tbc 2.5.2 41510 simple dumper

[yezack]

result of wow-dumper @GitHub - Razzue/Wow-Dumper: A simple wow offset dumper

anyone know how to dump the ClickToMove_Toggle base?

Code:

//------------------------------------------------------------------------------
// <auto-generated>
//     This code was generated by a tool.
//
//     Changes to this file may cause incorrect behavior and will be lost if
//     the code is regenerated.
// </auto-generated>
//------------------------------------------------------------------------------

namespace Dumper.Offsets
{
    
    
    public class WowOffsets
    {
        
        public const int PlayerName = 0x2DCFCF8;
        public const int PlayerGUID = 0x2DCFCE0;
        public const int PetGUID = 0x3124588;
        public const int MouseoverGUID = 0x30E7F48;
        public const int TargetGUIDS = 0x2E45E60;
        public const int BagGUIDS = 0x31375E0;
        public const int ZoneID = 0x30E6E1C;
        public const int GameStatus = 0x30E7F24;
        public const int CorpsePosition = 0x2CD3AF0;
        public const int LootWindow = 0x3124698;
        public const int AutoLootToggle = 0x30E7B88;
        public const int LootToggleOffset = 0xFFFFFFFFA694E85C;
        public const int LastMessage = 0x30E6E20;
        public const int BattlegroundFinished = 0x31236EC;
        public const int BattlegroundWinner = 0x31236F0;
        public const int BattlegroundInfo = 0x2CDD840;
        public const int KeybindBase = 0x2DCEB18;
        public const int AddOnBase = 0x316CC20;
        public const int SpellbookBase = 0x311B9C8;
        public const int SpellbookCount = 0x311B9C0;
        public const int PetSpellbookBase = 0x311B9E8;
        public const int PetSpellbookCount = 0x311B9E0;
        public const int CooldownBase = 0x2E56A40;
        public const int CameraBase = 0x31C9C98;
        public const int CameraOffsetBase = 0x38E0;
        public const int ObjectManager = 0x2EF4068;
        public const int PlayerNameCache = 0x2AAF8A0;
    }
}

[yezack]

ClickToMove_Toggle base :0x30E7B40,offset:0x5C

[yezack]

ActionbarBase -> 0x312AA60

[Razzue]

Hehe.. Glad to see someone's at least using it 😏
Should note that most patterns in there are for SoM or maybe be fairly outdated for tbc :P

Now that holidays are all wrapped up I'll try to spend some time fixing that up, and maybe making patterns readable from an external file for easy updates

[yezack]

it works well,but some patterns was missed
i get some patterns from GitHub - semi420/Reversing at 3ee1d1a256004d2bdf5718f9b01cc5087a9f11b3

[Razzue]

Code:

--[Globals]--
-> GameStatus: 0x30E7F24
-> PlayerName: 0x2DCFCF8
-> PlayerGUID: 0x2DCFCE0
-> PetGUID: 0x3124588
-> TargetGUID: 0x2E45E10
-> MouseoverGUID: 0x30E7F48
-> BagGUID: 0x31375E0
-> ZoneID: 0x30E6E1C
-> LastMessage: 0x30E6E20
-> IsIndoors: 0x2E44825
-> MousePressed: 0x2E3F19C
-> LootWindowOpen: 0x3124698
-> CorpsePosition: 0x2CD3AF0

--[QuestManager]--
-> Base: 0x312D480
-> NumQuests: 0x312D2C0
-> CurrentQuest: 0x3154EC4
-> QuestTitle: 0x3160010
-> GossipQuests: 0x311DEC8
-> NumQuestChoices: 0x31644C0
-> QuestReward: 0x31644C8

--[AutoLoot]--
-> Toggle: 0x30E7B88
-> Offset: 0x5C

--[ClickToMove]--
-> Toggle: 0x30E7B40
-> Offset: 0x5C

--[Chat]--
-> ChatOpen: 0x2E66C44
-> Start: 0x30E8250
-> Offset: 0xCB8
-> Message: 0xE6

--[Keybinds]--
-> Base: 0x2DCEB18

--[Addon]--
-> Base: 0x316CC20

--[Spellbooks]--
-> Base: 0x311B9C0
-> Count: 0x311B9B8
-> PetBase: 0x311B9E8
-> PetCount: 0x311B9E0

--[Battleground]--
-> Finished: 0x31236EC
-> Winner: 0x31236F0
-> Info: 0x2CDD840

--[ObjectManager]--
-> NameCache: 0x2AAF8A0
-> Base: 0x2EF4068

--[PowerIndex]--
-> Arrays: 0x2EB17B0
-> Invalid: 0x40F5D1D
-> Multiplicator: 0x13

