8.2.5.31960

[ChrisIsMe]

Wow.exe + 0x289DF30 Object Manager
Wow.exe + 0x268AA60 Targetting
Wow.exe + 0x27A25F0 Lua Tainted
Wow.exe + 0x27A25F8 Lua Taint Expected
Wow.exe + 0xD292D0 C_UnitReaction
Wow.exe + 0x2453BC0 RealmDB Cache
Wow.exe + 0x2453F40 Pet Name Cache
Wow.exe + 0x29351F0 Minimap Zone Text
Wow.exe + 0x2935908 Real Zone Text
Wow.exe + 0x281DF20 Spell History

ObjMgr + 0x130 Local Player stuffs
ObjMgr + 0x10 Object Count or Unit count

[counted]

I think i have the changes to the object manager figured out.

I started with binary 31921 sub_F2F550 which is the ObjectUsageCallback and reversed it.

Here is what I got

Code:

public static void ObjectUsageCallback()
        {
            //31921 sub_F2F550
            Int32 numVisible = 0;
            
            for ( Int64 i = Mem64.Read<Int64>( CurMgr + 0x120 ); i != ( CurMgr + 0x120 ); ++numVisible )      
                i = Mem64.Read<Int64>( i );

         
            Int64 pArrayBase = Mem64.Read<Int64>( CurMgr + 0x8 );
            Int64 objectArraySize = Mem64.Read<Int64>( CurMgr );
            Int64 pArrayLast = pArrayBase + objectArraySize;
            Int64 pObjectHeader = Mem64.Read<Int64>( pArrayBase );

            Int32 numActive = 0;
            Int32 numItems = 0;
            Int32 numGameObjects = 0;
            Int32 numUnits = 0;

            Boolean done = false;
            Int32 arrayindex = 0;
            Int64 pArrayNext = 0;
            while ( !done )
            {
                Int32 chain = 0;
                do
                {
                    ++chain;
                    ++numActive;
                    Int64 pObject = Mem64.Read<Int64>(pObjectHeader + 0x18);
                    Byte wowObjectType = Mem64.Read<Byte> (  pObject + 0x10 );
                    UInt32 wowObjectTypeFlags =  Mem64.Read<UInt32>(Mem64.Rebase(pWowTypeFlags) + wowObjectType * 0x4);

                    if ( ( ( Int32 ) wowObjectTypeFlags & 6 ) > 0 )
                    {
                        ++numItems;
                    }
                    else if ( ( ( ( Int32 ) wowObjectTypeFlags >> 5 ) & 1 ) > 0 )
                    {
                        ++numUnits;
                    }
                    else if ( ( ( Int32 ) wowObjectTypeFlags & 0x100 ) > 0 )
                    {
                        ++numGameObjects;
                    }
                    pObjectHeader = Mem64.Read<Int64>( pObjectHeader );
                }
                while ( pObjectHeader > 0 );

                TimeLogBoth( "Chain " + arrayindex + "  | " + chain );

                arrayindex++;
                pArrayNext = pArrayBase + 0x8 + arrayindex;

                if ( pArrayNext >= pArrayLast )
                {
                    break;
                }

                while ( true )
                {
                    pObjectHeader = Mem64.Read<Int64>( pArrayNext );

                    if ( pObjectHeader > 0 )
                    {
                        break;
                    }

                    TimeLogBoth( "Chain " + arrayindex + "  | 0" );

                    arrayindex++;
                    pArrayNext = pArrayBase + 0x8 * arrayindex;

                    if ( pArrayNext >= pArrayLast )
                    {
                        done = true;
                        break;
                    }
                }
            }

            Int32 numWaitingToBeFreed = Mem64.Read<Int32>( CurMgr + 0x30 );
        }

This shows that the curMgr + 0x120 contains all of the visible objects.

The curMgr + 0x8 appears to be an array of 80 object chains. Some chains are empty some have one object some have a couple objects.
when i ran the code it does NOT have all of he objects in the visible 0x120 object list.

So I focused on the 0x120 object list

I looked at 31921 sub_F30010 ClntObjMgrEnumVisibleObjects and the call back that gets passed to if from Script_ClosestUnitPosition which is sub_15DD560

ClntObjMgrEnumVisibleObjects sub_F30010 subtracts 0x18 from the 0x120 address and inside sub_15DD560 it adds 0x10 back to that address and indexs the WowObjectFlags array so this gives us the info we need.

so basically the 0x120 address link list is pointing to the Next Object Address of the Object and we need to subtract 0x18 from it to the get object base. From that Base the type is 0x10 and the guild is 0x40. It also looks like 0x20 is the previous object. The struct is shown below.

