Parse PE sections from WoW.exe into a flat virtual memory image so
MEM_CHECK returns real binary contents instead of zeros. Also mocks
KUSER_SHARED_DATA (0x7FFE026C) with Windows 7 version info.
PAGE_A uses 24 bytes in vanilla (no addr+len), but PAGE_B always uses
29 bytes (with addr+len) regardless of expansion. Splitting the cases
fixes remaining unknown check type errors on Turtle WoW.
Vanilla PAGE_A/B checks are 24 bytes (no addr+len), PROC checks are
25 bytes (no second strIdx+offset), unlike WotLK's 29/30. Wrong sizes
caused incomplete responses with bad checksums, silently blocking
character creation on Turtle WoW.
Filter races/classes in character creation screen by expansion profile
constraints, add 10s server response timeout, and reset Warden crypto
state on disconnect so reconnections use the correct session key.
Expansion overlays allow each expansion to supplement the base asset data
via an assetManifest field in expansion.json, loaded at priority 50 (below
HD packs). The asset extractor gains --reference-manifest for delta-only
extraction. Also fixes CharSections field indices (VariationIndex=4,
ColorIndex=5, Texture1=6) across all DBC layout references.
Bags are now individual draggable ImGui windows (backpack + each equipped
bag) with per-bag toggle from the bag bar. B key opens/closes all. A
settings toggle under Gameplay lets users switch back to the original
aggregate single-window mode. Window width adapts to bag item name length.
Fix dismount by clearing local mount state immediately (optimistic) instead
of waiting for server confirmation, and allow buff bar right-click dismount
regardless of the aura's buff flag.
Fix other players appearing naked by queuing them for auto-inspect when
the visible item field layout hasn't been detected yet.
Vanilla CMSG_CAST_SPELL target mask is uint16 (not uint32 like WotLK),
the extra 2 bytes were corrupting packets. Also implement full bag
content tracking: extract container slot GUIDs from CONTAINER update
objects, set proper bag sizes, and populate bag items in inventory
rebuild.
- Parse vanilla M2 animation tracks (flat arrays with M2Range indices)
instead of skipping them, fixing T-pose on all vanilla models
- Use C4Quaternion (float[4]) for vanilla bone rotations instead of
CompressedQuat (int16[4]) which produced garbage transforms
- Fix vanilla M2 attachment struct size (48 bytes, not 40) so weapons
attach to correct bones instead of model origin
- Route movement packets through expansion-specific packet parsers
instead of hardcoded WotLK format, fixing server-side position sync
- Fix Spell.dbc field indices for classic/turtle (Name=120, Rank=129,
IconID=117) - were pointing to Portuguese locale column (+7 offset)
- Change guild roster keybind from J to O (WoW default)
- Add guild opcodes for all expansions
- Route SMSG_UPDATE_OBJECT through polymorphic parsers for correct
vanilla format (uint8 updateFlags, 6 speeds vs WotLK uint16/9)
- Fix SMSG_DESTROY_OBJECT for vanilla (8 bytes, no isDeath field)
- Add MSG_MOVE_* handlers for other player movement relay
- Add ClassicPacketParsers::parseMessageChat with targetGuid read
and monster-type name handling
- Resolve chat sender names from player name cache before display
- Fix CSV DBC field 0 always treated as numeric ID (fixes 16+ garbled
Turtle CSVs including Map, AreaTable, Spell, CreatureDisplayInfo)
- Add CSV DBC validation: reject garbled CSVs (>80% zero IDs) and
fall back to binary DBC files
- Fix ItemDisplayInfo texture component field index (14+ not 15+)
for binary DBC with gender-aware suffix resolution
- Spawn other players as visible M2 models via creature callback
- Map name cache dedup prevents overwrites from duplicate CSV records
- Vanilla M2 bone struct (108 bytes) with 28-byte animation tracks
- Version-aware bone parsing (vanilla vs WotLK format detection)
- Fix CharSections.dbc field layout for vanilla (variation/color at 4-5)
- Remove broken CharSections.csv files (all fields marked as strings)
- Expansion data reload on profile switch (DBC cache clear, layout reload)
- Vanilla packet encryption (VanillaCrypt XOR-based header crypt)
- Extended character preview geoset range (0-99) for vanilla models
- DBC cache clear support in AssetManager
Replace hardcoded WotLK protocol constants with a data-driven architecture
supporting Classic 1.12.1, TBC 2.4.3, and WotLK 3.3.5a. Each expansion
has JSON profiles for opcodes, update fields, and DBC layouts, plus C++
polymorphic packet parsers for binary format differences (movement flags,
speed fields, transport data, spline format, char enum layout).
