Finding offsets from an object

[jockel]

Heya guys,

I'm fluent in C# and I need some help from some reverse experts.

I currently managed it to get some static pointer adresses and the object manager base by myself.

On the internet / these forums you can find alot of offsets for an object from the object manager.

So my question is, how do you find out that e.g. Rotation is at "0x7DC".
Would be awesome to get a hint on this.

Thanks and Greetings

[SKU]

There are several methods of getting these offsets. I'm far away from being an expert, but from a newb to a newb, this is how I do it:

Get the offsets by looking at functions that have something to do with what you're looking for.

Example: GetBattlefieldStatus(int idx) : 0x004FDC10
* Open WoW in OllyDbg/IDA

Code:

004FDC5F  |.  8B45 F4          MOV EAX,[LOCAL.3]                         ;  kernel32.7C839AC0
004FDC62  |.  83E8 01          SUB EAX,1
004FDC65  |.  83F8 03          CMP EAX,3
004FDC68  |.  D96D FE          FLDCW WORD PTR SS:[EBP-2]
004FDC6B  |.  0F83 89010000    JNB Wow.004FDDFA
004FDC71  |.  8D3CC5 00000000  LEA EDI,DWORD PTR DS:[EAX*8]
004FDC78  |.  2BF8             SUB EDI,EAX
004FDC7A  |.  8D3CFD 903B1601  LEA EDI,DWORD PTR DS:[EDI*8+1163B90]
004FDC81  |.  85FF             TEST EDI,EDI                              ;  ntdll.7C920208
004FDC83  |.  0F84 71010000    JE Wow.004FDDFA
004FDC89  |.  8B47 10          MOV EAX,DWORD PTR DS:[EDI+10]
004FDC8C  |.  83F8 03          CMP EAX,3                                 ;  Switch (cases 0..3)
004FDC8F  |.  77 23            JA SHORT Wow.004FDCB4
004FDC91  |.  FF2485 50DE4F00  JMP DWORD PTR DS:[EAX*4+4FDE50]           ;  Wow.004FDC98
004FDC98  |>  68 F0619400      PUSH Wow.009461F0                         ;  ASCII "none"; Case 0 of switch 004FDC8C
004FDC9D  |.  EB 1A            JMP SHORT Wow.004FDCB9
004FDC9F  |>  68 884B9500      PUSH Wow.00954B88                         ;  ASCII "queued"; Case 1 of switch 004FDC8C
004FDCA4  |.  EB 13            JMP SHORT Wow.004FDCB9
004FDCA6  |>  68 804B9500      PUSH Wow.00954B80                         ;  ASCII "confirm"; Case 2 of switch 004FDC8C
004FDCAB  |.  EB 0C            JMP SHORT Wow.004FDCB9
004FDCAD  |>  68 784B9500      PUSH Wow.00954B78                         ;  ASCII "active"; Case 3 of switch 004FDC8C
004FDCB2  |.  EB 05            JMP SHORT Wow.004FDCB9
004FDCB4  |>  68 704B9500      PUSH Wow.00954B70                         ;  ASCII "error"; Default case of switch 004FDC8C

* Recreate: NoMorePasting.com

Or you can, especially for values you can easily influece, know of what type they are and in what interval they're in, just scan for them using CE/MHS/whatever.

Face slightly northwest, scan for float values between 0 and 1, face slightly northeast, subscan between 2pi and 2pi-1, repeat if necessary.

[Cypher]

Easiest way for a newbie is:
Open memory scanner. Do an initial scan.
Turn.
Scan again.
Turn.
Scan again.
Turn.
Scan again.
etc etc

Just keep modifying the value and narrowing it down.

Easiest way for a decent reverser:
Fire up IDA, jump into a LUA API that will need to use rotation for something. Rip the offset directly from the code.

[peterwurst]

The Lua sample was very usefull for me.
Thanks for contributing.

[Cypher]

I just told you....

Use a memory scanner or reverse the binaries.

[jockel]

Yeah thank you guys,
I finally got nearly all information together.

Just a quick question, I searched for the object structures and find the following:

.rdata:0094041C aObject_field_p db 'OBJECT_FIELD_PADDING',0
.rdata:00940431 align 4
.rdata:00940434 aObject_field_s db 'OBJECT_FIELD_SCALE_X',0
.rdata:00940449 align 4
.rdata:0094044C aObject_field_e db 'OBJECT_FIELD_ENTRY',0
.rdata:0094045F align 10h
.rdata:00940460 aObject_field_t db 'OBJECT_FIELD_TYPE',0
.rdata:00940472 align 4
.rdata:00940474 aObject_field_g db 'OBJECT_FIELD_GUID',0 ; DATA XREF: .dataff_FC2C98o

I assume that this is the "basic" structure for an object in the ObjectManager, now my question is how do I find out the types of the variables in the object?

(Like OBJECT_FIELD_GUID = unsigned long or something.)

//Edit
Are these fields I found also in the correct order for the struct?

