[2.4.3/General WoW] Help with Objectmanager

[gubluk]

Hello folks,

I've been a silent reader for a long time now, and recently I started programming a bot for myself just to learn something.
I only code it because I find that topic really interesting and I don't expect it to ever be perfect.

For now, I managed to implement stuff like a profile-generator/editor, custom settings, implemented GoTo's and GhostPaths and so on.

The only thing I simply seem unable to manage is to actually find mobs - I read through tons of information and noticed that I need the object manager for this.
While I am playing, or more like messing around, on an old private server (2.4.3), nearly all information about the object manager seem to be "too fresh".

Kynox and other great guys helped me with their dumps, making me able to find my own pointers for the ctm stuff - but I seem to dumb to handle the advanced stuff.
From my point of view, to address the object manager, I need to read through the g_clientConnection and add the currMgr offset - then I should reach its base.
My main problem is, there is no currMgr offset - I found stuff like createObjectManager but I don't know how to handle it.
I don't ask you to paste me some code, but it would be great to get pushed into the right direction.
The threads I used were 2.4.3 Offsets & Pointers and Release - 2.4.3 Addresses.

Any help or information is appreciated. I read through a few info threads but they mostly referred to offsets that I didn't find on my own or anywhere else.
And, by the way, I am doing this stuff in vb.net.

Regards

[Valediction]

You can check

http://www.ownedcore.com/forums/worl...-1-12-1-a.html (Open Souce Project for WoW 1.12.1)

It's for 1.12, which should solve the "too fresh" problem. There you should be able to follow the objmgr process with ease.

[gubluk]

Thanks allready for your link, this seems to be great. I am reading through the source right now.
Still, I stumbled over his/her access on the objectmanager:

Code:

ClientConnection = WowReader.ReadUInt((StaticClientConnection));
            FirstObject = WowReader.ReadUInt((ClientConnection + FirstObjectOffset));

While kynox's dump for 2.4.3 features addresses like

Code:

// Objects
#define createObjectManager 0x0046E0D0
#define ClntObjMgrGetActivePlr 0x00402F40
#define ClntObjMgrGetActivePlrGuid 0x00469DD0
#define ClntObjMgrObjectPtr 0x0046B610
#define ClntObjMgrEnumObjects 0x0046B3F0

I don't see any offsets for the first/next object in it. Do I miss something essential? Is my knowledge for now simply not enough to get it?
Or is there any documentation on how to handle kynox's offset dumper? I found many links to mmowned, but yeah, as you can guess none of them works

[Valediction]

I don't remember exactly how it's done in 2.4.3 ATM but I suggest you play with memory BPs in the static address and see what offset, if any, they're using. One way or the other you'll have to debug WoW/read some code if you plan to develop anything by yourself, dump threads are a help but won't typically be enough.

[=manzarek=]

PHP Code:

 uint currentManager_Pre = Wow.ReadUInt((uint)Offsets.General.ClientConnection);
            uint currentManager = Wow.ReadUInt(currentManager_Pre + (uint)Offsets.ObjectManager.ObjectManagerOffset);
            //or
            //uint currentManager = wow.ReadUInt((uint)wowBase + (uint)Offsets.ObjectManager.s_curMgr);
             uint nextObject = Wow.ReadUInt(currentManager + (uint)Offsets.ObjectManager.FirstObject);
            while ((nextObject != 0) && ((nextObject & 1) == 0))
            {
                WowObject wo = new WowObject();
                //uint desc = Wow.ReadUInt(nextObject + (uint)Offsets.ObjectManager.Descriptors);
                wo.GUID= Wow.ReadUInt64(nextObject + (uint)Offsets.ObjectManager.GUID);
                //wo.DisplayID = Wow.ReadUInt(desc + (uint)Offsets.Descriptor.displayID);
                wo.Type = Wow.ReadUInt(nextObject + (uint)Offsets.ObjectManager.Type);

...


 nextObject = Wow.ReadUInt(nextObject + (uint)Offsets.ObjectManager.NextObject); 


PHP Code:

        public enum ObjectManager
        {
            ObjectManagerOffset = 0x2218,
            LocalGuid = 0xC0,
            FirstObject = 0xAC,
            NextObject = 0x3C,
            GUID = 0x30,
            Type = 0x14,
            X = 0xBF0,
            Y = X + 0x4,
            Z = X + 0x8,
            R = X + 0xC,
            FieldOffset = 0x120,
        }; 


PHP Code:

        public enum WowObjectType
        {
            OBJECT = 0,
            ITEM = 1,
            CONTAINER = 2,
            UNIT = 3,
            PLAYER = 4,
            GAMEOBJECT = 5,
            DYNAMICOBJECT = 6,
            CORPSE = 7,
            AREATRIGGER = 8,
            SCENEOBJECT = 9,
            NUM_CLIENT_OBJECT_TYPES = 0xA
        }; 


PHP Code:

        public enum General
        {
            ClientConnection = 0x00D43318,
            PlayerBase = 0x00E29D28,
        }; 


[ZenLulz]

Another hint: a good starting point is also to understand how WoW handle in-game objects. There is a nice thread that summarize that here: http://www.ownedcore.com/forums/worl...e-objects.html ([Guide-kind of] How I handle objects.).