Code:

  

            //31921 sub_F30010 ClntObjMgrEnumVisibleObjects
            //31921 Script_ClosestUnitPosition call back for ClntObjMgrEnumVisibleObjects sub_15DD560

            NumPlayers = 0;
            NumGameObjects = 0;
            NumContaniners = 0;
            NumItems = 0;
            NumUnits = 0;
            NumCorpse = 0;
            NumDynamic = 0;
            NumAreaTrigger = 0;
            NumScene = 0;
            NumOther = 0;
            NumAzeriteItem = 0;
            NumbAzeriteEmpoweredItem = 0;
            NumActivePlayers = 0;

            Dictionary<Int128, ObjectData> currentScan = new Dictionary<Int128, ObjectData>();

            if ( CurMgr == 0 )
            {
                return currentScan;
            }

            for ( Int64 i = Mem64.Read<Int64>( CurMgr + 0x120 ); i != ( CurMgr + 0x120 ); )
            {
                Int64 address = i - 0x18;  

                WowObjStruct header = Mem64.Read<WowObjStruct>( address );

                ObjectData data = new ObjectData { BaseAddress = address, Header = header };

                switch ( header.WowType )
                {
                    case ( Int32 ) eWowType.ITEM:
                        NumItems++;
                        break;
                    case ( Int32 ) eWowType.AREATRIGGER:
                        NumAreaTrigger++;
                        break;
                    case ( Int32 ) eWowType.CONTAINER:
                        NumContaniners++;
                        break;
                    case ( Int32 ) eWowType.CORPSE:
                        NumCorpse++;
                        break;
                    case ( Int32 ) eWowType.DYNAMICOBJECT:
                        NumDynamic++;
                        break;
                    case ( Int32 ) eWowType.GAMEOBJECT:
                        NumGameObjects++;
                        break;
                    case ( Int32 ) eWowType.PLAYER:
                        NumPlayers++;
                        break;
                    case ( Int32 ) eWowType.SCENEOBJECT:
                        NumScene++;
                        break;
                    case ( Int32 ) eWowType.UNIT:
                        NumUnits++;
                        break;
                    case ( Int32 ) eWowType.ACTIVEPLAYER:
                        NumActivePlayers++;
                        break;
                    case ( Int32 ) eWowType.AzeriteItem:
                        NumAzeriteItem++;
                        break;
                    case ( Int32 ) eWowType.AzeriteEmpoweredItem:
                        NumbAzeriteEmpoweredItem++;
                        break;
                    default:
                        NumOther++;
                        break;

                }

                currentScan.TryGetValue( data.Header.WowGuid, out ObjectData test );

                if ( test == null )
                {
                    currentScan.Add( data.Header.WowGuid, data );
                }
                else
                {
                    //duplicate guid ??
                }

                i = Mem64.Read<Int64>( i );
            }

            return currentScan;
        }

Last thing i did was set a break point on the object manager for object type 7 ( Active Player) and searched the object for my guid to get the guid offset 0x40;

Code:

 //31921
    [StructLayout( LayoutKind.Explicit )]
    public struct WowObjStruct
    {
        [FieldOffset(0)]
        public Int64 vtable;                        
        [FieldOffset(0X10)]
        public Byte WowType;                            
        [FieldOffset(0X18)]
        public Int64 Next;                          
        [FieldOffset(0X20)]
        public Int64 Previous;                         
        [FieldOffset(0X40)]
        public Int128 WowGuid;                      
    }

[gdfsxwy]

English is not my mother tongue.
My robot program is not working.
Hope to get more help information.

wow: 31961
Mgr: 0x288BF60
arg1:guid

Code:

