-
Active Member
What steps to safely inject and run your code?
Hello there,
I've been away for some time but would love to play around with live servers again.
Blizzard seems to care more about protecting WoW from bots. So what is currently necessary to safely inject and run your code?
I mean can you still execute your code inside FrameScriptExecute (was this the name back then?)? Is object manager still around? Can you enumerate objects around you? Do you have to unlink your module?
What are the steps to hide your private program?
Last edited by Viano; 08-06-2018 at 06:30 AM.
Viano
-
Post Thanks / Like - 1 Thanks
jaczar (1 members gave Thanks to Viano for this useful post)
-
Member
I tried to hook some functions to get Lua state address and this worked but after ~1 min its crashed with segfault without clear reason. This can be some kind of protection or I just messed up with something like calling conventions and etc(99.999..% chance of second case).
If you run Wow on linux with wine, you can use LD_PRELOAD or recompile wine`s "dxgi.dll" with modified Present and all you code will run as legit direcx library(in main thread) without injections and modifying of executable, but its still detectable, so I don’t think it have any significant advantage and I just consider this as a small bonus of linux usage
P.S. Sowy for my engrish.
Last edited by Tambel; 08-06-2018 at 08:17 AM.
-
Active Member
I'm 100% on Windows and would like to load my dll into WoW and use DirectX hook to run inside main thread. Is it enough to unlink your module or do you have to avoid calling some functions additionally?
-
Elite User
Originally Posted by
Viano
I'm 100% on Windows and would like to load my dll into WoW and use DirectX hook to run inside main thread. Is it enough to unlink your module or do you have to avoid calling some functions additionally?
Why not hooking WndProc instead to run your code inside the main-thread? To do pulse stuff I use SetTimer (set at some point in my WndProc hook), never had trouble with this way. They shouldn't detect private modules unless you do something that's detected...
-
Post Thanks / Like - 1 Thanks
tutrakan (1 members gave Thanks to culino2 for this useful post)
-
Active Member
Originally Posted by
culino2
Why not hooking WndProc instead to run your code inside the main-thread? To do pulse stuff I use
SetTimer (set at some point in my WndProc hook), never had trouble with this way. They shouldn't detect private modules unless you do something that's detected...
Setting a new WndProc can easily be detected by looking at GetWindowLong and check the return value's address range (whether in .text section). It is quite similar as the old WoW Lua C function address check. So the reason why you are not banned out of this is Blizzard is lazy to do this check.
-
Contributor
Originally Posted by
culino2
Why not hooking WndProc instead to run your code inside the main-thread? To do pulse stuff I use
SetTimer (set at some point in my WndProc hook), never had trouble with this way. They shouldn't detect private modules unless you do something that's detected...
Good point. I should be worth to try something similar.
Last edited by tutrakan; 08-08-2018 at 03:02 AM.
-
Active Member
Originally Posted by
culino2
...something that's detected...
And what's that? Can I find out myself? Any hints?
-
Elite User
Originally Posted by
zys924
Setting a new WndProc can easily be detected by looking at GetWindowLong and check the return value's address range (whether in .text section). It is quite similar as the old WoW Lua C function address check. So the reason why you are not banned out of this is Blizzard is lazy to do this check.
I'm pretty sure some legit software is using WndProc hooks too. A simple WndProc hook leading to unknown modules shouldn't be a ban reason for blizzard.
Originally Posted by
Viano
And what's that? Can I find out myself? Any hints?
Warden should be a good start, can't tell you more at this point, I don't even updated my warden detours for x64 yet. I'm not aware of any call checks for x64 beside of the known page checks that lead into a crashes (ClntObjMgrGetActivePlayerObj()) if you don't do it correctly. Feel free to correct me here.
-
Active Member
dxgi hooks has some legitimate use cases such as reshade.