handle returning 0, modBaseAddr about memoryjs HOT 14 CLOSED

There are a few ways to obtain a handle. One way is to steal a handle from Task Manager (since Task Manager maintains a list of all handles to every process running). There are lots of ways to steal handles and there has been a lot of research into it because it's a way to bypass anti-cheats that hook OpenProcess. Look around on the UC forum in the anti-cheat bypass section and you will find a ton of bypasses. Here's something I just found in a few seconds.

from memoryjs.

Is your Node.js version 32 or 64 bit? And is Wow.exe 32 bit or 64 bit?

from memoryjs.

Is your Node.js version 32 or 64 bit? And is Wow.exe 32 bit or 64 bit?

32 bit, Wow.exe is also 32 bit.

Windows 10, if that matters.

from memoryjs.

How does Wow.exe appear when you call memoryjs.getProcesses()?

from memoryjs.

What happens when you log the error message inside the callback? It should tell you if it wasn't able to open the process #31.

from memoryjs.

unable to find process

from memoryjs.

Hmm, try verifying the PID of Wow.exe through task manager, and try opening the process by just using the PID? If that doesn't work then it might be that Wow.exe has some sort of anti-cheat that prevents OpenProcess from working?

from memoryjs.

I guess that must be the case, i'm stumped. Memoryjs returns the correct PID & if I use it as the way to openProcess I get the same error.

from memoryjs.

I would suggest creating an empty C++ project and trying to manually OpenProcess and see if you can get a handle that way:

DWORD dwProcessID = 1234;
HANDLE handle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcessId);

if (handle == NULL) {
  std::cout << "Failed to open handle." << std::endl;
} else {
  std::cout << "Opened handle." << std::endl;
}

This will at least distinguish if it's a problem with the library or a problem with the Wow.exe process specifically.

from memoryjs.

Yeah, failed to open handle.

from memoryjs.

There are a few ways to obtain a handle. One way is to steal a handle from Task Manager (since Task Manager maintains a list of all handles to every process running). There are lots of ways to steal handles and there has been a lot of research into it because it's a way to bypass anti-cheats that hook OpenProcess. Look around on the UC forum in the anti-cheat bypass section and you will find a ton of bypasses. Here's something I just found in a few seconds.

@wuvluv I would also that this is the problem. Something is stripping / otherwise messing yith your handle. Is it a modded client by any chance? I have seen odd implemetations of anti-temper solutions for modded games.

from memoryjs.

Here are some other resources:
hSonic
SilentJack
Handle hijacking with IPC
Handle hijacking via LSASS
hBastard
Finding handles via SVCHOST
Handle hijacking via forced inheritance

A lot of these projects are probably outdated but worth reading about to understand what handle hijacking is and how it works. Essentially the aim of most of these projects are to find handles that were opened by the system and pass them to you.

from memoryjs.

No problem, best of luck!

from memoryjs.

Hey, I know I'm a bit late. Wow's anti-cheat doesn't prevent you from opening handles to the process (at least the old one doesn't). Here's something you should try: https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/debug-privilege

I use it in some code that opens Wow with PROCESS_ALL_ACCESS to inject a dll. But I don't know what version of the client you're trying to use, and I've had problems with memoryjs too.

from memoryjs.