Key components:
- ExpansionRegistry: scans Data/expansions/*/expansion.json at startup
- OpcodeTable: logical enum <-> wire values loaded from JSON
- UpdateFieldTable: field indices loaded from JSON per expansion
- DBCLayout: schema-driven DBC field lookups replacing magic numbers
- PacketParsers: WotLK/TBC/Classic parsers with correct flag positions
- Multi-manifest AssetManager: layered manifests with priority ordering
- HDPackManager: overlay texture packs with expansion compatibility
- Auth screen expansion picker replacing hardcoded version dropdown
Added MD5 hashing and extensive testing documentation for future attempts
at supporting strict Warden servers like Warmane.
Enhancements:
- Added MD5 hash support to Crypto class (OpenSSL-based)
- Tested 6 different module ACK response formats against Warmane
- Analyzed module packet structure (37 bytes: opcode + seed + trailing)
- Enhanced debug logging for plaintext and encrypted Warden data
Documentation:
- WARDEN_IMPLEMENTATION.md: Complete implementation guide with all attempts
- WARDEN_QUICK_REFERENCE.md: Quick troubleshooting and testing guide
Test Results (Warmane):
- Empty ACK (0 bytes): Server silent
- XOR/MD5 checksum (18 bytes): Server silent
- Single byte (1 byte): Server disconnects (rejected)
- Echo trailing (20 bytes): Server silent
- Result + SHA1 (21 bytes): Server silent
Conclusion:
- Current implementation works with permissive/disabled Warden servers
- Warmane requires module execution or undocumented response format
- Full documentation provided for future reverse engineering attempts
Next steps documented:
1. Capture packets from real WoW client (protocol analysis)
2. Implement module execution engine (months of work)
3. Test with local AzerothCore server
Add complete RC4 encryption/decryption for Warden packets with proper
module initialization, seed extraction, and encrypted check responses.
New components:
- WardenCrypto class: Handles RC4 cipher state for incoming/outgoing packets
- Module initialization: Extracts 16-byte seed from first SMSG_WARDEN_DATA
- Separate input/output RC4 ciphers with proper key derivation
- Enhanced module ACK: Sends encrypted acknowledgment with checksum
Updated GameHandler:
- First packet: Initialize crypto and send encrypted module ACK
- Subsequent packets: Decrypt checks, generate responses, encrypt replies
- Support for module info, hash checks, Lua checks, and memory scans
- Detailed logging of plaintext and encrypted data for debugging
Works with servers that:
- Use standard WoW 3.3.5a Warden protocol
- Accept crypto-based responses without module execution
- Have permissive or disabled Warden settings
Tested against Warmane (strict enforcement) and ready for less restrictive servers.
Add CMSG_WARDEN_DATA opcode (0x2E7) and proper response handling for
server Warden checks. Responds appropriately to module info, hash checks,
Lua checks, and memory scans with legitimate client responses.
Replaces previous fail-and-disconnect behavior with active response system
that works with most private servers' Warden implementations.
- Added transport fields to MovementInfo struct (transportGuid, transportX/Y/Z/O, transportTime)
- Updated MovementPacket::build() to serialize transport data when ONTRANSPORT flag set
- Modified GameHandler::sendMovement() to include transport info when player on transport
- Fixed coordinate conversion for transport offsets (server↔canonical)
- Added transport tracking in both CREATE_OBJECT and MOVEMENT update handlers
- Connected M2Renderer to WMORenderer for hierarchical doodad transforms
- Server-authoritative transport movement (no client-side animation)
Issue: Server not sending MOVEMENT updates for transports, so they remain stationary.
Transports register successfully but don't animate without server position updates.
