-
Member
WoW Classic 1.13.2 (30550) ObjMgr
With the Offset Dumper i got the following offsets:
Code:
ActionBarFirstSlot = 0xFFFF800957120004
CameraBase = 0xFFFF800957120004
ClickToMoveTrigger = 0x1FE13F0
CooldownPtr = 0x24D2868
GameBuild = 0x1EEA5F4
GameReleaseDate = 0x1EEA600
GameVersion = 0x1EEA5EC
InGameFlag = 0xFFFF800957120004
IsLoadingOrConnecting = 0xFFFF800957120004
IsTexting = 0xFFFF800957120004
LastHardwareAction = 0xFFFF800957120004
LocalPlayerGUID = 0xAB5CD90
MouseOverGUID = 0xAA7E048
NameCacheBase = 0xFFFF800957120004
ObjectMgrPtr = 0x25139E0
RuneReady = 0xFFFF800957120004
TerrainSpellActive = 0x25F9590
ZoneID = 0xFFFF800957120004
CheckSpellAttribute = 0x1B962D0
FrameScript_ExecuteBuffer = 0xFFFF800957120000
FrameScript_GetLocalizedText = 0xFFFF800957120000
FrameScript_GetText = 0xFFFF800957120000
Party_FindMember = 0xFA7D90
PetInfo_FindSpellById = 0x10D2390
PetInfo_SendPetAction = 0x10D43A0
Specialization_IsTalentSelectedById = 0xFFFF800957120000
SpellBook_CastSpell = 0xFFFF800957120000
SpellBook_FindSlotBySpellId = 0xFFFF800957120000
SpellBook_FindSpellOverrideById = 0xFFFF800957120000
SpellBook_GetOverridenSpell = 0xFFFF800957120000
SpellDB_GetRow = 0x1B96330
Spell_ClickSpell = 0xFFFF800957120000
Spell_GetMinMaxRange = 0x8662C0
Spell_GetSomeSpellInfo = 0x1B93C90
Spell_GetSpellCharges = 0x868B10
Spell_GetSpellCooldown = 0x868FE0
Spell_HandleTerrainClick = 0x86F190
Spell_IsInRange = 0xFFFF800957120000
Spell_IsSpellKnown = 0xFFFF800957120000
Spell_IsStealable = 0xFFFF800957120000
Unit_CanAttack = 0xFFFF800957120000
Unit_GetAuraByIndex = 0xFFFF800957120000
Unit_GetFacing = 0xFFFF800957120000
Unit_GetPosition = 0xFFFF800957120000
Unit_GetPower = 0xFFFF800957120000
Unit_GetPowerMax = 0x1335AF0
Unit_Interact = 0xF077B0
Unit_IsFriendly = 0xFFFF800957120000
WorldFrame_Intersect = 0xFFFF800957120000
Obviously some of them are wrong, because classic is different in code than retail.
Reading out some like PlayerGuid, MouseOverGuid, Version worked.
ObjectMgrPtr 0x25139E0
Are there any tutorials for IDA on how to get static structs and enums out of the game?
And how do i get firstObj and nextObj offsets from the ObjectMgrPtr?
I noticed, that there are many code file references.
Is that normal or is the code not cleaned up in beta?
test.png
-
Not had much time to look at any beta stuff, but the quick glance I had made it seem relatively close to the early 8.0 clients, at least in terms of finding things.
Info on finding static data etc is in the forum if you have the patience to search, there's also plenty of ida scripts etc floating around in those threads that you could probably repurpose.
Each time you find something yourself, you'll be better off for the future. It's also an iterative process, but once you have a decent base you can get a lot done with bindiff etc whenever a new version hits.
But let's take your example of the objMgr:
To understand how it works and get the offsets if you don't have any signatures you can scan for, the easiest way is to start with two things imo:
- Knowledge of how it worked in past versions, so that you can identify/parse the logic when you see it in the disassembly
- A function that iterates over it in your current version.
The knowledge can once again be found in the forum if you search.
For getting a function that iterates, there's plenty of strings related to getting objects that you can start from,
Last few expansions I've been searching for the string containing "gmvision" and going via xrefs from there.
Once there, the function should be pretty self-explanatory, but it's iterating over the object lists in a few different ways, as hinted by the output strings.
firstObj would be the offset it loads before the loop, 0x18, and nextObj in the end of the loop scope, looks like curr + 0x8 + *( objMgr + 0x8 )
The references to code files are for assertions, it varies in how many are in but it's not uncommon for beta afaik.
It's a nice boost to understanding what the code is about, you get a grasp on what was asserted and that way you know a few of the variables and the general domain of the function.
There's plenty of IDA stuff out there, wow-specific stuff you're again best of searching this forum and other places.
If you're not that experienced with IDA yet to be tied to it, I'll recommend checking out ghidra, has been a pleasure to use so far and easy to script/modify.
-
Post Thanks / Like - 1 Thanks
Guidra (1 members gave Thanks to h42 for this useful post)
-
Member
Code:
.text:0000000000CB23BB mov edx, 7
.text:0000000000CB23C0 lea rcx, aObjectManagerL ; "Object manager list status: (use gmvisi"...
.text:0000000000CB23C7 call sub_244FA0
.text:0000000000CB23CC mov r9d, r14d
.text:0000000000CB23CF lea rcx, aActiveObjectsU ; " Active objects: %u (%u visible)"
.text:0000000000CB23D6 mov r8d, ebp
.text:0000000000CB23D9 mov edx, 7
.text:0000000000CB23DE call sub_239BF0
.text:0000000000CB23E3 sub ebp, esi
.text:0000000000CB23E5 lea rcx, aUnitsUGameobjs ; " Units: %u, GameObjs: %u Items:"...
.text:0000000000CB23EC sub ebp, edi
.text:0000000000CB23EE mov r9d, esi
.text:0000000000CB23F1 sub ebp, ebx
.text:0000000000CB23F3 mov r8d, edi
.text:0000000000CB23F6 mov [rsp+48h+var_20], ebp
.text:0000000000CB23FA mov edx, 7
.text:0000000000CB23FF mov [rsp+48h+var_28], ebx
.text:0000000000CB2403 call sub_239BF0
.text:0000000000CB2408 mov r8d, r15d
.text:0000000000CB240B lea rcx, aObjectsWaiting ; " Objects waiting to be freed: %u obj"...
.text:0000000000CB2412 mov edx, 7
.text:0000000000CB2417 call sub_239BF0
.text:0000000000CB241C mov rbx, [rsp+48h+arg_0]
.text:0000000000CB2421 mov eax, 1
.text:0000000000CB2426 mov rbp, [rsp+48h+arg_8]
.text:0000000000CB242B mov rsi, [rsp+48h+arg_10]
.text:0000000000CB2430 add rsp, 30h
.text:0000000000CB2434 pop r15
.text:0000000000CB2436 pop r14
.text:0000000000CB2438 pop rdi
.text:0000000000CB2439 retn
.text:0000000000CB2439 sub_CB2270 endp
Is this the right location to look out for? Sorry i am not that advanced with the use of IDA
-
That's the one yes.
Those strings are being passed to output routines, with additional parameters.
The parameters are the interesting things here, as with this being a string format routine that's called, we can assume that the parameters will be sent into the call in the order they appear in the format string, which gives us a way to label them.
Having them labeled, trace back up in the original location and see how they are used.
If you're not used to assembly, I'd suggest using the decompiler in IDA to make it readable in a c-like output, if you have access to that.
If you do not have access to the decompiler, you'd have to find a way to obtain it, or try out ghidra which includes one by default.
-
Contributor
heres the ones i use (0 based)