[WoW] [7.1.0.23222]

[NotJuJuBoSc]

I think it's stored in the object directly as start time + time, reverse lua UnitCastingInfo

[Zazazu]

Anyone have informations about Casting bar ?

in memory float value :
100% = 1
50% = 0.5
0% = 0

i don't know how to find a static adress for this, not in Local Player :-(

If i uderstund, y need VTable of SpellInfo struct?
Like this?

Code:

    [StructLayout(LayoutKind.Sequential)]
    public struct SpellMiscRec
    {
        [MarshalAs(UnmanagedType.ByValArray, SizeConst = 14)]
        public uint[] Attributes;
        public float Speed;
        public float MultistrikeSpeedMod;
        public ushort CastingTimeIndex;
        public ushort DurationIndex;
        public ushort RangeIndex;
        public ushort SpellIconID;
        public ushort ActiveIconID;
        public byte SchoolMask;
    }
    [StructLayout(LayoutKind.Sequential)]
    public struct SpellCastTimesRec
    {
        public uint CastTime;
        public uint CastTimePerLevel;
        public uint MinCastTime;
    }
    [StructLayout(LayoutKind.Sequential)]
    public struct SpellDurationRec
    {
        public uint Duration;
        public uint DurationPerLevel;
        public uint MaxDuration;
    };
    [StructLayout(LayoutKind.Sequential)]
    public struct SpellCooldownsRec
    {
        public uint SpellID;
        public uint CategoryRecoveryTime;
        public uint RecoveryTime;
        public uint StartRecoveryTime; // triggered GCD
        public uint Unk1;
        public uint Unk2;
        public uint Unk3;
        public uint Unk4;
    };
    [StructLayout(LayoutKind.Sequential)]
    public struct SpellCastingRequirementsRec
    {
        public uint SpellID;
        public ushort MinFactionID;
        public ushort RequiredAreaGroupID;
        public ushort SpellFocusObject;
        public byte FacingCasterFlags;
        public byte MinReputation;
        public byte RequiredAuraVision;
    }

[empathe]

If i uderstund, y need VTable of SpellInfo struct?
Like this?

Code:

    [StructLayout(LayoutKind.Sequential)]
    public struct SpellMiscRec
    {
        [MarshalAs(UnmanagedType.ByValArray, SizeConst = 14)]
        public uint[] Attributes;
        public float Speed;
        public float MultistrikeSpeedMod;
        public ushort CastingTimeIndex;
        public ushort DurationIndex;
        public ushort RangeIndex;
        public ushort SpellIconID;
        public ushort ActiveIconID;
        public byte SchoolMask;
    }
    [StructLayout(LayoutKind.Sequential)]
    public struct SpellCastTimesRec
    {
        public uint CastTime;
        public uint CastTimePerLevel;
        public uint MinCastTime;
    }
    [StructLayout(LayoutKind.Sequential)]
    public struct SpellDurationRec
    {
        public uint Duration;
        public uint DurationPerLevel;
        public uint MaxDuration;
    };
    [StructLayout(LayoutKind.Sequential)]
    public struct SpellCooldownsRec
    {
        public uint SpellID;
        public uint CategoryRecoveryTime;
        public uint RecoveryTime;
        public uint StartRecoveryTime; // triggered GCD
        public uint Unk1;
        public uint Unk2;
        public uint Unk3;
        public uint Unk4;
    };
    [StructLayout(LayoutKind.Sequential)]
    public struct SpellCastingRequirementsRec
    {
        public uint SpellID;
        public ushort MinFactionID;
        public ushort RequiredAreaGroupID;
        public ushort SpellFocusObject;
        public byte FacingCasterFlags;
        public byte MinReputation;
        public byte RequiredAuraVision;
    }

omfg yes
but how i can use this ?

[Zazazu]

1. Y need find offset for interest tables.
2. Reading table header struct
3. Reading information about each table in DB2 - wowdev or find in ownedcore
4. Find in ownedcore index-algorithm for table
5. Read record by index

Code is pretty easy.

[Alfalfa]

I wrote a program to update offsets programmatically by scanning byte patterns and comparing, it works for about 95% of offsets. However now I'm running into an issue. I have some which are in the .data portion of the exe when I navigate to them in IDA, and I can manually update these by scrolling through and looking for what looks the same, however my program doesn't work with this area. For one, IDA only shows ?? as the bytes, and secondly when I go to the section in a hex editor (after rebasing of course), the bytes look nothing alike in the old and new clients. Is there an easy way to accomplish this or should I just manually update these?

[Jadd]

I wrote a program to update offsets programmatically by scanning byte patterns and comparing, it works for about 95% of offsets. However now I'm running into an issue. I have some which are in the .data portion of the exe when I navigate to them in IDA, and I can manually update these by scrolling through and looking for what looks the same, however my program doesn't work with this area. For one, IDA only shows ?? as the bytes, and secondly when I go to the section in a hex editor (after rebasing of course), the bytes look nothing alike in the old and new clients. Is there an easy way to accomplish this or should I just manually update these?

