-
Contributor
Reversing and macOS question
Was curious if there was some type of packing going on for macOS like WoW does for Windows. I have just got a mac up and going the other day and wanted to toy around with it there. After downloading the game and just moving that to my VM for IDA I noticed that it didn't seem quite right at what was produced from IDA. I took a few lua function strings and xref'd do their registered C function to just see. Anyone got some tips for reversing WoW on macOS?
-
Contributor
In case others want to dump it on macOS, I wrote this simple dylib that dumps the file from memory to disk on process exit. Being lazy, I just DYLD_INSERT_LIBRARIES
Source code here:
macOS x86_64 executable dylib dumper . GitHub
-
Post Thanks / Like - 1 Thanks
Finkie (1 members gave Thanks to scizzydo for this useful post)
-
Contributor
vm / run overwatch dump script didn't work ? guess dump would work the same besides adding vm step mind u last messed with mac was before all that
-
Contributor
The only "OverWatch dump" thing I'm aware of was the plug-in for x64dbg, and that's windows. Along with the fact OverWatch isn't even on macOS... not sure why a script for it would exist on Mac
-
Originally Posted by
scizzydo
The only "OverWatch dump" thing I'm aware of was the plug-in for x64dbg, and that's windows. Along with the fact OverWatch isn't even on macOS... not sure why a script for it would exist on Mac
Overwatch being available on a specific platform has nothing to do with the platforms supposed by the "OverWatch dump" thing. The original author made it for Overwatch but it was discovered that it also works with other Blizzard games, such as WoW.
-
Contributor
Originally Posted by
Archos
Overwatch being available on a specific platform has nothing to do with the platforms supposed by the "OverWatch dump" thing. The original author made it for Overwatch but it was discovered that it also works with other Blizzard games, such as WoW.
The fact of windows and macOS are actually very important in the case of the OverWatch dump fix. Not sure if you looked at the code of it on GitHub, but it is specific to -Windows- anti debug techniques, with functions contained in dlls like ntdll (which is a windows thing). Additionally, stuff like fixing the IAT, which is another thing that's Windows specific on the PE header, isn't even going to be helpful on the macOS Mach-O file format and loading. Lastly, the tools that are for this (x64dbg and Scylla) are Windows specific tools, so it kind of seems like your whole comment doesn't have any input here on what the topic is for, and what that comment was about.