The Free Lunch Is Over - Obfuscation is Coming

[Zazazu]

I have a prediction. Very soon ...

I'm more confused by the fact that Blizzard makes it clear that he is watching over you and is perfectly aware of what you are running and what exactly is attached to the WoW.

I have a prediction. Banwave is coming (c) ....

[Torpedoes]

Where did you see this, I cant see dates specified anywhere?

Here you go.

I have a prediction. Banwave is coming

Banwave is always coming :-P

You either stop playing early, or you play long enough to see yourself getting banned.

[lululalaland]

so ... it seems that since 7.3 has been out there havent been any SIG removed wow.exe released. I assume there are some problems ... just like with tmorph since journey hasnt yet decided to update it or not for safety reasons.
However i cant play the game like that. I hate the animations i just need my mods to actually not hate the gameplay of legion so much.
Guess i will have to go back to playing on private servers... well it was fun while it lasted but blizzard just has to kill everything for me

[GHT]

Has anyone else experienced this error and found a work around yet?

Code:

The instruction at "0x0000000000000000" referenced memory at "0x0000000000000000".

From my research, it only happens while in the world. I had my tools injected for 12 hours at login without issues.

[MrNoble]

Has anyone else experienced this error and found a work around yet?

Code:

The instruction at "0x0000000000000000" referenced memory at "0x0000000000000000".

From my research, it only happens while in the world. I had my tools injected for 12 hours at login without issues.

Ye, i also found that out.

When i get in login screen and wait 20 min, i enter world and get instant crashed.
When i login and enter world, i get a crash after x amount of time.

[GHT]

Ye, i also found that out.

When i get in login screen and wait 20 min, i enter world and get instant crashed.
When i login and enter world, i get a crash after x amount of time.

Are you hooking anything, it only happens when I hook it seems.

[doityourself]

Are you hooking anything, it only happens when I hook it seems.

The 32bit WoW gives you much more crashes while working with it. I fully switched to 64bit now and have no crashes atm.

To what ware you guys remapping? 0x40? 0x80? You should use 0x80 if you remap it.

For example hooking the send/recv functions works fine. Injecting and calling functions also works without remapping.

But sometimes I also get a 'The instruction at "0x0000000000000000" referenced memory at "0x0000000000000000".' crash just while playing^^

// edit: my state from last week^^

[WiNiFiX]

So Torpedoes, not really sure where to ask this question as your posts are locked, but whats the next game on your hacking radar, now that Blizzard made you run?
I guess this is the right place as it is this reason you stopped distrubuting your bots.

[DarkLinux]

Thinking about releasing a lib that will retrieve encrypted values for external programs. Currently, I have the local player pointer working. What else is encrypted?

Position is encrypted, the following function decrypts it (x86)

Code:

55 8B EC 56 8B 75 08 51 F3 0F 10 06 F3 0F 59 05 ?? ?? ?? ?? F3 0F

The player position does not look encrypted (0x124 -> 0x1C).

[GHT]

Thinking about releasing a lib that will retrieve encrypted values for external programs. Currently, I have the local player pointer working. What else is encrypted?



The player position does not look encrypted (0x124 -> 0x1C).

Quite sure he means CTM Position.

[DarkLinux]

Does anyone have a sig or offset for the current click to move function? I will also add that.

[MrNoble]

Are you hooking anything, it only happens when I hook it seems.

Nothing was hooked to it, i just get random crashes.

[Wildbreath]

i have some offsets and all those offsets valid for dumped memory map, but when i try to find it in game memory it fails (in process range)
noone found, but always found in ida

what i doing wrong? and how to do it now?

Code:

IntPtr currentAddr = IntPtr.Zero;
uint Max = 0;
index = 0;
uint old;
NativeMethods.MEMORY_BASIC_INFORMATION mbi = new NativeMethods.MEMORY_BASIC_INFORMATION();


while (true)
{
    NativeMethods.VirtualQuery(ref currentAddr, out mbi, (IntPtr)sizeof(NativeMethods.MEMORY_BASIC_INFORMATION));
    if (NativeMethods.VirtualProtect((IntPtr)currentAddr, mbi.RegionSize, 0x40, out old))
    {
        if ((uint)currentAddr < Max)
            return 0;
        else
            Max = (uint)currentAddr;


        for (int x = (int)currentAddr; x < ((uint)currentAddr + (uint)mbi.RegionSize); x++)
        {
            if (*(byte*)x == signature[index] || mask[index] == '?')
                index++;
            else
                index = 0;


            if (index >= signature.Length)
                return (uint)(x - signature.Length + 1);
        }
    }
    NativeMethods.VirtualProtect((IntPtr)currentAddr, mbi.RegionSize, old, out old);


    currentAddr = (IntPtr)(currentAddr.ToInt32() + mbi.RegionSize.ToInt32());


    if (len && ((uint)currentAddr >= (baseAddress + moduleSize)))
        return 0;