Wow.exe+F1FD80 - 48 89 5C 24 08        - mov [rsp+08],rbx
Wow.exe+F1FD85 - 48 89 74 24 10        - mov [rsp+10],rsi
Wow.exe+F1FD8A - 57                    - push rdi
Wow.exe+F1FD8B - 48 83 EC 50           - sub rsp,50 { 80 }
Wow.exe+F1FD8F - 48 83 3D C9C19601 00  - cmp qword ptr [Wow.exe+288BF60],00 { ("8-sk?"),0 }
Wow.exe+F1FD97 - 48 8B F9              - mov rdi,rcx
Wow.exe+F1FD9A - 0F84 6D010000         - je Wow.exe+F1FF0D
Wow.exe+F1FDA0 - 41 B9 D8060000        - mov r9d,000006D8 { 1752 }
Wow.exe+F1FDA6 - 4C 8D 05 038D1B01     - lea r8,[Wow.exe+20D8AB0] { ("d:\buildserver\wow\1\work\shared-checkout\branches\wow-patch-8_") }
Wow.exe+F1FDAD - BA 40000000           - mov edx,00000040 { 64 }
Wow.exe+F1FDB2 - E8 F9070000           - call Wow.exe+F205B0
Wow.exe+F1FDB7 - 48 8B F0              - mov rsi,rax
Wow.exe+F1FDBA - 48 85 C0              - test rax,rax
Wow.exe+F1FDBD - 74 53                 - je Wow.exe+F1FE12
Wow.exe+F1FDBF - 0F10 80 E8190000      - movups xmm0,[rax+000019E8]
Wow.exe+F1FDC6 - 41 B9 DA060000        - mov r9d,000006DA { 1754 }
Wow.exe+F1FDCC - 4C 8D 05 DD8C1B01     - lea r8,[Wow.exe+20D8AB0] { ("d:\buildserver\wow\1\work\shared-checkout\branches\wow-patch-8_") }
Wow.exe+F1FDD3 - BA 00040000           - mov edx,00000400 { 1024 }
Wow.exe+F1FDD8 - 48 8D 4C 24 20        - lea rcx,[rsp+20]
Wow.exe+F1FDDD - 0F11 44 24 20         - movups [rsp+20],xmm0
Wow.exe+F1FDE2 - E8 C9070000           - call Wow.exe+F205B0
Wow.exe+F1FDE7 - 48 85 C0              - test rax,rax
Wow.exe+F1FDEA - 74 26                 - je Wow.exe+F1FE12
Wow.exe+F1FDEC - 48 8B 88 20010000     - mov rcx,[rax+00000120]
Wow.exe+F1FDF3 - 48 39 0F              - cmp [rdi],rcx
Wow.exe+F1FDF6 - 75 1A                 - jne Wow.exe+F1FE12
Wow.exe+F1FDF8 - 48 8B 88 28010000     - mov rcx,[rax+00000128]
Wow.exe+F1FDFF - 48 39 4F 08           - cmp [rdi+08],rcx
Wow.exe+F1FE03 - 75 0D                 - jne Wow.exe+F1FE12
Wow.exe+F1FE05 - F6 80 5C010000 01     - test byte ptr [rax+0000015C],01 { 1 }
Wow.exe+F1FE0C - 0F84 FD000000         - je Wow.exe+F1FF0F
Wow.exe+F1FE12 - 48 8B 05 47C19601     - mov rax,[Wow.exe+288BF60] { ("8-sk?") }
Wow.exe+F1FE19 - 4C 8B 40 08           - mov r8,[rax+08]
Wow.exe+F1FE1D - 4D 85 C0              - test r8,r8
Wow.exe+F1FE20 - 0F84 E7000000         - je Wow.exe+F1FF0D
Wow.exe+F1FE26 - 49 8B 08              - mov rcx,[r8]
Wow.exe+F1FE29 - 48 8B 00              - mov rax,[rax]
Wow.exe+F1FE2C - 48 89 4C 24 20        - mov [rsp+20],rcx
Wow.exe+F1FE31 - 4C 89 44 24 28        - mov [rsp+28],r8
Wow.exe+F1FE36 - 49 8D 14 C0           - lea rdx,[r8+rax*8]
Wow.exe+F1FE3A - 48 89 54 24 30        - mov [rsp+30],rdx
Wow.exe+F1FE3F - 48 85 C9              - test rcx,rcx
Wow.exe+F1FE42 - 75 29                 - jne Wow.exe+F1FE6D
Wow.exe+F1FE44 - 49 8D 40 08           - lea rax,[r8+08]
Wow.exe+F1FE48 - 48 89 44 24 28        - mov [rsp+28],rax
Wow.exe+F1FE4D - 48 3B C2              - cmp rax,rdx
Wow.exe+F1FE50 - 73 1B                 - jae Wow.exe+F1FE6D
Wow.exe+F1FE52 - 48 8B 08              - mov rcx,[rax]
Wow.exe+F1FE55 - 48 89 4C 24 20        - mov [rsp+20],rcx
Wow.exe+F1FE5A - 48 85 C9              - test rcx,rcx
Wow.exe+F1FE5D - 75 09                 - jne Wow.exe+F1FE68
Wow.exe+F1FE5F - 48 83 C0 08           - add rax,08 { 8 }
Wow.exe+F1FE63 - 48 3B C2              - cmp rax,rdx
Wow.exe+F1FE66 - 72 EA                 - jb Wow.exe+F1FE52
Wow.exe+F1FE68 - 48 89 44 24 28        - mov [rsp+28],rax
Wow.exe+F1FE6D - F2 0F10 4C 24 30      - movsd xmm1,[rsp+30]
Wow.exe+F1FE73 - F2 0F11 4C 24 48      - movsd [rsp+48],xmm1
Wow.exe+F1FE79 - 0F10 44 24 20         - movups xmm0,[rsp+20]
Wow.exe+F1FE7E - 0F11 44 24 38         - movups [rsp+38],xmm0
Wow.exe+F1FE83 - 48 85 C9              - test rcx,rcx
Wow.exe+F1FE86 - 0F84 81000000         - je Wow.exe+F1FF0D
Wow.exe+F1FE8C - 4C 8B 4C 24 48        - mov r9,[rsp+48]
Wow.exe+F1FE91 - 4C 8D 15 38D01901     - lea r10,[Wow.exe+20BCED0] { (1) }
Wow.exe+F1FE98 - 48 8B 54 24 40        - mov rdx,[rsp+40]
Wow.exe+F1FE9D - 4C 8B 44 24 38        - mov r8,[rsp+38]
Wow.exe+F1FEA2 - 0F1F 40 00            - nop [rax+00] 
Wow.exe+F1FEA6 - 66 66 0F1F 84 00 00000000  - nop [rax+rax+00000000] 
Wow.exe+F1FEB0 - 49 8B 58 18           - mov rbx,[r8+18]
Wow.exe+F1FEB4 - 0FB6 43 10            - movzx eax,byte ptr [rbx+10]
Wow.exe+F1FEB8 - 41 8B 0C 82           - mov ecx,[r10+rax*4]
Wow.exe+F1FEBC - C1 E9 0A              - shr ecx,0A { 10 }
Wow.exe+F1FEBF - F6 C1 01              - test cl,01 { 1 }
Wow.exe+F1FEC2 - 74 22                 - je Wow.exe+F1FEE6
Wow.exe+F1FEC4 - 48 8B 83 20010000     - mov rax,[rbx+00000120]
Wow.exe+F1FECB - 48 39 07              - cmp [rdi],rax
Wow.exe+F1FECE - 75 16                 - jne Wow.exe+F1FEE6
Wow.exe+F1FED0 - 48 8B 83 28010000     - mov rax,[rbx+00000128]
Wow.exe+F1FED7 - 48 39 47 08           - cmp [rdi+08],rax
Wow.exe+F1FEDB - 75 09                 - jne Wow.exe+F1FEE6
Wow.exe+F1FEDD - F6 83 5C010000 01     - test byte ptr [rbx+0000015C],01 { 1 }
Wow.exe+F1FEE4 - 74 39                 - je Wow.exe+F1FF1F
Wow.exe+F1FEE6 - 4D 8B 00              - mov r8,[r8]
Wow.exe+F1FEE9 - 4D 85 C0              - test r8,r8
Wow.exe+F1FEEC - 75 C2                 - jne Wow.exe+F1FEB0
Wow.exe+F1FEEE - 48 83 C2 08           - add rdx,08 { 8 }
Wow.exe+F1FEF2 - 49 3B D1              - cmp rdx,r9
Wow.exe+F1FEF5 - 73 16                 - jae Wow.exe+F1FF0D
Wow.exe+F1FEF7 - 4C 8B 02              - mov r8,[rdx]
Wow.exe+F1FEFA - 4D 85 C0              - test r8,r8
Wow.exe+F1FEFD - 75 B1                 - jne Wow.exe+F1FEB0
Wow.exe+F1FEFF - 48 83 C2 08           - add rdx,08 { 8 }
Wow.exe+F1FF03 - 49 3B D1              - cmp rdx,r9
Wow.exe+F1FF06 - 72 EF                 - jb Wow.exe+F1FEF7
Wow.exe+F1FF08 - 4D 85 C0              - test r8,r8
Wow.exe+F1FF0B - 75 A3                 - jne Wow.exe+F1FEB0
Wow.exe+F1FF0D - 33 C0                 - xor eax,eax
Wow.exe+F1FF0F - 48 8B 5C 24 60        - mov rbx,[rsp+60]
Wow.exe+F1FF14 - 48 8B 74 24 68        - mov rsi,[rsp+68]
Wow.exe+F1FF19 - 48 83 C4 50           - add rsp,50 { 80 }
Wow.exe+F1FF1D - 5F                    - pop rdi
Wow.exe+F1FF1E - C3                    - ret 
Wow.exe+F1FF1F - 48 85 F6              - test rsi,rsi
Wow.exe+F1FF22 - 74 0C                 - je Wow.exe+F1FF30
Wow.exe+F1FF24 - 48 8D 53 40           - lea rdx,[rbx+40]
Wow.exe+F1FF28 - 48 8B CE              - mov rcx,rsi
Wow.exe+F1FF2B - E8 F07CD2FF           - call Wow.exe+C47C20
Wow.exe+F1FF30 - 48 8B 74 24 68        - mov rsi,[rsp+68]
Wow.exe+F1FF35 - 48 8B C3              - mov rax,rbx
Wow.exe+F1FF38 - 48 8B 5C 24 60        - mov rbx,[rsp+60]
Wow.exe+F1FF3D - 48 83 C4 50           - add rsp,50 { 80 }
Wow.exe+F1FF41 - 5F                    - pop rdi
Wow.exe+F1FF42 - C3                    - ret 
Wow.exe+F1FF43 - A9 E3E0BBD2           - test eax,D2BBE0E3 { -759439133 }