--[Cooldowns]--
-> Base: 0x2E56A40

--[GameCamera]--
-> Base: 0x31C9C98
-> Offset: 0x38E0

Is what I get from my private slightly updated build. I think most are right except spellbook offsets were a tad off last time I updated.. iirc.

yeah.. spellbook is actually (kinda funny it's correct in old dumper, but not new xD):

Code:

--[Spellbooks]--
-> Base:0x311B9C8
-> Count: 0x311B9C0
-> PetBase: 0x311B9E8
-> PetCount: 0x311B9E0

[qop1832]

My head hurts and I don't know how to get the cooling of my skills. Go search and view previous articles. There may be a problem with the translation software. I don't fully understand the meaning inside. I used CE to open the 0x2E56A40 position and I could see the value of similar skill ID and cooling time. But how can I get the remaining cooldown time of this skill?

[Razzue]

My head hurts and I don't know how to get the cooling of my skills. Go search and view previous articles. There may be a problem with the translation software. I don't fully understand the meaning inside. I used CE to open the 0x2E56A40 position and I could see the value of similar skill ID and cooling time. But how can I get the remaining cooldown time of this skill?

Code:

internal bool GetCooldowns()
{
    try
    {
        lock (CooldownLock)
        {
            var Current = Memory.Read<IntPtr>(Client.BaseAddress + 0x2E56A40 + 0x10);
            if (Current == IntPtr.Zero)
                throw new Exception("Could not read base poi");

            Cooldowns = new List<CooldownStruct>();
            while (Current.ToInt64() != 0)
            {
                var cdObj = Memory.Read<CooldownStruct>(Current);
                if (cdObj.SpellID != 0)
                    Cooldowns.Add(cdObj);
                Current = cdObj.Next;
            }

        }
        return Cooldowns.Count > 0;
    }
    catch (Exception e)
    {
        Console.WriteLine($"[{DateTime.Now.ToShortTimeString()}] {e.Message}");
        return false;
    }
}

Code:

[StructLayout(LayoutKind.Explicit)]
public struct CooldownStruct
{
    [FieldOffset(0x08)]
    public IntPtr Next;

    [FieldOffset(0x10)]
    public uint SpellID;

    [FieldOffset(0x14)]
    public uint ItemID;

    [FieldOffset(0x1C)]
    public uint RecoveryStart;

    [FieldOffset(0x20)]
    public uint Recovery1;

    [FieldOffset(0x28)]
    public uint CatRecoveryStart;

    [FieldOffset(0x2C)]
    public uint Recovery2;

    [FieldOffset(0x34)]
    public uint GcdRecoveryStart;
}

Take some time to actually read back on old topics in this forum i know i've posted this elsewhere here before and will be my only handout.

[qop1832]

Code:

internal bool GetCooldowns()
{
    try
    {
        lock (CooldownLock)
        {
            var Current = Memory.Read<IntPtr>(Client.BaseAddress + 0x2E56A40 + 0x10);
            if (Current == IntPtr.Zero)
                throw new Exception("Could not read base poi");

            Cooldowns = new List<CooldownStruct>();
            while (Current.ToInt64() != 0)
            {
                var cdObj = Memory.Read<CooldownStruct>(Current);
                if (cdObj.SpellID != 0)
                    Cooldowns.Add(cdObj);
                Current = cdObj.Next;
            }

        }
        return Cooldowns.Count > 0;
    }
    catch (Exception e)
    {
        Console.WriteLine($"[{DateTime.Now.ToShortTimeString()}] {e.Message}");
        return false;
    }
}

Code:

[StructLayout(LayoutKind.Explicit)]
public struct CooldownStruct
{
    [FieldOffset(0x08)]
    public IntPtr Next;

    [FieldOffset(0x10)]
    public uint SpellID;

    [FieldOffset(0x14)]
    public uint ItemID;

    [FieldOffset(0x1C)]
    public uint RecoveryStart;

    [FieldOffset(0x20)]
    public uint Recovery1;

    [FieldOffset(0x28)]
    public uint CatRecoveryStart;

    [FieldOffset(0x2C)]
    public uint Recovery2;

    [FieldOffset(0x34)]
    public uint GcdRecoveryStart;
}

Take some time to actually read back on old topics in this forum i know i've posted this elsewhere here before and will be my only handout.

Thank you very much for your help Razzue, I have seen what you posted in the article [TBC Classic] [2.5.2 40892]. I have also read many old articles. Maybe it's a problem with the translation software. I don't really understand what those mean. So I fiddled with it for almost a week. No progress at all. Thank you for the code~ This is very helpful to me. Thank you.