}

offsets is (x86)

Code:

CGGameUI__EnterWorld = "55 8b ec a0 ? ? ? ? 83 ec ? a8 ? 0f 85 ? ? ? ? 0c ? 53 a2"
lua_pushstring = "55 8b ec 83 7d 0c 00 75 ? ff 75 08 e8"
lua_pushnumber = "55 8b ec ? ? ? ? ? ? ? ? f2 0f 10 45 0c 8b 4a"
lua_pushboolean = "55 8b ec 8b 55 08 a1 ? ? ? ? 8b 4a 0c 89 41 0c 33 c0 39"
CGWorldFrame__Intersect = "55 8b ec 56 8b 75 0c 57 8b 7d 08 51 f3 0f 10 46 04 f3 0f 10 16"
InvalidPtrCheck = "55 8b ec 83 ec ? b8 ? ? ? ? 56 66 89 45 fc 33 f6 f7 c3 ? ? ? ? 73 ? c6 c1 ? 80 eb ? 81", 0x2f
FrameScript_RegisterFunction = "55 8b ec ? ? ? ? ? ? ? 6a ? ff 75 0c ? e8 ? ? ? ? ff 75"
FrameScript_UnregisterFunction = "55 8b ec ? ? ? ? ? ? ? 56 e8 ? ? ? ? ff 75 08 56 e8"
FrameScript_ExecuteBuffer = "55 8b ec ff ? ? ? ? ? ? ? ? ? ? ? ? ? ? 8b 3d ? ? ? ? 6a ? 5b 74 ? 39"
lua_tolstring = "55 8b ec 56 ff 75 0c 8b 75 08 56 e8 ? ? ? ? 59 59 8b c8 83 79 08 04 74"
GetGuidByKeyword = "55 8b ec 83 ec ? 53 56 57 e8 ? ? ? ? 8b 4d 08 89 45 f8 85 c9 0f 84"
CGGameUI__Idle = "55 8b ec 81 ec ? ? ? ? 33 c9 c7 45 f0 a5 62 1e 20 41 7e ? 8a db 7f ? c6 c1", 0x154
ClntObjMgrObjectPtr = "55 8b ec 83 ec ? 83 3d ? ? ? ? ? 57 75 ? 33 c0 5f 8b e5 5d c3 53 56 ff 75 08"
ClntObjMgrEnumVisibleObjects = "55 8b ec 53 56 57 8b 3d ? ? ? ? 33 db 43 8b b7 d8 00 00 00 56 e8 ? ? ? ? 59 33 c9 85 c0 0f 45 f1 56 e8 ? ? ? ? 59 85 c0 75 ? 85 f6"
GetUnitPosition = "55 8B EC 8B 89 ? ? ? ? 8D 41"
TerrainClick = "55 8b ec 83 ec ? 56 8b 75 08 6a ? 56 e8 ? ? ? ? 59 59 85 c0 74 ? e8 ? ? ? ? 8b f0 85 f6"
CPlayerC_ClickToMove = "55 8b ec 83 ec ? 53 56 6a ? 6a ? 8b d9 e8 ? ? ? ? ff 75 10 8b 75"
CanPerformAction = "55 8b ec 83 3d ? ? ? ? ? ? ? ? ? ? ? ? ? ? 77"

[Torpedoes]

So Torpedoes, not really sure where to ask this question as your posts are locked, but whats the next game on your hacking radar, now that Blizzard made you run? I guess this is the right place as it is this reason you stopped distributing your bots.

A big reason for me stopping is my lack of interest in developing this type of software and maintaining it; as I've no doubt expressed through my lack of updates these past two years. By getting out now, I get to leave on a high note and open up a path for new developers looking to create something similar. I was always more interested in researching and coming up with new reverse-engineering techniques, which I will continue through my various other projects. Whether people choose to apply that knowledge to Blizzard games is up to them, just know that I prefer to write software for developers rather than end-users.

[ostapus]

the problem is in your NativeMethods.VirtualProtect((IntPtr)currentAddr, mbi.RegionSize, 0x40, out old) call, i dont know why you need to change protection for simple search, however
0x40 corresponds to PAGE_EXECUTE_READWRITE, it wont work anymore. you can try change to 0x80 - PAGE_EXECUTE_WRITECOPY which supposed to work, but.. it doesn't work either in my testing.

so basically, because first VirtualProtect fails, block that does search - not executed.