Most likely the address you are looking for is part of a struct so there will be no direct reference to it. Find how it's accessed, it'll probably be something like [struct address + 0x100]

[empathe]

Win 7.1.0.23222 x64
Offset Information

Code:

Entity List
===========
EntityList	= 1602B40
FirstEntity	= 18
 NextEntity	= 70

EntityType	= 20
Descriptors	= 08
GlobalID	= 00
EntityID	= 24
DynFlags	= 28

can you help me about this ?
i'll list all Entity ID, and "Created By" to count how many pet i have.


atm i have:

Code:

//config
int EntityList = 0x01602B40;
int offset_FirstEntity = 0x0018;
int offset_GlobalID = 0x0000;
int offset_Type = 0x0020;
int offset_NextEntity = 0x70;

//init value
uint64_t buff;
uint64_t GlobalID;
int Type;
int chk;

chk = ReadProcessMemory(h_Read_Process,(LPCVOID)(wow64_exe+EntityList), &buff, sizeof(buff), NULL);
if(!chk){printf("error read memory (EntityList)");return -1;}

chk = ReadProcessMemory(h_Read_Process,(LPCVOID)(buff+offset_FirstEntity), &buff, sizeof(buff), NULL);
if(!chk){printf("error read memory (FirstEntity)");return -1;}

for(int i = 0;i<500;i++)//500 because i don't know how to check if entityList is ended for this moment ^^
{
    chk = ReadProcessMemory(h_Read_Process,(LPCVOID)(buff+offset_GlobalID), &GlobalID, sizeof(GlobalID), NULL);
    if(!chk){printf("error read memory (GlobalID)");return -1;}

    chk = ReadProcessMemory(h_Read_Process,(LPCVOID)(buff+offset_Type), &Type, sizeof(Type), NULL);
    if(!chk){printf("error read memory (Type)");return -1;}

    switch(Type)
    {

        case 1://unit mob ?

             break;
        case 2://unit mob ?

             break;
        case 3://unit mob ?

             break;
        case 4://unit Player xD ?

             break;

        default: break;
    }
    ReadProcessMemory(h_Read_Process,(LPCVOID)(buff+offset_NextEntity), &buff, sizeof(buff), NULL);
}

//now i have list of GlobalID and Type
//on mob unit how i can have "Created by" ? anyone can help me ?

[empathe]

ok, an update.

i compare Target GUID (Wow-64.exe+18325F0)
to the entity and i find the GUID with offset 0x58

Code:

ReadProcessMemory(h_Read_Process,(LPCVOID)(buff+0x58), &array_of_byte, sizeof(0x16), NULL);

ok now i have the same GUID with Target GUID.
i can't find the GUID "Created by"
i scan all memory entity with offset 0x0 > to > 0xffff

Created by is an array of byte ??? or a pointer ?
if anyone can help me to find the real offset thanks

[MrNoble]

How to get my target XYZ location?

[luckruns0ut]

How to get my target XYZ location?

The 'best' way to do this is probably to iterate the object manager (see ClntObjMgrEnumVisibleObjects) and find the player with the local player guid (the objectmanager has an offset which leads to this guid). Then, you read the descriptor UNIT_FIELD_TARGET from the player to get the guid of the target. Find the object with that guid and that's the target of your local player. Just use the unitx/y/z offsets provided in the thread on that target.

You could also just read the static "player target" address to get the player's target guid and then find the object with that guid. I don't like that way though because you can only get the local player's target with it, instead of being able to get the target of any unit.

[lolp1]

The 'best' way to do this is probably to iterate the object manager (see ClntObjMgrEnumVisibleObjects) and find the player with the local player guid (the objectmanager has an offset which leads to this guid). Then, you read the descriptor UNIT_FIELD_TARGET from the player to get the guid of the target. Find the object with that guid and that's the target of your local player. Just use the unitx/y/z offsets provided in the thread on that target.

You could also just read the static "player target" address to get the player's target guid and then find the object with that guid. I don't like that way though because you can only get the local player's target with it, instead of being able to get the target of any unit.

Note.. just read the structure of the x-y-z and not three separate reads using hard coded offsets.

[luckruns0ut]

Note.. just read the structure of the x-y-z and not three separate reads using hard coded offsets.

good catch... I was just testing you...

[empathe]

ok, an update.

i compare Target GUID (Wow-64.exe+18325F0)
to the entity and i find the GUID with offset 0x58

Code:

ReadProcessMemory(h_Read_Process,(LPCVOID)(buff+0x58), &array_of_byte, sizeof(0x16), NULL);

ok now i have the same GUID with Target GUID.
i can't find the GUID "Created by"
i scan all memory entity with offset 0x0 > to > 0xffff

Created by is an array of byte ??? or a pointer ?
if anyone can help me to find the real offset thanks

why i have OwnerID at 0x58 ?
i don't find "Created by (unique ID)" anyone can help me ?

[Zazazu]

why i have OwnerID at 0x58 ?
i don't find "Created by (unique ID)" anyone can help me ?

Code:

        SummonedBy = 0x70, 
        CreatedBy = 0x80, 
        Target = 0xA0,

From descriptor ptr (DescriptorPtr = ObjectPtr+PtrSize*2) for both version (x32 & x64). All value is GUID.