Transport System (Phases 1-7):
- Implement TransportManager with Catmull-Rom spline path interpolation
- Add WMO dynamic transforms for moving transport instances
- Implement player attachment via world position composition
- Add test transport with circular path around Stormwind harbor
- Add /transport board and /transport leave console commands
- Reuse taxi flight spline system and external follow camera mode
NPC Spawn Fixes:
- Add smart ocean spawn filter: blocks land creatures at high altitude over water (Z>50)
- Allow legitimate water creatures at sea level (Z≤50) to spawn correctly
- Fixes Elder Grey Bears, Highland Striders, and Plainscreepers spawning over ocean
- Snap online creatures to terrain height when valid ground exists
NpcManager Removal:
- Remove deprecated NpcManager (offline mode no longer supported)
- Delete npc_manager.hpp and npc_manager.cpp
- Simplify NPC animation callbacks to use only creatureInstances_ map
- Move NPC callbacks to game initialization in application.cpp
Water Rendering:
- Fix tile seam gaps caused by per-vertex wave randomization
- Add distance-based blending: seamless waves up close (<150u), grid effect far away (>400u)
- Smooth transition between seamless and grid modes (150-400 unit range)
- Preserves aesthetic grid pattern at horizon while eliminating gaps when swimming
Mount Animation System:
- Property-based jump animation discovery using sequence metadata
- Chain linkage scoring (nextAnimation/aliasNext) for accurate detection
- Correct loop detection: flags & 0x01 == 0 means looping
- Avoids brake/stop animations via blendTime penalties
- Works on any mount model without hardcoded animation IDs
Mount Physics:
- Physics-based jump height: vz = sqrt(2 * g * h)
- Configurable MOUNT_JUMP_HEIGHT constant (1.0m default)
- Procedural lean into turns for ground mounts
- Smooth roll based on turn rate (±14° max, 6x/sec blend)
Audio Improvements:
- State-machine driven mount sounds (jump, land, rear-up)
- Semantic sound methods (no animation ID dependencies)
- Debug logging for missing sound files
Bug Fixes:
- Fixed mount animation sequencing (JumpStart → JumpLoop → JumpEnd)
- Fixed animation loop flag interpretation (0x20 vs 0x21)
- Rider bone attachment working correctly during all mount actions
Network Protocol:
- Add SMSG_TALENTS_INFO (0x4C0) packet parsing for talent data
- Add CMSG_LEARN_TALENT (0x251) to request learning talents
- Add MSG_TALENT_WIPE_CONFIRM (0x2AB) opcode for spec switching
- Parse talent spec, unspent points, and learned talent ranks
DBC Parsing:
- Load Talent.dbc: talent grid positions, ranks, prerequisites, spell IDs
- Load TalentTab.dbc: talent tree definitions with correct field indices
- Fix localized string field handling (17 fields per string)
- Load Spell.dbc and SpellIcon.dbc for talent icons and tooltips
- Class mask filtering using bitwise operations (1 << (class - 1))
UI Implementation:
- Complete talent tree UI with tabbed interface for specs
- Display talent icons from spell data with proper tinting/borders
- Enhanced tooltips: spell name, rank, current/next descriptions, prereqs
- Visual states: green (maxed), yellow (partial), white (available), gray (locked)
- Tier unlock system (5 points per tier requirement)
- Rank overlay on icons with shadow text
- Click to learn talents with validation
Dual Spec Support:
- Store unspent points and learned talents per spec (0 and 1)
- Track active spec and display its talents
- Spec switching UI with buttons for Spec 1/Spec 2
- Handle both SMSG_TALENTS_INFO packets from server at login
- Display unspent points for both specs in header
- Independent talent trees for each specialization
The quest log was empty because the client never requested quest data from the server.
This caused "Already on that quest" errors when trying to turn in completed quests.
Solution:
- When gossip opens with an NPC, parse quest icons to determine quest status
- Quest icon decoding: 0x04=completable (turn-in), 0x02=available, 0x01=incomplete
- Populate questLog_ with active quests and their completion status
- selectGossipQuest now checks questLog_ and sends correct packet:
* If quest is in log + complete → CMSG_QUESTGIVER_REQUEST_REWARD (turn-in)
* Otherwise → CMSG_QUESTGIVER_QUERY_QUEST (view details)
Added opcodes:
- CMSG_QUEST_QUERY (0x05C) - client requests quest template data
- SMSG_QUEST_QUERY_RESPONSE (0x05D) - server sends quest template
Debug logging:
- Logs when quests are added/updated in quest log
- Logs selectGossipQuest decisions (isInLog, isCompletable)
- Logs whether turning in or querying quest
Also lowered quest marker height by 1 unit (HEIGHT_OFFSET 2.1 → 1.1).
Quest turn-in now works correctly!
When clicking a quest in gossip, now checks if:
- Quest is in quest log AND marked complete → send CMSG_QUESTGIVER_REQUEST_REWARD
- Quest is new or incomplete → send CMSG_QUESTGIVER_QUERY_QUEST
This fixes the "Already on that quest" error when trying to turn in
completed quests like "A Threat Within". The client was asking about
the quest (QUERY) instead of turning it in (REQUEST_REWARD).
Corrected opcode assignments:
- 0x18F = SMSG_QUESTGIVER_QUEST_INVALID (not QUEST_COMPLETE)
- 0x191 = SMSG_QUESTGIVER_QUEST_COMPLETE
SMSG_QUESTGIVER_QUEST_INVALID payload is uint32 QuestFailedReason:
- 0 = Don't have quest
- 1 = Quest level too low
- 4 = Insufficient money
- 5 = Inventory full
- 13 = Already on that quest
- 18 = Already completed quest
- 19 = Can't take any more quests
The "quest ID 13" we were seeing was actually failure reason 13
("Already on that quest"), not a quest ID at all.
Adds logging to track quest completion from gossip through reward selection:
- selectGossipQuest: logs when quest clicked in gossip
- handleQuestOfferReward: logs when reward window opens
- chooseQuestReward: logs when completing quest
- SMSG_QUESTGIVER_QUEST_COMPLETE: logs server confirmation