[Cypher]

Those fields have nothing to do with the object manager.

Code:

#pragma once

// WoW Build: 3.0.9.9551

enum WoWObjectFields 
{
    OBJECT_FIELD_GUID = 0x0,
    OBJECT_FIELD_TYPE = 0x2,
    OBJECT_FIELD_ENTRY = 0x3,
    OBJECT_FIELD_SCALE_X = 0x4,
    OBJECT_FIELD_PADDING = 0x5,
    TOTAL_OBJECT_FIELDS = 0x5
};

enum WoWUnitFields 
{
    UNIT_FIELD_CHARM = 0x6,
    UNIT_FIELD_SUMMON = 0x8,
    UNIT_FIELD_CRITTER = 0xA,
    UNIT_FIELD_CHARMEDBY = 0xC,
    UNIT_FIELD_SUMMONEDBY = 0xE,
    UNIT_FIELD_CREATEDBY = 0x10,
    UNIT_FIELD_TARGET = 0x12,
    UNIT_FIELD_CHANNEL_OBJECT = 0x14,
    UNIT_FIELD_BYTES_0 = 0x16,
    UNIT_FIELD_HEALTH = 0x17,
    UNIT_FIELD_POWER1 = 0x18,
    UNIT_FIELD_POWER2 = 0x19,
    UNIT_FIELD_POWER3 = 0x1A,
    UNIT_FIELD_POWER4 = 0x1B,
    UNIT_FIELD_POWER5 = 0x1C,
    UNIT_FIELD_POWER6 = 0x1D,
    UNIT_FIELD_POWER7 = 0x1E,
    UNIT_FIELD_MAXHEALTH = 0x1F,
    UNIT_FIELD_MAXPOWER1 = 0x20,
    UNIT_FIELD_MAXPOWER2 = 0x21,
    UNIT_FIELD_MAXPOWER3 = 0x22,
    UNIT_FIELD_MAXPOWER4 = 0x23,
    UNIT_FIELD_MAXPOWER5 = 0x24,
    UNIT_FIELD_MAXPOWER6 = 0x25,
    UNIT_FIELD_MAXPOWER7 = 0x26,
    UNIT_FIELD_POWER_REGEN_FLAT_MODIFIER = 0x27,
    UNIT_FIELD_POWER_REGEN_INTERRUPTED_FLAT_MODIFIER = 0x2E,
    UNIT_FIELD_LEVEL = 0x35,
    UNIT_FIELD_FACTIONTEMPLATE = 0x36,
    UNIT_VIRTUAL_ITEM_SLOT_ID = 0x37,
    UNIT_FIELD_FLAGS = 0x3A,
    UNIT_FIELD_FLAGS_2 = 0x3B,
    UNIT_FIELD_AURASTATE = 0x3C,
    UNIT_FIELD_BASEATTACKTIME = 0x3D,
    UNIT_FIELD_RANGEDATTACKTIME = 0x3F,
    UNIT_FIELD_BOUNDINGRADIUS = 0x40,
    UNIT_FIELD_COMBATREACH = 0x41,
    UNIT_FIELD_DISPLAYID = 0x42,
    UNIT_FIELD_NATIVEDISPLAYID = 0x43,
    UNIT_FIELD_MOUNTDISPLAYID = 0x44,
    UNIT_FIELD_MINDAMAGE = 0x45,
    UNIT_FIELD_MAXDAMAGE = 0x46,
    UNIT_FIELD_MINOFFHANDDAMAGE = 0x47,
    UNIT_FIELD_MAXOFFHANDDAMAGE = 0x48,
    UNIT_FIELD_BYTES_1 = 0x49,
    UNIT_FIELD_PETNUMBER = 0x4A,
    UNIT_FIELD_PET_NAME_TIMESTAMP = 0x4B,
    UNIT_FIELD_PETEXPERIENCE = 0x4C,
    UNIT_FIELD_PETNEXTLEVELEXP = 0x4D,
    UNIT_DYNAMIC_FLAGS = 0x4E,
    UNIT_CHANNEL_SPELL = 0x4F,
    UNIT_MOD_CAST_SPEED = 0x50,
    UNIT_CREATED_BY_SPELL = 0x51,
    UNIT_NPC_FLAGS = 0x52,
    UNIT_NPC_EMOTESTATE = 0x53,
    UNIT_FIELD_STAT0 = 0x54,
    UNIT_FIELD_STAT1 = 0x55,
    UNIT_FIELD_STAT2 = 0x56,
    UNIT_FIELD_STAT3 = 0x57,
    UNIT_FIELD_STAT4 = 0x58,
    UNIT_FIELD_POSSTAT0 = 0x59,
    UNIT_FIELD_POSSTAT1 = 0x5A,
    UNIT_FIELD_POSSTAT2 = 0x5B,
    UNIT_FIELD_POSSTAT3 = 0x5C,
    UNIT_FIELD_POSSTAT4 = 0x5D,
    UNIT_FIELD_NEGSTAT0 = 0x5E,
    UNIT_FIELD_NEGSTAT1 = 0x5F,
    UNIT_FIELD_NEGSTAT2 = 0x60,
    UNIT_FIELD_NEGSTAT3 = 0x61,
    UNIT_FIELD_NEGSTAT4 = 0x62,
    UNIT_FIELD_RESISTANCES = 0x63,
    UNIT_FIELD_RESISTANCEBUFFMODSPOSITIVE = 0x6A,
    UNIT_FIELD_RESISTANCEBUFFMODSNEGATIVE = 0x71,
    UNIT_FIELD_BASE_MANA = 0x78,
    UNIT_FIELD_BASE_HEALTH = 0x79,
    UNIT_FIELD_BYTES_2 = 0x7A,
    UNIT_FIELD_ATTACK_POWER = 0x7B,
    UNIT_FIELD_ATTACK_POWER_MODS = 0x7C,
    UNIT_FIELD_ATTACK_POWER_MULTIPLIER = 0x7D,
    UNIT_FIELD_RANGED_ATTACK_POWER = 0x7E,
    UNIT_FIELD_RANGED_ATTACK_POWER_MODS = 0x7F,
    UNIT_FIELD_RANGED_ATTACK_POWER_MULTIPLIER = 0x80,
    UNIT_FIELD_MINRANGEDDAMAGE = 0x81,
    UNIT_FIELD_MAXRANGEDDAMAGE = 0x82,
    UNIT_FIELD_POWER_COST_MODIFIER = 0x83,
    UNIT_FIELD_POWER_COST_MULTIPLIER = 0x8A,
    UNIT_FIELD_MAXHEALTHMODIFIER = 0x91,
    UNIT_FIELD_HOVERHEIGHT = 0x92,
    UNIT_FIELD_PADDING = 0x93,
    TOTAL_UNIT_FIELDS = 0x59
};

