Classic TBC => Build 42917

**yezack** · 03-26-2022

Originally Posted by yezack

anyone know unit's flag offset? emergency.
i try to find it by memory search,but failed.
finally i found [[entry+0X690]+0XD4FC](it's worng), sometimes it works well,but sometimes not.

test with
incombat :flag & 0x80000 ==0
Skinnable :flag & 0x4000000 ==0

i search memory by this way:
for i= 0 to 0xFFFFF
for j= 0 to 0xFFFF
if [[entry+i]+j] match condition record the offset

change the condition and do again,change condition and do again.
then i got a lot of offset tables
match these tables to find the same offset.

is there any bug? i can't find unit's flags and dynamicFlags by this way.

**Razzue** · 03-26-2022

Originally Posted by scimmy

Why are people posting offsets when the only people this benefits are those running pay 2 cheats?

I do it as I hate to see this section so "dead", and I hope that it helps anyone starting out as I did many months ago. Charles's dumps were a great help and a "foot in the door" for me, just as you were a great help in getting me started with paladins.

🤷*♂️

**Razzue** · 03-26-2022

Originally Posted by UnnamedCell

UnitName = [[entry + UnitName1] + UnitName2]

Code:

UnitName1 = 0x3F0, // old is 0x1858
UnitName2 = 0xF8,  // not changed

Code:

internal const int Info = 0x3A0   // Pointer Updated;    internal const int Rank = 0x38   // Updated;    internal const int Family = 0x34   // Updated;    internal const int Type = 0x30   // Updated;    internal const int Name = 0xF8   // Updated;

Originally Posted by yezack

i search memory by this way:
for i= 0 to 0xFFFFF
for j= 0 to 0xFFFF
if [[entry+i]+j] match condition record the offset

change the condition and do again,change condition and do again.
then i got a lot of offset tables
match these tables to find the same offset.

is there any bug? i can't find unit's flags and dynamicFlags by this way.

Code:

Dynamic Flag => Not Found;
MovePtr => 0xF0;
MoveFlags => MovePtr + 0x58;

UnitFlag1 => 0xD610;
UnitFlag2 => 0xD614;
UnitFlag3 => 0xD618;

PlayerFlag1 => 0xDB78;
PlayerFlag2 => 0xDB7C;

LocalPlayerFlag => Not Found;

** Edit 1 **
91% confidence with 87% similarity on bindif:

Code:

__int64 __fastcall Script_CanLootUnit(__int64 UnitPTR){
  __int64 result; // rax
  int v3; // edx
  int v4; // eax


  if ( (*(_DWORD *)(UnitPTR + 0xDB78) & 0x40000) == 0 )
    return 300000i64;
  v3 = sub_127C9B0();
  v4 = *(_DWORD *)(UnitPTR + 0xDB28);
  if ( v4 && v3 - v4 < 0 )
    result = (unsigned int)(v4 - v3);
  else
    result = 0xFFFFFFFFi64;
  return result;
}

**Edit 2**
Npc flags: 0xD520
Faction Template: 0xD60C

** Edit 3 **
The dynamic flags is VERY early on in unit struct. < 0x100 and > 0x80

**yezack** · 03-26-2022

[[entry+0X160]+0XC4]
[[entry+0X2D8]+0XDC]
[[entry+0X300]+0XDC]
[[entry+0X328]+0XDC]
[[entry+0X350]+0XDC]

these offset can work well like dynamic flags ,test with islootable and tapped on my pc
and [[entry+0xD458]+0x1B4] works well like [entry+0xD60C]

maybe,find offsets by memory search is nonprofessional？ i have no idea.

i can only just be a paste monkey,

**s761271562** · 03-26-2022

Obj Mgr array is much less. Can you find all of them?

**Razzue** · 03-26-2022

Originally Posted by s761271562

Obj Mgr array is much less. Can you find all of them?

I find every single entry, every single scan. If you aren't, you're doing it wrong, and will get no further response/help from me unless you show some damn effort and code.

