Corrupt file version bypass

[flo8464]

Hi.

I am loading my .dll into WoW right after I start it to hook some functions to grab information.

My problem is just that I can't log in because of the corrupt file check.

Any hint how I can bypass this?

Thank you.

[Apoc]

Hi.

I am loading my .dll into WoW right after I start it to hook some functions to grab information.

My problem is just that I can't log in because of the corrupt file check.

Any hint how I can bypass this?

Thank you.

Hook the CRC function. Remove all your hooks/detours before the CRC func is called -> Call original -> drop your hooks/detours back in. Not that hard.

[Xarg0]

You can find the CRC function easily by placing an on read hwbp somewhere in the code section, if you didn't already find it somewhere around here in a dump or something.

[flo8464]

Thats what I did.

I also tried to free the DLL before the checksum-function (I am hooking the function at 0x00948ED0) got executed.

Does Detours restore the original state after I call DetourDetach() ? Maybe that could be the reason that Detours ****s it up, I think I stop using it and do it myself...

Btw, the checksum-function computes which data? Only .text or more ?

Gotta start reversing it a bit later...

[Cypher]

Thats what I did.

I also tried to free the DLL before the checksum-function (I am hooking the function at 0x00948ED0) got executed.

Does Detours restore the original state after I call DetourDetach() ? Maybe that could be the reason that Detours ****s it up, I think I stop using it and do it myself...

Btw, the checksum-function computes which data? Only .text or more ?

Gotta start reversing it a bit later...

Rifk.

(Filler)

[flo8464]

Rifk.

(Filler)

You like that word ? :>

[Xarg0]

Thats what I did.

I also tried to free the DLL before the checksum-function (I am hooking the function at 0x00948ED0) got executed.

Does Detours restore the original state after I call DetourDetach() ? Maybe that could be the reason that Detours ****s it up, I think I stop using it and do it myself...

Btw, the checksum-function computes which data? Only .text or more ?

Gotta start reversing it a bit later...

DetourDetach() should restore the original function, maybe you've forgotten to unhook some functions?
And I'm pretty sure it does only compute .text, but I'm afraid I can't check if I'm right since I don't have WoW installed anymore.

The CRCHook should look like this:

Code:

MyCRCHook(){ /*dunno the arguments*/
    if(!UnHookFunctions()){/*Error Handling here*/}
    oCRCFunction();
if(!HookFunctions())    {/*Error Handling here*/}
}

UnHookFunctions() Should call DetourDetach() on all your wow function Hooks and return true if it succedes.
HookFunctions() should reinstall your Hooks and return true on success.

EDIT: omg don't free the DLL, that's just not what you want <_<

[Cypher]

DetourDetach() should restore the original function, maybe you've forgotten to unhook some functions?
And I'm pretty sure it does only compute .text, but I'm afraid I can't check if I'm right since I don't have WoW installed anymore.

The CRCHook should look like this:

Code:

MyCRCHook(){ /*dunno the arguments*/
    if(!UnHookFunctions()){/*Error Handling here*/}
    oCRCFunction();
if(!HookFunctions())    {/*Error Handling here*/}
}

UnHookFunctions() Should call DetourDetach() on all your wow function Hooks and return true if it succedes.
HookFunctions() should reinstall your Hooks and return true on success.

EDIT: omg don't free the DLL, that's just not what you want <_<

It hashes more than .text fyi.

Also, yeah, lol @ "freeing the dll", that's a major part of what I was "rifking" at.

[flo8464]

Code:

EDIT: omg don't free the DLL, that's just not what you want <_<

No, I just wanted to try if it changes something what it doesn't.

Well, just a idea, tell me if its stupid:

1. Compute crc of original .text Edit: Ok, of everything which to functions normaly hashes
2. Hook the crc function
3. If WoW calls it, return the value computed in Step 1 instead.

Or maybe I look at WowME .. could help. ;>

Thanks

[Cypher]

Code:

EDIT: omg don't free the DLL, that's just not what you want <_<

No, I just wanted to try if it changes something what it doesn't.

Well, just a idea, tell me if its stupid:

1. Compute crc of original .text Edit: Ok, of everything which to functions normaly hashes
2. Hook the crc function
3. If WoW calls it, return the value computed in Step 1 instead.

Or maybe I look at WowME .. could help. ;>

Thanks

Your ****ing question has already been answered.

Hook the function.

In the hook:
Remove all your modifications.
Call the original function.
Reapply all your hooks.
Return result of original function.

Problem ****ing solved, stop posting useless shit. >_>

[Xarg0]

inb4cloze
(filler)