enum WoWPlayerFields 
{
    PLAYER_DUEL_ARBITER = 0x94,
    PLAYER_FLAGS = 0x96,
    PLAYER_GUILDID = 0x97,
    PLAYER_GUILDRANK = 0x98,
    PLAYER_BYTES = 0x99,
    PLAYER_BYTES_2 = 0x9A,
    PLAYER_BYTES_3 = 0x9B,
    PLAYER_DUEL_TEAM = 0x9C,
    PLAYER_GUILD_TIMESTAMP = 0x9D,
    PLAYER_QUEST_LOG_1_1 = 0x9E,
    PLAYER_QUEST_LOG_1_2 = 0x9F,
    PLAYER_QUEST_LOG_1_3 = 0xA0,
    PLAYER_QUEST_LOG_1_4 = 0xA1,
    PLAYER_QUEST_LOG_2_1 = 0xA2,
    PLAYER_QUEST_LOG_2_2 = 0xA3,
    PLAYER_QUEST_LOG_2_3 = 0xA4,
    PLAYER_QUEST_LOG_2_4 = 0xA5,
    PLAYER_QUEST_LOG_3_1 = 0xA6,
    PLAYER_QUEST_LOG_3_2 = 0xA7,
    PLAYER_QUEST_LOG_3_3 = 0xA8,
    PLAYER_QUEST_LOG_3_4 = 0xA9,
    PLAYER_QUEST_LOG_4_1 = 0xAA,
    PLAYER_QUEST_LOG_4_2 = 0xAB,
    PLAYER_QUEST_LOG_4_3 = 0xAC,
    PLAYER_QUEST_LOG_4_4 = 0xAD,
    PLAYER_QUEST_LOG_5_1 = 0xAE,
    PLAYER_QUEST_LOG_5_2 = 0xAF,
    PLAYER_QUEST_LOG_5_3 = 0xB0,
    PLAYER_QUEST_LOG_5_4 = 0xB1,
    PLAYER_QUEST_LOG_6_1 = 0xB2,
    PLAYER_QUEST_LOG_6_2 = 0xB3,
    PLAYER_QUEST_LOG_6_3 = 0xB4,
    PLAYER_QUEST_LOG_6_4 = 0xB5,
    PLAYER_QUEST_LOG_7_1 = 0xB6,
    PLAYER_QUEST_LOG_7_2 = 0xB7,
    PLAYER_QUEST_LOG_7_3 = 0xB8,
    PLAYER_QUEST_LOG_7_4 = 0xB9,
    PLAYER_QUEST_LOG_8_1 = 0xBA,
    PLAYER_QUEST_LOG_8_2 = 0xBB,
    PLAYER_QUEST_LOG_8_3 = 0xBC,
    PLAYER_QUEST_LOG_8_4 = 0xBD,
    PLAYER_QUEST_LOG_9_1 = 0xBE,
    PLAYER_QUEST_LOG_9_2 = 0xBF,
    PLAYER_QUEST_LOG_9_3 = 0xC0,
    PLAYER_QUEST_LOG_9_4 = 0xC1,
    PLAYER_QUEST_LOG_10_1 = 0xC2,
    PLAYER_QUEST_LOG_10_2 = 0xC3,
    PLAYER_QUEST_LOG_10_3 = 0xC4,
    PLAYER_QUEST_LOG_10_4 = 0xC5,
    PLAYER_QUEST_LOG_11_1 = 0xC6,
    PLAYER_QUEST_LOG_11_2 = 0xC7,
    PLAYER_QUEST_LOG_11_3 = 0xC8,
    PLAYER_QUEST_LOG_11_4 = 0xC9,
    PLAYER_QUEST_LOG_12_1 = 0xCA,
    PLAYER_QUEST_LOG_12_2 = 0xCB,
    PLAYER_QUEST_LOG_12_3 = 0xCC,
    PLAYER_QUEST_LOG_12_4 = 0xCD,
    PLAYER_QUEST_LOG_13_1 = 0xCE,
    PLAYER_QUEST_LOG_13_2 = 0xCF,
    PLAYER_QUEST_LOG_13_3 = 0xD0,
    PLAYER_QUEST_LOG_13_4 = 0xD1,
    PLAYER_QUEST_LOG_14_1 = 0xD2,
    PLAYER_QUEST_LOG_14_2 = 0xD3,
    PLAYER_QUEST_LOG_14_3 = 0xD4,
    PLAYER_QUEST_LOG_14_4 = 0xD5,
    PLAYER_QUEST_LOG_15_1 = 0xD6,
    PLAYER_QUEST_LOG_15_2 = 0xD7,
    PLAYER_QUEST_LOG_15_3 = 0xD8,
    PLAYER_QUEST_LOG_15_4 = 0xD9,
    PLAYER_QUEST_LOG_16_1 = 0xDA,
    PLAYER_QUEST_LOG_16_2 = 0xDB,
    PLAYER_QUEST_LOG_16_3 = 0xDC,
    PLAYER_QUEST_LOG_16_4 = 0xDD,
    PLAYER_QUEST_LOG_17_1 = 0xDE,
    PLAYER_QUEST_LOG_17_2 = 0xDF,
    PLAYER_QUEST_LOG_17_3 = 0xE0,
    PLAYER_QUEST_LOG_17_4 = 0xE1,
    PLAYER_QUEST_LOG_18_1 = 0xE2,
    PLAYER_QUEST_LOG_18_2 = 0xE3,
    PLAYER_QUEST_LOG_18_3 = 0xE4,
    PLAYER_QUEST_LOG_18_4 = 0xE5,
    PLAYER_QUEST_LOG_19_1 = 0xE6,
    PLAYER_QUEST_LOG_19_2 = 0xE7,
    PLAYER_QUEST_LOG_19_3 = 0xE8,
    PLAYER_QUEST_LOG_19_4 = 0xE9,
    PLAYER_QUEST_LOG_20_1 = 0xEA,
    PLAYER_QUEST_LOG_20_2 = 0xEB,
    PLAYER_QUEST_LOG_20_3 = 0xEC,
    PLAYER_QUEST_LOG_20_4 = 0xED,
    PLAYER_QUEST_LOG_21_1 = 0xEE,
    PLAYER_QUEST_LOG_21_2 = 0xEF,
    PLAYER_QUEST_LOG_21_3 = 0xF0,
    PLAYER_QUEST_LOG_21_4 = 0xF1,
    PLAYER_QUEST_LOG_22_1 = 0xF2,
    PLAYER_QUEST_LOG_22_2 = 0xF3,
    PLAYER_QUEST_LOG_22_3 = 0xF4,
    PLAYER_QUEST_LOG_22_4 = 0xF5,
    PLAYER_QUEST_LOG_23_1 = 0xF6,
    PLAYER_QUEST_LOG_23_2 = 0xF7,
    PLAYER_QUEST_LOG_23_3 = 0xF8,
    PLAYER_QUEST_LOG_23_4 = 0xF9,
    PLAYER_QUEST_LOG_24_1 = 0xFA,
