[tbc 2.5.1 38835]

[maikel233]

I havent tested them all but my cheat works fine.

Code:

#pragma once

namespace Offsets
{
	////////////////////////
	//     2.5.1.38835 //
	////////////////////////

	// base address
	static inline uintptr_t Base = reinterpret_cast<uintptr_t>(GetModuleHandle(NULL));

	// framescript
	static inline uintptr_t FrameScriptExecute = 0x80ABF0; // Unsure of this one  
	static inline uintptr_t FrameScriptGetText = 0x80ABF0;	// Unsure of this one  
	static inline uintptr_t FrameScriptRegister = 0x8074B0;	// Unsure of this one  
	static inline uintptr_t FrameScript_RegisterFunctionNamespaceWithCount = 0x807500;	// Unsure of this one  
	//FrameScript::RegisterEvent at: 0x807D20; FrameScript::GetContext at: 0x805A40; // Unsure of this one  

	// Lua 
	inline static uintptr_t lua_createtable = Base; /*+ 0x19E5CC0;*/
	inline static uintptr_t luaL_error = Base + 0x462450;
	inline static uintptr_t lua_getfield = Base + 0x460000;
	inline static uintptr_t lua_gettable = Base + 0x4600F0;
	inline static uintptr_t lua_gettop = Base + 0x460120;
	inline static uintptr_t lua_insert = Base + 0x4602A0;
	inline static uintptr_t lua_isguid = Base + 0x80DAE0;
	inline static uintptr_t lua_isnumber = Base + 0x460420;
	inline static uintptr_t lua_isstring = Base + 0x460450;
	inline static uintptr_t lua_isuserdata = Base + 0x460490;
	inline static uintptr_t lua_newthread = Base; /*+ 0x19E69E0;*/
	inline static uintptr_t lua_pcall = Base + 0x460790;
	inline static uintptr_t lua_pushboolean = Base + 0x19E6C80;
	inline static uintptr_t lua_pushcclosure = Base + 0x19E6CB0;
	inline static uintptr_t lua_pushguid = Base + 0x80DC40;
	inline static uintptr_t lua_pushinteger = Base + 0x460A20;
	inline static uintptr_t lua_pushlightuserdata = Base + 0x19E6F40;
	inline static uintptr_t lua_pushnil = Base + 0x460AF0;
	inline static uintptr_t lua_pushnumber = Base + 0x460B10;
	inline static uintptr_t lua_pushstring = Base + 0x460B30;
	inline static uintptr_t lua_rawget = Base + 0x460D60; // _lua_rawgeti 0x460E10
	inline static uintptr_t lua_rawset = Base + 0x460ED0;
	inline static uintptr_t lua_remove = Base + 0x4610B0;
	inline static uintptr_t lua_setfield = Base + 0x4613D0;
	inline static uintptr_t lua_settable = Base + 0x461520;
	inline static uintptr_t lua_settop = Base + 0x461570;
	inline static uintptr_t lua_toboolean = Base + 0x461770;
	inline static uintptr_t lua_toguid = Base + 0x80DD00;
	inline static uintptr_t lua_tointeger = Base + 0x4617D0;
	inline static uintptr_t lua_tolstring = Base + 0x461850;
	inline static uintptr_t lua_tonumber = Base + 0x4618F0;
	inline static uintptr_t lua_type = Base + 0x461A00;
	inline static uintptr_t luaL_loadfile = Base + 0x19E94F0;
	inline static uintptr_t luaL_ref = Base; /*0x19E9CB0*/
	// DUMP: _lua_getstack 0x0464C30; 

	// Pointers
	static inline uintptr_t InGame = Base + 0x00;
	static inline uintptr_t InWorld = Base + 0x00;
	static inline uintptr_t CGGameUI_s_inWorld = Base + 0x2F584D4; //   NotInitialized = 0, LoadingScreen1 = 3, LoadingScreen2 = 2, InGame = 4

	// object manager
	static inline uintptr_t ClntObjMgrEnumVisibleObjectsPtr = Base + 0x13046A0;
	static inline uintptr_t ClntObjMgrGetMapId = Base + 0x1307750;
	static inline uintptr_t ClntObjMgrIsValid = Base + 0x1307EC0;

	//CTM
	static inline uintptr_t ClickToMove = 0x00; //

	static inline uintptr_t FaceTo = 0x1167360; // Bindiffed.
	// pointers
	static inline uintptr_t InvalidPtrCheckMin = Base + 0x2CDFE80;
	static inline uintptr_t InvalidPtrCheckMax = Base + 0x2CDFE88;
	static inline uintptr_t HardwareEventPtr = Base + 0x2CB7CD8;
	static inline uintptr_t CanPerformAction = 0x00;

