-
Active Member
The War Within Beta 11.0.2.55665 and ObjectManager
Hi guys!
Does anyone know what they did with ObjectManager on yesterday's beta build 11.0.2.55665?
Before that everything was as usual, even like is on retail now (10.2.7.55664): ObjectFirst = 0x120, ObjectNext = 0x18, ObjectCount = 0x10.
I cant now locate any appropriate First, Next and Count.
However, there are no changes with other offsets (with binary patterns for IDA):
ObjectManager = 0x14525DF28 ("48 8B 1D ? ? ? ? C6 05 ? ? ? ? ? 48 8B CB")
ObjectFirst = 0x120 ("44 8B 83 ? ? ? ? 48 8D 4B 10 E8 ? ? ? ? 85 C0 75 15")
ObjectNext = 0x18 ("48 89 4C 24 ? 48 89 54 24 ? 4C 89 44 24 ? 4C 89 4C 24 ? 48 83 EC 28 48 8B 05 ? ? ? ? 48 85 C0 74 10")
ObjectCount = 0x10 ("48 8D 4B 10 E8 ? ? ? ? 85 C0 75 15")
CameraStruct = 0x14515B6C8 ("48 83 3D ? ? ? ? ? 74 1E E8 ? ? ? ? 85 C0")
CameraOffset = 0x3A48 ("48 8B 89 ? ? ? ? 48 8B DA 48 85 D2")
CameraOrigin = 0x10
CharacterSelection = 0x144BADD20 ("8B 0D ? ? ? ? E8 ? ? ? ? 48 85 C0 74 1D 48 8B 08 48 39 4C 24 ? 75 13 48 8B 48 08 48 39 4C 24 ? 75 08 48 8B C8 E8 ? ? ? ? 48 83 C4 38")
IsTexting = 0x144ECF148 ("48 8B 05 ? ? ? ? 8B FA 48 8B D9")
LoadingScreen = 0x145394484 ("0F B7 0D ? ? ? ? 4C 8D 0D ? ? ? ?")
InteractGuid = 0x144ED4160+438 ("48 8D 0D ? ? ? ? E8 ? ? ? ? 41 B9 ? ? ? ? 4C 8D 05 ? ? ? ? BA ? ? ? ? 48 8B C8 E8 ? ? ? ? 48 85 C0 74 12 4C 8B C7 48 8D 0D ? ? ? ? 48 8B D0 E8 ? ? ? ? 48 8D 0D ? ? ? ?")
FocusGuid = 0x144ED6FF8 ("4C 8D 05 ? ? ? ? 41 8B D6 48 8B CB")
MouseGuid = 0x145394488 ("48 8D 0D ? ? ? ? 48 0F 44 D9")
PlayerGuid = 0x144D2E408 ("0F 11 05 ? ? ? ? E8 ? ? ? ? 8B 0D ? ? ? ? 65 48 8B 04 25 ? ? ? ?")
ZoneId = 0x145394734 ("8B 15 ? ? ? ? 4C 8D 4C 24 ? 45 33 C0 48 8D 0D ? ? ? ? E8 ? ? ? ? 48 83 C4 28")
MapId = 0x144BBB46C ("3B 05 ? ? ? ? 8B D8 89 45 77")
Outdoors = 0x145152A92 ("40 38 2D ? ? ? ? 75 53")
-
Member
I didn't check the last build, but it was different for the one I checked before. My imlementation is here if it helps: pub fn update(&mut self, game_time: f64) { self.game_time = game_ti - Pastebin.com
-
Post Thanks / Like - 1 Thanks
Kovrizha (1 members gave Thanks to Trioxygen for this useful post)
-
Active Member
Originally Posted by
Trioxygen
Trioxygen, as I can see you iterate objects through VISIBLE_OBJECTS. The structure I never touched before. As far as I know, there are several of them (ObjectManagers), but this is not certain. And it seems the one I used is gone now (0x14525DF28 in 11.0.2.55665 and 0x145127DF0 in 11.0.2.55522; Ida pattern - 48 8B 1D ? ? ? ? C6 05 ? ? ? ? ? 48 8B CB).
Trioxygen, may I ask the offset value of VISIBLE_OBJECTS you use in any beta build?
-
Member
DM me your discord handle maybe so we can talk more efficiently?
-
Active Member
I have the same problem - nothing works)))
-
Post Thanks / Like - 1 Thanks
Trioxygen (1 members gave Thanks to Tirthankara for this useful post)
-
Member
Same issue here. Using same pattern as Kovrizha. where are you folks discussing this?
