Wine // Linux - WoWClassic 2.5.1 menu

User Tag List

Results 1 to 13 of 13
  1. #1
    Wontuse's Avatar Member
    Reputation
    1
    Join Date
    Jun 2012
    Posts
    8
    Thanks G/R
    10/0
    Trade Feedback
    0 (0%)
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    Wine // Linux - WoWClassic 2.5.1

    How many here are reversing on Linux while running WoW under Wine?

    Everything seems to be Windows specific and I've only come across a couple of (decade old) Linux//Wine threads across the internet. I'm struggling to find the base process//address to go from. With C++ I can rip through
    Code:
    /proc/<PID>/maps
    and find what I need... except what I want isn't there. At least nothing obvious. Only shared libs, graphics//sound libs, Lutris//Wine modules, and a lot of unnamed stuff.

    Code:

    Code:
    #include  <fstream>
    #include  <cstring>
    #include  <iostream>
    #include  <proc/readproc.h>
     
    struct moduleinfo_t
    {
        std::string sName = "NOT LOADED";
        unsigned long ulBase = 0;
        unsigned long ulSize = 0;
    };
    
    int GetProcessID(const char *chProcessName)
    {
        PROCTAB* proc = openproc(PROC_FILLMEM | PROC_FILLSTAT | PROC_FILLSTATUS);
        proc_t proc_info;
        memset(&proc_info, 0, sizeof(proc_info));
        while (readproc(proc, &proc_info) != NULL) {
            if (strcmp(proc_info.cmd, chProcessName) != 0) {
                continue;
            } else {
                closeproc(proc);
                return proc_info.tid;
            }
        }
        return 0;
    }
     
    moduleinfo_t GetLoadedModule(unsigned int uiProcessID, const std::string sModuleName)
    {   
        std::ifstream infile( "/proc/" + std::to_string(uiProcessID) + "/maps" );
        std::string sLineIn = "";
        
        moduleinfo_t moduleInfo;
        
        while(std::getline(infile, sLineIn)) {
            if( sLineIn.find(sModuleName) != std::string::npos ) {
                moduleInfo.ulBase = std::stoi( sLineIn.substr(0, 8), nullptr, 16 );
                moduleInfo.ulSize = std::stoi( sLineIn.substr(9, 8), nullptr, 16 ) - moduleInfo.ulBase;
                moduleInfo.sName = sModuleName;
                break;
            }
        }
        return moduleInfo;
    }
     
    int main()
    {
        const char *chProcessName = "WoWClassic.exe";
        unsigned int uiPID = GetProcessID(chProcessName);
        // moduleinfo_t moduleClient = GetLoadedModule(uiPID, "kernel32.dll");
        moduleinfo_t moduleClient = GetLoadedModule(uiPID, "libc-2.31.so");
        std::cout << "ProcessName: " << chProcessName << std::endl;
        std::cout << "PID:         " << uiPID << std::endl;
        std::cout << "ModuleName:  " << moduleClient.sName.c_str() << std::endl;
        std::cout << "ModuleBase:  " << std::hex << moduleClient.ulBase << std::endl;
        std::cout << "ModuleSize:  " << std::hex << moduleClient.ulSize << std::endl;
        return 0;
    }
    I run a
    Code:
    scanmem <PID>
    and find something easy.. HP for example and narrow it down to 3 addresses. All 3 addresses fall in-between the address space of some unnamed module from
    Code:
    /proc/<PID>/maps
    and it's usually between the 400-410 module in the list but no info on it; e.g.

    Code:
    326b0000-39840000 rw-p 00000000 00:00 0
    That's all the info I have and as far as I've been able to get. On Windows it seems pretty easy to pop open Cheat Engine find what you want, find an offset, find pointers and run with that but Linux is proving to be much more difficult. And when I try to debug through GDB the game freezes 99% after I detach making it more difficult.

    I'm looking for any tips//pointers on where to go from here to find offsets, a good base address to go from, am I even on the right path?

    These ads disappear when you log in.