[qop1832]

I did it. Because of my lack of understanding of C# and unreliable translation software, I was really confused when I read the C# code of the predecessors. After repeated reading, I just thought of it. I need to use the current time of the system to calculate the number of milliseconds. . It was confirmed that my idea was correct.

Code:

@@ Debug(138) : ID： 27087  CD =  7.799
@@ Debug(138) : ID： 27087  CD =  6.783
@@ Debug(138) : ID： 27087  CD =  5.783
@@ Debug(138) : ID： 27087  CD =  4.768
@@ Debug(138) : ID： 27087  CD =  3.768
@@ Debug(138) : ID： 27087  CD =  2.768
@@ Debug(138) : ID： 27087  CD =  1.768
@@ Debug(138) : ID： 27087  CD =  0.768

[maikel233]

Does anyone have the struct of spellbook?
And is the offset for auratable/auracount correct? I'm getting invalid results.

Edit--
AuraCount = Player+0x1B20
Aura Table: = Player + (auto offset = (0x1B28 + currentAuraCount * 0xB0); // AuraSize

Code:

	////////////////////////
	//     2.5.2.41510   //
	////////////////////////

	//static std::uintptr_t findPattern(const char* moduleName, std::string_view pattern, bool reportNotFound = true) noexcept;
	
	// base address
	static inline uintptr_t Base = reinterpret_cast<uintptr_t>(GetModuleHandle(NULL));

	// Pointers
	static inline uintptr_t IsPlayerInWorld = Base + 0x30E7F24;// Script_IsPlayerInWorld or Script_GameMovieFinished 

	// object manager
	static inline uintptr_t ClntObjMgrEnumVisibleObjectsPtr = Base + 0x13F6810;
	static inline uintptr_t ClntObjMgrGetMapId = Base + 0x13FBFA0;
	static inline uintptr_t ClntObjMgrIsValid = Base + 0x13FC710;

	//CTM         
	static inline uintptr_t OnTerrainClick = 0x1630C50; // CGGameUI::OnTerrainClick. From time to time Clicks out of bound?
	static inline uintptr_t ClickToMove = 0x1263C50; //
	static inline uintptr_t FaceTo = 0x12639A0; 
	// pointers
	static inline uintptr_t InvalidPtrCheckMin = Base + 0x2E666C0;
	static inline uintptr_t InvalidPtrCheckMax = Base + 0x2E666C8;
	static inline uintptr_t HardwareEventPtr = Base + 0x2E3FE68; //0F 85 ? ? ? ? 48 8B 07 48 8B CF 8B 1D ? ? ? ? FF 90 ? ? ? ? 85 C0 74 11 48 8B 07 45 33 C0 33 D2 48 8B CF FF 90 ? ? ? ? E8 ? ? ? ? 48 85 C0 74 0A 33

	// Unit struct
	static inline uint8_t Type = 0x20;
	static inline uint16_t Guid = 0x58;
	static inline uint16_t AnimationStatus = 0x14C;
	inline static uint16_t	GatherStatus = 0x6B0;
	static inline uint16_t DisplayID = 0x003C;
	static inline uint16_t Owner = 0x534;

	//cast  
	static inline uintptr_t GetBagAndSlot = Base + 0x1860F40;
	static inline uintptr_t GetItemPointer = Base + 0x1346460;
	static inline uintptr_t Spell_C_GetMinMaxRange = Base + 0x105E8F0; // 48 89 5C 24 ? 48 89 6C 24 ? 48 89 74 24 ? 57 48 83 EC 30 49 8B D9 49 8B F8 8B F2 48 8B E9 E8 ? ? ? ? 89 44 24 28 4C 8B CB 48 8B 44 24 ? 4C 8B C7 8B D6 48 89 44 24 ? 48 8B CD E8 ? ? ? ? 48 8B 5C 24 ? 48 8B 6C 24 ? 48 8B 74 24 ? 48 83 C4 30 5F 
	static inline uintptr_t Spell_C_GetSpellCoolDown = Base + 0x10613D0; // 48 83 EC 58 44 8B D1 C6 44 24 ? ? 41 F7 D8 48 8D 05 ? ? ? ? 44 8B C2 41 8B D2 48 1B C9 81 E1 ? ? ? ? 48 03 C8 0F B6 84 24 ? ? ? ? 88 44 24 40 48 8B 84 24 ? ? ? ? 48 89 44 24 ? 48 8B 84 24 ? ? ? ? 
	static inline uintptr_t Spell_C_CastSpell = Base + 0x1699550; // From Spell_C_CastSpell not the function itself. 48 89 5C 24 ? 48 89 6C 24 ? 48 89 74 24 ? 41 56 48 83 EC 50 41 0F B6 F1 49 8B E8 44 0F B6 F2 48 63 D9 E8 ? ? ? ? 85 C0 0F 85 ? ? ? ? 39 05 ? ? ? ? 0F 85 ? ? ? ?
	static inline uintptr_t isSpellKnown = Base + 0x16A31C0; // 48 89 5C 24 ? 57 48 83 EC 20 0F B6 FA 8B D9 E8 ? ? ? ? 85 C0 79 43 40 84 FF 74 18 8B CB E8 ? ? ? ? 48 85 C0 0F 95 C0 48 8B 5C 24 ? 48 83 C4 20 5F C3 81 FB ? ? ? ?
	static inline uintptr_t findSlotBySpellId = Base + 0x169B850; //44 8B C1 85 C9 0F 84 ? ? ? ? 84 D2 74 51 44 8B 0D ? ? ? ? 33 D2 45 85 C9 74 74 4C 8B 15 ? ? ? ? 49 8B 0C D2 

