-
Established Member
[Classic] [1.13.7.38631]
Code:
/* 48 8B 05 ? ? ? ? 48 8B 88 ? ? 00 00 48 8B 43 ? */
inline uintptr_t CameraManager = 0x291A250;
inline uintptr_t CameraBase = 0x3330;
/* 48 83 EC ? 45 33 C9 C6 44 24 ? ? 4C 8D 44 24 ? E8 ? ? ? ? 84 C0 74 ? 41 B9 ? ? ? ? 4C 8D 05 ? ? ? ? BA ? ? ? ? 48 8D 4C 24 ? E8 ? ? ? ? 48 83 C4 ? C3 33 C0 48 83 C4 ? C3 D3 ED */
inline uintptr_t GetBaseFromToken = 0x14A7EF0;
/* 48 83 EC ? 0F B6 15 ? ? ? ? C1 EA ? 83 E2 ? E8 ? ? ? ? B8 ? ? ? ? 48 83 C4 ? C3 48 83 EC ? */
inline uintptr_t InGame = 0x29196E4;
/* 40 53 48 83 EC ? 83 3D ? ? ? ? ? 48 8B D9 74 ? BA ? ? ? ? */
inline uintptr_t SpriteLeftClick = 0x0FD68B0;
inline uintptr_t SpriteRightClick = 0x0FD6CA0;
/* 48 83 ec ? 48 8b 81 ? ? ? ? 48 83 b8 ? ? ? ? ? 7e ? 4c 8b 41 */
inline uintptr_t MoveTo = 0x0B08C40;
/* 48 83 EC ? 48 8B 81 ? ? ? ? 48 83 B8 ? ? ? ? ? 7E ? 48 8B 51 ? */
inline uintptr_t FaceTo = 0x0B089D0;
/* Below takes us to some iterate frame function, which has the frame base and first/next offset */
/* 40 57 48 83 EC ? 48 8B 3D ? ? ? ? 33 C9 48 8B 87 ? ? ? ? */
inline uintptr_t FramesBase = 0x26375D8;
inline uintptr_t FrameFirst = 0xCD0;
inline uintptr_t FrameNext = 0xCC0;
/* vmt offsets (frame->vmt + 0xXXXX) */
inline uintptr_t Frame_Click = 0x1F0;
inline uintptr_t Frame_GetType = 0x48;
/* 41 0F 10 00 48 8B 0D ? ? ? ? 0F 29 44 24 20 48 85 ? ? ? 48 */
inline uintptr_t ObjectManager = 0x26F74C8;
inline uintptr_t ObjectManagerFirstObject = 0x18;
inline uintptr_t ObjectManagerNextObject = 0x70;
/* 48 89 5C 24 ? 48 89 6C 24 ? 48 89 74 24 ? 48 89 7C 24 ? 41 56 48 83 EC ? 4C 8B 74 24 ? 49 8B D9 49 C7 00 ? ? ? ? */
inline uintptr_t GetBagAndSlot = 0x11BA0E0;
/* E8 ? ? ? ? 48 85 C0 74 B1 */
inline uintptr_t GetItemPointer = 0xCEAFC0;
/* 48 89 5C 24 ? 57 48 83 EC ? 8B FA 8B D9 E8 ? ? ? ? 85 C0 */
inline uintptr_t IsSpellKnown = 0x1048720;
/* 44 8B C1 85 C9 0F 84 86 00 00 00 ? D2 74 51 44 8B 0D ? ? ? ? 33 D2 45 85 C9 74 74 4C 8B 15 */
inline uintptr_t FindSlotBySpellId = 0x1040840;
/* 48 89 5C 24 10 48 89 6C 24 18 48 89 74 24 20 41 56 48 83 EC 50 41 0F B6 F1 48 63 D9 49 8B E8 44 */
inline uintptr_t CastSpell = 0x103E530;
/* 48 83 EC 58 44 8B D1 C6 44 24 48 00 F7 DA 48 8D 05 ? ? ? ? 41 8B D2 48 1B C9 81 E1 B8 00 00 */
/* 48 83 EC ? 44 8B D1 C6 44 24 ? ? */
inline uintptr_t SpellCooldown = 0x9C2650;
/* 48 89 5C 24 ? 48 89 6C 24 ? 48 89 74 24 ? 57 41 56 41 57 48 81 EC ? ? ? ? 8B D9 */
inline uintptr_t IsCurrentSpell = 0x9CAFF0;
/* E8 ? ? ? ? 48 85 C0 74 B1 */
inline uintptr_t SpellMinMaxRange = 0x9BFC00;
-
Post Thanks / Like - 1 Thanks
maikel233 (1 members gave Thanks to _chase for this useful post)
-
Established Member
hi @_chase, how to use:
Code:
inline uintptr_t GetItemPointer = 0xCEAFC0;
can i get item's name by using:
Code:
const char* CGObjects::GetName(CGObject* object) {
return (*reinterpret_cast<const char* (__fastcall**)(CGObject*)>((uintptr_t)object->vmt + (0x08 * 15)))(object);
}
Last edited by oiramario; 05-11-2021 at 04:30 PM.
