Is it posible to modify memory in .text for classic wow

[airjqqq]

hi, i used to build a "in game based" bot, from 5.x to 7.1. used just by myself for fun. never published.

at that days, i just inject a dll in to wow process then hack some script function jump to my dll memory.

then when i call the script in game using lua. it will call my dll function instead.

BUUUUUT for now days, the .text memory of wow is unable to modify in a common way, which i need to hack then let the script call jump to my dll.

i have tried to hack CreateRemoteThread then call some asm bytes to modify the memory i need. but i can only change .data memory for now. once i execute change .text memory code. wow process will crash.

so i wonder if it is posible to modify memory in .text for now

thansk all you guys who has time for my issue

[Icesythe7]

hi, i used to build a "in game based" bot, from 5.x to 7.1. used just by myself for fun. never published.

at that days, i just inject a dll in to wow process then hack some script function jump to my dll memory.

then when i call the script in game using lua. it will call my dll function instead.

BUUUUUT for now days, the .text memory of wow is unable to modify in a common way, which i need to hack then let the script call jump to my dll.

i have tried to hack CreateRemoteThread then call some asm bytes to modify the memory i need. but i can only change .data memory for now. once i execute change .text memory code. wow process will crash.

so i wonder if it is posible to modify memory in .text for now

thansk all you guys who has time for my issue

you dont need to modify anything in .text to add your own lua functions or to call lua from ur dll

[airjqqq]

you dont need to modify anything in .text to add your own lua functions or to call lua from ur dll

my all logic like rotation, moving was implement in lua. and i need to get some information that origin lua api not provide like get enmey world position, or call some protect function like MoveForwardStart.

so what i intend to do is call some dll function from lua, by calling the hacked lua function in .text then jump to my dll.

all functions in my dll are script like function that get params from lua stack then return value by pushing them back

may be it's a rare way, but i can use all build in lua function and a in game ui to control the logic.



do you mean using FrameScript_RegisterFunction to add new lua function? i have tried this years ago but no luck.

or just change the script function address in memory? it should be stored in some list since it is "registered". i remember script function's address must in some range or wow will crash. hmmm..... still confusing

[zys924]

You need to learn and understand user-mode memory mapping first if you are even confused about why WoW will crash.

[namreeb]

Wow remaps its own .text section with the 'SEC_NO_CHANGE' flag. This means that the text section (and actually I thought the .data section too?) cannot be altered, nor can their protection be altered. If you really want to modify it, you'll have to search the virtual address space for the source of the remap which can be made writable. Beware that there are CRC checks to most (but not all) of the .text section, so this is dangerous.

If you want to see an example of this remapping, you can look here: GitHub - changeofpace/Self-Remapping-Code: This program remaps its image to prevent the page protection of pages contained in the image from being modified via NtProtectVirtualMemory.

[oldmanofmen]

Wow remaps its own .text section with the 'SEC_NO_CHANGE' flag. This means that the text section (and actually I thought the .data section too?) cannot be altered, nor can their protection be altered. If you really want to modify it, you'll have to search the virtual address space for the source of the remap which can be made writable. Beware that there are CRC checks to most (but not all) of the .text section, so this is dangerous.

If you want to see an example of this remapping, you can look here: GitHub - changeofpace/Self-Remapping-Code: This program remaps its image to prevent the page protection of pages contained in the image from being modified via NtProtectVirtualMemory.

The .data section is still fine. I haven't looked at it recently but I'm pretty sure it's just the .text section that has SEC_NO_CHANGE page protection.

[airjqqq]

You need to learn and understand user-mode memory mapping first if you are even confused about why WoW will crash.

start learning Virtual address spaces for Microsoft, thanks for pointing me the way

[airjqqq]

Wow remaps its own .text section with the 'SEC_NO_CHANGE' flag. This means that the text section (and actually I thought the .data section too?) cannot be altered, nor can their protection be altered. If you really want to modify it, you'll have to search the virtual address space for the source of the remap which can be made writable. Beware that there are CRC checks to most (but not all) of the .text section, so this is dangerous.

If you want to see an example of this remapping, you can look here: GitHub - changeofpace/Self-Remapping-Code: This program remaps its image to prevent the page protection of pages contained in the image from being modified via NtProtectVirtualMemory.

Thank you so much. can't wait to read it

[Icesythe7]

you can simply register ur functions with register funcvtion and call them as normal given u modify(not max) the text end offset