[Question/help] Object Manager (not the same as the other topic lol)

[Därkness]

Ok so i've been trying to get the object manager to work for a few days now and I haven't had any success :S. I read through
http://www.mmowned.com/forums/wow-me...e-objects.html and [Tut] Using Object Manager as well as looked for questions people have asked on the same topic and the source of a radar hack...., still no dice.

So basicly I came to the conclusion that a) I'm retarded and can't code for shit, b) im using the wrong offsets c) theres a error in my code or d) Im Doing It Wrong. Or all of the above.

I need a bit of help/guidence :S anyway heres what I can do:
uint CurrMgr = readmem(readmem(ClientConnection ) + CurrMgrOffset )
int64 LocalGuid = readmem(CurrMgr + LocalGUIDOffset )

Offsets i'm using:
ClientConnection = $00BB43F0;
CurrMgrOffset = $2EB0;
FirstObjectOffset = $AC;
NextObjectOffset = $3C;
LocalGUIDOffset = $C0; //Offset from currmanager
GuidOffset = $30;
TypeOffset = $14;

How i've gathered that the object manager works:
Find the CurrMgr/make function that returns it

FirstAddress = The base address of the first object in the list, from which you can get the GUID, type, descriptors etc = Readmem(CurrMgr + FirstObjectOffset)

All addresses after that: ReadMem(Base address of the object before them + NextObjectOffset)
So if you wanted to find the base address of the second object you would go Readmem(Readmem(CurrMgr + FirstObjectOffset) + NextObjectOffset)

So then, in order to construct a array of objects that are loaded, you loop adding the NextObjectOffset to the previousobject.baseaddress until nextobject.baseaddress = 0, which will happen when it is at the end of the object manager. Inside that loop you can do things like create a new object in a array of (whatever class you made to hold for example gameobjects, which class you use is defined by readmem(baseaddress+TypeOffset).

Sooo in delphi code:

Code:

function TWoWObjectManager.Count(WoWMaster: TWoWMaster): integer;
//Returns how many objects are loaded
var
  LastAddress: Cardinal;
begin
  result:= 0;
  lastAddress:= Read4byteint( (CurrMgr(WoWMaster) + FirstObjectOffset), WoWMaster  );
  while (lastAddress <> 0) do
  begin
    result:= Result + 1;
    lastAddress:= Read4byteint( (lastAddress + NextObjectOffset), WoWMaster  );
  end;
end;

Ignore the retarded wowmaster, thats just the HWND/Class I use to set it up.

Well that was a long ramble :S I think I better sleep on it since its 2am, hope someone can help or at least point me in the right direction

EDIT: Fixed it it was running in an infinite loop because my nextObject.baseaddress wasn't 0 at the end of the list
Somewhat fixed:

Code:

function TWoWObjectManager.Count(WoWMaster: TWoWMaster): integer;
var
  NextObject, LastObject, ObjType: Cardinal;
  x: Integer;
begin
  NextObject:= Read4ByteInt((CurrMgr(WoWMaster)+ xFirstObject), WoWMaster);
  x:= 0;
  While (NextObject <> 0) do
  begin
    LastObject:= NextObject;
    NextObject:= Read4ByteInt((LastObject+ xNextObject), WoWMaster);
    ObjType:= Read4byteInt((NextObject + xType), WoWMaster);
    {OK so this is what I had trouble with - NextObject does NOT return 0 when end of struct
    so I basicly made this dodgy fix, if the objects type is >7 ie NOT AN OBJECT then
    cancel the loop, so it doesnt go on forever....}
    if (ObjType > 7) then
      NextObject:= 0;
    x:= x + 1;
  end;
  result:= x;
end;

[Därkness]

Omfg im an idiot.... got it to work /cheer DDD

[adaephon]

Just noticed your sig xD best series!!

[Därkness]

Just noticed your sig xD best series!!

xD yer lol it is

[Ploski]

Maybe u can tell us how u fixed that, so other people with the same prob can get the solution too

[Seifer]

First of all, I wanted to say stop AutoIt, but whatever floats your boat.

