arm-mah-gerd (macOS since 10.2.6 53989)

**scizzydo** · 03-30-2024

Since there has been all this talk of mac & arm in the memory editing section, I decided to create this specific thread. Attached are some of the patterns I've found so far in converting my wow tool over to macOS (I will just leave patterns, not structures here)

Code:

SETUP_PATTERN(g_WoWClientDB2__Spell, "FD 83 00 91 X ? ? ? ? 73 ? ? 91 ? ? ? ? 21 ? ? 91 E0 03 13 AA /da");
SETUP_PATTERN(ptUnkForQuestObjectiveCache, "? ? ? ? 94 ? ? 91 E0 ? ? AA ? ? ? ? E0 ? ? AA E1 ? ? AA 02 ? ? 52 FD ? ? A9 F4 ? ? A8 ? ? ? ? ? ? ? ? 68 /da");
SETUP_PATTERN(CGQuestObjectiveCache__ObjectTrackedInQuest, "E1 ? ? AA 02 ? ? 52 FD ? ? A9 F4 ? ? A8 X ? ? ? ? ? ? ? ? 68 /da");
SETUP_PATTERN(CMissile__s_inFlightMissileList, "09 ? ? F9 X ? ? ? ? 08 ? ? 91 68 ? ? F9 ? ? ? ? 28 ? ? F9 68 ? ? F9 /da");
SETUP_PATTERN(s_spellShadowPos, "89 ? ? ? X ? ? ? ? B5 ? ? 91 E9 ? ? B9 /da");
SETUP_PATTERN(g_lasthardwareaction, "02 ? ? 0A X ? ? ? ? 1F 20 03 D5 /da");
SETUP_PATTERN(s_curMgr, "? ? ? ? 08 ? ? F9 09 81 04 91 /da");
SETUP_PATTERN(g_lua_taintedclosure, "09 ? ? F9 08 ? ? ? 68 ? ? ? X ? ? ? ? 1F 20 03 D5 /da");
SETUP_PATTERN(g_lua_taint, "E0 ? ? AA ? ? ? ? X ? ? ? ? 1F 20 03 D5 08 ? ? F9 E8 ? ? F9 ? ? ? ? 21 /da");
SETUP_PATTERN(g_lua_context, "FD ? ? ? X ? ? ? ? 60 ? ? F9  ? ? ? ? 21 ? ? 91 02 ? ? 52 ? ? ? ? 60 /da");
SETUP_PATTERN(g_type_table, "E0 ? ? BD E8 ? ? 39 X ? ? ? ? 18 ? ? 91 08 ? ? ? 00 /da");
SETUP_PATTERN(g_MouseoverGUID, "09 ? ? F9 29 ? ? ? X ? ? ? ? B5 ? ? 91 3F /da");
SETUP_PATTERN(g_game_state, "C0 03 5F D6 X ? ? ? ? 08 ? ? 79 00 ? ? 53 C0 03 5F D6 /da");
SETUP_PATTERN(g_screen_ratio_compensation, "00 ? ? BD X ? ? ? ? 00 ? ? 91 ? ? ? ? ? ? ? ? ? ? ? ? 00 ? ? 91 /da");
SETUP_PATTERN(g_unkContainsMouse, "C0 03 5F D6 X ? ? ? ? 1F 20 03 D5 08 ? ? F9 09 ? ? F9 /da");
SETUP_PATTERN(g_CurFrame, "1F ? ? 39 X ? ? ? ? 18 ? ? 91 14 03 40 F9 /da");
SETUP_PATTERN(g_corpse, "68 ? ? B9 X ? ? ? ? 94 ? ? 91 69 ? ? B9 88 ? ? B9 /da");
SETUP_PATTERN(g_zone, "68 ? ? B9 X ? ? ? ? 28 ? ? B9 ? ? ? ? ? ? ? ? 00 ? ? 91 /da");
SETUP_PATTERN(CGGameUI__HandleTerrainClick, "1F 05 00 71 ? ? ? ? E0 ? ? AA X ? ? ? ? 60 ? ? ? 88 /da");
SETUP_PATTERN(GUIDToString, "E0 ? ? AA 02 ? ? 52 X ? ? ? ? 88 ? ? ? 80 /da");
SETUP_PATTERN(g_spellDB, "1F 00 00 F1 F6 ? ? ? X ? ? ? ? 00 ? ? 91 E3 ? ? 91 E1 ? ? AA /da");
SETUP_PATTERN(WowClientCompressedDBCache__GetRecord, "1F 00 00 F1 F6 ? ? ? ? ? ? ? 00 ? ? 91 E3 ? ? 91 E1 ? ? AA 02 ? ? ? X ? /da");
SETUP_PATTERN(CUnitDisplay__GetCurrentAnimation, "C8 ? ? ? E0 ? ? AA 21 ? ? 52 X ? ? ? ? E1 ? ? AA ? ? ? ? 00 ? ? 91 /da");
SETUP_PATTERN(CGGameObject_C__GetLockRec, "E0 ? ? AA X ? ? ? ? 40 ? ? ? F6 ? ? AA 01 /da");
SETUP_PATTERN(ptCGWorldFrameStrc, "E3 ? ? FD E0 ? ? BD X ? ? ? ? 1F 20 03 D5 /da");
SETUP_PATTERN(CGWorldFrame__Intersect, "03 00 80 D2 25 ? ? ? 05 ? ? ? X ? ? ? ? A0 /da");
SETUP_PATTERN(CGWorldFrame__GetScreenCoordinates, "E2 ? ? 91 E0 ? ? AA 03 00 80 52 X ? ? ? ? A0 /da");
SETUP_PATTERN(CGMovementShared__SetRawFacing, "A0 ? ? BD E0 ? ? AA X ? ? ? ? 60 ? ? 34 /da");
SETUP_PATTERN(CGUnit_C__SendMovementHeartBeat, "E0 ? ? F9 X ? ? ? ? E0 ? ? 91 ? ? ? ? 68 /da");
SETUP_PATTERN(Script_GetGUIDByToken, "01 00 80 52 03 00 80 52 04 00 80 52 05 00 80 52 X ? ? ? ? E8 03 00 AA /da");