    PLAYER_QUEST_LOG_24_2 = 0xFB,
    PLAYER_QUEST_LOG_24_3 = 0xFC,
    PLAYER_QUEST_LOG_24_4 = 0xFD,
    PLAYER_QUEST_LOG_25_1 = 0xFE,
    PLAYER_QUEST_LOG_25_2 = 0xFF,
    PLAYER_QUEST_LOG_25_3 = 0x100,
    PLAYER_QUEST_LOG_25_4 = 0x101,
    PLAYER_VISIBLE_ITEM_1_CREATOR = 0x102,
    PLAYER_VISIBLE_ITEM_1_0 = 0x104,
    PLAYER_VISIBLE_ITEM_1_PROPERTIES = 0x111,
    PLAYER_VISIBLE_ITEM_1_SEED = 0x112,
    PLAYER_VISIBLE_ITEM_1_PAD = 0x113,
    PLAYER_VISIBLE_ITEM_2_CREATOR = 0x114,
    PLAYER_VISIBLE_ITEM_2_0 = 0x116,
    PLAYER_VISIBLE_ITEM_2_PROPERTIES = 0x123,
    PLAYER_VISIBLE_ITEM_2_SEED = 0x124,
    PLAYER_VISIBLE_ITEM_2_PAD = 0x125,
    PLAYER_VISIBLE_ITEM_3_CREATOR = 0x126,
    PLAYER_VISIBLE_ITEM_3_0 = 0x128,
    PLAYER_VISIBLE_ITEM_3_PROPERTIES = 0x135,
    PLAYER_VISIBLE_ITEM_3_SEED = 0x136,
    PLAYER_VISIBLE_ITEM_3_PAD = 0x137,
    PLAYER_VISIBLE_ITEM_4_CREATOR = 0x138,
    PLAYER_VISIBLE_ITEM_4_0 = 0x13A,
    PLAYER_VISIBLE_ITEM_4_PROPERTIES = 0x147,
    PLAYER_VISIBLE_ITEM_4_SEED = 0x148,
    PLAYER_VISIBLE_ITEM_4_PAD = 0x149,
    PLAYER_VISIBLE_ITEM_5_CREATOR = 0x14A,
    PLAYER_VISIBLE_ITEM_5_0 = 0x14C,
    PLAYER_VISIBLE_ITEM_5_PROPERTIES = 0x159,
    PLAYER_VISIBLE_ITEM_5_SEED = 0x15A,
    PLAYER_VISIBLE_ITEM_5_PAD = 0x15B,
    PLAYER_VISIBLE_ITEM_6_CREATOR = 0x15C,
    PLAYER_VISIBLE_ITEM_6_0 = 0x15E,
    PLAYER_VISIBLE_ITEM_6_PROPERTIES = 0x16B,
    PLAYER_VISIBLE_ITEM_6_SEED = 0x16C,
    PLAYER_VISIBLE_ITEM_6_PAD = 0x16D,
    PLAYER_VISIBLE_ITEM_7_CREATOR = 0x16E,
    PLAYER_VISIBLE_ITEM_7_0 = 0x170,
    PLAYER_VISIBLE_ITEM_7_PROPERTIES = 0x17D,
    PLAYER_VISIBLE_ITEM_7_SEED = 0x17E,
    PLAYER_VISIBLE_ITEM_7_PAD = 0x17F,
    PLAYER_VISIBLE_ITEM_8_CREATOR = 0x180,
    PLAYER_VISIBLE_ITEM_8_0 = 0x182,
    PLAYER_VISIBLE_ITEM_8_PROPERTIES = 0x18F,
    PLAYER_VISIBLE_ITEM_8_SEED = 0x190,
    PLAYER_VISIBLE_ITEM_8_PAD = 0x191,
    PLAYER_VISIBLE_ITEM_9_CREATOR = 0x192,
    PLAYER_VISIBLE_ITEM_9_0 = 0x194,
    PLAYER_VISIBLE_ITEM_9_PROPERTIES = 0x1A1,
    PLAYER_VISIBLE_ITEM_9_SEED = 0x1A2,
    PLAYER_VISIBLE_ITEM_9_PAD = 0x1A3,
    PLAYER_VISIBLE_ITEM_10_CREATOR = 0x1A4,
    PLAYER_VISIBLE_ITEM_10_0 = 0x1A6,
    PLAYER_VISIBLE_ITEM_10_PROPERTIES = 0x1B3,
    PLAYER_VISIBLE_ITEM_10_SEED = 0x1B4,
    PLAYER_VISIBLE_ITEM_10_PAD = 0x1B5,
    PLAYER_VISIBLE_ITEM_11_CREATOR = 0x1B6,
    PLAYER_VISIBLE_ITEM_11_0 = 0x1B8,
    PLAYER_VISIBLE_ITEM_11_PROPERTIES = 0x1C5,
    PLAYER_VISIBLE_ITEM_11_SEED = 0x1C6,
    PLAYER_VISIBLE_ITEM_11_PAD = 0x1C7,
    PLAYER_VISIBLE_ITEM_12_CREATOR = 0x1C8,
    PLAYER_VISIBLE_ITEM_12_0 = 0x1CA,
    PLAYER_VISIBLE_ITEM_12_PROPERTIES = 0x1D7,
    PLAYER_VISIBLE_ITEM_12_SEED = 0x1D8,
    PLAYER_VISIBLE_ITEM_12_PAD = 0x1D9,
    PLAYER_VISIBLE_ITEM_13_CREATOR = 0x1DA,
    PLAYER_VISIBLE_ITEM_13_0 = 0x1DC,
    PLAYER_VISIBLE_ITEM_13_PROPERTIES = 0x1E9,
    PLAYER_VISIBLE_ITEM_13_SEED = 0x1EA,
    PLAYER_VISIBLE_ITEM_13_PAD = 0x1EB,
    PLAYER_VISIBLE_ITEM_14_CREATOR = 0x1EC,
    PLAYER_VISIBLE_ITEM_14_0 = 0x1EE,
    PLAYER_VISIBLE_ITEM_14_PROPERTIES = 0x1FB,
    PLAYER_VISIBLE_ITEM_14_SEED = 0x1FC,
    PLAYER_VISIBLE_ITEM_14_PAD = 0x1FD,
    PLAYER_VISIBLE_ITEM_15_CREATOR = 0x1FE,
    PLAYER_VISIBLE_ITEM_15_0 = 0x200,
    PLAYER_VISIBLE_ITEM_15_PROPERTIES = 0x20D,
    PLAYER_VISIBLE_ITEM_15_SEED = 0x20E,
    PLAYER_VISIBLE_ITEM_15_PAD = 0x20F,
    PLAYER_VISIBLE_ITEM_16_CREATOR = 0x210,