-
Established Member
Originally Posted by
oiramario
hi @
_chase, how to use:
inline uintptr_t GetItemPointer = 0xCEAFC0;
I reversed lua function "GetContainerItemId(index, slot)"
Code:
signed __int64 __fastcall Script_GetContainerItemId(__int64 a1)
{
__int64 v1; // rdi
int v2; // ebx
int v3; // eax
__int64 *item; // rax
unsigned int slotIndex; // [rsp+48h] [rbp+10h]
char v7; // [rsp+50h] [rbp+18h]
__int64 bagObj; // [rsp+58h] [rbp+20h]
v1 = a1;
if ( (unsigned int)lua_isnumber(a1, 1i64) && (unsigned int)lua_isnumber(v1, 2i64) )
{
v2 = lua_todouble(v1);
v3 = lua_todouble(v1);
if ( GetBagAndSlotFromLua(v3 - 1, v2 - 1, &bagObj, (int *)&slotIndex, &v7) )
{
item = GetItemPtr(bagObj, slotIndex);
if ( item )
{
lua_pushnumber(v1, (double)*(signed int *)(item[2] + 0x10));
return 1i64;
}
}
}
else
{
luaL_error(v1, "Usage: GetContainerItemID(index, slot)");
}
return 0i64;
}
I've added GetBagAndSlot and GetItemPointer in order to as efficiently as possible handle inventory items without needing ClntMgrGetObjPtr, which is return address checked.
I still haven't figured out how to evade the return address checks.
Note in this code, ItemList is poorly named. It is simply a list of guid pointers, but with my implementation I know these are going to be item guids
Misc:
Code:
typedef TSList<WowGuid*> ItemList;
#pragma pack(push, 1)
template <typename T>
struct TSList {
int32_t capacity; // 0x00 - 0x04
char padding_0x08[0x04]; // 0x04 - 0x08
T* items;
};
#pragma pack(pop)
Usage:
Code:
auto GetBagAndSlot = reinterpret_cast<boolean(__fastcall*)(int32_t bagSlot, int32_t itemSlot, ItemList** itemList, uint32_t* slot, int32_t* output)>(Module::BaseAddress() + Offsets::GetBagAndSlot);
auto GetItemPointer = reinterpret_cast<CGItem * (__fastcall*)(ItemList* itemList, uint32_t slot)>(Module::BaseAddress() + Offsets::GetItemPointer);
ItemList* Inventory::GetContainerItems(int32_t containerIndex) {
ItemList* itemList = nullptr;
uint32_t slot = -1;
int32_t output = -1;
boolean flag = GetBagAndSlot(containerIndex, 0, &itemList, &slot, &output);
if (flag)
return itemList;
else
return nullptr;
}
CGItem* ItemLists::AtIndex(ItemList* itemList, uint32_t index) {
return GetItemPointer(itemList, index);
}
-
Established Member
Originally Posted by
oiramario
hi @
_chase, how to use:
Code:
inline uintptr_t GetItemPointer = 0xCEAFC0;
can i get item's name by using:
Code:
const char* CGObjects::GetName(CGObject* object) {
return (*reinterpret_cast<const char* (__fastcall**)(CGObject*)>((uintptr_t)object->vmt + (0x08 * 15)))(object);
}
Re: your second question; Yes the vtable function at index 15 will work for all objects
-
Post Thanks / Like - 1 Thanks
