Object Manager traversal (WoW classic)

[Razzue]

CGObject_C + 0x10 is a pointer to the object's descriptors (as listed here ([Classic TBC] 2.5.1.38988 object descriptors))

CGUnit_C + 0x198 is a pointer to CMovement structure, CGUnit_C + 0x1598 is the start of CMovement structure

Code:

// size = 0x238
struct CMovement : CPassenger
{
	//CPassenger passenger;	// 0x000
	uintptr_t unk_048;		// 0x048
	uintptr_t unk_050;		// 0x050
	MovementFlags Flags;	// 0x058
	uint32_t unk_05C;		// 0x058
	float x;				// 0x060
	float y;				// 0x064
	float z;				// 0x068
	float facing;			// 0x06C
	// etc...
};

just to clarify some offsets posted earlier

Oh.. so I WAS doing it the right way.. good to know

[ChrisIsMe]

Oh.. so I WAS doing it the right way.. good to know

The game uses base + 0x198, in most places I have seen, so I would say no.

There's always more than one way to do anything though, you can also rip this all out of the Object Manager base.

[Reghero]

Happy to open another thread if it makes sense but quick question about function calls after injected:

Code:

public static class Functions
    {
        [DllImport("FastCall.dll", EntryPoint = "EnumerateVisibleObjects")]
        static extern void EnumerateVisibleObjects(IntPtr callback, long filter, IntPtr ptr);

        internal static void EnumerateVisibleObjects(IntPtr callback, long filter) =>
            EnumerateVisibleObjects(
                callback,
                filter,
                System.Diagnostics.Process.GetCurrentProcess().MainModule.BaseAddress + 0x12DEBF0
            );
    }

Code:

public class ProcessController : ApiController
    {
        [UnmanagedFunctionPointer(CallingConvention.Cdecl)]
        delegate int EnumerateVisibleObjectsCallback(IntPtr guid, int filter);

        static EnumerateVisibleObjectsCallback callback;

        private IntPtr callbackPtr;

        public ProcessController()
        {
            callback = Callback;
            callbackPtr = Marshal.GetFunctionPointerForDelegate(callback);
        }

        static int Callback(IntPtr guid, int filter)
        {
            MessageBox.Show("Got call");

            return 1;
        }
       
        void CallEnumObjects() {
        ThreadSynchronizer.RunOnMainThread(() =>
                {
                    Functions.EnumerateVisibleObjects(callbackPtr, 0);
                });
         }
}

Address from this function which looks to match previous discussions on this:

enumobjects.PNG

[Weekday]

You have the wrong offset, it is 0x12DECA0.

[Reghero]

You have the wrong offset, it is 0x12DECA0.

Thanks. I found it not long after posting while browsing in IDA.

I tried updating it:

Code:

public static class Functions
    {
        [DllImport("FastCall.dll", EntryPoint = "EnumerateVisibleObjects")]
        static extern void EnumerateVisibleObjects(IntPtr callback, long filter, IntPtr ptr);

        internal static void EnumerateVisibleObjects(IntPtr callback, long filter) =>
            EnumerateVisibleObjects(
                callback,
                filter,
                System.Diagnostics.Process.GetCurrentProcess().MainModule.BaseAddress + 0x12DECA0
            );
    }

C++

Code:

void __declspec(dllexport) __stdcall EnumerateVisibleObjects(unsigned int callback, int filter, unsigned int ptr)
    {
        typedef unsigned int __fastcall func(unsigned int callback, int filter);
        func* function = (func*)ptr;
        function(callback, filter);
    }

C# callback

Code:

[UnmanagedFunctionPointer(CallingConvention.Cdecl)]
        delegate int EnumerateVisibleObjectsCallback(IntPtr guid, long filter);

        static EnumerateVisibleObjectsCallback callback;