57171 Retail 11.0.5 objectmgr changes menu

User Tag List

Page 1 of 3 123 LastLast
Results 1 to 15 of 44
  1. #1
    garenmain's Avatar Active Member
    Reputation
    25
    Join Date
    Sep 2021
    Posts
    7
    Thanks G/R
    1/4
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    57171 Retail 11.0.5 objectmgr changes

    Seems the objectmgr on this version changed a lot, Still figuring out how to read it

    57171 Retail 11.0.5 objectmgr changes
  2. #2
    scizzydo's Avatar Contributor
    Reputation
    182
    Join Date
    Oct 2019
    Posts
    121
    Thanks G/R
    5/76
    Trade Feedback
    0 (0%)
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by garenmain View Post
    Seems the objectmgr on this version changed a lot, Still figuring out how to read it
    It has indeed. What appears is that there is no longer the linked list on the curmgr. You can still search the active objects string to find the chained hash array. The entries used to be pair<guid, object*>, but now in the initializer it's the entity builder instead of the object pointer. The entity builder contains the guid, and the object pointer at 0x20

  3. #3
    garenmain's Avatar Active Member
    Reputation
    25
    Join Date
    Sep 2021
    Posts
    7
    Thanks G/R
    1/4
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by scizzydo View Post
    It has indeed. What appears is that there is no longer the linked list on the curmgr. You can still search the active objects string to find the chained hash array. The entries used to be pair<guid, object*>, but now in the initializer it's the entity builder instead of the object pointer. The entity builder contains the guid, and the object pointer at 0x20
    How are you traversing it? I was trying to use 0x49F26E8 + 0x8 and found some list that size equals 0x49F26D8 + 0x40 but not able to get the correct object pointer from it

    Think

    So far I tried iterating with the total count and doing this

    var entityPtr = process.Memory.Read<IntPtr>(process.Memory.Read<IntPtr>(objManagerAddress + 32) + 8 * i);

    I'm able to read the guid at 0x10 with that, however still looking for ObjectType
    Last edited by garenmain; 3 Weeks Ago at 08:08 PM.

  4. Thanks DarkLinux, gdfsxwy (2 members gave Thanks to garenmain for this useful post)
  5. #4
    scizzydo's Avatar Contributor
    Reputation
    182
    Join Date
    Oct 2019
    Posts
    121
    Thanks G/R
    5/76
    Trade Feedback
    0 (0%)
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by garenmain View Post
    How are you traversing it? I was trying to use 0x49F26E8 + 0x8 and found some list that size equals 0x49F26D8 + 0x40 but not able to get the correct object pointer from it

    Think

    So far I tried iterating with the total count and doing this

    var entityPtr = process.Memory.Read<IntPtr>(process.Memory.Read<IntPtr>(objManagerAddress + 32) + 8 * i);

    I'm able to read the guid at 0x10 with that, however still looking for ObjectType
    The structure it points to is a chained hash. 0x0 is the capacity, 0x8 is the data and 0x10 is the number of elements. The data is the chained hash node, with 0x0 being the pointer to the next node, and 0x8 being the data. The node data is a pair<guid, entitybuilder<object*>*> (I called it EntityBuilder looking at the RTTI where it's used). The entity builder has the GUID at 0x10. Then the object pointer at 0x20. From the object, the type is at 0x8

  6. Thanks DarkLinux, gdfsxwy, garenmain, thateuler, sendeos23, evil2, 84771768 (7 members gave Thanks to scizzydo for this useful post)
  7. #5
    garenmain's Avatar Active Member
    Reputation
    25
    Join Date
    Sep 2021
    Posts
    7
    Thanks G/R
    1/4
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by scizzydo View Post
    The structure it points to is a chained hash. 0x0 is the capacity, 0x8 is the data and 0x10 is the number of elements. The data is the chained hash node, with 0x0 being the pointer to the next node, and 0x8 being the data. The node data is a pair<guid, entitybuilder<object*>*> (I called it EntityBuilder looking at the RTTI where it's used). The entity builder has the GUID at 0x10. Then the object pointer at 0x20. From the object, the type is at 0x8
    Thanks, that's what I was missing!

