume would allow me to reverse-engineer the condition.
> I could probably just do a byte scan with CE or such to figure this out insteading of reversing the function, but I'd prefer to learn how to find this function in the first place.
> 
> I've done a string search for "SitOrStand", its defined in .data:0083EA7C, which in turn is referenced by .data:0083E278 .. but now I'm sitting here like a monkey, not a clue how to proceed - there don't seem to be any xrefs to either of these data segments. How would I go from here to actually finding out the implementation of this?
> 
> ...


theres a huge array of lua handlers that get registered/unloaded using:



```
00704120 FrameScript_RegisterFunction
00704160 FrameScript_UnregisterFunction
```

relevant functions:



```
00490250 LoadScriptFunctions
00490CE0 UnloadScriptFunctions
```

called from:



```
0048FBF0 CGGameUI::Initialize
00490CD9 CGGameUI::Shutdown
```

struct:



```
struct Framescript_Method
{
  const char *m_name;
  void *m_method;
};
```

example:



```
int LoadScriptFunctions()
{
  unsigned int i; // esi

  RegisterSimpleFrameScriptMethods();
  CGTooltip::RegisterScriptMethods();
  CGMinimapFrame::RegisterScriptMethods();
  CGCharacterModelBase::RegisterScriptMethods();
  CGDressUpModelFrame::CreateScriptMetaTable();
  CGTabardModelFrame::RegisterScriptMethods();
  UNKNOWN_RegisterScriptFunctions();
  for ( i = 0; i < 216; ++i )
    FrameScript_RegisterFunction(s_framescriptMethods_00[i].m_name, s_framescriptMethods_00[i].m_method);
  UIBindingsRegisterScriptFunctions();
  UIMacrosRegisterScriptFunctions();
  InputControlRegisterScriptFunctions();
  CameraRegisterScriptFunctions();
  SoundRegisterScriptFunctions();
  SpellRegisterScriptFunctions();
  ScriptEventsRegisterFunctions();
  ActionBarRegisterScriptFunctions();
  BuffBarRegisterScriptFunctions();
  PartyInfoRegisterScriptFunctions();
  ChatRegisterScriptFunctions();
  SpellBookRegisterScriptFunctions();
  CharacterInfoRegisterScriptFunctions();
  LootInfoRegisterScriptFunctions();
  ItemTextRegisterScriptFunctions();
  GossipInfoRegisterScriptFunctions();
  QuestInfoRegisterScriptFunctions();
  QuestLogRegisterScriptFunctions();
  CGTaxiMap::RegisterScriptFunctions();
  ClassTrainerRegisterScriptFunctions();
  TradeSkillRegisterScriptFunctions();
  MerchantRegisterScriptFunctions();
  TradeInfoRegisterScriptFunctions();
  ContainerRegisterScriptFunctions();
  BankRegisterScriptFunctions();
  FriendList::RegisterScriptFunctions();
  PetInfoRegisterScriptFunctions();
  CraftInfoRegisterScriptFunctions();
  WorldMapRegisterScriptFunctions();
  ReputationInfoRegisterScriptFunctions();
  TabardCreationRegisterScriptFunctions();
  GuildRegistrarRegisterScriptFunctions();
  DuelInfoRegisterScriptFunctions();
  TutorialRegisterScriptFunctions();
  PetitionInfoRegisterScriptFunctions();
  SkillInfoRegisterScriptFunctions();
  GuildInfoRegisterScriptFunctions();
  MailInfoRegisterScriptFunctions();
  BattlefieldInfoRegisterScriptFunctions();
  SpecializationInfoRegisterScriptFunctions();
  AuctionHouseRegisterScriptFunctions();
  StableInfoRegisterScriptFunctions();
  RaidInfoRegisterScriptFunctions();
  MeetingStoneInfoRegisterScriptFunctions();
  WorldStateInfoRegisterScriptFunctions();
  MinigameInfoRegisterScriptFunctions();
  return LotteryRegisterScriptFunctions();
}
```

edit:

probably already posted this in the thread somewhere but here is a python script to import into IDA:



```
MakeNameEx(0x004DFE00, "Script_AbandonQuest", SN_NOWARN)
MakeNameEx(0x004D3AB0, "Script_AbandonSkill", SN_NOWARN)
MakeNameEx(0x0048DF20, "Script_AcceptAreaSpiritHeal", SN_NOWARN)
MakeNameEx(0x004AB3B0, "Script_AcceptBattlefieldPort", SN_NOWARN)
MakeNameEx(0x0046D150, "Script_AcceptContest", SN_NOWARN)
MakeNameEx(0x004D4CE0, "Script_AcceptDuel", SN_NOWARN)
MakeNameEx(0x0046D070, "Script_AcceptEULA", SN_NOWARN)
MakeNameEx(0x0048AA80, "Script_AcceptGroup", SN_NOWARN)
MakeNameEx(0x0048AAE0, "Script_AcceptGuild", SN_NOWARN)
MakeNameEx(0x00501D20, "Script_AcceptQuest", SN_NOWARN)
MakeNameEx(0x0048A9A0, "Script_AcceptResurrect", SN_NOWARN)
MakeNameEx(0x0046D0E0, "Script_AcceptScanning", SN_NOWARN)
MakeNameEx(0x004D3D40, "Script_AcceptSkillUps", SN_NOWARN)
MakeNameEx(0x0046D000, "Script_AcceptTOS", SN_NOWARN)
MakeNameEx(0x004C06E0, "Script_AcceptTrade", SN_NOWARN)
MakeNameEx(0x0048D0C0, "Script_AcceptXPLoss", SN_NOWARN)
MakeNameEx(0x004E75D0, "Script_ActionHasRange", SN_NOWARN)
MakeNameEx(0x004A1000, "Script_AddChatWindowChannel", SN_NOWARN)
MakeNameEx(0x004A0E80, "Script_AddChatWindowMessages", SN_NOWARN)
MakeNameEx(0x005AD290, "Script_AddFriend", SN_NOWARN)
MakeNameEx(0x005AD5F0, "Script_AddIgnore", SN_NOWARN)
MakeNameEx(0x005AD5A0, "Script_AddOrDelIgnore", SN_NOWARN)
MakeNameEx(0x004E1930, "Script_AddQuestWatch", SN_NOWARN)
MakeNameEx(0x004D3C30, "Script_AddSkillUp", SN_NOWARN)
MakeNameEx(0x004C07F0, "Script_AddTradeMoney", SN_NOWARN)
MakeNameEx(0x00515F90, "Script_AppendToFile", SN_NOWARN)
MakeNameEx(0x00489C40, "Script_AssistByName", SN_NOWARN)
MakeNameEx(0x00489B80, "Script_AssistUnit", SN_NOWARN)
MakeNameEx(0x00489B50, "Script_AttackTarget", SN_NOWARN)
MakeNameEx(0x0048A040, "Script_AutoEquipCursorItem", SN_NOWARN)
MakeNameEx(0x004F8530, "Script_BankButtonIDToInvSlotID", SN_NOWARN)
MakeNameEx(0x0048AA60, "Script_BeginTrade", SN_NOWARN)
MakeNameEx(0x0048D2E0, "Script_BindEnchant", SN_NOWARN)
MakeNameEx(0x004F5260, "Script_BuyGuildCharter", SN_NOWARN)
MakeNameEx(0x004FB850, "Script_BuyMerchantItem", SN_NOWARN)
MakeNameEx(0x004C4400, "Script_BuyRandomPicks", SN_NOWARN)
MakeNameEx(0x004D3E50, "Script_BuySkillTier", SN_NOWARN)
MakeNameEx(0x004CB080, "Script_BuyStableSlot", SN_NOWARN)
MakeNameEx(0x004DA210, "Script_BuyTrainerService", SN_NOWARN)
MakeNameEx(0x004FB950, "Script_BuybackItem", SN_NOWARN)
MakeNameEx(0x004CE1C0, "Script_CalculateAuctionDeposit", SN_NOWARN)
MakeNameEx(0x00514190, "Script_CameraOrSelectOrMoveStart", SN_NOWARN)
MakeNameEx(0x005141D0, "Script_CameraOrSelectOrMoveStop", SN_NOWARN)
MakeNameEx(0x0050B400, "Script_CameraZoomIn", SN_NOWARN)
MakeNameEx(0x0050B450, "Script_CameraZoomOut", SN_NOWARN)
MakeNameEx(0x004D1C40, "Script_CanEditGuildInfo", SN_NOWARN)
MakeNameEx(0x004D1A80, "Script_CanEditMOTD", SN_NOWARN)
MakeNameEx(0x004D1B60, "Script_CanEditOfficerNote", SN_NOWARN)
MakeNameEx(0x004D1AF0, "Script_CanEditPublicNote", SN_NOWARN)
MakeNameEx(0x004D1930, "Script_CanGuildDemote", SN_NOWARN)
MakeNameEx(0x004D19A0, "Script_CanGuildInvite", SN_NOWARN)
MakeNameEx(0x004D18C0, "Script_CanGuildPromote", SN_NOWARN)
MakeNameEx(0x004D1A10, "Script_CanGuildRemove", SN_NOWARN)
MakeNameEx(0x0048A1B0, "Script_CanInspect", SN_NOWARN)
MakeNameEx(0x004AC380, "Script_CanJoinBattlefieldAsGroup", SN_NOWARN)
MakeNameEx(0x004FBA80, "Script_CanMerchantRepair", SN_NOWARN)
MakeNameEx(0x004CFBB0, "Script_CanSendAuctionQuery", SN_NOWARN)
MakeNameEx(0x0048A720, "Script_CanShowResetInstances", SN_NOWARN)
MakeNameEx(0x004F45E0, "Script_CanSignPetition", SN_NOWARN)
MakeNameEx(0x004D1BD0, "Script_CanViewOfficerNote", SN_NOWARN)
MakeNameEx(0x0048DF30, "Script_CancelAreaSpiritHeal", SN_NOWARN)
MakeNameEx(0x004D0260, "Script_CancelAuction", SN_NOWARN)
MakeNameEx(0x004D4CF0, "Script_CancelDuel", SN_NOWARN)
MakeNameEx(0x0048AB40, "Script_CancelLogout", SN_NOWARN)
MakeNameEx(0x004CA5A0, "Script_CancelMeetingStoneRequest", SN_NOWARN)
MakeNameEx(0x00489960, "Script_CancelPendingEquip", SN_NOWARN)
MakeNameEx(0x004E49A0, "Script_CancelPlayerBuff", SN_NOWARN)
MakeNameEx(0x0046ED10, "Script_CancelRealmListQuery", SN_NOWARN)
MakeNameEx(0x004D3E30, "Script_CancelSkillUps", SN_NOWARN)
MakeNameEx(0x004E4A80, "Script_CancelTrackingBuff", SN_NOWARN)
MakeNameEx(0x0048AA70, "Script_CancelTrade", SN_NOWARN)
MakeNameEx(0x004C06F0, "Script_CancelTradeAccept", SN_NOWARN)
MakeNameEx(0x004BE330, "Script_CastPetAction", SN_NOWARN)
MakeNameEx(0x004B4810, "Script_CastShapeshiftForm", SN_NOWARN)
MakeNameEx(0x004B42F0, "Script_CastSpell", SN_NOWARN)
MakeNameEx(0x004B4AB0, "Script_CastSpellByName", SN_NOWARN)
MakeNameEx(0x004E7650, "Script_ChangeActionBarPage", SN_NOWARN)
MakeNameEx(0x004A07F0, "Script_ChangeChatColor", SN_NOWARN)
MakeNameEx(0x0046F0E0, "Script_ChangeRealm", SN_NOWARN)
MakeNameEx(0x004A0770, "Script_ChannelBan", SN_NOWARN)
MakeNameEx(0x004A0730, "Script_ChannelInvite", SN_NOWARN)
MakeNameEx(0x004A0750, "Script_ChannelKick", SN_NOWARN)
MakeNameEx(0x004A07D0, "Script_ChannelModerate", SN_NOWARN)
MakeNameEx(0x004A06B0, "Script_ChannelModerator", SN_NOWARN)
MakeNameEx(0x004A06F0, "Script_ChannelMute", SN_NOWARN)
MakeNameEx(0x004A07B0, "Script_ChannelToggleAnnouncements", SN_NOWARN)
MakeNameEx(0x004A0790, "Script_ChannelUnban", SN_NOWARN)
MakeNameEx(0x004A06D0, "Script_ChannelUnmoderator", SN_NOWARN)
MakeNameEx(0x004A0710, "Script_ChannelUnmute", SN_NOWARN)
MakeNameEx(0x0048D210, "Script_CheckBinderDist", SN_NOWARN)
MakeNameEx(0x004AEAB0, "Script_CheckInbox", SN_NOWARN)
MakeNameEx(0x0048BA00, "Script_CheckInteractDistance", SN_NOWARN)
MakeNameEx(0x0048D1C0, "Script_CheckPetUntrainerDist", SN_NOWARN)
MakeNameEx(0x004BC120, "Script_CheckReadyCheckTime", SN_NOWARN)
MakeNameEx(0x0048D120, "Script_CheckSpiritHealerDist", SN_NOWARN)
MakeNameEx(0x0048D170, "Script_CheckTalentMasterDist", SN_NOWARN)
MakeNameEx(0x004895B0, "Script_ClearCursor", SN_NOWARN)