	// Register
	inline static uintptr_t Int3 = Base + 0x2BCC3C;

	// Unit struct
	static inline uint8_t Type = 0x20;
	static inline uint16_t Guid = 0x58;
	static inline uint16_t AnimationStatus = 0x14C;
	inline static uint16_t	GatherStatus = 0x6B0;
	static inline uint16_t DisplayID = 0x003C;
	static inline uint16_t Owner = 0x534;

	//cast  
	static inline uintptr_t Spell_C_GetMinMaxRange = Base + 0xF5E440;/*0xF043C0;*/ // Unsure about this one...
	static inline uintptr_t Spell_C_GetSpellCoolDown = Base + 0xF60F10;
	static inline uintptr_t castSpell = Base + 0x1578B40;
	static inline uintptr_t isSpellKnown = Base + 0x1582470;
	static inline uintptr_t findSlotBySpellId = Base + 0x157AEC0;

	static inline uintptr_t s_spellHistory = Base + 0x2CCFB80;

	//Globals
	static inline uintptr_t GetPlayerName = Base + 0x2C45AA8; //0x29F8918;
		
	static inline uintptr_t CorpseMapID = Base + 0x2B4E070;
	static inline uintptr_t Corpsex = Base + 0x00;  // float x,y,z is gone Decompile -> 0x14FA330
	static inline uintptr_t Corpsey = Corpsex + 0x4;
	static inline uintptr_t Corpsez = Corpsex + 0x8;

	//Camera WorldFrame::GetActiveCamera
	static inline  uintptr_t CameraMgr = Base + 0x303C590; // //wowclassic 0x291A250;
	static inline  uintptr_t CameraPtr = 0x38D8; // wowclassic 0x3330;

};

My Object class

Code:

class WObject
{
public:
	char pad_0008[8]; //0x0008
	class UnitField* sUnitField; //0x0010
	char pad_0018[8]; //0x0018
	TypeId Type; //0x0020
	char pad_0021[55]; //0x0021
	WGuid Guid; //0x0058
	char pad_0060[5464]; //0x0060
	Vector3 GetUnitPositionModify; //0x1600   TBC 15B8  48bytes dif
	char pad_160C[44]; //0x1610g
	Vector3 anchor_position; //0x1640 *UnitPos2  TBC 15F8 48bytes dif
	float anchor_facing; 
	float anchor_pitch; 
	uint32_t MoveTime;
	C3Vector direction; 
	Vector2 direction_2d; 
	float unk01;
	float unk02;
	float unk03;
	uint32_t StopFall; 
	float fall_start_elev_1; //DC
	//float fall_start_elev_2; 

	float CurrentSpeed; 
	float WalkSpeed;         
	float RunForwardSpeed; 
	float RunBackwardsSpeed; 
	float SwimmingSpeed; 
	float SwimBackwardsSpeed; 
	float FlyForwardSpeed; 
	float FlyBackwardsSpeed2; 
	float Player_rotationspeed;
	//m_collisionBoxHalfDepth? 
	//m_collisionBoxHeight?    
	char pad_16A8[8]; 
	float JumpHeight; 
	char pad_16B4[44]; //0x16B4
	uint32_t Collision_StateHack; 
	char pad_16E4[316]; 
	float Player_scale; 
	char pad_1824[2156]; 

	virtual ~WObject() {}

[ChrisIsMe]

I found corpse Vector3 x,y,z implemented the same way as Retail. Search for CORPSE_RED...

[charles420]

been search corpse red easy way few others 2

[ChrisIsMe]

Here, since you did try to help out the community, I won't just leave it at two shady comments.

You should be able to find it by looking for the same pattern, I can't really help you too much since I don't have the latest TBC binary available to me.

https://i.imgur.com/8zBpRkY.png

[xkyii]

how to check 0x58 is the offset of WObject.Guid ?

[ChrisIsMe]

how to check 0x58 is the offset of WObject.Guid ?

CGActivePlayer::m_GUID is found around the base objectmanager pointer, then you find the active player object and you can compare.

[xkyii]

CGActivePlayer::m_GUID is found around the base objectmanager pointer, then you find the active player object and you can compare.

I'm finding the direct usage (like Script_UnitGUID) for a long time, thanks for saving my time.

[ChrisIsMe]

It doesn't seem like there's CGUnit__DYNAMIC_FLAGS anymore.

The most reliable way for determining a unit is lootable that I can find is

UnitBasePtr + 0x10 ] + 0x14 // > 0 === loot (4 to be exact)

Changing a unit from 0 to 4 (when dead) will also change the cursor type to a loot bag, so will not falsely label other people's kills as having loot and will honor non-party loot, but party kills as having loot for you, or only for the other person.

