[Retail] 8.3.0 (33775) Info Dump

[H3XC0R3]

Hi guys, new here will post more stuff as i discover more stuff, i am trying to figure how the object structures works, if anyone can share the object structure ( i dont need offset just to know like Obj -> Unit -> Player and things like that )

Here is what i use:

EDIT: Fixed GetUnitNameExposed

Code:

	//WoW Lua
	inline uintptr_t InvalidFunctionPtr = 0x296B200;//GetTextEnd
	inline uintptr_t FrameScript_RegisterFunction = 0x51AA40;
	inline uintptr_t FrameScript_Execute = 0x519A70;
	inline uintptr_t FrameScript_GetText = 0x51D8F0;
	//Lua
	inline uintptr_t lua_gettop = 0x1DB700;
	inline uintptr_t lua_isnumber = 0x1DB9B0;
	inline uintptr_t lua_tonumber = 0x1DCCB0;
	inline uintptr_t lua_pushnumber = 0x1DBFA0;
	inline uintptr_t lua_pushinteger = 0x1DBEB0;
	inline uintptr_t lua_pushstring = 0x1DBFC0;
	inline uintptr_t lua_isstring = 0x1DB9E0;
	inline uintptr_t lua_tolstring = 0x1DCC10;
	inline uintptr_t lua_pushboolean = 0x1DBD10;
	inline uintptr_t lua_createtable = 0x1DB000;
	inline uintptr_t lua_rawseti = 0x1DC3E0;
	inline uintptr_t lua_pcall = 0x1DBC80;
	inline uintptr_t lua_settop = 0x1DC950;
	inline uintptr_t luaL_error = 0x19B9F00;
	inline uintptr_t lua_state = 0x29428A8;
	inline uintptr_t lua_getfield = 0x1DB5E0;

	//Game:
	inline uintptr_t GameVersion = 0x21A31BC;
	inline uintptr_t GetBaseFromToken = 0x16842E0;
	inline uintptr_t InGame = 0x2A73ADC;

	inline uintptr_t TerrainClick = 0xD99F80;
	inline uintptr_t CameraBase = 0x2A74A88;
	inline uintptr_t CorpseBase = 0x27CBDA8;
	inline uintptr_t ObjectMgr = 0x29DBED0;
	inline uintptr_t CGGameObject_C__GetName = 0xE14AC0;
	inline uintptr_t CGUnit_C__GetUnitNameExposed = 0xD7B960;
	inline uintptr_t CGUnit_C__CanAttack = 0xD62350;
	inline uintptr_t Script_GetGUIDFromToken = 0x1682F60;
	inline uintptr_t CGGameUI__OnSpriteRightClick = 0x11900B0; //bool(__fastcall*)(ObjectGuid*) <--- This is what LUA uses to interact with Unit/Object
	inline uintptr_t CGGameUI__ClosestObjectMatch = 0x117D920;
	inline uintptr_t CGGameUI__m_currentObjectTrack = 0x2A73AE0;//(Mouse over object)


		//GameObject:
		inline uintptr_t Type = 0x0010;
		inline uintptr_t Guid = 0x0040;
		inline uintptr_t ObjectPosition = 0x00C8;
		inline uintptr_t UnitPosition = 0x0110;
		inline uintptr_t fAngle = 0x0120;

		inline uintptr_t CastSpellID = 0x04F0;//Found inside UnitChannelInfo
		inline uintptr_t CastSpellStartTimeMS = 0x04F8;
		inline uintptr_t CastSpellEndTimeMS = 0x04FC;

		inline uintptr_t UnitRace = 0x157C;
		inline uintptr_t UnitClass = 0x157D;
		inline uintptr_t CurrentHP = 0x1588;
		inline uintptr_t MaxHP = 0x1590;
		inline uintptr_t CurrentMana = 0x1788;
		inline uintptr_t MaxMana = 0x17A0;
		inline uintptr_t Strength = 0x1808;
		inline uintptr_t Agility = 0x180C;
		inline uintptr_t Stamina = 0x1810;
		inline uintptr_t Intellect = 0x1814;
		inline uintptr_t Spirit = 0x1818;
		inline uintptr_t BaseArmor = 0x1838;
		inline uintptr_t NegBuffArmor = 0x1854;
		inline uintptr_t Money = 0x3DD8;
		inline uintptr_t CurrentXP = 0x3DE0;
		inline uintptr_t MaxXP = 0x3DE4;

[CodeBytes]

i am trying to figure how the object structures works, if anyone can share the object structure ( i dont need offset just to know like Obj -> Unit -> Player and things like that )

I guess you're talking about the descriptors right? If so, this has changed on retail. The descriptors are a part of s_curMgr, and can be read along with the current object. You can use Cheat Engine's dissector feature to generate a struct for you. It wont be accurate, but it will get you started.