MakeNameEx(0x004C9780, "Script_ClearInspectPlayer", SN_NOWARN)
MakeNameEx(0x004ADEE0, "Script_ClearSendMail", SN_NOWARN)
MakeNameEx(0x00489FF0, "Script_ClearTarget", SN_NOWARN)
MakeNameEx(0x004B5A00, "Script_ClearTutorials", SN_NOWARN)
MakeNameEx(0x004CE310, "Script_ClickAuctionSellItemButton", SN_NOWARN)
MakeNameEx(0x004ADEF0, "Script_ClickSendMailItemButton", SN_NOWARN)
MakeNameEx(0x004CB420, "Script_ClickStablePet", SN_NOWARN)
MakeNameEx(0x004C0080, "Script_ClickTargetTradeButton", SN_NOWARN)
MakeNameEx(0x004BFDF0, "Script_ClickTradeButton", SN_NOWARN)
MakeNameEx(0x004CE160, "Script_CloseAuctionHouse", SN_NOWARN)
MakeNameEx(0x004F87D0, "Script_CloseBankFrame", SN_NOWARN)
MakeNameEx(0x004AB2F0, "Script_CloseBattlefield", SN_NOWARN)
MakeNameEx(0x004F6C00, "Script_CloseCraft", SN_NOWARN)
MakeNameEx(0x004E2B20, "Script_CloseGossip", SN_NOWARN)
MakeNameEx(0x004F5220, "Script_CloseGuildRegistrar", SN_NOWARN)
MakeNameEx(0x004D2350, "Script_CloseGuildRoster", SN_NOWARN)
MakeNameEx(0x004E3B70, "Script_CloseItemText", SN_NOWARN)
MakeNameEx(0x004C2EC0, "Script_CloseLoot", SN_NOWARN)
MakeNameEx(0x004C4210, "Script_CloseLottery", SN_NOWARN)
MakeNameEx(0x004ADED0, "Script_CloseMail", SN_NOWARN)
MakeNameEx(0x004FB120, "Script_CloseMerchant", SN_NOWARN)
MakeNameEx(0x004CAE40, "Script_ClosePetStables", SN_NOWARN)
MakeNameEx(0x004F43C0, "Script_ClosePetition", SN_NOWARN)
MakeNameEx(0x00501A10, "Script_CloseQuest", SN_NOWARN)
MakeNameEx(0x004F5900, "Script_CloseTabardCreation", SN_NOWARN)
MakeNameEx(0x004DCCE0, "Script_CloseTaxiMap", SN_NOWARN)
MakeNameEx(0x004BFDC0, "Script_CloseTrade", SN_NOWARN)
MakeNameEx(0x004FD7F0, "Script_CloseTradeSkill", SN_NOWARN)
MakeNameEx(0x004D8D50, "Script_CloseTrainer", SN_NOWARN)
MakeNameEx(0x004F7C10, "Script_CollapseCraftSkillLine", SN_NOWARN)
MakeNameEx(0x004D6A50, "Script_CollapseFactionHeader", SN_NOWARN)
MakeNameEx(0x004E1730, "Script_CollapseQuestHeader", SN_NOWARN)
MakeNameEx(0x004D3B70, "Script_CollapseSkillHeader", SN_NOWARN)
MakeNameEx(0x005000C0, "Script_CollapseTradeSkillSubClass", SN_NOWARN)
MakeNameEx(0x004DA6C0, "Script_CollapseTrainerSkillLine", SN_NOWARN)
MakeNameEx(0x00501D70, "Script_CompleteQuest", SN_NOWARN)
MakeNameEx(0x005021B0, "Script_ConfirmAcceptQuest", SN_NOWARN)
MakeNameEx(0x0048D770, "Script_ConfirmBindOnUse", SN_NOWARN)
MakeNameEx(0x0048DD00, "Script_ConfirmBinder", SN_NOWARN)
MakeNameEx(0x004C33E0, "Script_ConfirmLootRoll", SN_NOWARN)
MakeNameEx(0x0048DCA0, "Script_ConfirmPetUnlearn", SN_NOWARN)
MakeNameEx(0x004BC090, "Script_ConfirmReadyCheck", SN_NOWARN)
MakeNameEx(0x0048B770, "Script_ConfirmSummon", SN_NOWARN)
MakeNameEx(0x0048DC40, "Script_ConfirmTalentWipe", SN_NOWARN)
MakeNameEx(0x00515F10, "Script_ConsoleExec", SN_NOWARN)
MakeNameEx(0x004F94E0, "Script_ContainerIDToInventoryID", SN_NOWARN)
MakeNameEx(0x0046D120, "Script_ContestAccepted", SN_NOWARN)
MakeNameEx(0x004BBC90, "Script_ConvertToRaid", SN_NOWARN)
MakeNameEx(0x004719E0, "Script_CreateCharacter", SN_NOWARN)
MakeNameEx(0x00706040, "Script_CreateFont", SN_NOWARN)
MakeNameEx(0x007060B0, "Script_CreateFrame", SN_NOWARN)
MakeNameEx(0x004F15B0, "Script_CreateMacro", SN_NOWARN)
MakeNameEx(0x004A8C60, "Script_CreateMiniWorldMapArrowFrame", SN_NOWARN)
MakeNameEx(0x004A8BB0, "Script_CreateWorldMapArrowFrame", SN_NOWARN)
MakeNameEx(0x004C8FF0, "Script_CursorCanGoInSlot", SN_NOWARN)
MakeNameEx(0x004895D0, "Script_CursorHasItem", SN_NOWARN)
MakeNameEx(0x00489630, "Script_CursorHasMoney", SN_NOWARN)
MakeNameEx(0x00489600, "Script_CursorHasSpell", SN_NOWARN)
MakeNameEx(0x00471890, "Script_CycleCharCustomization", SN_NOWARN)
MakeNameEx(0x0048AAB0, "Script_DeclineGroup", SN_NOWARN)
MakeNameEx(0x0048AB10, "Script_DeclineGuild", SN_NOWARN)
MakeNameEx(0x00501D30, "Script_DeclineQuest", SN_NOWARN)
MakeNameEx(0x0048A9D0, "Script_DeclineResurrect", SN_NOWARN)
MakeNameEx(0x0046D160, "Script_DefaultServerLogin", SN_NOWARN)
MakeNameEx(0x005AD640, "Script_DelIgnore", SN_NOWARN)
MakeNameEx(0x004734C0, "Script_DeleteCharacter", SN_NOWARN)
MakeNameEx(0x004897B0, "Script_DeleteCursorItem", SN_NOWARN)
MakeNameEx(0x00515F70, "Script_DeleteFile", SN_NOWARN)
MakeNameEx(0x0048CB70, "Script_DeleteGMTicket", SN_NOWARN)
MakeNameEx(0x004AFCD0, "Script_DeleteInboxItem", SN_NOWARN)
MakeNameEx(0x004F1850, "Script_DeleteMacro", SN_NOWARN)
MakeNameEx(0x004BBDF0, "Script_DemoteAssistant", SN_NOWARN)
MakeNameEx(0x0046D8A0, "Script_DisableAddOn", SN_NOWARN)
MakeNameEx(0x0048E760, "Script_DisableAddOn", SN_NOWARN)
MakeNameEx(0x0046D940, "Script_DisableAllAddOns", SN_NOWARN)
MakeNameEx(0x0048E7F0, "Script_DisableAllAddOns", SN_NOWARN)
MakeNameEx(0x0046D340, "Script_DisconnectFromServer", SN_NOWARN)
MakeNameEx(0x004A05C0, "Script_DisplayChannelOwner", SN_NOWARN)
MakeNameEx(0x004F7D10, "Script_DoCraft", SN_NOWARN)
MakeNameEx(0x0049FD30, "Script_DoEmote", SN_NOWARN)
MakeNameEx(0x004BC080, "Script_DoReadyCheck", SN_NOWARN)
MakeNameEx(0x00500280, "Script_DoTradeSkill", SN_NOWARN)
MakeNameEx(0x0048ABA0, "Script_DropCursorMoney", SN_NOWARN)
MakeNameEx(0x0048D960, "Script_DropItemOnUnit", SN_NOWARN)
MakeNameEx(0x0046D040, "Script_EULAAccepted", SN_NOWARN)
MakeNameEx(0x004F18B0, "Script_EditMacro", SN_NOWARN)
MakeNameEx(0x0046D7B0, "Script_EnableAddOn", SN_NOWARN)
MakeNameEx(0x0048E690, "Script_EnableAddOn", SN_NOWARN)
MakeNameEx(0x0046D850, "Script_EnableAllAddOns", SN_NOWARN)
MakeNameEx(0x0048E720, "Script_EnableAllAddOns", SN_NOWARN)
MakeNameEx(0x0046D3C0, "Script_EnterWorld", SN_NOWARN)
MakeNameEx(0x00705F60, "Script_EnumerateFrames", SN_NOWARN)
MakeNameEx(0x004A1790, "Script_EnumerateServerChannels", SN_NOWARN)
MakeNameEx(0x00489660, "Script_EquipCursorItem", SN_NOWARN)
MakeNameEx(0x004898F0, "Script_EquipPendingItem", SN_NOWARN)
MakeNameEx(0x004F7C90, "Script_ExpandCraftSkillLine", SN_NOWARN)
MakeNameEx(0x004D6AA0, "Script_ExpandFactionHeader", SN_NOWARN)
MakeNameEx(0x004E1780, "Script_ExpandQuestHeader", SN_NOWARN)
MakeNameEx(0x004D3BD0, "Script_ExpandSkillHeader", SN_NOWARN)
MakeNameEx(0x00500140, "Script_ExpandTradeSkillSubClass", SN_NOWARN)
MakeNameEx(0x004DA740, "Script_ExpandTrainerSkillLine", SN_NOWARN)
MakeNameEx(0x004D6950, "Script_FactionToggleAtWar", SN_NOWARN)
MakeNameEx(0x004B59B0, "Script_FlagTutorial", SN_NOWARN)
MakeNameEx(0x0050B6A0, "Script_FlipCameraYaw", SN_NOWARN)
MakeNameEx(0x00489EC0, "Script_FollowByName", SN_NOWARN)
MakeNameEx(0x00489E00, "Script_FollowUnit", SN_NOWARN)
MakeNameEx(0x0048AB50, "Script_ForceLogout", SN_NOWARN)
MakeNameEx(0x0048AB60, "Script_ForceQuit", SN_NOWARN)
MakeNameEx(0x00488440, "Script_FrameXML_Debug", SN_NOWARN)
MakeNameEx(0x0048D4C0, "Script_GMRequestPlayerInfo", SN_NOWARN)
MakeNameEx(0x0048CD30, "Script_GMSurveyAnswerSubmit", SN_NOWARN)
MakeNameEx(0x0048CEF0, "Script_GMSurveyCommentSubmit", SN_NOWARN)
MakeNameEx(0x0048CC00, "Script_GMSurveyQuestion", SN_NOWARN)
MakeNameEx(0x0048CF80, "Script_GMSurveySubmit", SN_NOWARN)
MakeNameEx(0x004DFBE0, "Script_GetAbandonQuestItems", SN_NOWARN)
MakeNameEx(0x004DFB60, "Script_GetAbandonQuestName", SN_NOWARN)
MakeNameEx(0x004E6F90, "Script_GetActionAutocast", SN_NOWARN)
MakeNameEx(0x004E7660, "Script_GetActionBarToggles", SN_NOWARN)
MakeNameEx(0x004E6ED0, "Script_GetActionCooldown", SN_NOWARN)
MakeNameEx(0x004E6E70, "Script_GetActionCount", SN_NOWARN)
MakeNameEx(0x004E7050, "Script_GetActionText", SN_NOWARN)
MakeNameEx(0x004E6E10, "Script_GetActionTexture", SN_NOWARN)
MakeNameEx(0x00501C20, "Script_GetActiveLevel", SN_NOWARN)
MakeNameEx(0x00501B30, "Script_GetActiveTitle", SN_NOWARN)
MakeNameEx(0x0046D650, "Script_GetAddOnDependencies", SN_NOWARN)
MakeNameEx(0x0048E5E0, "Script_GetAddOnDependencies", SN_NOWARN)
MakeNameEx(0x0046D6F0, "Script_GetAddOnEnableState", SN_NOWARN)
MakeNameEx(0x0046D460, "Script_GetAddOnInfo", SN_NOWARN)
MakeNameEx(0x0048E390, "Script_GetAddOnInfo", SN_NOWARN)
MakeNameEx(0x0048E530, "Script_GetAddOnMetadata", SN_NOWARN)
MakeNameEx(0x004D3CB0, "Script_GetAdjustedSkillPoints", SN_NOWARN)
MakeNameEx(0x0048DEE0, "Script_GetAreaSpiritHealerTime", SN_NOWARN)
MakeNameEx(0x004CE170, "Script_GetAuctionHouseDepositRate", SN_NOWARN)
MakeNameEx(0x004CFAB0, "Script_GetAuctionInvTypes", SN_NOWARN)
MakeNameEx(0x004CF970, "Script_GetAuctionItemClasses", SN_NOWARN)
MakeNameEx(0x004CEE40, "Script_GetAuctionItemInfo", SN_NOWARN)
MakeNameEx(0x004CF2F0, "Script_GetAuctionItemLink", SN_NOWARN)
MakeNameEx(0x004CF9C0, "Script_GetAuctionItemSubClasses", SN_NOWARN)
MakeNameEx(0x004CF470, "Script_GetAuctionItemTimeLeft", SN_NOWARN)
MakeNameEx(0x004CE590, "Script_GetAuctionSellItemInfo", SN_NOWARN)
MakeNameEx(0x00501BA0, "Script_GetAvailableLevel", SN_NOWARN)
MakeNameEx(0x00471520, "Script_GetAvailableRaces", SN_NOWARN)
MakeNameEx(0x00501AC0, "Script_GetAvailableTitle", SN_NOWARN)
MakeNameEx(0x004FA670, "Script_GetBagName", SN_NOWARN)
MakeNameEx(0x004F8630, "Script_GetBankSlotCost", SN_NOWARN)
MakeNameEx(0x00489280, "Script_GetBaseMip", SN_NOWARN)
MakeNameEx(0x004AB790, "Script_GetBattlefieldEstimatedWaitTime", SN_NOWARN)
MakeNameEx(0x004AC230, "Script_GetBattlefieldFlagPosition", SN_NOWARN)
MakeNameEx(0x004AB0B0, "Script_GetBattlefieldInfo", SN_NOWARN)
MakeNameEx(0x004AB6D0, "Script_GetBattlefieldInstanceExpiration", SN_NOWARN)
MakeNameEx(0x004AB1F0, "Script_GetBattlefieldInstanceInfo", SN_NOWARN)
