2.4.3 Api Protection

[Shockah]

I was wondering if there is a manual way to disable wow api protection checks for a 2.4.3 private server i am playing on. Similar to what LuaNinja does.

Thanks in advance for any replies

[Griozx]

i don't think there is a way at the moment,unless cypher don't release a 2.4.3 version of luaninja

[Nesox]

Yes there is, find the protection check on the 2.4.3 client then compare a protected lua function against a regular one and you will notice there's an additional call in the protected one, make it always return 1

Code:

mov eax, 1
retn

write that to the top of the function and it should allow you to run protected api functions.

[Shockah]

Sorry for the retarded responce... but thats jibberish to me :S. Ill try to keep it as desperate-less as i can, what programs would i use to find the protection check, and what would i search for?

[Boomkin101]

Same, would like an explanation on how this is done, im not gunna count on LuaNinja 2.4.3 to be released, so gunna try an learn myself.

[Nesox]

Compare 2 lua functions in IDA one protected and one who isn't find the protection check inject some pwetty bytecodes at the top,
profit???

[Boomkin101]

I've been trying to refrain from posting on this thread again, i don't want to give the impression that i'm lazy, i have been trying. But i just can't seem to even find a protected Lua function, iv been searching for Castspellbyid as a starter but have no direction on how to do it, i've used the search function in IDA a bunch of times, tried searching the exe and through the process but i'm getting nowhere. A little guidance would be very much appreciated.

Thank you, & sorry for being a pain in the ass :P.

[Nesox]

lua_JumpOrAscendStart

[Greyman]

But i just can't seem to even find a protected Lua function, iv been searching for Castspellbyid as a starter but have no direction on how to do it, i've used the search function in IDA a bunch of times, tried searching the exe and through the process but i'm getting nowhere. A little guidance would be very much appreciated.

CastSpellById does not exist as a LUA function, protected or otherwise.

The easiest way to find the implementation of a protected LUA function in IDA:

1. Open up your 2.4.3 IDB
2. Press Shift-F12
3. Order the "Strings" window by the string text
4. Search in the Strings window using Alt-T for the LUA call name
5. Double-click on that string in the Strings window, which will take you to the IDA View window.
6. Your cursor should be on a line similar to this:
.rdata:008AA224 aCastspellbynam db 'CastSpellByName',0 ; DATA XREF: .data:00B9C0F0

7. Double-click on the "00B9C0F0" part of the line. Your cursor should now be on a line similar to this:
.data:00B9C0F0 dd offset aCastspellbynam ; "CastSpellByName"

8. Immediately below that line, should be a line like this:
.data:00B9C0F4 dd offset sub_4C42E0

9. Double-click on the "sub_4C42E0" part of the line.
10. Your IDA view window should now be on the implementation of the protected LUA function in question. Enjoy!

[Boomkin101]

CastSpellById does not exist as a LUA function, protected or otherwise.

The easiest way to find the implementation of a protected LUA function in IDA:

1. Open up your 2.4.3 IDB
2. Press Shift-F12
3. Order the "Strings" window by the string text
4. Search in the Strings window using Alt-T for the LUA call name
5. Double-click on that string in the Strings window, which will take you to the IDA View window.
6. Your cursor should be on a line similar to this:
.rdata:008AA224 aCastspellbynam db 'CastSpellByName',0 ; DATA XREF: .data:00B9C0F0

7. Double-click on the "00B9C0F0" part of the line. Your cursor should now be on a line similar to this:
.data:00B9C0F0 dd offset aCastspellbynam ; "CastSpellByName"

8. Immediately below that line, should be a line like this:
.data:00B9C0F4 dd offset sub_4C42E0

9. Double-click on the "sub_4C42E0" part of the line.
10. Your IDA view window should now be on the implementation of the protected LUA function in question. Enjoy!

Just a few problems / questions if you don't mind.
Im unsure of the method i am using to insert the code

mov eax, 1
retn

I followed everything you put, and then when i got to it, to insert the code i went, Edit > Other > Manual Instruction, and then copy paste the code in. I then run wow, and click Debugger > Attach to process and select wow. Yet the Lua function i just changed will still come up as being blocked in-game.

Also does the method you posted unlock the protection for all Lua functions, or just the one that is editied?

Thanks for the reply btw.

p.s im also very new to all of this, so i realise the way i am doing things may be retarded :P

[1814]

try to patch @ 0x49DBA0

[illenda]

Has anyone gotten this to work? I've tryed to follow what's been written in the above posts but I cannot get it to work. Could anyone tell me which programs I should use to open the exe and the ida/b, feel free to correct any mistakes, really in way over my head here, but really want to get interact with target to work ;p

regards

[ca22ca]

can som1 explain to me what does IDB and IDA means?

[flo8464]

Holy shi....

@ca22ca: If you don't know that you're wrong here, IDA Pro is a static disassembler, IDB is the database-format it creates.

@illenda: If you feel like patching the CRC-checks too, just patch it using
OllyDbg. Else just use WriteProcessMemory/inject your shit to change those OP codes after you logged in.