2.4.3 Offsets & Pointers menu

These ads disappear when you log in.

Shout-Out

Page 4 of 4 FirstFirst 1234
Results 46 to 59 of 59
  1. #46
    serioux's Avatar Member
    Reputation
    2
    Join Date
    Feb 2009
    Posts
    11
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    i am looking for the d3d hook addresses for 2.4.3:

    uint DX_DEVICE = 0xC5DF88;
    uint DX_DEVICE_IDX = 0x397C;
    uint ENDSCENE_IDX = 0xA8;

    But i think they are not correct. Does anybody know the correct ones?

    These ads disappear when you log in.

  2. #47
    tutrakan's Avatar Contributor CoreCoins User
    Reputation
    133
    Join Date
    Feb 2013
    Posts
    175
    Thanks G/R
    124/51
    Trade Feedback
    0 (0%)
    Originally Posted by serioux View Post
    i am looking for the d3d hook addresses for 2.4.3:

    uint DX_DEVICE = 0xC5DF88;
    uint DX_DEVICE_IDX = 0x397C;
    uint ENDSCENE_IDX = 0xA8;

    But i think they are not correct. Does anybody know the correct ones?
    It was posted just one page (2.4.3 Offsets & Pointers) back (the same page you were when you asked).
    Last edited by tutrakan; 05-09-2017 at 12:30 PM.

  3. #48
    tutrakan's Avatar Contributor CoreCoins User
    Reputation
    133
    Join Date
    Feb 2013
    Posts
    175
    Thanks G/R
    124/51
    Trade Feedback
    0 (0%)
    Originally Posted by squiggy View Post
    Been working on bag/inventory management and ive come across something which im finding somewhat confusing.
    Up until now ive found all the object descriptor fields at objBase + 0x120 but when i started looking for the item and container fields i found that they were at different offsets (item = 0x124, container = 0x3f8 ) I feel like ive misunderstood something fundamental about the structure of wow objects. I thought that any subclass of the baseObject in the objMgr list should use the same offset for their descriptor fields?

    If anyone can explain to me whats going on here i would appreciate it.
    If you take a look of the leaked alpha .dbg you will find the item and container structures as follows:
    Code:
    struct __cppobj CGItem_C : CGObject_C
    {
    	CGItemData *m_item;  
    	unsigned int m_flags;
    	VirtualItemInfo m_itemInfo;
    	unsigned int m_expirationTime;
    	unsigned int m_enchantmentExpiration[5];
    	ItemGroupSoundsRec *m_soundsRec;
    };
    
    struct __cppobj CGContainer_C : CGItem_C
    {
      CGContainerData *m_cont;
      CGBag_C m_bag;
    };
    So from here, you can see that the container descriptors ptr is at object addr + 0x120 (CGItemData *m_item), but the container descriptors ptr will be at the beginning of the container object (after the end of the item) - CGContainerData *m_cont = object addr + item size: object addr + 0x3F8 (2.4.3 Offsets & Pointers). This is because the container object contains the item object (pun intended), same as player (descriptors ptr at offset 0x1190) contains unit and the unit (descriptors ptr at offset 0x120) contains base object.
    Last edited by tutrakan; 05-09-2017 at 03:40 PM.

  4. Thanks squiggy (1 members gave Thanks to tutrakan for this useful post)
  5. #49
    DarkLinux's Avatar ★ Elder ★ CoreCoins User Authenticator enabled
    Reputation
    1406
    Join Date
    May 2010
    Posts
    1,609
    Thanks G/R
    125/409
    Trade Feedback
    14 (100%)
    Code:
    typedef int (__thiscall* dOnRightClickObject)(PVOID _this);
    int interact()
    {
    	dOnRightClickObjec _OnRightClickObject = (dOnRightClickObjec)0x00600960; // 2.4.3
    	return _OnRightClickObject(this);
    }

    Code:
    typedef int(__thiscall* dOnRightClickUnit)(PVOID _this);
    int interact()
    {
    	dOnRightClickUnit _OnRightClickUnit = (dOnRightClickUnit) 0x00619E00; // 2.4.3
    	return _OnRightClickUnit(this);
    }
    
    typedef int (__thiscall* dIsLooting)(PVOID _this);
    int IsLooting()
    {
    	dIsLootingIsLooting _IsLooting = (dIsLooting)0x0060B3E0;  //2.4.3
    	return _IsLooting(this);
    }
    
    typedef int(__thiscall* dCanLoot)(PVOID _this, PVOID _target);
    int CanLoot(PVOID _target)
    {
    	dCanLoot _CanLoot = (dCanLoot)0x005DE280; // 2.4.3
    	return _CanLoot(this, _target);
    }
    
    typedef int(__thiscall* dLootUnit)(PVOID _this, PVOID _target, PVOID unknown);
    int LootUnit(PVOID _target)
    {
    	dLootUnit _LootUnit = (dLootUnit)0x005E2460; //2.4.3
    	return _LootUnit(this, _target,  NULL);
    }
    
    typedef void (__thiscall* dSetFacing)(PVOID _this, float angle);
    PVOID SetFacing(float angle)
    {
    	dSetFacing _SetFacing = (dSetFacing)0x007B9DE0; //2.4.3
    	_SetFacing(this->m_MovementInfo, angle); //this+0x128 ->
    }
    
    typedef int(__thiscall* dUnitCanAttack)(PVOID _this, PVOID _target);
    bool UnitCanAttack(PVOID target)
    {
    	dUnitCanAttack _UnitCanAttack = (dUnitCanAttack)0x00613BD0; //2.4.3
    	return _UnitCanAttack(this, target);
    }
    
    typedef bool (__thiscall* dIsDead)(PVOID _this);
    bool IsDead()
    {
    	dIsDead _IsDead = (dIsDead)0x005E22C0; // 2.4.3
    	return _IsDead(this);
    }
    
    typedef int(__thiscall* dGetCreatureTypeIndex)(PVOID _this);
    int GetCreatureTypeIndex()
    {
    	dGetCreatureTypeIndex _GetCreatureTypeIndex = (dGetCreatureTypeIndex)0x0060D9A0; //2.4.3
    	return _GetCreatureTypeIndex(this);
    }
    