MakeNameEx(0x004AB730, "Script_GetBattlefieldInstanceRunTime", SN_NOWARN)
MakeNameEx(0x004AC3D0, "Script_GetBattlefieldMapIconScale", SN_NOWARN)
MakeNameEx(0x004AB620, "Script_GetBattlefieldPortExpiration", SN_NOWARN)
MakeNameEx(0x004ABF90, "Script_GetBattlefieldPosition", SN_NOWARN)
MakeNameEx(0x004AB9D0, "Script_GetBattlefieldScore", SN_NOWARN)
MakeNameEx(0x004ABDC0, "Script_GetBattlefieldStatData", SN_NOWARN)
MakeNameEx(0x004ABD00, "Script_GetBattlefieldStatInfo", SN_NOWARN)
MakeNameEx(0x004AB4A0, "Script_GetBattlefieldStatus", SN_NOWARN)
MakeNameEx(0x004AB820, "Script_GetBattlefieldTimeWaited", SN_NOWARN)
MakeNameEx(0x004ABC40, "Script_GetBattlefieldWinner", SN_NOWARN)
MakeNameEx(0x004CECD0, "Script_GetBidderAuctionItems", SN_NOWARN)
MakeNameEx(0x0046DC40, "Script_GetBillingPlan", SN_NOWARN)
MakeNameEx(0x0046DBF0, "Script_GetBillingTimeRemaining", SN_NOWARN)
MakeNameEx(0x0046DCF0, "Script_GetBillingTimeRested", SN_NOWARN)
MakeNameEx(0x0048EC50, "Script_GetBillingTimeRested", SN_NOWARN)
MakeNameEx(0x0048DAE0, "Script_GetBindLocation", SN_NOWARN)
MakeNameEx(0x004B7F60, "Script_GetBinding", SN_NOWARN)
MakeNameEx(0x004B8120, "Script_GetBindingAction", SN_NOWARN)
MakeNameEx(0x004B80A0, "Script_GetBindingKey", SN_NOWARN)
MakeNameEx(0x00516F60, "Script_GetBlockChance", SN_NOWARN)
MakeNameEx(0x004E7620, "Script_GetBonusBarOffset", SN_NOWARN)
MakeNameEx(0x0046CD70, "Script_GetBuildInfo", SN_NOWARN)
MakeNameEx(0x004884A0, "Script_GetBuildInfo", SN_NOWARN)
MakeNameEx(0x004FB310, "Script_GetBuybackItemInfo", SN_NOWARN)
MakeNameEx(0x00488BA0, "Script_GetCVar", SN_NOWARN)
MakeNameEx(0x00488CF0, "Script_GetCVarDefault", SN_NOWARN)
MakeNameEx(0x004A02D0, "Script_GetChannelList", SN_NOWARN)
MakeNameEx(0x004A05E0, "Script_GetChannelName", SN_NOWARN)
MakeNameEx(0x00471910, "Script_GetCharacterCreateFacing", SN_NOWARN)
MakeNameEx(0x004732A0, "Script_GetCharacterInfo", SN_NOWARN)
MakeNameEx(0x00473270, "Script_GetCharacterListUpdate", SN_NOWARN)
MakeNameEx(0x00473650, "Script_GetCharacterSelectFacing", SN_NOWARN)
MakeNameEx(0x004A0A80, "Script_GetChatTypeIndex", SN_NOWARN)
MakeNameEx(0x004A0DC0, "Script_GetChatWindowChannels", SN_NOWARN)
MakeNameEx(0x004A0BA0, "Script_GetChatWindowInfo", SN_NOWARN)
MakeNameEx(0x004A0D20, "Script_GetChatWindowMessages", SN_NOWARN)
MakeNameEx(0x00471560, "Script_GetClassesForRace", SN_NOWARN)
MakeNameEx(0x0048D4E0, "Script_GetCoinIcon", SN_NOWARN)
MakeNameEx(0x0051A190, "Script_GetComboPoints", SN_NOWARN)
MakeNameEx(0x004F99B0, "Script_GetContainerItemCooldown", SN_NOWARN)
MakeNameEx(0x004F9670, "Script_GetContainerItemInfo", SN_NOWARN)
MakeNameEx(0x004F9930, "Script_GetContainerItemLink", SN_NOWARN)
MakeNameEx(0x004F9560, "Script_GetContainerNumSlots", SN_NOWARN)
MakeNameEx(0x004A86D0, "Script_GetCorpseMapPosition", SN_NOWARN)
MakeNameEx(0x0048B5E0, "Script_GetCorpseRecoveryDelay", SN_NOWARN)
MakeNameEx(0x004F6C90, "Script_GetCraftButtonToken", SN_NOWARN)
MakeNameEx(0x004F7A90, "Script_GetCraftDescription", SN_NOWARN)
MakeNameEx(0x004F6CB0, "Script_GetCraftDisplaySkillLine", SN_NOWARN)
MakeNameEx(0x004F7160, "Script_GetCraftIcon", SN_NOWARN)
MakeNameEx(0x004F6E90, "Script_GetCraftInfo", SN_NOWARN)
MakeNameEx(0x004F72A0, "Script_GetCraftItemLink", SN_NOWARN)
MakeNameEx(0x004F6C10, "Script_GetCraftName", SN_NOWARN)
MakeNameEx(0x004F7420, "Script_GetCraftNumReagents", SN_NOWARN)
MakeNameEx(0x004F74D0, "Script_GetCraftReagentInfo", SN_NOWARN)
MakeNameEx(0x004F7730, "Script_GetCraftReagentItemLink", SN_NOWARN)
MakeNameEx(0x004F7130, "Script_GetCraftSelectionIndex", SN_NOWARN)
MakeNameEx(0x004F7210, "Script_GetCraftSkillLine", SN_NOWARN)
MakeNameEx(0x004F78B0, "Script_GetCraftSpellFocus", SN_NOWARN)
MakeNameEx(0x004B8200, "Script_GetCurrentBindingSet", SN_NOWARN)
MakeNameEx(0x004A7ED0, "Script_GetCurrentMapContinent", SN_NOWARN)
MakeNameEx(0x004A7F00, "Script_GetCurrentMapZone", SN_NOWARN)
MakeNameEx(0x0048C580, "Script_GetCurrentMultisampleFormat", SN_NOWARN)
MakeNameEx(0x0048BF10, "Script_GetCurrentResolution", SN_NOWARN)
MakeNameEx(0x0048AB70, "Script_GetCursorMoney", SN_NOWARN)
MakeNameEx(0x0046DAD0, "Script_GetCursorPosition", SN_NOWARN)
MakeNameEx(0x0048B820, "Script_GetCursorPosition", SN_NOWARN)
MakeNameEx(0x0048B520, "Script_GetDamageBonusStat", SN_NOWARN)
MakeNameEx(0x00488AF0, "Script_GetDebugStats", SN_NOWARN)
MakeNameEx(0x0049FCD0, "Script_GetDefaultLanguage", SN_NOWARN)
MakeNameEx(0x00516F00, "Script_GetDodgeChance", SN_NOWARN)
MakeNameEx(0x00489060, "Script_GetDoodadAnim", SN_NOWARN)
MakeNameEx(0x00471620, "Script_GetFacialHairCustomization", SN_NOWARN)
MakeNameEx(0x00471450, "Script_GetFactionForRace", SN_NOWARN)
MakeNameEx(0x004D64F0, "Script_GetFactionInfo", SN_NOWARN)
MakeNameEx(0x00488F00, "Script_GetFarclip", SN_NOWARN)
MakeNameEx(0x005001C0, "Script_GetFirstTradeSkill", SN_NOWARN)
MakeNameEx(0x004893E0, "Script_GetFramerate", SN_NOWARN)
MakeNameEx(0x005AD060, "Script_GetFriendInfo", SN_NOWARN)
MakeNameEx(0x0048CFC0, "Script_GetGMStatus", SN_NOWARN)
MakeNameEx(0x0048C9A0, "Script_GetGMTicket", SN_NOWARN)
MakeNameEx(0x0048D8D0, "Script_GetGMTicketCategories", SN_NOWARN)
MakeNameEx(0x00515EE0, "Script_GetGameTime", SN_NOWARN)
MakeNameEx(0x004891C0, "Script_GetGamma", SN_NOWARN)
MakeNameEx(0x004E29B0, "Script_GetGossipActiveQuests", SN_NOWARN)
MakeNameEx(0x004E2930, "Script_GetGossipAvailableQuests", SN_NOWARN)
MakeNameEx(0x004E28D0, "Script_GetGossipOptions", SN_NOWARN)
MakeNameEx(0x004E28C0, "Script_GetGossipText", SN_NOWARN)
MakeNameEx(0x00501A30, "Script_GetGreetingText", SN_NOWARN)
MakeNameEx(0x004F5230, "Script_GetGuildCharterCost", SN_NOWARN)
MakeNameEx(0x004C9330, "Script_GetGuildInfo", SN_NOWARN)
MakeNameEx(0x004D2370, "Script_GetGuildInfoText", SN_NOWARN)
MakeNameEx(0x004A0040, "Script_GetGuildRecruitmentMode", SN_NOWARN)
MakeNameEx(0x004D1200, "Script_GetGuildRosterInfo", SN_NOWARN)
MakeNameEx(0x004D14A0, "Script_GetGuildRosterLastOnline", SN_NOWARN)
MakeNameEx(0x004D11F0, "Script_GetGuildRosterMOTD", SN_NOWARN)
MakeNameEx(0x004D1890, "Script_GetGuildRosterSelection", SN_NOWARN)
MakeNameEx(0x004D1E30, "Script_GetGuildRosterShowOffline", SN_NOWARN)
MakeNameEx(0x004715D0, "Script_GetHairCustomization", SN_NOWARN)
MakeNameEx(0x005AD460, "Script_GetIgnoreName", SN_NOWARN)
MakeNameEx(0x004AEBC0, "Script_GetInboxHeaderInfo", SN_NOWARN)
MakeNameEx(0x004AF360, "Script_GetInboxInvoiceInfo", SN_NOWARN)
MakeNameEx(0x004AF5D0, "Script_GetInboxItem", SN_NOWARN)
MakeNameEx(0x004AEB90, "Script_GetInboxNumItems", SN_NOWARN)
MakeNameEx(0x004AF110, "Script_GetInboxText", SN_NOWARN)
MakeNameEx(0x004C9620, "Script_GetInspectHonorData", SN_NOWARN)
MakeNameEx(0x0051AB00, "Script_GetInspectPVPRankProgress", SN_NOWARN)
MakeNameEx(0x0048B620, "Script_GetInstanceBootTimeRemaining", SN_NOWARN)
MakeNameEx(0x004C94B0, "Script_GetInventoryAlertStatus", SN_NOWARN)
MakeNameEx(0x004C8590, "Script_GetInventoryItemBroken", SN_NOWARN)
MakeNameEx(0x004C8A60, "Script_GetInventoryItemCooldown", SN_NOWARN)
MakeNameEx(0x004C8680, "Script_GetInventoryItemCount", SN_NOWARN)
MakeNameEx(0x004C8C10, "Script_GetInventoryItemLink", SN_NOWARN)
MakeNameEx(0x004C88D0, "Script_GetInventoryItemQuality", SN_NOWARN)
MakeNameEx(0x004C82A0, "Script_GetInventoryItemTexture", SN_NOWARN)
MakeNameEx(0x004C81B0, "Script_GetInventorySlotInfo", SN_NOWARN)
MakeNameEx(0x0048E070, "Script_GetItemInfo", SN_NOWARN)
MakeNameEx(0x0048DFB0, "Script_GetItemQualityColor", SN_NOWARN)
MakeNameEx(0x004C45D0, "Script_GetJackpotAmount", SN_NOWARN)
MakeNameEx(0x004E98C0, "Script_GetLFGResults", SN_NOWARN)
MakeNameEx(0x004E9AA0, "Script_GetLFGTypeEntries", SN_NOWARN)
MakeNameEx(0x004E9A70, "Script_GetLFGTypes", SN_NOWARN)
MakeNameEx(0x0049FBE0, "Script_GetLanguageByIndex", SN_NOWARN)
MakeNameEx(0x004C4220, "Script_GetLastLotteryNumbers", SN_NOWARN)
MakeNameEx(0x0046CE40, "Script_GetLocale", SN_NOWARN)
MakeNameEx(0x0048D8B0, "Script_GetLocale", SN_NOWARN)
MakeNameEx(0x004E95D0, "Script_GetLookingForGroup", SN_NOWARN)
MakeNameEx(0x004E91B0, "Script_GetLootMethod", SN_NOWARN)
MakeNameEx(0x004C3050, "Script_GetLootRollItemInfo", SN_NOWARN)
MakeNameEx(0x004C31F0, "Script_GetLootRollItemLink", SN_NOWARN)
MakeNameEx(0x004C32D0, "Script_GetLootRollTimeLeft", SN_NOWARN)
MakeNameEx(0x004C2C60, "Script_GetLootSlotInfo", SN_NOWARN)
MakeNameEx(0x004C2D20, "Script_GetLootSlotLink", SN_NOWARN)
MakeNameEx(0x004E94E0, "Script_GetLootThreshold", SN_NOWARN)
MakeNameEx(0x004C44E0, "Script_GetLotteryPrizeInfo", SN_NOWARN)
MakeNameEx(0x004F1A30, "Script_GetMacroIconInfo", SN_NOWARN)
MakeNameEx(0x004F1B30, "Script_GetMacroIndexByName", SN_NOWARN)
MakeNameEx(0x004F1760, "Script_GetMacroInfo", SN_NOWARN)
MakeNameEx(0x004A7CE0, "Script_GetMapContinents", SN_NOWARN)
MakeNameEx(0x004A7E30, "Script_GetMapInfo", SN_NOWARN)
MakeNameEx(0x004A8740, "Script_GetMapLandmarkInfo", SN_NOWARN)
MakeNameEx(0x004A8A00, "Script_GetMapOverlayInfo", SN_NOWARN)
MakeNameEx(0x004A7D10, "Script_GetMapZones", SN_NOWARN)
MakeNameEx(0x004C2F10, "Script_GetMasterLootCandidate", SN_NOWARN)
MakeNameEx(0x004CA5B0, "Script_GetMeetingStoneStatusText", SN_NOWARN)
MakeNameEx(0x004FB150, "Script_GetMerchantItemInfo", SN_NOWARN)
MakeNameEx(0x004FB580, "Script_GetMerchantItemLink", SN_NOWARN)
MakeNameEx(0x004FB670, "Script_GetMerchantItemMaxStack", SN_NOWARN)
MakeNameEx(0x004FB130, "Script_GetMerchantNumItems", SN_NOWARN)
