Leecher question.

[lweid]

I am aware that I am of leecher status, and since this community holds high the values of "You get what you put into it" I understand if no one wants to answer my question.

Also, I am new here, it seems this site has been around for awhile its a shame i have just discovered it.

Anyways I have some experience reading and writing memory, pattern searching etc, but something I have never done is injected code.

I would like to point out a post made by a user here named Evieh that I came acrossed which contained the WMOcollision offset.

Now this is where I would like some direction and correction if possible;

after adding that offset to the base address of WoW, which I obtain with Module32First (since i use win7 and i think aslr plays a role? not sure), i come to what I would assume is a function jump, with an opcode of 2 bytes.

If I wanted to prevent that function from being called? Would I just write an array of 2 bytes 0x90 (NOP)? or am I going about it all wrong lol?

I dont want someone to hold my hand, I just want someone to point me in the right direction and I will figure it out by myself.

Thank you.

[lweid]

Here is what I have done, based on my own theory. This will probably appear amateur to many of you, but please keep in mind that I am still learning

It was/is my initial thought that the WMOcollision function is called before entering the world so what I did is i wrote a program to spawn WoW with createprocess. Then,
I nop'd the operation codes at base+WMOcollisionoffset. I did this in an attempt to reach it before WoW's program control flow actually reached that point in the instruction.
But to no avail this did not work.

If I am going about this wrong, and or my theory is wrong please! let me know

My only other guess would be too run something injected, not sure if you would recall the function using FARPROC(address) to disable it?

Really I know this must sound silly, but I'm just going off trial and error =/

[lweid]

Solved

Evieh, if you do read this, thanks for the offset. However after analyzing .text a little more I noticed it is necessary to patch multiple conditional jumps, instead of a single one.

But im sure you know this :P