[WoW][5.0.4.16016] x86 Info Dump Thread

[TOM_RUS]

ObjectMgrClient memory struct:

Code:

struct TSList // sizeof(0xC)
{
  DWORD Next; // 0x0
  DWORD Unk1; // 0x4
  DWORD First; // 0x8
};

struct TSHashTable // sizeof(0x2C)
{
  DWORD vTable;
  TSList List;
  DWORD unk1;
  DWORD unk2;
  DWORD count; // some count
  DWORD unk4;
  DWORD unk5;
  DWORD unk6;
  DWORD unk7;
};

struct CurMgr // sizeof(0xE8)
{
  /* 0x00 */ TSHashTable Objects;
  /* 0x2C */ TSHashTable FreedObjects;
  /* 0x58 */ TSList Lists[10]; // Lists[9] seems to have same objects stored as in Objects hashtable...
  /* 0xD0 */ QWORD ActivePlayer;
  /* 0xD8 */ DWORD PlayerType;
  /* 0xDC */ DWORD MapId;
  /* 0xE0 */ DWORD ClientConnection; // pointer
  /* 0xE4 */ DWORD MovementGlobals; // pointer
};

CurMgr *__thiscall ObjectMgrClient::Init(CurMgr *this, int a2)
{
  CurMgr *_this; // esi@1

  _this = this;
  TSHashTable::ctor(&this->Objects);
  TSHashTable::ctor(&_this->FreedObjects);
  _this->Lists[0].First = 0;
  _this->Lists[0].Unk1 = &_this->Lists[0].Unk1;
  _this->Lists[0].First = &_this->Lists[0].Unk1 | 1;
  _this->Lists[0].Next = 0x38u;
  _this->Lists[1].First = 0;
  _this->Lists[1].Next = 0x38u;
  _this->Lists[1].Unk1 = &_this->Lists[1].Unk1;
  _this->Lists[1].First = &_this->Lists[1].Unk1 | 1;
  _this->Lists[2].First = 0;
  _this->Lists[2].Next = 0x38u;
  _this->Lists[2].Unk1 = &_this->Lists[2].Unk1;
  _this->Lists[2].First = &_this->Lists[2].Unk1 | 1;
  _this->Lists[3].First = 0;
  _this->Lists[3].Next = 0x38u;
  _this->Lists[3].Unk1 = &_this->Lists[3].Unk1;
  _this->Lists[3].First = &_this->Lists[3].Unk1 | 1;
  _this->Lists[4].First = 0;
  _this->Lists[4].Next = 0x38u;
  _this->Lists[4].Unk1 = &_this->Lists[4].Unk1;
  _this->Lists[4].First = &_this->Lists[4].Unk1 | 1;
  _this->Lists[5].First = 0;
  _this->Lists[5].Next = 0x38u;
  _this->Lists[5].Unk1 = &_this->Lists[5].Unk1;
  _this->Lists[5].First = &_this->Lists[5].Unk1 | 1;
  _this->Lists[6].First = 0;
  _this->Lists[6].Next = 0x38u;
  _this->Lists[6].Unk1 = &_this->Lists[6].Unk1;
  _this->Lists[6].First = &_this->Lists[6].Unk1 | 1;
  _this->Lists[7].First = 0;
  _this->Lists[7].Unk1 = &_this->Lists[7].Unk1;
  _this->Lists[7].Next = 0x38u;
  _this->Lists[7].First = &_this->Lists[7].Unk1 | 1;
  _this->Lists[8].First = 0;
  _this->Lists[8].Unk1 = &_this->Lists[8].Unk1;
  _this->Lists[8].Next = 0x38u;
  _this->Lists[8].First = &_this->Lists[8].Unk1 | 1;
  _this->Lists[9].First = 0;
  _this->Lists[9].Unk1 = &_this->Lists[9].Unk1;
  _this->Lists[9].Next = 0x38u;
  _this->Lists[9].First = &_this->Lists[9].Unk1 | 1;
  _this->PlayerType = a2;
  _this->ActivePlayer = 0;
  _this->MapId = -1;
  _this->ClientConnection = 0;
  _this->MovementGlobals = 0;
  return _this;
}

TSHashTable *__thiscall TSHashTable::ctor(TSHashTable *this)
{
  TSHashTable *_this; // esi@1
  char *v2; // edi@1
  unsigned int v3; // ecx@1
  unsigned int v5; // [sp+Ch] [bp-4h]@1

