[Question] API Protection 3.3.2

[ca22ca]

Hey guys, i was just wondering, is there any way to remove the API protection for 3.3.2, i was looking and looking but i didnt find anything, and i dont know how to edit the Lua Ninja (created by Cypher), so maybe one of you guys can make a guide or somthing about how to doit, i was trying to inject the DLL, but nothing works yet, i will keep looking for it, if someone got any usefull info please post it.

Tyvm for reading.
:wave:


EDIT:
i want to remove the API protection to use Macros, i kinda love to make them, and use them.
what kind of macros?.

Example.
Frost DK (PVP).

Code:

#showtooltip Obliterate
/startattack
/run if not UnitDebuff("target", "Blood Plague") and GetSpellCooldown("Plague Strike")==0 and IsUsableSpell("Plague Strike") and IsSpellInRange("Plague Strike","target") then CastSpellByName("Plague Strike") end
/run if not UnitBuff("player", "Horn of Winter") and GetSpellCooldown("Horn of Winter")==0 then CastSpellByName("Horn of Winter") end
/run if UnitBuff("player", "Freezing Fog") and IsUsableSpell("Howling Blast") then CastSpellByName("Howling Blast") end
/run if not UnitDebuff("target", "Frost Fever") and IsUsableSpell("Icy Touch") and GetSpellCooldown("Icy Touch")==0 and IsSpellInRange("Icy Touch","target") then CastSpellByName("Icy Touch") end
/run if not UnitBuff("player", "Blood Tap") and IsUsableSpell("Blood Tap") and GetSpellCooldown("Blood Tap")==0 then CastSpellByName("Blood Tap") end
/run if UnitPower("player")>= 32 and IsSpellInRange("Frost Strike","target") and GetSpellCooldown("Frost Strike")==0 then CastSpellByName("Frost Strike") end
/run if UnitBuff("player", "Killing Machine") and IsUsableSpell("Howling Blast") and GetSpellCooldown("Howling Blast")==0 and IsSpellInRange("Howling Blast","target") then CastSpellByName("Howling Blast") end
/run if not UnitBuff("player", "Killing Machine") and IsUsableSpell("Deathchill") and GetSpellCooldown("Deathchill")==0 then CastSpellByName("Deathchill") end
/run if UnitDebuff("target", "Blood Plague") and UnitDebuff("target", "Frost Fever") and IsUsableSpell("Obliterate") and GetSpellCooldown("Obliterate")==0 and IsSpellInRange("Obliterate","target") then CastSpellByName("Obliterate") end
/run if IsUsableSpell("Unbreakable Armor") and GetSpellCooldown("Unbreakable Armor")==0 and UnitHealth("player")/UnitHealthMax("player")<=0.99 then CastSpellByName("Unbreakable Armor") end
/run if UnitPower("player")<= 30 and IsUsableSpell("Empower Rune Weapon") and GetSpellCooldown("Empower Rune Weapon")==0 then CastSpellByName("Empower Rune Weapon") end
/run if UnitHealth("player")/UnitHealthMax("player")<=0.70 and IsUsableSpell("Icebound Fortitude") and UnitPower("player")>= 20 and GetSpellCooldown("Icebound Fortitude")==0 then CastSpellByName("Icebound Fortitude") end
/run if GetSpellCooldown("Mind Freeze")==0 and IsSpellInRange("Mind Freeze","target") and (UnitCastingInfo("target") or UnitChannelInfo("target")) then CastSpellByName("Mind Freeze") StopMacro() end
/run if GetSpellCooldown("Mind Freeze")>=1 and GetSpellCooldown("Strangulate")==0 and (UnitCastingInfo("target") or UnitChannelInfo("target")) then CastSpellByName("Strangulate") StopMacro() end
/run if GetSpellCooldown("Mind Freeze")>=1 and GetSpellCooldown("Strangulate")>=1 and and GetSpellCooldown("Hungering Cold")==0 and (UnitCastingInfo("target") or UnitChannelInfo("target")) then CastSpellByName("Hungering Cold") StopMacro() end
/run if GetSpellCooldown("Mind Freeze")>=1 and GetSpellCooldown("Strangulate")>=1 and and GetSpellCooldown("Hungering Cold")>=1 and and GetSpellCooldown("Death Grip")==0 and (UnitCastingInfo("target") or UnitChannelInfo("target")) then CastSpellByName("Death Grip") StopMacro() end
/run StaticPopup_Hide("MACRO_ACTION_FORBIDDEN");

maybe my macro sucks, but i'm making it better every day

[SinnerG]

deleted

Misreaded the whole damn thing..