    typedef int(__thiscall* dUnitClassification)(PVOID _this);
    int UnitClassification()
    {
    	dUnitClassification _UnitClassification = (dUnitClassification)0x006080E0; //2.4.3
    	return _UnitClassification(this);
    }
    
    typedef int(__thiscall *dDismount)(PVOID _this);
    int Distmount()
    {
    	dDismount _Distmount = (dDismount)0x00622490;  //2.4.3
    	return _Distmount(this);
    }
    
    typedef int(__thiscall* dSendMovementUpdate)(PVOID _this, int unknown, int OpCode, int unknown2, int unknown3);
    int SendMovementUpdate(int OpCode = 0xDA)
    {
    	dSendMovementUpdate _SendMovementUpdate = (dSendMovementUpdate)0x0060D200; // 2.4.3
    	return _SendMovementUpdate(this, *(DWORD*)(0x00BE1E2C), OpCode, 0, 0);
    }
    Code:
    typedef int(__cdecl* dCastSpellByID)(int spellID, int unknown, DWORD64 GUID);
    static int CastSpellByID(int spellID, DWORD64 targetGUID)
    {
    	dCastSpellByID _CastSpellByID = (dCastSpellByID)0x006FC520; // 2.4.3
    	return _CastSpellByID(spellID, NULL, GUID);
    }
    
    typedef int(__thiscall* dIsSpellOnCoolDown)(PVOID _this, int spellID, int unknown, int unknown2, int unknown3, int unknown4);
    static bool IsSpellOnCoolDown(int SpellID)
    {	
    	dIsSpellOnCoolDown _IsSpellOnCoolDown = (dIsSpellOnCoolDown)0x006F8100; // 2.4.3
    	return _IsSpellOnCoolDown((PVOID)0x00E1D7F4, SpellID, 0, 0, 0, 0);
    }
    
    typedef bool(__cdecl* dIsUsableSpell)(PVOID pSpellObj, int* pUnknown, int* pUnknown2);
    static bool IsUsableSpell(int SpellID)
    {
    	int Unknown = 0;
    	CSpellInfo Obj;
    	memset(&SpellObj, 0, sizeof(CSpellInfo));
    
    	if (SpellDB->GetRow(SpellID, &SpellObj))
    	{
    		dIsUsableSpell _IsUsableSpell = (dIsUsableSpell)0x006FB800; // 2.4.3
    		return _IsUsableSpell(&SpellObj, &Unknown, &Unknown);
    	}
    
    	return false;
    }
    
    typedef int(__cdecl *dLootAllItems)(PVOID unknown);
    static void Loot()
    {
    	dLootAllItems _loot = (dLootAllItems)0x4D2590; // 2.4.3
    	_loot(NULL);
    }
    
    //OR
    
    static void SetAutoLoot()
    {
    	*(BOOL*)(0xC6E7D8) = TRUE; // 2.4.3
    }
    
    /*
    	LootWindowList 0xC894B4
    	0x20 size * 0xF list length
    	0x0 itemID
    	0x8 stack size
    
    	0xC894B4 + 0x1FC = money
    	FFFFFFFF = 0
    */
    Code:
    typedef int (__thiscall* dUpdateDisplayInfo)(PVOID _this, int unknown, int unknown2);
    static int UpdateDisplayInfo(PVOID _this)
    {
    	dUpdateDisplayInfo _UpdateDisplayInfo = (dUpdateDisplayInfo)0x00622520; // 2.4.3
    	return _UpdateDisplayInfo(_this, 1, 1);
    }
    Code:
    #define lua_State PVOID
    typedef int(__cdecl *p_lua_gettop) (lua_State L);
    p_lua_gettop gettop = (p_lua_gettop)0x0072DAE0; // 2.4.3
    
    typedef int(__cdecl *p_lua_isstring) (lua_State L, int index);
    p_lua_isstring lua_isstring = (p_lua_isstring)0x0072DE70; // 2.4.3
    
    typedef double(__cdecl *p_lua_tonumber) (lua_State L, int index);
    p_lua_tonumber lua_tonumber = (p_lua_tonumber)0x0072DF40; // 2.4.3
    
    typedef int(__cdecl *p_lua_toboolean) (lua_State L, int index);
    p_lua_toboolean lua_toboolean = (p_lua_toboolean)0x0072DFC0; // 2.4.3
    
    typedef char*(__cdecl *p_lua_tostring) (lua_State L, int index, int unknown); /*unknown = NULL*/
    p_lua_tostring lua_tostring = (p_lua_tostring)0x0072DFF0; // 2.4.3
    
    typedef int(__cdecl *p_lua_pushnumber) (lua_State L, double number);
    p_lua_pushnumber lua_pushnumber = (p_lua_pushnumber)0x0072E1A0; // 2.4.3
    
    typedef int(__cdecl *p_lua_pushstring) (lua_State L, char* string);
    p_lua_pushstring lua_pushstring = (p_lua_pushstring)0x0072E250; // 2.4.3
    
    typedef int(__cdecl *p_lua_pushboolean) (lua_State L, int boolean);
    p_lua_pushboolean lua_pushboolean = (p_lua_pushboolean)0x0072E3B0; // 2.4.3
    
    typedef const char*(__cdecl *p_lua_pushvfstring) (lua_State L, const char *fmt, va_list argp);
    p_lua_pushvfstring lua_pushvfstring = (p_lua_pushvfstring)0x0072E290; // 2.4.3
    
    typedef int(__cdecl *p_FrameScript__Register) (char* name, PVOID callback); /*void __cdecl callback(lua_State L)*/
    p_FrameScript__Register FrameScript__Register = (p_FrameScript__Register)0x007059B0; //2.4.3
    
    Invalid function patch 0x0074A199
    Code:
    pWarden = 0x00E118D4
    Scan = 0x5F06 ? 0x1D76 (typedef PVOID (__cdecl *memcpy)(PVOID buffer, PVOID address, unsigned int length);)
    WardenCall = 0x006D0BF5 (0E118D8 -> 0 -> 0 -> 8 Warden EntryPoint)
    Warden Dump
    Warden Dump 2?

