DLL Injection problem with 2.6.1.49177 PTR build menu

User Tag List

Page 1 of 3 123 LastLast
Results 1 to 15 of 41
  1. #1
    R3peat's Avatar Site Donator while(true) CoreCoins Purchaser
    Reputation
    190
    Join Date
    Aug 2012
    Posts
    424
    Thanks G/R
    0/132
    Trade Feedback
    66 (98%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    DLL Injection problem with 2.6.1.49177 PTR build

    loadlib fails and manualmapping seems like doesnt execute the entrypoint so this fails aswell

    anyone in here noticed the same? or is it just me or cause of the weird baseAdr of mainModule compared to live build?

    DLL Injection problem with 2.6.1.49177 PTR build
  2. #2
    bastiflew's Avatar Active Member
    Reputation
    41
    Join Date
    Aug 2012
    Posts
    98
    Thanks G/R
    1/4
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I don't do injection, but I noticed that the exe is now packed and there's some antidebugger protection.
    In memory the structure didn't change much, I didn't go deeper for now.

  3. #3
    R3peat's Avatar Site Donator while(true) CoreCoins Purchaser
    Reputation
    190
    Join Date
    Aug 2012
    Posts
    424
    Thanks G/R
    0/132
    Trade Feedback
    66 (98%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    packed mhh ? so this "new" modulebase would make sense yeah. but still it doesnt make any sense that i cant inject into it.

  4. #4
    bastiflew's Avatar Active Member
    Reputation
    41
    Join Date
    Aug 2012
    Posts
    98
    Thanks G/R
    1/4
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I'm not an expert tho, I'm trying to dump D3 memory and work on it with IDA, for the bindiff.
    If you have any tips I'll be glad to ear it

  5. #5
    R3peat's Avatar Site Donator while(true) CoreCoins Purchaser
    Reputation
    190
    Join Date
    Aug 2012
    Posts
    424
    Thanks G/R
    0/132
    Trade Feedback
    66 (98%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    i just loaded Diablo III64.exe into IDA and analyzed it. no success yet with IDA 7.0 and a dump of running x64 client

    or do u mean u wanna diff several memory sections with previous dumps?

  6. #6
    R3peat's Avatar Site Donator while(true) CoreCoins Purchaser
    Reputation
    190
    Join Date
    Aug 2012
    Posts
    424
    Thanks G/R
    0/132
    Trade Feedback
    66 (98%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    lel with build 49286 it looks like they added even more antidebug stuff

    it insta crashes the x64 client when i attach x64dbg(with scylla anti-antidebug patch)

    my pattern scan for objMgr and localData is fucked up with latest build. tried several byte patterns from old binary but i cant find anything in latest build. what have they done ^^ =?

    - atleast not in the x64 binary. if its packed somehow it would make sense that i cant find it. i mean i scan for like 50 addresses and 10 of them cant be found
    Last edited by R3peat; 02-16-2018 at 06:34 AM.

  7. #7
    bastiflew's Avatar Active Member
    Reputation
    41
    Join Date
    Aug 2012
    Posts
    98
    Thanks G/R
    1/4
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    yeah I scanned the objectmanager, no static ptr from Diablo III.exe module.
    The structure inside the objman is almost the same tho.
    For now i'll go with a sig scan for objman, i'll see later how I handle this issue

  8. #8
    xblade2k7's Avatar Active Member
    Reputation
    48
    Join Date
    Jun 2009
    Posts
    277
    Thanks G/R
    101/32
    Trade Feedback
    0 (0%)
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    maybe THUD dead?

  9. #9
    bastiflew's Avatar Active Member
    Reputation
    41
    Join Date
    Aug 2012
    Posts
    98
    Thanks G/R
    1/4
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I'm pretty sure that R3peat/KillerJohn/Enigma will figure it out

  10. #10
    R3peat's Avatar Site Donator while(true) CoreCoins Purchaser
    Reputation
    190
    Join Date
    Aug 2012
    Posts
    424
    Thanks G/R
    0/132
    Trade Feedback
    66 (98%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by bastiflew View Post
    yeah I scanned the objectmanager, no static ptr from Diablo III.exe module.
    The structure inside the objman is almost the same tho.
    For now i'll go with a sig scan for objman, i'll see later how I handle this issue
    so u go with a sig scan for objMgr internal struct?

    i mean i read something about WoW that they added encryption of several localData pointers and stuff and that it changes onStartup

  11. #11
    bastiflew's Avatar Active Member
    Reputation
    41
    Join Date
    Aug 2012
    Posts
    98
    Thanks G/R
    1/4
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I didn't go deeper, but for now I found the location, objmanager (with sig scan), and actors, acd, quests etc. are working.
    the objman is smaller by 0x30 I think, I will try to finish this week end.