[H3XC0R3]

I guess you're talking about the descriptors right? If so, this has changed on retail. The descriptors are a part of s_curMgr, and can be read along with the current object. You can use Cheat Engine's dissector feature to generate a struct for you. It wont be accurate, but it will get you started.

What is s_curMgr ? got any offset to get me started, i was doing that manually using ida found that so far:

Code:

inline uintptr_t Type = 0x0010;
		inline uintptr_t Position = 0x0110;
		inline uintptr_t fAngle = 0x0120;
		inline uintptr_t UnitRace = 0x157C;
		inline uintptr_t UnitClass = 0x157D;
		inline uintptr_t CurrentHP = 0x1588;
		inline uintptr_t MaxHP = 0x1590;
		inline uintptr_t CurrentMana = 0x1788;
		inline uintptr_t MaxMana = 0x17A0;
		inline uintptr_t Strength = 0x1808;
		inline uintptr_t Agility = 0x180C;
		inline uintptr_t Stamina = 0x1810;
		inline uintptr_t Intellect = 0x1814;
		inline uintptr_t Spirit = 0x1818;
		inline uintptr_t BaseArmor = 0x1838;
		inline uintptr_t NegBuffArmor = 0x1854;
		inline uintptr_t Money = 0x3DD8;
		inline uintptr_t CurrentXP = 0x3DE0;
		inline uintptr_t MaxXP = 0x3DE4;

Thanks for the info however i meant like which class inherit from which ( CGObject -> CPassenger -> CGUnit -> CGPlayer, etc... )

[counted]

Check out my post on the object manager. It will give you the base address for all objects.

https://www.ownedcore.com/forums/wor...t-manager.html (8.2.5.32028 Object Manager)

[H3XC0R3]

@counted

I already have a part of that implemented however i dont understand this part:

UInt64 arrayIndex = ( UInt64 ) ( ArraySize - 1 ) & ( 0xA2AA033B * guid.Lo + 0xD6D018F5 * guid.Hi);

What is 0xA2AA033B and 0xD6D018F5 supposed to be ?

Mind adding me on discord ?

Hesa#5953

Edit: i did this to find by Guid:

for (uint64_t i = 0; i < m_CurObjectMgr->ActiveObjects.Capacity; i++)
{
CurMgr0x8Entry* entry = *reinterpret_cast<CurMgr0x8Entry**>(m_CurObjectMgr->ActiveObjects.Array + (8 * i));
if(entry != nullptr && entry->ObjectBase->GetGuid().HiWord == guid->HiWord && entry->WowGuid.LoWord == guid->LoWord)
{
return entry->ObjectBase;
}
}

[counted]

@counted

I already have a part of that implemented however i dont understand this part:

UInt64 arrayIndex = ( UInt64 ) ( ArraySize - 1 ) & ( 0xA2AA033B * guid.Lo + 0xD6D018F5 * guid.Hi);

What is 0xA2AA033B and 0xD6D018F5 supposed to be ?

Mind adding me on discord ?

Hesa#5953

Edit: i did this to find by Guid:

It is the hash table entry calculation

[CodeBytes]

What is s_curMgr ? got any offset to get me started

s_curMgr is the name Blizzard gives to what you call ObjectMgr (as seen in the Mac debug client, 15662).

If I'm understanding correctly, you're looking for the order of the descriptor fields. If so, I believe this is what you're looking for:

Code:

CGObject
CGItem
CGContainer
CGAzeriteEmpoweredItem
CGAzeriteItem
CGUnit
CGPlayer
CGActivePlayer
CGGameObject
CGDynamicObject
CGCorpse
CGAreaTrigger
CGSceneObject
CGConversation

Take a look at 0x2211130 in IDA.

[Icesythe7]

s_curMgr is the name Blizzard gives to what you call ObjectMgr (as seen in the Mac debug client, 15662).

