TLS based offsets/adresses

[AticAtac]

Hi,
i am looking for any offsets, structures, ... for the tls based wowbase-ptr.
How about to collect all these information here ?
I am specially interested in the mob locations and their targets, also player information, etc.

[Xarg0]

Take a look at the something more usfull for you guys thread, it should contain every thing you need, if not you are truly blind xD

[AticAtac]

Thx for the link.
Just a question:
In my bot , following the TLS tutorial, i am browsing the objects and have the
"currentobject" adress for each object. This has the following structur:

typedef struct
{
DWORD dummy1[5];
DWORD objecttype;
DWORD dummy2[6];
__int64 guid;
DWORD dummy3;
DWORD nextptr;
} WoWObject;

How can i get the player info presented in the
"Something more useful for you guys" thread ?

[Flos]

AutoIt Base Object:

; Base Object:
Func _wowObject()
return DllStructCreate( _
"dword var1;" & _ ; 0x0
"dword var2;" & _ ; 0x4
"dword DataPTR;" & _ ; 0x8
"dword var4;" & _ ; 0xC
"dword var5;" & _ ; 0x10 5
"dword ObjectType;" & _ ; 0x14
"dword var7;" & _ ; 0x18
"dword var8;" & _ ; 0x1C
"dword var9;" & _ ; 0x20
"dword var10;" & _ ; 0x24 10
"dword var11;" & _ ; 0x28
"dword var12;" & _ ; 0x2C
"uint64 GUID;" & _ ; 0x30
"dword var14;" & _ ; 0x38
"ptr NextObject") ; 0x3C 15
EndFunc


Take a look at offset 0x8

[AticAtac]

Thx, it worked !
The only thing i am missing now is the object's name.

[radegast]

Thx, it worked !
The only thing i am missing now is the object's name.

Yes, i'm missing it too. I tried to find any pointer to object's name in TLS, but with no success ... I tried it with NPC's (mage trainer) name, which should be unique, i found this string in memory on some places, but i didn't found any pointer to this place in memory ...

[AticAtac]

Its driving me crazy ....
My theory:
The names for npcs and other objects (not the players) could be in a global string table starting at a certain address. Now each object except players could have a reference value (not a pointer to the string) into the global string table. So the aim is to find out the starting address of the string table and ref value into this table in the object's structure.

But i could be wrong ...

[Flos]

@AticAtac: yap I think your right.. there is a table with a 0-terminated string-value for all the mobs/npcs (and only those). There even is a Pointer to this table:
0xDA8 in 2.3.3

BUT - and here is the kicker, the pointer just points to the Right-table entry. You still need an offset for the correct name (this table isn't that easy... there is more info than just the name).
If you want to play around and find this offset let me know, could use this as well ^^.

Anyway...it's probably easier to just ignore the names. Take a look at the "faction", for 99% of the scripts this works perfectly.

[AticAtac]

0xDA8 ? is that an offset ? From which adress ?

[Flos]

0xDA8 ? is that an offset ? From which adress ?

It's an offset from the main wowBaseObject posted above.

[AticAtac]

Didn't find the string table at that offset!
These are my pointers:

tebbase = 0x7ffdf000
tls_targetslot = 0x00212d90 from *[tebbase+0x2c]
wowbaseptr = 0x075c7d08 from *[tls_targetslot+0x8]
currentobject = 0x17b20008 from *[wowbaseptr+0xac]
wowobject = *[currentobject]
wowunit = *[currentobject+0x8]

So to which of the above addresses do you add oxda8 for the string table ?

[radegast]

@AticAtac: yap I think your right.. there is a table with a 0-terminated string-value for all the mobs/npcs (and only those). There even is a Pointer to this table:
0xDA8 in 2.3.3

hmmm .. i'm confused ... my basic language is english for playing on official servers, but for tests i use german private server .. are there are tables for all supported language and they are loaded into the memory, depending on choosen language ? I don't think so .. on the private server i choose english, but names are in german ... :confused:

[AticAtac]

Anyone an idea where the "UnitReaction" (hostility) flag in the memory is?
Whats its type ? (DWORD, WORD, BYTE ?).