MakeNameEx(0x004C4DF0, "Script_GetMinigameState", SN_NOWARN)
MakeNameEx(0x004C4D50, "Script_GetMinigameType", SN_NOWARN)
MakeNameEx(0x0048A100, "Script_GetMinimapZoneText", SN_NOWARN)
MakeNameEx(0x00518160, "Script_GetMoney", SN_NOWARN)
MakeNameEx(0x004C45F0, "Script_GetMoneyPrizes", SN_NOWARN)
MakeNameEx(0x0048DF40, "Script_GetMouseFocus", SN_NOWARN)
MakeNameEx(0x0046CF10, "Script_GetMovieResolution", SN_NOWARN)
MakeNameEx(0x0046DBC0, "Script_GetMovieSubtitles", SN_NOWARN)
MakeNameEx(0x0048C360, "Script_GetMultisampleFormats", SN_NOWARN)
MakeNameEx(0x004713F0, "Script_GetNameForRace", SN_NOWARN)
MakeNameEx(0x0048B8B0, "Script_GetNetStats", SN_NOWARN)
MakeNameEx(0x004C4630, "Script_GetNextDrawTime", SN_NOWARN)
MakeNameEx(0x004CB3D0, "Script_GetNextStableSlotCost", SN_NOWARN)
MakeNameEx(0x00501AA0, "Script_GetNumActiveQuests", SN_NOWARN)
MakeNameEx(0x0046D420, "Script_GetNumAddOns", SN_NOWARN)
MakeNameEx(0x0048E350, "Script_GetNumAddOns", SN_NOWARN)
MakeNameEx(0x004CED20, "Script_GetNumAuctionItems", SN_NOWARN)
MakeNameEx(0x00501A80, "Script_GetNumAvailableQuests", SN_NOWARN)
MakeNameEx(0x004F85B0, "Script_GetNumBankSlots", SN_NOWARN)
MakeNameEx(0x004AC1C0, "Script_GetNumBattlefieldFlagPositions", SN_NOWARN)
MakeNameEx(0x004ABF00, "Script_GetNumBattlefieldPositions", SN_NOWARN)
MakeNameEx(0x004AB9A0, "Script_GetNumBattlefieldScores", SN_NOWARN)
MakeNameEx(0x004ABCD0, "Script_GetNumBattlefieldStats", SN_NOWARN)
MakeNameEx(0x004AB080, "Script_GetNumBattlefields", SN_NOWARN)
MakeNameEx(0x004B7F40, "Script_GetNumBindings", SN_NOWARN)
MakeNameEx(0x004FC160, "Script_GetNumBuybackItems", SN_NOWARN)
MakeNameEx(0x00473280, "Script_GetNumCharacters", SN_NOWARN)
MakeNameEx(0x004F6E70, "Script_GetNumCrafts", SN_NOWARN)
MakeNameEx(0x004D64C0, "Script_GetNumFactions", SN_NOWARN)
MakeNameEx(0x00705F00, "Script_GetNumFrames", SN_NOWARN)
MakeNameEx(0x005AD000, "Script_GetNumFriends", SN_NOWARN)
MakeNameEx(0x004D1190, "Script_GetNumGuildMembers", SN_NOWARN)
MakeNameEx(0x005AD400, "Script_GetNumIgnores", SN_NOWARN)
MakeNameEx(0x004E9870, "Script_GetNumLFGResults", SN_NOWARN)
MakeNameEx(0x0049FB30, "Script_GetNumLaguages", SN_NOWARN)
MakeNameEx(0x004C2C30, "Script_GetNumLootItems", SN_NOWARN)
MakeNameEx(0x004C44B0, "Script_GetNumLotteryPrizes", SN_NOWARN)
MakeNameEx(0x004F19F0, "Script_GetNumMacroIcons", SN_NOWARN)
MakeNameEx(0x004F1710, "Script_GetNumMacros", SN_NOWARN)
MakeNameEx(0x004A8710, "Script_GetNumMapLandmarks", SN_NOWARN)
MakeNameEx(0x004A89D0, "Script_GetNumMapOverlays", SN_NOWARN)
MakeNameEx(0x004AE430, "Script_GetNumPackages", SN_NOWARN)
MakeNameEx(0x004E9050, "Script_GetNumPartyMembers", SN_NOWARN)
MakeNameEx(0x004C4660, "Script_GetNumPastDrawResults", SN_NOWARN)
MakeNameEx(0x004F44E0, "Script_GetNumPetitionNames", SN_NOWARN)
MakeNameEx(0x00501F00, "Script_GetNumQuestChoices", SN_NOWARN)
MakeNameEx(0x00501F40, "Script_GetNumQuestItems", SN_NOWARN)
MakeNameEx(0x004E0000, "Script_GetNumQuestLeaderBoards", SN_NOWARN)
MakeNameEx(0x004E0A70, "Script_GetNumQuestLogChoices", SN_NOWARN)
MakeNameEx(0x004DF8B0, "Script_GetNumQuestLogEntries", SN_NOWARN)
MakeNameEx(0x004E09E0, "Script_GetNumQuestLogRewards", SN_NOWARN)
MakeNameEx(0x00501EC0, "Script_GetNumQuestRewards", SN_NOWARN)
MakeNameEx(0x004E1860, "Script_GetNumQuestWatches", SN_NOWARN)
MakeNameEx(0x004BB530, "Script_GetNumRaidMembers", SN_NOWARN)
MakeNameEx(0x0046ED30, "Script_GetNumRealms", SN_NOWARN)
MakeNameEx(0x004DCED0, "Script_GetNumRoutes", SN_NOWARN)
MakeNameEx(0x004A18F0, "Script_GetNumSavedInstances", SN_NOWARN)
MakeNameEx(0x004B4590, "Script_GetNumShapeshiftForms", SN_NOWARN)
MakeNameEx(0x004D35E0, "Script_GetNumSkillLines", SN_NOWARN)
MakeNameEx(0x004B3CB0, "Script_GetNumSpellTabs", SN_NOWARN)
MakeNameEx(0x004CB1D0, "Script_GetNumStablePets", SN_NOWARN)
MakeNameEx(0x004CB200, "Script_GetNumStableSlots", SN_NOWARN)
MakeNameEx(0x004AE1F0, "Script_GetNumStationeries", SN_NOWARN)
MakeNameEx(0x004F3010, "Script_GetNumTalentTabs", SN_NOWARN)
MakeNameEx(0x004F3160, "Script_GetNumTalents", SN_NOWARN)
MakeNameEx(0x004FD800, "Script_GetNumTradeSkills", SN_NOWARN)
MakeNameEx(0x004D8D90, "Script_GetNumTrainerServices", SN_NOWARN)
MakeNameEx(0x005AD690, "Script_GetNumWhoResults", SN_NOWARN)
MakeNameEx(0x004C5A40, "Script_GetNumWorldStateUI", SN_NOWARN)
MakeNameEx(0x00501A50, "Script_GetObjectiveText", SN_NOWARN)
MakeNameEx(0x004CEC80, "Script_GetOwnerAuctionItems", SN_NOWARN)
MakeNameEx(0x0051A6C0, "Script_GetPVPLastWeekStats", SN_NOWARN)
MakeNameEx(0x0051A7C0, "Script_GetPVPLifetimeStats", SN_NOWARN)
MakeNameEx(0x0051A930, "Script_GetPVPRankInfo", SN_NOWARN)
MakeNameEx(0x0051AA90, "Script_GetPVPRankProgress", SN_NOWARN)
MakeNameEx(0x0051A4B0, "Script_GetPVPSessionStats", SN_NOWARN)
MakeNameEx(0x0051A620, "Script_GetPVPThisWeekStats", SN_NOWARN)
MakeNameEx(0x0051A550, "Script_GetPVPYesterdayStats", SN_NOWARN)
MakeNameEx(0x004AE450, "Script_GetPackageInfo", SN_NOWARN)
MakeNameEx(0x00516FC0, "Script_GetParryChance", SN_NOWARN)
MakeNameEx(0x004E9100, "Script_GetPartyLeaderIndex", SN_NOWARN)
MakeNameEx(0x004E9090, "Script_GetPartyMember", SN_NOWARN)
MakeNameEx(0x004C4690, "Script_GetPastDrawResult", SN_NOWARN)
MakeNameEx(0x004BDFA0, "Script_GetPetActionCooldown", SN_NOWARN)
MakeNameEx(0x004BDC50, "Script_GetPetActionInfo", SN_NOWARN)
MakeNameEx(0x004BE0B0, "Script_GetPetActionsUsable", SN_NOWARN)
MakeNameEx(0x004BE840, "Script_GetPetExperience", SN_NOWARN)
MakeNameEx(0x004BEA10, "Script_GetPetFoodTypes", SN_NOWARN)
MakeNameEx(0x004BE900, "Script_GetPetHappiness", SN_NOWARN)
MakeNameEx(0x004BEB10, "Script_GetPetIcon", SN_NOWARN)
MakeNameEx(0x004BE700, "Script_GetPetLoyalty", SN_NOWARN)
MakeNameEx(0x004BE600, "Script_GetPetTimeRemaining", SN_NOWARN)
MakeNameEx(0x004BE790, "Script_GetPetTrainingPoints", SN_NOWARN)
MakeNameEx(0x004F43D0, "Script_GetPetitionInfo", SN_NOWARN)
MakeNameEx(0x004F4510, "Script_GetPetitionNameInfo", SN_NOWARN)
MakeNameEx(0x004E45D0, "Script_GetPlayerBuff", SN_NOWARN)
MakeNameEx(0x004E48B0, "Script_GetPlayerBuffApplications", SN_NOWARN)
MakeNameEx(0x004E4800, "Script_GetPlayerBuffDispelType", SN_NOWARN)
MakeNameEx(0x004E4740, "Script_GetPlayerBuffTexture", SN_NOWARN)
MakeNameEx(0x004E4930, "Script_GetPlayerBuffTimeLeft", SN_NOWARN)
MakeNameEx(0x004A8610, "Script_GetPlayerMapPosition", SN_NOWARN)
MakeNameEx(0x004C0700, "Script_GetPlayerTradeMoney", SN_NOWARN)
MakeNameEx(0x00501A60, "Script_GetProgressText", SN_NOWARN)
MakeNameEx(0x00502230, "Script_GetQuestBackgroundMaterial", SN_NOWARN)
MakeNameEx(0x004E17D0, "Script_GetQuestGreenRange", SN_NOWARN)
MakeNameEx(0x004E15F0, "Script_GetQuestIndexForTimer", SN_NOWARN)
MakeNameEx(0x004E19B0, "Script_GetQuestIndexForWatch", SN_NOWARN)
MakeNameEx(0x00501F80, "Script_GetQuestItemInfo", SN_NOWARN)
MakeNameEx(0x00502090, "Script_GetQuestItemLink", SN_NOWARN)
MakeNameEx(0x004E0CF0, "Script_GetQuestLogChoiceInfo", SN_NOWARN)
MakeNameEx(0x004E0EE0, "Script_GetQuestLogItemLink", SN_NOWARN)
MakeNameEx(0x004E0110, "Script_GetQuestLogLeaderBoard", SN_NOWARN)
MakeNameEx(0x004E12B0, "Script_GetQuestLogPushable", SN_NOWARN)
MakeNameEx(0x004DFF20, "Script_GetQuestLogQuestText", SN_NOWARN)
MakeNameEx(0x004E1220, "Script_GetQuestLogRequiredMoney", SN_NOWARN)
MakeNameEx(0x004E0B00, "Script_GetQuestLogRewardInfo", SN_NOWARN)
MakeNameEx(0x004E1070, "Script_GetQuestLogRewardMoney", SN_NOWARN)
MakeNameEx(0x004E1130, "Script_GetQuestLogRewardSpell", SN_NOWARN)
MakeNameEx(0x004DFB20, "Script_GetQuestLogSelection", SN_NOWARN)
MakeNameEx(0x004E08A0, "Script_GetQuestLogTimeLeft", SN_NOWARN)
MakeNameEx(0x004DF930, "Script_GetQuestLogTitle", SN_NOWARN)
MakeNameEx(0x00501EA0, "Script_GetQuestMoneyToGet", SN_NOWARN)
MakeNameEx(0x00501D80, "Script_GetQuestReward", SN_NOWARN)
MakeNameEx(0x00501A40, "Script_GetQuestText", SN_NOWARN)
MakeNameEx(0x004E13D0, "Script_GetQuestTimers", SN_NOWARN)
MakeNameEx(0x004BB560, "Script_GetRaidRosterInfo", SN_NOWARN)
MakeNameEx(0x004BB890, "Script_GetRaidRosterSelection", SN_NOWARN)
MakeNameEx(0x004BB4B0, "Script_GetRaidTargetIndex", SN_NOWARN)
MakeNameEx(0x00471980, "Script_GetRandomName", SN_NOWARN)
MakeNameEx(0x0048A0C0, "Script_GetRealZoneText", SN_NOWARN)
MakeNameEx(0x0046F1F0, "Script_GetRealmCategories", SN_NOWARN)
MakeNameEx(0x0046EE40, "Script_GetRealmInfo", SN_NOWARN)
MakeNameEx(0x0048DF90, "Script_GetRealmName", SN_NOWARN)
MakeNameEx(0x0048C0D0, "Script_GetRefreshRates", SN_NOWARN)
MakeNameEx(0x0048B5A0, "Script_GetReleaseTimeRemaining", SN_NOWARN)
MakeNameEx(0x004FBD60, "Script_GetRepairAllCost", SN_NOWARN)
MakeNameEx(0x0051A3A0, "Script_GetResSicknessDuration", SN_NOWARN)
MakeNameEx(0x0048D350, "Script_GetRestState", SN_NOWARN)
MakeNameEx(0x00501DD0, "Script_GetRewardMoney", SN_NOWARN)
MakeNameEx(0x00501DF0, "Script_GetRewardSpell", SN_NOWARN)
MakeNameEx(0x00501A70, "Script_GetRewardText", SN_NOWARN)
MakeNameEx(0x0046CDD0, "Script_GetSavedAccountName", SN_NOWARN)
MakeNameEx(0x004A1920, "Script_GetSavedInstanceInfo", SN_NOWARN)
MakeNameEx(0x0046DD80, "Script_GetScreenHeight", SN_NOWARN)
MakeNameEx(0x0048B4D0, "Script_GetScreenHeight", SN_NOWARN)
MakeNameEx(0x0048BC20, "Script_GetScreenResolutions", SN_NOWARN)
MakeNameEx(0x0046DD30, "Script_GetScreenWidth", SN_NOWARN)
MakeNameEx(0x0048B480, "Script_GetScreenWidth", SN_NOWARN)
MakeNameEx(0x0046DA10, "Script_GetScriptMemory", SN_NOWARN)
