-
Contributor
arm-mah-gerd (macOS since 10.2.6 53989)
Since there has been all this talk of mac & arm in the memory editing section, I decided to create this specific thread. Attached are some of the patterns I've found so far in converting my wow tool over to macOS (I will just leave patterns, not structures here)
Code:
SETUP_PATTERN(g_WoWClientDB2__Spell, "FD 83 00 91 X ? ? ? ? 73 ? ? 91 ? ? ? ? 21 ? ? 91 E0 03 13 AA /da");
SETUP_PATTERN(ptUnkForQuestObjectiveCache, "? ? ? ? 94 ? ? 91 E0 ? ? AA ? ? ? ? E0 ? ? AA E1 ? ? AA 02 ? ? 52 FD ? ? A9 F4 ? ? A8 ? ? ? ? ? ? ? ? 68 /da");
SETUP_PATTERN(CGQuestObjectiveCache__ObjectTrackedInQuest, "E1 ? ? AA 02 ? ? 52 FD ? ? A9 F4 ? ? A8 X ? ? ? ? ? ? ? ? 68 /da");
SETUP_PATTERN(CMissile__s_inFlightMissileList, "09 ? ? F9 X ? ? ? ? 08 ? ? 91 68 ? ? F9 ? ? ? ? 28 ? ? F9 68 ? ? F9 /da");
SETUP_PATTERN(s_spellShadowPos, "89 ? ? ? X ? ? ? ? B5 ? ? 91 E9 ? ? B9 /da");
SETUP_PATTERN(g_lasthardwareaction, "02 ? ? 0A X ? ? ? ? 1F 20 03 D5 /da");
SETUP_PATTERN(s_curMgr, "? ? ? ? 08 ? ? F9 09 81 04 91 /da");
SETUP_PATTERN(g_lua_taintedclosure, "09 ? ? F9 08 ? ? ? 68 ? ? ? X ? ? ? ? 1F 20 03 D5 /da");
SETUP_PATTERN(g_lua_taint, "E0 ? ? AA ? ? ? ? X ? ? ? ? 1F 20 03 D5 08 ? ? F9 E8 ? ? F9 ? ? ? ? 21 /da");
SETUP_PATTERN(g_lua_context, "FD ? ? ? X ? ? ? ? 60 ? ? F9 ? ? ? ? 21 ? ? 91 02 ? ? 52 ? ? ? ? 60 /da");
SETUP_PATTERN(g_type_table, "E0 ? ? BD E8 ? ? 39 X ? ? ? ? 18 ? ? 91 08 ? ? ? 00 /da");
SETUP_PATTERN(g_MouseoverGUID, "09 ? ? F9 29 ? ? ? X ? ? ? ? B5 ? ? 91 3F /da");
SETUP_PATTERN(g_game_state, "C0 03 5F D6 X ? ? ? ? 08 ? ? 79 00 ? ? 53 C0 03 5F D6 /da");
SETUP_PATTERN(g_screen_ratio_compensation, "00 ? ? BD X ? ? ? ? 00 ? ? 91 ? ? ? ? ? ? ? ? ? ? ? ? 00 ? ? 91 /da");
SETUP_PATTERN(g_unkContainsMouse, "C0 03 5F D6 X ? ? ? ? 1F 20 03 D5 08 ? ? F9 09 ? ? F9 /da");
SETUP_PATTERN(g_CurFrame, "1F ? ? 39 X ? ? ? ? 18 ? ? 91 14 03 40 F9 /da");
SETUP_PATTERN(g_corpse, "68 ? ? B9 X ? ? ? ? 94 ? ? 91 69 ? ? B9 88 ? ? B9 /da");
SETUP_PATTERN(g_zone, "68 ? ? B9 X ? ? ? ? 28 ? ? B9 ? ? ? ? ? ? ? ? 00 ? ? 91 /da");
SETUP_PATTERN(CGGameUI__HandleTerrainClick, "1F 05 00 71 ? ? ? ? E0 ? ? AA X ? ? ? ? 60 ? ? ? 88 /da");
SETUP_PATTERN(GUIDToString, "E0 ? ? AA 02 ? ? 52 X ? ? ? ? 88 ? ? ? 80 /da");
SETUP_PATTERN(g_spellDB, "1F 00 00 F1 F6 ? ? ? X ? ? ? ? 00 ? ? 91 E3 ? ? 91 E1 ? ? AA /da");
SETUP_PATTERN(WowClientCompressedDBCache__GetRecord, "1F 00 00 F1 F6 ? ? ? ? ? ? ? 00 ? ? 91 E3 ? ? 91 E1 ? ? AA 02 ? ? ? X ? /da");
SETUP_PATTERN(CUnitDisplay__GetCurrentAnimation, "C8 ? ? ? E0 ? ? AA 21 ? ? 52 X ? ? ? ? E1 ? ? AA ? ? ? ? 00 ? ? 91 /da");
SETUP_PATTERN(CGGameObject_C__GetLockRec, "E0 ? ? AA X ? ? ? ? 40 ? ? ? F6 ? ? AA 01 /da");
SETUP_PATTERN(ptCGWorldFrameStrc, "E3 ? ? FD E0 ? ? BD X ? ? ? ? 1F 20 03 D5 /da");
SETUP_PATTERN(CGWorldFrame__Intersect, "03 00 80 D2 25 ? ? ? 05 ? ? ? X ? ? ? ? A0 /da");
SETUP_PATTERN(CGWorldFrame__GetScreenCoordinates, "E2 ? ? 91 E0 ? ? AA 03 00 80 52 X ? ? ? ? A0 /da");
SETUP_PATTERN(CGMovementShared__SetRawFacing, "A0 ? ? BD E0 ? ? AA X ? ? ? ? 60 ? ? 34 /da");