Unit Descriptors ?

[evil2]

big thanks to "counted" for reversing the 8.2.5 Object Manager ...


some changed offset:

Aura_Count2 = 0x5f8
Aura_Count1 = Aura_Count2 + 0xA80
Aura_Table1 = Aura_Count2
Aura_Table2 = Aura_Count2 + 0x8
Obj_Id = 0x98
Obj_Pos = 0x140 // xyz
Obj_Bobbing = 0x64
NameUnit_Base = 0x2D0
NameUnit_Off = 0xE8
NameObj_Base = 0x108
NameObj_Off = 0xE0
Camera_Off = 0x3438

changed "Cast" struct:

0x00 int CastId
0x08 guid Target
0x28 int CastTimeStart
0x2c int CastTimeEnd
0x30 int ChannelId
0x38 int ChannelTimeStart
0x3c int ChannelTimeEnd

[provirus]

const int UnitHealth = 0x1370;
const int UnitClass = 0x1575;
const int UnitHealthMax = 0x1588;
const int UnitLevel = 0x1590;
const int UnitRace = 0x15B4;
const int UnitLocation = 0x110;
const int UnitRotation = UnitLocation + 0x10;
const int UnitTargetGUID = 0x1540;
const int UnitMountDisplayID = 0x15E0;
const int UnitPower = 0x1378;
const int UnitPowerMax = 0x1788;

const int PlayerSpeedBase = 0xB0;
const int PlayerSpeedOffset = 0xA4;

[vegoo]

Thanks a lot for info counted, really good job in figuring it out

Some info from me

Code:

# OBJECT MANAGER OFFSETS

# player guid is outside of objects in manager
playerGUIDOffset = 0x140

firstObject = 0x120
NextObject = 0x0

# object type is byte
# Object Types for BoA:
# 1 - item
# 5 - npc, no idea if it includes monsters
# 6 - other players
# 7 - localplayer
# 8 - ???

ObjectType = -0x18 + 0x10

ObjectGUID = -0x18 + 0x40
ObjectGUID2 = -0x18 + 0x44

NPCItemIDOffset = -0x18 + 0x98

XOffset = -0x18 + 0x110

# Relative to XOffset

RotationOffset = 0x10

# HP and Mana are bytes now

currentHPOffset = -0x18 + 0x1580
currentManaOffset = -0x18 + 0x1770
maxHPOffset = -0x18 + 0x1588
maxManaoffset = -0x18 + 0x1788

# race is byte
raceOffset = -0x18 + 0x1574

# byte, 0 when not flying, other when flying
# taken from UnitOnTaxi, 2nd if statement with + 0x2 addition
# search for the base value first and then check in CE what is changing near it
IsOnFlightOffset = -0x18 + 0x15B8 + 0x2

[counted]

@veggo

the wowobjectflags are not wowtype

the 0x10 offset is wowtype

which is used to index the wowtypeflags array to get the right flags to sweep out all items for instance

Code:

public enum eWowType
    {
        OBJECT = 0,
        ITEM = 1,
        CONTAINER = 2,
        AzeriteEmpoweredItem = 3,
        AzeriteItem = 4,
        UNIT = 5,
        PLAYER = 6,
        ACTIVEPLAYER = 7,
        GAMEOBJECT = 8,
        DYNAMICOBJECT = 9,
        CORPSE = 10,
        AREATRIGGER = 11,
        SCENEOBJECT = 12,
    }

the showobjectusage sub uses wowobjectflags

Code:

 public enum WowTypeFlags
    {
        Object = 0x1,                   // 0000 0000 0000 0001
        Item = 0x3,                     // 0000 0000 0000 0011
        Container = 0x7,                // 0000 0000 0000 0111
        AzeriteEmpoweredItem = 0xB,     // 0000 0000 0000 1011
        AzeriteItem = 0x13,             // 0000 0000 0001 0011
        Unit = 0x21,                    // 0000 0000 0010 0001
        Player = 0x61,                  // 0000 0000 0110 0001
        ActivePlayer = 0xE1,            // 0000 0000 1110 0001
        Game = 0x101,                   // 0000 0001 0000 0001
        Dynamic = 0x201,                // 0000 0010 0000 0001
        Corpse = 0x401,                 // 0000 0100 0000 0001
        Areatrigger = 0x801,            // 0000 1000 0000 0001
        Scene = 0x1001,                 // 0001 0000 0000 0001
        Conversation = 0x2001,          // 0010 0000 0000 0001
        AiGroup = 0x4001,               // 0100 0000 0000 0001
        Scenario = 0x8001,              // 1000 0000 0000 0001
        Loot = 0x10001,
        Invalid = 0x20000
    }

so wowobjectflags & 6 > 0 will sweep up items, containers, azerite empowered items, and azerite items

wowtype = 8 is a gameobject

[vegoo]

@counted

I use the 0x10 offset as wowtype - I just named variable wrongly in my code
Anyway thanks for explanation, more info is always appreciated
Also would you mind sharing how are you getting these functions names if they can't be pinpointed directly via strings window? Are you using pattern search with information from previous versions?

