TOM_RUS

There's a flag in realm packet, that forces client to show "Enter pin" popup. AuthSocket.cpp pkt << uint8(securityFlags); // security flags (0x0...0x04) if(securityFlags & 0x01) // PIN input (no idea wtf is that) { pkt << uint32(0); pkt << uint64(0) << uint64(0); // 16 bytes hash? } if(securityFlags & 0x02) // Matrix input (The9 matrix cards) { pkt << uint8(0); pkt << uint8(0); pkt << uint8(0); pkt << uint8(0); pkt << uint64(0); } if(securityFlags & 0x04) // Security token input (aka authenticator) { pkt << uint8(1); }

Or you can patch wow.exe directly... Or you can make a loader, that will patch memory instead (looks more optimal)...

Dunno about so old client version, but some more recent IDB's are available: 3.3.3.11723 http://filebeam.com/3e0737d4a1cd992b89bce92fa4bc61b9 3.3.5.12213 http://filebeam.com/3aca0f7c41ea0ed6ba60a87a0d464fd4 3.3.5.12340 http://filebeam.com/19ba9a5a6a78045b5aee383bf88f9290

I guess that SetDestroyAnim(true); should be moved to void Totem::UnSummon() then.

I think you can use data << uint8(GetDestroyAnim()); // WotLK (bool), may be despawn animation instead off passing it as argument... + target->DestroyForPlayer(this, target->GetDestroyAnim());

Opcodes are randomized in both 4.0.1 and 4.0.3.

Those instances aren't 10 man, they are 5 ppl.

On my live character tooltip says "Cast time: 1.69 sec" with 20% haste buff.

I can't edit posts/threads at all. My moderator permissions seems to be fucked up. Can it be fixed? Also I have 2 "report" bottons on each post...

Agree.

SMSG_INSTANCE_LOCK_WARNING_QUERY is exactly what you looking for. I think I figured that out: SMSG_GAMEOBJECT_SPAWN_ANIM_OBSOLETE - should be renamed to something more correct, like SMSG_UPDATE_INSTANCE_ENCOUNTER_UNIT. This opcode fires INSTANCE_ENCOUNTER_ENGAGE_UNIT script event on client side. uint32 type; switch(type) { // I guess there's should be add/update/remove types below case 0: // ENCOUNTER_UNIT case 1: // ENCOUNTER_UNIT case 2: // ENCOUNTER_UNIT PGUID unitGuid; uint8 unk1; break; case 3: // ENCOUNTER_TIMER case 4: // ENCOUNTER_OBJECTIVE case 6: // ENCOUNTER_OBJECTIVE uint8 unk2; break; case 5: // ? uint8 unk3; uint8 unk4; break; case 7: // ? // clears stuff? break; default: break; }

I've disabled js and all FF addons, still lags the same.I've got my own IPB forum, so I've opened the most overloaded page of 30kb compressed (400kb uncompressed) html, and when I scroll rapidly through it trying to blow up my mouse I can only get FF to 15% CPU usage. A small scroll of the current page makes FF consume 25% CPU (1 core) and it lags. Really lags. IDK why. Probably an engine issue? Thanks for the feedback. Edit: I've also tested other browsers on the same machine, scrolling through the current topic: Opera 10.62 — almost no lags Safari 5.02 — almost no lags Google Chrome 6.0.472.63 — lags IE 7 — no lags at all (what?) I tested with: Opera 10.70 build 9053 - works fine Google Chrome 6.0.472.63 - lags IE 8 - works fine So I guess it's problem with Google Chrome, not forum engine.

SMSG_INSTANCE_LOCK_WARNING_QUERY opcode triggers following script events on client side: (if timer <= 0) EVENT_INSTANCE_LOCK_STOP else EVENT_INSTANCE_LOCK_START Related lua functions: lockTimeLeft, isExtended, encountersTotal, encountersComplete = GetInstanceLockTimeRemaining() Packet structure: uint32 lockTimeLeft; // in milliseconds uint32 completedEncountersMask; uint8 isExtended; DungeonEncounter.dbc structure (in client memory) struct DungeonEncounterEntry { int id; int mapId; int instanceDifficulty; int noIdea; int encounterIndex; char *name; // char* name[16]; int nameFlags; int noIdea2; }; void __cdecl sub_553830(int mapId, int instanceDifficulty, int encountersCompletedMask, int *encountersTotal, int *encountersCompleted) { int numRows; // eax@1 int rowCounter; // edx@1 int nextRow; // esi@2 DungeonEncounterEntry *encounter; // eax@5 *encountersTotal = 0; *encountersCompleted = 0; numRows = g_DungeonEncounterDB.numRows; rowCounter = 0; if ( g_DungeonEncounterDB.numRows > 0 ) { nextRow = 0; do { if ( rowCounter < 0 || rowCounter >= numRows ) encounter = 0; else encounter = (DungeonEncounterEntry *)((char *)g_DungeonEncounterDB.FirstRow + nextRow); if ( encounter->mapId == mapId ) { if ( encounter->instanceDifficulty == instanceDifficulty ) { ++*encountersTotal; if ( (1 << encounter->encounterIndex) & encountersCompletedMask ) ++*encountersCompleted; } } numRows = g_DungeonEncounterDB.numRows; ++rowCounter; nextRow += 28; // sizeof(DungeonEncounterEntry) } while ( rowCounter < g_DungeonEncounterDB.numRows ); } } And for the rest - I have no idea what you talking about.