    PLAYER_VISIBLE_ITEM_16_0 = 0x212,
    PLAYER_VISIBLE_ITEM_16_PROPERTIES = 0x21F,
    PLAYER_VISIBLE_ITEM_16_SEED = 0x220,
    PLAYER_VISIBLE_ITEM_16_PAD = 0x221,
    PLAYER_VISIBLE_ITEM_17_CREATOR = 0x222,
    PLAYER_VISIBLE_ITEM_17_0 = 0x224,
    PLAYER_VISIBLE_ITEM_17_PROPERTIES = 0x231,
    PLAYER_VISIBLE_ITEM_17_SEED = 0x232,
    PLAYER_VISIBLE_ITEM_17_PAD = 0x233,
    PLAYER_VISIBLE_ITEM_18_CREATOR = 0x234,
    PLAYER_VISIBLE_ITEM_18_0 = 0x236,
    PLAYER_VISIBLE_ITEM_18_PROPERTIES = 0x243,
    PLAYER_VISIBLE_ITEM_18_SEED = 0x244,
    PLAYER_VISIBLE_ITEM_18_PAD = 0x245,
    PLAYER_VISIBLE_ITEM_19_CREATOR = 0x246,
    PLAYER_VISIBLE_ITEM_19_0 = 0x248,
    PLAYER_VISIBLE_ITEM_19_PROPERTIES = 0x255,
    PLAYER_VISIBLE_ITEM_19_SEED = 0x256,
    PLAYER_VISIBLE_ITEM_19_PAD = 0x257,
    PLAYER_CHOSEN_TITLE = 0x258,
    PLAYER_FIELD_PAD_0 = 0x259,
    PLAYER_FIELD_INV_SLOT_HEAD = 0x25A,
    PLAYER_FIELD_PACK_SLOT_1 = 0x288,
    PLAYER_FIELD_BANK_SLOT_1 = 0x2A8,
    PLAYER_FIELD_BANKBAG_SLOT_1 = 0x2E0,
    PLAYER_FIELD_VENDORBUYBACK_SLOT_1 = 0x2EE,
    PLAYER_FIELD_KEYRING_SLOT_1 = 0x306,
    PLAYER_FIELD_VANITYPET_SLOT_1 = 0x346,
    PLAYER_FIELD_CURRENCYTOKEN_SLOT_1 = 0x36A,
    PLAYER_FIELD_QUESTBAG_SLOT_1 = 0x3AA,
    PLAYER_FARSIGHT = 0x3EA,
    PLAYER__FIELD_KNOWN_TITLES = 0x3EC,
    PLAYER__FIELD_KNOWN_TITLES1 = 0x3EE,
    PLAYER_FIELD_KNOWN_CURRENCIES = 0x3F0,
    PLAYER_XP = 0x3F2,
    PLAYER_NEXT_LEVEL_XP = 0x3F3,
    PLAYER_SKILL_INFO_1_1 = 0x3F4,
    PLAYER_CHARACTER_POINTS1 = 0x574,
    PLAYER_CHARACTER_POINTS2 = 0x575,
    PLAYER_TRACK_CREATURES = 0x576,
    PLAYER_TRACK_RESOURCES = 0x577,
    PLAYER_BLOCK_PERCENTAGE = 0x578,
    PLAYER_DODGE_PERCENTAGE = 0x579,
    PLAYER_PARRY_PERCENTAGE = 0x57A,
    PLAYER_EXPERTISE = 0x57B,
    PLAYER_OFFHAND_EXPERTISE = 0x57C,
    PLAYER_CRIT_PERCENTAGE = 0x57D,
    PLAYER_RANGED_CRIT_PERCENTAGE = 0x57E,
    PLAYER_OFFHAND_CRIT_PERCENTAGE = 0x57F,
    PLAYER_SPELL_CRIT_PERCENTAGE1 = 0x580,
    PLAYER_SHIELD_BLOCK = 0x587,
    PLAYER_SHIELD_BLOCK_CRIT_PERCENTAGE = 0x588,
    PLAYER_EXPLORED_ZONES_1 = 0x589,
    PLAYER_REST_STATE_EXPERIENCE = 0x609,
    PLAYER_FIELD_COINAGE = 0x60A,
    PLAYER_FIELD_MOD_DAMAGE_DONE_POS = 0x60B,
    PLAYER_FIELD_MOD_DAMAGE_DONE_NEG = 0x612,
    PLAYER_FIELD_MOD_DAMAGE_DONE_PCT = 0x619,
    PLAYER_FIELD_MOD_HEALING_DONE_POS = 0x620,
    PLAYER_FIELD_MOD_TARGET_RESISTANCE = 0x621,
    PLAYER_FIELD_MOD_TARGET_PHYSICAL_RESISTANCE = 0x622,
    PLAYER_FIELD_BYTES = 0x623,
    PLAYER_AMMO_ID = 0x624,
    PLAYER_SELF_RES_SPELL = 0x625,
    PLAYER_FIELD_PVP_MEDALS = 0x626,
    PLAYER_FIELD_BUYBACK_PRICE_1 = 0x627,
    PLAYER_FIELD_BUYBACK_TIMESTAMP_1 = 0x633,
    PLAYER_FIELD_KILLS = 0x63F,
    PLAYER_FIELD_TODAY_CONTRIBUTION = 0x640,
    PLAYER_FIELD_YESTERDAY_CONTRIBUTION = 0x641,
    PLAYER_FIELD_LIFETIME_HONORBALE_KILLS = 0x642,
    PLAYER_FIELD_BYTES2 = 0x643,
    PLAYER_FIELD_WATCHED_FACTION_INDEX = 0x644,
    PLAYER_FIELD_COMBAT_RATING_1 = 0x645,
    PLAYER_FIELD_ARENA_TEAM_INFO_1_1 = 0x65E,
    PLAYER_FIELD_HONOR_CURRENCY = 0x670,
    PLAYER_FIELD_ARENA_CURRENCY = 0x671,
    PLAYER_FIELD_MAX_LEVEL = 0x672,
    PLAYER_FIELD_DAILY_QUESTS_1 = 0x673,
    PLAYER_RUNE_REGEN_1 = 0x68C,
    PLAYER_NO_REAGENT_COST_1 = 0x690,
    PLAYER_FIELD_GLYPH_SLOTS_1 = 0x693,
    PLAYER_FIELD_GLYPHS_1 = 0x69B,
    PLAYER_GLYPHS_ENABLED = 0x6A3,
    TOTAL_PLAYER_FIELDS = 0x10D
};