The given examples are maybe not designed for the version you are focusing, but the concept remains the same. With the info dump provided by =manzarek=, I'm sure you will be able to browse the object manager.

Happy reversing.

[danwins]

While kynox's dump for 2.4.3 features addresses like

Code:

// Objects
#define createObjectManager 0x0046E0D0
#define ClntObjMgrGetActivePlr 0x00402F40
#define ClntObjMgrGetActivePlrGuid 0x00469DD0
#define ClntObjMgrObjectPtr 0x0046B610
#define ClntObjMgrEnumObjects 0x0046B3F0

this is because these are functions related to the object manager, the first/next object offsets are usually reverse from these. (look through these functions in IDA)

[gubluk]

Wow guys, you simply are amazing.
Thank you very much for the links and the dumps, and also for the additional information!
I am very confident that I'll be able to work with this.
Thanks!

I'll post again if I managed it or failed

[gubluk]

Hello again,
I wanted to thank you again, I managed to loop through the OM and take out the values I needed - for testing purposes I created a tiny radar which works great - GUIDs, names, positions, ... aren't a problem at all.

I have two more questions,
first about the Unit_Field_Flags: As far as I understood it, they describe wether an object is hostile, friendly,... depending on the player - I read some stuff about the bitmasks but didn't really get it.

Second, after I noticed that it is way more easy to update and change stuff if you outclass specific functions I rewrote my base. I somehow managed to screw up my movement functions, meaning I am still able to trigger the CTM-Action ( setting

Code:

CTM_StateAddress = 0xD689BC

to 4), but my Values for the CTM X, Y and Z don't work anymore.
I remember I had a hard time finding them, being completely unable to get a CTM Base Pointer and after hours of searching finding static addresses for them.
Do I need to debug WoW for those or is there any hint where they hide?
I allready searched in the region near my CTM_State and near my normal player position. I only found odd addresses that didn't bring me ahead.

Regards

[=manzarek=]

maybe post your code and offsets for CTM

[gubluk]

My Offsets are the following:

Code:

Public Enum Movement
        CTM_StateAddress = &HD689BC
        CTM_ZAddress = &HD68A14 'Those 3 aren't the right ones :/
        CTM_YAddress = &HD68A1C
        CTM_XAddress = &HD68A20
    End Enum

To trigger my CTM, I use the following:

Code:

WriteProcessMemory(readHandle, Offsets.Movement.CTM_XAddress, xCoordinate, 4, 0)
WriteProcessMemory(readHandle, Offsets.Movement.CTM_YAddress, yCoordinate, 4, 0)
WriteProcessMemory(readHandle, Offsets.Movement.CTM_ZAddress, zCoordinate, 4, 0)

WriteProcessMemory(readHandle, Offsets.Movement.CTM_StateAddress, stateBuffer, 8, 0)

My stateBuffer is the right one, If I CTM anywhere and cancel it, then trigger my function --> My Character will walk to my last CTM-Click.
When I write those Values and then trigger it, my character will still walk towards the last CTM-Click --> The Addresses are wrong.

TBH, I don't know how I managed to find the right addresses, I allready spent another few hours clicking and walking around and searching through CE.

Regards

And btw: I wanted to give you guys, especially you manzarek, Rep, but I seem to be unable to do so for the moment. Will give you some coins instead.

[=manzarek=]

X = 0x00d68a18, //4bytes
Y = 0x00d68a1C, //4bytes
Z = 0x00d68a20, // 4bytes
Push = 0x00d689bc, //4bytes (you wrote 8 )
Guid = 0x00d689c0, //8 bytes
There is also an other adresse at 0x00d689ae but i dont know what is it (i called it mystery^^), it is different for each action,
for gathering its 0x4090
for moving its 0x3F00
For attacking it depend of the mob,.. maybe its the faction , i dont know if you have the answer tell me.
I found them with cheat engine

for the push

public enum CTMActions
{
FaceTarget = 1,
Stop = 3,
Walk = 4,
MoveAndInterractNPC = 5,
Loot = 6,
MoveAndInterractObject = 7,
FaceOther = 8,
Skin = 9,
Attack = 10,
WhenNothing = 13,
};

so this is just for moving

PHP Code:

public void Move(Point p)
        {
            Wow.WriteFloat((uint)Offsets.CTM.X, p.X);
            Wow.WriteFloat((uint)Offsets.CTM.Y, p.Y);
            Wow.WriteFloat((uint)Offsets.CTM.Z, p.Z);
            Wow.WriteInt64((uint)Offsets.CTM.Guid, (long)0); //you need this if you want to stop near an object
            Wow.WriteInt((uint)Offsets.CTM.Mystery, (int)Offsets.CTM.MysteryMove);
            Wow.WriteInt((uint)Offsets.CTM.Push, (int)Offsets.CTMActions.Walk);
        } 


if you have the answer for the mystery offset tell me plz