  _this = this;
  this->vTable = &off_D2C1FC;
  this->List.First = 0;
  v2 = &this->List.Unk1;
  this->List.Next = 0xDDDDDDDDu;
  *v2 = v2;
  v3 = &this->List.Unk1 | 1;
  _this->List.First = v3;
  _this->unk2 = 0;
  _this->count = 0;
  _this->unk4 = 0;
  _this->unk5 = 0;
  _this->unk1 = 0;
  v5 = v3;
  if ( _this->List.Next != 0x24 )
  {
    sub_4AFC50(&_this->List);
    _this->List.Next = 0x24u;
    *v2 = v2;
    _this->List.First = v5;
  }
  _this->unk6 = -1;
  _this->unk7 = 0x2000u;
  return _this;
}

[eracer]

Code:

        /// <summary>
        ///   5.0.4.16016
        /// </summary>
        public enum IsOutOfBounds
        {
            // Reversed from Script_IsOutOfBounds
            // if ( ObjectPointer && (*(*(ObjectPointer + 0x1330) + 8) >> 0xEu) & 1 )
            Offset1 = 0x1330,
            Offset2 = 0x8,
            Shift = 0xE,
        }

        /// <summary>
        ///   5.0.4.16016
        /// </summary>
        internal enum IsFlying
        {
            // Reversed from Script_IsFlying
            // if ( &unk_1000000 & *(*(ObjectPointer + 0xE4) + 0x38) )
            Offset = 0x38,
            Mask = 0x1000000,
            IsFlyingCapable_Mask = 0x800000, // not sure about this one
        }

        /// <summary>
        ///   5.0.4.16016
        /// </summary>
        public enum IsFalling
        {
            // Reversed from Script_IsFalling
            // if ( ObjectPointer && (v6 = *(*(ObjectPointer + 0xE4) + 0x38), v6 & 0x800) && !(v6 & 0x400) ) return true;
            Offset = 0x38,
            Mask1 = 0x800,
            Mask2 = 0x400
        }

        /// <summary>
        ///   5.0.4.16016
        /// </summary>
        public enum IsSwimming
        {
            // Reversed from Script_IsSwimming
            // if ( ObjectPointer && *(*(ObjectPointer + 0xE4) + 0x38) & 0x100000 ) return true;
            Offset = 0x38,
            Mask = 0x100000,
        }

        /// <summary>
        ///   5.0.4.16016
        /// </summary>
        public enum IsMounted
        {
            // Reversed from Script_IsMounted
            //if ( !ObjectPointer || *(ObjectPointer + 0xB70) <= 0 || *(ObjectPointer + 0xBC0) & 0x200000 ) return false;
            Offset1 = 0xB70,
            Offset2 = 0xBC0,
            Mask = 0x200000,
        }

        /// <summary>
        ///   5.0.4.16016
        /// </summary>
        public enum IsSubmerged
        {
            // if ( ObjectPointer && *(ObjectPointer + 0xBC0) & 0x20000 ) return true;
            Offset = 0xBC0,
            Mask = 0x20000,
        }

        /// <summary>
        ///   5.0.4.16016
        /// </summary>
        public enum InCombat
        {
            // Reversed from Script_UnitAffectingCombat
            Offset1 = 0xDC,
            Offset2 = 0xBC,
            Mask = 0x13,
        }

[jeremie_bs]

Code:

        /// <summary>
        ///   5.0.4.16016
        /// </summary>
        public enum IsOutOfBounds
        {
            // Reversed from Script_IsOutOfBounds
            // if ( ObjectPointer && (*(*(ObjectPointer + 0x1330) + 8) >> 0xEu) & 1 )
            Offset1 = 0x1330,
            Offset2 = 0x8,
            Shift = 0xE,
        }

        /// <summary>
        ///   5.0.4.16016
        /// </summary>
        internal enum IsFlying
        {
            // Reversed from Script_IsFlying
            // if ( &unk_1000000 & *(*(ObjectPointer + 0xE4) + 0x38) )
            Offset = 0x38,
            Mask = 0x1000000,
            IsFlyingCapable_Mask = 0x800000, // not sure about this one
        }

