Wotlk Help with offsets for 3.4.1.48120

[Hrap]

Hello guys please help with offsets for 3.4.1.48120

I use only 5 offsets:

Code:

	ObjectManagerBase = 0x2D53850,// 3.4.1.47720
	InGameStatus = 0x2D54660,// 3.4.1.47720
	Target_Guid = 0x2A652B0,// 3.4.1.47720
	MouseOver = 0x2D54668,// 3.4.1.47720
	Bag_Guid = 0x2DD0C80// 3.4.1.47720

Can anyone share them ?
Or can someone help with templates for finding these offsets, it would be very, very grateful
Perhaps there is a way to find them through ida without templates?

[klumpen]

object_manager.base = 0x2DDC850

I haven't fixed my signatures for the other offsets you're looking for.

> Perhaps there is a way to find them through ida without templates?
In the case of object_manager.base; generate strings (shift+f12 in IDA), search for 'objects waiting to be freed'. That should drop you in a method with a couple of references to the qword at 0x2DDC850. Assuming the program has been rebased to 0x0. Otherwise it would be at 0x142DDC850 iirc.

I'm sure the same method could be applied to other offsets of interest. Happy hunting!

[Hrap]

Many thanks to everyone who helped

[qop1832]

ObjectManagerBase = 0x2d1b860
InGameStatus = 0x2d1c670
Target_Guid = 0x2a2d2b0
MouseOver = 0x2d1c678

[klumpen]

Anyone had any luck with the player name cache on 48120?
My offset ( name_cache_base @ 0x29D0880 ) seems fine, count ( 128 ) looks good.

But names are a garbled mess.

Code:

INFO  player_name_cache > found name for guid 0x845F00003C9DB48 ��"
INFO  player_name_cache > found name for guid 0x845F00003BE4F48 �ߊ
WARN  player_name_cache > 2. addr is null, break
INFO  player_name_cache > found name for guid 0x845F000043EA4A5 D�����

The code I used for previous patches:

Code:

let off = 0x29D0880;
let base = proc.read_addr64(modbase + off)?;
let arr = proc.read_addr64(modbase + off + 0x10)?;
let len: u64 = proc.read(modbase + off + 0x8)?;
let lookup: HashMap<GUID, String> = HashMap::new();

for n in 0..len {
    let mut addr = self.proc.read_addr64(self.arr + (0x8 * n as usize))?;
    if addr.is_null() { continue; }

    loop {
        if addr.is_null() { break; }

        let guid: GUID = self.proc.read(addr + 0x8)?;
        if guid.hi == 0 { break; }

        if self.lookup.contains_key(&guid) {
            addr = self.proc.read_addr64(addr + 0x0)?;
            continue;
        }

        let name = self.proc.read_char_array(addr + 0x19, 20)?;
        if name != "" {
            self.lookup.insert(guid, name);
        }

        addr = self.proc.read_addr64(addr + 0x0)?;
    }
}

This worked fine on patch 46902 (base offset @ 0x2D28A10).
Trying my best to reverse what is going on in IDA, but I'm struggling to identify the correct calls to dig further into.
The first call that appeared somewhat interesting has had its function body changed a fair bit.

46902 on the left, 48120 on the right.
foobar.jpg

Edit; Fixed. The name has moved from 0x19 to 0x29.

[hjalplos]

If you want to find Object Manager Base the boring way in Ida just search for the string: Client Object Manager Initialized
Double Click it
Double Click the DATA XREF to the right
Around 4 instruction over the line you go to is a move instruction there is the object manager base
Helps to Rebase the dump to 0 first (Edit -> Segments -> Rebase program...)

GL