    Code:
    CorpsePosition = 0x00C6EA80
    NumSpell  = 0x00C71B00
    ZoneTextDB = 0x00B9FAF8
    PetSpellBook = 0x00C70B00
    SpellBook = 0x00C6FB00
    SpellDB = 0x00BA0C00 (objSize = 0x260)
    IconDB = 0x00BA0B1C
    DurationDB = 0x00BA0ABC
    CastingTimeDB = 0x00BA0A3C
    RangeDB = 0x00BA0BDC
    CreatureTypeTextDB = 0x00B9FE98
    ClassificationTextDB = 0x00B9EF48
    PartyList = 0x00C6F6B0
    AutoSpellID = 0x00E19904
    ClientDBRegisterBase = 0x00573C90
    ComboPoints = 0x00C6E9E1
    Code:
    CGLootInfo__HasLoot = 0x004D24B0
    SendMovementUpdate = 0x0060D200
    Hacks
    Code:
    LootMounted = 0x005E254A
    WaterDismount = 0x007B9D42
    SpeedHack = 0x005D2DEB //Old Fake Lag Hack?
    InfJump = 0x007B98DE
    AirWalk = 0x006393FE
    WaterWalk = 0x0063414C
    M2Collision1 = 0x006A4B6E
    M2Collision2 = 0x006A49FE
    WMOCollision  = 0x006AC9EA
    ADTCollision = 0x006CDB40 
    NoSwim = 0x00619A57
    DBClient Dump
    Code:
    class WoWClientDb
    {
    public:
    	PVOID _vtable; 		//0x00
    	int IsLoaded; 		//0x04
    	int NumRows; 		//0x08
    	int MaxIndex; 		//0x0C
    	int MinIndex; 		//0x10
    	PVOID StringTable;	//0x14
    	PVOID FirstRow; 	//0x18
    	PVOID Rows; 		//0x1C
    
    	typedef PVOID (__thiscall* dGetRow)(PVOID _this, int index);
    	PVOID GetRow(int index)
    	{
    		dGetRow _GetRow = (dGetRow)0x004745A0;
    		return _GetRow(this, index);
    	}
    };
    
    class WoWClientDb2
    {
    public:
    	PVOID _vtable; 			//0x00
    	int IsLoaded; 			//0x04
    	int NumRows; 			//0x08
    	int MaxIndex; 			//0x0C
    	int MinIndex; 			//0x10
    	PVOID StringTable;		//0x14
    	PVOID FirstRow; 		//0x18
    	PVOID UnorderedRows; 		//0x1C
    	PVOID OrderedRows; 		//0x20
    
