WoW Classic 1.13.2 (30550) ObjMgr menu

User Tag List

Results 1 to 5 of 5
  1. #1
    serioux1337's Avatar Member
    Reputation
    4
    Join Date
    Feb 2018
    Posts
    3
    Thanks G/R
    0/2
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    WoW Classic 1.13.2 (30550) ObjMgr

    With the Offset Dumper i got the following offsets:
    Code:
    ActionBarFirstSlot = 0xFFFF800957120004
    CameraBase = 0xFFFF800957120004
    ClickToMoveTrigger = 0x1FE13F0
    CooldownPtr = 0x24D2868
    GameBuild = 0x1EEA5F4
    GameReleaseDate = 0x1EEA600
    GameVersion = 0x1EEA5EC
    InGameFlag = 0xFFFF800957120004
    IsLoadingOrConnecting = 0xFFFF800957120004
    IsTexting = 0xFFFF800957120004
    LastHardwareAction = 0xFFFF800957120004
    LocalPlayerGUID = 0xAB5CD90
    MouseOverGUID = 0xAA7E048
    NameCacheBase = 0xFFFF800957120004
    ObjectMgrPtr = 0x25139E0
    RuneReady = 0xFFFF800957120004
    TerrainSpellActive = 0x25F9590
    ZoneID = 0xFFFF800957120004
    
    CheckSpellAttribute = 0x1B962D0
    FrameScript_ExecuteBuffer = 0xFFFF800957120000
    FrameScript_GetLocalizedText = 0xFFFF800957120000
    FrameScript_GetText = 0xFFFF800957120000
    Party_FindMember = 0xFA7D90
    PetInfo_FindSpellById = 0x10D2390
    PetInfo_SendPetAction = 0x10D43A0
    Specialization_IsTalentSelectedById = 0xFFFF800957120000
    SpellBook_CastSpell = 0xFFFF800957120000
    SpellBook_FindSlotBySpellId = 0xFFFF800957120000
    SpellBook_FindSpellOverrideById = 0xFFFF800957120000
    SpellBook_GetOverridenSpell = 0xFFFF800957120000
    SpellDB_GetRow = 0x1B96330
    Spell_ClickSpell = 0xFFFF800957120000
    Spell_GetMinMaxRange = 0x8662C0
    Spell_GetSomeSpellInfo = 0x1B93C90
    Spell_GetSpellCharges = 0x868B10
    Spell_GetSpellCooldown = 0x868FE0
    Spell_HandleTerrainClick = 0x86F190
    Spell_IsInRange = 0xFFFF800957120000
    Spell_IsSpellKnown = 0xFFFF800957120000
    Spell_IsStealable = 0xFFFF800957120000
    Unit_CanAttack = 0xFFFF800957120000
    Unit_GetAuraByIndex = 0xFFFF800957120000
    Unit_GetFacing = 0xFFFF800957120000
    Unit_GetPosition = 0xFFFF800957120000
    Unit_GetPower = 0xFFFF800957120000
    Unit_GetPowerMax = 0x1335AF0
    Unit_Interact = 0xF077B0
    Unit_IsFriendly = 0xFFFF800957120000
    WorldFrame_Intersect = 0xFFFF800957120000
    Obviously some of them are wrong, because classic is different in code than retail.
    Reading out some like PlayerGuid, MouseOverGuid, Version worked.

    ObjectMgrPtr 0x25139E0

    Are there any tutorials for IDA on how to get static structs and enums out of the game?
    And how do i get firstObj and nextObj offsets from the ObjectMgrPtr?

    I noticed, that there are many code file references.
    Is that normal or is the code not cleaned up in beta?
    test.png

    These ads disappear when you log in.

  2. #2
    h42's Avatar Contributor CoreCoins Purchaser
    Reputation
    129
    Join Date
    Oct 2006
    Posts
    106
    Thanks G/R
    132/52
    Trade Feedback
    12 (100%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Not had much time to look at any beta stuff, but the quick glance I had made it seem relatively close to the early 8.0 clients, at least in terms of finding things.
    Info on finding static data etc is in the forum if you have the patience to search, there's also plenty of ida scripts etc floating around in those threads that you could probably repurpose.
    Each time you find something yourself, you'll be better off for the future. It's also an iterative process, but once you have a decent base you can get a lot done with bindiff etc whenever a new version hits.

    But let's take your example of the objMgr:
    To understand how it works and get the offsets if you don't have any signatures you can scan for, the easiest way is to start with two things imo:
    - Knowledge of how it worked in past versions, so that you can identify/parse the logic when you see it in the disassembly
    - A function that iterates over it in your current version.

    The knowledge can once again be found in the forum if you search.
    For getting a function that iterates, there's plenty of strings related to getting objects that you can start from,
    Last few expansions I've been searching for the string containing "gmvision" and going via xrefs from there.
    Once there, the function should be pretty self-explanatory, but it's iterating over the object lists in a few different ways, as hinted by the output strings.
    firstObj would be the offset it loads before the loop, 0x18, and nextObj in the end of the loop scope, looks like curr + 0x8 + *( objMgr + 0x8 )

    The references to code files are for assertions, it varies in how many are in but it's not uncommon for beta afaik.
    It's a nice boost to understanding what the code is about, you get a grasp on what was asserted and that way you know a few of the variables and the general domain of the function.