There's also (what seems to be) a pointer to the corpse at

UnitBasePtr + 0x8 ] + 0xB0 (or something like that) which does contain a flag 1 (loot) / 0 (no loot) which I believe is the Corpse "object" reference which seems to still have dynamic flags.

This value though doesn't really seem needed.

The corpse PTR you can find around there, honors the same thresholds that I described above, which is the most important thing (to me) for determining kills which have loot.

For reference here's the code from UnitIsDead() which from what I can tell is what should be the dynamic flags.

Code:

      v8 = *(_QWORD *)(unitptr + 0x188);        // fields || activeparty
      if ( *(_QWORD *)(v8 + 0xC0) > 0LL )       // health
      {
        retbool = 0;
        if ( *(_BYTE *)(v8 + 0x161) & 0x20 )    // dynamic_flags?

But as you see 0x161 byte, it never does change from 0.

[scimmy]

It doesn't seem like there's CGUnit__DYNAMIC_FLAGS anymore.

The most reliable way for determining a unit is lootable that I can find is

UnitBasePtr + 0x10 ] + 0x14 // > 0 === loot (4 to be exact)

Changing a unit from 0 to 4 (when dead) will also change the cursor type to a loot bag, so will not falsely label other people's kills as having loot and will honor non-party loot, but party kills as having loot for you, or only for the other person.

There's also (what seems to be) a pointer to the corpse at

UnitBasePtr + 0x8 ] + 0xB0 (or something like that) which does contain a flag 1 (loot) / 0 (no loot) which I believe is the Corpse "object" reference which seems to still have dynamic flags.

This value though doesn't really seem needed.

The corpse PTR you can find around there, honors the same thresholds that I described above, which is the most important thing (to me) for determining kills which have loot.

For reference here's the code from UnitIsDead() which from what I can tell is what should be the dynamic flags.

Code:

      v8 = *(_QWORD *)(unitptr + 0x188);        // fields || activeparty
      if ( *(_QWORD *)(v8 + 0xC0) > 0LL )       // health
      {
        retbool = 0;
        if ( *(_BYTE *)(v8 + 0x161) & 0x20 )    // dynamic_flags?

But as you see 0x161 byte, it never does change from 0.

From dumping object descriptors, I found that what you found, UnitBasePtr + 0x10] + 0x14 = CGObjectData::dynamicFlags

[ChrisIsMe]

From dumping object descriptors, I found that what you found, UnitBasePtr + 0x10] + 0x14 = CGObjectData::dynamicFlags

Well in that case I believe the flag values have changed, I wasn't familiar with any of this. But it seems like they'd be

Code:

enum UnitDynFlags
{
    UNIT_DYNFLAG_NONE                       = 0x0000,
    UNIT_DYNFLAG_HIDE_MODEL                 = 0x0002, // Object model is not shown with this flag
    UNIT_DYNFLAG_LOOTABLE                   = 0x0004,
    UNIT_DYNFLAG_TRACK_UNIT                 = 0x0008,
    UNIT_DYNFLAG_TAPPED                     = 0x0010, // Lua_UnitIsTapped
    UNIT_DYNFLAG_SPECIALINFO                = 0x0020,
    UNIT_DYNFLAG_DEAD                       = 0x0040,
    UNIT_DYNFLAG_REFER_A_FRIEND             = 0x0080
};

From TrinityCore, I've noticed tapped units do have 0x10 as their flags. I never see any of the other ones though.

Thank you, by the way.

// Edit: Can confirm, adding 8 to an objects flags makes it tracked on the minimap.

[scimmy]

Well in that case I believe the flag values have changed, I wasn't familiar with any of this. But it seems like they'd be

Code:

enum UnitDynFlags
{
    UNIT_DYNFLAG_NONE                       = 0x0000,
    UNIT_DYNFLAG_HIDE_MODEL                 = 0x0002, // Object model is not shown with this flag
    UNIT_DYNFLAG_LOOTABLE                   = 0x0004,
    UNIT_DYNFLAG_TRACK_UNIT                 = 0x0008,
    UNIT_DYNFLAG_TAPPED                     = 0x0010, // Lua_UnitIsTapped
    UNIT_DYNFLAG_SPECIALINFO                = 0x0020,
    UNIT_DYNFLAG_DEAD                       = 0x0040,
    UNIT_DYNFLAG_REFER_A_FRIEND             = 0x0080
};

From TrinityCore, I've noticed tapped units do have 0x10 as their flags. I never see any of the other ones though.

Thank you, by the way.

// Edit: Can confirm, adding 8 to an objects flags makes it tracked on the minimap.

Sorry in advance, and this is completely off topic, but I'm assuming you get lots of PMs so you don't read them. Check your inbox