  2. #2
    scimmy's Avatar Active Member
    Reputation
    48
    Join Date
    Jul 2020
    Posts
    40
    Thanks G/R
    1/29
    Trade Feedback
    0 (0%)
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    Disclaimer: I don't know too much about how wine works. But it is a translation and runtime layer that is mapping a PE file into a linux process which is going to have to do translation for syscalls, calling conventions, etc. It's going to be more difficult for you to get stuff working as you're probably going to have to hook into the way wine executes code and that translation layer.

    Now for the question regarding the HP address. This data is probably living on the heap, not in any program section, hence the anonymous region of memory that /proc/PID/maps shows.

  3. #3
    Wontuse's Avatar Member
    Reputation
    1
    Join Date
    Jun 2012
    Posts
    8
    Thanks G/R
    10/0
    Trade Feedback
    0 (0%)
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by scimmy View Post
    Disclaimer: I don't know too much about how wine works. But it is a translation and runtime layer that is mapping a PE file into a linux process which is going to have to do translation for syscalls, calling conventions, etc. It's going to be more difficult for you to get stuff working as you're probably going to have to hook into the way wine executes code and that translation layer.

    Now for the question regarding the HP address. This data is probably living on the heap, not in any program section, hence the anonymous region of memory that /proc/PID/maps shows.
    Makes sense. Does it sound like I'm at least on the right track? I too lack understanding of how WINE is loading everything and translating everything and am seeking to understand it better.

    -----------------------

    Thinking out loud.. I attach to the process with GDB and run a search for UNIT_HEALTH and get this back:

    Code:
    [+] Searching 'UNIT_HEALTH' in memory
    [+] In (0x30780000-0x32f00000), permission=rw-
      0x31a76210 - 0x31a7621b  →   "UNIT_HEALTH" 
    [+] In (0x3ab70000-0x45a90000), permission=rw-
      0x3e8ccd40 - 0x3e8ccd54  →   "UNIT_HEALTH_FREQUENT" 
    [+] In (0x477b0000-0x4a450000), permission=rw-
      0x48bf9fff - 0x48bfa011  →   "UNIT_HEALTH player" 
    [+] In (0x4a4f0000-0x4b910000), permission=rw-
      0x4a59f930 - 0x4a59f960  →   "UNIT_HEALTH UNIT_HEALTH_FREQUENT UNIT_CONNECTION" 
      0x4a59f93c - 0x4a59f960  →   "UNIT_HEALTH_FREQUENT UNIT_CONNECTION" 
      0x4a59f9b0 - 0x4a59f9e7  →   "UNIT_HEALTH UNIT_HEALTH_FREQUENT UNIT_MAXHEALTH UN[...]" 
      0x4a59f9bc - 0x4a59f9f3  →   "UNIT_HEALTH_FREQUENT UNIT_MAXHEALTH UNIT_CONNECTIO[...]" 
      0x4a59fbd0 - 0x4a59fbf0  →   "UNIT_HEALTH UNIT_HEALTH_FREQUENT" 
      0x4a59fbdc - 0x4a59fbf0  →   "UNIT_HEALTH_FREQUENT" 
      0x4a59fcb0 - 0x4a59fce7  →   "UNIT_HEALTH UNIT_HEALTH_FREQUENT PLAYER_UPDATE_RES[...]" 
      0x4a59fcbc - 0x4a59fcf3  →   "UNIT_HEALTH_FREQUENT PLAYER_UPDATE_RESTING UNIT_CO[...]" 
      0x4a5a8490 - 0x4a5a84c7  →   "UNIT_HEALTH UNIT_HEALTH_FREQUENT UNIT_MAXHEALTH UN[...]" 
      0x4a5a849c - 0x4a5a84d3  →   "UNIT_HEALTH_FREQUENT UNIT_MAXHEALTH UNIT_CONNECTIO[...]" 
      0x4a5a84ec - 0x4a5a8523  →   "UNIT_HEALTH UNIT_HEALTH_FREQUENT UNIT_MAXHEALTH UN[...]" 
      0x4a5a84f8 - 0x4a5a8503  →   "UNIT_HEALTH[...]" 
      0x4a5ad106 - 0x4a5ad111  →   "UNIT_HEALTH[...]" 
      0x4a5ad112 - 0x4a5ad11d  →   "UNIT_HEALTH[...]" 
    [+] In (0x4b990000-0x4f1d0000), permission=rw-
      0x4d5a7d9f - 0x4d5a7db1  →   "UNIT_HEALTH target" 
    [+] In (0x4f3c0000-0x505e0000), permission=rw-
      0x4fc3c870 - 0x4fc3c89f  →   "UNIT_HEALTH UNIT_HEALTH_FREQUENT UNIT_MAXHEALTH" 
      0x4fc3c87c - 0x4fc3c89f  →   "UNIT_HEALTH_FREQUENT UNIT_MAXHEALTH" 
      0x4fc3cc30 - 0x4fc3cc50  →   "UNIT_HEALTH UNIT_HEALTH_FREQUENT" 
      0x4fc3cc3c - 0x4fc3cc50  →   "UNIT_HEALTH_FREQUENT" 
    [+] In '/tmp/.wine-1000/server-802-19e35fe/anonmap.k0d46p (deleted)'(0x140000000-0x142910000), permission=r-x
      0x142559ec8 - 0x142559ed3  →   "UNIT_HEALTH" 
      0x142559ed8 - 0x142559eec  →   "UNIT_HEALTH_FREQUENT"
    Particularly interesting is the last two lines; I think anonmap is something to do with virtual memory mapping and/or aslr?? I need to look into that

