How to Dump Wow from Memory.... menu

User Tag List

Page 5 of 7 FirstFirst 1234567 LastLast
Results 61 to 75 of 96
  1. #61
    counted's Avatar Contributor Authenticator enabled
    Reputation
    203
    Join Date
    Mar 2008
    Posts
    183
    Thanks G/R
    11/108
    Trade Feedback
    0 (0%)
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Are you getting the error with Scylla Hide or Scylla Dump?

    How to Dump Wow from Memory....
  2. #62
    airjqqq's Avatar Member Authenticator enabled
    Reputation
    4
    Join Date
    Jan 2013
    Posts
    19
    Thanks G/R
    4/3
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    At the time I click Plugin->Scylla, just after run OverwatchDumpFix command. It shows Exception! Please report it! OS: 4563000A

  3. #63
    airjqqq's Avatar Member Authenticator enabled
    Reputation
    4
    Join Date
    Jan 2013
    Posts
    19
    Thanks G/R
    4/3
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    solved by using vmware. Might be some software i install on my host system triggered the error

  4. #64
    chlycooper's Avatar Member
    Reputation
    1
    Join Date
    Nov 2012
    Posts
    20
    Thanks G/R
    1/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by airjqqq View Post
    solved by using vmware. Might be some software i install on my host system triggered the error
    how you did it? i win10 got the same problem, run x64bg in mvware only? or WOW as well?

  5. #65
    yezheyu's Avatar Member
    Reputation
    1
    Join Date
    Apr 2021
    Posts
    1
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    OverwatchDumpFix Execution error:
    Error: failed to deobfuscate the remote IAT.
    Error: failed to rebuild imports.

    What shall I do?

  6. #66
    bigofsmall's Avatar Member
    Reputation
    1
    Join Date
    Jan 2011
    Posts
    14
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi guys,

    I meet two problem.
    1)Run PDBReaderx64.exe from the ScyllaHide build folder to generate the NtApiCollection.ini file for your particular operating system.
    I can't find PDBReaderx64.exe, where should i get it?
    2)Copy OverwatchDumpFix.dp64 to the x64dbg->x64->plugins
    I also can't find this file. Shall rebuild the source code?

    Thanks in advance.

  7. #67
    charles420's Avatar Contributor
    Reputation
    315
    Join Date
    Jun 2009
    Posts
    329
    Thanks G/R
    25/119
    Trade Feedback
    0 (0%)
    Mentioned
    10 Post(s)
    Tagged
    0 Thread(s)
    i would rebuild the source code since the moded one that works is not compiled i believe skip your step 1

  8. #68
    matkhl's Avatar Member
    Reputation
    1
    Join Date
    Oct 2018
    Posts
    1
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    My wow.exe is just crashing when i click on attach. Did everything exactly like in the description. Any ideas how to fix that?

  9. #69
    PinkFlower's Avatar Member
    Reputation
    12
    Join Date
    Oct 2021
    Posts
    4
    Thanks G/R
    6/1
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by matkhl View Post
    My wow.exe is just crashing when i click on attach. Did everything exactly like in the description. Any ideas how to fix that?
    Start wow suspended, then attach Scylla like normal. Works for me.

    I use my own tool to fix imports so no clue if that would conflict with your setup.
    Anyway, if you are that desperate you can always use some of my dumps while you get comfortable with x64dbg.

    My dump archive: pinkflowekx74wbxtdu3oiv2gjnryd3lcgk34dknwoeovgnq3ynt2lad.onion

  10. #70
    Wolfone7's Avatar Member
    Reputation
    1
    Join Date
    Oct 2021
    Posts
    3
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    What am I doing wrong? All ~ 543 imports do not have. I did everything according to the instructions. 2021-10-27.png Help my plzzz)))

  11. #71
    PinkFlower's Avatar Member
    Reputation
    12
    Join Date
    Oct 2021
    Posts
    4
    Thanks G/R
    6/1
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Wolfone7 View Post
    What am I doing wrong? All ~ 543 imports do not have. I did everything according to the instructions. 2021-10-27.png Help my plzzz)))
    Import pointers are not directly pointing to the function call, therefore Scylla doesnt resolve them correctly.
    You will have to compute the imported functions and overwrite them pointer, this can be done using a plugin that has been floating around (not sure if up to date for Wow)