**yezack** · 03-26-2022

Originally Posted by Razzue

Code:

internal const int Info = 0x3A0   // Pointer Updated;    internal const int Rank = 0x38   // Updated;    internal const int Family = 0x34   // Updated;    internal const int Type = 0x30   // Updated;    internal const int Name = 0xF8   // Updated;

Code:

Dynamic Flag => Not Found;
MovePtr => 0xF0;
MoveFlags => MovePtr + 0x58;

UnitFlag1 => 0xD610;
UnitFlag2 => 0xD614;
UnitFlag3 => 0xD618;

PlayerFlag1 => 0xDB78;
PlayerFlag2 => 0xDB7C;

LocalPlayerFlag => Not Found;

** Edit 1 **
91% confidence with 87% similarity on bindif:

Code:

__int64 __fastcall Script_CanLootUnit(__int64 UnitPTR){
  __int64 result; // rax
  int v3; // edx
  int v4; // eax


  if ( (*(_DWORD *)(UnitPTR + 0xDB78) & 0x40000) == 0 )
    return 300000i64;
  v3 = sub_127C9B0();
  v4 = *(_DWORD *)(UnitPTR + 0xDB28);
  if ( v4 && v3 - v4 < 0 )
    result = (unsigned int)(v4 - v3);
  else
    result = 0xFFFFFFFFi64;
  return result;
}

**Edit 2**
Npc flags: 0xD520
Faction Template: 0xD60C

** Edit 3 **
The dynamic flags is VERY early on in unit struct. < 0x100 and > 0x80

my bot now works well with UnitFlag1 => 0xD610;
dynamic flags,i use [[entry+0X160]+0XC4] temporary

**s761271562** · 03-26-2022

Originally Posted by Razzue

I find every single entry, every single scan. If you aren't, you're doing it wrong, and will get no further response/help from me unless you show some damn effort and code.

tpye = 1, items right.
type = 2，container right
type = 5, npc，less

**oiramario** · 03-26-2022

iterate over objs from objmgr.

Code:

  
  _QWORD *v4; // rbx
  _QWORD *v5; // rcx

  v4 = *(_QWORD **)(s_curMgr + 288);
  if ( v4 == (_QWORD *)(s_curMgr + 288) )
    return 1;
  while ( 1 )
  {
    v5 = v4 - 13;
    v4 = (_QWORD *)*v4;
    if ( !a1(v5, a2) )
      break;
    if ( v4 == (_QWORD *)(s_curMgr + 288) )
      return 1;
  }
  return 0;

**s761271562** · 03-26-2022

Originally Posted by oiramario

iterate over objs from objmgr.

Code:

  
  _QWORD *v4; // rbx
  _QWORD *v5; // rcx

  v4 = *(_QWORD **)(s_curMgr + 288);
  if ( v4 == (_QWORD *)(s_curMgr + 288) )
    return 1;
  while ( 1 )
  {
    v5 = v4 - 13;
    v4 = (_QWORD *)*v4;
    if ( !a1(v5, a2) )
      break;
    if ( v4 == (_QWORD *)(s_curMgr + 288) )
      return 1;
  }
  return 0;

well, is balanced tree，not array？

**darheroc** · 03-26-2022

Originally Posted by s761271562

well, is balanced tree，not array？

No, it is a hashtable with a linked list in each array index (the easiest way for collision resolution).

**oiramario** · 03-26-2022

Code:

const uint64_t AuraCount = 0x6C0;
const uint64_t AuraTable = 0x6C8;
const uint64_t AuraSize = 0xB0;
const uint64_t AuraSpellId = 0x88;
const uint64_t AuraFlags = 0x90;

**s761271562** · 03-27-2022

Originally Posted by darheroc

No, it is a hashtable with a linked list in each array index (the easiest way for collision resolution).

What is next link offset？

**darheroc** · 03-27-2022

Originally Posted by s761271562

What is next link offset？

Next list node is at 0x0. There have been 2 examples posted, why aren't you just checking these out? You can literally copy/paste them and you have a working objectmanager...

**s761271562** · 03-27-2022

Originally Posted by darheroc

Next list node is at 0x0. There have been 2 examples posted, why aren't you just checking these out? You can literally copy/paste them and you have a working objectmanager...

I only know C language. I can't understand those. I've found it. Thank you very much.

Shout-Out

User Tag List

Thread: Classic TBC => Build 42917

Thread Tools

Search Thread

Similar Threads

[Selling] Buy Classic & TBC Key EU, pay gold on Dun Modr Alliance EU

[Selling] EU Cheap Wow Account - Human Warlock 80 - [ Classic-Tbc-Wotlk ]

[Buying] Classic + TBC for Ingame Gold

[Trading] WTT 1 cata key = 1 wotlk and 1 cata key = classic + tbc

[Buying] Classic,TBC,WotLK key and Gamecard EU

OwnedCore Forums

casino

CoreCoins

My OwnedCore

About Us

Casino