-
Member
[Retail] 9.0.1 (36272) Dumping and ObjMgr offset
First time posting and first time doing anything WoW related even though I do have some experience with other games and am a long time player. For the benefit of others like me:
After WoW 7.3.0 around August 2017 Blizzard implemented some pretty heavy anti-debugging and obfuscation techniques so you will need to dump the binary once it is loaded in memory, you can do this either manually if you are omega hardcore or use one of those tools:
And that's it after you dump it just open it up in IDA or Ghidra and try not yeet yourself from the amount of garbage code that is part of the obuscation.
As addition I did this on the latest as of this moment build and following someones guide searched for "Object manager list status: (use gmvision to see server onlys)" which gets you to LUA's "ObjUsage", "ShowObjUsage" callback. Below I have posted ghidra's decompilation output with me renaming and retyping some things:
Code:
int LuaDoesObjectsStuff(void)
{
longlong **pplVar1;
uint uVar2;
uint uVar3;
uint uVar4;
longlong *plVar5;
ulonglong uVar6;
uint uVar7;
uint uVar8;
uint uVar9;
uint uVar10;
longlong **local_40;
uVar9 = 0;
uVar2 = 0;
uVar7 = 0;
uVar4 = 0;
pplVar1 = (longlong **)PTR_142ea49d0->field_0x120;
while (pplVar1 != (longlong **)&PTR_142ea49d0->field_0x120) {
pplVar1 = (longlong **)*pplVar1;
uVar4 = uVar4 + 1;
}
local_40 = (longlong **)PTR_142ea49d0->field_0x8;
uVar10 = uVar9;
uVar3 = uVar2;
uVar8 = uVar7;
if (local_40 != (longlong **)0x0) {
plVar5 = *local_40;
pplVar1 = local_40 + PTR_142ea49d0->field_0x0;
while ((plVar5 == (longlong *)0x0 && (local_40 = local_40 + 1, local_40 < pplVar1))) {
plVar5 = *local_40;
}
uVar10 = 0;
uVar3 = 0;
uVar8 = 0;
if (plVar5 != (longlong *)0x0) {
do {
do {
uVar9 = uVar9 + 1;
uVar10 = *(uint *)(&DAT_142639270 + (ulonglong)*(byte *)(plVar5[3] + 0x10) * 4);
if ((uVar10 & 6) == 0) {
if ((uVar10 >> 5 & 1) == 0) {
if ((uVar10 >> 8 & 1) != 0) {
uVar7 = uVar7 + 1;
}
}
else {
uVar2 = uVar2 + 1;
}
}
plVar5 = (longlong *)*plVar5;
} while (plVar5 != (longlong *)0x0);
do {
local_40 = local_40 + 1;
uVar10 = uVar9;
uVar3 = uVar2;
uVar8 = uVar7;
if (pplVar1 <= local_40) goto LAB_1412b6946;
plVar5 = *local_40;
} while (plVar5 == (longlong *)0x0);
} while( true );
}
}
LAB_1412b6946:
uVar2 = PTR_142ea49d0->field_0x30;
DAT_142ea49e4 = 0;
thunk_FUN_141147810(&LAB_1412c3f10);
FUN_1405112f0(7,"Object manager list status: (use gmvision to see server onlys)");
FUN_14050d850(7,(byte *)" Active objects: %u (%u visible)",(ulonglong)uVar10,(ulonglong)uVar4);
uVar6 = (ulonglong)uVar8;
FUN_14050d850(7,(byte *)" Units: %u, GameObjs: %u Items: %u, Other: %u Actors: %u",(ulonglong)uVar3,uVar6);
FUN_14050d850(7,(byte *)" Objects waiting to be freed: %u objects",(ulonglong)uVar2,uVar6);
return 1;
}
From here I can gather:
Code:
ObjMngr = PTR_142ea49d0, so relative offset is 2EA49D0
FirstObj = PTR_142ea49d0->field_0x120, so offset from ObjMngr 0x120
Feel free to add more findings and if you do so please let me know how you go about finding them
Edit: if someone knows how to edit the
Last edited by IlikePP; 10-18-2020 at 04:07 PM.
Reason: title
-
Post Thanks / Like - 1 Thanks
Tirthankara (1 members gave Thanks to IlikePP for this useful post)