        /// <summary>
        ///   5.0.4.16016
        /// </summary>
        public enum IsFalling
        {
            // Reversed from Script_IsFalling
            // if ( ObjectPointer && (v6 = *(*(ObjectPointer + 0xE4) + 0x38), v6 & 0x800) && !(v6 & 0x400) ) return true;
            Offset = 0x38,
            Mask1 = 0x800,
            Mask2 = 0x400
        }

        /// <summary>
        ///   5.0.4.16016
        /// </summary>
        public enum IsSwimming
        {
            // Reversed from Script_IsSwimming
            // if ( ObjectPointer && *(*(ObjectPointer + 0xE4) + 0x38) & 0x100000 ) return true;
            Offset = 0x38,
            Mask = 0x100000,
        }

        /// <summary>
        ///   5.0.4.16016
        /// </summary>
        public enum IsMounted
        {
            // Reversed from Script_IsMounted
            //if ( !ObjectPointer || *(ObjectPointer + 0xB70) <= 0 || *(ObjectPointer + 0xBC0) & 0x200000 ) return false;
            Offset1 = 0xB70,
            Offset2 = 0xBC0,
            Mask = 0x200000,
        }

        /// <summary>
        ///   5.0.4.16016
        /// </summary>
        public enum IsSubmerged
        {
            // if ( ObjectPointer && *(ObjectPointer + 0xBC0) & 0x20000 ) return true;
            Offset = 0xBC0,
            Mask = 0x20000,
        }

        /// <summary>
        ///   5.0.4.16016
        /// </summary>
        public enum InCombat
        {
            // Reversed from Script_UnitAffectingCombat
            Offset1 = 0xDC,
            Offset2 = 0xBC,
            Mask = 0x13,
        }

That's good work thanks!

[guizmows]

did someone find where spell overriden by talents are stored?

My aim is to be able in my bot to check if my toon has a "learned" that spell or not.

CastSpellByName somehow manage to cast correct overriden spell but I didn't find where it get correct spell ID from.
If someone can point me in right direction I would be thankful.

[Robske]

did someone find where spell overriden by talents are stored?

My aim is to be able in my bot to check if my toon has a "learned" that spell or not.

CastSpellByName somehow manage to cast correct overriden spell but I didn't find where it get correct spell ID from.
If someone can point me in right direction I would be thankful.

Most talents are auras on the player.

As for the spell ids, it depends on the ability. Some may use an existing spell id (assassination rogues have 'sinister strike' replaced by 'dispatch' but both use the same spell id) and some might use a new spell id all together.

[guizmows]

Most talents are auras on the player.

how I didn't check that.

BTW my SpellBook shows correct spell inside (IE : Fist of Justice instead of Hammr of Justice) that must means it stored somewhere. I'll look closer to SpellBook

[counted]

Looks like PlayerName offset changed from 0x20 to 0x21

Code:

 
                ulong mask = TC.Pmr.Read<uint>(Offsets.PlayerNameStorePtr + 0x8 + 0x24);

                ulong nameBase = TC.Pmr.Read<uint>(Offsets.PlayerNameStorePtr + 0x8 + 0x1c);

                ulong shortGuid = WowGuid & 0x00000000ffffffff;

                ulong offset = 12 * (mask & shortGuid);

                ulong current = TC.Pmr.Read<uint>((uint)(nameBase + offset + 8));

                offset = TC.Pmr.Read<uint>((uint)(nameBase + offset)); 

                if ((current & 0x1) == 0x1) return m_name;

                ulong testGuid = TC.Pmr.Read<uint>((uint)current);

                while (testGuid != shortGuid)
                {
                    current = TC.Pmr.Read<uint>((uint)(current + offset + 4));

                    if ((current & 0x1) == 0x1) break;

                    testGuid = TC.Pmr.Read<uint>((uint)current);
                }

                m_name = TC.Pmr.Read<string>((uint)(current + 0x21));

                return m_name;

[counted]

Juju's and TOM_RUS's NextObjectOffset are 0xC4 while mine is at 0x3C. I tried with 0xC4 and my bot wasn't working at all. Setting it at 0x3C it worked just fine... Any explanation?

if you read currentMgr + 0xc4 it has a static size in it of 0x38.

if you look at the enumvisibleobject code it reads currentMgr + 0xc4 and adds 4 to it = 0x3c

then it adds it to current object to get the next object.

-counted

[doityourself]

I want to disagree with these WoWContainerFields.



