Pointing to each Object from Object Manager Loop

[ShoniShilent]

let me preface this by stating the i haven't messed with my wow bot since 4.x.x. i need to update it to 5.0.5 now that panda is nearing launch.

i have the basic OOM object manager loop going at this point. Basically by using ClntObjMgrEnumVisibleObjects function we see that the Object Manager Base is wow.exe + $BE202C. So with and example of my wow.exe base being $D60000, the Object Manager Base is at $194202C as seen here:





And points to $C817E10 as the first object seen here:




And we see our loop offset at $CC points to $2680028.

My question(s) are:

1) from the Object Manager loop, how do we in 5.0.5 point to each object itself (in other words, from the loop how do we point to the base for each specific object which we then get the offsets to the object's health, or whatever).

In 4.x.x, we determine the object 'type' as an offset of the Object Base in the loop. Before I think it was Object Base + $14 (value 3,4 as player or mobs and value 5 as objects etc.). And now for 5.0.5 it's Object Base +$10 I am reading? But how do we point to the ACTUAL BASE of the object itself, where you have the X, Y, Z as offsets and health and etc.

For instance, let's say there is a Deer and Turtle in front of you. For the sake of brevity, lets say those are the ONLY two objects around you. From the Base at $C817E10 as described above, what is the chain of offsets pointing to the DEER's XYZ, for instance? (like [$C817E10+$CC]+xx]+xx]+xx is the X or whatever...

2) and to parse the Object Manager Loop we simply take Base + $CC to get the next object and parse that way, correct?

I haven't been on in 6+ months so I apologize for my having to catch up.

any help is appreciated.

[J0llyGr33n]

Its close to 1am here and I'm beat so sorry if I miss understood your question.

Code:

enum eObjectManager : DWORD
{
	eObjectManager = 0xDC9598,
	eManagerOffset = 0x462C,
	eLocalGUIDOffset = 0xD0,
	eFirstObjectOffset = 0xCC,
	eNextObjectOffset = 0x3C,
	eDescriptorFieldOffset = 0x8,
	eObjectTypeOffset = 0x10, // might be descriptors + 0x10
	ePlayerName = 0xDC95D8
};

//Get an objects base, based off of shynds old stuff. its how I learned so here it is
//Easily use it to get every object currently in the manager

Code:

DWORD WoWObject::dwGetObjectBase(UINT64 GUID)
{// assumes descriptor fields were already set!
	DWORD cObj, nObj;
	cObj = pObjectManager->ReadDWORD(pObjectManager->returnSCurMgr() + eFirstObjectOffset);
	while(cObj != 0 && (cObj & 1) == 0)
	{
		DWORD descriptorField = pObjectManager->ReadDWORD(cObj + eDescriptorFieldOffset);
		if(pObjectManager->ReadUINT64(descriptorField + eGUID) == GUID) { return cObj; }
		else {nObj = pObjectManager->ReadDWORD(cObj + eNextObjectOffset); }
		if(nObj == cObj) { return 1;}

		cObj = nObj;
	}

	return 0; //failed
}

//Get its type

Code:

int WoWObject::sGetType(DWORD ObjectBaseAddress)
{
	return pObjectManager->ReadInt32(ObjectBaseAddress + eObjectTypeOffset);
}

//Types, as far as I know still true

Code:

enum WowObjectType
{
    OBJECT = 0,
    ITEM = 1,
    CONTAINER = 2,
    UNIT = 3,
    PLAYER = 4,
    GAMEOBJECT = 5,
    DYNAMICOBJECT = 6,
    CORPSE = 7,
    AREATRIGGER = 8,
    SCENEOBJECT = 9,
    NUM_CLIENT_OBJECT_TYPES = 0xA
};

if I missed anything let me know.

[Shadowhunter12]

Its close to 1am here and I'm beat so sorry if I miss understood your question.

