-
Member
Wotlk Help with offsets for 3.4.1.48120
Hello guys please help with offsets for 3.4.1.48120
I use only 5 offsets:
Code:
ObjectManagerBase = 0x2D53850,// 3.4.1.47720
InGameStatus = 0x2D54660,// 3.4.1.47720
Target_Guid = 0x2A652B0,// 3.4.1.47720
MouseOver = 0x2D54668,// 3.4.1.47720
Bag_Guid = 0x2DD0C80// 3.4.1.47720
Can anyone share them ?
Or can someone help with templates for finding these offsets, it would be very, very grateful
Perhaps there is a way to find them through ida without templates?
-
Active Member
object_manager.base = 0x2DDC850
I haven't fixed my signatures for the other offsets you're looking for.
> Perhaps there is a way to find them through ida without templates?
In the case of object_manager.base; generate strings (shift+f12 in IDA), search for 'objects waiting to be freed'. That should drop you in a method with a couple of references to the qword at 0x2DDC850. Assuming the program has been rebased to 0x0. Otherwise it would be at 0x142DDC850 iirc.
I'm sure the same method could be applied to other offsets of interest. Happy hunting!
-
Post Thanks / Like - 1 Thanks
Hrap (1 members gave Thanks to klumpen for this useful post)
-
Member
Many thanks to everyone who helped
-
ObjectManagerBase = 0x2d1b860
InGameStatus = 0x2d1c670
Target_Guid = 0x2a2d2b0
MouseOver = 0x2d1c678
Hello everyone, I'm a newbie~ Recently I'm trying to study how to execute API externally and get the return value of API, as well as the release of aoe spells, come on!
-
Active Member
Anyone had any luck with the player name cache on 48120?
My offset ( name_cache_base @ 0x29D0880 ) seems fine, count ( 128 ) looks good.
But names are a garbled mess.
Code:
INFO player_name_cache > found name for guid 0x845F00003C9DB48 ��"
INFO player_name_cache > found name for guid 0x845F00003BE4F48 �ߊ
WARN player_name_cache > 2. addr is null, break
INFO player_name_cache > found name for guid 0x845F000043EA4A5 D�����
The code I used for previous patches:
Code:
let off = 0x29D0880;
let base = proc.read_addr64(modbase + off)?;
let arr = proc.read_addr64(modbase + off + 0x10)?;
let len: u64 = proc.read(modbase + off + 0x8)?;
let lookup: HashMap<GUID, String> = HashMap::new();
for n in 0..len {
let mut addr = self.proc.read_addr64(self.arr + (0x8 * n as usize))?;
if addr.is_null() { continue; }
loop {
if addr.is_null() { break; }
let guid: GUID = self.proc.read(addr + 0x8)?;
if guid.hi == 0 { break; }
if self.lookup.contains_key(&guid) {
addr = self.proc.read_addr64(addr + 0x0)?;
continue;
}
let name = self.proc.read_char_array(addr + 0x19, 20)?;
if name != "" {
self.lookup.insert(guid, name);
}
addr = self.proc.read_addr64(addr + 0x0)?;
}
}
This worked fine on patch 46902 (base offset @ 0x2D28A10).
Trying my best to reverse what is going on in IDA, but I'm struggling to identify the correct calls to dig further into.
The first call that appeared somewhat interesting has had its function body changed a fair bit.
46902 on the left, 48120 on the right.
foobar.jpg
Edit; Fixed. The name has moved from 0x19 to 0x29.
Last edited by klumpen; 02-21-2023 at 11:43 AM.
-
Member
If you want to find Object Manager Base the boring way in Ida just search for the string: Client Object Manager Initialized
Double Click it
Double Click the DATA XREF to the right
Around 4 instruction over the line you go to is a move instruction there is the object manager base
Helps to Rebase the dump to 0 first (Edit -> Segments -> Rebase program...)
GL