As far I know, they are using TIMING_CHECK for detecting speedhacks (I have no idea how...) It just returns client's tickcount to server.

case 8: // SPELL_AURA_PERIODIC_HEAL case 20: // SPELL_AURA_OBS_MOD_HEALTH CDataStore__GetInt32(a1, (int)&v55); CDataStore__GetInt32(a1, (int)&v54); CDataStore__GetInt32(a1, (int)&v56); CDataStore__GetInt8(a1, (int)&v57);

According to http://mywowtools.googlecode.com/svn/trunk/WowTools/src/WoWPacketViewer/Parsers/MonsterMoveParser.cs Unit::SendMonsterMoveByPath() should look like this, or you will broke taxi fly paths: if(flags & SplineFlags(SPLINEFLAG_FLYING | SPLINEFLAG_CATMULLROM)) { for(uint32 i = start; i < end; ++i) { data << float(path[i].x); data << float(path[i].y); data << float(path[i].z); } } else { // destination data << path[end-1].x; data << path[end-1].y; data << path[end-1].z; // all other points are relative float mid_X = (path[start].x + path[end-1].x ) * 0.5f; float mid_Y = (path[start].y + path[end-1].y ) * 0.5f; float mid_Z = (path[start].z + path[end-1].z ) * 0.5f; for(uint32 i = start; i < end-1; ++i) data.appendPackXYZ(mid_X - path[i].x, mid_Y - path[i].y, mid_Z - path[i].z); }

There's a ByteBuffer method for writing packed vectors exists: // can be used in SMSG_MONSTER_MOVE opcode void appendPackXYZ(float x, float y, float z) { uint32 packed = 0; packed |= ((int)(x / 0.25f) & 0x7FF); packed |= ((int)(y / 0.25f) & 0x7FF) << 11; packed |= ((int)(z / 0.25f) & 0x3FF) << 22; *this << packed; } All points should be written relative to middle of path: mid.X = (curr.X + dest.X) * 0.5f; mid.Y = (curr.Y + dest.Y) * 0.5f; mid.Z = (curr.Z + dest.Z) * 0.5f; float x = mid.X - waypoint[n].X; float y = mid.Y - waypoint[n].Y; float z = mid.Z - waypoint[n].Z; packet.appendPackXYZ(x, y, z); And full SMSG_MONSTER_MOVE structure: http://mywowtools.googlecode.com/svn/trunk/WowTools/src/WoWPacketViewer/Parsers/MonsterMoveParser.cs Some packet examples: http://paste2.org/p/978981

That module isn't actual module, it's part of wow.exe and all stuff called directly.

maiev.mod string is encrypted in wow.exe...

If I remember correct, amount of talent points is recalculated on login base on player level that makes this command useless.

Warden 2.0 is a lie.

Most likely just visual bug due to missed opcode changes...

It still exist: signed int __thiscall CGPlayer_C__OnListInventory(void *this, int a2) { int v2; // eax@1 signed int v3; // ecx@1 int _packet; // edi@3 unsigned __int8 v5; // bl@11 int v6; // esi@12 WGUID v8; // [sp+0h] [bp-10h]@3 void *v9; // [sp+8h] [bp-8h]@1 char error; // [sp+Fh] [bp-1h]@4 v9 = this; v2 = &dword_C9D7D0; v3 = 150; do { *v2 = 0; v2 += 32; --v3; } while ( v3 ); _packet = a2; CDataStore__GetInt64(a2, &v8); CDataStore__GetInt8(_packet, (&a2 + 3)); if ( BYTE3(a2) > 150u ) sub_8889B0(&byte_9E14FF, &byte_9E14FF, 0); dword_C9EA90 = v8.guid_low; dword_C9EA94 = v8.guid_high; error = -1; if ( BYTE3(a2) ) { v5 = 0; if ( !BYTE3(a2) ) return 1; do { v6 = 32 * v5; CDataStore__GetInt32(_packet, (&dword_C9D7D0 + v6)); CDataStore__GetInt32(_packet, (&dword_C9D7D4 + v6)); CDataStore__GetInt32(_packet, (&dword_C9D7D8 + v6)); CDataStore__GetInt32(_packet, (&dword_C9D7DC + v6)); CDataStore__GetInt32(_packet, (&dword_C9D7E0 + v6)); CDataStore__GetInt32(_packet, (&dword_C9D7E4 + v6)); CDataStore__GetInt32(_packet, (&dword_C9D7E8 + v6)); CDataStore__GetInt32(_packet, (&dword_C9D7EC + v6)); ++v5; } while ( v5 < BYTE3(a2) ); } else { CDataStore__GetInt8(_packet, &error); switch ( error ) { case 2: ConsoleWrite("You are too far away", 0); break; case 1: ConsoleWrite("I don't think he likes you very much", 0); break; case 0: ConsoleWrite("Vendor has no inventory", 0); break; case 3: ConsoleWrite("Vendor is dead", 0); break; case 4: ConsoleWrite("You can't shop while dead.", 0); break; default: break; } } if ( BYTE3(a2) || !error ) { sub_6D1760(v9); sub_584500(v8.guid_low, v8.guid_high, &dword_C9D7D0, BYTE3(a2)); } return 1; }

May be fixed, who knows...

if ( vehicleSeatId < g_VehicleSeatDB.minIndex || vehicleSeatId > g_VehicleSeatDB.maxIndex ) vehicleSeatEntry = 0; else vehicleSeatEntry = g_VehicleSeatDB.Rows[vehicleSeatId - g_VehicleSeatDB.minIndex]; v7 = *(_DWORD *)(vehicleSeatEntry + 176); // crash here! .text:006182A2 mov eax, [eax+0B0h] // 0xB0h=176 The instruction at "0x006182A2" referenced memory at "0x000000B0". The memory could not be "read". Hope you figured out what is wrong...