  12. Thanks Razzue (1 members gave Thanks to PinkFlower for this useful post)
  13. #72
    Razzue's Avatar Contributor Avid Ailurophile

    CoreCoins Purchaser Authenticator enabled
    Reputation
    378
    Join Date
    Jun 2017
    Posts
    588
    Thanks G/R
    184/267
    Trade Feedback
    2 (100%)
    Mentioned
    14 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Wolfone7 View Post
    What am I doing wrong? All ~ 543 imports do not have. I did everything according to the instructions. 2021-10-27.png Help my plzzz)))
    The plugin mentioned by PinkFlower is likely OverwatchDumpFix which does alright for Classics and live, and even some other games surprisingly.
    ChangeOfPace's github link: GitHub - changeofpace/Overwatch-Dump-Fix: x64dbg plugin which removes anti-dumping and obfuscation techniques from the popular FPS game Overwatch. (Possibly a better modified one kicking around somewhere)

    Alternatively Namreebs dumper still works fine with all clients (and again.. surprisingly with other blizz games). This is personally what im using "if" i need to get a patches binary.
    Namreebs github link: GitHub - namreeb/dumpwow: Unpacker for World of Warcraft

    Pink also provided that beautiful link, though i haven't had a chance to peek at any of their dumps quite yet (Reallllly tempted to look at the overwatch dumps though )
    Last edited by Razzue; 10-29-2021 at 02:27 PM.

  14. Thanks PinkFlower, 2briards, moisteroyster (3 members gave Thanks to Razzue for this useful post)
  15. #73
    Archos's Avatar Member Authenticator enabled
    Reputation
    1
    Join Date
    Mar 2007
    Posts
    30
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I am curious how relevant this guide still is. I have updated the original steps below as some are no longer needed.

    1. Download and install x64dbg (Installed latest as OverwatchDumpFix has been updated to use XED)
    2. Launch x64dbg once to create the plugins folder in the x64 folder then close x64dbg
    3. Download/Build ScyllaHide
    4. Copy the following files from the ScyllaHide x64 build to the x64dbg->x64->plugins
    HookLibraryx64.dll
    ScyllaHideX64DBGPlugin.dp64
    5. Download/Build OverwatchDumpFix
    6. Copy OverwatchDumpFix.dp64 to the x64dbg->x64->plugins
    7. Launch x64dbg
    8. Select ScyllaHide->Options
    9. Create a new profile, name it wow [ or whatever you want ] and select the following
    9.a Click Apply
    9.b Click Ok
    10. Launch WoW and log into a trash account and character.
    11. Once in game
    11.a Select the Scylla Hide Attach Menu
    11.b Click on the cross hair and hold the mouse button down hover over the WoW window and release.
    11.c You should see the WoW PID (process ID) and app name populate in the attach window.
    11.d Click Attach
    11.e WoW should FREEZE and NOT CRASH at this point.
    12. Type OverwatchDumpFix into the command window
    13. Select Scylla Menu now [ not ScyllaHide ]
    14. Wow.exe is will already be selected, reselect it anyway.
    14.a Click IAT auto search
    14.b Select Get Imports and you should see something like this in the log
    14.c You should get several hundred "API(s) found"
    14.d Select "Dump" and Save the file
    14.e Select "Fix Dump" and select the file you saved in step 14.d
    Note: The result will be saved in the same directory as the first file with _SCY added to it.
    14.f Select "PE Rebuild" and select the SCY file saved in step 14.e.
    15. Load the file ending with "_SCY" into IDA and after auto analysis you should have all 543 import in you import window.


    After auto analysis is complete in IDA, I click "Edit" then "Plugins" and then "Universal Unpacker Manual Reconstruct" though I am unsure of the memory offset options that should be selected. I have yet to get any x64dbg dump with anywhere near several hundred imports. This is me trying against the retail client (9.2). I also get odd behavior where I get sent back to the WoW login screen the first time I log into a WoW character but before I try to attach.
    Last edited by Archos; 04-08-2022 at 09:56 PM.

