-
Member
[2.4.3] Reading descriptors
Hi guys,
I'm stalking this forum for ~3 week, trying to write my own bot, mainly to learn thing or two.
I'm testing it on my own private server based on MaNGOS One. WoW as well as Private servers run as virtual machine(I think it is not relevant, but maybe I'm wrong).
I'm using BlackMagic library for reading/writing WoW memory. I can successfully attach WoW process, hook end-scene. I can run LUA commands(LUA_DoString), I can do CTM, I can call WoW functions via VMT(I use for example VMT42 - GetName or VMT34 - Interact).
What I can't get to work is reading object descriptors(for example level or HP of unit (type==3)). I have all objects populated and I'm 100% sure object's BaseAddress is correct as I'm using it when I'm calling GetName.
Here is how I'm trying to do it:
Code:
for (int i = 0; i < _objects.Count; i++)
{
if (_objects[i].Type == (int)WoWOffsets.ObjectTypes.Unit)
{
//MessageBox.Show(aaa.GetName(objManager, _objects[i].BaseAddress));
int NPCID = Misc.GetUnitID(_objects[i].Guid);
String NPCName = aaa.GetName(objManager, _objects[i].BaseAddress);
int lvl = 0;
if (NPCName == "Gornek")
{
var field = (uint)WoWOffsets.eUnitFields.UNIT_FIELD_LEVEL;
field *= 4;
var m_pStorage = _wowmem.ReadUInt(_objects[i].BaseAddress + 0x08);
lvl = (int)_wowmem.ReadObject(m_pStorage + field, typeof(int));
Console.WriteLine("Found NPC with name: " + NPCName + " with NPC_ID: " + NPCID+" lvl: "+lvl); //NPCName is always OK, NPC_ID is also correct - WoWhead confirms, and lvl is always 0.
}
}
}
WoWOffsets.eUnitFields.UNIT_FIELD_LEVEL is 0x70, I took it from http://www.ownedcore.com/forums/worl...tml#post945472 ([Release] 2.4.3 Addresses) (Thanks kynox).
When I put breakpoint into last line with code(Console.WriteLine(....)), I can see that m_pStorage is 0x11b08028 and field is 0x000001c0 . When I attach OlyDBG and go to position 0x11b08028+1c0 I end-up in area that is just zero(zeros are also few lines of memory below and also few lines of memory above).
My theory is that I'm doing something very stupid(but can't really find what :( ) or in 2.4.3 version of WoW, descriptors are not accessed like:[ObjectBase+0x08]+FIELD*4. My code is based on examples that were posted for newer WoW version.
Would you be so kind and point me to right direction?
Thank you.
-
UNIT_FIELD_LEVEL is the offset, it's not an enum or index, so you don't need to multiply it by 4. Simply read the pointer at 0x8 (or 0x120) from the same object you got the object type from and add the offset like UNIT_FIELD_LEVEL. Use Cheat Engines struct viewer, should help you naviagte it better.
Also, I don't think any version of wow uses it like a 4 byte array. And in kynox example, it should be eUnitFields : eObjectFields. So you need to add the size (last offset) of eObjectFields onto the offset of eUnitFields. Or read 0x120, and use eUnitFields.
Last edited by DarkLinux; 08-22-2017 at 08:32 PM.
-
Post Thanks / Like - 1 Thanks
nemesis2578 (1 members gave Thanks to DarkLinux for this useful post)
-
Member
Thanks for your advice. I've tried both options and they both really works:
- Using [ObjectBase+0x120] and then reading directly struct eUnitFields without any *4 multiplications.
- Using [ObjectBase+0x08]+0x18 and then reading directly struct eUnitFields without any *4 multiplications.(0x14 is last item in eObjectFields and it's size is 0x04 -> 0x18)
I think this have changed between 2.4.3 and 4.x(maybe even 3.x).
I found this field *= 4 here(last two methods):
blackrainwow/WowObject.cs at master * aevitas/blackrainwow * GitHub
And also(0x08 and *4) it is referenced here:
Developing a bot for the community, need a little help.
-
If so then it comes down to how they defined their offsets. I would say most people use the direct offset vs some type index/multiplier. Not everything is on a 4 byte boundary, so I don't see any reason to do so. I would recomend reversing and coding from scratch, then you're not picking up others broken code and bad habits.
Last edited by DarkLinux; 08-23-2017 at 06:31 PM.