WowClassic 1.15.6.58797 Offsets

**pickleback** · 01-28-2025

1.15.6.58797

ObjectManager Offset: 0x038E6490
PlayerGuid Offset: 0x038966E0
MouseoverGuid Offset: 0x039B0DC8
PlayerTargetGuid Offset: 0x0367AD58
ZoneText Offset: 0x039B0030
Camera Offset: 0x038921A8
FrameBase Offset: 0x03677CB8
LoadedAddOns Offset: 0x0342F638
LoadedAddOnCount Offset: 0x03A09A98
LoadingScreen Offset: 0x03BC7888

1.15.6.58844

ObjectManager Offset: 0x35A5888
PlayerGuid Offset: 0x035B96F0
MouseoverGuid Offset: 0x036D3DE8
PlayerTargetGuid Offset: 0x0339DD68
ZoneText Offset: 0x036D3050
Camera Offset: 0x035B51B8
FrameBase Offset: 0x0339ACC8
LoadedAddOns Offset: 0x03152638
LoadedAddOnCount Offset: 0x0372CAA8
LoadingScreen Offset: 0x038EA888

Hope this helps, I'm pretty new and trying to get into all this, wrote a scanner based on other information found here.
I will add more values asap.

**Cooldude** · 01-28-2025

How do you find the objectmanager offset manually with static analysis? I found the .rdata:0000000142D89FD8 aObjectManagerL db 'Object manager list status: (use gmvision to see server onlys)',0

But I'm not sure what to do from here?

**pickleback** · 01-28-2025

Originally Posted by Cooldude

How do you find the objectmanager offset manually with static analysis? I found the .rdata:0000000142D89FD8 aObjectManagerL db 'Object manager list status: (use gmvision to see server onlys)',0

But I'm not sure what to do from here?

Looking through dumps now, but I found it initially with the pattern: "48 8B 0D ?? ?? ?? ?? 48 83 3D". I believe it's correct but still investigating.

**ncxzxcfdb8112** · 01-28-2025

@Cooldude you f5 this function or just look at it from start to bottom and you can clearly see object manager address

**surrept** · 01-28-2025

Originally Posted by Cooldude

How do you find the objectmanager offset manually with static analysis? I found the .rdata:0000000142D89FD8 aObjectManagerL db 'Object manager list status: (use gmvision to see server onlys)',0

But I'm not sure what to do from here?

there are also some previous threads on how to do it:
Google Search

**Cooldude** · 01-28-2025

@ncxzxcfdb8112

I don't understand how to find the function itself, there's no xrefs on the rdata gmvision line i'm looking at, how do I find the actual function associated with this rdata section? Thanks

**pickleback** · 01-28-2025

Originally Posted by Cooldude

@ncxzxcfdb8112

I don't understand how to find the function itself, there's no xrefs on the rdata gmvision line i'm looking at, how do I find the actual function associated with this rdata section? Thanks

IDA finds an xref for me...
xref1.jpg

**mazer** · 01-28-2025

search for string "Objects waiting to be freed" you'll land right in the objectmanager.
or from the rdata, right click, find cross references, there is only one.

edit: bugged screenshot...

**Cooldude** · 01-28-2025

I think your screenshot upload bugged out. I'm a noob to IDA so I'm probably doing this completely wrong, but I have it open in here and see the rdata, i right click and there's no option to even jump to xref listed. I tried the shortcut just pressing x and it says there are no xrefs and it fails. This is IDA Pro 8.3, I just did file, open, navigated to the \_classic_era_\ and selected WoWClassic.exe to open in IDA

edit: i removed my screenshot as well since it bugged out, here's a re upload

IDA.png

**pickleback** · 01-28-2025

Originally Posted by Cooldude

I think your screenshot upload bugged out. I'm a noob to IDA so I'm probably doing this completely wrong, but I have it open in here and see the rdata, i right click and there's no option to even jump to xref listed. I tried the shortcut just pressing x and it says there are no xrefs and it fails. This is IDA Pro 8.3, I just did file, open, navigated to the \_classic_era_\ and selected WoWClassic.exe to open in IDA

edit: i removed my screenshot as well since it bugged out, here's a re upload

IDA.png

dump it with GitHub - scizzydo/memdump: Windows x64 PE process memory dumper to disk and load the dumped exe in ida

