[Classic] WoW unpacker / deobfuscator menu

User Tag List

Page 1 of 2 12 LastLast
Results 1 to 15 of 21
  1. #1
    namreeb's Avatar Legendary

    Reputation
    613
    Join Date
    Sep 2008
    Posts
    1,003
    Thanks G/R
    6/191
    Trade Feedback
    0 (0%)
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    [Classic] WoW unpacker / deobfuscator

    Currently only available in source code: GitHub - namreeb/dumpwow: Unpacker for World of Warcraft

    The dumps are not perfect yet but will load in IDA.

    I'll plan to post a binary release up there once I fix a few issues.

    These ads disappear when you log in.

  2. Thanks Icesythe7, DarkLinux, wkingnet, xbec, Corthezz, air999, h42, bbabba, Bogie, GlittPrizes, linaro, 2845225, lolp1 (13 members gave Thanks to namreeb for this useful post)
  3. #2
    xbec's Avatar Member
    Reputation
    3
    Join Date
    Jun 2019
    Posts
    29
    Thanks G/R
    12/2
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Looking forward to your masterpiece

  4. #3
    namreeb's Avatar Legendary

    Reputation
    613
    Join Date
    Sep 2008
    Posts
    1,003
    Thanks G/R
    6/191
    Trade Feedback
    0 (0%)
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Version 0.1 released. Binary available at Release Initial Import Reconstruction . namreeb/dumpwow . GitHub

  5. Thanks Seifer (1 members gave Thanks to namreeb for this useful post)
  6. #4
    janney_lwc's Avatar Member
    Reputation
    1
    Join Date
    Sep 2019
    Posts
    1
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    This is a great project. I tried python scripts in IDA.Very clear!

    How do I compile the Hadesmem library?

  7. #5
    l_yy_l's Avatar Member
    Reputation
    2
    Join Date
    Sep 2020
    Posts
    1
    Thanks G/R
    0/1
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    it's a great job , very usefull , i thanks you!

  8. Thanks badusername1234 (1 members gave Thanks to l_yy_l for this useful post)
  9. #6
    namreeb's Avatar Legendary

    Reputation
    613
    Join Date
    Sep 2008
    Posts
    1,003
    Thanks G/R
    6/191
    Trade Feedback
    0 (0%)
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Binaries have been posted for version 0.2 which includes improved import reconstruction. Releases . namreeb/dumpwow . GitHub

  10. #7
    namreeb's Avatar Legendary

    Reputation
    613
    Join Date
    Sep 2008
    Posts
    1,003
    Thanks G/R
    6/191
    Trade Feedback
    0 (0%)
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Blizzard recently added a couple of new things to their import obfuscation code. Binaries have been posted for 0.3 which handles the new changes. Release Handle updated import obfuscation . namreeb/dumpwow . GitHub

    Repository link: GitHub - namreeb/dumpwow: Unpacker for World of Warcraft

  11. Thanks charles420, sendeos23, badusername1234, gemini00 (4 members gave Thanks to namreeb for this useful post)
  12. #8
    charles420's Avatar Contributor
    Reputation
    237
    Join Date
    Jun 2009
    Posts
    231
    Thanks G/R
    12/67
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    ty as always for doing shit i cant do or 2 lazy todo

  13. #9
    2845225's Avatar Member
    Reputation
    1
    Join Date
    Apr 2013
    Posts
    4
    Thanks G/R
    1/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by namreeb View Post
    Blizzard recently added a couple of new things to their import obfuscation code. Binaries have been posted for 0.3 which handles the new changes. Release Handle updated import obfuscation . namreeb/dumpwow . GitHub

    Repository link: GitHub - namreeb/dumpwow: Unpacker for World of Warcraft
    Can you teach me how to use it?
    ss.jpg

  14. #10
    namreeb's Avatar Legendary

    Reputation
    613
    Join Date
    Sep 2008
    Posts
    1,003
    Thanks G/R
    6/191
    Trade Feedback
    0 (0%)
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by 2845225 View Post
    Can you teach me how to use it?
    ss.jpg
    It takes one argument: the path to the wow executable. It will dump in the same directory a file called <orig name>_dumped.exe.