I'm seeing this:

Code:

enum WoWContainerField : DWORD
{
	CONTAINER_FIELD_SLOTS                            = ITEM_END + 0x0,
	CONTAINER_FIELD_NUM_SLOTS                        = ITEM_END + 0x48,
	CONTAINER_END                                    = ITEM_END + 0x49
};

nope, is:

Code:

    public enum ContainerFields
    {
        NumSlots                          = ItemFields.End + 0x0,
        Slots                             = ItemFields.End + 0x1,
        End                               = ItemFields.End + 0x49
    };

[doityourself]

GAMEOBJECT_FIELD_PERCENT_HEALTH is a wrong name. It's still GAMEOBJECT_BYTES_1 at least for the GOType value contained in this bytes and not related to any health as far as I know.

Neo2003

Wow client use this names:

Code:

    public enum GameObjectFields
    {
        CreatedBy                         = ObjectFields.End + 0x0,
        DisplayID                         = ObjectFields.End + 0x2,
        Flags                             = ObjectFields.End + 0x3,
        ParentRotation                    = ObjectFields.End + 0x4,
        AnimProgress                      = ObjectFields.End + 0x8,
        FactionTemplate                   = ObjectFields.End + 0x9,
        Level                             = ObjectFields.End + 0xA,
        PercentHealth                     = ObjectFields.End + 0xB,
        End                               = ObjectFields.End + 0xC
    };

[Apoc]

PHP Code:

struct SpellMiscRec
{
  int Id;
  int SpellId;
  int int8;
  int intC;
  int int10;
  int int14;
  int int18;
  int int1C_Flags;
  int int20;
  int int24;
  int int28;
  int int2C;
  int int30;
  int int34;
  int int38;
  int SpellCastTimesId;
  int SpellDurationId;
  int SpellRangeId;
  float float48_TimeOrSpeedRelated;
  int SpellVisualId;
  int SpellVisualId_OverrideMaybe;
  int SpellIconId;
  int int58;
  int int5C_Flags;
}; 


I'm stuck on Spell.dbc
here is what I've found so far

PHP Code:

[StructLayout(LayoutKind.Sequential)]
    internal struct SpellRec //not correct yet
    {
        public int m_Id;
        public uint s_spellName; // Localized Name
        public uint s_type; 
        public uint s_description;
        public uint s_effectDescription;
        public uint m_SpellRuneCostId; 
        public uint m_unk1;
        public uint m_unk2;
        public float m_unk3;
        public uint m_SpellScalingId;
        public uint m_SpellAuraOptionsId;
        public uint m_SpellAuraRestrictionsId;
        public int m_SpellCastingRequirementsId;
        public int m_SpellCategoriesId;
        public int m_SpellClassOptionsId;
        public int m_SpellCooldownsID;        //confirmed
        public int m_SpellEquippedItemsId;
        public uint m_SpellInterruptsId;
        public uint m_SpellLevelId;            //confirmed
        public int m_SpellReagentsId;
        public int m_SpellShapeshiftId;
        public uint s_name2;                // don't realy know but it's a text                 
        public uint s_nameSubtext; 
        public uint s_unk; //             Description
        public uint s_auraDescription;   //text
    } ; 


Fill free to correct me

Appoc : this looks a bit different from what you've found.

Code:

struct SpellRec
{
  int Id;
  char *Name;
  char *NameSubText;
  char *Description;
  char *AuraDescription;
  DWORD RuneCostId;
  DWORD SpellMissileId;
  DWORD SpellDescriptionVariableId;
  float float20;
  DWORD SpellScalingId;
  DWORD SpellAuraOptionsId;
  DWORD SpellAuraRestrictionsId;
  DWORD SpellCastingRequirementsId;
  DWORD SpellCategoriesId;
  DWORD SpellClassOptionsId;
  DWORD SpellCooldownsId;
  DWORD SpellEquippedItemsId;
  DWORD SpellInterruptsId;
  DWORD SpellLevelId;
  DWORD SpellReagentsId;
  DWORD SpellShapeshiftId;
  DWORD SpellTargetRestrictionsId;
  DWORD SpellTotemsId;
  DWORD ResearchProjectId;
  DWORD SpellMiscId;
};
#pragma pack(push, 1)
struct SpellMiscRec
{
  DWORD Id;
  DWORD SpellId;
  DWORD dword8;
  DWORD dwordC;
  DWORD dword10;
  DWORD dword14;
  DWORD dword18;
  DWORD dword1C_Flags;
  DWORD dword20;
  DWORD dword24;
  DWORD dword28;
  DWORD dword2C;
  DWORD dword30;
  DWORD dword34;
  DWORD dword38;
  DWORD SpellCastTimesId;
  DWORD SpellDurationId;
  DWORD SpellRangeId;
  float Speed;
  DWORD SpellVisualId[2];
  DWORD SpellIconId;
  DWORD dword58;
  DWORD SpellSchoolMask;
};
#pragma pack(pop)