MakeNameEx(0x004CFEC0, "Script_GetSelectedAuctionItem", SN_NOWARN)
MakeNameEx(0x004AB360, "Script_GetSelectedBattlefield", SN_NOWARN)
MakeNameEx(0x0046F400, "Script_GetSelectedCategory", SN_NOWARN)
MakeNameEx(0x004716E0, "Script_GetSelectedClass", SN_NOWARN)
MakeNameEx(0x004D6C00, "Script_GetSelectedFaction", SN_NOWARN)
MakeNameEx(0x005AD260, "Script_GetSelectedFriend", SN_NOWARN)
MakeNameEx(0x005AD570, "Script_GetSelectedIgnore", SN_NOWARN)
MakeNameEx(0x00471680, "Script_GetSelectedRace", SN_NOWARN)
MakeNameEx(0x004716B0, "Script_GetSelectedSex", SN_NOWARN)
MakeNameEx(0x004D4090, "Script_GetSelectedSkill", SN_NOWARN)
MakeNameEx(0x004CB810, "Script_GetSelectedStablePet", SN_NOWARN)
MakeNameEx(0x004AE3F0, "Script_GetSelectedStationeryTexture", SN_NOWARN)
MakeNameEx(0x004AE1C0, "Script_GetSendMailCOD", SN_NOWARN)
MakeNameEx(0x004AE590, "Script_GetSendMailItem", SN_NOWARN)
MakeNameEx(0x004AE150, "Script_GetSendMailMoney", SN_NOWARN)
MakeNameEx(0x004AE730, "Script_GetSendMailPrice", SN_NOWARN)
MakeNameEx(0x0046D280, "Script_GetServerName", SN_NOWARN)
MakeNameEx(0x004B49A0, "Script_GetShapeshiftFormCooldown", SN_NOWARN)
MakeNameEx(0x004B45C0, "Script_GetShapeshiftFormInfo", SN_NOWARN)
MakeNameEx(0x004D3610, "Script_GetSkillLineInfo", SN_NOWARN)
MakeNameEx(0x004B4180, "Script_GetSpellAutocast", SN_NOWARN)
MakeNameEx(0x004B40A0, "Script_GetSpellCooldown", SN_NOWARN)
MakeNameEx(0x004B3FE0, "Script_GetSpellName", SN_NOWARN)
MakeNameEx(0x004B3CE0, "Script_GetSpellTabInfo", SN_NOWARN)
MakeNameEx(0x004B3E50, "Script_GetSpellTexture", SN_NOWARN)
MakeNameEx(0x004CBA70, "Script_GetStablePetFoodTypes", SN_NOWARN)
MakeNameEx(0x004CB230, "Script_GetStablePetInfo", SN_NOWARN)
MakeNameEx(0x004AE230, "Script_GetStationeryInfo", SN_NOWARN)
MakeNameEx(0x0048A0E0, "Script_GetSubZoneText", SN_NOWARN)
MakeNameEx(0x0048B720, "Script_GetSummonConfirmAreaName", SN_NOWARN)
MakeNameEx(0x0048B6A0, "Script_GetSummonConfirmSummoner", SN_NOWARN)
MakeNameEx(0x0048B660, "Script_GetSummonConfirmTimeLeft", SN_NOWARN)
MakeNameEx(0x004F5910, "Script_GetTabardCreationCost", SN_NOWARN)
MakeNameEx(0x004F5300, "Script_GetTabardInfo", SN_NOWARN)
MakeNameEx(0x004F3200, "Script_GetTalentInfo", SN_NOWARN)
MakeNameEx(0x004F34D0, "Script_GetTalentPrereqs", SN_NOWARN)
MakeNameEx(0x004F3040, "Script_GetTalentTabInfo", SN_NOWARN)
MakeNameEx(0x004C0750, "Script_GetTargetTradeMoney", SN_NOWARN)
MakeNameEx(0x00488FB0, "Script_GetTerrainMip", SN_NOWARN)
MakeNameEx(0x00489110, "Script_GetTexLodBias", SN_NOWARN)
MakeNameEx(0x00515EA0, "Script_GetTime", SN_NOWARN)
MakeNameEx(0x0048D4B0, "Script_GetTimeToWellRested", SN_NOWARN)
MakeNameEx(0x00501A20, "Script_GetTitleText", SN_NOWARN)
MakeNameEx(0x004E4A20, "Script_GetTrackingTexture", SN_NOWARN)
MakeNameEx(0x004C0450, "Script_GetTradePlayerItemInfo", SN_NOWARN)
MakeNameEx(0x004C0650, "Script_GetTradePlayerItemLink", SN_NOWARN)
MakeNameEx(0x004FDA20, "Script_GetTradeSkillCooldown", SN_NOWARN)
MakeNameEx(0x004FDAE0, "Script_GetTradeSkillIcon", SN_NOWARN)
MakeNameEx(0x004FD820, "Script_GetTradeSkillInfo", SN_NOWARN)
MakeNameEx(0x004FFFD0, "Script_GetTradeSkillInvSlotFilter", SN_NOWARN)
MakeNameEx(0x004FFC20, "Script_GetTradeSkillInvSlots", SN_NOWARN)
MakeNameEx(0x004FF410, "Script_GetTradeSkillItemLink", SN_NOWARN)
MakeNameEx(0x004FDEC0, "Script_GetTradeSkillItemStats", SN_NOWARN)
MakeNameEx(0x004FDD40, "Script_GetTradeSkillLine", SN_NOWARN)
MakeNameEx(0x004FDC50, "Script_GetTradeSkillNumMade", SN_NOWARN)
MakeNameEx(0x004FF510, "Script_GetTradeSkillNumReagents", SN_NOWARN)
MakeNameEx(0x004FF5C0, "Script_GetTradeSkillReagentInfo", SN_NOWARN)
MakeNameEx(0x004FF800, "Script_GetTradeSkillReagentItemLink", SN_NOWARN)
MakeNameEx(0x004FD9F0, "Script_GetTradeSkillSelectionIndex", SN_NOWARN)
MakeNameEx(0x004FFD90, "Script_GetTradeSkillSubClassFilter", SN_NOWARN)
MakeNameEx(0x004FFB60, "Script_GetTradeSkillSubClasses", SN_NOWARN)
MakeNameEx(0x004FF980, "Script_GetTradeSkillTools", SN_NOWARN)
MakeNameEx(0x004C00F0, "Script_GetTradeTargetItemInfo", SN_NOWARN)
MakeNameEx(0x004C0360, "Script_GetTradeTargetItemLink", SN_NOWARN)
MakeNameEx(0x00500230, "Script_GetTradeskillRepeatCount", SN_NOWARN)
MakeNameEx(0x004D8F40, "Script_GetTrainerGreetingText", SN_NOWARN)
MakeNameEx(0x004D8F10, "Script_GetTrainerSelectionIndex", SN_NOWARN)
MakeNameEx(0x004D96E0, "Script_GetTrainerServiceAbilityReq", SN_NOWARN)
MakeNameEx(0x004D92F0, "Script_GetTrainerServiceCost", SN_NOWARN)
MakeNameEx(0x004D9B40, "Script_GetTrainerServiceDescription", SN_NOWARN)
MakeNameEx(0x004D8F50, "Script_GetTrainerServiceIcon", SN_NOWARN)
MakeNameEx(0x004D8DC0, "Script_GetTrainerServiceInfo", SN_NOWARN)
MakeNameEx(0x004D93A0, "Script_GetTrainerServiceLevelReq", SN_NOWARN)
MakeNameEx(0x004D9600, "Script_GetTrainerServiceNumAbilityReq", SN_NOWARN)
MakeNameEx(0x004D9160, "Script_GetTrainerServiceSkillLine", SN_NOWARN)
MakeNameEx(0x004D9410, "Script_GetTrainerServiceSkillReq", SN_NOWARN)
MakeNameEx(0x004DA030, "Script_GetTrainerServiceStepIncrease", SN_NOWARN)
MakeNameEx(0x004D9930, "Script_GetTrainerServiceStepReq", SN_NOWARN)
MakeNameEx(0x004DA510, "Script_GetTrainerServiceTypeFilter", SN_NOWARN)
MakeNameEx(0x004DA590, "Script_GetTrainerSkillLineFilter", SN_NOWARN)
MakeNameEx(0x004DA660, "Script_GetTrainerSkillLines", SN_NOWARN)
MakeNameEx(0x0048DB40, "Script_GetVideoCaps", SN_NOWARN)
MakeNameEx(0x004D6820, "Script_GetWatchedFactionInfo", SN_NOWARN)
MakeNameEx(0x00488EC0, "Script_GetWaterDetail", SN_NOWARN)
MakeNameEx(0x004C9790, "Script_GetWeaponEnchantInfo", SN_NOWARN)
MakeNameEx(0x005AD6E0, "Script_GetWhoInfo", SN_NOWARN)
MakeNameEx(0x00488D70, "Script_GetWorldDetail", SN_NOWARN)
MakeNameEx(0x004A88F0, "Script_GetWorldLocMapPosition", SN_NOWARN)
MakeNameEx(0x004C5A70, "Script_GetWorldStateUIInfo", SN_NOWARN)
MakeNameEx(0x0048D3F0, "Script_GetXPExhaustion", SN_NOWARN)
MakeNameEx(0x0048D540, "Script_GetZonePVPInfo", SN_NOWARN)
MakeNameEx(0x0048A0A0, "Script_GetZoneText", SN_NOWARN)
MakeNameEx(0x004C2FD0, "Script_GiveMasterLoot", SN_NOWARN)
MakeNameEx(0x004D2210, "Script_GuildControlAddRank", SN_NOWARN)
MakeNameEx(0x004D22E0, "Script_GuildControlDelRank", SN_NOWARN)
MakeNameEx(0x004D1E60, "Script_GuildControlGetNumRanks", SN_NOWARN)
MakeNameEx(0x004D1FE0, "Script_GuildControlGetRankFlags", SN_NOWARN)
MakeNameEx(0x004D1E90, "Script_GuildControlGetRankName", SN_NOWARN)
MakeNameEx(0x004D20D0, "Script_GuildControlSaveRank", SN_NOWARN)
MakeNameEx(0x004D1FA0, "Script_GuildControlSetRank", SN_NOWARN)
MakeNameEx(0x004D2070, "Script_GuildControlSetRankFlag", SN_NOWARN)
MakeNameEx(0x0048B0F0, "Script_GuildDemoteByName", SN_NOWARN)
MakeNameEx(0x0048B3A0, "Script_GuildDisband", SN_NOWARN)
MakeNameEx(0x0048B410, "Script_GuildInfo", SN_NOWARN)
MakeNameEx(0x0048AEF0, "Script_GuildInviteByName", SN_NOWARN)
MakeNameEx(0x0048B330, "Script_GuildLeave", SN_NOWARN)
MakeNameEx(0x0048B050, "Script_GuildPromoteByName", SN_NOWARN)
MakeNameEx(0x004D2360, "Script_GuildRoster", SN_NOWARN)
MakeNameEx(0x004D1700, "Script_GuildRosterSetOfficerNote", SN_NOWARN)
MakeNameEx(0x004D15E0, "Script_GuildRosterSetPublicNote", SN_NOWARN)
MakeNameEx(0x0048B190, "Script_GuildSetLeaderByName", SN_NOWARN)
MakeNameEx(0x0048B270, "Script_GuildSetMOTD", SN_NOWARN)
MakeNameEx(0x0048AFB0, "Script_GuildUninviteByName", SN_NOWARN)
MakeNameEx(0x004E70D0, "Script_HasAction", SN_NOWARN)
MakeNameEx(0x00471820, "Script_HasCharCustomization", SN_NOWARN)
MakeNameEx(0x0051A120, "Script_HasFullControl", SN_NOWARN)
MakeNameEx(0x004C95E0, "Script_HasInspectHonorData", SN_NOWARN)
MakeNameEx(0x0048AE90, "Script_HasKey", SN_NOWARN)
MakeNameEx(0x004AFEA0, "Script_HasNewMail", SN_NOWARN)
MakeNameEx(0x004B4410, "Script_HasPetSpells", SN_NOWARN)
MakeNameEx(0x004BE670, "Script_HasPetUI", SN_NOWARN)
MakeNameEx(0x0048AC80, "Script_HasSoulstone", SN_NOWARN)
MakeNameEx(0x004C99A0, "Script_HasWandEquipped", SN_NOWARN)
MakeNameEx(0x0046DB70, "Script_HideCursor", SN_NOWARN)
MakeNameEx(0x00489480, "Script_HideFriendNameplates", SN_NOWARN)
MakeNameEx(0x00489460, "Script_HideNameplates", SN_NOWARN)
MakeNameEx(0x004FBD00, "Script_HideRepairCursor", SN_NOWARN)
MakeNameEx(0x0048C930, "Script_InCinematic", SN_NOWARN)
MakeNameEx(0x004FBD30, "Script_InRepairMode", SN_NOWARN)
MakeNameEx(0x004AFE00, "Script_InboxItemCanDelete", SN_NOWARN)
MakeNameEx(0x0048A120, "Script_InitiateTrade", SN_NOWARN)
MakeNameEx(0x0048A420, "Script_InviteByName", SN_NOWARN)
MakeNameEx(0x0048A3B0, "Script_InviteToParty", SN_NOWARN)
MakeNameEx(0x004E7550, "Script_IsActionInRange", SN_NOWARN)
MakeNameEx(0x0048E840, "Script_IsAddOnLoadOnDemand", SN_NOWARN)
MakeNameEx(0x0048E8E0, "Script_IsAddOnLoaded", SN_NOWARN)
MakeNameEx(0x0046D9B0, "Script_IsAddonVersionCheckEnabled", SN_NOWARN)
MakeNameEx(0x00488600, "Script_IsAltKeyDown", SN_NOWARN)
MakeNameEx(0x004E7280, "Script_IsAttackAction", SN_NOWARN)
MakeNameEx(0x004D0030, "Script_IsAuctionSortReversed", SN_NOWARN)
MakeNameEx(0x004E7360, "Script_IsAutoRepeatAction", SN_NOWARN)
MakeNameEx(0x0046D380, "Script_IsConnectedToServer", SN_NOWARN)
MakeNameEx(0x004E7470, "Script_IsConsumableAction", SN_NOWARN)
MakeNameEx(0x004885C0, "Script_IsControlKeyDown", SN_NOWARN)
MakeNameEx(0x004E72F0, "Script_IsCurrentAction", SN_NOWARN)
MakeNameEx(0x004B4370, "Script_IsCurrentCast", SN_NOWARN)
