Question about Injecting into WoW Classic (+ introducing myself, kind of)

[joshi205]

Hey Everyone,
loooong time lurker, first time poster. I'll preface my Questions with some unrelated ramblings about me.
[feel free to skip ]
I studied CS and worked mainly as a web/fullstack dev since then. Doing some hobbyist Gamedev whenever I have time.
I was always fascinated by automation of any form, and have written several Combatroutines/plugins for a few products, HBuddy, WAdvanced, some PoE stuff.. But always relying on people to provide the platform for me.
Due to some personal affairs, I currently have more time than I want, and decided to finally get deeper into gamehacking with the new year, dust off some of my very rusty cpp and work on my reversing skills.

So far the Results have been... well, let's say I got very comfortable with Typescript and the ease of just protyping and building things really fast. So it's slowly geting somewhere, but god damn is it satisfying when a concept clicks and you learn something new. I started with a good old fashioned book, "Game Hacking - Developing Autonomous Bots for Online Games" which is a bit dated, but it was a very nice introduction into asm, codecaves and other fun process & memory manipulation.
Armed with that knowledge, I just hacked away at some old old games, RTS, FPS, Solo RP games, some good nostalgia
Went from some live patching with xdgb attached to writing patches for the binary and some external console trainers, nothing fancy, definitely need to check out some graphic library hooking soon.
Next Step was injecting, which opened a lot more interesting possibilities, got stuck for a good while on x86 calling conventions, but beeing able to freely call gamefunctions is amazing.
So im pretty much hooked (pun not intended!) and wanted to tackle some of the bigger fish. I"m fully aware that I will get caught and banned 100% but atm that doesn't matter, I want to learn.

Found out pretty quick that runtime analysis & debugging of current day wow won't be happening, but thanks to @namreeb and their dumper I found a few starting points in the static analysis.
Also very thankful for the binary collection threads, checking old builds, especially the mac ones with debug symbols is super helpful, even after so many new changes/expansions.

So, with a few interesting offsets found, I wrote my first very simple dll, just to confirm my findings, and here's finally the question I wanted to ask.

[introduction end]

I can't seem to get any injection working, without knowing better I tried my very basic injector that so far worked for everything, using a combination of CreateThread and LoadLibrary. Couldn't get it to work.
I then looked for some manual mapping methods I blatantly copy pasted (definitely have to spend some time and learn about it out at some point, I'm not 100% grasping the PEHeader yet). The code seemed to work, I could inject all my old dlls in my other projects, but no luck in wow.
Tried out some other well known Injector with different methods, but none of them seem to work either. It's also not my dll, I can sucessfully (well, obv. the functionality doesn't work) inject it into other processes.
Now I was pretty sure that I would find some information about that, but I tried searching ownedcore and other hacking related sources and couldn't find anything, which makes me wonder..
Am I crazy? Is there no such protection and I just messed something up? And if there is, can someone point me to some ressources I can read up on?

Oh and if you made it to here and read all that, thanks!
Here's the offset (atleast from what I gathered in ghidra) of the objMgr in Classic 1.15.0.52610 : modbase + 0x32d5620
I haven't searched thoroughly for latest offsets here but a quick search didn't find anything, so I don't know if it has been posted already... not that it is hard to find in any way, but still, time to stop lurking, babysteps are still steps am i right?
Couldn't really test it since I can't inject, but a real quick and dirty RPM out of process confirmed the expected structure at that adress.

In any case, thanks for coming to my ted talk, have a good one!

[Razzue]

Just tested, injection via remote thread still works on retail/classic/vanilla. You were likely doing it wrong.

Full c# injection of a library compiled with NativeAOT (No bootstrapping the runtime): GitHub - Razzue/Warcraft-AOT: Full c# internal library for world of warcraft.

[joshi205]

success.png

Well, thank you for the sanity check, I figured it was something on my side after I found almost no info about it.
Also a huge thanks to all your info and threads all over this section, already learned quite a lot from your contributions.
That C# repo looks very interesting, last time I touched C# was for Honorbuddy in WoD, I'll definitely keep that bookmarked, cpp still confuses my typescript brain from time to time
I didn't even think of it because of the runtime but I wasn't aware that its possible to compile ahead of time, thats amazing, thanks for sharing!


Oh for anyone wondering why my injection didn't work... CreateThread seems to be hooked and blocked from running or something along those lines, maybe an interesting thing to reverse sometime.
_beginthreadex did work though.

[xzidez]

success.png
Oh for anyone wondering why my injection didn't work... CreateThread seems to be hooked and blocked from running or something along those lines, maybe an interesting thing to reverse sometime.
_beginthreadex did work though.

Odd, I think CreateThread should just work just fine. I use this in classic without anything fancy

[helloworld1024]

CreateThread easily causes deadlock in dllmain.
It is recommended to DisableThreadLibraryCalls before creating threads.
and use std::thread.detach() instead.

[ditmebibane]

Some part i want to share for path of learn RE, those thing will connect together for understand picture
- about process memory ( Heap, stack)
- PE ( header, section,...) how an module loaded
- Start learn Assembly language. This require for all context ( internal/external ). current x64 so easy to learn, all thing really clean
- ... a lot more else but those thing above is good for start
- ... keep check github for see another ppl stuff and learn form scratch