These are the struucts I have so far. I'm fairly positive SpellMisc is just the first set of values on the old Spell.dbc. The bits that are missing are these:

Code:

  SPELL_FLAGS SpellFlags;
  DWORD dword8_PlayerFlags;
  DWORD dwordC_Flags;
  SPELL_DISPLAY_FLAGS DisplayFlags;
  DWORD dword14_Flags;
  DWORD dword18_Flag;
  DWORD dword1C_Flags;
  DWORD dword20_Flags;
  DWORD dword24_Flag;
  DWORD dword28;
  DWORD CastingTimeIndex;
  DWORD SpellDurationId;
  float Speed;
  DWORD PowerType;
  DWORD SpellRangeId;
  DWORD SpellVisualId;
  DWORD SpellVisualId2;
  DWORD SpellIconId;
  DWORD ActiveSpellIconId;

You'll notice the fields that match up with SpellMisc.

[-Ryuk-]

Warden dump:

(I know one was already provided by Jadd)

There are 47 scanned address. The scans are correct as of 07/09/12.

Code:

--------------------------------
Offset: 0x580615
Length: 5
Bytes: 119 52 255 36 133 


--------------------------------
Offset: 0x56C964
Length: 4
Bytes: 120 71 5 192 


--------------------------------
Offset: 0xA725BC
Length: 6
Bytes: 4 0 0 0 44 252 


--------------------------------
Offset: 0x714E61
Length: 4
Bytes: 117 11 95 94 


--------------------------------
Offset: 0x8B9E53
Length: C
Bytes: 129 102 56 255 255 159 255 139 78 60 139 70 


--------------------------------
Offset: 0x7631E9
Length: 5
Bytes: 246 195 15 116 33 


--------------------------------
Offset: 0x8B96C0
Length: 7
Bytes: 169 0 0 0 16 116 7 


--------------------------------
Offset: 0x76319E
Length: 8
Bytes: 247 195 240 0 3 0 116 29 


--------------------------------
Offset: 0x3F9270
Length: 9
Bytes: 85 139 236 131 236 24 86 139 241 


--------------------------------
Offset: 0x598E94
Length: 5
Bytes: 116 19 131 248 16 


--------------------------------
Offset: 0x598EA7
Length: 9
Bytes: 117 10 139 77 16 199 65 4 0 


--------------------------------
Offset: 0x4EE60A
Length: 7
Bytes: 116 36 169 0 0 16 0 


--------------------------------
Offset: 0x59C0D0
Length: C
Bytes: 85 139 236 129 236 32 14 0 0 106 10 232 


--------------------------------
Offset: 0x4A84CB
Length: 4
Bytes: 133 219 116 31 


--------------------------------
Offset: 0x423260
Length: 9
Bytes: 85 139 236 139 69 12 131 236 8 


--------------------------------
Offset: 0x573F51
Length: 6
Bytes: 139 236 131 61 232 252 


--------------------------------
Offset: 0x6EB778
Length: 5
Bytes: 116 42 246 64 52 


--------------------------------
Offset: 0x8B9700
Length: 5
Bytes: 117 62 246 70 60 


--------------------------------
Offset: 0x8B5BEF
Length: 9
Bytes: 247 65 56 0 0 16 1 116 101 


--------------------------------
Offset: 0xA0B3B0
Length: 8
Bytes: 216 147 254 192 72 140 17 193 


--------------------------------
Offset: 0x7631EC
Length: 5
Bytes: 116 33 139 77 24 


--------------------------------
Offset: 0x76316E
Length: 8
Bytes: 247 195 0 0 240 0 116 40 


--------------------------------
Offset: 0x7631CE
Length: 8
Bytes: 247 195 0 1 0 0 116 19 


--------------------------------
Offset: 0x8C1330
Length: 9
Bytes: 85 139 236 81 83 86 139 117 8 


--------------------------------
Offset: 0x755BD
Length: 5
Bytes: 139 77 16 137 13 


