-
Contributor
[tbc 2.5.1 38835]
I havent tested them all but my cheat works fine.
Code:
#pragma once
namespace Offsets
{
////////////////////////
// 2.5.1.38835 //
////////////////////////
// base address
static inline uintptr_t Base = reinterpret_cast<uintptr_t>(GetModuleHandle(NULL));
// framescript
static inline uintptr_t FrameScriptExecute = 0x80ABF0; // Unsure of this one
static inline uintptr_t FrameScriptGetText = 0x80ABF0; // Unsure of this one
static inline uintptr_t FrameScriptRegister = 0x8074B0; // Unsure of this one
static inline uintptr_t FrameScript_RegisterFunctionNamespaceWithCount = 0x807500; // Unsure of this one
//FrameScript::RegisterEvent at: 0x807D20; FrameScript::GetContext at: 0x805A40; // Unsure of this one
// Lua
inline static uintptr_t lua_createtable = Base; /*+ 0x19E5CC0;*/
inline static uintptr_t luaL_error = Base + 0x462450;
inline static uintptr_t lua_getfield = Base + 0x460000;
inline static uintptr_t lua_gettable = Base + 0x4600F0;
inline static uintptr_t lua_gettop = Base + 0x460120;
inline static uintptr_t lua_insert = Base + 0x4602A0;
inline static uintptr_t lua_isguid = Base + 0x80DAE0;
inline static uintptr_t lua_isnumber = Base + 0x460420;
inline static uintptr_t lua_isstring = Base + 0x460450;
inline static uintptr_t lua_isuserdata = Base + 0x460490;
inline static uintptr_t lua_newthread = Base; /*+ 0x19E69E0;*/
inline static uintptr_t lua_pcall = Base + 0x460790;
inline static uintptr_t lua_pushboolean = Base + 0x19E6C80;
inline static uintptr_t lua_pushcclosure = Base + 0x19E6CB0;
inline static uintptr_t lua_pushguid = Base + 0x80DC40;
inline static uintptr_t lua_pushinteger = Base + 0x460A20;
inline static uintptr_t lua_pushlightuserdata = Base + 0x19E6F40;
inline static uintptr_t lua_pushnil = Base + 0x460AF0;
inline static uintptr_t lua_pushnumber = Base + 0x460B10;
inline static uintptr_t lua_pushstring = Base + 0x460B30;
inline static uintptr_t lua_rawget = Base + 0x460D60; // _lua_rawgeti 0x460E10
inline static uintptr_t lua_rawset = Base + 0x460ED0;
inline static uintptr_t lua_remove = Base + 0x4610B0;
inline static uintptr_t lua_setfield = Base + 0x4613D0;
inline static uintptr_t lua_settable = Base + 0x461520;
inline static uintptr_t lua_settop = Base + 0x461570;
inline static uintptr_t lua_toboolean = Base + 0x461770;
inline static uintptr_t lua_toguid = Base + 0x80DD00;
inline static uintptr_t lua_tointeger = Base + 0x4617D0;
inline static uintptr_t lua_tolstring = Base + 0x461850;
inline static uintptr_t lua_tonumber = Base + 0x4618F0;
inline static uintptr_t lua_type = Base + 0x461A00;
inline static uintptr_t luaL_loadfile = Base + 0x19E94F0;
inline static uintptr_t luaL_ref = Base; /*0x19E9CB0*/
// DUMP: _lua_getstack 0x0464C30;
// Pointers
static inline uintptr_t InGame = Base + 0x00;
static inline uintptr_t InWorld = Base + 0x00;
static inline uintptr_t CGGameUI_s_inWorld = Base + 0x2F584D4; // NotInitialized = 0, LoadingScreen1 = 3, LoadingScreen2 = 2, InGame = 4
// object manager
static inline uintptr_t ClntObjMgrEnumVisibleObjectsPtr = Base + 0x13046A0;
static inline uintptr_t ClntObjMgrGetMapId = Base + 0x1307750;
static inline uintptr_t ClntObjMgrIsValid = Base + 0x1307EC0;
//CTM
static inline uintptr_t ClickToMove = 0x00; //
static inline uintptr_t FaceTo = 0x1167360; // Bindiffed.