  16. #74
    Razzue's Avatar Contributor Avid Ailurophile

    CoreCoins Purchaser Authenticator enabled
    Reputation
    378
    Join Date
    Jun 2017
    Posts
    588
    Thanks G/R
    184/267
    Trade Feedback
    2 (100%)
    Mentioned
    14 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Archos View Post
    I am curious how relevant this guide still is. I have updated the original steps below as some are no longer needed.

    1. Download and install x64dbg (Installed latest as OverwatchDumpFix has been updated to use XED)
    2. Launch x64dbg once to create the plugins folder in the x64 folder then close x64dbg
    3. Download/Build ScyllaHide
    4. Copy the following files from the ScyllaHide x64 build to the x64dbg->x64->plugins
    HookLibraryx64.dll
    ScyllaHideX64DBGPlugin.dp64
    5. Download/Build OverwatchDumpFix
    6. Copy OverwatchDumpFix.dp64 to the x64dbg->x64->plugins
    7. Launch x64dbg
    8. Select ScyllaHide->Options
    9. Create a new profile, name it wow [ or whatever you want ] and select the following
    9.a Click Apply
    9.b Click Ok
    10. Launch WoW and log into a trash account and character.
    11. Once in game
    11.a Select the Scylla Hide Attach Menu
    11.b Click on the cross hair and hold the mouse button down hover over the WoW window and release.
    11.c You should see the WoW PID (process ID) and app name populate in the attach window.
    11.d Click Attach
    11.e WoW should FREEZE and NOT CRASH at this point.
    12. Type OverwatchDumpFix into the command window
    13. Select Scylla Menu now [ not ScyllaHide ]
    14. Wow.exe is will already be selected, reselect it anyway.
    14.a Click IAT auto search
    14.b Select Get Imports and you should see something like this in the log
    14.c You should get several hundred "API(s) found"
    14.d Select "Dump" and Save the file
    14.e Select "Fix Dump" and select the file you saved in step 14.d
    Note: The result will be saved in the same directory as the first file with _SCY added to it.
    14.f Select "PE Rebuild" and select the SCY file saved in step 14.e.
    15. Load the file ending with "_SCY" into IDA and after auto analysis you should have all 543 import in you import window.


    After auto analysis is complete in IDA, I click "Edit" then "Plugins" and then "Universal Unpacker Manual Reconstruct" though I am unsure of the memory offset options that should be selected. I have yet to get any x64dbg dump with anywhere near several hundred imports. This is me trying against the retail client (9.2). I also get odd behavior where I get sent back to the WoW login screen the first time I log into a WoW character but before I try to attach.
    If you're having issues with ODF, just use the dumper I linked directly above you by nameeeb. Works fine on all classics and retail. I personally don't follow the op method anymore as my wow clients auto close on ScyllaHide attach 🙃

  17. Thanks moisteroyster (1 members gave Thanks to Razzue for this useful post)
  18. #75
    Razzue's Avatar Contributor Avid Ailurophile

    CoreCoins Purchaser Authenticator enabled
    Reputation
    378
    Join Date
    Jun 2017
    Posts
    588
    Thanks G/R
    184/267
    Trade Feedback
    2 (100%)
    Mentioned
    14 Post(s)
    Tagged
    0 Thread(s)
    --double post--
    Last edited by Razzue; 04-08-2022 at 11:23 PM.

Page 5 of 7 FirstFirst 1234567 LastLast

Similar Threads

  1. Replies: 4
    Last Post: 07-20-2011, 09:50 PM
  2. How to run WoW from work/school!
    By MMOtoaster in forum World of Warcraft Bots and Programs
    Replies: 41
    Last Post: 04-30-2009, 06:28 PM
  3. How to update WoW to any patch from 1.5 on.
    By ff9pro in forum World of Warcraft Guides
    Replies: 3
    Last Post: 07-05-2008, 07:28 AM
  4. How to find WoW Memory Offset?
    By pegaa in forum World of Warcraft General
    Replies: 0
    Last Post: 08-03-2007, 12:02 AM
  5. How to Export Images from WoW Model Viewer.
    By Elites360 in forum Art & Graphic Design
    Replies: 4
    Last Post: 02-17-2007, 07:36 PM
All times are GMT -5. The time now is 07:50 AM. Powered by vBulletin® Version 4.2.3
Copyright © 2024 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2024 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search