I can't find ClntObjMgrEnumVisibleObjects to make my Ojbect Manager

[Glittering Prizes]

In Ida I can't find a reference to "ClntObjMgrEnumVisibleObjects". I'm trying to update the lazybot object manager, but it's a little different than what is shown in the dump thread so I wanted to look at this function. This is what it is in lb with my comments:

Code:

// from lazybot 6.2.4.21463

internal enum ObjectManager
{
        CurMgrPointer = 0xFEFA58,    // CurMgrPointer + CurMgrOffset = Entity List pointer
        CurMgrOffset = 0x62C,
        NextObject = 0x3C,
        FirstObject = 0xD8,
        LocalGUID = 0xF8,        // Can be read by [[CurObj + Descriptor] + 0x0] so I'm assuming that's why the dump thread is "0x00"
}

[lolp1]

You must know a little more about how WoW stores and accesses its entities in the world to know how to proceed.

Basiclly, every object has a structure. This is the current struct as I know it to be as of this post.

Code:

    public struct WowObjectData {
        // x32 : x64
        readonly IntPtr vtable; // 0x00 0x00
        readonly IntPtr LegionExtra; // 0x08 0x18
        public IntPtr Descriptors; // 0x04 0x10
        readonly IntPtr unk1; // 0x08 0x18
        public int TypeCode; // 0x0C 0x20
        readonly IntPtr unk3; // 0x10 0x24
        readonly IntPtr unk4; // 0x14 0x28
        readonly IntPtr unk5; // 0x18 0x30
        readonly IntPtr unk6; // 0x1C 0x38
        readonly IntPtr unk7; // 0x20 0x40
        readonly IntPtr unk8; // 0x24 0x48
        public WowGuid Guid; // 0x28 0x50
    }

The objects real type can be found at the "TypeCode" offset. The types and example:

Code:

    public enum WowObjectType {
        Object = 0,
        Item = 1,
        Container = 2,
        Unit = 3,
        Player = 4,
        GameObject = 5,
        DynamicObject = 6,
        Corpse = 7,
        AreaTrigger = 8,
        SceneObject = 9,
        Conversation = 10
    }

Code:

            IntPtr current = IntPtr.Zero // the real address of the entity here
            var typeOffset = Marshal.OffsetOf(typeof(WowObjectData), "TypeCode").ToInt32();
            var type = (WowObjectType) Memory.Read<int>(current + typeOffset);

Now as far as ClntObjMgrEnumVisibleObjects goes, that is normally a function people call in-process where you pass your own call back pointer to the function. Here is how it looks like externally. You can get the missing structures and the example this was based on here WowMoPObjMgrTest/ObjectManager.cs at master * tomrus88/WowMoPObjMgrTest * GitHub

Code:

    /// <summary>
    ///     A static class to handle creating a list of entites containing the <see cref="WowObjectData" /> structure.
    /// </summary>
    public static class EntityList {
        /// <summary>
        ///     Collects a dictonary of current entitie with the guid as the key.
        /// </summary>
        public static Dictionary<WowGuid, WowObject> EntitiesAsDictionary {
            get {
                var woWObjects = new Dictionary<WowGuid, WowObject>();
                CollectEntities(GetFirstObject(), woWObjects);
                return woWObjects;
            }
        }

        /// <summary>
        ///     A collection of current entities.
        /// </summary>
        public static IEnumerable<WowObject> Entities => EntitiesAsDictionary.Values.ToList();

        /// <summary>
        ///     Gets the pointer to the first object in the list.
        /// </summary>
        /// <returns></returns>
        static IntPtr GetFirstObject() {
            var mgr = Wow64.CurrentManager;
            return mgr.VisibleObjects.m_fulllist.baseClass.m_terminator.m_next;
        }

        /// <summary>
        ///     Gets the pointer to the next object in the list.
        /// </summary>
        /// <param name="current">The current objects pointer.</param>
        /// <returns>SetObjectManager pointer to the next object.</returns>
        static IntPtr GetNextObjectFrom(IntPtr current) {
            var mgr = Wow64.CurrentManager;
            return Wow.Memory.Read<IntPtr>(current + mgr.VisibleObjects.m_fulllist.baseClass.m_linkoffset + IntPtr.Size);
        }