SETUP_PATTERN(CGUnit_C__SendMovementHeartBeat, "E0 ? ? F9 X ? ? ? ? E0 ? ? 91 ? ? ? ? 68 /da");
SETUP_PATTERN(Script_GetGUIDByToken, "01 00 80 52 03 00 80 52 04 00 80 52 05 00 80 52 X ? ? ? ? E8 03 00 AA /da");
The pattern scanner I use is the one I have made and am constantly updating: GitHub - scizzydo/PatternScanner
From my retail wow tool, I have about ~70 patterns... so this is just the first chunk identified. I have scanned against 2 previous release, so I haven't had time to build "reliable" patterns.
Feel free to use this thread for any macOS/arm questions there are as these forums are kinda empty on that part! I will be updating my stuff as I go.
3/30/2024
Added more signatures
Last edited by scizzydo; 03-30-2024 at 09:07 PM.
Reason: Updated patterns
-
Post Thanks / Like - 8 Thanks
-
Contributor
The following is what I use to dump the game: macOS x86_64 executable dylib dumper . GitHub
Idea with it is, inject dylib (DYLD_INSERT_LIBRARIES or inject) and just close client. Alternatively, I have started using Bit Slicer, which also can dump the game from memory.
-
Post Thanks / Like - 2 Thanks
-
Contributor
Added a total of 30 patterns, and updated pattern scanner accordingly with what has been tested.
-
Established Member
+1 for the name.
Hopefully not hijacking, but created a blizzget kinda clone in rust. Wanted to throw it up here because it might help for others to download the other architecture and operating system builds from one machine.
I have to take a peek and see if I can get it to download the mac builds too. Its a real quick tool I wrote up. In the main download command I think the name filter just needs to be changed to also grab the mac binaries.
GitHub - ohchase/blizztools: a super sloppy, quick tool for interact with blizzard cdn
-
If you want to extract binaries from a Universal Binary (FAT Mach-O) you can also use the below command ("x86_64" or "arm64")
Code:
lipo -extract arm64 wow -output wow_arm64
Last edited by Archos; 04-12-2024 at 12:31 PM.
-
Post Thanks / Like - 1 Thanks
scizzydo (1 members gave Thanks to Archos for this useful post)
-
Contributor
Originally Posted by
Archos
If you want to extract binaries from a Universal Binary (FAT Mach-O) you can also use:
Code:
lipo universalBinary -remove x86_64 -output armBinary
Good note. I think the main thing though isn't about extracting the arm or x86, but dumping the decrypted version.
-
Do you happen to have an example showing how this is implemented?
-
Contributor
Originally Posted by
Archos
Do you happen to have an example showing how this is implemented?
How what is implemented? If it's directed to me, my dumper and pattern scanner are linked already
-
Member
Anyone have this MacOS binary (53989) to share?
Last edited by goblin2kx; 23 Hours Ago at 07:20 AM.
-
Contributor
Originally Posted by
goblin2kx
Anyone have this MacOS binary (53989) to share?
What is it you're looking for? I can update patterns to whatever it is now. I didn't update the original post with new patterns, but i do have them
-
This makes sense. I was wanting to translate what you did to something like Rust or Python but it looks like I am missing a link lol