Weird Results from EnumVisibleObjects

[cenron]

I know this has probably been asked a millions times but, I couldn't find this specific problem.

So I am running EnumVisibleObjects, and it injects, runs, even calls my call back but the result it returns is kind of weird. I Get this.

Code:

[INF]:GUID: 2291002c - Filter: 4
[INF]:GUID: 2291002c - Filter: 4
[INF]:GUID: 2291002c - Filter: 4
[INF]:GUID: 2291002c - Filter: 4
[INF]:GUID: 2291002c - Filter: 4
[INF]:GUID: 2291002c - Filter: 4

So from everything I read, it says that this is suppose to return a guid....but it returns this. I look at the Callback function that is used in wow for this, and it looks like an object pointer gets passed as a parameter not a GUID.

Code:

mov     eax, s_objMgr
push    [ebp+arg_4]
mov     eax, [eax+0C4h] ; Next Object
mov     esi, [eax+ecx+4]
push    ecx
call    [ebp+arg_0]
pop     ecx
pop     ecx
test    eax, eax
jz      short loc_79C11B

This is a callback function that gets used in Wow, by EnumVisibleObjects

Code:

.text:007AE500 ; Attributes: bp-based frame
.text:007AE500
.text:007AE500 sub_7AE500      proc near               ; DATA XREF: sub_7B3F0B+46o
.text:007AE500                                         ; .text:00966E5Fo ...
.text:007AE500
.text:007AE500 arg_0           = dword ptr  8
.text:007AE500
.text:007AE500                 push    ebp
.text:007AE501                 mov     ebp, esp
.text:007AE503                 mov     ecx, [ebp+arg_0] <-- Is this a pointer?
.text:007AE506                 test    ecx, ecx
.text:007AE508                 jz      short loc_7AE51D
.text:007AE50A                 mov     eax, [ecx+4] <-- Or is it a GUID and its only getting 4 bytes?
.text:007AE50D                 movsx   eax, word ptr [eax+10h]
.text:007AE511                 shr     eax, 4
.text:007AE514                 test    al, 1
.text:007AE516                 jz      short loc_7AE51D
.text:007AE518                 call    sub_80D53F
.text:007AE51D
.text:007AE51D loc_7AE51D:                             ; CODE XREF: sub_7AE500+8j
.text:007AE51D                                         ; sub_7AE500+16j
.text:007AE51D                 xor     eax, eax
.text:007AE51F                 inc     eax
.text:007AE520                 pop     ebp
.text:007AE521                 retn
.text:007AE521 sub_7AE500      endp

I am totally lost cause I get no errors, but I dont get the results I expect.

Here is my implementation of the function.

Code:

int __cdecl Lists( __int64 guid, int filter ) {
	
	LOG_INF( "GUID: " << std::hex << guid << " - Filter: " << filter <<  std::endl );
	
	return 0;
}


typedef signed int ( __cdecl *pEnumVisibleObjects )( void *p, u_long a2);
pEnumVisibleObjects oEnumVisibleObjects = (pEnumVisibleObjects)((DWORD)gpXTC->GetOffsetMgr()->GetFullAddress(GOFF_ENUM_VISIBLE_OBJECT));

while( true ) {
    oEnumVisibleObjects( &Lists, 4 );
    Sleep( 2000 );
}

[Jadd]

You aren't using it like an enumerator (which is what it is, hence the name.) EnumVisibleObjects is called once to refresh the whole list. The return value of the callback function determines whether the enumeration should continue. You're returning 0 (false), which will end the enumeration.

Remove your while loop (it does the loop for you), and return true instead of 0 in your callback.

[cenron]

You aren't using it like an enumerator (which is what it is, hence the name.) EnumVisibleObjects is called once to refresh the whole list. The return value of the callback function determines whether the enumeration should continue. You're returning 0 (false), which will end the enumeration.

Remove your while loop (it does the loop for you), and return true instead of 0 in your callback.

Oh man how did I miss that, its right there in front of my face...

