Help disabling lua protection

[Ultraviolence]

So far, I've learned how to use IDA to find the implementation of a protected lua function (working with 3.3.5). I used MoveForwardStart as an example, and in it I found the 005191C0 call address, not because I knew what to look for exactly, but because I recognized this offset mentioned by several people here. However, it doesn't make sense to me when CastSpellByName apparently doesn't make any reference to that address. I did figure out how to patch it though, which was incredibly easy.

Using the same method on a later client version doesn't seem to work. I checked many protected functions and none of them appear to be calling one particular offset. Could someone explain why this is? This is about where my knowledge brickwalls and I expect my experience with IDA is probably a limiting factor as well.

The client version in question is a modified 4.0.6 wow.exe for a private Cataclysm server (where all previous retail offsets do not work). My goal is to learn how the 3.3.5a offset was found so I can apply the same method to different versions. Any help or hints would be appreciated.

PS: I know how it is here, so this is a long-shot, but if someone is feeling particularly generous I could upload the modified wow.exe for you to look at.

[DarkLinux]

Take a look at OHack
http://www.ownedcore.com/forums/worl...multihack.html (OHack - An open-source multihack)

https://github.com/fail46/OHack

https://github.com/fail46/OHack/blob/master/Hacks.cpp

Line 9...

[Ultraviolence]

Correct me if I'm wrong, but with that I'll need to find the offset for things like CGGameUI_CanPerformAction then compile a dll for use with OHack. I checked TOM_RUS's 4.0.6 info dump thread just for reference but couldn't find CGGameUI_CanPerformAction. Could that be a problem? In any case I'll need need to find out how to do a function dump I think. This is starting to get fun, I feel like I'm getting somewhere now.

[_Mike]

Correct me if I'm wrong, but with that I'll need to find the offset for things like CGGameUI_CanPerformAction...

Correct.

then compile a dll for use with OHack.

Incorrect. He said look at it (ie. learn from it), not ctrl-c, ctrl-v it. There are plenty of ways of accomplishing what you want besides using a DLL.
Injecting a DLL is a good idea if you need to run more than a few lines of custom code, like say if you wanted to port the whole OHack project to 4.0.6.
If you're only targeting the lua protection then you only need to patch a few instructions and a DLL would be quite the overkill.

I checked TOM_RUS's 4.0.6 info dump thread just for reference but couldn't find CGGameUI_CanPerformAction. Could that be a problem? In any case I'll need need to find out how to do a function dump I think. This is starting to get fun, I feel like I'm getting somewhere now.

Download the IDBs for 4.0.6 and 4.3.3 and compare them. They both have the address of the function you want.
Good to see someone trying to find things themselves for once Good luck.

[Ultraviolence]

I agree, I was just thinking of taking the path of least resistance so to speak. :P Though it doesn't look like I can patch 4.0.6(13623) in the same way I did for 3.3.5 (in CE assembler), assuming I need to use CGGameUI::CheckPermissions. (Is it as simple as that? This is how I did it in 3.3.5a.)

However, I was able to change all the offsets needed for OHack to do it for me. One odd thing though, targeting functions (TargetUnit, TargetNearestEnemy, etc.) still seem to be blocked. Any idea about that?

edit: nvm, found one of you're posts explaining this.