    	/*!!! IMPORTANT !!! Must use to unpack spell object, do not walk list manually!*/
    	typedef bool (__thiscall* dGetRow2)(PVOID _this, int index, PVOID buffer /*size = 0x260*/);
    	bool GetRow(int index, PVOID buffer)
    	{
    		dGetRow2 _GetRow = (dGetRow2)0x00466680;
    		return _GetRow(this, index, buffer);
    	}
    };
    Code:
    WoWClientDb* AnimationData = 0x00B9FA9C
    WoWClientDb* AreaPOI = 0x00B9FABC
    WoWClientDb* AreaTable = 0x00B9FADC
    WoWClientDb* AreaTrigger = 0x00B9FAFC
    WoWClientDb* AttackAnimKits = 0x00B9FB1C
    WoWClientDb* AttackAnimTypes = 0x00B9FB3C
    WoWClientDb* AuctionHouse = 0x00B9FB5C
    WoWClientDb* BankBagSlotPrices = 0x00B9FB7C
    WoWClientDb* BattlemasterList = 0x00B9FB9C
    WoWClientDb* CameraShakes = 0x00B9FBBC
    WoWClientDb* Cfg_Categories = 0x00B9FBDC
    WoWClientDb* Cfg_Configs = 0x00B9FBFC
    WoWClientDb* CharBaseInfo = 0x00B9FC1C
    WoWClientDb* CharHairGeosets = 0x00B9FC3C
    WoWClientDb* CharSections = 0x00B9FC5C
    WoWClientDb* CharStartOutfit = 0x00B9FC7C
    WoWClientDb* CharTitles = 0x00B9FC9C
    WoWClientDb* CharVariations = 0x00B9FCBC
    WoWClientDb* CharacterFacialHairStyles = 0x00B9FCDC
    WoWClientDb* ChatChannels = 0x00B9FCFC
    WoWClientDb* ChatProfanity = 0x00B9FD1C
    WoWClientDb* ChrClasses = 0x00B9FD3C
    WoWClientDb* ChrRaces = 0x00B9FD5C
    WoWClientDb* CinematicCamera = 0x00B9FD7C
    WoWClientDb* CinematicSequences = 0x00B9FD9C
    WoWClientDb* CreatureDisplayInfo = 0x00B9FDDC
    WoWClientDb* CreatureDisplayInfoExtra = 0x00B9FDBC
    WoWClientDb* CreatureFamily = 0x00B9FDFC
    WoWClientDb* CreatureModelData = 0x00B9FE1C
    WoWClientDb* CreatureSoundData = 0x00B9FE3C
    WoWClientDb* CreatureSpellData = 0x00B9FE5C
    WoWClientDb* CreatureType = 0x00B9FE7C
    WoWClientDb* DeathThudLookups = 0x00B9FE9C
    WoWClientDb* DeclinedWord = 0x00B9FEBC
    WoWClientDb* DeclinedWordCases = 0x00B9FEDC
    WoWClientDb* DurabilityCosts = 0x00B9FEFC
    WoWClientDb* DurabilityQuality = 0x00B9FF1C
    WoWClientDb* Emotes = 0x00B9FF3C
    WoWClientDb* EmotesText = 0x00B9FF9C
    WoWClientDb* EmotesTextData = 0x00B9FF5C
    WoWClientDb* EmotesTextSound = 0x00B9FF7C
    WoWClientDb* EnvironmentalDamage = 0x00B9FFBC
    WoWClientDb* Exhaustion = 0x00B9FFDC
    WoWClientDb* Faction = 0x00BA001C
    WoWClientDb* FactionGroup = 0x00B9FFFC
    WoWClientDb* FactionTemplate = 0x00BA003C
    WoWClientDb* FootprintTextures = 0x00BA005C
    WoWClientDb* FootstepTerrainLookup = 0x00BA007C
    WoWClientDb* GameObjectArtKit = 0x00BA009C
    WoWClientDb* GameObjectDisplayInfo = 0x00BA00BC
    WoWClientDb* GameTables = 0x00BA00DC
    WoWClientDb* GameTips = 0x00BA00FC
    WoWClientDb* GemProperties = 0x00BA011C
    WoWClientDb* GMSurveyCurrentSurvey = 0x00BA013C
    WoWClientDb* GMSurveyQuestions = 0x00BA015C
    WoWClientDb* GMSurveySurveys = 0x00BA017C
    WoWClientDb* GMTicketCategory = 0x00BA019C
    WoWClientDb* GroundEffectDoodad = 0x00BA01BC
    WoWClientDb* GroundEffectTexture = 0x00BA01DC
    WoWClientDb* gtCombatRatings = 0x00BA01FC
    WoWClientDb* gtChanceToMeleeCrit = 0x00BA021C
    WoWClientDb* gtChanceToMeleeCritBase = 0x00BA023C
    WoWClientDb* gtChanceToSpellCrit = 0x00BA025C
    WoWClientDb* gtChanceToSpellCritBase = 0x00BA027C
    WoWClientDb* gtNPCManaCostScaler = 0x00BA029C
    WoWClientDb* gtOCTRegenHP = 0x00BA02BC
    WoWClientDb* gtOCTRegenMP = 0x00BA02DC
    WoWClientDb* gtRegenHPPerSpt = 0x00BA02FC
    WoWClientDb* gtRegenMPPerSpt = 0x00BA031C
    WoWClientDb* HelmetGeosetVisData = 0x00BA033C
    WoWClientDb* Item = 0x00BA035C
    WoWClientDb* ItemBagFamily = 0x00BA037C
    WoWClientDb* ItemClass = 0x00BA039C
    WoWClientDb* ItemCondExtCosts = 0x00BA03BC
    WoWClientDb* ItemDisplayInfo = 0x00BA03DC
    WoWClientDb* ItemExtendedCost = 0x00BA0400
    WoWClientDb* ItemGroupSounds = 0x00BA0420
    WoWClientDb* ItemPetFood = 0x00BA0440
    WoWClientDb* ItemRandomProperties = 0x00BA0460
    WoWClientDb* ItemRandomSuffix = 0x00BA0480
    WoWClientDb* ItemSet = 0x00BA04A0
    WoWClientDb* ItemSubClass = 0x00BA04E0
    WoWClientDb* ItemSubClassMask = 0x00BA04C0
    WoWClientDb* ItemVisualEffects = 0x00BA0500
    WoWClientDb* ItemVisuals = 0x00BA0520
    WoWClientDb* LanguageWords = 0x00BA0540
    WoWClientDb* Languages = 0x00BA0560
    WoWClientDb* LfgDungeons = 0x00BA0580
    WoWClientDb* Light = 0x00BBF638
    WoWClientDb* LightFloatBand = 0x00BBF5F4
    WoWClientDb* LightIntBand = 0x00BBF5D0
    WoWClientDb* LightParams = 0x00BBF618
    WoWClientDb* LightSkybox = 0x00BBF5B0
    WoWClientDb* LiquidType = 0x00BA05A0
    WoWClientDb* LoadingScreens = 0x00BA05C0
    WoWClientDb* LoadingScreenTaxiSplines = 0x00BA05E0
    WoWClientDb* Lock = 0x00BA0600
    WoWClientDb* LockType = 0x00BA0620
    WoWClientDb* MailTemplate = 0x00BA0640
    WoWClientDb* Map = 0x00BA0660
    WoWClientDb* Material = 0x00BA0680
    WoWClientDb* NameGen = 0x00BA06A0
    WoWClientDb* NPCSounds = 0x00BA06C0
    WoWClientDb* NamesProfanity = 0x00BA06E0
    WoWClientDb* NamesReserved = 0x00BA0700
    WoWClientDb* Package = 0x00BA0720
    WoWClientDb* PageTextMaterial = 0x00BA0740
    WoWClientDb* PaperDollItemFrame = 0x00BA0760
    WoWClientDb* ParticleColor = 0x00BA0780
    WoWClientDb* PetLoyalty = 0x00BA07A0
    WoWClientDb* PetPersonality = 0x00BA07C0
    WoWClientDb* QuestInfo = 0x00BA07E0
    WoWClientDb* QuestSort = 0x00BA0800
    WoWClientDb* Resistances = 0x00BA0820
    WoWClientDb* RandPropPoints = 0x00BA0840
    WoWClientDb* ServerMessages = 0x00BA0860
    WoWClientDb* SheatheSoundLookups = 0x00BA0880
    WoWClientDb* SkillCostsData = 0x00BA08A0
    WoWClientDb* SkillLineAbility = 0x00BA08C0
    WoWClientDb* SkillLineCategory = 0x00BA08E0
    WoWClientDb* SkillLine = 0x00BA0900
    WoWClientDb* SkillRaceClassInfo = 0x00BA0920
    WoWClientDb* SkillTiers = 0x00BA0940
    WoWClientDb* SoundAmbience = 0x00BA0960
    WoWClientDb* SoundEntries = 0x00BA0980
    WoWClientDb* SoundProviderPreferences = 0x00BA09A0
    WoWClientDb* SoundSamplePreferences = 0x00BA09C0
    WoWClientDb* SoundWaterType = 0x00BA09E0
    WoWClientDb* SpamMessages = 0x00BA0A00
    WoWClientDb* SpellCastTimes = 0x00BA0A20
    WoWClientDb* SpellCategory = 0x00BA0A40
    WoWClientDb* SpellChainEffects = 0x00BA0A60
    WoWClientDb2* Spell = 0x00BA0BE0
