I know it’s a bit late, but still. If you haven’t got around to updating your IDA database by either a Diff file or by completely re-doing it, then this post is for you.
The attached IDA 32-bit database features:
Enjoy reversing and updating!
Simply put; the addresses of World of Warcraft are now relative to its main thread. That being said, you need to be able to dynamically fetch the base address of the World of Warcraft process beforeyou can do any reads or writes.
Here’s a quick property to cycle through the selected process’ modules, and pick the one we’re after:
/// <summary>
/// Gets or sets the process.
/// </summary>
/// <value>The process.</value>
/// 14/10/2010 16:52
public static Process Process { get; set; }
/// <summary>
/// Gets the base address of the World of Warcraft application.
/// </summary>
/// <value>The [IntPtr] BaseAddress.</value>
/// 14/10/2010 16:55
public static IntPtr BaseAddress
{
get
{
var ret = new IntPtr();
var modules = Process.Modules;
for (var i=0; i<modules.Count;i++)
{
if (modules[i].ModuleName.Contains("Wow")) ret = modules[i].BaseAddress;
}
return ret;
}
}
Obviously you could also fetch Process.MainModule.BaseAddress, but again, I’d rather keep the loop – assuming there is no second module with Wow in it – this code will keep working even if at some point Wow isn’t its own main module. (Which would be odd, but hey)