    Code:
    [+] In '/tmp/.wine-1000/server-802-19e35fe/anonmap.k0d46p (deleted)'(0x140000000-0x142910000), permission=r-x
      0x142559ec8 - 0x142559ed3  →   "UNIT_HEALTH" 
      0x142559ed8 - 0x142559eec  →   "UNIT_HEALTH_FREQUENT"
    using scanmem to find health; I always find 3 addresses; probably one for current health, max health, and ???

    Code:
    [ 0]     35dbe948, 171 +      166e948,  misc, 9507, [I64 I32 I16 ]
    [ 1]     35dd887c, 171 +      168887c,  misc, 9507, [I64 I32 I16 ]
    [ 2]     35dd889c, 171 +      168889c,  misc, 9507, [I64 I32 I16 ]
    The addresses I find interesting can be traced back to 3 separate modules or blocks of memory I see in /proc/PID/maps.

    The 2 from GDB:
    [+] In (0x30780000-0x32f00000), permission=rw-
    0x31a76210 - 0x31a7621b → "UNIT_HEALTH"

    [+] In '/tmp/.wine-1000/server-802-19e35fe/anonmap.k0d46p (deleted)'(0x140000000-0x142910000), permission=r-x
    0x142559ec8 - 0x142559ed3 → "UNIT_HEALTH"

    and the three addreses I get from scanmem are traced back to a single block of memory




    I've had no luck finding pointers to any of these addresses and am unable to make breakpoints work because of the ant-debug which pauses the game. Thus far I'm stuck. I'm thinking of writing a quick tool to run a pointer scan in those 3 particular blocks of memory I think look interesting to maybe come up with something to go off but am unsure if that's even worth my time? Does WoW obscure pointers? I.e. packing data into them, compute pointers rather than store?
    Last edited by Wontuse; 07-24-2021 at 11:09 AM.

  4. #4
    Wontuse's Avatar Member
    Reputation
    1
    Join Date
    Jun 2012
    Posts
    8
    Thanks G/R
    10/0
    Trade Feedback
    0 (0%)
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    I was able to get injected, but still need to figure out to get execution inside the process.

    I found this great guide on guided hacking; seriously anyone doing this on Linux go read it: https://guidedhacking.com/threads/li...l-guide.16411/

    A couple key points:
    1. This doesn't use the LD_PRELOAD "it is very easy to detect LD_PRELOAD. If you look at the file /proc/<pid>/environ, you can see LD_PRELOAD defined there with your library path parameter."
    2. It uses ptrace to attach and hook the C standard library, libc
    3. With ptrace I should be able to stop the entire process, including Warden, read/write what I want then resume


    ptrace:
    The ptrace() system call provides a means by which one process (the "tracer") may observe and control the execution of another process (the "tracee"), and examine and change the tracee's memory and registers. It is primarily used to implement breakpoint debugging and system call tracing.

    ***edit
    It was a timing issue when doing my injection. Needed to be done during the login process whereas I was doing it at character screen. Looks like I'm in!

