[HELP] Find 64bit objectmanager

[waskas]

I’ve been browsing these forums for a while and finally decided to start working on a bot. I know this question has been asked a lot of times, but I still can’t seem to manage finding the Object Manager offset, and some of the threads that talk about this subject are pretty old.
Context:

• I’m trying to find the offset for beta’s current build: 7.0.3.22248
• I’m working on the 64 bit client
• I want to find the offset for the first time, not diffing from a previous version.
• I’m using IDA to disassemble the wow binary, so no function names.

What I’ve tried/learnt so far:

• TLS: Finding the ObjectManager in memory by accessing TLS, slower method and from the looks of it not working anymore since 5.0
• Finding the pointer and offset to ObjectManager by looking at the code of a specific function. Can’t do because I don’t have function names.
• Finding the pointer and offset to ObjectManager using the aObjectmgrclien tag.

This seems the best choice in my scenario, so based on this two x86 references:
http://www.ownedcore.com/forums/worl...onnection.html ([3.1.2][mac] How do I find sCurMgr/g_clientConnection?)
We write bot for MMORPG with the assembler and dreneyka. Part 3 ? IT daily blog, news, magazine, technologies
I search for the aObjectmgrclien tag, but it has 105 xrefs, and I don’t know which one should I look into to find the offsets. I’ve tried looking for some code similar to the one shown by the two above links, but with 64bit registers and I haven’t found nothing similar.
Does this method still work? I’m doing something wrong till this point? Should I expect the code I should look for be similar to the 32bit or the 64bit code can be quite different?

[danwins]

One way you could try is looking for some easy to find lua script function that calls ClntObjMgrGetActivePlayer or something similar that references the s_curMgr offset you are looking for.

[TOM_RUS]

Search for references to any of those strings

Object manager list status: (use gmvision to see server onlys)
Active objects: %u (%u visible)
Units: %u, GameObjs: %u Items: %u, Other: %u
Objects waiting to be freed: %u objects

That will lead you to a function (callback of "ObjUsage", "ShowObjUsage" console commands) that has everything you need for object manager.

[waskas]

Got it! Thx TOM_RUS, that function is much easier to find!

[Torpedoes]

I'm sure you've seen (Writing Bots with Robot-js)this already but it might help you with some of the implementation details. Assuming most of this carries over to Legion.