enum WoWItemFields 
{
    ITEM_FIELD_OWNER = 0x6,
    ITEM_FIELD_CONTAINED = 0x8,
    ITEM_FIELD_CREATOR = 0xA,
    ITEM_FIELD_GIFTCREATOR = 0xC,
    ITEM_FIELD_STACK_COUNT = 0xE,
    ITEM_FIELD_DURATION = 0xF,
    ITEM_FIELD_SPELL_CHARGES = 0x10,
    ITEM_FIELD_FLAGS = 0x15,
    ITEM_FIELD_ENCHANTMENT_1_1 = 0x16,
    ITEM_FIELD_ENCHANTMENT_1_3 = 0x18,
    ITEM_FIELD_ENCHANTMENT_2_1 = 0x19,
    ITEM_FIELD_ENCHANTMENT_2_3 = 0x1B,
    ITEM_FIELD_ENCHANTMENT_3_1 = 0x1C,
    ITEM_FIELD_ENCHANTMENT_3_3 = 0x1E,
    ITEM_FIELD_ENCHANTMENT_4_1 = 0x1F,
    ITEM_FIELD_ENCHANTMENT_4_3 = 0x21,
    ITEM_FIELD_ENCHANTMENT_5_1 = 0x22,
    ITEM_FIELD_ENCHANTMENT_5_3 = 0x24,
    ITEM_FIELD_ENCHANTMENT_6_1 = 0x25,
    ITEM_FIELD_ENCHANTMENT_6_3 = 0x27,
    ITEM_FIELD_ENCHANTMENT_7_1 = 0x28,
    ITEM_FIELD_ENCHANTMENT_7_3 = 0x2A,
    ITEM_FIELD_ENCHANTMENT_8_1 = 0x2B,
    ITEM_FIELD_ENCHANTMENT_8_3 = 0x2D,
    ITEM_FIELD_ENCHANTMENT_9_1 = 0x2E,
    ITEM_FIELD_ENCHANTMENT_9_3 = 0x30,
    ITEM_FIELD_ENCHANTMENT_10_1 = 0x31,
    ITEM_FIELD_ENCHANTMENT_10_3 = 0x33,
    ITEM_FIELD_ENCHANTMENT_11_1 = 0x34,
    ITEM_FIELD_ENCHANTMENT_11_3 = 0x36,
    ITEM_FIELD_ENCHANTMENT_12_1 = 0x37,
    ITEM_FIELD_ENCHANTMENT_12_3 = 0x39,
    ITEM_FIELD_PROPERTY_SEED = 0x3A,
    ITEM_FIELD_RANDOM_PROPERTIES_ID = 0x3B,
    ITEM_FIELD_ITEM_TEXT_ID = 0x3C,
    ITEM_FIELD_DURABILITY = 0x3D,
    ITEM_FIELD_MAXDURABILITY = 0x3E,
    ITEM_FIELD_PAD = 0x3F,
    TOTAL_ITEM_FIELDS = 0x26
};

