-
Member
Originally Posted by
yezack
anyone know unit's flag offset? emergency.
i try to find it by memory search,but failed.
finally i found [[entry+0X690]+0XD4FC](it's worng), sometimes it works well,but sometimes not.
test with
incombat :flag & 0x80000 ==0
Skinnable :flag & 0x4000000 ==0
i search memory by this way:
for i= 0 to 0xFFFFF
for j= 0 to 0xFFFF
if [[entry+i]+j] match condition record the offset
change the condition and do again,change condition and do again.
then i got a lot of offset tables
match these tables to find the same offset.
is there any bug? i can't find unit's flags and dynamicFlags by this way.
-
-
Contributor
Avid Ailurophile
Originally Posted by
UnnamedCell
UnitName = [[entry + UnitName1] + UnitName2]
Code:
UnitName1 = 0x3F0, // old is 0x1858
UnitName2 = 0xF8, // not changed
Code:
internal const int Info = 0x3A0 // Pointer Updated; internal const int Rank = 0x38 // Updated; internal const int Family = 0x34 // Updated; internal const int Type = 0x30 // Updated; internal const int Name = 0xF8 // Updated;
Originally Posted by
yezack
i search memory by this way:
for i= 0 to 0xFFFFF
for j= 0 to 0xFFFF
if [[entry+i]+j] match condition record the offset
change the condition and do again,change condition and do again.
then i got a lot of offset tables
match these tables to find the same offset.
is there any bug? i can't find unit's flags and dynamicFlags by this way.
Code:
Dynamic Flag => Not Found;
MovePtr => 0xF0;
MoveFlags => MovePtr + 0x58;
UnitFlag1 => 0xD610;
UnitFlag2 => 0xD614;
UnitFlag3 => 0xD618;
PlayerFlag1 => 0xDB78;
PlayerFlag2 => 0xDB7C;
LocalPlayerFlag => Not Found;
** Edit 1 **
91% confidence with 87% similarity on bindif:
Code:
__int64 __fastcall Script_CanLootUnit(__int64 UnitPTR){
__int64 result; // rax
int v3; // edx
int v4; // eax
if ( (*(_DWORD *)(UnitPTR + 0xDB78) & 0x40000) == 0 )
return 300000i64;
v3 = sub_127C9B0();
v4 = *(_DWORD *)(UnitPTR + 0xDB28);
if ( v4 && v3 - v4 < 0 )
result = (unsigned int)(v4 - v3);
else
result = 0xFFFFFFFFi64;
return result;
}
**Edit 2**
Npc flags: 0xD520
Faction Template: 0xD60C
** Edit 3 **
The dynamic flags is VERY early on in unit struct. < 0x100 and > 0x80
Last edited by Razzue; 03-26-2022 at 11:03 AM.
-
Post Thanks / Like - 1 Thanks
oiramario (1 members gave Thanks to Razzue for this useful post)
-
Member
[[entry+0X160]+0XC4]
[[entry+0X2D8]+0XDC]
[[entry+0X300]+0XDC]
[[entry+0X328]+0XDC]
[[entry+0X350]+0XDC]
these offset can work well like dynamic flags ,test with islootable and tapped on my pc
and [[entry+0xD458]+0x1B4] works well like [entry+0xD60C]
maybe,find offsets by memory search is nonprofessional? i have no idea.
i can only just be a paste monkey,
Last edited by yezack; 03-26-2022 at 11:27 AM.
-
Member
Obj Mgr array is much less. Can you find all of them?
-
-
Member
Originally Posted by
Razzue
Code:
internal const int Info = 0x3A0 // Pointer Updated; internal const int Rank = 0x38 // Updated; internal const int Family = 0x34 // Updated; internal const int Type = 0x30 // Updated; internal const int Name = 0xF8 // Updated;
Code:
Dynamic Flag => Not Found;
MovePtr => 0xF0;
MoveFlags => MovePtr + 0x58;
UnitFlag1 => 0xD610;
UnitFlag2 => 0xD614;
UnitFlag3 => 0xD618;
PlayerFlag1 => 0xDB78;
PlayerFlag2 => 0xDB7C;
LocalPlayerFlag => Not Found;
** Edit 1 **
91% confidence with 87% similarity on bindif:
Code:
__int64 __fastcall Script_CanLootUnit(__int64 UnitPTR){
__int64 result; // rax
int v3; // edx
int v4; // eax
if ( (*(_DWORD *)(UnitPTR + 0xDB78) & 0x40000) == 0 )
return 300000i64;
v3 = sub_127C9B0();
v4 = *(_DWORD *)(UnitPTR + 0xDB28);
if ( v4 && v3 - v4 < 0 )
result = (unsigned int)(v4 - v3);
else
result = 0xFFFFFFFFi64;
return result;
}
**Edit 2**
Npc flags: 0xD520
Faction Template: 0xD60C
** Edit 3 **
The dynamic flags is VERY early on in unit struct. < 0x100 and > 0x80
my bot now works well with UnitFlag1 => 0xD610;
dynamic flags,i use [[entry+0X160]+0XC4] temporary
-
Member
Originally Posted by
Razzue
I find every single entry, every single scan. If you aren't, you're doing it wrong, and will get no further response/help from me unless you show some damn effort and code.
tpye = 1, items right.
type = 2,container right
type = 5, npc,less
Last edited by s761271562; 03-26-2022 at 12:30 PM.
-
Established Member
iterate over objs from objmgr.
Code:
_QWORD *v4; // rbx
_QWORD *v5; // rcx
v4 = *(_QWORD **)(s_curMgr + 288);
if ( v4 == (_QWORD *)(s_curMgr + 288) )
return 1;
while ( 1 )
{
v5 = v4 - 13;
v4 = (_QWORD *)*v4;
if ( !a1(v5, a2) )
break;
if ( v4 == (_QWORD *)(s_curMgr + 288) )
return 1;
}
return 0;
-
Member
Originally Posted by
oiramario
iterate over objs from objmgr.
Code:
_QWORD *v4; // rbx
_QWORD *v5; // rcx
v4 = *(_QWORD **)(s_curMgr + 288);
if ( v4 == (_QWORD *)(s_curMgr + 288) )
return 1;
while ( 1 )
{
v5 = v4 - 13;
v4 = (_QWORD *)*v4;
if ( !a1(v5, a2) )
break;
if ( v4 == (_QWORD *)(s_curMgr + 288) )
return 1;
}
return 0;
well, is balanced tree,not array?
-
Member
Originally Posted by
s761271562
well, is balanced tree,not array?
No, it is a hashtable with a linked list in each array index (the easiest way for collision resolution).
-
Established Member
Code:
const uint64_t AuraCount = 0x6C0;
const uint64_t AuraTable = 0x6C8;
const uint64_t AuraSize = 0xB0;
const uint64_t AuraSpellId = 0x88;
const uint64_t AuraFlags = 0x90;
-
Member
Originally Posted by
darheroc
No, it is a hashtable with a linked list in each array index (the easiest way for collision resolution).
What is next link offset?
-
Member
Originally Posted by
s761271562
What is next link offset?
Next list node is at 0x0. There have been 2 examples posted, why aren't you just checking these out? You can literally copy/paste them and you have a working objectmanager...
-
Member
Originally Posted by
darheroc
Next list node is at 0x0. There have been 2 examples posted, why aren't you just checking these out? You can literally copy/paste them and you have a working objectmanager...
I only know C language. I can't understand those. I've found it. Thank you very much.