Eidolon decrypt

[Hrap]

Hi guys, as I understand it, the fact that I can no longer read code from an external program in Pandaria Classic is also related to Eidolon and the only solution at the moment is the above code using code injection?


Is it possible to implement something similar from an external program?

[numerbo]

Hi guys, as I understand it, the fact that I can no longer read code from an external program in Pandaria Classic is also related to Eidolon and the only solution at the moment is the above code using code injection?


Is it possible to implement something similar from an external program?

The game will decrypt itself from a few different ways, for example if you were to use the games imported memcpy it would have the same affect - or there's a ton of memcpy adjacent library functions, functions that just read or write arbitrary memory. It's possible to have similar affects externally but what is the point. Just manually map a dll and use a proper spoof call that doesn't break stack unwinding and they won't really see or care about you unless you give them a reason to and you'll bypass all the eidolon runtime garbage by acting like you're part of the game.

[numerbo]

Code:

0:  48 8b 01                mov    rax,QWORD PTR [rcx]
3:  c3                      ret

Thats pretty clever. Kudos to whoever figured that out.

Any volatile register could be used in place of rax right? I have no idea what the possibility is that this specific pattern can't be found. Probably very unlikely.

I guess there's several variations on this gadget hey.

Code:

0:  80 39 00                cmp    BYTE PTR [rcx],0x0
3:  c3                      ret

any code that causes a dereference will trigger this, you just have to get the address into the registrar. They probably eventually will walk the stack backwards or add trap pages but you should only use this code to get a decrypted binary and not rely on it to handle your full bypass stack.

[numerbo]

hello guys, can someone orient me to how to dump the binary, i used to use the namreeb dumper , it is not working anymore, do you guys have some tips, on how to dump or create my own ?

just decrypt and use x64dbg

[Hrap]

The game will decrypt itself from a few different ways, for example if you were to use the games imported memcpy it would have the same affect - or there's a ton of memcpy adjacent library functions, functions that just read or write arbitrary memory. It's possible to have similar affects externally but what is the point. Just manually map a dll and use a proper spoof call that doesn't break stack unwinding and they won't really see or care about you unless you give them a reason to and you'll bypass all the eidolon runtime garbage by acting like you're part of the game.

Could you please help me with this and suggest an implementation? I've been using external programs for years and now everything's broken. The last time I tried using DLL injections, I got banned.

I'm afraid the same thing will happen this time, and I won't have enough accounts to get a proper implementation.)


You're writing about a fake call. Could you explain this in more detail?

[Hrap]

Sorry for the noob question but
What do you mean by manually connecting the library What do you mean by manually connecting a library and how is manual connection different from regular connection?

[InnerSilence]

Sorry for the noob question but
What do you mean by manually connecting the library What do you mean by manually connecting a library and how is manual connection different from regular connection?

Are you translating the text? He mentioned manual mapping not connecting. It is a technique regarding injecting a Dll into the target process. It doesn't easily solve your problem tho, since you said you are external. The player object is also no longer part of the object manager entity list as far as I can say and obtaining a reference to it requires more effort. They can do it with other objects too. Well, this new protection so far seems more effective against the external tools while 99% of bots out there are using unlockers anyway so seems they did it because it seemed cool

[Hrap]

Heh, I'll have to adapt the bot for use with the unlocker. one while I look for a working way to inject the DLL. I'm trying nt-mapper from a related thread, and the DLL seems to load, but the code isn't executing.

Does anyone know of a working injector?

I would be very grateful for any hint or advice

[InnerSilence]

Are you translating the text? He mentioned manual mapping not connecting. It is a technique regarding injecting a Dll into the target process. It doesn't easily solve your problem tho, since you said you are external. The player object is also no longer part of the object manager entity list as far as I can say and obtaining a reference to it requires more effort. They can do it with other objects too. Well, this new protection so far seems more effective against the external tools while 99% of bots out there are using unlockers anyway so seems they did it because it seemed cool

I just want to correct myself. Player object is indeed in the entity list. No manual mapping or injection is needed for an external tool.

[Hrap]

I just want to correct myself. Player object is indeed in the entity list. No manual mapping or injection is needed for an external tool.

But the program I used to search for templates no longer works, although everything worked before the recent update and ReClass now reads empty memory at the base address of the process
How can I now read memory from an external application, what has changed?

[InnerSilence]

But the program I used to search for templates no longer works, although everything worked before the recent update and ReClass now reads empty memory at the base address of the process
How can I now read memory from an external application, what has changed?

As I said it's possible, but not as easy as before. You must make sure the memory page is loaded before trying to use your tool to find offsets. Using the same technique discussed in this topic. You can as well use an unlocker and save the headache and do the fun stuff.

[Hrap]

As I said it's possible, but not as easy as before. You must make sure the memory page is loaded before trying to use your tool to find offsets. Using the same technique discussed in this topic. You can as well use an unlocker and save the headache and do the fun stuff.

As I understand it, in order to use the method from this topic, I need to execute the code translated here from inside wow to decrypt the memory, right?

[numerbo]

But the program I used to search for templates no longer works, although everything worked before the recent update and ReClass now reads empty memory at the base address of the process
How can I now read memory from an external application, what has changed?

Cheat engine just works fine for me and its structure tools are way better.

Not seeing anything that’s inherently blocking memory access externally from any blizzard game. Wouldn’t use it for your cheat tho.

Use thread hijacking if you don’t know how to reverse and you’ll be alright.

Warden is still UM just don’t be dumb and you can hook things intelligently. Watch sys calls to gain insight.

It’s legitimately not that bad unless you sell and are targeted but if youre targeted it doesn’t matter what you do basically they’ll eventually win.

Use themida or another software for unique builds and it substantially reduces your chances of being fully waved — this is how basically everyone is avoiding warden outside of privileged information nobody will share here. For privates it’s enough.

[j872]

0x4C4F90 correct offset for 63660?