// pointers
static inline uintptr_t InvalidPtrCheckMin = Base + 0x2CDFE80;
static inline uintptr_t InvalidPtrCheckMax = Base + 0x2CDFE88;
static inline uintptr_t HardwareEventPtr = Base + 0x2CB7CD8;
static inline uintptr_t CanPerformAction = 0x00;
// Register
inline static uintptr_t Int3 = Base + 0x2BCC3C;
// Unit struct
static inline uint8_t Type = 0x20;
static inline uint16_t Guid = 0x58;
static inline uint16_t AnimationStatus = 0x14C;
inline static uint16_t GatherStatus = 0x6B0;
static inline uint16_t DisplayID = 0x003C;
static inline uint16_t Owner = 0x534;
//cast
static inline uintptr_t Spell_C_GetMinMaxRange = Base + 0xF5E440;/*0xF043C0;*/ // Unsure about this one...
static inline uintptr_t Spell_C_GetSpellCoolDown = Base + 0xF60F10;
static inline uintptr_t castSpell = Base + 0x1578B40;
static inline uintptr_t isSpellKnown = Base + 0x1582470;
static inline uintptr_t findSlotBySpellId = Base + 0x157AEC0;
static inline uintptr_t s_spellHistory = Base + 0x2CCFB80;
//Globals
static inline uintptr_t GetPlayerName = Base + 0x2C45AA8; //0x29F8918;
static inline uintptr_t CorpseMapID = Base + 0x2B4E070;
static inline uintptr_t Corpsex = Base + 0x00; // float x,y,z is gone Decompile -> 0x14FA330
static inline uintptr_t Corpsey = Corpsex + 0x4;
static inline uintptr_t Corpsez = Corpsex + 0x8;
//Camera WorldFrame::GetActiveCamera
static inline uintptr_t CameraMgr = Base + 0x303C590; // //wowclassic 0x291A250;
static inline uintptr_t CameraPtr = 0x38D8; // wowclassic 0x3330;
};
My Object class
Code:
class WObject
{
public:
char pad_0008[8]; //0x0008
class UnitField* sUnitField; //0x0010
char pad_0018[8]; //0x0018
TypeId Type; //0x0020
char pad_0021[55]; //0x0021
WGuid Guid; //0x0058
char pad_0060[5464]; //0x0060
Vector3 GetUnitPositionModify; //0x1600 TBC 15B8 48bytes dif
char pad_160C[44]; //0x1610g
Vector3 anchor_position; //0x1640 *UnitPos2 TBC 15F8 48bytes dif
float anchor_facing;
float anchor_pitch;
uint32_t MoveTime;
C3Vector direction;
Vector2 direction_2d;
float unk01;
float unk02;
float unk03;
uint32_t StopFall;
float fall_start_elev_1; //DC
//float fall_start_elev_2;
float CurrentSpeed;
float WalkSpeed;
float RunForwardSpeed;
float RunBackwardsSpeed;
float SwimmingSpeed;
float SwimBackwardsSpeed;
float FlyForwardSpeed;
float FlyBackwardsSpeed2;
float Player_rotationspeed;
//m_collisionBoxHalfDepth?
//m_collisionBoxHeight?
char pad_16A8[8];
float JumpHeight;
char pad_16B4[44]; //0x16B4
uint32_t Collision_StateHack;
char pad_16E4[316];
float Player_scale;
char pad_1824[2156];
virtual ~WObject() {}
-
Contributor
I found corpse Vector3 x,y,z implemented the same way as Retail. Search for CORPSE_RED...
-
Post Thanks / Like - 1 Thanks
maikel233 (1 members gave Thanks to ChrisIsMe for this useful post)
-
Contributor
been search corpse red easy way few others 2
-
Contributor
Here, since you did try to help out the community, I won't just leave it at two shady comments.
You should be able to find it by looking for the same pattern, I can't really help you too much since I don't have the latest TBC binary available to me.
https://i.imgur.com/8zBpRkY.png
Last edited by ChrisIsMe; 06-02-2021 at 08:23 AM.
-
Post Thanks / Like - 1 Thanks
maikel233 (1 members gave Thanks to ChrisIsMe for this useful post)
-
Member
how to check 0x58 is the offset of WObject.Guid ?
-
Contributor
Originally Posted by
xkyii
how to check 0x58 is the offset of WObject.Guid ?
CGActivePlayer::m_GUID is found around the base objectmanager pointer, then you find the active player object and you can compare.
-
Post Thanks / Like - 1 Thanks
xkyii (1 members gave Thanks to ChrisIsMe for this useful post)
-
Member
Originally Posted by
ChrisIsMe
CGActivePlayer::m_GUID is found around the base objectmanager pointer, then you find the active player object and you can compare.
I'm finding the direct usage (like Script_UnitGUID) for a long time, thanks for saving my time.
-
Contributor
It doesn't seem like there's CGUnit__DYNAMIC_FLAGS anymore.
The most reliable way for determining a unit is lootable that I can find is
UnitBasePtr + 0x10 ] + 0x14 // > 0 === loot (4 to be exact)
Changing a unit from 0 to 4 (when dead) will also change the cursor type to a loot bag, so will not falsely label other people's kills as having loot and will honor non-party loot, but party kills as having loot for you, or only for the other person.
There's also (what seems to be) a pointer to the corpse at
UnitBasePtr + 0x8 ] + 0xB0 (or something like that) which does contain a flag 1 (loot) / 0 (no loot) which I believe is the Corpse "object" reference which seems to still have dynamic flags.
