wow questions / new to wow, not to rce

[jnf]

hi,

After reading through the forums some today I find myself looking for a decent starting place. I'm pretty familiar with RCE in general and have plenty of experience under my belt in that department, just not experienced with reversing wow. I'm currently sitting behind a linux box, so no wow installed, and I'm sure some of these questions would be quickly answered just by having that and popping open ida/etc, feel free to smack me for such things. That all said, my few questions are as follows:

0. any decent architecture docs? (looking through various structs/etc im guessing i can expect an event loop in the main thread-- anything that delves into this more)

1. any encompassing docs on warden? (this runs in ring-0 correct? does it reside on disk anywhere or am I going to have to dump it from memory?)

2. any decent network protocol docs and how often do significant portions of this protocol change?

3. how much cruft is there between the lua interface and the underlying functions it calls? (i.e. would an effective method for getting to a particular section of code be calling a lua api that would probably call it and dig down from there?)

4. I assume at least some components are packed/encrypted-- any decent docs on this?

5. Any work been done in reversing their patch format/etc ?

6. mmowned appears to be one of the few resources on this subject-- recommendations on other forums/docs/etc?

7. is there a common consensus on which emulator most accurately emulates the official server?

8. test accounts or pre-paid game cards for testing things out?

Basically, I'm perfectly capable of finding out a lot of this myself, and regardless I probably will, I'm just looking for a base to build off of to speed things up. A lot of the posts in here give things like offsets/etc but lack any coherent overview of 'the state of reversing wow'. any input in this area is appreciated.

[SKU]

Hi

6) gamedeception.net -> WoW section (Game Deception - Forums)

Blizzard officially lets you create trial accounts (10days). They have obviously less features than the normal accounts but are amazingly useful for testing purposes.
World of Warcraft 10-Day Free Trial (I hope this link works, otherwise: worldofwarcraft.com -> Top right corner is an image displaying "World of Warcraft Free 10 Day Trial" or if you're from EU: wow-europe.com.

The other questions are way over my head, I'm sorry I'm not being a great help.

[jnf]

Thanks, gamedeception.net has shown itself to be fairly useful-- off the bat i got some of my warden questions answered (http://forum.gamedeception.net/showthread.php?t=13093)

I wonder what there is to stop you from patching the load function with just a mov eax, 0x01 leave ret and unload with a leave/ret combo-- ill probably just have to dig in to find answers to more questions on the subject. This seems like a pretty wonky/ineffective way to do things, but maybe I'm just over-estimating them.

At any rate, thanks for the link/etc.

[luciferc]

For Patches * you do Signatures.

And Most likely your best bet to learn the ASM / commands is to search thru the forms.

VMT's as they are called u can find Interact etc...

Also look up the Blackmagic library for some ASM code copypasta goodies.

[kynox]

0. any decent architecture docs? (looking through various structs/etc im guessing i can expect an event loop in the main thread-- anything that delves into this more)

The general class hierarchy that you will encounter is as follows:

CObject
CGameObject
CDynamicObject
CUnit
CPlayer
CLocalPlayer
CItem

Each of these objects are linked via Linked List which is stored via the TLS. I also documented a method of extracting this via another class in the WoW client, known as the s_currentConnection.

My Framework on G-D or bobbysing's WoWX base are great starting points as they expose a number of functions and structures.

1. any encompassing docs on warden? (this runs in ring-0 correct? does it reside on disk anywhere or am I going to have to dump it from memory?)

Warden is run under usermode, it's a encrypted module stripped of the PE Header and sorts. It is loaded using a custom header as you have already seen and is periodicly called from WoW every 15s which is told to do so by the server.
It's stored in the cache files to prevent multiple downloads, but dumping from memory is generally the easiest approach.

2. any decent network protocol docs and how often do significant portions of this protocol change?

The are a plethora of emulated servers which have an astounding amount of documentation on the protocol. It does not change too often as patches are usually months apart.

3. how much cruft is there between the lua interface and the underlying functions it calls? (i.e. would an effective method for getting to a particular section of code be calling a lua api that would probably call it and dig down from there?)

Yes, the LUA api is a great way to expose engine functions. It's almost as good as having labeled function names for important engine functions

4. I assume at least some components are packed/encrypted-- any decent docs on this?

Regarding world packets, see answer #2. Warden is encrypted and compressed with zlib. Warden uses a simple RC4 encryption on all of its packets.

5. Any work been done in reversing their patch format/etc ?

I assume you mean the game client files? Yes, an extensive amount.

6. mmowned appears to be one of the few resources on this subject-- recommendations on other forums/docs/etc?

Game-Deception

7. is there a common consensus on which emulator most accurately emulates the official server?

As Ascent is no longer open source (afaik), i would go with mangos

8. test accounts or pre-paid game cards for testing things out?

Trials, definately. Though, i've tested that the server handles them differently to legit accounts. I emulate warden completely, and as a result am able to send my own datastream back, i sent back all the flags for mass detection; yet never received a ban.
My guess is that Blizzard has caught on to this, and won't ban it until you upgrade the account to a legit account.

Feel free to PM me if you require any more information, you don't seem like your average nub; a rarity on these forums .