[counted]

I started with the 15662 MacOsBinary that was released with debug info.

https://www.ownedcore.com/forums/wor...ml#post3787382 (How to Dump Wow from Memory....)

Find and name subroutines

When next binary is release, use bindiff ida plugin to compare and find the stuff i need.

https://www.ownedcore.com/forums/wor...-freeware.html (Zynamics BinDiff 4.2 is now Freeware....)

I also update my ida database when other people post information that is useful that I have not found in the past.

For the Show Object Usage name I just picked the name based on the strings in the function call that references the call back.

//31921

Code:

 sub_3469F0((__int64)"ObjUsage", (__int64)ObjectUsageCallback, 4, 0i64, 0i64);
  return sub_3469F0((__int64)"ShowObjUsage", (__int64)ObjectUsageCallback, 4, 0i64, 0i64);

so if you want to find the callback function search the strings window for "ObjUsage" and go from there.

or you could find s_curMgr and xref it and open up all of the subroutines that ref it and find it as well

hope that helps, nothing magic

[65774332]

public enum NameOffsets : ulong
{
nameCache = ？,
nameGuid = 0x20,
nameString = 0x31,

}

I cannot find nameCache

[ChrisIsMe]

public enum NameOffsets : ulong
{
nameCache = ？,
nameGuid = 0x20,
nameString = 0x31,

}

I cannot find nameCache

I don't have the newest dump of the game, but this should be it.

48 8D 0D ? ? ? ? E8 ? ? ? ? 48 85 C0 74 3B 45 33 C9

That function also contains the pet name cache, you should be able to find all the others from there.

I’ll post all the new offsets when I have a chance later tonight to dump the newest version

[65774332]

nameCache = 0x2453C38
but it's not working

[ChrisIsMe]

English is not my mother tongue.
My robot program is not working.
Hope to get more help information.

wow: 31961
Mgr: 0x288BF60
arg1:guid

Code:

