[Discussion] Journey from private to classic

[Borg333]

a43291815a0df368ae3a540ce633b130.jpg
Hello everyone.
First of all, I want to thank all the Ownedcore community and as well as those who helped me on some issues for all the information that I was able to find, process, understand and use in one way or another. For 5 months I have been working on an analogue of (.[E].)(.[W].)(.[T].) for private 3.3.5 and i got it. With zero knowledge of the language, memory editing, I forced myself to do it.

I have a question regarding the transition from private 3.3.5 to wotlk classic.
The basic plan for countering the Warden on the private was as follows:
1. Manual map injection
2. Detour d3d9 scene
3. Warden search by pattern
4. Substitution of checked bytes
5. Detour FrameScriptExecute with the search for custom checks and the substitution of the requests themselves.
6. Do what you like.

Now I want to move on to researching this topic on the official server.
From what I know:
1. Need to detour d3d12 scene
2. There is an obfuscation from a certain patch
3. Warden has changed, but I can't consolidate the information I have
In addition, conventional injection is not safe, in previous topics there is information about the need for kernal driver injection using a vulnerable driver (at the moment I am studying the information, I have zero knowledge about this).
A topic I particularly want to cover is safe drawing (in d3d9 I do this via LPDIRECT3DDEVICE9), so first I need to figure out how to make the drawing process as safe as possible.

I would be grateful for any information in response to this post.

[Borg333]

No one? really? sounds sad

[ostapus]

No one? really? sounds sad

Well
1. depends on your bot "design", most of the people (i believe) use this method.
2. there is obfuscation for a while. you can see it in disassembly
3. for a driver - you can boot windows into "non safe" mode and load your driver.

unfortunately can't help you with drawing process, hopefully someone from community may provide some info (at least minimum for the start)

[Borg333]

Thanks for your answer. I planing to do tool like advanced unlocker, but at first i need to know safer method for reading memory and drawing stuff, also is it enough to use Namreeb's unpacker? Is old methods for searching warden module base and warden scan like pattern search alive?

[ostapus]

Thanks for your answer. I planing to do tool like advanced unlocker, but at first i need to know safer method for reading memory and drawing stuff, also is it enough to use Namreeb's unpacker? Is old methods for searching warden module base and warden scan like pattern search alive?

well, reading memory is safe as far as you know what/where to read. scanning (i believe/heard wow has some protection) might be the problem, but with custom driver - scanning should be pretty safe.
for drawing - can't help, not using, no experience
Namreeb's (forever thanks to him) unpacker - works just fine but again - dumped code is heavily obfuscated but pattern search works most of the time.

[tommingc]

In my opinion, the classic is on a different level, not only because of obfuscated and anti-debug, a lot of functions are protected now...
for drawing, you could use imgui which might be easier. or if you are under c# you could use gameoverlay.