You were right about how to obtain the baseaddress for the first object, and any consecutive object, but I can't see you using the TLS to obtain the CurMgr anywhere. The following code is (I believe) Shynd's, but has been adapted widely:

Code:

private static string TLSPattern { get { return "EB 02 33 C0 8B D 00 00 00 00 64 8B 15 00 00 00 00 8B 34 8A 8B D 00 00 00 00 89 81 00 00 00 00"; } }
        private static string TLSMask { get { return "xxxxxx????xxx????xxxxx????xx????"; } }

Then, in order to find the actual ThreadLocalStorage, you use BlackMagic's (either the C-style or AutoIt version) FindPattern method to perform the following:

Code:

ThreadLocalStorage = Memory.FindPattern(TLSPattern, TLSMask);

And finally, you obtain the CurMgr using something similar to:

Code:

CConnection = Memory.ReadUInt(Memory.ReadUInt(ThreadLocalStorage + 0x16));
                    CConnectionOffset = Memory.ReadUInt(ThreadLocalStorage + 0x1C);
                    CurrentManager = Memory.ReadUInt(CConnection + CConnectionOffset);

From then on, to obtain the first object you were actually correct, it's obtained by reading from CurMgr + FirstObject:

Code:

var currentObject = new WowObject(Memory.ReadUInt(CurrentManager + (uint) Offsets.ObjectManager.FirstObject));

Iterate through it, until there's no "NextObject" available anymore (end of the object list), and you should be good to go.

A good resource for this is also Shynd's blog post.

[adaephon]

What AutoIt? His code is Delphi

[Xarg0]

No it's pascal lulz

[Därkness]

First of all, I wanted to say stop AutoIt, but whatever floats your boat.

You were right about how to obtain the baseaddress for the first object, and any consecutive object, but I can't see you using the TLS to obtain the CurMgr anywhere. The following code is (I believe) Shynd's, but has been adapted widely:

Code:

private static string TLSPattern { get { return "EB 02 33 C0 8B D 00 00 00 00 64 8B 15 00 00 00 00 8B 34 8A 8B D 00 00 00 00 89 81 00 00 00 00"; } }
        private static string TLSMask { get { return "xxxxxx????xxx????xxxxx????xx????"; } }

Then, in order to find the actual ThreadLocalStorage, you use BlackMagic's (either the C-style or AutoIt version) FindPattern method to perform the following:

Code:

ThreadLocalStorage = Memory.FindPattern(TLSPattern, TLSMask);

And finally, you obtain the CurMgr using something similar to:

Code:

CConnection = Memory.ReadUInt(Memory.ReadUInt(ThreadLocalStorage + 0x16));
                    CConnectionOffset = Memory.ReadUInt(ThreadLocalStorage + 0x1C);
                    CurrentManager = Memory.ReadUInt(CConnection + CConnectionOffset);

From then on, to obtain the first object you were actually correct, it's obtained by reading from CurMgr + FirstObject:

Code:

var currentObject = new WowObject(Memory.ReadUInt(CurrentManager + (uint) Offsets.ObjectManager.FirstObject));

Iterate through it, until there's no "NextObject" available anymore (end of the object list), and you should be good to go.

A good resource for this is also Shynd's blog post.

Thanks for the info, its pascal not autoit btw, I find delphi is easyer then C#, the only other language i have a almost halfway-decent understanding of, since it was the first developing environment I ever learned to use ^^. Im assuming this is for finding the CurrMgr through patches? IE the pattern survies the offset change. I avoided this method due to lack of experience working with this kind of thing so i used "raw" offsets that were posted in the object dump xD. I'll do my best at getting my head around this at a later date.

Ploski what I did was delete all the code I wrote and rewrite it when I wasn't asleep, kinda helped xDDD. I figured out that using the method I was using, the nextAddress that was out of the object list wasn't returning 0, so i did a type check to see if its < 8. I think i'll post my delphi component im writing for the object manager if I get it up to sharing standard and actualy comment it, for other people to learn from/people who also use delphi ^^

[Seifer]

Thanks for the info, its pascal not autoit btw, I find delphi is easyer then C#, the only other language i have a almost halfway-decent understanding of, since it was the first developing environment I ever learned to use ^^. Im assuming this is for finding the CurrMgr through patches? IE the pattern survies the offset change. I avoided this method due to lack of experience working with this kind of thing so i used "raw" offsets that were posted in the object dump xD. I'll do my best at getting my head around this at a later date.

Ploski what I did was delete all the code I wrote and rewrite it when I wasn't asleep, kinda helped xDDD. I figured out that using the method I was using, the nextAddress that was out of the object list wasn't returning 0, so i did a type check to see if its < 8. I think i'll post my delphi component im writing for the object manager if I get it up to sharing standard and actualy comment it, for other people to learn from/people who also use delphi ^^

Sorry, I only read the variable declarations codewise, and the question you asked, didn't pay attention to the other code.

Indeed, the pattern method survives through patches, where raw offsets don't. However, the ranged between the first object -> next object will remain the same, so as long as you're able to find the CurMgr, beit with raw offsets or with a pattern finding method, you'll be fine.