Code:

.text:0079C10D                 push    ecx
.text:0079C10E                 call    [ebp+arg_0]
.text:0079C111                 pop     ecx
.text:0079C112                 pop     ecx
.text:0079C113                 test    eax, eax <--- Here
.text:0079C115                 jz      short loc_79C11B
.text:0079C117                 mov     ecx, esi
.text:0079C119                 jmp     short loc_79C0F2
.text:0079C11B ; ---------------------------------------------------------------------------
.text:0079C11B
.text:0079C11B loc_79C11B:                             ; CODE XREF: ClntObjMgr_EnumVisibleObjects+44j
.text:0079C11B                 xor     edi, edi
.text:0079C11D
.text:0079C11D loc_79C11D:                             ; CODE XREF: ClntObjMgr_EnumVisibleObjects+24j
.text:0079C11D                                         ; ClntObjMgr_EnumVisibleObjects+28j
.text:0079C11D                 mov     eax, edi
.text:0079C11F                 pop     edi
.text:0079C120                 pop     esi
.text:0079C121                 pop     ebp
.text:0079C122                 retn
.text:0079C122 ClntObjMgr_EnumVisibleObjects endp

I guess the other question is, does this function now return Object pointers? Cause even if I define my parameter as __int64, and output as __in64 it still only gives me a 32bit value....and it doesn't look like a GUID....


EDIT: Actually NM, I answered my own question. It looks like its returning the addresses to the actual objects and not there GUID....i guess they updated the way this function works.

Thanks for the help man, this was a very duh moment.

[aeo]

Look up TOM_RUS WoWAddin Project on his repo. Its a very basic example of EnumVisibleObjects. It will probably answer any other questions you may have. Regardless it's a great resource.

[TOM_RUS]

There's at least 3 ClntObjMgrEnumVisible* functions:

Code:

ClntObjMgrEnumVisibleObjects(int (*callback)(unsigned long long guid, void *param), void *param)
ClntObjMgrEnumVisibleObjectsPtr(int (*callback)(CGObject_C *pObject, void *param), void *param)
ClntObjMgrEnumVisibleUnitsPtr(int (*callback)(CGUnit_C *pUnit, void *param), void *param)

[cenron]

There's at least 3 ClntObjMgrEnumVisible* functions:

Code:

ClntObjMgrEnumVisibleObjects(int (*callback)(unsigned long long guid, void *param), void *param)
ClntObjMgrEnumVisibleObjectsPtr(int (*callback)(CGObject_C *pObject, void *param), void *param)
ClntObjMgrEnumVisibleUnitsPtr(int (*callback)(CGUnit_C *pUnit, void *param), void *param)

I see that makes a lot more sense now. I have only ever seen people talking about the GUID returning. So the function I am using is the ClntObjMgrEnumVisibleObjectsPtr(int (*callback)(CGObject_C *pObject, void *param), void *param), The address is (Wow.exe+0x39C0D1) ?

[TOM_RUS]

I see that makes a lot more sense now. I have only ever seen people talking about the GUID returning. So the function I am using is the ClntObjMgrEnumVisibleObjectsPtr(int (*callback)(CGObject_C *pObject, void *param), void *param), The address is (Wow.exe+0x39C0D1) ?

Probably.

Actually, I can't find ClntObjMgrEnumVisibleObjects with guid callback in 5.4.7 client, but it does exist in 6.0.

Other 2 are (may be swapped):
0079C0D1 ClntObjMgrEnumVisibleObjectsPtr
0079C123 ClntObjMgrEnumVisibleUnitsPtr

[cenron]

Hmmm, So I got it working and it returns the objects around me....the only problem is that it seems to only return object types of OT_PLAYER( 0x04 ) and OT_UNIT ( 0x03 ).....As the filter I set it to ZERO ( 0 ),

It doesn't return anything else, very weird.

Code:

		OT_OBJECT			= 0x00,
		OT_ITEM				= 0x01,
		OT_CONTAINER		= 0x02,
		OT_UNIT				= 0x03,
		OT_PLAYER			= 0x04,
		OT_GAME_OBJECT		= 0x05,
		OT_DYNAMIC_OBJECT	= 0x06,
		OT_CORPSE			= 0x07

[TOM_RUS]

Hmmm, So I got it working and it returns the objects around me....the only problem is that it seems to only return object types of OT_PLAYER( 0x04 ) and OT_UNIT ( 0x03 ).....As the filter I set it to ZERO ( 0 ),

It doesn't return anything else, very weird.

That means you are using ClntObjMgrEnumVisibleUnitsPtr, try other one.

[culino2]

Hmmm, So I got it working and it returns the objects around me....the only problem is that it seems to only return object types of OT_PLAYER( 0x04 ) and OT_UNIT ( 0x03 ).....As the filter I set it to ZERO ( 0 ),

The enum function doesn't have a filter parameter.

[cenron]

That means you are using ClntObjMgrEnumVisibleUnitsPtr, try other one.

I think I found it. I haven't had a chance to try it out yet to see what it returns but I think that these are the addresses

Code:

ClntObjMgrEnumVisibleUnitsPtr = 0x39B6AD
ClntObjMgrEnumVisibleObjectsPtr = 0x39B65B

I can't seem to find the GUID one though....I think you said earlier it wasn't in there so ya.