-
Member
Gonna share our progress here hoping more people will share. The object manager seems to me to be split into buckets with a different hashing algrorithm. Forgoing the hashing for now (I am really not that great at reversing this), I have been able to traverse one of the buckets using next code and *think* it has the actual entities:
Code:
if let Ok(base_addr) = self
.process
.read_mem::<usize>(self.module_base_address + 0x05372F38)
{
let pointer_to_table = self.process.read_mem::<usize>(base_addr + 0x20).unwrap();
for i in 0..=0x7500 {
let pointer_to_entity_base = self
.process
.read_mem::<usize>(pointer_to_table + i * 0x8)
.unwrap();
let pointer_to_entity = self
.process
.read_mem::<usize>(pointer_to_entity_base + 0x20)
.unwrap();
if pointer_to_entity == 0xDEDEDEDEDEDEDEDE {
break;
}
let entity = Entity::new(self.process.clone(), pointer_to_entity);
println!("{:#X} {:?}", i * 8, entity);
}
}
-
Post Thanks / Like - 3 Thanks
-
Member
More updates for object_id and guid:
Code:
// addr = entity base address
pub const OBJECT_TYPE_OFFSET: usize = 0x08;
let mut guid = 0;
if let Ok(pointer_to_struct) = self.process.read_mem::<usize>(addr + 0x20) {
if let Ok(guid_from_memory) = self.process.read_mem::<i128>(pointer_to_struct + 0x8) {
guid = guid_from_memory;
}
}
let object_type = self
.process
.read_mem::<u8>(addr + OBJECT_TYPE_OFFSET)
.unwrap();
-
Post Thanks / Like - 1 Thanks
Tirthankara (1 members gave Thanks to Trioxygen for this useful post)
-
Member
Could you please tell me if 0x05372F38 is the address for ObjectManagers?
-
Member
For 11.0.2.55763 ( Beta ) yes it's 0x05372F38
-
Active Member
Code:
//11.0.0.55824
//C++
DWORD64 Mgr = module_base_addres + 0x45C1150
for (DWORD64 i = *(DWORD64*)(Mgr + 0x120); i != (Mgr + 0x120); )
{
DWORD64 Obj = i - 0x30;
DWORD64 Guid = Obj + 0x10;
BYTE type = Obj + 0x8;
i = *(DWORD64*)(i);
}
XYZ:0xB0,0x8,0x20
Last edited by gdfsxwy; 07-25-2024 at 09:18 AM.
-
Post Thanks / Like - 1 Thanks
sendeos23 (1 members gave Thanks to gdfsxwy for this useful post)
-
Active Member
yeah the object manager entries changed a bit, subtract 0x30 from next address now
Code:
struct OMitem { // partial
[FieldOffset(0x08)] byte type
[FieldOffset(0x10)] wowguid id
[FieldOffset(0x30)] long next
[FieldOffset(0x38)] long prev
}
ahh, gdfsxwy already posted it
does anyone have the new offset values for unit auras?
Last edited by evil2; 07-25-2024 at 02:27 PM.
-
Active Member
Auras offset 11.0.0.55824 ,C++
Code:
enum Auraoffset
{
Tbl = 1456,
Size = 224,
count = 1464,
buffId = 176,
Flags = 200,
CastGuid = 128,
Duration = 188,
ExpirationTime = 192,
StackCount = 204,
timeMod = 208,
};
_Count = *(_DWORD*)(Obj + Offsets::Auraoffset::count);
AuraTbls = *(_QWORD*)(Obj + Offsets::Auraoffset::Tbl);
for (int i = 0; i < _Count; i++)
{
AuraTerm = &Aura[i];
AuraTerm->SpellId = 0;
AuraTbl = (Offsets::Auraoffset::Size * i) + AuraTbls;
SpellId = *(int*)(AuraTbl + Offsets::Auraoffset::buffId);
if (SpellId)
{
AuraTerm->SpellId = SpellId;
Flags = *(_WORD*)(AuraTbl + Offsets::Auraoffset::Flags);
AuraTerm->Flags = Flags;
Int128CpyGuid(AuraTerm->CasterGuid, (AuraTbl + Offsets::Auraoffset::CastGuid));
AuraTerm->Duration = *(int*)(AuraTbl + Offsets::Auraoffset::Duration);
AuraTerm->ExpirationTime = *(int*)(AuraTbl + Offsets::Auraoffset::ExpirationTime);
AuraTerm->StackCount = *(BYTE*)(AuraTbl + Offsets::Auraoffset::StackCount);
AuraTerm->timeMod = *(float*)(AuraTbl + Offsets::Auraoffset::timeMod);
//AuraTerm->Type = (Flags >> 4) & 1;
AuraTerm->Name[0] = 0;
AuraTerm->isHarmful = (Flags & 0x10) != 0;
AuraTerm->isHelpful = ~(Flags >> 4) & 1;
}
}
-
Post Thanks / Like - 1 Thanks
evil2 (1 members gave Thanks to gdfsxwy for this useful post)
-
Member
My current offset for object manager is 0x2b139e7 based on the pattern scan from OP. Can someone verify this is the correct offset? I'm working on a DMA radar (I know, its overkill, but I have set it up in other games so it is what I know).
-
Member
Originally Posted by
rahulrs561
My current offset for object manager is 0x2b139e7 based on the pattern scan from OP. Can someone verify this is the correct offset? I'm working on a DMA radar (I know, its overkill, but I have set it up in other games so it is what I know).
I've found my mistake. I was using the address from the pattern scan rather than the address located in the instruction.