[3.4.2.50664] - Sanity Check - Object Manager

[wardrive]

This is my first post on these forums, so I will attempt to make it an intelligent one.

Before posting my questions and rambling, I'd like to give a shoutout to @Razzue , @charles420, @_chase, and @namreeb for your various posts and responses. Many of them were incredibly insightful and I hope to continue learning what I can from you. There were plenty of others with valuable information to share, and I thank you all for your contributions.

I've been reviewing threads for the ObjectManager dating back to 2008 to present over the past several weeks (There's quite a few!). I am maintaining a CherryTree document to organize the information I find and to notate what works, and what doesn't.

In that time, I have compiled CheatEngine from source, modified the dbk driver, and have been able to attach my custom CheatEngine to the game process without it crashing. Nothing overly complicated so far. I can manually find values as one does in cheat engine, am familiar with the concept of structures, creating signatures, finding pointers, and have created a few of my own signatures for values of interest. I created a python script (python developer) that uses ReadProcessMemory, searches for those signatures, and correctly identifies the offset in question. When I plug those offsets into cheat engine, the expected result appears. Piece of cake. I could probably make due with this alone, but I know there's a better solution for retrieving object data.

What seems to be eluding me, (perhaps this is due to the different clients, IDA rebase for the person posting, confusion regarding terminology, or code changes over the years), is the Object Manager and iterating it. As of this writing, the most recent references to the object manager suggest that I've correctly identified it, but would appreciate a quick sanity check, as some of the values I'm looking for do not appear where I would expect them.

By my own analysis within IDA I managed to identify the offset for the ObjectManager at 2EBFD30 (3.4.2.50664 - Rebased to zero for ease of use). I admit I am no expert in reverse engineering, but can generally stumble and trial/error my way through things until I understand them. This step didn't seem overly difficult [1] [2].

Image Reference[1]: Screenshot - b3d77d64e86ef28c3884f39e12b49fa1 - Gyazo
Image Reference[2]: Screenshot - a1c2bad75f22d83226815253500c722e - Gyazo

Furthermore, I compiled Razzue's dumpwow from his github repo, and while I am aware that many of the signatures within it no longer work and show some invalid offsets, the object manager base (and signature) offset appears to reflect my own findings.

Utilizing the offset identified, I begin reviewing the structure in cheatengine. WowClassic.exe + 2EBFD30. Returns a pointer. Sweet. Analyzing the structure at that pointer (Labeled for clarification based on my understanding, using recent posts on the topic of ObjectManager as reference) [3]

Image Reference [3]: Screenshot - 749043ac6fef063132511d4e7f65133b - Gyazo

So far, so good.

CurCount dramatically increases in densly populated areas, and decreases when isolated somewhere.
MaxCount doesn't seem to change that I've noticed.
Expanding the pointer for “Entity Array” yields further indications that I'm headed in the right direction.

Within my Entity Array, I can clearly see numerous values of 0 (indicating an invalid pointer or otherwise null result at that address), and several pointers that appear to fit the structure I've deduced from various recent posts. Drilling down into one of these pointers, I then further drill into the object entry pointer at 0x18. This where I begin questioning whether I have done this correctly. It is my understanding that at this particular offset I should be seeing GUID and type for the object. (objectType at 0x10, objectGUID at 0x18) [4]

Image Reference [4]: Screenshot - 882a59e7748839256481b1c794324362 - Gyazo

Through reviewing the forums, I identified the following types:

[0] = "Object",
[1] = "Item",
[2] = "Container",
[3] = "AzeriteEmpoweredItem",
[4] = "AzeriteItem" ,
[5] = "Unit",
[6] = "Player",
[7] = "ActivePlayer",
[8] = "GameObject",
[9] = "Dynamic",
[10] = "Corpse",
[11] = "Areatrigger",
[12] = "Scene",
[13] = "Conversation",
[14] = "AiGroup",
[15] = "Scenario",
[16] = "Loot",
[17] = "Invalid".

