Lua code in IDA for unpacked binary

[0xd5d]

Hello,
I'm currently looking into making improvements on my working wow classic pixel bot to make it read memory. I'd like to find the offset/addresses by myself to have a good understanding of what is going on

I'm wondering why even for unpacked binaries, the LUA method code is not always clear in IDA. For example, following this ([Tutorial] How to find simple stuff) tutorial, I'm trying to have a look at the "GetMinimapZoneText" LUA method.

IDA shows this:
GetMinimapZoneText_IDA.PNG

At 0x142984D08 there is no clear "sub_..." method and the code at 0x14057B878 is not readable (just "dq" instructions).
code_not_readable.PNG

I first practiced on an old client version (3.3.5) and I didn't have this issue.

Is it a consequence of the Blizzard obfuscation? is there any workaround?

[thateuler]

you must have an older version of ida. I'm using 7.6, it works well.

You should be able to undefined (keypress 'u') at qword_blah+38h, and then convert to code (keypress 'c') at that same location.

The thing about Lua C functions is that the call target can't be determined easily with just static information (like can be done with an e8 call). but are called by the Lua execution engine using absolute indirect (ff) addressing. My guess is that your specific version of ida can't detect where the function starts. So just telling ida directly should work.

All lua C functions are the same prototype and call convention. function with one argument, returning void. the argument is passed in rcx and is a pointer to the Lua context (s_context usually). The ida I use detects these Lua functions as __fastcall convention. which afaik is working just fine.

Edit: looks like Lua c function return int. not void.

lua/lua.h at v5.1.1 . lua/lua . GitHub. (i think that wow uses a modified Lua 5.1.4. but I don't see a tag for 5.1.4 on GitHub.)

[0xd5d]

Thank you.
I'm using IDA free version, the last one: v7.7.220118.
Tried with IDA free version v6 and got the same behavior.

Maybe it's linked to the free version then

[doityourself]

ida free got some function detecton issues even when defining them manually.

[Razzue]

Zone ID: GameBase + 0x2B285F8 (tbc)
Map ID: [GameBase + 0x2B278F0] + 0x160

Zone Ids
Map Ids

Off note, I just recently noticed the classic clients store both classic AND retail Zone Ids in memory. roflmao

closest i could find was link to 5.1.5, doubt "too" much changed from .4 -> .5 though :P link from lua site directly

[ChrisIsMe]

aaaaaaaaaaaaaaaaaaaa

[0xd5d]

For the record, changed to the pro version, most of the above issues have disappeared.
Thanks all