Forums WoW Modding Support Archives WoWModding Support Archives [DiscordArchive] Hi everyone,

[DiscordArchive] Hi everyone,

[DiscordArchive] Hi everyone,

rektbyfaith
Administrator
Find
0
09-22-2025, 06:35 PM
#1
Archived author: Lamani • Posted: 2025-09-22T18:35:21.691000+00:00
Original source

Hi everyone,
Im analyzing WoW 3.3.5a (WotLK) in IDA to locate and understand the Warden functions. When I dump the WoW module with Scylla, I get a clean PE suitable for static analysis, but i think the Warden functions reside in runtime memory and are missing from the dump.
If I create a full process dump with WinDbg or Process Hacker, I capture all runtime memory, including heap and dynamically loaded objects, which should include Warden. However, these dumps lack proper PE headers (guess because they are not static), and loading them in IDA shows only Collapsed Segments, making it impossible to analyze functions or assign structures.
Is it correct that Warden is dynamically loaded at runtime and if so how can I handle this in IDA (i just started re for warden as a new sideproject)?
Reply
Reply
rektbyfaith
09-22-2025, 06:35 PM #1

Archived author: Lamani • Posted: 2025-09-22T18:35:21.691000+00:00
Original source

Hi everyone,
Im analyzing WoW 3.3.5a (WotLK) in IDA to locate and understand the Warden functions. When I dump the WoW module with Scylla, I get a clean PE suitable for static analysis, but i think the Warden functions reside in runtime memory and are missing from the dump.
If I create a full process dump with WinDbg or Process Hacker, I capture all runtime memory, including heap and dynamically loaded objects, which should include Warden. However, these dumps lack proper PE headers (guess because they are not static), and loading them in IDA shows only Collapsed Segments, making it impossible to analyze functions or assign structures.
Is it correct that Warden is dynamically loaded at runtime and if so how can I handle this in IDA (i just started re for warden as a new sideproject)?

Reply
Reply
rektbyfaith
Administrator
Find
0
09-22-2025, 08:23 PM
#2
Archived author: Deleted User • Posted: 2025-09-22T20:23:28.182000+00:00
Original source

If you want a proper PE file, dumping via out of process won’t work.
Reply
Reply
rektbyfaith
09-22-2025, 08:23 PM #2

Archived author: Deleted User • Posted: 2025-09-22T20:23:28.182000+00:00
Original source

If you want a proper PE file, dumping via out of process won’t work.

Reply
Reply
Recently Browsing
 1 Guest(s)
Recently Browsing
 1 Guest(s)