--------------------------------
Offset: 0x796C90
Length: 9
Bytes: 85 139 236 139 69 12 139 77 8 


--------------------------------
Offset: 0x447950
Length: A
Bytes: 85 139 236 129 236 184 0 0 0 139 


--------------------------------
Offset: 0x4F26F3
Length: B
Bytes: 1 126 116 139 206 232 67 166 255 255 139 


--------------------------------
Offset: 0x8B5BF6
Length: 5
Bytes: 116 101 217 65 80 


--------------------------------
Offset: 0x7631D4
Length: 5
Bytes: 116 19 139 77 24 


--------------------------------
Offset: 0x573F62
Length: 7
Bytes: 116 101 131 249 28 119 96 


--------------------------------
Offset: 0x714E89
Length: D
Bytes: 15 133 78 2 0 0 141 85 220 82 141 69 204 


--------------------------------
Offset: 0x933DB0
Length: 8
Bytes: 47 84 154 65 67 77 105 115 


--------------------------------
Offset: 0x4EEDA9
Length: 9
Bytes: 247 65 56 0 2 0 32 117 52 


--------------------------------
Offset: 0x3FAE30
Length: 9
Bytes: 85 139 236 131 236 16 83 86 139 


--------------------------------
Offset: 0x5989F0
Length: C
Bytes: 85 139 236 184 160 66 0 0 232 131 6 32 


--------------------------------
Offset: 0x7060A
Length: 7
Bytes: 131 196 8 133 192 116 239 


--------------------------------
Offset: 0x7631A4
Length: 5
Bytes: 116 29 139 77 24 


--------------------------------
Offset: 0x763174
Length: 5
Bytes: 116 40 139 77 24 


--------------------------------
Offset: 0x4EE605
Length: 7
Bytes: 169 0 0 0 4 116 36 


--------------------------------
Offset: 0x937B7C
Length: 4
Bytes: 187 141 36 63 


--------------------------------
Offset: 0x52C243
Length: 4
Bytes: 126 11 139 206 


--------------------------------
Offset: 0x6FCF4
Length: 7
Bytes: 232 231 73 31 0 139 13 


--------------------------------
Offset: 0x448CB2
Length: 7
Bytes: 232 249 13 210 255 139 240 


--------------------------------
Offset: 0x4A84CD
Length: 4
Bytes: 116 31 139 6 


--------------------------------
Offset: 0x4EB371
Length: 7
Bytes: 15 47 68 8 8 114 6 


--------------------------------
Offset: 0x487910
Length: A
Bytes: 139 129 8 8 0 0 37 0 0 128

[eracer]

This is not complete but maybe it could help someone

Edit: cleaned up and almost complete, just one Unknown "Unk4".

Code:

    [StructLayout(LayoutKind.Sequential)]
    struct MapRec
    {
        public uint m_ID;                           // 0
        public IntPtr _m_Directory;                 // 1
        public InstanceType m_InstanceType;         // 2  //0: none, 1: party, 2: raid, 3: pvp, 4: arena, >=5: none (official from "IsInInstance()")
        public MapFlags m_Flags;                    // 3
        public uint m_Unk4;                         // 4  Unknown, values seem to be only 1,2 or 3
        public IntPtr _m_MapName_lang;              // 5
        public uint m_areaTableID;                  // 6
        public IntPtr _m_MapDescription0_lang;      // 7
        public IntPtr _m_MapDescription1_lang;      // 8
        public uint m_LoadingScreenID;              // 9
        public float m_minimapIconScale;            // 10
        public uint m_corpseMapID;                  // 11
        public float m_corpseX;                     // 12
        public float m_corpseY;                     // 13
        public uint m_timeOfDayOverride;            // 14
        public expansionID m_expansionID;           // 15 (Vanilla: 0, BC: 1, WotLK: 2, Cata: 3, MOP: 4)
        public uint m_raidOffset;                   // 16
        public uint m_maxPlayers;                   // 17
        public uint m_parentMapID;                  // 18
        // read area name using our static memory reading helper class
        public string m_Directory { get { return Memory.Read<string>(_m_Directory); } }
        public string m_MapName_lang { get { return Memory.Read<string>(_m_MapName_lang); } }
        public string m_MapDescription0_lang { get { return Memory.Read<string>(_m_MapDescription0_lang); } }
        public string m_MapDescription1_lang { get { return Memory.Read<string>(_m_MapDescription1_lang); } }
    };

