@Shynd

[namreeb]

I have been learning a great deal from your blog on Shynd’s WoW Modification Journal. Thank you very much for your insightful and step-by-step accounting.

I am trying to get player names from memory. I want to avoid having to code in DLL injection, because I don't want to worry about Warden and I don't really need it to suit my purposes (at least, not yet).

Do you know what the current method is for reading this from memory? The magic numbers in your blog on the subject are, not surprisingly given that we're now in WotLK, out of date.

Thank you very much.

PS, if anyone else knows the answer, feel free to chime in =)

[Robske]

http://www.mmowned.com/forums/wow-me...layername.html

Updated 3.0.3 pointer: nameStorePtr=0x011AE3D0 + 0x8

or

You use call VMT 47 I believe

[Cursed]

I have been learning a great deal from your blog on Shynd’s WoW Modification Journal. Thank you very much for your insightful and step-by-step accounting.

I am trying to get player names from memory. I want to avoid having to code in DLL injection, because I don't want to worry about Warden and I don't really need it to suit my purposes (at least, not yet).

Do you know what the current method is for reading this from memory? The magic numbers in your blog on the subject are, not surprisingly given that we're now in WotLK, out of date.

Thank you very much.

PS, if anyone else knows the answer, feel free to chime in =)

For the last time: DLL Injection is NOT watched by Warden-.- (Alot of 'legal' tools use it (Anti-Virus etc.))

[arigity]

you could just take a look at how the unitname lua function does it.

[namreeb]

For the last time: DLL Injection is NOT watched by Warden-.- (Alot of 'legal' tools use it (Anti-Virus etc.))

On a more fundamental level, nothing that I'm doing or planning to do requires injection, so why take the risk of Warden changing its behavior in the future?

[Shynd]

Yeah, my journal has fallen out of usefulness, lately, because I've been way too busy actually PLAYING WoW to do much reversing lately. But, my suggestion to everyone is thus: learn how to reverse-engineer. Once you do that, you can easily find lua functions (string search for "UnitName") and then reverse them to find the offsets you need.

[lanman92]

It would be much easier and nicer looking to just inject some code and get the return value... It's not detectable, Cypher has said a thousand times that warden doesn't watch DLLs that are injected(other than CE, glider, etc...) and it doesn't do a stack trace.

[Cypher]

On a more fundamental level, nothing that I'm doing or planning to do requires injection, so why take the risk of Warden changing its behavior in the future?

Yawn.

You will NOT get banned, EVER, for injecting an arbitrary DLL that is not on the CRC list (ie a known hacking dll such as CheatEngine, ISXWoW, whatever). LOTS of software injects DLLs, its a standard procedure. Some examples: IM Software, Video Recording Software, AV Software, Firewalls, IDS, Global Ad-blockers, etc etc. Assuming you are not calling functions inside or modifying WoWs .text segment.

Using that DLL to hook DirectX APIs, certain Windows APIs, etc. Again, this is standard practice among MANY legitimate applications.

To get banned for DLL injection Warden would have to implement what is known as a 'stack trace'. The way this works is that every time you call a function the return address is stored on the 'stack'. Warden would check for any out-of-range pointers (ie ones coming from somewhere outside WoWs code section) and then either kick or ban the user. I highly doubt they will do this though because it could potentially be a performance issue. Frankly, if they were worried about function calls they would've implemented that a long time ago, there is so much stuff Warden could do to stop 99.99% of cheaters out there but they don't. Why? Privacy issues. Look at the shitstorm created by the douchebag Greg Hoglund when he QQed about warden scanning window titles. ZOMG ITS READING MY PR0N. All warden did then was HASH the title and send back the HASH, thats a ONE-WAY HASH, and they removed that because even THAT was seen as a 'privacy issue' so I highly doubt they're ever going to reimplement something intrusive like that again because captain douchebag would be right on the case.

Also, on another level, whilst what you're doing may not "require" injection, injection can one or two pages of out-of-process code into a single line.

eg. Transforming all the manual cache reading and object pointer manipulation and different methds for different types etc into this:
CGObject_C * MyObject = 0xDEADBEEF;
const char* Myname = MyObject->GetObjectName();

If you wanna be paranoid thats fine, but is it really worth it? You gain a tiny bit of 'safety' but loose so much power, its not worth the tradeoff, but thats just imo.

PS. There are ways you can work around simple stack traces. The most simple being pushing a "dummy" return address on the stack but thats out of the scope of this discussion.