    There's plenty of IDA stuff out there, wow-specific stuff you're again best of searching this forum and other places.
    If you're not that experienced with IDA yet to be tied to it, I'll recommend checking out ghidra, has been a pleasure to use so far and easy to script/modify.

  3. Thanks Guidra (1 members gave Thanks to h42 for this useful post)
  4. #3
    serioux1337's Avatar Member
    Reputation
    4
    Join Date
    Feb 2018
    Posts
    3
    Thanks G/R
    0/2
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Code:
    .text:0000000000CB23BB                 mov     edx, 7
    .text:0000000000CB23C0                 lea     rcx, aObjectManagerL ; "Object manager list status: (use gmvisi"...
    .text:0000000000CB23C7                 call    sub_244FA0
    .text:0000000000CB23CC                 mov     r9d, r14d
    .text:0000000000CB23CF                 lea     rcx, aActiveObjectsU ; "    Active objects:    %u (%u visible)"
    .text:0000000000CB23D6                 mov     r8d, ebp
    .text:0000000000CB23D9                 mov     edx, 7
    .text:0000000000CB23DE                 call    sub_239BF0
    .text:0000000000CB23E3                 sub     ebp, esi
    .text:0000000000CB23E5                 lea     rcx, aUnitsUGameobjs ; "    Units: %u,   GameObjs: %u    Items:"...
    .text:0000000000CB23EC                 sub     ebp, edi
    .text:0000000000CB23EE                 mov     r9d, esi
    .text:0000000000CB23F1                 sub     ebp, ebx
    .text:0000000000CB23F3                 mov     r8d, edi
    .text:0000000000CB23F6                 mov     [rsp+48h+var_20], ebp
    .text:0000000000CB23FA                 mov     edx, 7
    .text:0000000000CB23FF                 mov     [rsp+48h+var_28], ebx
    .text:0000000000CB2403                 call    sub_239BF0
    .text:0000000000CB2408                 mov     r8d, r15d
    .text:0000000000CB240B                 lea     rcx, aObjectsWaiting ; "    Objects waiting to be freed: %u obj"...
    .text:0000000000CB2412                 mov     edx, 7
    .text:0000000000CB2417                 call    sub_239BF0
    .text:0000000000CB241C                 mov     rbx, [rsp+48h+arg_0]
    .text:0000000000CB2421                 mov     eax, 1
    .text:0000000000CB2426                 mov     rbp, [rsp+48h+arg_8]
    .text:0000000000CB242B                 mov     rsi, [rsp+48h+arg_10]
    .text:0000000000CB2430                 add     rsp, 30h
    .text:0000000000CB2434                 pop     r15
    .text:0000000000CB2436                 pop     r14
    .text:0000000000CB2438                 pop     rdi
    .text:0000000000CB2439                 retn
    .text:0000000000CB2439 sub_CB2270      endp
    Is this the right location to look out for? Sorry i am not that advanced with the use of IDA

  5. #4
    h42's Avatar Contributor CoreCoins Purchaser
    Reputation
    129
    Join Date
    Oct 2006
    Posts
    106
    Thanks G/R
    132/52
    Trade Feedback
    12 (100%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    That's the one yes.
    Those strings are being passed to output routines, with additional parameters.
    The parameters are the interesting things here, as with this being a string format routine that's called, we can assume that the parameters will be sent into the call in the order they appear in the format string, which gives us a way to label them.
    Having them labeled, trace back up in the original location and see how they are used.

    If you're not used to assembly, I'd suggest using the decompiler in IDA to make it readable in a c-like output, if you have access to that.
    If you do not have access to the decompiler, you'd have to find a way to obtain it, or try out ghidra which includes one by default.

  6. #5
    Icesythe7's Avatar Contributor
    Reputation
    218
    Join Date
    Feb 2017
    Posts
    165
    Thanks G/R
    9/109
    Trade Feedback
    0 (0%)
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    heres the ones i use (0 based)


Similar Threads

  1. [Question] Simple bot for right clicking at xyz position Wow classic 1.13/Arctium
    By Andrehoejmark in forum WoW Bots Questions & Requests
    Replies: 2
    Last Post: 02-11-2019, 04:50 AM
  2. WoW Classic 1.13 Sandbox
    By raido in forum World of Warcraft Emulator Servers
    Replies: 1
    Last Post: 10-24-2018, 06:23 PM
  3. WTS US wow cdkey for 13$
    By KRSjr in forum Members Only Accounts And CD Keys Buy Sell
    Replies: 2
    Last Post: 12-04-2008, 03:59 AM
  4. WoW(classic) OST in BC
    By faisal_o in forum World of Warcraft General
    Replies: 5
    Last Post: 10-13-2007, 10:36 AM
All times are GMT -5. The time now is 02:35 AM. Powered by vBulletin® Version 4.2.3
Copyright © 2021 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2021 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search