Wow.exe+F1FD80 - 48 89 5C 24 08        - mov [rsp+08],rbx
Wow.exe+F1FD85 - 48 89 74 24 10        - mov [rsp+10],rsi
Wow.exe+F1FD8A - 57                    - push rdi
Wow.exe+F1FD8B - 48 83 EC 50           - sub rsp,50 { 80 }
Wow.exe+F1FD8F - 48 83 3D C9C19601 00  - cmp qword ptr [Wow.exe+288BF60],00 { ("8-sk?"),0 }
Wow.exe+F1FD97 - 48 8B F9              - mov rdi,rcx
Wow.exe+F1FD9A - 0F84 6D010000         - je Wow.exe+F1FF0D
Wow.exe+F1FDA0 - 41 B9 D8060000        - mov r9d,000006D8 { 1752 }
Wow.exe+F1FDA6 - 4C 8D 05 038D1B01     - lea r8,[Wow.exe+20D8AB0] { ("d:\buildserver\wow\1\work\shared-checkout\branches\wow-patch-8_") }
Wow.exe+F1FDAD - BA 40000000           - mov edx,00000040 { 64 }
Wow.exe+F1FDB2 - E8 F9070000           - call Wow.exe+F205B0
Wow.exe+F1FDB7 - 48 8B F0              - mov rsi,rax
Wow.exe+F1FDBA - 48 85 C0              - test rax,rax
Wow.exe+F1FDBD - 74 53                 - je Wow.exe+F1FE12
Wow.exe+F1FDBF - 0F10 80 E8190000      - movups xmm0,[rax+000019E8]
Wow.exe+F1FDC6 - 41 B9 DA060000        - mov r9d,000006DA { 1754 }
Wow.exe+F1FDCC - 4C 8D 05 DD8C1B01     - lea r8,[Wow.exe+20D8AB0] { ("d:\buildserver\wow\1\work\shared-checkout\branches\wow-patch-8_") }
Wow.exe+F1FDD3 - BA 00040000           - mov edx,00000400 { 1024 }
Wow.exe+F1FDD8 - 48 8D 4C 24 20        - lea rcx,[rsp+20]
Wow.exe+F1FDDD - 0F11 44 24 20         - movups [rsp+20],xmm0
Wow.exe+F1FDE2 - E8 C9070000           - call Wow.exe+F205B0
Wow.exe+F1FDE7 - 48 85 C0              - test rax,rax
Wow.exe+F1FDEA - 74 26                 - je Wow.exe+F1FE12
Wow.exe+F1FDEC - 48 8B 88 20010000     - mov rcx,[rax+00000120]
Wow.exe+F1FDF3 - 48 39 0F              - cmp [rdi],rcx
Wow.exe+F1FDF6 - 75 1A                 - jne Wow.exe+F1FE12
Wow.exe+F1FDF8 - 48 8B 88 28010000     - mov rcx,[rax+00000128]
Wow.exe+F1FDFF - 48 39 4F 08           - cmp [rdi+08],rcx
Wow.exe+F1FE03 - 75 0D                 - jne Wow.exe+F1FE12
Wow.exe+F1FE05 - F6 80 5C010000 01     - test byte ptr [rax+0000015C],01 { 1 }
Wow.exe+F1FE0C - 0F84 FD000000         - je Wow.exe+F1FF0F
Wow.exe+F1FE12 - 48 8B 05 47C19601     - mov rax,[Wow.exe+288BF60] { ("8-sk?") }
Wow.exe+F1FE19 - 4C 8B 40 08           - mov r8,[rax+08]
Wow.exe+F1FE1D - 4D 85 C0              - test r8,r8
Wow.exe+F1FE20 - 0F84 E7000000         - je Wow.exe+F1FF0D
Wow.exe+F1FE26 - 49 8B 08              - mov rcx,[r8]
Wow.exe+F1FE29 - 48 8B 00              - mov rax,[rax]
Wow.exe+F1FE2C - 48 89 4C 24 20        - mov [rsp+20],rcx
Wow.exe+F1FE31 - 4C 89 44 24 28        - mov [rsp+28],r8
Wow.exe+F1FE36 - 49 8D 14 C0           - lea rdx,[r8+rax*8]
Wow.exe+F1FE3A - 48 89 54 24 30        - mov [rsp+30],rdx
Wow.exe+F1FE3F - 48 85 C9              - test rcx,rcx
Wow.exe+F1FE42 - 75 29                 - jne Wow.exe+F1FE6D
Wow.exe+F1FE44 - 49 8D 40 08           - lea rax,[r8+08]
Wow.exe+F1FE48 - 48 89 44 24 28        - mov [rsp+28],rax
Wow.exe+F1FE4D - 48 3B C2              - cmp rax,rdx
Wow.exe+F1FE50 - 73 1B                 - jae Wow.exe+F1FE6D
Wow.exe+F1FE52 - 48 8B 08              - mov rcx,[rax]
Wow.exe+F1FE55 - 48 89 4C 24 20        - mov [rsp+20],rcx
Wow.exe+F1FE5A - 48 85 C9              - test rcx,rcx
Wow.exe+F1FE5D - 75 09                 - jne Wow.exe+F1FE68
Wow.exe+F1FE5F - 48 83 C0 08           - add rax,08 { 8 }
Wow.exe+F1FE63 - 48 3B C2              - cmp rax,rdx
Wow.exe+F1FE66 - 72 EA                 - jb Wow.exe+F1FE52