MakeNameEx(0x004E0960, "Script_IsCurrentQuestFailed", SN_NOWARN)
MakeNameEx(0x004E74E0, "Script_IsEquippedAction", SN_NOWARN)
MakeNameEx(0x004D6AF0, "Script_IsFactionInactive", SN_NOWARN)
MakeNameEx(0x004C2EE0, "Script_IsFishingLoot", SN_NOWARN)
MakeNameEx(0x00516E40, "Script_IsGuildLeader", SN_NOWARN)
MakeNameEx(0x00516DE0, "Script_IsInGuild", SN_NOWARN)
MakeNameEx(0x0048A750, "Script_IsInInstance", SN_NOWARN)
MakeNameEx(0x004CA570, "Script_IsInMeetingStoneQueue", SN_NOWARN)
MakeNameEx(0x004C8E60, "Script_IsInventoryItemLocked", SN_NOWARN)
MakeNameEx(0x0048C990, "Script_IsLinuxClient", SN_NOWARN)
MakeNameEx(0x0048C980, "Script_IsMacClient", SN_NOWARN)
MakeNameEx(0x00514270, "Script_IsMouselooking", SN_NOWARN)
MakeNameEx(0x004E9130, "Script_IsPartyLeader", SN_NOWARN)
MakeNameEx(0x004BE0E0, "Script_IsPetAttackActive", SN_NOWARN)
MakeNameEx(0x00501D40, "Script_IsQuestCompletable", SN_NOWARN)
MakeNameEx(0x004E1890, "Script_IsQuestWatched", SN_NOWARN)
MakeNameEx(0x004BB8C0, "Script_IsRaidLeader", SN_NOWARN)
MakeNameEx(0x004BB910, "Script_IsRaidOfficer", SN_NOWARN)
MakeNameEx(0x00516EA0, "Script_IsResting", SN_NOWARN)
MakeNameEx(0x00488590, "Script_IsShiftKeyDown", SN_NOWARN)
MakeNameEx(0x004B44E0, "Script_IsSpellPassive", SN_NOWARN)
MakeNameEx(0x004D8ED0, "Script_IsTalentTrainer", SN_NOWARN)
MakeNameEx(0x004D8EA0, "Script_IsTradeskillTrainer", SN_NOWARN)
MakeNameEx(0x004D9E70, "Script_IsTrainerServiceLearnSpell", SN_NOWARN)
MakeNameEx(0x004D9DD0, "Script_IsTrainerServiceSkillStep", SN_NOWARN)
MakeNameEx(0x004D9F70, "Script_IsTrainerServiceTradeSkill", SN_NOWARN)
MakeNameEx(0x004DFE10, "Script_IsUnitOnQuest", SN_NOWARN)
MakeNameEx(0x004E73D0, "Script_IsUsableAction", SN_NOWARN)
MakeNameEx(0x004C43D0, "Script_IsVendorActive", SN_NOWARN)
MakeNameEx(0x0048C960, "Script_IsWindowsClient", SN_NOWARN)
MakeNameEx(0x004E3940, "Script_ItemTextGetCreator", SN_NOWARN)
MakeNameEx(0x004E38F0, "Script_ItemTextGetItem", SN_NOWARN)
MakeNameEx(0x004E39F0, "Script_ItemTextGetMaterial", SN_NOWARN)
MakeNameEx(0x004E3AD0, "Script_ItemTextGetPage", SN_NOWARN)
MakeNameEx(0x004E3B00, "Script_ItemTextGetText", SN_NOWARN)
MakeNameEx(0x004E3B10, "Script_ItemTextHasNextPage", SN_NOWARN)
MakeNameEx(0x004E3B60, "Script_ItemTextNextPage", SN_NOWARN)
MakeNameEx(0x004E3B50, "Script_ItemTextPrevPage", SN_NOWARN)
MakeNameEx(0x004AB290, "Script_JoinBattlefield", SN_NOWARN)
MakeNameEx(0x0049FF00, "Script_JoinChannelByName", SN_NOWARN)
MakeNameEx(0x00513BD0, "Script_Jump", SN_NOWARN)
MakeNameEx(0x004C8150, "Script_KeyRingButtonIDToInvSlotID", SN_NOWARN)
MakeNameEx(0x004E9760, "Script_LFGQuery", SN_NOWARN)
MakeNameEx(0x0046D5E0, "Script_LaunchAddOnURL", SN_NOWARN)
MakeNameEx(0x0046CF60, "Script_LaunchURL", SN_NOWARN)
MakeNameEx(0x004F36A0, "Script_LearnTalent", SN_NOWARN)
MakeNameEx(0x004ABE60, "Script_LeaveBattlefield", SN_NOWARN)
MakeNameEx(0x004A0000, "Script_LeaveChannelByName", SN_NOWARN)
MakeNameEx(0x004E9180, "Script_LeaveParty", SN_NOWARN)
MakeNameEx(0x004A00D0, "Script_ListChannelByName", SN_NOWARN)
MakeNameEx(0x004A01C0, "Script_ListChannels", SN_NOWARN)
MakeNameEx(0x0048E980, "Script_LoadAddOn", SN_NOWARN)
MakeNameEx(0x004B8220, "Script_LoadBindings", SN_NOWARN)
MakeNameEx(0x0049FE40, "Script_LoggingChat", SN_NOWARN)
MakeNameEx(0x0049FEF0, "Script_LoggingCombat", SN_NOWARN)
MakeNameEx(0x00489390, "Script_Logout", SN_NOWARN)
MakeNameEx(0x004C2E70, "Script_LootSlot", SN_NOWARN)
MakeNameEx(0x004C2E00, "Script_LootSlotIsCoin", SN_NOWARN)
MakeNameEx(0x004C2D90, "Script_LootSlotIsItem", SN_NOWARN)
MakeNameEx(0x004C4D80, "Script_MakeMinigameMove", SN_NOWARN)
MakeNameEx(0x00514210, "Script_MouselookStart", SN_NOWARN)
MakeNameEx(0x00514240, "Script_MouselookStop", SN_NOWARN)
MakeNameEx(0x00513E80, "Script_MoveBackwardStart", SN_NOWARN)
MakeNameEx(0x00513EB0, "Script_MoveBackwardStop", SN_NOWARN)
MakeNameEx(0x00513E20, "Script_MoveForwardStart", SN_NOWARN)
MakeNameEx(0x00513E50, "Script_MoveForwardStop", SN_NOWARN)
MakeNameEx(0x0050B580, "Script_MoveViewDownStart", SN_NOWARN)
MakeNameEx(0x0050B590, "Script_MoveViewDownStop", SN_NOWARN)
MakeNameEx(0x0050B4A0, "Script_MoveViewInStart", SN_NOWARN)
MakeNameEx(0x0050B4D0, "Script_MoveViewInStop", SN_NOWARN)
MakeNameEx(0x0050B540, "Script_MoveViewLeftStart", SN_NOWARN)
MakeNameEx(0x0050B550, "Script_MoveViewLeftStop", SN_NOWARN)
MakeNameEx(0x0050B500, "Script_MoveViewOutStart", SN_NOWARN)
MakeNameEx(0x0050B510, "Script_MoveViewOutStop", SN_NOWARN)
MakeNameEx(0x0050B520, "Script_MoveViewRightStart", SN_NOWARN)
MakeNameEx(0x0050B530, "Script_MoveViewRightStop", SN_NOWARN)
MakeNameEx(0x0050B560, "Script_MoveViewUpStart", SN_NOWARN)
MakeNameEx(0x0050B570, "Script_MoveViewUpStop", SN_NOWARN)
MakeNameEx(0x0048C9D0, "Script_NewGMTicket", SN_NOWARN)
MakeNameEx(0x0050B680, "Script_NextView", SN_NOWARN)
MakeNameEx(0x0048EBE0, "Script_NoPlayTime", SN_NOWARN)
MakeNameEx(0x0048D340, "Script_NotWhileDeadError", SN_NOWARN)
MakeNameEx(0x0048A310, "Script_NotifyInspect", SN_NOWARN)
MakeNameEx(0x004DCB00, "Script_NumTaxiNodes", SN_NOWARN)
MakeNameEx(0x004F4790, "Script_OfferPetition", SN_NOWARN)
MakeNameEx(0x004C9570, "Script_OffhandHasWeapon", SN_NOWARN)
MakeNameEx(0x004D8CF0, "Script_OpenTrainer", SN_NOWARN)
MakeNameEx(0x0048C8C0, "Script_OpeningCinematic", SN_NOWARN)
MakeNameEx(0x0046D1C0, "Script_PINEntered", SN_NOWARN)
MakeNameEx(0x0048EB70, "Script_PartialPlayTime", SN_NOWARN)
MakeNameEx(0x0046D410, "Script_PatchDownloadApply", SN_NOWARN)
MakeNameEx(0x0046D400, "Script_PatchDownloadCancel", SN_NOWARN)
MakeNameEx(0x0046D3E0, "Script_PatchDownloadProgress", SN_NOWARN)
MakeNameEx(0x004BE4C0, "Script_PetAbandon", SN_NOWARN)
MakeNameEx(0x004BE470, "Script_PetAggressiveMode", SN_NOWARN)
MakeNameEx(0x004BE4A0, "Script_PetAttack", SN_NOWARN)
MakeNameEx(0x004BE500, "Script_PetCanBeAbandoned", SN_NOWARN)
MakeNameEx(0x004BE580, "Script_PetCanBeRenamed", SN_NOWARN)
MakeNameEx(0x004BE460, "Script_PetDefensiveMode", SN_NOWARN)
MakeNameEx(0x004BE4D0, "Script_PetDismiss", SN_NOWARN)
MakeNameEx(0x004BE490, "Script_PetFollow", SN_NOWARN)
MakeNameEx(0x004BDC20, "Script_PetHasActionBar", SN_NOWARN)
MakeNameEx(0x004BE450, "Script_PetPassiveMode", SN_NOWARN)
MakeNameEx(0x004BE4E0, "Script_PetRename", SN_NOWARN)
MakeNameEx(0x004BE4B0, "Script_PetStopAttack", SN_NOWARN)
MakeNameEx(0x004BE480, "Script_PetWait", SN_NOWARN)
MakeNameEx(0x004E71D0, "Script_PickupAction", SN_NOWARN)
MakeNameEx(0x004C8FA0, "Script_PickupBagFromSlot", SN_NOWARN)
MakeNameEx(0x004F9B30, "Script_PickupContainerItem", SN_NOWARN)
MakeNameEx(0x004C8DA0, "Script_PickupInventoryItem", SN_NOWARN)
MakeNameEx(0x004F1AE0, "Script_PickupMacro", SN_NOWARN)
MakeNameEx(0x004FB760, "Script_PickupMerchantItem", SN_NOWARN)
MakeNameEx(0x004BE180, "Script_PickupPetAction", SN_NOWARN)
MakeNameEx(0x0048ABC0, "Script_PickupPlayerMoney", SN_NOWARN)
MakeNameEx(0x004B42A0, "Script_PickupSpell", SN_NOWARN)
MakeNameEx(0x004CB7A0, "Script_PickupStablePet", SN_NOWARN)
MakeNameEx(0x004C0790, "Script_PickupTradeMoney", SN_NOWARN)
MakeNameEx(0x005140C0, "Script_PitchDownStart", SN_NOWARN)
MakeNameEx(0x005140F0, "Script_PitchDownStop", SN_NOWARN)
MakeNameEx(0x00514060, "Script_PitchUpStart", SN_NOWARN)
MakeNameEx(0x00514090, "Script_PitchUpStop", SN_NOWARN)
MakeNameEx(0x004E7240, "Script_PlaceAction", SN_NOWARN)
MakeNameEx(0x004CF610, "Script_PlaceAuctionBid", SN_NOWARN)
MakeNameEx(0x0046CEF0, "Script_PlayCreditsMusic", SN_NOWARN)
MakeNameEx(0x0046CEB0, "Script_PlayGlueMusic", SN_NOWARN)
MakeNameEx(0x00458720, "Script_PlayMusic", SN_NOWARN)
MakeNameEx(0x004586D0, "Script_PlaySound", SN_NOWARN)
MakeNameEx(0x00458780, "Script_PlaySoundFile", SN_NOWARN)
MakeNameEx(0x004B43F0, "Script_PlayerHasSpells", SN_NOWARN)
MakeNameEx(0x004A8F20, "Script_PositionMiniWorldMapArrowFrame", SN_NOWARN)
MakeNameEx(0x004A8D20, "Script_PositionWorldMapArrowFrame", SN_NOWARN)
MakeNameEx(0x0050B690, "Script_PrevView", SN_NOWARN)
MakeNameEx(0x004A7F30, "Script_ProcessMapClick", SN_NOWARN)
MakeNameEx(0x0048A830, "Script_PromoteByName", SN_NOWARN)
MakeNameEx(0x004BBD20, "Script_PromoteToAssistant", SN_NOWARN)
MakeNameEx(0x0048A7C0, "Script_PromoteToPartyLeader", SN_NOWARN)
MakeNameEx(0x004F86B0, "Script_PurchaseSlot", SN_NOWARN)
MakeNameEx(0x004C8F70, "Script_PutItemInBackpack", SN_NOWARN)
MakeNameEx(0x004C8F00, "Script_PutItemInBag", SN_NOWARN)
MakeNameEx(0x004CE980, "Script_QueryAuctionItems", SN_NOWARN)
MakeNameEx(0x005021A0, "Script_QuestChooseRewardError", SN_NOWARN)
MakeNameEx(0x004E1340, "Script_QuestLogPushQuest", SN_NOWARN)
MakeNameEx(0x004893B0, "Script_Quit", SN_NOWARN)
MakeNameEx(0x0046CEA0, "Script_QuitGame", SN_NOWARN)
MakeNameEx(0x0048C7B0, "Script_RandomRoll", SN_NOWARN)
MakeNameEx(0x00471900, "Script_RandomizeCharCustomization", SN_NOWARN)
MakeNameEx(0x00515F50, "Script_ReadFile", SN_NOWARN)
MakeNameEx(0x0046ED20, "Script_RealmListDialogCancelled", SN_NOWARN)
MakeNameEx(0x00488B00, "Script_RegisterCVar", SN_NOWARN)
MakeNameEx(0x004884E0, "Script_RegisterForSave", SN_NOWARN)
MakeNameEx(0x004884D0, "Script_ReloadUI", SN_NOWARN)
MakeNameEx(0x004A1260, "Script_RemoveChatWindowChannel", SN_NOWARN)
MakeNameEx(0x004A0F40, "Script_RemoveChatWindowMessages", SN_NOWARN)
MakeNameEx(0x005AD2D0, "Script_RemoveFriend", SN_NOWARN)
MakeNameEx(0x004E1970, "Script_RemoveQuestWatch", SN_NOWARN)
MakeNameEx(0x004D3C70, "Script_RemoveSkillUp", SN_NOWARN)