    ***edit edit
    Question for those doing this under Windows:
    I still need to find the equivalent of WoWClassic.exe base - from the threads I have read am I correct that those on Windows are using the base address for the "WoW.exe" process?
    And if I understand correctly - the process is as follows: WoW.exe base + some offset -> get a reference to a pointer -> de-reference pointer and read value?

    I ask because nothing of the sorts shows up under Linux.
    Last edited by Wontuse; 07-25-2021 at 12:31 PM.

  5. #5
    thateuler's Avatar Member
    Reputation
    3
    Join Date
    May 2019
    Posts
    11
    Thanks G/R
    10/2
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Wontuse View Post
    I was able to get injected, but still need to figure out to get execution inside the process.
    You can hook endscene or present just like in windows. You can also build your own wine lib and just put your code directly in the lib, or put hook into your dll (.so) using dlsym(). You can also create your own pthread but be aware that creating a pthread from LD_PRELOAD or a library initializer won't work because the wine loader will just overwrite the entire process. You'll need to create your thread after that happens. I'm doing it from a present hook.


    Originally Posted by Wontuse View Post
    The ptrace() system call provides a means by which one process (the "tracer") may observe and control the execution of another process (the "tracee"), and examine and change the tracee's memory and registers. It is primarily used to implement breakpoint debugging and system call tracing.
    /proc/<pid>/status will show the pid of the tracer when using ptrace. Both ptrace and LD_PRELOAD can be detected. IMO, the best way to avoid detection is to fly under the radar. Also, wow runs a thread with max suspend count. so any code to freeze all threads needs to take special care to maintain that counter.

    Originally Posted by Wontuse View Post
    I still need to find the equivalent of WoWClassic.exe base - from the threads I have read am I correct that those on Windows are using the base address for the "WoW.exe" process?
    And if I understand correctly - the process is as follows: WoW.exe base + some offset -> get a reference to a pointer -> de-reference pointer and read value?
    Wine doesn't do aslr. 64 bit binaries are always loaded at 0x140000000
    Last edited by thateuler; 07-26-2021 at 06:46 AM.

  6. Thanks Wontuse (1 members gave Thanks to thateuler for this useful post)
  7. #6
    Wontuse's Avatar Member
    Reputation
    1
    Join Date
    Jun 2012
    Posts
    8
    Thanks G/R
    10/0
    Trade Feedback
    0 (0%)
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by thateuler View Post
    You can hook endscene or present just like in windows. You can also build your own wine lib and just put your code directly in the lib, or put hook into your dll (.so) using dlsym(). You can also create your own pthread but be aware that creating a pthread from LD_PRELOAD or a library initializer won't work because the wine loader will just overwrite the entire process. You'll need to create your thread after that happens. I'm doing it from a present hook.
    I am creating my own pthred from the SO I'm injecting by hooking libc. And I'm getting execution but the timing is important; i.e. I have to inject during the login process. Too soon and login process hangs, too late and my injected SO doesn't execute. There's still a big enough window that I can manually trigger my injection and get it to inject successfully.

    Originally Posted by thateuler View Post
    /proc/<pid>/status will show the pid of the tracer when using ptrace. Both ptrace and LD_PRELOAD can be detected. IMO, the best way to avoid detection is to fly under the radar.
    I looked into this after your comment and I'm guessing you are referring to TracerPid? The injection is bloody fast and then I detach it shows 0. To test, I put a sleep in before I detach and I can see TracerPid.

    In which case... I think I could attach with a SIGSTOP wait for the process (including Warden I would imagine?) to completely stop, do my reads//writes and then detach again. The process would never have a chance to even know I was attached?

    Originally Posted by thateuler View Post
    Also, wow runs a thread with max suspend count. so any code to freeze all threads needs to take special care to maintain that counter.
    Good to know. I did notice I can attach GDB for about 10 seconds and detach without issue. A minute or two and the game never resumes after I detach.


    Originally Posted by thateuler View Post
    Wine doesn't do aslr. 64 bit binaries are always loaded at 0x140000000
    Again, thank you, good to know and should be extremely helpful when I get a chance to keep digging into things
    Last edited by Wontuse; 07-26-2021 at 11:59 AM.