    WoWClientDb* SpellDispelType = 0x00BA0A80
    WoWClientDb* SpellDuration = 0x00BA0AA0
    WoWClientDb* SpellEffectCameraShakes = 0x00BA0AC0
    WoWClientDb* SpellFocusObject = 0x00BA0AE0
    WoWClientDb* SpellIcon = 0x00BA0B00
    WoWClientDb* SpellItemEnchantment = 0x00BA0B20
    WoWClientDb* SpellItemEnchantmentCondition = 0x00BA0B40
    WoWClientDb* SpellMechanic = 0x00BA0B60
    WoWClientDb* SpellMissileMotion = 0x00BA0B80
    WoWClientDb* SpellRadius = 0x00BA0BA0
    WoWClientDb* SpellRange = 0x00BA0BC0
    WoWClientDb* SpellShapeshiftForm = 0x00BA0C04
    WoWClientDb* SpellVisual = 0x00BA0C64
    WoWClientDb* SpellVisualEffectName = 0x00BA0C24
    WoWClientDb* SpellVisualKit = 0x00BA0C44
    WoWClientDb* StableSlotPrices = 0x00BA0C84
    WoWClientDb* Stationery = 0x00BA0CA4
    WoWClientDb* StringLookups = 0x00BA0CC4
    WoWClientDb* SummonProperties = 0x00BA0CE4
    WoWClientDb* Talent = 0x00BA0D04
    WoWClientDb* TalentTab = 0x00BA0D24
    WoWClientDb* TaxiNodes = 0x00BA0D44
    WoWClientDb* TaxiPath = 0x00BA0D84
    WoWClientDb* TaxiPathNode = 0x00BA0D64
    WoWClientDb* TerrainType = 0x00BA0DA4
    WoWClientDb* TerrainTypeSounds = 0x00BA0DC4
    WoWClientDb* TotemCategory = 0x00BA0DE4
    WoWClientDb* TransportAnimation = 0x00BA0E04
    WoWClientDb* TransportPhysics = 0x00BA0E24
    WoWClientDb* UISoundLookups = 0x00BA0E44
    WoWClientDb* UnitBlood = 0x00BA0E84
    WoWClientDb* UnitBloodLevels = 0x00BA0E64
    WoWClientDb* VocalUISounds = 0x00BA0EA4
    WoWClientDb* WMOAreaTable = 0x00BA0EC4
    WoWClientDb* WeaponImpactSounds = 0x00BA0EE4
    WoWClientDb* WeaponSwingSounds2 = 0x00BA0F04
    WoWClientDb* Weather = 0x00BA0F24
    WoWClientDb* WorldMapArea = 0x00BA0F44
    WoWClientDb* WorldMapTransforms = 0x00BA0FA4
    WoWClientDb* WorldMapContinent = 0x00BA0F64
    WoWClientDb* WorldMapOverlay = 0x00BA0F84
    WoWClientDb* WorldSafeLocs = 0x00BA0FC4
    WoWClientDb* WorldStateUI = 0x00BA0FE4
    WoWClientDb* ZoneIntroMusicTable = 0x00BA1004
    WoWClientDb* ZoneMusic = 0x00BA1024
    WoWClientDb* WorldStateZoneSounds = 0x00BA1044
    Code:
    class CSpellInfo
    {
    public:
    	__int32 m_SpellID;					//0x0000 
    	__int32 m_School;					//0x0004 
    	__int32 m_Category;					//0x0008 
    	__int32 m_CastUI;					//0x000C 
    	__int32 m_Dispel;					//0x0010 
    	__int32 m_Mechanic;					//0x0014 
    	__int32 m_Attributes;					//0x0018 
    	__int32 m_AttributesEx;					//0x001C 
    	__int32 m_AttributesEx2;				//0x0020 
    	__int32 m_AttributesEx3;				//0x0024 
    	__int32 m_AttributesEx4;				//0x0028 
    	__int32 m_AttributesEx5;				//0x002C 
    	__int32 m_AttributesEx6;				//0x0030 
    	__int32 m_AttributesEx7;				//0x0034 
    	__int32 m_Stances;					//0x0038 
    	__int32 m_StancesNot; 					//0x003C 
    	__int32 m_Targets; 					//0x0040 
    	__int32 m_TargetCreatureType; 				//0x0044 
    	__int32 m_RequiresSpellFocus; 				//0x0048 
    	__int32 m_FacingCasterFlags;				//0x004C 
    	__int32 m_CasterAuraState; 				//0x0050 
    	__int32 m_TargetAuraState; 				//0x0054 
    	__int32 m_CastingTimeIndex; 				//0x0058 
    	__int32 m_CategoryRecoveryTime; 			//0x005C 
    	__int32 m_RecoveryTime; 				//0x0060 
    	__int32 m_InterruptFlags; 				//0x0064 
    	__int32 m_AuraInterruptFlags; 				//0x0068 
    	__int32 m_ChannelInterruptFlags; 			//0x006C 
    	__int32 m_procFlags; 					//0x0070 
    	__int32 m_procChance; 					//0x0074 
    	__int32 m_procCharges; 					//0x0078 
    	__int32 m_maxLevel; 					//0x007C 
    	__int32 m_baseLevel; 					//0x0080 
    	__int32 m_spellLevel; 					//0x0084 
    	__int32 m_DurationIndex; 				//0x0088 
    	__int32 m_powerType; 					//0x008C 
    	__int32 m_Cost; 					//0x0090 
    	__int32 m_CostPerlevel;					//0x0094 
    	__int32 m_PerSecond; 					//0x0098 
    	__int32 m_PerSecondPerLevel; 				//0x009C 
    	__int32 m_rangeIndex; 					//0x00A0 
    	float m_speed;						//0x00A4 
    	__int32 m_StackAmount;					//0x00A8 
    	__int32 m_Totem[2]; 					//0x00AC 
    	__int32 m_Reagent[8]; 					//0x00B4 
    	__int32 m_ReagentCount[8];				//0x00D4 
    	__int32 m_EquippedItemClass; 				//0x00F4 
    	__int32 m_EquippedItemSubClassMask;			//0x00F8 
    	__int32 m_EquippedItemInventoryTypeMask;		//0x00FC 
    	__int32 m_Effect[3]; 					//0x0100 
    	__int32 m_EffectDieSides[3]; 				//0x010C 
    	__int32 m_EffectBaceDice[3];				//0x0118 
    	float m_EffectDicePerLevel[3];				//0x0124 
    	float m_EffectRealPointsPerLevel[3];			//0x0130 
    	__int32 m_EffectBasePoints[3];				//0x013C 
    	__int32 m_EffectMechanic[3];				//0x0148 
    	__int32 m_EffectImplicitTargetA[3];			//0x0154 
    	__int32 m_EffectImplicitTargetB[3];			//0x0160 
    	__int32 m_EffectRadiusIndex[3];				//0x016C 
    	__int32 m_EffectApplyAuraName[3];			//0x0178 
    	__int32 m_EffectAmplitude[3];				//0x0184 
    	float m_EffectMultipleValue[3];				//0x0190 
    	__int32 m_EffectChainTarget[3];				//0x019C 
    	__int32 m_EffectItemType[3];				//0x01A8 
    	__int32 m_EffectMiscValue[3];				//0x01B4 
    	__int32 m_EffectMiscValueB[3];				//0x01C0 
    	__int32 m_EffectTriggerSpell[3];			//0x01CC 
    	float m_EffectPointsPerComboPoint[3];			//0x01D8 
    	__int32 m_SpellVisual;					//0x01E4 
    	__int32 m_SpellVisual2;					//0x01E8 
    	__int32 m_SpellIconID;					//0x01EC 
    	__int32 m_activeIconID;					//0x01F0 
    	__int32 m_spellPriority;				//0x01F4 
    	__int32 m_Unknown;					//0x01F8 
    	char* m_SpellName;					//0x01FC 
    	char* m_Rank;						//0x0200 
    	char* m_Description;					//0x0204 
    	__int32 m_ToolTip;					//0x0208 
    	__int32 m_CostPercentage;				//0x020C 
    	__int32 m_StartRecoveryCategory;			//0x0210 
    	__int32 m_StartRecoveryTime;				//0x0214 
    	__int32 m_MaxTargetLevel;				//0x0218 
    	__int32 m_SpellFamilyName;				//0x021C 
    	__int64 m_SpellFamilyFlags;				//0x0220 
    	__int32 m_MaxAffectedTargets; 				//0x0228 
    	__int32 m_DmgClass; 					//0x022C 
    	__int32 m_PreventionType; 				//0x0230 
    	__int32 m_StanceBarOrder; 				//0x0234 
    	float m_DmgMultiplier[3]; 				//0x0238 
    	__int32 m_MinFactionId; 				//0x0244 
    	__int32 m_MinReputation; 				//0x0248 
    	__int32 m_RequiredAuraVision; 				//0x024C 
    	__int32 m_TotemCategory[3]; 				//0x0250 
    	__int32 m_AreaId; 					//0x025C 
    };//Size=0x0260
    