  8. #6
    Lumi666's Avatar Member
    Reputation
    3
    Join Date
    May 2012
    Posts
    25
    Thanks G/R
    3/2
    Trade Feedback
    3 (100%)
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    I can't find the latest transport matrix on transport units ( like zepplin , it was at transport+0x118 before ), any idea on how to find it ?
    Last edited by Lumi666; 3 Weeks Ago at 12:56 PM. Reason: error in offset

  9. #7
    scizzydo's Avatar Contributor
    Reputation
    182
    Join Date
    Oct 2019
    Posts
    121
    Thanks G/R
    5/76
    Trade Feedback
    0 (0%)
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Lumi666 View Post
    I can't find the latest transport matrix on transport units ( like zepplin , it was at transport+0x110 before ), any idea on how to find it ?
    You can look at 0x1426D6D10 to get the matrix. Its the function the game uses to get an objects matrix

  10. #8
    Lumi666's Avatar Member
    Reputation
    3
    Join Date
    May 2012
    Posts
    25
    Thanks G/R
    3/2
    Trade Feedback
    3 (100%)
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Can't find this addr in my dump, can you double check and confirm pls ? Thanks for your help

  11. #9
    scizzydo's Avatar Contributor
    Reputation
    182
    Join Date
    Oct 2019
    Posts
    121
    Thanks G/R
    5/76
    Trade Feedback
    0 (0%)
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Lumi666 View Post
    Can't find this addr in my dump, can you double check and confirm pls ? Thanks for your help
    It's rebased to 0x140000000, so base + 26D6D10

  12. #10
    Lumi666's Avatar Member
    Reputation
    3
    Join Date
    May 2012
    Posts
    25
    Thanks G/R
    3/2
    Trade Feedback
    3 (100%)
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    I got the transport position and the rotation but can't figure where is the transport matrix ... Do you mind sharing an IDA screenshot of the function before this patch ? Can't find this function in my previous dump

  13. #11
    gdfsxwy's Avatar Active Member
    Reputation
    17
    Join Date
    Apr 2010
    Posts
    36
    Thanks G/R
    21/10
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

  14. #12
    evil2's Avatar Active Member
    Reputation
    27
    Join Date
    Feb 2009
    Posts
    169
    Thanks G/R
    29/9
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by scizzydo View Post
    The structure it points to is a chained hash. 0x0 is the capacity, 0x8 is the data and 0x10 is the number of elements. The data is the chained hash node, with 0x0 being the pointer to the next node, and 0x8 being the data. The node data is a pair<guid, entitybuilder<object*>*> (I called it EntityBuilder looking at the RTTI where it's used). The entity builder has the GUID at 0x10. Then the object pointer at 0x20. From the object, the type is at 0x8
    hmm, i didn't managed to fix my object manager loop, can you post a small code example?
    is 0x49F26E8 the current start ptr (for the structure)?
    thank you!

  15. #13
    thateuler's Avatar Active Member
    Reputation
    24
    Join Date
    May 2019
    Posts
    39
    Thanks G/R
    24/17
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I'm using this

    Code:
    struct om_obj {
        void **vmt;             /* 0x00 - 0x08 */
        uint8_t otype;          /* 0x08 - 0x09 */
    };
    
    struct entity_builder {
        char fill[0x10];        /* 0x00 - 0x10 */
        wGUID guid;             /* 0x10 - 0x20 */
        struct om_obj *obj;     /* 0x20 - 0x30 */
    };
    
    struct hashent {
        struct hashent *next;        /* 0x00 - 0x08 */
        wGUID guid;                  /* 0x08 - 0x18 */
        struct entity_builder *eb;   /* 0x18 - 0x28 */
    };
    
    struct objMgr {
        uint64_t numslots;       /* 0x00 - 0x08 */
        struct hashent **slots;  /* 0x08 - 0x10 */
    };
    Code:
        for (int slot_ix = 0; slot_ix < (*ps_curMgr)->numslots; slot_ix++) {
            struct hashent *e;
            for (e = (*ps_curMgr)->slots[slot_ix]; e != NULL; e = e->next) {
                //L("got obj entguid %x%x ebguid %x%x", e->guid.high, e->guid.low, e->eb->guid.high, e->eb->guid.low);
                guids[added_ix] = e->guid;
                otypes[added_ix] = e->eb->obj->otype;
                added_ix++;
                assert(added_ix < MAX);
            }
        }
    Code:
    struct om_obj *
    get_obj(wGUID guid) {
    
        uint32_t k2 = 0xA2AA033B * guid.high;
        uint32_t k1 = 0xD6D018F5 * guid.low;
        uint32_t index = (k1 + k2) % (*ps_curMgr)->numslots;
    
        struct hashent *pent;
        for(pent = (*ps_curMgr)->slots[index]; pent != NULL; pent = pent->next) {
            if (GUID_EQ(pent->guid, guid)) {
                return pent->eb->obj;
            }
        }
    
        return NULL;
    }
    The obj manager in 57171 is 0x1449f26e8. In 57212 its 0x144724718.
    Last edited by thateuler; 3 Weeks Ago at 05:08 AM. Reason: add hashmap lookup code

  16. Thanks gdfsxwy, sendeos23, evil2, goblin2kx (4 members gave Thanks to thateuler for this useful post)
  17. #14
    thateuler's Avatar Active Member
    Reputation
    24
    Join Date
    May 2019
    Posts
    39
    Thanks G/R
    24/17
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    For the folks who call blizz code to get object positions. I was reading through my crash logs and found this.