enum WoWContainerFields 
{
    CONTAINER_FIELD_NUM_SLOTS = 0x6,
    CONTAINER_ALIGN_PAD = 0x7,
    CONTAINER_FIELD_SLOT_1 = 0x8,
    TOTAL_CONTAINER_FIELDS = 0x3
};

enum WoWGameObjectFields 
{
    OBJECT_FIELD_CREATED_BY = 0x6,
    GAMEOBJECT_DISPLAYID = 0x8,
    GAMEOBJECT_FLAGS = 0x9,
    GAMEOBJECT_ROTATION = 0xA,
    GAMEOBJECT_PARENTROTATION = 0xC,
    GAMEOBJECT_POS_X = 0x10,
    GAMEOBJECT_POS_Y = 0x11,
    GAMEOBJECT_POS_Z = 0x12,
    GAMEOBJECT_FACING = 0x13,
    GAMEOBJECT_DYNAMIC = 0x14,
    GAMEOBJECT_FACTION = 0x15,
    GAMEOBJECT_LEVEL = 0x16,
    GAMEOBJECT_BYTES_1 = 0x17,
    TOTAL_GAMEOBJECT_FIELDS = 0xD
};

enum WoWDynamicObjectFields 
{
    DYNAMICOBJECT_CASTER = 0x6,
    DYNAMICOBJECT_BYTES = 0x8,
    DYNAMICOBJECT_SPELLID = 0x9,
    DYNAMICOBJECT_RADIUS = 0xA,
    DYNAMICOBJECT_POS_X = 0xB,
    DYNAMICOBJECT_POS_Y = 0xC,
    DYNAMICOBJECT_POS_Z = 0xD,
    DYNAMICOBJECT_FACING = 0xE,
    DYNAMICOBJECT_CASTTIME = 0xF,
    TOTAL_DYNAMICOBJECT_FIELDS = 0x9
};

