First of all,
thank you for taking the time guys! I don't post often in forums and would rather figure things out by myself, so it's nice to see you taking the time
Alright so, my copy pasta was made AFTER I fiddled with the code and tried, amongst other things, other offsets. The offset I am using for the object manager is indeed the correct one: 0x2C65910.
@
Razzue
I would like to traverse the object manager in the most basic way, with the least amount of dependencies. I just want to prove to myself it works first. That said, I am confused by your traversal:
Code:
var ptrArray = NT.ReadArray<IntPtr>(NT.Read<IntPtr>(managerBase + 0x8), maxCount);
Does that actually traverse the pointer chain? Or is there an array of pointer in the object manager structure? Was it not a linked-list?
My understanding was that, at address "process base address + object manager offset + first element offset", I would be getting a pointer pointing to the next element in the linked-list. Afterwards, the next element pointer would be accessed at address pointed to at offset 0x70. The traversal would end when that address' value was 0. The properties would be accessed by adding a property offset, such as GUID at 0x58, to the current element's address and marshalling what's at that address to the correct type, such as a uint128 for the GUID.