[Retail] 9.1.0 (36272) Dumping and ObjMgr offset menu

User Tag List

Results 1 to 1 of 1
  1. #1
    IlikePP's Avatar Member Authenticator enabled
    Reputation
    2
    Join Date
    Oct 2020
    Posts
    5
    Thanks G/R
    4/1
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    [Retail] 9.0.1 (36272) Dumping and ObjMgr offset

    First time posting and first time doing anything WoW related even though I do have some experience with other games and am a long time player. For the benefit of others like me:

    After WoW 7.3.0 around August 2017 Blizzard implemented some pretty heavy anti-debugging and obfuscation techniques so you will need to dump the binary once it is loaded in memory, you can do this either manually if you are omega hardcore or use one of those tools:


    And that's it after you dump it just open it up in IDA or Ghidra and try not yeet yourself from the amount of garbage code that is part of the obuscation.

    As addition I did this on the latest as of this moment build and following someones guide searched for "Object manager list status: (use gmvision to see server onlys)" which gets you to LUA's "ObjUsage", "ShowObjUsage" callback. Below I have posted ghidra's decompilation output with me renaming and retyping some things:

    Code:
    int LuaDoesObjectsStuff(void)
    {
      longlong **pplVar1;
      uint uVar2;
      uint uVar3;
      uint uVar4;
      longlong *plVar5;
      ulonglong uVar6;
      uint uVar7;
      uint uVar8;
      uint uVar9;
      uint uVar10;
      longlong **local_40;
      
      uVar9 = 0;
      uVar2 = 0;
      uVar7 = 0;
      uVar4 = 0;
      pplVar1 = (longlong **)PTR_142ea49d0->field_0x120;
      while (pplVar1 != (longlong **)&PTR_142ea49d0->field_0x120) {
        pplVar1 = (longlong **)*pplVar1;
        uVar4 = uVar4 + 1;
      }
      local_40 = (longlong **)PTR_142ea49d0->field_0x8;
      uVar10 = uVar9;
      uVar3 = uVar2;
      uVar8 = uVar7;
      if (local_40 != (longlong **)0x0) {
        plVar5 = *local_40;
        pplVar1 = local_40 + PTR_142ea49d0->field_0x0;
        while ((plVar5 == (longlong *)0x0 && (local_40 = local_40 + 1, local_40 < pplVar1))) {
          plVar5 = *local_40;
        }
        uVar10 = 0;
        uVar3 = 0;
        uVar8 = 0;
        if (plVar5 != (longlong *)0x0) {
          do {
            do {
              uVar9 = uVar9 + 1;
              uVar10 = *(uint *)(&DAT_142639270 + (ulonglong)*(byte *)(plVar5[3] + 0x10) * 4);
              if ((uVar10 & 6) == 0) {
                if ((uVar10 >> 5 & 1) == 0) {
                  if ((uVar10 >> 8 & 1) != 0) {
                    uVar7 = uVar7 + 1;
                  }
                }
                else {
                  uVar2 = uVar2 + 1;
                }
              }
              plVar5 = (longlong *)*plVar5;
            } while (plVar5 != (longlong *)0x0);
            do {
              local_40 = local_40 + 1;
              uVar10 = uVar9;
              uVar3 = uVar2;
              uVar8 = uVar7;
              if (pplVar1 <= local_40) goto LAB_1412b6946;
              plVar5 = *local_40;
            } while (plVar5 == (longlong *)0x0);
          } while( true );
        }
      }
    LAB_1412b6946:
      uVar2 = PTR_142ea49d0->field_0x30;
      DAT_142ea49e4 = 0;
      thunk_FUN_141147810(&LAB_1412c3f10);
      FUN_1405112f0(7,"Object manager list status: (use gmvision to see server onlys)");
      FUN_14050d850(7,(byte *)"    Active objects:    %u (%u visible)",(ulonglong)uVar10,(ulonglong)uVar4);
      uVar6 = (ulonglong)uVar8;
      FUN_14050d850(7,(byte *)"    Units: %u,   GameObjs: %u    Items: %u,    Other: %u Actors: %u",(ulonglong)uVar3,uVar6);
      FUN_14050d850(7,(byte *)"    Objects waiting to be freed: %u objects",(ulonglong)uVar2,uVar6);
      return 1;
    }
    From here I can gather:

    Code:
    ObjMngr = PTR_142ea49d0, so relative offset is                  2EA49D0
    FirstObj = PTR_142ea49d0->field_0x120, so offset from ObjMngr   0x120
    Feel free to add more findings and if you do so please let me know how you go about finding them

    Edit: if someone knows how to edit the
    Last edited by IlikePP; 10-18-2020 at 04:07 PM. Reason: title

    [Retail] 9.1.0 (36272) Dumping and ObjMgr offset
  2. Thanks Tirthankara (1 members gave Thanks to IlikePP for this useful post)

Similar Threads

  1. [Selling] Retail Acc - Lvl 85 Warrior, Shaman and more
    By gregj in forum WoW-US Account Buy Sell Trade
    Replies: 0
    Last Post: 10-09-2011, 12:53 AM
  2. Question about staticClientConnect and ObjMgr
    By serejaz in forum WoW Bots Questions & Requests
    Replies: 2
    Last Post: 08-03-2010, 03:08 PM
  3. [Selling] [WTT]Retail Box Codes for Wrath, Vanilla, and BC
    By TSBowsta in forum World of Warcraft Buy Sell Trade
    Replies: 49
    Last Post: 07-10-2010, 09:32 AM
  4. Crash Dump and Log!
    By Iammud4 in forum WoW EMU Questions & Requests
    Replies: 2
    Last Post: 11-14-2009, 03:17 PM
  5. Descriptor Field Dump and Usage of eItemFields
    By swayenvoy in forum WoW Memory Editing
    Replies: 2
    Last Post: 03-01-2009, 04:47 AM
All times are GMT -5. The time now is 02:03 AM. Powered by vBulletin® Version 4.2.3
Copyright © 2024 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2024 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search