  8. #7
    Wontuse's Avatar Member
    Reputation
    1
    Join Date
    Jun 2012
    Posts
    8
    Thanks G/R
    10/0
    Trade Feedback
    0 (0%)
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    *** disclaimer: I'm new to C++ and picked up RE a day before this post began. However, not new to SE but very new to low level stuff.

    I'm tapping and asking for help.. I thought I had a basic understanding of offsets & pointers but they're kicking my ass. In exchange for working Linux injector I'm asking for help reading WoW objects on 39475 with C++ I feel like I'm having difficulty because I have no CE to go back and verify what I'm doing so everything is a shot in the dark.

    Code I have tried:

    Code:
    uintptr_t BaseAddress   = 0x140000000;
    uintptr_t ObjectManager = BaseAddress + 0x2D657B8;
    long ObjectManagerPtr   = *reinterpret_cast<long *>(ObjectManager);]
    
    long FirstObjectPtr = 0;
    if (ObjectManagerPtr != 0)
    {
        FirstObjectPtr = *reinterpret_cast<long *>(ObjectManagerPtr + 0x18);
    }
    
    long FirstObjectType = -1;
    if (FirstObjectPtr != 0)
    {
        FirstObjectType = *reinterpret_cast<long *>(FirstObjectPtr + 0x20);
    }
    Output I am seeing (long // hex):

    Code:
    ObjectManager:    5416310712  0x142d657b8
    ObjectManagerPtr: 744050992   0x2c595130
    FirstObjectPtr:   868024592   0x33bd0110
    FirstObjectType:  12884902145 0x300000101
    I've tried 100 different variations of it and can never get what I think is an expected WoW Object "Type".
    I've tried a few other WoW Object offsets, like X//Y and can watch the value change... but the values I see are something in the range of 1-3.xxxxxxxxe^x

    Anyways... on to the promised Linux injector, compile instructions are commented at the bottom.

    This injector hijacks the libc dlopen and does the following:
    1. Allocate memory in WoW process through mmap
    2. Inject a single instruction to make syscall
    3. Load the external lib on the process w/ dlopen
    4. Restore the hijacked instruction pointer


    injector.cpp
    *** DELETED; PM if interested


    mylib.cpp
    *** DELETED; PM if interested

    **Bonus if you want to point me in a direction to finding these offsets on my own through IDA, Ghidra, or something else.
    Last edited by Wontuse; 08-10-2021 at 12:00 AM.

  9. #8
    ChrisIsMe's Avatar Contributor
    Reputation
    111
    Join Date
    Apr 2017
    Posts
    158
    Thanks G/R
    57/58
    Trade Feedback
    0 (0%)
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Why even bother, you deal with all the annoyance of windows binary obfuscation and anti-manipulation tactics; while running the game in a easily recognizable way, and probably are easily detectable. The code you posted is not even attempting to hide the arbitrary code inside of the wow binary, DLOPEN exposes your dylib in multiple places, really you can see from `lsof`

    It's fun in theory, but this is really not a great idea at all, like people think it is.

    Feel free to do it to learn yourself, but expecting to release anything around this will just result in bans like normal.

  10. #9
    Wontuse's Avatar Member
    Reputation
    1
    Join Date
    Jun 2012
    Posts
    8
    Thanks G/R
    10/0
    Trade Feedback
    0 (0%)
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by ChrisIsMe View Post
    Why even bother
    to learn...


    you deal with all the annoyance of windows binary obfuscation and anti-manipulation tactics; while running the game in a easily recognizable way, and probably are easily detectable. The code you posted is not even attempting to hide the arbitrary code inside of the wow binary, DLOPEN exposes your dylib in multiple places, really you can see from `lsof`
    Do not plenty of applications do injection for perfectly valid reasons? So long as I just do reads I'd imagine I'd be fine.


    Feel free to do it to learn yourself
    Thank you.. that's what I'm doing

    but expecting to release anything around this will just result in bans like normal.
    No intentions of releasing anything. Only trying to share knowledge and learn.

  11. #10
    ChrisIsMe's Avatar Contributor
    Reputation
    111
    Join Date
    Apr 2017
    Posts
    158
    Thanks G/R
    57/58
    Trade Feedback
    0 (0%)
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Wontuse View Post
    to learn...