  12. #12
    R3peat's Avatar Site Donator while(true) CoreCoins Purchaser
    Reputation
    190
    Join Date
    Aug 2012
    Posts
    424
    Thanks G/R
    0/132
    Trade Feedback
    66 (98%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    and the locations u found are static? or do u have to run a pattern scan every startup ?

    dont rly have time currently to reverse the stuff they added cause i have to work on another project

    //Bases

    const __int64 ObjectManager = 0x0; //
    const __int64 LevelArea = 0x0; //
    const __int64 LocalData = 0x7FF692622138; //
    const __int64 PowerDef = 0x7FF6926CACC0; //
    const __int64 AttributeDescriptors = 0x7FF692695D70; //
    const __int64 AttributeDescriptorsCount = 0x7FF691277F7F; //
    const __int64 UI_Interact_Functions = 0x7FF692321008; //
    const __int64 ParagonPointWindowStats = 0x7FF6925F4CA0; //
    const __int64 SelectedSkillSlot = 0x7FF6925F4C78; //
    const __int64 SelectedActiveSkill = 0x7FF6925E1290; //
    const __int64 SelectedPassiveSkills = 0x7FF6925E1280; //
    const __int64 SNOGroups = 0x7FF692622040; //
    const __int64 TrickleManager = 0x0; //
    const __int64 PlayerStashBase = 0x7FF6925A1E78; //
    const __int64 UIEnchantBase = 0x0; //
    const __int64 MessageDescriptors = 0x7FF692734398; //
    const __int64 NetBase = 0x7FF6925F5570; //
    this is what my generator spit out
    Last edited by R3peat; 02-16-2018 at 04:09 PM.

  13. #13
    bastiflew's Avatar Active Member
    Reputation
    41
    Join Date
    Aug 2012
    Posts
    98
    Thanks G/R
    1/4
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I run in x86, but yes, location seems static (what you call LevelArea ? Location + 0x44 = Area)
    For ObjMan, I have a "pattern" to find it, there's also static path with other modules, but i'm not sure it's reliable from one computer to another.
    I'll update this thread as soon I've done with my update
    Thanks for the updates

  14. #14
    R3peat's Avatar Site Donator while(true) CoreCoins Purchaser
    Reputation
    190
    Join Date
    Aug 2012
    Posts
    424
    Thanks G/R
    0/132
    Trade Feedback
    66 (98%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    x86 ^^ i just work on x64 binaries

  15. #15
    bastiflew's Avatar Active Member
    Reputation
    41
    Join Date
    Aug 2012
    Posts
    98
    Thanks G/R
    1/4
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I have to work in x86 to be compatible with every user, but yes, I would like to migrate to x64.

Page 1 of 3 123 LastLast

Similar Threads

  1. [Help me]Problem with using function pointer in Debug builds
    By wanyancan in forum WoW Memory Editing
    Replies: 6
    Last Post: 01-06-2010, 05:06 AM
  2. DLL Injection Problems
    By lanman92 in forum Programming
    Replies: 4
    Last Post: 06-18-2009, 11:24 PM
  3. DLL injection with windows SP3
    By Therrm in forum World of Warcraft Bots and Programs
    Replies: 3
    Last Post: 12-06-2008, 03:03 PM
  4. What are the risks with DLL injection?
    By object in forum WoW Memory Editing
    Replies: 14
    Last Post: 08-22-2008, 09:23 PM
  5. problem with 4541 dlls
    By rahburt33 in forum World of Warcraft Emulator Servers
    Replies: 4
    Last Post: 05-08-2008, 12:46 PM
All times are GMT -5. The time now is 03:19 AM. Powered by vBulletin® Version 4.2.3
Copyright © 2024 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2024 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search