Wow.exe+F1FE68 - 48 89 44 24 28        - mov [rsp+28],rax
Wow.exe+F1FE6D - F2 0F10 4C 24 30      - movsd xmm1,[rsp+30]
Wow.exe+F1FE73 - F2 0F11 4C 24 48      - movsd [rsp+48],xmm1
Wow.exe+F1FE79 - 0F10 44 24 20         - movups xmm0,[rsp+20]
Wow.exe+F1FE7E - 0F11 44 24 38         - movups [rsp+38],xmm0
Wow.exe+F1FE83 - 48 85 C9              - test rcx,rcx
Wow.exe+F1FE86 - 0F84 81000000         - je Wow.exe+F1FF0D
Wow.exe+F1FE8C - 4C 8B 4C 24 48        - mov r9,[rsp+48]
Wow.exe+F1FE91 - 4C 8D 15 38D01901     - lea r10,[Wow.exe+20BCED0] { (1) }
Wow.exe+F1FE98 - 48 8B 54 24 40        - mov rdx,[rsp+40]
Wow.exe+F1FE9D - 4C 8B 44 24 38        - mov r8,[rsp+38]
Wow.exe+F1FEA2 - 0F1F 40 00            - nop [rax+00] 
Wow.exe+F1FEA6 - 66 66 0F1F 84 00 00000000  - nop [rax+rax+00000000] 
Wow.exe+F1FEB0 - 49 8B 58 18           - mov rbx,[r8+18]
Wow.exe+F1FEB4 - 0FB6 43 10            - movzx eax,byte ptr [rbx+10]
Wow.exe+F1FEB8 - 41 8B 0C 82           - mov ecx,[r10+rax*4]
Wow.exe+F1FEBC - C1 E9 0A              - shr ecx,0A { 10 }
Wow.exe+F1FEBF - F6 C1 01              - test cl,01 { 1 }
Wow.exe+F1FEC2 - 74 22                 - je Wow.exe+F1FEE6
Wow.exe+F1FEC4 - 48 8B 83 20010000     - mov rax,[rbx+00000120]
Wow.exe+F1FECB - 48 39 07              - cmp [rdi],rax
Wow.exe+F1FECE - 75 16                 - jne Wow.exe+F1FEE6
Wow.exe+F1FED0 - 48 8B 83 28010000     - mov rax,[rbx+00000128]
Wow.exe+F1FED7 - 48 39 47 08           - cmp [rdi+08],rax
Wow.exe+F1FEDB - 75 09                 - jne Wow.exe+F1FEE6
Wow.exe+F1FEDD - F6 83 5C010000 01     - test byte ptr [rbx+0000015C],01 { 1 }
Wow.exe+F1FEE4 - 74 39                 - je Wow.exe+F1FF1F
Wow.exe+F1FEE6 - 4D 8B 00              - mov r8,[r8]
Wow.exe+F1FEE9 - 4D 85 C0              - test r8,r8
Wow.exe+F1FEEC - 75 C2                 - jne Wow.exe+F1FEB0
Wow.exe+F1FEEE - 48 83 C2 08           - add rdx,08 { 8 }
Wow.exe+F1FEF2 - 49 3B D1              - cmp rdx,r9
Wow.exe+F1FEF5 - 73 16                 - jae Wow.exe+F1FF0D
Wow.exe+F1FEF7 - 4C 8B 02              - mov r8,[rdx]
Wow.exe+F1FEFA - 4D 85 C0              - test r8,r8
Wow.exe+F1FEFD - 75 B1                 - jne Wow.exe+F1FEB0
Wow.exe+F1FEFF - 48 83 C2 08           - add rdx,08 { 8 }
Wow.exe+F1FF03 - 49 3B D1              - cmp rdx,r9
Wow.exe+F1FF06 - 72 EF                 - jb Wow.exe+F1FEF7
Wow.exe+F1FF08 - 4D 85 C0              - test r8,r8
Wow.exe+F1FF0B - 75 A3                 - jne Wow.exe+F1FEB0
Wow.exe+F1FF0D - 33 C0                 - xor eax,eax
Wow.exe+F1FF0F - 48 8B 5C 24 60        - mov rbx,[rsp+60]
Wow.exe+F1FF14 - 48 8B 74 24 68        - mov rsi,[rsp+68]
Wow.exe+F1FF19 - 48 83 C4 50           - add rsp,50 { 80 }
Wow.exe+F1FF1D - 5F                    - pop rdi
Wow.exe+F1FF1E - C3                    - ret 
Wow.exe+F1FF1F - 48 85 F6              - test rsi,rsi
Wow.exe+F1FF22 - 74 0C                 - je Wow.exe+F1FF30
Wow.exe+F1FF24 - 48 8D 53 40           - lea rdx,[rbx+40]
Wow.exe+F1FF28 - 48 8B CE              - mov rcx,rsi
Wow.exe+F1FF2B - E8 F07CD2FF           - call Wow.exe+C47C20
Wow.exe+F1FF30 - 48 8B 74 24 68        - mov rsi,[rsp+68]
Wow.exe+F1FF35 - 48 8B C3              - mov rax,rbx
Wow.exe+F1FF38 - 48 8B 5C 24 60        - mov rbx,[rsp+60]
Wow.exe+F1FF3D - 48 83 C4 50           - add rsp,50 { 80 }
Wow.exe+F1FF41 - 5F                    - pop rdi
Wow.exe+F1FF42 - C3                    - ret 
Wow.exe+F1FF43 - A9 E3E0BBD2           - test eax,D2BBE0E3 { -759439133 }