    class CSpellRange
    {
    public:
    	__int32		m_RangeIndex;					//0x0000
    	float		m_MinRange;					//0x0004
    	float		m_MaxRange;					//0x0008
    	__int32		m_Flags;					//0x000C (0, 1, 2)
    	char*		m_Text;						//0x0010
    	char*		m_Text2;					//0x0014
    };//Size=0x0018
    
    class CSpellDuration
    {
    public:
    	__int32		m_DurationIndex;				//0x0000
    	__int32		m_Duration;					//0x0004
    	__int32		m_Unknown;					//0x0008
    	__int32		m_Duration2;					//0x000C
    
    	__int32 GetDuration()
    	{
    		return ((m_Duration / 1000) / 60);
    	}
    };//Size=0x0010
    
    class CSpellCastingTime
    {
    public:
    	__int32		m_CastingTimeIndex;				//0x0000
    	__int32		m_CastTime;					//0x0004
    	__int32		m_Unknown;					//0x0008
    	__int32		m_CastTime2;					//0x000C
    };//Size=0x0010
    
    class CSpellIcon
    {
    public:
    	__int32		m_SpellIconID;					//0x0000 
    	char*		m_Icon;						//0x0004 
    };//Size=0x0008
    
    class CSpellRadius
    {
    public:
    	__int32		m_RadiusIndex;					//0x0000
    	float		m_Radius;					//0x0004
    	__int32		m_Unknown;					//0x0008
    	float		m_Radius2;					//0x000C
    };//Size=0x0010
    
    class CAreaTable
    {
    public:
    	__int32 	m_AreaID;					//0x0000 
    	__int32 	m_MapID;					//0x0004 
    	__int32 	m_ZoneID;					//0x0008 
    	char _0x000C[32];
    	char* 		m_AreaText;					//0x002C 
    	char _0x0030[28];
    };//Size=0x004C
    Please post if you find anything wrong with my classes.

    Warden Scans (vengeancewow)
    Code:
    Address 006AC9EA, Size : 4
    Address 006075C0, Size : 6
    Address 0049DBA0, Size : 2
    Address 0049DBB2, Size : 2
    Address 006D0BF5, Size : 2
    Address 00615127, Size : 3
    Address 008C845B, Size : 5
    Address 0055F8A0, Size : 8
    Address 0049059B, Size : 2
    Address 004AB5B0, Size : 5
    Address 006376AC, Size : 2
    Address 005E00B6, Size : 6
    Address 00641707, Size : 2
    Address 00BC4AF8, Size : 4
    Address 004AF5D7, Size : 2
    Address 0052E704, Size : 2
    Address 007B98DE, Size : 2
    Address 00647418, Size : 2
    Address 00544DCD, Size : 2
    Address 006A4B6E, Size : 4
    Address 00642689, Size : 2
    Address 008C839C, Size : 4
    Address 005E5184, Size : 6
    Address 007BA4C3, Size : 3
    Address 00890608, Size : 8
    Address 007B8645, Size : 2
    Address 008F7AC8, Size : 4
    Address 007B88D2, Size : 3
    Address 004AF580, Size : 2
    Address 00749850, Size : 6
    Address 008C8398, Size : 4
    Address 0048DA51, Size : 3
    Address 00654B87, Size : 2
    Address 007BA4C0, Size : 3
    Address 007B88D5, Size : 3
    Address 0089060B, Size : 5
    Last edited by DarkLinux; 08-11-2017 at 11:41 AM.