enum WoWCorpseFields 
{
    CORPSE_FIELD_OWNER = 0x6,
    CORPSE_FIELD_PARTY = 0x8,
    CORPSE_FIELD_FACING = 0xA,
    CORPSE_FIELD_POS_X = 0xB,
    CORPSE_FIELD_POS_Y = 0xC,
    CORPSE_FIELD_POS_Z = 0xD,
    CORPSE_FIELD_DISPLAY_ID = 0xE,
    CORPSE_FIELD_ITEM = 0xF,
    CORPSE_FIELD_BYTES_1 = 0x22,
    CORPSE_FIELD_BYTES_2 = 0x23,
    CORPSE_FIELD_GUILD = 0x24,
    CORPSE_FIELD_FLAGS = 0x25,
    CORPSE_FIELD_DYNAMIC_FLAGS = 0x26,
    CORPSE_FIELD_PAD = 0x27,
    TOTAL_CORPSE_FIELDS = 0xE
};

They're for the array at 0x8 in WoWObject/CGObject_C.

[jockel]

Okay thanks for clearing that up, if you don't mind I got another question:

How do I find out the type of the arrayfields? (float / int32 etc.)


And last but not least, a technical question:
Is it better to manually read only the offsets you really need, or read the whole structure from the memory?

[RiseAndShine]

just look how many bytes a field takes and then just guess, int or float, whatever makes more sense.
Reading the whole structure at once is faster than reading value by value, because ReadProcessMemory is slow i believe. So if you want to run lots of WoW Instances + Bots on the same machine and you need to optimize performance, you should minimize the use of ReadProcessMemory. Otherwise it doesn't matter that much.

[jockel]

So these are the fields a basic objects array contains at 0x8 .

Code:

.rdata:0094041C aObject_field_p db 'OBJECT_FIELD_PADDING',0
.rdata:00940431 align 4
.rdata:00940434 aObject_field_s db 'OBJECT_FIELD_SCALE_X',0
.rdata:00940449 align 4
.rdata:0094044C aObject_field_e db 'OBJECT_FIELD_ENTRY',0
.rdata:0094045F align 10h
.rdata:00940460 aObject_field_t db 'OBJECT_FIELD_TYPE',0
.rdata:00940472 align 4
.rdata:00940474 aObject_field_g db 'OBJECT_FIELD_GUID',0

Can you give me a hint on how do I find out which (types) and sizes the fields are?
Like Cypher posted in the "WoWObjectFields" enum that the GUID is 8 bytes long.

[shingetterrobo]

see -> 487DE0

wow is kind enough to give both the index number and name, you can easily recreate what he's posted by writing a tool to dump the information.