-
Contributor
Overwatch client dump/idb
Guys,
Here is the client I dumped with scylla and opened in IDA. Nothing more then that but can start to explore.
https://drive.google.com/file/d/0B7s...ew?usp=sharing
Hope we can get the ball rolling soon
Ace
-
Post Thanks / Like - 4 Thanks
-
Originally Posted by
aeo
Here is the client I dumped with scylla and opened in IDA. Nothing more then that but can start to explore.
Hope we can get the ball rolling soon
Thanks, I've made some excellent progress in the world of deep scanning and memory analysis, specifically in Legacy of the Void. If that game is any indication then standard methods of reverse engineering will probably fail due to automatic obfuscation. Every patch now it seems that all static pointers get messed up somehow, so perhaps start thinking of other strategies. When I get access I'll be able to see if any of my techniques can be applied for something like a quick ESP or Aimbot. Though it won't be as trivial as TF2 or CS :-P
-
Contributor
Yeah that's where I am at now, no access so its hard to realtime debug. However, everytime i attach x64dbg the process terminates even with scyllahide plugin so Im not sure what they are doing to protect it.
Why cant they just be like WoW and accidently release a .pdb
-
Originally Posted by
aeo
Everytime i attach x64dbg the process terminates even with scyllahide plugin so Im not sure what they are doing to protect it.
They're doing something serious, but VEH mode works (for now) so give that a shot.
Originally Posted by
aeo
Why cant they just be like WoW and accidently release a .pdb
That would be the dream!
Last edited by Torpedoes; 10-30-2015 at 05:25 PM.
-
Contributor
From what I have read the protection they use is called guardit . Not much info on it avaliable
-
Member
:shh:hopefully we can work a way around and the first thing i would do is to the find the address for the widomaker recon skill, it's the build in esp in game, i am guessing after casting it, client sends a trigger message to the server and then whole team got the recon message, if we can just lock the address for the recon skill to never run out locally, this might be the perfect esp, or maybe keep fake receiving the recon skill on client side, but it might be very easy to get detected:gusta:
-
Contributor
-
Contributor
Originally Posted by
Saridormi
:|
patch ida64.wll :3
-
Originally Posted by
aeo
Yeah that's where I am at now, no access so its hard to realtime debug. However, everytime i attach x64dbg the process terminates even with scyllahide plugin so Im not sure what they are doing to protect it.
Super old post, but since the thread was revived anyway I just wanted to comment on this.
I haven't taken a look myself, so this is all conjecture, but they probably have the game client attach to itself as the primary debugger. This prevents other processes from attaching themselves. This would also explain why VEH mode on debuggers would still work, as a process can have multiple vectored exception handlers installed at one time, but only one active debugger.
-
Originally Posted by
Maper
Super old post, but since the thread was revived anyway I just wanted to comment on this.
I haven't taken a look myself, so this is all conjecture, but they probably have the game client attach to itself as the primary debugger. This prevents other processes from attaching themselves. This would also explain why VEH mode on debuggers would still work, as a process can have multiple vectored exception handlers installed at one time, but only one active debugger.
Nah, not even VEH debugging works anymore. The game does not have any debugger attached but crashes as soon as it detects one through TLS callbacks and whatnot.
-
Post Thanks / Like - 1 Thanks
maper (1 members gave Thanks to Torpedoes for this useful post)