[Xarg0]

when you're executing a protected lua function from non blizzard code you'll get an error message, said message can be used to find the protection check function within wow, you could use ollydbg to do so.
You can then patch said function in order to be able to execute protected lua functions in your addons, ofcourse warden is watching the lua protection stuff, so you better be careful with what you patch.

And don't ask fore explicit ways on how to patch the function, it is better if you create your own private method in sens of security.

[Chinchy]

Call FrameScript__Execute from EndScene.

[noctural]

If the goal is to use protected functions within addons, FramScript__Execute from EndScene wouldn't be the route to go, would it?

[Chinchy]

If the goal is to use protected functions within addons, FramScript__Execute from EndScene wouldn't be the route to go, would it?

Yeah, OP was unclear what he wants to do. I didn't see anything in the original post stating he wanted ingame functionality. Merely that he tried injecting LuaNinja's dll in order to achieve being able to use protected API.

[noctural]

I guess the problem I'm unsure how to resolve, is that if warden is watching the lua protection function, then how can it be patched/detoured without detection? I'm not asking for a specific implementation, but more the technique to be employed. (I'm new to reversing, just a developer, e.g. code monkey).

[Chinchy]

If you want to do that then just make the protection check always return 1

Code:

mov eax, 1
retn

To find the protection check just compare a protected vs unprotected LUA function in IDA. Should be obvious where the check is.

Edit:
There's a thread on the first page that basically reiterates what I just said.

[noctural]

If you want to do that then just make the protection check always return 1

Code:

mov eax, 1
retn

To find the protection check just compare a protected vs unprotected LUA function in IDA. Should be obvious where the check is.

Edit:
There's a thread on the first page that basically reiterates what I just said.

I'm pretty sure I don't want to patch with mov eax,1 if warden is hashing the protection check section of code. Does anyone know if warden constantly monitors this or if it's only done once at login..any guidance would be greatly appreciated.

[ca22ca]

Yeah, OP was unclear what he wants to do. I didn't see anything in the original post stating he wanted ingame functionality. Merely that he tried injecting LuaNinja's dll in order to achieve being able to use protected API.

sorry about that, now my post its edited

[Cypher]

If you want to be fairly Warden-safe then I'd say a good combination of ease-of-implementation and safety would be to use a callback to wrap all the code that you want to run without protection checks.

You can do that without hooks by abusing vectored exception handling. It's fairly quick and easy to implement.

[Xarg0]

If you want to be fairly Warden-safe then I'd say a good combination of ease-of-implementation and safety would be to use a callback to wrap all the code that you want to run without protection checks.

You can do that without hooks by abusing vectored exception handling. It's fairly quick and easy to implement.

So you'd write a luacallback which executes all lua commands passed to it via Framescript_Execute? Or did I misunderstand your proposition?

[noctural]

If you want to be fairly Warden-safe then I'd say a good combination of ease-of-implementation and safety would be to use a callback to wrap all the code that you want to run without protection checks.

You can do that without hooks by abusing vectored exception handling. It's fairly quick and easy to implement.

So VEH is a bad idea to use on the protection function itself?

[Cypher]

Personally I think abusing VEH on the callback mechanism is a better approach because that way you can do it without using (or in this case 'wasting') a DR unnecessarily.

[noctural]

I think my problem is that I don't understand registering a lua callback to encapsulate lua. I do however, think I understand using a VEH to set values and bypass code with it being triggered by a DR...even if it's wasteful, it's the only way I think i can do it