    Local Player: JackHuman, Player-69-ABCDEFG, (2444, (2179.57, -726.739, 4.63765))
    Those last 3 floats look like world coords hey. Seaching for Local Player lead me to the function at 0x142463020 (patch 57212).

  18. Thanks aeo (1 members gave Thanks to thateuler for this useful post)
  19. #15
    sendeos23's Avatar Active Member

    Reputation
    16
    Join Date
    Oct 2009
    Posts
    66
    Thanks G/R
    25/10
    Trade Feedback
    3 (100%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by thateuler View Post
    I'm using this

    Code:
    struct om_obj {
        void **vmt;             /* 0x00 - 0x08 */
        uint8_t otype;          /* 0x08 - 0x09 */
    };
    
    struct entity_builder {
        char fill[0x10];        /* 0x00 - 0x10 */
        wGUID guid;             /* 0x10 - 0x20 */
        struct om_obj *obj;     /* 0x20 - 0x30 */
    };
    
    struct hashent {
        struct hashent *next;        /* 0x00 - 0x08 */
        wGUID guid;                  /* 0x08 - 0x18 */
        struct entity_builder *eb;   /* 0x18 - 0x28 */
    };
    
    struct objMgr {
        uint64_t numslots;       /* 0x00 - 0x08 */
        struct hashent **slots;  /* 0x08 - 0x10 */
    };
    Code:
        for (int slot_ix = 0; slot_ix < (*ps_curMgr)->numslots; slot_ix++) {
            struct hashent *e;
            for (e = (*ps_curMgr)->slots[slot_ix]; e != NULL; e = e->next) {
                //L("got obj entguid %x%x ebguid %x%x", e->guid.high, e->guid.low, e->eb->guid.high, e->eb->guid.low);
                guids[added_ix] = e->guid;
                otypes[added_ix] = e->eb->obj->otype;
                added_ix++;
                assert(added_ix < MAX);
            }
        }
    Code:
    struct om_obj *
    get_obj(wGUID guid) {
    
        uint32_t k2 = 0xA2AA033B * guid.high;
        uint32_t k1 = 0xD6D018F5 * guid.low;
        uint32_t index = (k1 + k2) % (*ps_curMgr)->numslots;
    
        struct hashent *pent;
        for(pent = (*ps_curMgr)->slots[index]; pent != NULL; pent = pent->next) {
            if (GUID_EQ(pent->guid, guid)) {
                return pent->eb->obj;
            }
        }
    
        return NULL;
    }
    The obj manager in 57171 is 0x1449f26e8. In 57212 its 0x144724718.
    Thanks for this, super useful.

    I have it iterating through the list fine and I can find the active player however it seems to also contain objects which are not visible / active.
    Is there some flag on om_obj which can be used to determine if the object is visible to the player?

Page 1 of 3 123 LastLast

Similar Threads

  1. [Selling] TH 11 Clash Of Clans Change Name Avaliable King and queen 15 gw 20 MAX
    By fabiogil in forum Clash of Clans Buy Sell Trade
    Replies: 1
    Last Post: 08-24-2019, 12:12 AM
  2. [Selling] Hall 9, level 103, name can change, king 12 queen 11, only ios, $120
    By Coc Seller in forum Clash of Clans Buy Sell Trade
    Replies: 7
    Last Post: 03-22-2016, 10:58 AM
  3. [Selling] Account 9/9 Golden Heroes - 3000+ Dust - 11 Legendary Card - Full NAXX - NAME CHANGE
    By Firstbay in forum Hearthstone Buy Sell Trade
    Replies: 10
    Last Post: 04-22-2015, 07:32 AM
  4. How do I change the weather on RETAIL
    By Miles111 in forum WoW ME Questions and Requests
    Replies: 7
    Last Post: 09-03-2010, 10:45 AM
  5. Model Changing in 1.11
    By Enigma_Nova in forum World of Warcraft Model Editing
    Replies: 65
    Last Post: 11-29-2006, 06:01 PM
All times are GMT -5. The time now is 05:11 PM. Powered by vBulletin® Version 4.2.3
Copyright © 2024 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2024 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search