MakeNameEx(0x00473520, "Script_RenameCharacter", SN_NOWARN)
MakeNameEx(0x004F4930, "Script_RenamePetition", SN_NOWARN)
MakeNameEx(0x004FBFE0, "Script_RepairAllItems", SN_NOWARN)
MakeNameEx(0x0048D300, "Script_ReplaceEnchant", SN_NOWARN)
MakeNameEx(0x0048D330, "Script_ReplaceTradeEnchant", SN_NOWARN)
MakeNameEx(0x0048A970, "Script_RepopMe", SN_NOWARN)
MakeNameEx(0x004ABEF0, "Script_RequestBattlefieldPositions", SN_NOWARN)
MakeNameEx(0x004AB990, "Script_RequestBattlefieldScoreData", SN_NOWARN)
MakeNameEx(0x004C9610, "Script_RequestInspectHonorData", SN_NOWARN)
MakeNameEx(0x004A1850, "Script_RequestRaidInfo", SN_NOWARN)
MakeNameEx(0x0046ECF0, "Script_RequestRealmList", SN_NOWARN)
MakeNameEx(0x0048A900, "Script_RequestTimePlayed", SN_NOWARN)
MakeNameEx(0x0046D9A0, "Script_ResetAddOns", SN_NOWARN)
MakeNameEx(0x004713E0, "Script_ResetCharCustomize", SN_NOWARN)
MakeNameEx(0x004A09E0, "Script_ResetChatColors", SN_NOWARN)
MakeNameEx(0x0048AC70, "Script_ResetCursor", SN_NOWARN)
MakeNameEx(0x0048E830, "Script_ResetDisabledAddOns", SN_NOWARN)
MakeNameEx(0x0048A6B0, "Script_ResetInstances", SN_NOWARN)
MakeNameEx(0x00489430, "Script_ResetPerformanceValues", SN_NOWARN)
MakeNameEx(0x004B5A10, "Script_ResetTutorials", SN_NOWARN)
MakeNameEx(0x0050B640, "Script_ResetView", SN_NOWARN)
MakeNameEx(0x0048DAB0, "Script_RestartGx", SN_NOWARN)
MakeNameEx(0x0048DAD0, "Script_RestoreVideoDefaults", SN_NOWARN)
MakeNameEx(0x0048AA00, "Script_ResurrectHasSickness", SN_NOWARN)
MakeNameEx(0x0048AA30, "Script_ResurrectHasTimer", SN_NOWARN)
MakeNameEx(0x0048D260, "Script_RetrieveCorpse", SN_NOWARN)
MakeNameEx(0x004AFBA0, "Script_ReturnInboxItem", SN_NOWARN)
MakeNameEx(0x004C3370, "Script_RollOnLoot", SN_NOWARN)
MakeNameEx(0x004B8180, "Script_RunBinding", SN_NOWARN)
MakeNameEx(0x0048B980, "Script_RunScript", SN_NOWARN)
MakeNameEx(0x0046D990, "Script_SaveAddOns", SN_NOWARN)
MakeNameEx(0x004B8260, "Script_SaveBindings", SN_NOWARN)
MakeNameEx(0x0050B600, "Script_SaveView", SN_NOWARN)
MakeNameEx(0x0046D0B0, "Script_ScanningAccepted", SN_NOWARN)
MakeNameEx(0x0046D3D0, "Script_Screenshot", SN_NOWARN)
MakeNameEx(0x004893D0, "Script_Screenshot", SN_NOWARN)
MakeNameEx(0x00501CE0, "Script_SelectActiveQuest", SN_NOWARN)
MakeNameEx(0x00501CA0, "Script_SelectAvailableQuest", SN_NOWARN)
MakeNameEx(0x00473470, "Script_SelectCharacter", SN_NOWARN)
MakeNameEx(0x004F70F0, "Script_SelectCraft", SN_NOWARN)
MakeNameEx(0x004E2AE0, "Script_SelectGossipActiveQuest", SN_NOWARN)
MakeNameEx(0x004E2AA0, "Script_SelectGossipAvailableQuest", SN_NOWARN)
MakeNameEx(0x004E2A30, "Script_SelectGossipOption", SN_NOWARN)
MakeNameEx(0x004AE550, "Script_SelectPackage", SN_NOWARN)
MakeNameEx(0x004DFAE0, "Script_SelectQuestLogEntry", SN_NOWARN)
MakeNameEx(0x004AE380, "Script_SelectStationery", SN_NOWARN)
MakeNameEx(0x004FD9B0, "Script_SelectTradeSkill", SN_NOWARN)
MakeNameEx(0x004D8E60, "Script_SelectTrainerService", SN_NOWARN)
MakeNameEx(0x0049F920, "Script_SendAddonMessage", SN_NOWARN)
MakeNameEx(0x0049F1E0, "Script_SendChatMessage", SN_NOWARN)
MakeNameEx(0x004AE800, "Script_SendMail", SN_NOWARN)
MakeNameEx(0x005AD3B0, "Script_SendWho", SN_NOWARN)
MakeNameEx(0x004DFB50, "Script_SetAbandonQuest", SN_NOWARN)
MakeNameEx(0x004E76E0, "Script_SetActionBarToggles", SN_NOWARN)
MakeNameEx(0x0046D9E0, "Script_SetAddonVersionCheck", SN_NOWARN)
MakeNameEx(0x004FA4F0, "Script_SetBagPortaitTexture", SN_NOWARN)
MakeNameEx(0x004892B0, "Script_SetBaseMip", SN_NOWARN)
MakeNameEx(0x004ABC90, "Script_SetBattlefieldScoreFaction", SN_NOWARN)
MakeNameEx(0x004B8000, "Script_SetBinding", SN_NOWARN)
MakeNameEx(0x00488C10, "Script_SetCVar", SN_NOWARN)
MakeNameEx(0x004A0490, "Script_SetChannelOwner", SN_NOWARN)
MakeNameEx(0x004A03A0, "Script_SetChannelPassword", SN_NOWARN)
MakeNameEx(0x004713A0, "Script_SetCharCustomizeBackground", SN_NOWARN)
MakeNameEx(0x00471330, "Script_SetCharCustomizeFrame", SN_NOWARN)
MakeNameEx(0x00473230, "Script_SetCharSelectBackground", SN_NOWARN)
MakeNameEx(0x004731C0, "Script_SetCharSelectModelFrame", SN_NOWARN)
MakeNameEx(0x00471930, "Script_SetCharacterCreateFacing", SN_NOWARN)
MakeNameEx(0x00473670, "Script_SetCharacterSelectFacing", SN_NOWARN)
MakeNameEx(0x004A15D0, "Script_SetChatWindowAlpha", SN_NOWARN)
MakeNameEx(0x004A14F0, "Script_SetChatWindowColor", SN_NOWARN)
MakeNameEx(0x004A16B0, "Script_SetChatWindowDocked", SN_NOWARN)
MakeNameEx(0x004A1650, "Script_SetChatWindowLocked", SN_NOWARN)
MakeNameEx(0x004A13F0, "Script_SetChatWindowName", SN_NOWARN)
MakeNameEx(0x004A1730, "Script_SetChatWindowShown", SN_NOWARN)
MakeNameEx(0x004A1470, "Script_SetChatWindowSize", SN_NOWARN)
MakeNameEx(0x00488640, "Script_SetConsoleKey", SN_NOWARN)
MakeNameEx(0x0046CE60, "Script_SetCurrentScreen", SN_NOWARN)
MakeNameEx(0x00489490, "Script_SetCursor", SN_NOWARN)
MakeNameEx(0x00489090, "Script_SetDoodadAnim", SN_NOWARN)
MakeNameEx(0x0048DEC0, "Script_SetEuropeanNumbers", SN_NOWARN)
MakeNameEx(0x004D6A00, "Script_SetFactionActive", SN_NOWARN)
MakeNameEx(0x004D69B0, "Script_SetFactionInactive", SN_NOWARN)
MakeNameEx(0x00488F30, "Script_SetFarclip", SN_NOWARN)
MakeNameEx(0x004891F0, "Script_SetGamma", SN_NOWARN)
MakeNameEx(0x004D2380, "Script_SetGuildInfoText", SN_NOWARN)
MakeNameEx(0x004A0060, "Script_SetGuildRecruitmentMode", SN_NOWARN)
MakeNameEx(0x004D1820, "Script_SetGuildRosterSelection", SN_NOWARN)
MakeNameEx(0x004D1E10, "Script_SetGuildRosterShowOffline", SN_NOWARN)
MakeNameEx(0x004C9150, "Script_SetInventoryPortaitTexture", SN_NOWARN)
MakeNameEx(0x00488540, "Script_SetLayoutMode", SN_NOWARN)
MakeNameEx(0x004E96B0, "Script_SetLookingForGroup", SN_NOWARN)
MakeNameEx(0x004E92A0, "Script_SetLootMethod", SN_NOWARN)
MakeNameEx(0x004C2B40, "Script_SetLootPortrait", SN_NOWARN)
MakeNameEx(0x004E9500, "Script_SetLootThreshold", SN_NOWARN)
MakeNameEx(0x004A7E20, "Script_SetMapToCurrentZone", SN_NOWARN)
MakeNameEx(0x004A7DB0, "Script_SetMapZoom", SN_NOWARN)
MakeNameEx(0x0046DB80, "Script_SetMovieSubtitles", SN_NOWARN)
MakeNameEx(0x0048C640, "Script_SetMultisampleFormat", SN_NOWARN)
MakeNameEx(0x004CB870, "Script_SetPetStablePaperdoll", SN_NOWARN)
MakeNameEx(0x00519EF0, "Script_SetPortraitTexture", SN_NOWARN)
MakeNameEx(0x0048D780, "Script_SetPortraitToTexture", SN_NOWARN)
MakeNameEx(0x0046F2C0, "Script_SetPreferredInfo", SN_NOWARN)
MakeNameEx(0x004BB820, "Script_SetRaidRosterSelection", SN_NOWARN)
MakeNameEx(0x004BB990, "Script_SetRaidSubgroup", SN_NOWARN)
MakeNameEx(0x004BBEC0, "Script_SetRaidTarget", SN_NOWARN)
MakeNameEx(0x0046CDF0, "Script_SetSavedAccountName", SN_NOWARN)
MakeNameEx(0x0048BFD0, "Script_SetScreenResolution", SN_NOWARN)
MakeNameEx(0x0046DA50, "Script_SetScriptMemory", SN_NOWARN)
MakeNameEx(0x004CFDA0, "Script_SetSelectedAuctionItem", SN_NOWARN)
MakeNameEx(0x004AB300, "Script_SetSelectedBattlefield", SN_NOWARN)
MakeNameEx(0x004717C0, "Script_SetSelectedClass", SN_NOWARN)
MakeNameEx(0x004D6BB0, "Script_SetSelectedFaction", SN_NOWARN)
MakeNameEx(0x005AD210, "Script_SetSelectedFriend", SN_NOWARN)
MakeNameEx(0x005AD520, "Script_SetSelectedIgnore", SN_NOWARN)
MakeNameEx(0x00471740, "Script_SetSelectedRace", SN_NOWARN)
MakeNameEx(0x00471780, "Script_SetSelectedSex", SN_NOWARN)
MakeNameEx(0x004D4020, "Script_SetSelectedSkill", SN_NOWARN)
MakeNameEx(0x004AE180, "Script_SetSendMailCOD", SN_NOWARN)
MakeNameEx(0x004AE0F0, "Script_SetSendMailMoney", SN_NOWARN)
MakeNameEx(0x004DCA50, "Script_SetTaxiMap", SN_NOWARN)
MakeNameEx(0x00488FE0, "Script_SetTerrainMip", SN_NOWARN)
MakeNameEx(0x00489140, "Script_SetTexLodBias", SN_NOWARN)
MakeNameEx(0x004C0820, "Script_SetTradeMoney", SN_NOWARN)
MakeNameEx(0x004FFE60, "Script_SetTradeSkillInvSlotFilter", SN_NOWARN)
MakeNameEx(0x004FFC70, "Script_SetTradeSkillSubClassFilter", SN_NOWARN)
MakeNameEx(0x004DA260, "Script_SetTrainerServiceTypeFilter", SN_NOWARN)
MakeNameEx(0x004DA3F0, "Script_SetTrainerSkillLineFilter", SN_NOWARN)
MakeNameEx(0x0050B5B0, "Script_SetView", SN_NOWARN)
MakeNameEx(0x004D6B60, "Script_SetWatchedFactionIndex", SN_NOWARN)
MakeNameEx(0x00488ED0, "Script_SetWaterDetail", SN_NOWARN)
MakeNameEx(0x005AD870, "Script_SetWhoToUI", SN_NOWARN)
MakeNameEx(0x00488DD0, "Script_SetWorldDetail", SN_NOWARN)
MakeNameEx(0x0048C270, "Script_SetupFullscreenScale", SN_NOWARN)
MakeNameEx(0x004AB8C0, "Script_ShowBattlefieldList", SN_NOWARN)
MakeNameEx(0x004FBBB0, "Script_ShowBuybackSellCursor", SN_NOWARN)
MakeNameEx(0x0048DE70, "Script_ShowCloak", SN_NOWARN)
MakeNameEx(0x004FA460, "Script_ShowContainerSellCursor", SN_NOWARN)
MakeNameEx(0x0046D0F0, "Script_ShowContestNotice", SN_NOWARN)
MakeNameEx(0x0046DB60, "Script_ShowCursor", SN_NOWARN)
MakeNameEx(0x0046D010, "Script_ShowEULANotice", SN_NOWARN)
MakeNameEx(0x00489470, "Script_ShowFriendNameplates", SN_NOWARN)
MakeNameEx(0x005AD340, "Script_ShowFriends", SN_NOWARN)
MakeNameEx(0x0048DE20, "Script_ShowHelm", SN_NOWARN)
MakeNameEx(0x0048AC60, "Script_ShowInspectCursor", SN_NOWARN)
MakeNameEx(0x004C90B0, "Script_ShowInventorySellCursor", SN_NOWARN)
MakeNameEx(0x004FBAB0, "Script_ShowMerchantSellCursor", SN_NOWARN)
MakeNameEx(0x004A9170, "Script_ShowMiniWorldMapArrowFrame", SN_NOWARN)
MakeNameEx(0x00489450, "Script_ShowNameplates", SN_NOWARN)
MakeNameEx(0x004FBCC0, "Script_ShowRepairCursor", SN_NOWARN)
MakeNameEx(0x0046D080, "Script_ShowScanningNotice", SN_NOWARN)