oiramario (1 members gave Thanks to _chase for this useful post)
-
Member
Originally Posted by
_chase
Code:
/* 48 8B 05 ? ? ? ? 48 8B 88 ? ? 00 00 48 8B 43 ? */
inline uintptr_t CameraManager = 0x291A250;
inline uintptr_t CameraBase = 0x3330;
/* 48 83 EC ? 45 33 C9 C6 44 24 ? ? 4C 8D 44 24 ? E8 ? ? ? ? 84 C0 74 ? 41 B9 ? ? ? ? 4C 8D 05 ? ? ? ? BA ? ? ? ? 48 8D 4C 24 ? E8 ? ? ? ? 48 83 C4 ? C3 33 C0 48 83 C4 ? C3 D3 ED */
inline uintptr_t GetBaseFromToken = 0x14A7EF0;
/* 48 83 EC ? 0F B6 15 ? ? ? ? C1 EA ? 83 E2 ? E8 ? ? ? ? B8 ? ? ? ? 48 83 C4 ? C3 48 83 EC ? */
inline uintptr_t InGame = 0x29196E4;
/* 40 53 48 83 EC ? 83 3D ? ? ? ? ? 48 8B D9 74 ? BA ? ? ? ? */
inline uintptr_t SpriteLeftClick = 0x0FD68B0;
inline uintptr_t SpriteRightClick = 0x0FD6CA0;
/* 48 83 ec ? 48 8b 81 ? ? ? ? 48 83 b8 ? ? ? ? ? 7e ? 4c 8b 41 */
inline uintptr_t MoveTo = 0x0B08C40;
/* 48 83 EC ? 48 8B 81 ? ? ? ? 48 83 B8 ? ? ? ? ? 7E ? 48 8B 51 ? */
inline uintptr_t FaceTo = 0x0B089D0;
/* Below takes us to some iterate frame function, which has the frame base and first/next offset */
/* 40 57 48 83 EC ? 48 8B 3D ? ? ? ? 33 C9 48 8B 87 ? ? ? ? */
inline uintptr_t FramesBase = 0x26375D8;
inline uintptr_t FrameFirst = 0xCD0;
inline uintptr_t FrameNext = 0xCC0;
/* vmt offsets (frame->vmt + 0xXXXX) */
inline uintptr_t Frame_Click = 0x1F0;
inline uintptr_t Frame_GetType = 0x48;
/* 41 0F 10 00 48 8B 0D ? ? ? ? 0F 29 44 24 20 48 85 ? ? ? 48 */
inline uintptr_t ObjectManager = 0x26F74C8;
inline uintptr_t ObjectManagerFirstObject = 0x18;
inline uintptr_t ObjectManagerNextObject = 0x70;
/* 48 89 5C 24 ? 48 89 6C 24 ? 48 89 74 24 ? 48 89 7C 24 ? 41 56 48 83 EC ? 4C 8B 74 24 ? 49 8B D9 49 C7 00 ? ? ? ? */
inline uintptr_t GetBagAndSlot = 0x11BA0E0;
/* E8 ? ? ? ? 48 85 C0 74 B1 */
inline uintptr_t GetItemPointer = 0xCEAFC0;
/* 48 89 5C 24 ? 57 48 83 EC ? 8B FA 8B D9 E8 ? ? ? ? 85 C0 */
inline uintptr_t IsSpellKnown = 0x1048720;
/* 44 8B C1 85 C9 0F 84 86 00 00 00 ? D2 74 51 44 8B 0D ? ? ? ? 33 D2 45 85 C9 74 74 4C 8B 15 */
inline uintptr_t FindSlotBySpellId = 0x1040840;
/* 48 89 5C 24 10 48 89 6C 24 18 48 89 74 24 20 41 56 48 83 EC 50 41 0F B6 F1 48 63 D9 49 8B E8 44 */
inline uintptr_t CastSpell = 0x103E530;
/* 48 83 EC 58 44 8B D1 C6 44 24 48 00 F7 DA 48 8D 05 ? ? ? ? 41 8B D2 48 1B C9 81 E1 B8 00 00 */
/* 48 83 EC ? 44 8B D1 C6 44 24 ? ? */
inline uintptr_t SpellCooldown = 0x9C2650;
/* 48 89 5C 24 ? 48 89 6C 24 ? 48 89 74 24 ? 57 41 56 41 57 48 81 EC ? ? ? ? 8B D9 */
inline uintptr_t IsCurrentSpell = 0x9CAFF0;
/* E8 ? ? ? ? 48 85 C0 74 B1 */
inline uintptr_t SpellMinMaxRange = 0x9BFC00;
resolved void FaceTo(__int64 pLocalPlayer, float angle)
Last edited by garbled; 05-12-2021 at 04:19 AM.
