Originally Posted by
l0l1dk
A few days ago, Blizzard activated a new detection method in the 32-bit client.
luaD_protectedparser (Wow.exe + 0x0B2580) is hooked with the function at Wow.exe + 0x9322E8. It appears to check the call stack for calls coming from outside of Wow.exe, similar to the method that Blizzard tried a couple of years ago to detect Honorbuddy IIRC. The hook is applied by the function at Wow.exe + 0x8DA9FE. It appears to be called in response to a packet send during or immediately after login.
64-bit appears to be still be safe. I haven't seen any Wow-64.exe functions being hooked.
EDIT: After further reversing of the hook function, it doesn't appear to check the call stack very far back, so most tools should still be safe.