  6. Thanks squiggy, Cargeh, demerda4, Krack3n (4 members gave Thanks to DarkLinux for this useful post)
  7. #50
    squiggy's Avatar Active Member CoreCoins User
    Reputation
    62
    Join Date
    Aug 2007
    Posts
    43
    Thanks G/R
    36/19
    Trade Feedback
    0 (0%)
    Originally Posted by DarkLinux View Post
    Code:
    class CAreaTable
    {
    public:
        __int32     m_AreaID;                    //0x0000 
        __int32     m_MapID;                    //0x0004 
        __int32     m_ZoneID;                    //0x0008 
        char _0x000C[32];
        char*         m_AreaText;                    //0x002C 
        char _0x0030[28];
    };//Size=0x004C
    I think this is what ive been calling zoneInfo in my code, (theres a list with them at: 0x00B9FAF8 ). Dword at 0x10 seem to be flags. Ive only identified one though: FlyableArea = 0x400. (pulled from script_FlyableArea)
    Last edited by squiggy; 08-06-2017 at 07:41 AM.

  8. #51
    DarkLinux's Avatar ★ Elder ★ CoreCoins User Authenticator enabled
    Reputation
    1406
    Join Date
    May 2010
    Posts
    1,609
    Thanks G/R
    125/409
    Trade Feedback
    14 (100%)
    I also called it zoneInfo/zonetext, its even in my 1st dump.

    ZoneTextDB = 0x00B9FAF8
    But when I dumped all the table names I found a different name, so I just used that.

    WoWClientDb* AreaTable = 0x00B9FADC
    Have not had any time to diff it DB/AreaTable - wowdev

  9. Thanks squiggy (1 members gave Thanks to DarkLinux for this useful post)
  10. #52
    boipus's Avatar Active Member
    Reputation
    25
    Join Date
    Apr 2018
    Posts
    4
    Thanks G/R
    2/4
    Trade Feedback
    0 (0%)
    Script is in namreeb's script dump but GetUnitReaction is at 0x610C00

    Code:
    "push " + playerPtr,
    "mov ecx, " + objectPtr,
    "call 0x610C00",
    "mov [" + resultAddress + "], eax",
    "retn"

  11. #53
    Icesythe7's Avatar Contributor CoreCoins User
    Reputation
    115
    Join Date
    Feb 2017
    Posts
    77
    Thanks G/R
    1/41
    Trade Feedback
    0 (0%)
    so I've been learning and playing with the library found here https://www.ownedcore.com/forums/wor...-callback.html ([PoC] Execute code in the main thread without hook/detour using WndProc callback) (credit to whoever it is due to) and just figured id share a little modification to the framescript execute that was posted by making an execute lua command and get result in 1 function method for anyone that needs or wants to use it

    Code:
            public static string GetLuaResult(string commandInput, string argumentInput = "nil")
            {
                try
                {
                    var command = Encoding.UTF8.GetBytes($"{commandInput + char.MinValue}");
                    var argument = Encoding.UTF8.GetBytes($"{argumentInput + char.MinValue}");
    
                    CommandBuffer.WriteBytes(command);
                    ArgumentBuffer.WriteBytes(argument);
    
                    var asm = new[]
                    {
                        "push 0",
                        $"push {CommandBuffer.Pointer}",
                        $"push {CommandBuffer.Pointer}",
                        $"call {Offsets.FrameScriptExecute}", //0x706C80
                        "add esp, 0xC",
                        "push 0",
                        "push -1",
                        $"push {ArgumentBuffer.Pointer}",
                        $"call {Offsets.GetText}", //0x707200
                        "add esp, 0xC",
                        "retn"
                    };
    
                    return LRemoteProcess.MemoryManager.ReadString(EndScene.Executor.Execute<IntPtr>(asm), Encoding.ASCII);
                }
                catch (Exception e)
                {
                    Print(e.Message, true);
                    return "nil";
                }
            }
    You can either allocate memory beforehand and overwrite it (as i do here) and dispose it later, or you could create and dispose it in the method itself although that would hurt your optimization.

    example usage
    Code:
            public static List<int> GetDefaultEnchants()
            {
                var ench = new List<int>();
    
                for (var i = 16; i < 19; i++)
                {
                    ench.Add(int.Parse(GetLuaResult($"local link = GetInventoryItemLink('player', {i}) enchid = ':0:0:' if link then enchid = link end", "enchid").Split(':', ':')[2]));
                }
    
                return ench;
            }
    C++ example
    Code:
    inline std::string GetLuaResult(const char* com, const char* arg = "nil")
    {
    	reinterpret_cast<void(__cdecl*)(const char*, const char*, int)>(0x706C80)(com, com, 0);
    	return reinterpret_cast<const char*>(reinterpret_cast<uintptr_t(__cdecl*)(const char*, unsigned int, int)>(0x707200)(arg, -1, 0));
    }
    Last edited by Icesythe7; 12-28-2018 at 01:33 PM.

  12. #54
    plude's Avatar Member
    Reputation
    1
    Join Date
    Apr 2019
    Posts
    3
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Originally Posted by squiggy View Post
    Cant seem to delete this post so im adding a few more offsets ive found instead.

    chatbuffer:

    First message: 0xC13C30
    AuthorName: 0xC
    FormattedString: 0x3C
    ContentString: 0xBF4
    NextMsg: 0x17C0
    CurBufferIndex = 0xC6D1C4 (next message will be written at this index)
    array size: 60
    These offsets don't appear to be correct, does anyone have the correct chat offsets?

  13. #55
    Valmere's Avatar Contributor CoreCoins User
    Reputation
    165
    Join Date
    Apr 2007
    Posts
    362
    Thanks G/R
    15/30
    Trade Feedback
    0 (0%)
    Anyone have drunk state offset or basically anything from malu05's old autoit machinima tool? his site's been down for (assuming) years now
    wat

  14. #56
    squiggy's Avatar Active Member CoreCoins User
    Reputation
    62
    Join Date
    Aug 2007
    Posts
    43
    Thanks G/R
    36/19
    Trade Feedback
    0 (0%)
    Originally Posted by plude View Post
    These offsets don't appear to be correct, does anyone have the correct chat offsets?
    Didnt get a notification for this quote, weird. Anyhow those addresses/offsets are fine, i think you might just be using them incorrectly. Try reading the array like this:

    Code:
    usage example:
    
    first  message content: 0xC13C30 + 0xBF4
    second message content: 0xC13C30 + 0xBF4 + 0x17C0
    third  message content: 0xC13C30 + 0xBF4 + 0x17C0 * 2
    Last edited by squiggy; 1 Week Ago at 04:31 PM.

