-
Private
Unable to attach debugger
Heroes of the Storm crashes when I attempt to attach cheat engine's debugger to it, if anyone knows a way around this I'd love to know.
- Hopps
-
Legendary
-
Would like to kindly request this be moved to the shiny new exploits section. Also wondering if anyone's made any progress on this. That steam anti-debug DLL didn't appear to work. But I'm also not sure what I'm doing yet.
Last edited by Torpedoes; 05-13-2015 at 03:27 PM.
-
Legendary
The above thing definitely worked fine back in Alpha, not sure this is still a case.
Edit: hidden threads still here, but they added something else that makes game crash when debugger is attached.
Last edited by TOM_RUS; 05-13-2015 at 07:50 PM.
-
Originally Posted by
TOM_RUS
Hidden threads still here, but they added something else that makes game crash when debugger is attached.
Just to be sure, were you injecting the above DLL as-is into heroes at launch? Or did you modify it and attach it to something else?
-
Legendary
Originally Posted by
Torpedoes
Just to be sure, were you injecting the above DLL as-is into heroes at launch? Or did you modify it and attach it to something else?
I have custom launcher that works like blizzards HeroesSwitcher.exe, it injects the DLL as is.
-
Small update, I extended that Steam Anti-Anti-Debug DLL to detour both IsDebuggerPresent and CheckRemoteDebuggerPresent as well. The game imports and makes use of IsDebuggerPresent but not CheckRemoteDebuggerPresent. Unfortunately this didn't solve anything, and furthermore, my test account got a 72 hour suspension as soon as I tried it. I tried it on another account, no suspension yet so it must have been triggered by all the analysis I was performing in the past two days. Either way I'm out of ideas for reversing this game for now, I'll try again in a little while. Blizzard has definitely upped their game though.
UPDATE 1: Made a few more additions to the DLL. Based on this and this. I used NtQueryInformationProcess to get the PEB and make sure BeingDebugged stays zero. I also detoured it to ignore the ProcessDebugPort request (which the game calls a lot). All in all I was able to get the debugger working on the login and menu screen. In game it continues to fail, Blizzard really doesn't want us debugging mid-game but we're inching closer.
UPDATE 2: ...and my second test account got suspended. I'm gonna go do something more productive now
Last edited by Torpedoes; 05-19-2015 at 12:20 AM.
-
So guess what everyone... Turns out that everything we did with detouring and injecting DLL's was pointless. You can debug the game easily with Cheat Engine using VEH mode (Edit > Settings > Use VEH Debugger) - defaults for everything else. I suspect other debuggers have similar options. Now quite frankly I have no idea what this option does or how it works but I read about it on the Cheat Engine forums for another game and it happens to work for Heroes as well. Obviously use this on test accounts only, though I haven't been banned yet. If you manually place breakpoints the game will crash as per usual but at least you can step through once before restarting the game. If anybody has more info about VEH mode, please let me know.
-
Contributor
-
Post Thanks / Like - 1 Thanks
Torpedoes (1 members gave Thanks to Midi12 for this useful post)
-
Private
Originally Posted by
Torpedoes
So guess what everyone... Turns out that everything we did with detouring and injecting DLL's was pointless. You can debug the game easily with Cheat Engine using VEH mode (Edit > Settings > Use VEH Debugger) - defaults for everything else. I suspect other debuggers have similar options. Now quite frankly I have no idea what this option does or how it works but I read about it on the Cheat Engine forums for another game and it happens to work for Heroes as well. Obviously use this on test accounts only, though I haven't been banned yet. If you manually place breakpoints the game will crash as per usual but at least you can step through once before restarting the game. If anybody has more info about VEH mode, please let me know.
thank you for the useful post! I tried a bit and I found that using INT3 instead of HW would allow continue debugging even after the first break.
-
Originally Posted by
thewisp
thank you for the useful post! I tried a bit and I found that using INT3 instead of HW would allow continue debugging even after the first break.
Thanks for the info, I'll have to try it next time I'm reversing the game.
-
Unfortunately Blizzard put in protection against VEH and KernelMode debugging in training+ games. Looks like we'll need to find some alternative ways of reversing this game, unless anybody has some suggestions.
-
Private
Originally Posted by
Torpedoes
Unfortunately Blizzard put in protection against VEH and KernelMode debugging in training+ games. Looks like we'll need to find some alternative ways of reversing this game, unless anybody has some suggestions.
the alternative way is to reverse SC2 instead of heroes. since SC2 will always need to support editor, it always needs to be usable without battle.net.