If I'm understanding correctly, you're looking for the order of the descriptor fields. If so, I believe this is what you're looking for:

Code:

CGObject
CGItem
CGContainer
CGAzeriteEmpoweredItem
CGAzeriteItem
CGUnit
CGPlayer
CGActivePlayer
CGGameObject
CGDynamicObject
CGCorpse
CGAreaTrigger
CGSceneObject
CGConversation

Take a look at 0x2211130 in IDA.

I believe he's looking for more of what inherits from what in those

[CodeBytes]

I believe he's looking for more of what inherits from what in those

I haven't devoted much time to that; however, I believe this stackexchange answer might be of some assistance.

[CodeBytes]

Code:

		inline uintptr_t CurrentHP = 0x1588;
		inline uintptr_t MaxHP = 0x1590;

I don't believe these are correct. What address are you looking at in IDA to get these?

Here are some of the offsets I found:

Code:

    Position:       0xE8   (vector 3)
    Current Health: 0x1560 (int64)
    Max Health:     0x1568 (int64)

Et cetera...

My project is a private multi-boxing assistant. I'm still in control, but my slaves are not complete idiots either (for example, getting stuck on a rock and breaking follow). I only need minimal information from the client to get it working, otherwise, I'd have more to share in this info dump.

Other useful information:

Code:

    Current Obj GUID:    0x18   (int128 - better to create an ObjectGuid class as there is a lot of useful information in here)
    Current Target GUID: 0x1520 (ObjectGuid)
    Camera Offset:       0x3438 (Pointer)

    struct WorldFrame
    {
        // Padding to get to X, which is at offset 0x10 from the camera's base
        char _0x0000[0x10];

        float PosX;
        float PosY;
        float PosZ;

        float Matrix_0_0;
        float Matrix_0_1;
        float Matrix_0_2;
        float Matrix_1_0;
        float Matrix_1_1;
        float Matrix_1_2;
        float Matrix_2_0;
        float Matrix_2_1;
        float Matrix_2_2;

        float FOV;
        float AspectRatio;
    };

[ensirius]

Check out my post on the object manager. It will give you the base address for all objects.

https://www.ownedcore.com/forums/wor...t-manager.html (8.2.5.32028 Object Manager)

Which steps i need to do next to parse correctly object base?

[H3XC0R3]

I don't believe these are correct. What address are you looking at in IDA to get these?

Here are some of the offsets I found:

Code:

    Position:       0xE8   (vector 3)
    Current Health: 0x1560 (int64)
    Max Health:     0x1568 (int64)

Et cetera...

My project is a private multi-boxing assistant. I'm still in control, but my slaves are not complete idiots either (for example, getting stuck on a rock and breaking follow). I only need minimal information from the client to get it working, otherwise, I'd have more to share in this info dump.

Other useful information:

Code:

    Current Obj GUID:    0x18   (int128 - better to create an ObjectGuid class as there is a lot of useful information in here)
    Current Target GUID: 0x1520 (ObjectGuid)
    Camera Offset:       0x3438 (Pointer)

    struct WorldFrame
    {
        // Padding to get to X, which is at offset 0x10 from the camera's base
        char _0x0000[0x10];

        float PosX;
        float PosY;
        float PosZ;

        float Matrix_0_0;
        float Matrix_0_1;
        float Matrix_0_2;
        float Matrix_1_0;
        float Matrix_1_1;
        float Matrix_1_2;
        float Matrix_2_0;
        float Matrix_2_1;
        float Matrix_2_2;

        float FOV;
        float AspectRatio;
    };

UnitPosition is 0x110
and the other one seems to be ObjectPosition ( Like herb and mine orb, or quest giving objects ) but if i remember correctly it was at 0xC8 ( not having access to my code currently )

Also for health i reversed the lua function UnitHealth, UnitMaxHealth etc...

I will update my post soon because i found alot more usefull stuff

[Lvv]

I'm interested in Retail, but I can't get BaseAddress at present. can you tell me how to start? thx a lot

[Icesythe7]

I'm interested in Retail, but I can't get BaseAddress at present. can you tell me how to start? thx a lot

not enough info to give an answer...
coding language u plan to use?
internal/external?

if you can even get base address you should do some youtube tutorials or something for beginners.

[Lvv]

Thank you for your reply. I have some knowledge of lua, C + +, C#, Java. I have written some wow addons and some BOT programs, which can run normally at present, but I have no idea about wow memory editing. I can't get baseaddress correctly according to other tutorials.