Unit Descriptors ?

Unit Descriptors haven't been a real thing, most stuff is just placed into the object itself now... I haven't had a chance to really get a good look at much during the week, but I'll take a look this weekend to see if anything beyond looping the OM has changed.

[ChrisIsMe]

nameCache = 0x2453C38
but it's not working

That's wrong, it's

Wow.exe+0x2441C20 ] 0x40 ] 0x18 ] 0x20 (string)

or

Wow.exe+0x2441C20 ] 0x30 ] 0x1 name
Wow.exe+0x2441C20 ] 0x30 ] 0x40 guid?

[65774332]

That's wrong, it's

Wow.exe+0x2441C20 ] 0x40 ] 0x18 ] 0x20 (string)

or

Wow.exe+0x2441C20 ] 0x30 ] 0x1 name
Wow.exe+0x2441C20 ] 0x30 ] 0x40 guid?

i dont understand how to use it. it's my code

Gamer_NameCacheBase = 0x2441C20
Gamer_NameCacheName = 0x31;
Gmaer_NameCacheGuid = 0x20;
ptr := readint64(GamehProcess, module + Gamer_NameCacheBase);
for i := 0 to 100000 do
begin
curguid:= readGuid(GamehProcess, ptr+Gmaer_NameCacheGuid );
if (curguid = guid) then
begin
str := ReadUtf8Text(GamehProcess, ptr + Gamer_NameCacheName);
if (str <> '') then
begin

result := str;
Break;
end;
end;
ptr := readint64(GamehProcess, ptr);
end;