	static inline uintptr_t spellDB = Offsets::Base + 0x311B9C8;//Script_GetProfessionInfo, First CS:Offset under WowClientDB2_Base__GetRecordDataUnsafe
	static inline uintptr_t spellDBTotalRowsAddr = Offsets::Base + 0x311B9C0; //0xC0D78C, Second CS:Offset

	//Globals
	static inline uintptr_t GetPlayerName = Base + 0x264270;
	static inline uintptr_t isLootWindowOpen = Base + 0x3124670;
		
	static inline uintptr_t CorpseMapID = Base + 0x2CD3AB0;  // Script_RetrieveCorpse -> First xmmword xref -> sub -> Under cintobjmgr first dword. 
	static inline uintptr_t Corpsex = CorpseMapID + 0x40; //Bruteforced always ~close to the CorpseMapID
	static inline uintptr_t Corpsey = Corpsex + 0x4;
	static inline uintptr_t Corpsez = Corpsex + 0x8;
	static inline uintptr_t Bool_MustEnterInstanceToRecoverBodymsg = CorpseMapID + 0x04; 

	//Camera WorldFrame::GetActiveCamera
	static inline  uintptr_t CameraMgr = Base + 0x31C9C98; // 48 89 74 24 ? 48 89 7C 24 ? 0F 29 74 24 ? E8 ? ? ? ? 48 8B 0D ? ? ? ? 48 8B 89 ? ? ? ? E8 ? ? ? ? E8 ? ? ? ? E8 ? ? ? ?
	static inline  uintptr_t CameraPtr = 0x38E0; // Shifted 8 bytes since 38631

	//ESP
	static inline uintptr_t GetWorld = Base + 0x2075E0; // Script_QuitGame, First Call, First DWORD.
	static inline uintptr_t WorldFrameIntersect = Base + 0x1AC80F0; // F12, Search: Preload Immediate End -> DATA XREF: sub -> Sub below that, First Call and select second sub.
	//48 83 EC 58 8B 42 08 F2 0F 10 02 48 8D 54 24 ? 89 44 24 28 41 8B 40 08 89 44 24 34 48 8B 84 24 ? ? ? ? 48 89 44 24 ? 48 8B 84 24 ? ? ? ? F2 0F 11 44 24 ? F2 41 0F 10 00 48 89 44 24 ? F2 0F 11 44 24 ? 4C 89 4C 24 ? E8 ? ? ? ? 48 83 C4 58 C3

[qop1832]

I've gotten the name of the unitObject with unitbase+1800+f8+0, and the name of the GameObject with GameObjectbase+478+e0+0, but I realized when I wanted to get the name of the PlayerObject. This is not the same. I checked out previous articles. As before, I don't quite understand it. Can anyone give me some hints?

[Razzue]

I've gotten the name of the unitObject with unitbase+1800+f8+0, and the name of the GameObject with GameObjectbase+478+e0+0, but I realized when I wanted to get the name of the PlayerObject. This is not the same. I checked out previous articles. As before, I don't quite understand it. Can anyone give me some hints?

You need to read the player name cache
Each entry will have a GUID/String of a player, then you just have to match unit guid to name cache guid.

[qop1832]

I'm browsing the memory in the 0x2AAF8A0 area and haven't found string information about guid and name yet.

[ChrisIsMe]

aaaaaaaaaaaaaaaaaaaa