Code:

enum eObjectManager : DWORD
{
	eObjectManager = 0xDC9598,
	eManagerOffset = 0x462C,
	eLocalGUIDOffset = 0xD0,
	eFirstObjectOffset = 0xCC,
	eNextObjectOffset = 0x3C,
	eDescriptorFieldOffset = 0x8,
	eObjectTypeOffset = 0x10, // might be descriptors + 0x10
	ePlayerName = 0xDC95D8
};

//Get an objects base, based off of shynds old stuff. its how I learned so here it is
//Easily use it to get every object currently in the manager

Code:

DWORD WoWObject::dwGetObjectBase(UINT64 GUID)
{// assumes descriptor fields were already set!
	DWORD cObj, nObj;
	cObj = pObjectManager->ReadDWORD(pObjectManager->returnSCurMgr() + eFirstObjectOffset);
	while(cObj != 0 && (cObj & 1) == 0)
	{
		DWORD descriptorField = pObjectManager->ReadDWORD(cObj + eDescriptorFieldOffset);
		if(pObjectManager->ReadUINT64(descriptorField + eGUID) == GUID) { return cObj; }
		else {nObj = pObjectManager->ReadDWORD(cObj + eNextObjectOffset); }
		if(nObj == cObj) { return 1;}

		cObj = nObj;
	}

	return 0; //failed
}

//Get its type

Code:

int WoWObject::sGetType(DWORD ObjectBaseAddress)
{
	return pObjectManager->ReadInt32(ObjectBaseAddress + eObjectTypeOffset);
}

//Types, as far as I know still true

Code:

enum WowObjectType
{
    OBJECT = 0,
    ITEM = 1,
    CONTAINER = 2,
    UNIT = 3,
    PLAYER = 4,
    GAMEOBJECT = 5,
    DYNAMICOBJECT = 6,
    CORPSE = 7,
    AREATRIGGER = 8,
    SCENEOBJECT = 9,
    NUM_CLIENT_OBJECT_TYPES = 0xA
};

if I missed anything let me know.

Isn't there a cleaner way to get an object's BaseAddress given the GUID? I remember back in 4.3 (or shortly around there), there was a function you could call, if in process that would return the pointer when passed the GUID. You would use this function in your EnumVisibleObjects callback.

Does anyone know if this still exists in 5.0.5?

Code:

        /// Returns a pointer to an object based on GUID, IntPtr.Zero if no object exists.
        /// </summary>
        /// <param name="guid">The GUID of the object.</param>
        /// <param name="filter">A filter for the object type.</param>
        /// <returns>An pointer to the actual object.</returns>
        /// <remarks>
        /// This function works from the object descriptor GUID (OBJECT_FIELD_GUID).
        /// Not the typical obj+0x32 GUID.
        /// </remarks>
        [UnmanagedFunctionPointer(CallingConvention.Cdecl)]
        internal delegate IntPtr GetObjectByGuidDelegate(ulong guid, int filter);

WoWFunction_GetObjectByGuid = Memory.CreateFunction<GetObjectByGuidDelegate>(new IntPtr((uint)Offsets.Functions.GetObjectByGuid));

        /// <summary>
        /// Callback function to EnumVisibleObjects. For each visible object on the screen this function will be called.
        /// </summary>
        /// <param name="guid">GUID of the visible object.</param>
        /// <param name="filter"></param>
        /// <returns>Return 1 to keep enumerating, 0 to stop.</returns>
        private static int EnumVisibleObjectsCallBack(ulong guid, uint filter)
        {
            var pointer = WoWFunction_GetObjectByGuid(guid, -1);

            if (pointer == IntPtr.Zero)
                return 1;

            AddManagedObject(guid, pointer);

            return 1; // Returning 1 tells the callback to keep enumerating.
        }

[beanso]

Not sure if that's still around, but why not just keep a map of guid -> baseaddress (or generic object) in your object manager?

[_Mike]

Isn't there a cleaner way to get an object's BaseAddress given the GUID? I remember back in 4.3 (or shortly around there), there was a function you could call, if in process that would return the pointer when passed the GUID. You would use this function in your EnumVisibleObjects callback.

ClntObjMgrObjectPtr