The pattern scanner I use is the one I have made and am constantly updating: GitHub - scizzydo/PatternScanner
From my retail wow tool, I have about ~70 patterns... so this is just the first chunk identified. I have scanned against 2 previous release, so I haven't had time to build "reliable" patterns.

Feel free to use this thread for any macOS/arm questions there are as these forums are kinda empty on that part! I will be updating my stuff as I go.

3/30/2024
Added more signatures

**scizzydo** · 03-30-2024

The following is what I use to dump the game: macOS x86_64 executable dylib dumper . GitHub

Idea with it is, inject dylib (DYLD_INSERT_LIBRARIES or inject) and just close client. Alternatively, I have started using Bit Slicer, which also can dump the game from memory.

**scizzydo** · 03-30-2024

Added a total of 30 patterns, and updated pattern scanner accordingly with what has been tested.

**_chase** · 04-10-2024

+1 for the name.

Hopefully not hijacking, but created a blizzget kinda clone in rust. Wanted to throw it up here because it might help for others to download the other architecture and operating system builds from one machine.
I have to take a peek and see if I can get it to download the mac builds too. Its a real quick tool I wrote up. In the main download command I think the name filter just needs to be changed to also grab the mac binaries.

GitHub - ohchase/blizztools: a super sloppy, quick tool for interact with blizzard cdn

**Archos** · 04-12-2024

If you want to extract binaries from a Universal Binary (FAT Mach-O) you can also use the below command ("x86_64" or "arm64")

Code:

lipo -extract arm64 wow -output wow_arm64

**scizzydo** · 04-12-2024

Originally Posted by Archos

If you want to extract binaries from a Universal Binary (FAT Mach-O) you can also use:

Code:

lipo universalBinary -remove x86_64 -output armBinary

Good note. I think the main thing though isn't about extracting the arm or x86, but dumping the decrypted version.

**Archos** · 09-18-2024

Do you happen to have an example showing how this is implemented?

**scizzydo** · 09-18-2024

Originally Posted by Archos

Do you happen to have an example showing how this is implemented?

How what is implemented? If it's directed to me, my dumper and pattern scanner are linked already

**goblin2kx** · 09-26-2024

Anyone have this MacOS binary (53989) to share?

**scizzydo** · 09-26-2024

Originally Posted by goblin2kx

Anyone have this MacOS binary (53989) to share?

What is it you're looking for? I can update patterns to whatever it is now. I didn't update the original post with new patterns, but i do have them

**Archos** · 09-27-2024

This makes sense. I was wanting to translate what you did to something like Rust or Python but it looks like I am missing a link lol

**goblin2kx** · 09-27-2024

Oh that would be awesome, I just wanted a recent reference with working patters that I could use as a baseline. Most of the patterns on the forums (some are more comprehensive but are older) and I just recently started doing this so I can't find any binaries that are post BFA (8.x) that I could use as a reference for current retail. Yours is one of the latest set of patterns to current retail that I could find.
Thanks in advance

**surrept** · 01-28-2025

anyone else working on ARM binaries/osx these days? i had a decent amount of experience on ida/x86 back around 2010-2012 (back when ppl were using gamedeception), I was wondering what disassembler ppl were using these days. I started looking into reversing the binary now that I have a mac.

there isn't a free IDA support for ARM afaik, are people using ida pro, ghidra, hopper? something else? ghidra takes forever on my beefy macbook pro.

Shout-Out

User Tag List

Thread: arm-mah-gerd (macOS since 10.2.6 53989)

Thread Tools

Search Thread

arm-mah-gerd (macOS since 10.2.6 53989)

Similar Threads

[Selling] 14m gold, $10 USD per 1m. | I.D. Verified | Paypal verified | Member since 2009

[Selling] 12m gold, $10 USD per 1m. | I.D. Verified | Paypal verified | Member since 2009

[Selling] 9m gold, $10 USD per 1m. | I.D. Verified | Paypal verified | Member since 2009

[Selling] 5m gold $10 usd each | Paypal Verified | Member since 2009

[Ulduar 10] Easy "With Open Arms" achievement.

OwnedCore Forums

casino

CoreCoins

My OwnedCore

About Us

Casino