MakeNameEx(0x0046CFA0, "Script_ShowTOSNotice", SN_NOWARN)
MakeNameEx(0x004A9120, "Script_ShowWorldMapArrowFrame", SN_NOWARN)
MakeNameEx(0x0048DDC0, "Script_ShowingCloak", SN_NOWARN)
MakeNameEx(0x0048DD60, "Script_ShowingHelm", SN_NOWARN)
MakeNameEx(0x004F46D0, "Script_SignPetition", SN_NOWARN)
MakeNameEx(0x0048B920, "Script_SitOrStand", SN_NOWARN)
MakeNameEx(0x004CFC00, "Script_SortAuctionItems", SN_NOWARN)
MakeNameEx(0x004D1CB0, "Script_SortGuildRoster", SN_NOWARN)
MakeNameEx(0x0046F330, "Script_SortRealms", SN_NOWARN)
MakeNameEx(0x005AD890, "Script_SortWho", SN_NOWARN)
MakeNameEx(0x006E6D00, "Script_SpellCanTargetUnit", SN_NOWARN)
MakeNameEx(0x006E6CD0, "Script_SpellIsTargeting", SN_NOWARN)
MakeNameEx(0x006E6E80, "Script_SpellStopCasting", SN_NOWARN)
MakeNameEx(0x006E6E30, "Script_SpellStopTargeting", SN_NOWARN)
MakeNameEx(0x006E6D90, "Script_SpellTargetUnit", SN_NOWARN)
MakeNameEx(0x004F9F70, "Script_SplitContainerItem", SN_NOWARN)
MakeNameEx(0x004CAE50, "Script_StablePet", SN_NOWARN)
MakeNameEx(0x004CE770, "Script_StartAuction", SN_NOWARN)
MakeNameEx(0x004D4C40, "Script_StartDuel", SN_NOWARN)
MakeNameEx(0x004D4C90, "Script_StartDuelUnit", SN_NOWARN)
MakeNameEx(0x0046D270, "Script_StatusDialogClick", SN_NOWARN)
MakeNameEx(0x0048B970, "Script_StopCinematic", SN_NOWARN)
MakeNameEx(0x0046CF00, "Script_StopGlueMusic", SN_NOWARN)
MakeNameEx(0x00458770, "Script_StopMusic", SN_NOWARN)
MakeNameEx(0x00513FA0, "Script_StrafeLeftStart", SN_NOWARN)
MakeNameEx(0x00513FD0, "Script_StrafeLeftStop", SN_NOWARN)
MakeNameEx(0x00514000, "Script_StrafeRightStart", SN_NOWARN)
MakeNameEx(0x00514030, "Script_StrafeRightStop", SN_NOWARN)
MakeNameEx(0x00489370, "Script_Stuck", SN_NOWARN)
MakeNameEx(0x004C4290, "Script_SubmitNumbers", SN_NOWARN)
MakeNameEx(0x0046DDD0, "Script_SurveyNotificationDone", SN_NOWARN)
MakeNameEx(0x004BBB00, "Script_SwapRaidSubgroup", SN_NOWARN)
MakeNameEx(0x0046CFD0, "Script_TOSAccepted", SN_NOWARN)
MakeNameEx(0x004AF8E0, "Script_TakeInboxItem", SN_NOWARN)
MakeNameEx(0x004AF7D0, "Script_TakeInboxMoney", SN_NOWARN)
MakeNameEx(0x004AFA60, "Script_TakeInboxTextItem", SN_NOWARN)
MakeNameEx(0x004DCCA0, "Script_TakeTaxiNode", SN_NOWARN)
MakeNameEx(0x00489D60, "Script_TargetByName", SN_NOWARN)
MakeNameEx(0x00489B40, "Script_TargetLastEnemy", SN_NOWARN)
MakeNameEx(0x00489B00, "Script_TargetLastTarget", SN_NOWARN)
MakeNameEx(0x00489A80, "Script_TargetNearestEnemy", SN_NOWARN)
MakeNameEx(0x00489AA0, "Script_TargetNearestFriend", SN_NOWARN)
MakeNameEx(0x00489AC0, "Script_TargetNearestPartyMember", SN_NOWARN)
MakeNameEx(0x00489AE0, "Script_TargetNearestRaidMember", SN_NOWARN)
MakeNameEx(0x004899D0, "Script_TargetUnit", SN_NOWARN)
MakeNameEx(0x004DCE30, "Script_TaxiGetDestX", SN_NOWARN)
MakeNameEx(0x004DCE80, "Script_TaxiGetDestY", SN_NOWARN)
MakeNameEx(0x004DCD90, "Script_TaxiGetSrcX", SN_NOWARN)
MakeNameEx(0x004DCDE0, "Script_TaxiGetSrcY", SN_NOWARN)
MakeNameEx(0x004DCC20, "Script_TaxiNodeCost", SN_NOWARN)
MakeNameEx(0x004DCCF0, "Script_TaxiNodeGetType", SN_NOWARN)
MakeNameEx(0x004DCB30, "Script_TaxiNodeName", SN_NOWARN)
MakeNameEx(0x004DCB80, "Script_TaxiNodePosition", SN_NOWARN)
MakeNameEx(0x004DCD40, "Script_TaxiNodeSetCurrent", SN_NOWARN)
MakeNameEx(0x00513DE0, "Script_ToggleAutoRun", SN_NOWARN)
MakeNameEx(0x00489350, "Script_ToggleCollision", SN_NOWARN)
MakeNameEx(0x00489360, "Script_ToggleCollisionDisplay", SN_NOWARN)
MakeNameEx(0x0050B5A0, "Script_ToggleMouseMove", SN_NOWARN)
MakeNameEx(0x0048D700, "Script_TogglePVP", SN_NOWARN)
MakeNameEx(0x00489400, "Script_TogglePerformanceDisplay", SN_NOWARN)
MakeNameEx(0x00489420, "Script_TogglePerformanceValues", SN_NOWARN)
MakeNameEx(0x004BE290, "Script_TogglePetAutocast", SN_NOWARN)
MakeNameEx(0x00489440, "Script_TogglePlayerBounds", SN_NOWARN)
MakeNameEx(0x00489340, "Script_TogglePortals", SN_NOWARN)
MakeNameEx(0x00513D50, "Script_ToggleRun", SN_NOWARN)
MakeNameEx(0x0048A070, "Script_ToggleSheath", SN_NOWARN)
MakeNameEx(0x004B4240, "Script_ToggleSpellAutocast", SN_NOWARN)
MakeNameEx(0x00489330, "Script_ToggleTris", SN_NOWARN)
MakeNameEx(0x004F52D0, "Script_TurnInGuildCharter", SN_NOWARN)
MakeNameEx(0x00513EE0, "Script_TurnLeftStart", SN_NOWARN)
MakeNameEx(0x00513F10, "Script_TurnLeftStop", SN_NOWARN)
MakeNameEx(0x00514120, "Script_TurnOrActionStart", SN_NOWARN)
MakeNameEx(0x00514160, "Script_TurnOrActionStop", SN_NOWARN)
MakeNameEx(0x00513F40, "Script_TurnRightStart", SN_NOWARN)
MakeNameEx(0x00513F70, "Script_TurnRightStop", SN_NOWARN)
MakeNameEx(0x004B5960, "Script_TutorialsEnabled", SN_NOWARN)
MakeNameEx(0x0048A610, "Script_UninviteByName", SN_NOWARN)
MakeNameEx(0x0048A510, "Script_UninviteFromParty", SN_NOWARN)
MakeNameEx(0x0048A580, "Script_UninviteFromRaid", SN_NOWARN)
MakeNameEx(0x00517E10, "Script_UnitAffectingCombat", SN_NOWARN)
MakeNameEx(0x005192E0, "Script_UnitArmor", SN_NOWARN)
MakeNameEx(0x00518810, "Script_UnitAttackBothHands", SN_NOWARN)
MakeNameEx(0x00518F80, "Script_UnitAttackPower", SN_NOWARN)
MakeNameEx(0x00518E50, "Script_UnitAttackSpeed", SN_NOWARN)
MakeNameEx(0x00519500, "Script_UnitBuff", SN_NOWARN)
MakeNameEx(0x00516BB0, "Script_UnitCanAssist", SN_NOWARN)
MakeNameEx(0x00516C50, "Script_UnitCanAttack", SN_NOWARN)
MakeNameEx(0x00516A70, "Script_UnitCanCooperate", SN_NOWARN)
MakeNameEx(0x00519420, "Script_UnitCharacterPoints", SN_NOWARN)
MakeNameEx(0x00518350, "Script_UnitClass", SN_NOWARN)
MakeNameEx(0x00516D90, "Script_UnitClassification", SN_NOWARN)
MakeNameEx(0x0051A310, "Script_UnitCreatureFamily", SN_NOWARN)
MakeNameEx(0x0051A280, "Script_UnitCreatureType", SN_NOWARN)
MakeNameEx(0x00518C20, "Script_UnitDamage", SN_NOWARN)
MakeNameEx(0x005198F0, "Script_UnitDebuff", SN_NOWARN)
MakeNameEx(0x00519200, "Script_UnitDefense", SN_NOWARN)
MakeNameEx(0x00515FB0, "Script_UnitExists", SN_NOWARN)
MakeNameEx(0x00516630, "Script_UnitFactionGroup", SN_NOWARN)
MakeNameEx(0x00519E50, "Script_UnitHasRelicSlot", SN_NOWARN)
MakeNameEx(0x005174D0, "Script_UnitHealth", SN_NOWARN)
MakeNameEx(0x005175B0, "Script_UnitHealthMax", SN_NOWARN)
MakeNameEx(0x00516290, "Script_UnitInParty", SN_NOWARN)
MakeNameEx(0x00516350, "Script_UnitInRaid", SN_NOWARN)
MakeNameEx(0x00516CF0, "Script_UnitIsCharmed", SN_NOWARN)
MakeNameEx(0x00519DE0, "Script_UnitIsCivilian", SN_NOWARN)
MakeNameEx(0x00517D50, "Script_UnitIsConnected", SN_NOWARN)
MakeNameEx(0x005161C0, "Script_UnitIsCorpse", SN_NOWARN)
MakeNameEx(0x00517AC0, "Script_UnitIsDead", SN_NOWARN)
MakeNameEx(0x00517C70, "Script_UnitIsDeadOrGhost", SN_NOWARN)
MakeNameEx(0x00516890, "Script_UnitIsEnemy", SN_NOWARN)
MakeNameEx(0x00516930, "Script_UnitIsFriend", SN_NOWARN)
MakeNameEx(0x00517B90, "Script_UnitIsGhost", SN_NOWARN)
MakeNameEx(0x00516460, "Script_UnitIsPVP", SN_NOWARN)
MakeNameEx(0x00516540, "Script_UnitIsPVPFreeForAll", SN_NOWARN)
MakeNameEx(0x00516210, "Script_UnitIsPartyLeader", SN_NOWARN)
MakeNameEx(0x00516150, "Script_UnitIsPlayer", SN_NOWARN)
MakeNameEx(0x00516D40, "Script_UnitIsPlusMob", SN_NOWARN)
MakeNameEx(0x00519C90, "Script_UnitIsTapped", SN_NOWARN)
MakeNameEx(0x00519D00, "Script_UnitIsTappedByPlayer", SN_NOWARN)
MakeNameEx(0x00519D70, "Script_UnitIsTrivial", SN_NOWARN)
MakeNameEx(0x00516070, "Script_UnitIsUnit", SN_NOWARN)
MakeNameEx(0x00516030, "Script_UnitIsVisible", SN_NOWARN)
MakeNameEx(0x00517FC0, "Script_UnitLevel", SN_NOWARN)
MakeNameEx(0x00517670, "Script_UnitMana", SN_NOWARN)
MakeNameEx(0x005177E0, "Script_UnitManaMax", SN_NOWARN)
MakeNameEx(0x00517020, "Script_UnitName", SN_NOWARN)
MakeNameEx(0x00517A40, "Script_UnitOnTaxi", SN_NOWARN)
MakeNameEx(0x005172B0, "Script_UnitPVPName", SN_NOWARN)
MakeNameEx(0x0051A8A0, "Script_UnitPVPRank", SN_NOWARN)
MakeNameEx(0x00516410, "Script_UnitPlayerControlled", SN_NOWARN)
MakeNameEx(0x005162F0, "Script_UnitPlayerOrPetInParty", SN_NOWARN)
MakeNameEx(0x005163B0, "Script_UnitPlayerOrPetInRaid", SN_NOWARN)
MakeNameEx(0x00517940, "Script_UnitPowerType", SN_NOWARN)
MakeNameEx(0x00518200, "Script_UnitRace", SN_NOWARN)
MakeNameEx(0x00518B90, "Script_UnitRangedAttack", SN_NOWARN)
MakeNameEx(0x005190C0, "Script_UnitRangedAttackPower", SN_NOWARN)
MakeNameEx(0x00518910, "Script_UnitRangedDamage", SN_NOWARN)
MakeNameEx(0x005167E0, "Script_UnitReaction", SN_NOWARN)
MakeNameEx(0x005184A0, "Script_UnitResistance", SN_NOWARN)
MakeNameEx(0x00517E90, "Script_UnitSex", SN_NOWARN)
MakeNameEx(0x00518600, "Script_UnitStat", SN_NOWARN)
MakeNameEx(0x00517350, "Script_UnitXP", SN_NOWARN)
MakeNameEx(0x00517410, "Script_UnitXPMax", SN_NOWARN)
MakeNameEx(0x004CAF20, "Script_UnstablePet", SN_NOWARN)
MakeNameEx(0x00471800, "Script_UpdateCustomizationBackground", SN_NOWARN)
MakeNameEx(0x00471810, "Script_UpdateCustomizationScene", SN_NOWARN)
MakeNameEx(0x0048CA60, "Script_UpdateGMTicket", SN_NOWARN)
MakeNameEx(0x004C9560, "Script_UpdateInventoryAlertStatus", SN_NOWARN)
MakeNameEx(0x004A7FA0, "Script_UpdateMapHighlight", SN_NOWARN)
MakeNameEx(0x00473640, "Script_UpdateSelectionCustomizationScene", SN_NOWARN)
MakeNameEx(0x004B43E0, "Script_UpdateSpells", SN_NOWARN)
MakeNameEx(0x004A8D10, "Script_UpdateWorldMapArrowFrames", SN_NOWARN)
MakeNameEx(0x004E7140, "Script_UseAction", SN_NOWARN)
MakeNameEx(0x004FA0E0, "Script_UseContainerItem", SN_NOWARN)
MakeNameEx(0x004C8DE0, "Script_UseInventoryItem", SN_NOWARN)
MakeNameEx(0x0048AD70, "Script_UseSoulstone", SN_NOWARN)
```

----------