  15. #11
    2845225's Avatar Member
    Reputation
    1
    Join Date
    Apr 2013
    Posts
    4
    Thanks G/R
    1/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    First,Thank you for your reply.
    1.I can't find anyway to set the argument.Did I miss something?
    2.I dumpwow in other ways, but I'm not sure it is right.
    3.I use IDA to find objmgr,But what to do next?

    ss.JPG

    Looking forward to your help again

  16. #12
    namreeb's Avatar Legendary

    Reputation
    613
    Join Date
    Sep 2008
    Posts
    1,003
    Thanks G/R
    6/191
    Trade Feedback
    0 (0%)
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by 2845225 View Post
    First,Thank you for your reply.
    1.I can't find anyway to set the argument.Did I miss something?
    2.I dumpwow in other ways, but I'm not sure it is right.
    3.I use IDA to find objmgr,But what to do next?

    ss.JPG

    Looking forward to your help again
    There are many ways to specify the runtime argument for an application. The easiest way is from the command line. It does not require IDA or anything else. Just open a command prompt and do c:\dumpwow.exe c:\wow\wowclassic.exe and hit enter.

  17. #13
    2845225's Avatar Member
    Reputation
    1
    Join Date
    Apr 2013
    Posts
    4
    Thanks G/R
    1/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    it's a great job,in this way,I got what I wanted. ObjectMgrPtr = 0x26F2158(classic)
    In fact, I'm not familiar with IDA,so,I've looked up a lot of your posts.

    about this,I also find it useful:dumpwow/find_lua.py at master . namreeb/dumpwow . GitHub

    but,Here's the result

    CGGameUI::Initialize: 0x140faa130
    Traceback (most recent call last):
    File "C:/Users/hero8/Desktop/find_lua.py", line 161, in <module>
    main()
    File "C:/Users/hero8/Desktop/find_lua.py", line 139, in main
    framescript_register = find_framescript_register(game_init)
    File "C:/Users/hero8/Desktop/find_lua.py", line 89, in find_framescript_register
    2 if magic_string_found else 1)
    RuntimeError: 1

    I want to know why, Thank you very much!

  18. #14
    namreeb's Avatar Legendary

    Reputation
    613
    Join Date
    Sep 2008
    Posts
    1,003
    Thanks G/R
    6/191
    Trade Feedback
    0 (0%)
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by 2845225 View Post
    it's a great job,in this way,I got what I wanted. ObjectMgrPtr = 0x26F2158(classic)
    In fact, I'm not familiar with IDA,so,I've looked up a lot of your posts.

    about this,I also find it useful:dumpwow/find_lua.py at master . namreeb/dumpwow . GitHub

    but,Here's the result

    CGGameUI::Initialize: 0x140faa130
    Traceback (most recent call last):
    File "C:/Users/hero8/Desktop/find_lua.py", line 161, in <module>
    main()
    File "C:/Users/hero8/Desktop/find_lua.py", line 139, in main
    framescript_register = find_framescript_register(game_init)
    File "C:/Users/hero8/Desktop/find_lua.py", line 89, in find_framescript_register
    2 if magic_string_found else 1)
    RuntimeError: 1

    I want to know why, Thank you very much!
    The patterns I used to write that script no longer hold, and I haven't updated it. It's not working right now.

  19. #15
    usna2013's Avatar Member
    Reputation
    1
    Join Date
    Nov 2008
    Posts
    9
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    for anyone trying to compile Hadesmem, here's some notes I have about doing that.

    • when you clone the hadesmem repository, there's quite a few dependencies in the "deps" folder that don't properly clone since the link is stale.
    • asmjit, chaiscript, imgui, pugixml, tclap, and udis86 where the ones that didnt clone for me.
    • so you need to re-init those repositories. using the most recent version except asmjit seems to work. though i haven't done thorough testing other than just building it and seeing if it works.
    • for asmjit in particular, you need to use the "oldstable" branch AND you must also revert it to before the major refactoring overhaul which happened at commit SHA b7f6d1e369b4b87006851ded9017d3f864ee9d4b (Jan 2017, use something before this).
    • This will line up exactly with the VS project build files for hadesmem and build w/o errors.
    • Also, you need to link the libraries generated from hadesmem to the dumpwow solution



    Once you do that, you should be able to build Dumpwow, which will call the build processes for hadesmem. Then you get your unpacker.dll and dumpwow.exe.