Many of these are also referenced directly in IDA, as noted during my analysis near the object manager functions.

I do not see these specific values reflected in cheat engine at the expected offset however. If I change type for the value to single byte (hex) or single byte, it seems to match what I would expect, but I'm not sure if that is just coincidence, or if the structure generated by CheatEngine is incorrectly assigning “Type: 4 byte (hex)" to some things. [5]

Image Reference [5]: Screenshot - aeb5de6c736ae34804fb6b8035cbee8e - Gyazo

Assuming the latter, this object would be a “Unit” object. I'm also thinking that maybe my alignment value is wrong. Should it be 8 bytes instead of 4? I see some erroneous data in the entity array, most of the time directly below what appears to be a malformed pointer. I don't have a current screen capture of this anomaly but it has added to my confusion.

Beyond this, is where the severe doubt enters the picture. I wanted to try and correlate some of my findings with object names, or coordinates to see if what I had found aligned with what is in game, and my shortlived confidence was shattered.

Via this post: https://www.ownedcore.com/forums/wor...ter-names.html I gathered that the offsets for name are as follows:

Code:

[objectaddress + 0x148] + 0xE0

However, when looking at the offset in cheatengine, there's definitely not a pointer there. In fact, it's a rapidly cycling mess of data.
I suspect that I must have the wrong offset values somewhere, am going about this using outdated information, or am missing something entirely from the process. I vaguely recall a post from Razzue hinting that Unit and Object are not the same thing, but surely the object manager must contain references to nearby units, no? Is there a separate array for each type? I will keep reading.

I've written a pixel bot from scratch, and while it works great in most circumstances, my framerate drops significantly when in a largescale encounter. Converting all of the data I wish to collect to pixels is not always feasible or resource friendly. Then there is the delay between that conversion and my external capture and read of those pixels. I intend to rewrite my bot to do all reads externally via readprocessmemory, hence my interest in this subject.

I'm not one to easily give up, and will continue doing independent research with or without assistance, as is to be expected. I appreciate any insight anyone may provide here, regardless.

TL : DR
I don't want to be spoonfed information. A quick sanity check to solidify my understanding of the object manager (or confirm my lack of understanding and provide a push in the right direction) for the current build of Wotlk Classic would be greatly appreciated. I believe I have correctly identified the object manager and am trying to visualize information within cheatengine before writing code to retrieve the values I need. I'd like to ultimately be able to retrieve information about the objects, such as name and coordinates via retrieval from the object manager, but seem to be hitting a brick wall here. I can identify these values externally from the object manager, but am trying to gain a better understanding of the inner workings of the game.

Thank you for your time, and any feedback you may provide. :)

[charles420]

your offsets seem wrong just saying obj manage hasn't changed just the list not exactly sure what you playing and or i don't care copy a sever cough even last live yout missing 2 if that

[charles420]

ill give u this if fig obj manager ill help your main issues on my dime mind you i just stopped wow games warden will be all you that shit wasent aids but aids id sell my dumps / lua stuff but meh my dumping will hate me finger prints hurt bets you wont fig out

[wardrive]

ill give u this if fig obj manager ill help your main issues on my dime mind you i just stopped wow games warden will be all you that shit wasent aids but aids id sell my dumps / lua stuff but meh my dumping will hate me finger prints hurt bets you wont fig out

I appreciate the feedback and thank you for your time. I'll continue with my research.

[wardrive]

Figured it out. Wrote my object manager in python.

Building out different classes for different object types now.

As is mentioned in other threads, if anyone stumbles across this post and runs into similar issues:
1. ObjectManager posts that are semi-recent are accurate and work.
2. CheatEngine auto-detect when generating a structure is dumber than hell sometimes and gets easily confused.
3. Razzues post's, and hrap's posts generally contain really good reading material. Check them out.