-
Member
24015 lua unlock
Noob needs help. Use simple CR program and I use bit slicer to perform lua unlock. current offset address is incorrect (100bcc637) despite proven method to find it. as a final insult I use OS Sierra, so switching to working hacks such as EWT, FH, or oLua not preferred option. any help here? or an explanation of what Blizz has done? some subformum mentioned direct attack on WQG. as is obvious i am not a lua programmer
thanks in advance
-
Member
Originally Posted by
mgnewman1
Noob needs help. Use simple CR program and I use bit slicer to perform lua unlock. current offset address is incorrect (100bcc637) despite proven method to find it. as a final insult I use OS Sierra, so switching to working hacks such as EWT, FH, or oLua not preferred option. any help here? or an explanation of what Blizz has done? some subformum mentioned direct attack on WQG. as is obvious i am not a lua programmer
thanks in advance
Same issue, however my script for 24015 found the offset to be 0x100bcc642, unlike yours... Interesting. Hopefully someone will see these post and shed some light.
-
Member
It's no longer a short jump - that's the problem. I have no idea how to patch it. It was easy with short jumps - just change 0x77 to 0xEB and the offset address. Now her jumps I'm not sure about. They seem to take an argument. Does anyone have a clue? It seems I need patch 0x0F87 into 0xE9 which doesn't really seem to fit in properly. Any input will be greatly appreciated.
-
Member
Ok think I got it - you need 3 memory writes:
One for changing the jump type to unconditional
memory write 0x100bcc642 0xe9
Two for the jump offset
memory write 0x100bcc643 0x8a
memory write 0x100bcc644 0x00
That should fix it for now.
-
Post Thanks / Like - 2 Thanks
ggadea,
Doriev (2 members gave Thanks to sbn666 for this useful post)
-
Member
Originally Posted by
sbn666
Ok think I got it - you need 3 memory writes:
One for changing the jump type to unconditional
memory write 0x100bcc642 0xe9
Two for the jump offset
memory write 0x100bcc643 0x8a
memory write 0x100bcc644 0x00
That should fix it for now.
What tools do you use? How did you find this?
Thanks
-
Member
Here is a hint...
B0 01 C3 90
-
Member
Originally Posted by
NessK
Here is a hint...
B0 01 C3 90
Is this a hint to how to find the address? Or what to do once found? If I search the macOS WoW in-memory image I don't get anything useful for that byte sequence. I am trying to learn how to somewhat reliably find the address to modify from patch to patch without having to attach a debugger to WoW and stepping through it.
Sorry, newbie here, though I'm very familiar with coding and somewhat familiar with macOS debugging tools though mostly from the pre-Intel era. Any help or direction is appreciated.