    Though when I run this for WoWClassic, I don't seem to get a graceful exit. I get

    Code:
    concolic failed RVA: 0x1f53978 thunk_ea: 0x7ff6145bad64
    Import RVA: +0x1f53980 Thunk EA: 0x7ff6145bad6c Thunk RVA: +0x34a7ad6c
    concolic failed RVA: 0x1f53980 thunk_ea: 0x7ff6145bad6c
    Import RVA: +0x1f53988 Thunk EA: 0x200000000 Thunk RVA: +0x204c0000
    Import RVA: +0x1f53990 Thunk EA: 0x40000000e Thunk RVA: +0x204c000e
    Import RVA: +0x1f53998 Thunk EA: 0x1200000003 Thunk RVA: +0x204c0003
    Import RVA: +0x1f539a0 Thunk EA: 0x900000008 Thunk RVA: +0x204c0008
    Import RVA: +0x1f539a8 Thunk EA: 0x600000005 Thunk RVA: +0x204c0005
    Import RVA: +0x1f539b0 Thunk EA: 0xf00000007 Thunk RVA: +0x204c0007
    Import RVA: +0x1f539b8 Thunk EA: 0x10 Thunk RVA: +0x204c0010
    Import RVA: +0x1f539c0 Thunk EA: 0x100000000 Thunk RVA: +0x204c0000
    Import RVA: +0x1f539c8 Thunk EA: 0x400000002 Thunk RVA: +0x204c0002
    Import RVA: +0x1f539d0 Thunk EA: 0x1000000008 Thunk RVA: +0x204c0008
    Import RVA: +0x1f539d8 Thunk EA: 0x4000000020 Thunk RVA: +0x204c0020
    Import RVA: +0x1f539e0 Thunk EA: 0x10000000080 Thunk RVA: +0x204c0080
    Import RVA: +0x1f539e8 Thunk EA: 0xc0000000200 Thunk RVA: +0x204c0200
    Import RVA: +0x1f539f0 Thunk EA: 0x1800000003000 Thunk RVA: +0x204c3000
    Bad thunk ea RVA: 0x1f539f0 thunk_ea: 0x1800000003000
    Import RVA: +0x1f539f8 Thunk EA: 0x2000000010000 Thunk RVA: +0x204d0000
    Bad thunk ea RVA: 0x1f539f8 thunk_ea: 0x2000000010000
    Import RVA: +0x1f53a00 Thunk EA: 0x1800000004000 Thunk RVA: +0x204c4000
    Bad thunk ea RVA: 0x1f53a00 thunk_ea: 0x1800000004000
    Import RVA: +0x1f53a08 Thunk EA: 0x4000000780000 Thunk RVA: +0x20c40000
    Bad thunk ea RVA: 0x1f53a08 thunk_ea: 0x4000000780000
    Import RVA: +0x1f53a10 Thunk EA: 0x800000000010 Thunk RVA: +0x204c0010
    Exception: D:\vs_projects\hadesmem\include\memory\hadesmem/detail/query_region.hpp(25): Throw in function struct _MEMORY_BASIC_INFORMATION __cdecl hadesmem::detail::Query(const class hadesmem::Process &,const void *)
    Dynamic exception type: struct boost::wrapexcept<class hadesmem::Error>
    std::exception::what: Unknown exception
    [struct hadesmem::TagErrorCodeWinLast * __ptr64] = 87
    [struct hadesmem::TagErrorString * __ptr64] = VirtualQueryEx failed.

    as the last few lines of input.

    It does seem to generate a WowClassic_unpacked.exe and from what I can tell it looks like the unobfuscated binary in IDA.

    Wondering if this is a quick fix error and if anybody has encountered it. Otherwise, I can luckily debug it and find it myself

Page 1 of 2 12 LastLast

Similar Threads

  1. ~ Classic WoW Account Trade Scam ~
    By Strupantwn in forum WoW Scam Prevention
    Replies: 68
    Last Post: 04-08-2009, 11:35 AM
  2. [Spell Edit Request] Need Old (classic Wow) Blastwave
    By Reddaddy in forum WoW ME Questions and Requests
    Replies: 0
    Last Post: 02-14-2009, 03:26 AM
  3. [WTT] Steam Account(and Classic wow acc) -> 1M Gametime and Gender change
    By Rake in forum Members Only Accounts And CD Keys Buy Sell
    Replies: 2
    Last Post: 01-24-2009, 08:40 AM
  4. [Request] Classic WoW Login screen.
    By Aibo1 in forum WoW ME Questions and Requests
    Replies: 4
    Last Post: 01-21-2009, 12:26 PM
  5. Classic Wow Code And BC Code
    By kigaro in forum World of Warcraft General
    Replies: 2
    Last Post: 09-14-2008, 07:57 PM
All times are GMT -5. The time now is 10:46 PM. Powered by vBulletin® Version 4.2.3
Copyright © 2021 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2021 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search