**mazer** · 01-28-2025

heres the screen again.
Screenshot 2025-01-28 214443.png
rightclick the var / data. not the string...
also, just use ida 9 free.

and as pickleback said, use a dumped pe

**Cooldude** · 01-28-2025

Thank you, I got it working after using that dumper. I still don't understand how you would get the object manager offset from this. I was trying to learn myself instead of just being spoon fed the object manager offset every time it changes but clearly I have a ways to go

dump.png

I googled and found a couple examples in the past of people doing this a few years back and they said they use the psuedocode and then the third argument which they renamed to "s_curMgr" is always the object manager, but I don't see any third argument anymore on that same line, it's now formatted differently when you press f5 to get the pseudocode.

**dreadcraft** · 01-29-2025

Code:

# 1.15.6.58844
object_manager = 0x35A5888 # strings subview > "objects waiting to be freed" > 1st QWORD encountered from top of function
player_guid = 0x35B96F0
mouseover_guid = 0x36D3DE8
chat_frame_open = 0x0 # no working ptr as of 1.15.4.x
zone_text = 0x36D3050 # byte-code sig updated for 1.15.5.x
subzone_text = zone_text + 0x8
minimap_zone_text = subzone_text + 0x8
player_target_guid = 0x339DD68
last_target_guid = player_target_guid + 0x10
camera_manager = 0x35B51B8

# notable offset changess
player_field_inventory = 0x138F0
camera = 0x3A58

also entity builder struct now points to wow object struct at 0x28 instead of 0x20... hopefully that helps you update your object manager code if you haven't already.

**mazer** · 01-29-2025

Code:

public const ulong OBJECT_MANAGER = 0x35A5888;
public const ulong PLAYER_GUID = 0x35B96F0;
public const ulong MOUSEOVER_GUID = 0x36D3DE8;
public const ulong PLAYER_TARGET_GUID = 0x339DD68;
public const ulong ZONE_TEXT = 0x36D3050;


public const ulong GAME_STATE = 0x390C48C;
public const ulong SUB_AREA_ID = 0x36D3CF4;
public const ulong AREA_ID = 0x36D3CF0;
public const ulong ZONE_ID = 0x36D3D00;


public const ulong CAMERA = 0x35B51B8;
public const ulong CAMERA_2 = 0x3A58;


public const ulong FRAMEBASE = 0x339ACC8;
public const ulong FRAME_OFFSET_1 = 0xF18;
public const ulong FRAME_OFFSET_2 = 0x148;


public const int ENTITY_ARRAY = 0x8;
public const int ENTITY_COUNT = 0x10;
public const int HASH_ARRAY_MAX = 0x40;
public const int HASH_ARRAY = 0x48;
public const int HASH_ARRAY_COUNT = 0x50;


public const int ENTITY_GUID = 0x10;
public const int ENTITY_OBJECT = 0x28;


public const int OBJECT_TYPE = 0x8;
public const int OBJECT_GUID = 0x18;
public const int OBJECT_ID = 0xC8;

framebase handling changed as it looks, anybody has updates on this?

edit: framebase update:

Code:

public const ulong FRAMEBASE = 0x339ACC8;
public const ulong FRAME_OFFSET_1 = 0xF18;
public const ulong FRAME_OFFSET_2 = 0x150;
public const ulong FRAME_NAME = 0x20;
public const ulong FRAME_TEXT = 0x1D8;
public const ulong FRAME_CHILDREN = 0x170;

**Mr.Sergey** · 01-29-2025

For those who couldn't find a solution – the ObjectEntity structure is now the same as in the client for retail:

Code:

public struct ObjectEntity
{
    [FieldOffset(0x0)] public long CategoryPtr;
    [FieldOffset(0x18)] public UInt128 Guid;
    [FieldOffset(0x28)] public long ObjectBase;
}

Shout-Out

User Tag List

Thread: WowClassic 1.15.6.58797 Offsets

Thread Tools

Search Thread

WowClassic 1.15.6.58844 and 58797 Offsets

Similar Threads

WowClassic 1.15.5.58555 Offsets

WowClassic 1.15.5.57979 Offsets

WoW Classic 1.15.4.56738 Bot and Offsets

WoW Classic Era 1.15.3, Object Manager / Object Traversal / Offsets

3.15 Some useful static offsets (GameState based)

OwnedCore Forums

casino

CoreCoins

My OwnedCore

About Us

Casino