[TOM_RUS]

This is not complete but maybe it could help someone

Code:

    [StructLayout(LayoutKind.Sequential)]
    struct MapRec
    {
        public uint Id;                                         // 0
        public IntPtr _InternalName;                            // 1
        public uint AreaType;                                   // 2  (0: none, 1: party, 2: raid, 3: pvp, 4: arena, >=5: none (official from "IsInInstance()")
        public IntPtr _UnkPtr1;                                 // 3 // Flags?
        public uint Unk1;                                       // 4  values seem to be only 1,2 or 3
        public IntPtr _Name;                                    // 5
        public uint AreaTableID;                                // 6
        public IntPtr _UnkPtr2;                                 // 7  // MapDescriptionA?
        public IntPtr _UnkPtr3;                                 // 8  // MapDescriptionH?
        public uint UnkFloat1;                                  // 9  // LoadingScreen?
        public float UnkFloat2;                                 // 10 // BGMapIconScale?
        public uint Unk2;                                       // 11 // GhostEntranceMap?
        public float GhostEntranceX;                            // 12
        public float GhostEntranceY;                            // 13
        public uint Unk3;                                       // 14 // ResetTimeRaid or TimeOfDayOverride?
        public uint ExpansionID;                                // 15 (Vanilla: 0, BC: 1, WotLK: 2)
        public uint Unk4;                                       // 16 // RaidOffset?
        public uint MaxPlayers;                                 // 17
        public uint Unk5;                                       // 18
        // read area name using our static memory reading helper class
        public string Name { get { return Memory.Read<string>((IntPtr)_Name); } }
        public string InternalName { get { return Memory.Read<string>((IntPtr)_InternalName); } }
    };

Code:

struct MapRec // sizeof(0x4С)
{
    DWORD m_ID; // +0x0, size 0x4, type 0
    char* m_Directory; // +0x4, size 0x4, type 2
    DWORD m_InstanceType; // +0x8, size 0x4, type 0
    DWORD m_Flags; // +0xC, size 0x4, type 0
    DWORD m_Unk4; // +0x10, size 0x4, type 0
    char* m_MapName_lang; // +0x14, size 0x4, type 2
    DWORD m_areaTableID; // +0x18, size 0x4, type 0
    char* m_MapDescription0_lang; // +0x1С, size 0x4, type 2
    char* m_MapDescription1_lang; // +0x20, size 0x4, type 2
    DWORD m_LoadingScreenID; // +0x24, size 0x4, type 0
    float m_minimapIconScale; // +0x28, size 0x4, type 3
    DWORD m_corpseMapID; // +0x2С, size 0x4, type 0
    float m_corpseX; // +0x30, size 0x4, type 3
    float m_corpseY; // +0x34, size 0x4, type 3
    DWORD m_timeOfDayOverride; // +0x38, size 0x4, type 0
    DWORD m_expansionID; // +0x3С, size 0x4, type 0
    DWORD m_raidOffset; // +0x40, size 0x4, type 0
    DWORD m_maxPlayers; // +0x44, size 0x4, type 0
    DWORD m_parentMapID; // +0x48, size 0x4, type 0
};

enum InstanceType
{
    None = 0, // none
    Dungeon = 1, // party
    Raid = 2, // raid
    Battleground = 3, // pvp
    Arena = 4, // arena
    Scenario = 5 // scenario
}

enum MapFlags
{
    DevMap = 0x2,
    CanToggleDifficulty = 0x100,
    // 0x4000 this is only used for Throne of The Tides map atm
    IsFlexLocking = 0x8000,
    PhaseMap = 0x20000, // some phased maps have this
    PaidRaceChangeDisabled = 0x40000, // used for goblin, worgen and panda starting areas
    // 0x80000 used for map "Ancient Zul'Gurub" only
    // 0x200000 Firelands/Molten Front
    // 0x400000 The Ring of Valor arena
    // 0x800000 mostly pandaria maps flagged with this
    // 0x1000000 continents (except Pandaria)
}

[FinnX]

DWORD PlayerBasePointer = 0x00A6D420;//Ready
DWORD PlayerBaseOffset1 = 0x48;//Ready
DWORD PlayerBaseOffset2 = 0x24;//Ready

Just informing that your playerbase will bug if you're going as druid into flight stance

//edit
It also bugs if u just swap into cat / bear stance