  15. #57
    plude's Avatar Member
    Reputation
    1
    Join Date
    Apr 2019
    Posts
    3
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Originally Posted by squiggy View Post
    Try reading the array like this:

    Code:
    usage example:
    
    first  message content: 0xC13C30 + 0xBF4
    second message content: 0xC13C30 + 0xBF4 + 0x17C0
    third  message content: 0xC13C30 + 0xBF4 + 0x17C0 * 2
    I appreciate you getting back to me. This is my attempt currently:
    Code:
             for(int i = 0; i < 60; i++)
                    {
                        string message = WowProcess.ReadASCIIString((uint)Offsets.Chat.CHAT_FIRST_MESSAGE + (uint)Offsets.Chat.CHAT_CONTENT_STRING + (uint)((uint)Offsets.Chat.CHAT_NEXT_MESSAGE * i), 1);
    
                        if(!string.IsNullOrEmpty(message))
                        {
                            string [] chatFragments = WowProcess.ReadASCIIString((uint)Offsets.Chat.CHAT_FIRST_MESSAGE + (uint)Offsets.Chat.CHAT_CONTENT_STRING + (uint)((uint)Offsets.Chat.CHAT_NEXT_MESSAGE * i), 512).Trim().Split(',');
    
                            if(chatFragments.Length == 4)
                            {
                                string type = chatFragments[0].Split(new char[] { '[', ']' })[1].Trim();
                                string channel = chatFragments[1].Split(new char[] { '[', ']' })[1].Trim();
                                string text = chatFragments[3].Split(new char[] { '[', ']' })[1].Trim();
                                string playerName = chatFragments[2].Split(new char[] { '[', ']' })[1].Trim();
                            }
                        }
                    }
    Message is always an empty string. From what I can tell I am doing it the way you suggested - any further help is appreciated, thanks!

  16. #58
    squiggy's Avatar Active Member CoreCoins User
    Reputation
    62
    Join Date
    Aug 2007
    Posts
    43
    Thanks G/R
    36/19
    Trade Feedback
    0 (0%)
    Originally Posted by plude View Post
    I appreciate you getting back to me. This is my attempt currently:
    string message = WowProcess.ReadASCIIString((uint)Offsets.Chat.CHAT_FIRST_MESSAGE + (uint)Offsets.Chat.CHAT_CONTENT_STRING + (uint)((uint)Offsets.Chat.CHAT_NEXT_MESSAGE * i), 1);
    What is the the 1 parameter at the end of this this function? Not sure what library youre using but if that is the string max length you wont get anthing back, increase it, i have the content and formatted length set to 3000 i my code but that is probably just a lazy guess based on the offsets and could be wrong. Strings should be nullterminated anyways thoguh so I dont think it will make much of a difference if its a little too long. you could also leave it at the default value (probably 512) if your lib has one.

    Based on your splits it looks like youre actually looking for the formatted text field, the content field only has the raw text message. I Recommend using a debugger like cheat engine to look at data before writing any code, it helps with understanding the datastructure.

    As for iterating over the array, you have to look at the current index position of array and not go past it unless it has already filled up and wrapped around itself. I Wrote down a what i hope is a simple implementation of a class which polls the buffer. Its c#, the memory lib is greymagic. this code can obviously be massively improved, its just meant to be an example.

    Code:
        class ChatDemo
        {
            private readonly IntPtr _curBufferIndexAddr = new IntPtr(0xC6D1C4);
            private readonly List<ChatMsg> _messages = new List<ChatMsg>();
            private int _curIndex = 0;
    
    
            public List<ChatMsg> GetMessages()
            {
                return _messages;
            }
    
    
            public void Poll()
            {
                var curBufferIndex = Client.Memory.Read<int>(_curBufferIndexAddr);
    
    
                //fix wraparound
                if (_curIndex > curBufferIndex)
                {
                    for (; _curIndex < 60; _curIndex++)
                    {
                        _messages.Add(new ChatMsg(_curIndex));
                    }
    
    
                    _curIndex = 0;
                }
    
    
                for (; _curIndex < curBufferIndex; _curIndex++)
                {
                    _messages.Add(new ChatMsg(_curIndex));
                }
            }
    
    
            public class ChatMsg
            {
                private readonly IntPtr _firstMessageAddr = new IntPtr(0xC13C30);
                private int _authorOffset = 0xC;
                private int _formattedStringOffset = 0x3C;
                private int _contentStringOffset = 0xBF4;
                private int _nextMsg = 0x17C0;
    
    
                public string Author { get; private set; }
                public string FormattedText { get; private set; }
                public string Content { get; private set; }
    
    
                public ChatMsg(int index)
                {
                    Author = Client.Memory.ReadString(_firstMessageAddr + _authorOffset + _nextMsg * index, Encoding.UTF8);
                    FormattedText = Client.Memory.ReadString(_firstMessageAddr + _formattedStringOffset + _nextMsg * index, Encoding.UTF8);
                    Content = Client.Memory.ReadString(_firstMessageAddr + _contentStringOffset + _nextMsg * index, Encoding.UTF8);
                }
            }
        }

  17. #59
    plude's Avatar Member
    Reputation
    1
    Join Date
    Apr 2019
    Posts
    3
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Thanks Squiggy, that's exactly what I needed!

Page 4 of 4 FirstFirst 1234

Similar Threads

  1. (help) locating base with offset as pointers in HEXWORKSHOP
    By danielx in forum WoW Memory Editing
    Replies: 1
    Last Post: 04-20-2013, 04:18 AM
  2. Problem with offsets and pointers
    By Neverhaven in forum WoW Memory Editing
    Replies: 10
    Last Post: 10-01-2009, 09:08 AM
  3. Finding Pointers and Offsets
    By PharmerPhale in forum MMO Exploits|Hacks
    Replies: 5
    Last Post: 04-21-2009, 04:07 PM
  4. TLS pointer offset
    By snackerr in forum WoW Memory Editing
    Replies: 3
    Last Post: 12-26-2008, 01:26 PM
  5. [Guide] Finding Pointers and Offset Manually.
    By PopcornWoW in forum World of Warcraft Guides
    Replies: 1
    Last Post: 12-23-2007, 07:49 AM
All times are GMT -5. The time now is 11:22 PM. Powered by vBulletin® Version 4.2.3
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved. Digital Point modules: Sphinx-based search