        /// <summary>
        ///     Generates the dictonary of entities.
        /// </summary>
        /// <param name="firstObject">The address to the first object of the entity list.</param>
        /// <param name="wowObjectDictionary">The dictonary to fill results with.</param>
        [SuppressMessage("ReSharper", "SwitchStatementMissingSomeCases")]
        static void CollectEntities(IntPtr firstObject, IDictionary<WowGuid, WowObject> wowObjectDictionary) {
            var typeOffset = Marshal.OffsetOf(typeof(WowObjectData), "TypeCode").ToInt32();
            var type = (WoWObjectType) Memory.Read<int>(current + typeOffset);
            var current = firstObject;
            while ((current.ToInt64() & 1) == 0 && current != IntPtr.Zero) {
                var type = (WoWObjectType) Wow.Memory.Read<int>(current + typeOffset);
                switch (type) {
                    case WoWObjectType.Item:
                        AddTo(wowObjectDictionary, new WowItem(current));
                        break;

                    case WoWObjectType.Container:
                        AddTo(wowObjectDictionary, new WowContainer(current));
                        break;

                    case WoWObjectType.Unit:
                        AddTo(wowObjectDictionary, new WowUnit(current));
                        break;

                    case WoWObjectType.Player:
                        AddTo(wowObjectDictionary, new WowPlayer(current));
                        break;

                    case WoWObjectType.GameObject:
                        AddTo(wowObjectDictionary, new WowGameObject(current));
                        break;

                    case WoWObjectType.Corpse:
                        AddTo(wowObjectDictionary, new WowCorpse(current));
                        break;

                    default:
                        AddTo(wowObjectDictionary, new WowObject(current));
                        break;
                }
                current = GetNextObjectFrom(current);
            }
        }

        static void AddTo(IDictionary<WowGuid, WowObject> wowObjects, WowObject wowObject) {
            wowObjects.Add(wowObject.Guid, wowObject);
        }
    }

[Glittering Prizes]

Thanks for the reply, I will try and do it out of process for now as the work is done for me in lazybot if I can adjust the offsets properly. But how do I find the location of ClntObjMgrEnumVisibleObjects if I wanted to do this in-process? I have been able to find all other functions through string searching in ida but not for ClntObjMgrEnumVisibleObjects in the latest build.

[lolp1]

Thanks for the reply, I will try and do it out of process for now as the work is done for me in lazybot if I can adjust the offsets properly. But how do I find the location of ClntObjMgrEnumVisibleObjects if I wanted to do this in-process? I have been able to find all other functions through string searching in ida but not for ClntObjMgrEnumVisibleObjects in the latest build.

Finding memory offsets is a whole topic on its own with lots of content out there to look up, but in general, either cheat engine + little tricks you can find over on their forums, or knowledge of basic C++/assembly and use of something like IDA or x64dbg, the second way being the hardest to learn but the best results.

@Torpedoes here tends to post useful offsets every new version of the client.
[WoW] [7.1.0.23222]

[charles420]

i don't have a pc or care enough to explain just find CurMgrOffset in objectmanger file and delete it and just copy paste torpedoes offsets 😂

[Glittering Prizes]

i don't have a pc or care enough to explain just find CurMgrOffset in objectmanger file and delete it and just copy paste torpedoes offsets ��

I isolated just the object manager and did this basically, but I must have screwed something up as I don't return any objects. This what I used from lazybot:

Code:

EntityList = Memory.Read<uint>(Memory.ReadRelative<uint>((uint)Pointers.ObjectManager.EntityList));    // read base + 0xD9A1B0 (torpedoes)
var currentObject = new PObject(Memory.Read<uint>(EntityList + (uint)Pointers.ObjectManager.FirstObject));    // read EntityList + 0x0C

while (currentObject.BaseAddress != UInt32.MinValue && currentObject.BaseAddress % 2 == UInt32.MinValue)
 {
    // do assignment based on type

    currentObject.BaseAddress = Memory.Read<uint>(currentObject.BaseAddress + (uint)Pointers.ObjectManager.NextObject);    // shift to next object (+0x44)
}

I updated the type and descriptors

Code:

// Type
public Constants.ObjectType Type
{
    get
    {
        return (Constants.ObjectType)Memory.Read<int>(new uint[] { this.BaseAddress + 10 });
    }
}

// Descriptors
public uint StorageField
{
    get
    {
        return Memory.Read<uint>(new uint[] { this.BaseAddress + 8 });    // descriptor offset was 4 in 6.2.4.21463
    }
}

I will double check and find where my mistake is.. I can't think of what else would need to be updated.


edit: you were right I was overcomplicating this I just removed the currentmgr and accessed an object like this..

Code:

var currentObject = new PObject(Memory.Read<uint>(Memory.BaseAddress + (uint)Pointers.ObjectManager.EntityList + (uint)Pointers.ObjectManager.FirstObject));

I can read objects and their type but when I try to access the GUID it always returns {0} so I'm not sure if I need to update UInt128.cs or if there is something wrong with how I access the descriptor like this.. I also tried returning it as a ulong but it's still 0.

Code:

protected T GetStorageField<T>(uint field) where T : struct
{
    return (T)Memory.ReadObject(this.StorageField + (field * 4), typeof(T));    // definition of StorageField is above (this.base + 8)
}

//var GUID = currentObject.GetStorageField<UInt128>((uint)Descriptors.CGObjectData.Guid);    // Guid descriptor = 0x0

[Glittering Prizes]

It seems to be working now a bunch of the stuff above had mistakes but basically I did what you said and replaced the currentmgr with entitylist and updated the descriptors and offsets.