This value though doesn't really seem needed.
The corpse PTR you can find around there, honors the same thresholds that I described above, which is the most important thing (to me) for determining kills which have loot.
For reference here's the code from UnitIsDead() which from what I can tell is what should be the dynamic flags.
Code:
v8 = *(_QWORD *)(unitptr + 0x188); // fields || activeparty
if ( *(_QWORD *)(v8 + 0xC0) > 0LL ) // health
{
retbool = 0;
if ( *(_BYTE *)(v8 + 0x161) & 0x20 ) // dynamic_flags?
But as you see 0x161 byte, it never does change from 0.
Last edited by ChrisIsMe; 06-19-2021 at 07:25 PM.
-
Active Member
Originally Posted by
ChrisIsMe
It doesn't seem like there's CGUnit__DYNAMIC_FLAGS anymore.
The most reliable way for determining a unit is lootable that I can find is
UnitBasePtr + 0x10 ] + 0x14 // > 0 === loot (4 to be exact)
Changing a unit from 0 to 4 (when dead) will also change the cursor type to a loot bag, so will not falsely label other people's kills as having loot and will honor non-party loot, but party kills as having loot for you, or only for the other person.
There's also (what seems to be) a pointer to the corpse at
UnitBasePtr + 0x8 ] + 0xB0 (or something like that) which does contain a flag 1 (loot) / 0 (no loot) which I believe is the Corpse "object" reference which seems to still have dynamic flags.
This value though doesn't really seem needed.
The corpse PTR you can find around there, honors the same thresholds that I described above, which is the most important thing (to me) for determining kills which have loot.
For reference here's the code from UnitIsDead() which from what I can tell is what should be the dynamic flags.
Code:
v8 = *(_QWORD *)(unitptr + 0x188); // fields || activeparty
if ( *(_QWORD *)(v8 + 0xC0) > 0LL ) // health
{
retbool = 0;
if ( *(_BYTE *)(v8 + 0x161) & 0x20 ) // dynamic_flags?
But as you see 0x161 byte, it never does change from 0.
From dumping object descriptors, I found that what you found, UnitBasePtr + 0x10] + 0x14 = CGObjectData::dynamicFlags
-
Post Thanks / Like - 1 Thanks
ChrisIsMe (1 members gave Thanks to scimmy for this useful post)
-
Contributor
Originally Posted by
scimmy
From dumping object descriptors, I found that what you found, UnitBasePtr + 0x10] + 0x14 = CGObjectData::dynamicFlags
Well in that case I believe the flag values have changed, I wasn't familiar with any of this. But it seems like they'd be
Code:
enum UnitDynFlags
{
UNIT_DYNFLAG_NONE = 0x0000,
UNIT_DYNFLAG_HIDE_MODEL = 0x0002, // Object model is not shown with this flag
UNIT_DYNFLAG_LOOTABLE = 0x0004,
UNIT_DYNFLAG_TRACK_UNIT = 0x0008,
UNIT_DYNFLAG_TAPPED = 0x0010, // Lua_UnitIsTapped
UNIT_DYNFLAG_SPECIALINFO = 0x0020,
UNIT_DYNFLAG_DEAD = 0x0040,
UNIT_DYNFLAG_REFER_A_FRIEND = 0x0080
};
From TrinityCore, I've noticed tapped units do have 0x10 as their flags. I never see any of the other ones though.
Thank you, by the way.
// Edit: Can confirm, adding 8 to an objects flags makes it tracked on the minimap.
Last edited by ChrisIsMe; 06-20-2021 at 08:44 AM.
-
Active Member
Originally Posted by
ChrisIsMe
Well in that case I believe the flag values have changed, I wasn't familiar with any of this. But it seems like they'd be
Code:
enum UnitDynFlags
{
UNIT_DYNFLAG_NONE = 0x0000,
UNIT_DYNFLAG_HIDE_MODEL = 0x0002, // Object model is not shown with this flag
UNIT_DYNFLAG_LOOTABLE = 0x0004,
UNIT_DYNFLAG_TRACK_UNIT = 0x0008,
UNIT_DYNFLAG_TAPPED = 0x0010, // Lua_UnitIsTapped
UNIT_DYNFLAG_SPECIALINFO = 0x0020,
UNIT_DYNFLAG_DEAD = 0x0040,
UNIT_DYNFLAG_REFER_A_FRIEND = 0x0080
};
From TrinityCore, I've noticed tapped units do have 0x10 as their flags. I never see any of the other ones though.
Thank you, by the way.
// Edit: Can confirm, adding 8 to an objects flags makes it tracked on the minimap.
Sorry in advance, and this is completely off topic, but I'm assuming you get lots of PMs so you don't read them. Check your inbox