burner03
commented
5 years ago Is your Node.js version 32 or 64 bit? And is Wow.exe 32 bit or 64 bit?
32 bit, Wow.exe is also 32 bit.
Windows 10, if that matters.
Closed burner03 closed 5 years ago
burner03
commented
5 years ago Is your Node.js version 32 or 64 bit? And is Wow.exe 32 bit or 64 bit?
32 bit, Wow.exe is also 32 bit.
Windows 10, if that matters.
Rob--
commented
5 years ago How does Wow.exe appear when you call memoryjs.getProcesses()?
Rob--
commented
5 years ago What happens when you log the error message inside the callback? It should tell you if it wasn't able to open the process #31.
burner03
commented
5 years ago unable to find process
Rob--
commented
5 years ago Hmm, try verifying the PID of Wow.exe through task manager, and try opening the process by just using the PID? If that doesn't work then it might be that Wow.exe has some sort of anti-cheat that prevents OpenProcess from working?
burner03
commented
5 years ago I guess that must be the case, i'm stumped. Memoryjs returns the correct PID & if I use it as the way to openProcess I get the same error.
Rob--
commented
5 years ago I would suggest creating an empty C++ project and trying to manually OpenProcess and see if you can get a handle that way:
DWORD dwProcessID = 1234;
HANDLE handle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcessId);
if (handle == NULL) {
std::cout << "Failed to open handle." << std::endl;
} else {
std::cout << "Opened handle." << std::endl;
}This will at least distinguish if it's a problem with the library or a problem with the Wow.exe process specifically.
burner03
commented
5 years ago Yeah, failed to open handle.
Rob--
commented
5 years ago There are a few ways to obtain a handle. One way is to steal a handle from Task Manager (since Task Manager maintains a list of all handles to every process running). There are lots of ways to steal handles and there has been a lot of research into it because it's a way to bypass anti-cheats that hook OpenProcess. Look around on the UC forum in the anti-cheat bypass section and you will find a ton of bypasses. Here's something I just found in a few seconds.
p410n3
commented
5 years ago There are a few ways to obtain a handle. One way is to steal a handle from Task Manager (since Task Manager maintains a list of all handles to every process running). There are lots of ways to steal handles and there has been a lot of research into it because it's a way to bypass anti-cheats that hook OpenProcess. Look around on the UC forum in the anti-cheat bypass section and you will find a ton of bypasses. Here's something I just found in a few seconds.
@wuvluv I would also that this is the problem. Something is stripping / otherwise messing yith your handle. Is it a modded client by any chance? I have seen odd implemetations of anti-temper solutions for modded games.
Rob--
commented
5 years ago Here are some other resources: hSonic SilentJack Handle hijacking with IPC Handle hijacking via LSASS hBastard Finding handles via SVCHOST Handle hijacking via forced inheritance
A lot of these projects are probably outdated but worth reading about to understand what handle hijacking is and how it works. Essentially the aim of most of these projects are to find handles that were opened by the system and pass them to you.
Rob--
commented
5 years ago No problem, best of luck!
sundayz
commented
5 years ago Hey, I know I'm a bit late. Wow's anti-cheat doesn't prevent you from opening handles to the process (at least the old one doesn't). Here's something you should try: https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/debug-privilege
I use it in some code that opens Wow with PROCESS_ALL_ACCESS to inject a dll. But I don't know what version of the client you're trying to use, and I've had problems with memoryjs too.
Is your Node.js version 32 or 64 bit? And is Wow.exe 32 bit or 64 bit?