    Do not plenty of applications do injection for perfectly valid reasons? So long as I just do reads I'd imagine I'd be fine.
    How many 'perfectly valid applications' hijack a processes thread and invoke dlopen? Probably none?

    The game loads the intended libraries itself, from paths that it knows. Applications have the option to use DYLD_INSERT_LIBRARIES and LD_PRELOAD, not needing to hijack the games threads.

    It's unlikely, however, that the wow developers are paying any attention to dlopen or wine syscalls, but the point still stands.

  12. #11
    _chase's Avatar Active Member
    Reputation
    27
    Join Date
    Dec 2019
    Posts
    32
    Thanks G/R
    7/15
    Trade Feedback
    0 (0%)
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    @Wontuse

    Re: your question about figuring out the object manager search for the string "gmvision" or really any of the strings shown in the picture and locate the function I added as a picture.
    I've annotated some of the simple parts of the function for you, and will leave it as an exercise for you to figure out how to implement it code wise. Also, everywhere you used a long in your original snippet is wrong

    Hint: when trying to read the object's type pay close attention to
    Code:
    v12 = dword_14257E160[*(unsigned __int8 *)(currentObject + 0x20)];
    ... if you were building a game and only had 12 different object types, would you store the type as a long or perhaps something more compact...

    Additionally, please use google to search for your questions prior to making a thread/post about them. Lots of questions (like about the object manager) have been answered a bazillion times so you're not going to win any popularity contests asking easily searchable things. You can use google/duckduckgo and do a search like "site: ownedcore.com object manager" to find helpful threads.


  13. Thanks Wontuse (1 members gave Thanks to _chase for this useful post)
  14. #12
    Wontuse's Avatar Member
    Reputation
    1
    Join Date
    Jun 2012
    Posts
    8
    Thanks G/R
    10/0
    Trade Feedback
    0 (0%)
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Still going at it. I've been able to dump the game from memory and load it into IDA. Currently trying to figure out how to find patterns and offsets on my own. I've been reading Secrets of Reverse Engineering, learning IDA, and C++

    I still suck at C++

    webp_net_resizeimage.jpg
    Last edited by Wontuse; 08-19-2021 at 10:35 PM.

  15. #13
    ChrisIsMe's Avatar Contributor
    Reputation
    111
    Join Date
    Apr 2017
    Posts
    158
    Thanks G/R
    57/58
    Trade Feedback
    0 (0%)
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Wontuse View Post
    Still going at it. I've been able to dump the game from memory and load it into IDA. Currently trying to figure out how to find patterns and offsets on my own. I've been reading Secrets of Reverse Engineering, learning IDA, and C++

    I still suck at C++

    webp_net_resizeimage.jpg
    Easiest one to get you really started is `gmvision` to find the object manager and how to iterate it.

    Or start messing with the `Script_` methods (LuaC methods) if you want to get a better understanding of how a lot of the game works.

  16. Thanks Wontuse (1 members gave Thanks to ChrisIsMe for this useful post)

Similar Threads

  1. [Question] Using TurboHud through Wine (Linux)
    By Destiny72 in forum TurboHUD Support
    Replies: 3
    Last Post: 11-05-2020, 05:23 AM
  2. [Question] Linux + Wine: is it a potential layer of protection?
    By Ju5tnTime in forum WoW Bots Questions & Requests
    Replies: 2
    Last Post: 07-29-2020, 07:01 AM
  3. Lua unlocker for Linux Wine?
    By MrHat2 in forum WoW Bots Questions & Requests
    Replies: 2
    Last Post: 11-04-2015, 06:06 AM
  4. [Linux] LD_PRELOAD injection without patching Wine
    By kouteiheika in forum WoW Memory Editing
    Replies: 4
    Last Post: 06-16-2013, 03:29 PM
  5. [Linux][wine] Reading memory - ptrace
    By klipeto in forum WoW Memory Editing
    Replies: 11
    Last Post: 08-02-2011, 05:07 PM
All times are GMT -5. The time now is 09:07 PM. Powered by vBulletin® Version 4.2.3
Copyright © 2021 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2021 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search