Reason: update
-
Member
OverwatchDumpFix failed or 1.13.7.38631
-
Established Member
-
Contributor
Does anyone has world::getenable
Code:
// Pointers
static inline uintptr_t InGame = Base + 0x29196E4;
// object manager
static inline uintptr_t ClntObjMgrEnumVisibleObjectsPtr = Base + 0xDA29C0;
static inline uintptr_t ClntObjMgrGetMapId = Base + 0xDA3240;
static inline uintptr_t ClntObjMgrIsValid = 0xDA3900;
//CTM
static inline uintptr_t ClickToMove = 0xFD6E20;
// pointers
static inline uintptr_t InvalidPtrCheckMin = 0x265ED88;
static inline uintptr_t InvalidPtrCheckMax = 0x265ED90;
static inline uintptr_t CanPerformAction = 0x00;
static inline uintptr_t HardwareEventPtr = 0x26375E0;
// Unit struct
static inline uint16_t FirstObject = 0x18;
static inline uint8_t Type = 0x20;
static inline uint16_t Guid = 0x58;
static inline uint16_t NextObject = 0x70;
static inline uint16_t AnimationStatus = 0x14C;
inline static uint16_t GatherStatus = 0x6B0;
static inline uint16_t DisplayID = 0x003C;
static inline uint16_t Owner = 0x534;
//cast
static inline uintptr_t castSpell = 0x103E530;
static inline uintptr_t isSpellKnown = 0x1048720;
static inline uintptr_t iscurrentspell = 0x9CAFF0;
static inline uintptr_t findSlotBySpellId = 0x1040840;
static inline uintptr_t isSpellInRange = 0x102D4F0;
//Globals
static inline uintptr_t GetPlayerName = 0x29F8918;
static inline uintptr_t GetRealmName = 2865670; //*ref
//Camera WorldFrame::GetActiveCamera
static inline uintptr_t CameraMgr = 0x291A250;
static inline uintptr_t CameraPtr = 0x3330;
// CGWorldFrame
// CGWorldFrame::RenderWorld 0x101CA00
// CGWorldFrame::OnWorldUpdate 0x101BB60
// CGWorldFrame::GetActiveCamera 0x1017270
// CGWorldFrame::GetBaseDayNightTime 0x1017290
// World
// World::InitializeStartup 0x14DE5D0
// World::Intersect 0x14D6E70 //*ref to sub
// World::Preload 0x14D91B0
CGObject_C::~CGObject_C 0xB28178;
CGObject_C::Disable 0xABE850;
CGObject_C::PostInit 0xAC0C70;
CGObject_C::Reenable 0xAC1110;
-
Member
-
Established Member
Originally Posted by
_chase
Re: your second question; Yes the vtable function at index 15 will work for all objects
That's great!!! It's more useful and effective then db cache.
BTW, How do you to dump vmt?
-
Established Member
@_chase
I do GetInventoryItem by myself.
Code:
enum eInventorySlots {
Bag_0 = 19,
Bag_1 = 20,
Bag_2 = 21,
Bag_3 = 22,
NumBag = 4,
BackpackItem_00 = 23,
BackpackItem_01 = 24,
BackpackItem_02 = 25,
BackpackItem_03 = 26,
BackpackItem_04 = 27,
BackpackItem_05 = 28,
BackpackItem_06 = 29,
BackpackItem_07 = 30,
BackpackItem_08 = 31,
BackpackItem_09 = 32,
BackpackItem_10 = 33,
BackpackItem_11 = 34,
BackpackItem_12 = 35,
BackpackItem_13 = 36,
BackpackItem_14 = 37,
BackpackItem_15 = 38,
BackpackItem_16 = 39,
BackpackItem_17 = 40,
BackpackItem_18 = 41,
BackpackItem_19 = 42,
NumBackpackItem = 20
};
Bag 0 - 3 are containers.
Code:
get_inventory():
for x in bags:
if x is valid
for y in (items of x):
if y is valid:
inventory.push_back(y)
for z : backpack:
if z is valid:
inventory.push_back(z)
return inventory
get_item(item_id):
if item in get_inventory():
if item.id() == item_id:
return item.addr()
you can still get num_of_slots and num_of_free along with that.
suggest dont use lua directly, only reversed lua function to find c call.