[Release] LuaFoo - Use Lua Protected Commands

[Apoc]

NOTE: This was detected (for ~4-5 hours). I have updated it to randomize Lua callback registration addresses. See kynox's blog for more info. While, for the moment, it is still safe to use. I would suggest not using it on an account you value. (As soon as Warden starts scanning for the LuaFoo modules, I'll probably pull the project completely.)

First things first; this does NOT enable you to just use commands all willy-nilly like. That is no longer possible, as Warden is now actively scanning that address. However, there are workarounds, and this is one of them!

What this app does

It registers 2 new commands in WoW.

Do

In short; you can pass a STRING containing any Lua you want WoW to execute (this includes protected functions) and it will be executed. You can pass as many params (note: all params must be strings of valid Lua) as you please, and all will be executed in sequential order. This is an UNLIMITED parameter command. It does very little in the way of error checking, so be careful.

DoFile

Requires a valid path to a .lua file. (Does no error checking as far as the extension of the file is concerned, as long as it is valid Lua.) It will run the entire contents of the Lua file in one fell swoop. Be careful with this! This is very useful for things that are too large to fit in a macro for example. Multiple files can be passed to this command. Each file will be parsed in sequence.


Please do note; these commands require strings. So you WILL need to escape things when required.

Example

/run Do("CastSpellByName(\"Renew\")")

That is proper. However;

/run Do(CastSpellByName("Renew"))

Is not. The actual Lua commands must be parsed AFTER being passed to the Do command. (That is the whole point of this thing after all)


Quick little FAQ to piss off those who are paranoid dipshits;

This IS detectable. I won't lie. It is currently not detected, however it's fairly easy for Blizzard to detect it. I do hook the CRC function to avoid some minor issues (those who know why I hook it, well... you know why I hook it.) Other than that, only minor patches are applied in memory.

It DOES use injection. No, I will not register commands out of process. You can go to hell.

It requires .NET 2.0, and may require some VC++ runtime. Honestly, I don't care enough to check it.



I've included an injector (written by Cypher with some minor edits). It's up to you to figure out how to use it. It's really not that difficult. I won't bother explaining how it works.



Credits;

kynox; most of the .NET bootstrapper.
Cypher; the injector, even though it kinda fails on XP.
jjaa; being awesome
Parog; helping test some quick functionality
Errage; being a dumbass and not knowing what OS he's on
Bobbysing; original Lua_DoString prototype, and some others.


Download:
http://filebeam.com/f86d531020a70cfccbb037225a4e6279

Instructions:

Start WoW
Run the Injector.exe
Follow the instructions to inject into WoW.

You should see at least 2 popups containing Lua command register addresses. (One for Do, and another for DoFile)

Instructions for those on XP:

Figure it the **** out yourself. I'm lazy.

If you get an error about LoadLibraryW, find another injector, and inject LuaFoo.Injectee.dll into WoW.



Feel free to report any bugs, etc.

Please keep all macros and whatnot IN THIS THREAD. I don't want to have to cleanup the forums because someone can't post in the proper thread.

[P1raten]

Looks awesome. +rep.

Edit: First.

[Cypher]

You fail, I told you I'd open-source the new one but noooo, you needed something to bitch about like a little girl.

Also, XP is ghey anyway. Take your antiquated OS and stick it in your pooper.

[Parog]

Apoc, I was on XP when I tested this, it's the exact same thing.

PS: This rocks.

PSS: MASSIVE LOL @ "Errage; being a dumbass and not knowing what OS he's on"

[Apoc]

You fail, I told you I'd open-source the new one but noooo, you needed something to bitch about like a little girl.

Also, XP is ghey anyway. Take your antiquated OS and stick it in your pooper.

Apparently it's Errage's fault then. Blame him.

I don't use XP (as you already know) nor do I really care if it does/doesn't work on XP.

[Barrt73Rus]

3.2.0a already fixed this?

Copyright (c) 2009 Cypher. All rights reserved. (Compiled & Edited by Apoc)

Please choose a method to choose the target process:
1. Process Name
2. Window Name
3. Process ID
Choice:
2
Please enter the window name:
World of Warcraft
General Error:
Call to LoadLibraryW in remote process failed.

and with
1. Process Name
3. Process ID
the same

[Parog]

Make sure you have .NET Framework 2.0 or higher and select 1. Process Name, then enter wow.exe and press enter.

[Barrt73Rus]

Make sure you have .NET Framework 2.0 or higher and select 1. Process Name, then enter wow.exe and press enter.

i have net framework 3.5 on win xp sp3

[Apoc]

If you get an error about LoadLibraryW, find another injector, and inject LuaFoo.Injectee.dll into WoW.

[Malmis]

Does it support sleep()? Then you could easily write loops and stuff without having to repress keys

[Robske]

Anxiously awaiting Blizzard's response, lets see if this can beat Kynox' record of "quickest response time to a hack"

Would be an annoyance if they brick CLR hosting / EndScene hooks / Lua Command registering though...

[Cypher]

Anxiously awaiting Blizzard's response, lets see if this can beat Kynox' record of "quickest response time to a hack"

Would be an annoyance if they brick CLR hosting / EndScene hooks / Lua Command registering though...

Brick them?

Not sure what you mean there (I assume you mean 'kill' or 'disable' -- as it means in the console sense), but it's impossible to ban for D3D hooks, the worst you can do is kick for them. You can only ban for public D3D hooks because those can be hashed.

You can't stop CLR hosting, you can detect it, though again, worst would be a kick.

You can't stop Lua command registering. That's highly bannable, however that's always been the case.

[Nonominator]

Why would you want to use this to cast spells? I dont get it....

Whats the main point of it..?

I read. Still don't comprehend why I would need it or someone else would...

[Sikas]

It basically spam one macro key press multiple times to get your rotation for you. And it goes as fast as it can.. faster than human presses sometimes. xD I find it helpful.

[Robske]

Brick them?

Not sure what you mean there (I assume you mean 'kill' or 'disable' -- as it means in the console sense), but it's impossible to ban for D3D hooks, the worst you can do is kick for them. You can only ban for public D3D hooks because those can be hashed.

You can't stop CLR hosting, you can detect it, though again, worst would be a kick.

That's what I meant yes, and I shouldn't have mentioned CLR hosting there

You can't stop Lua command registering. That's highly bannable, however that's always been the case.

Did you mean "can stop"? Surely Blizzard could compare the registered lua functions with a whitelist of sorts?