lua unlocker что такое
Thread: Lua Unlocker (1.12.1, 2.4.3 & 3.3.5a)
Thread Tools
Search Thread
Lua Unlocker (1.12.1, 2.4.3 & 3.3.5a)
This is a simple Lua unlocker for the versions already mentioned in the title (1.12.1, 2.4.3 & 3.3.5a). Extending it with support for other versions should be easy.
Uses a hardware breakpoint at the start of the function, skips all the protection by adding the full length of the function minus the return instruction and changes the value of the EAX register to 1.
No further explanation should be necessary. If you don’t know what this is, then you don’t need it. 
These ads disappear when you log in.
+rep on confirmation, stuck at work so I can’t test. I’d love to hear if this works
edit: Update, works and is a clean file!
Just print a list of running WoW PIDs to the console and let the user pick 1.
See the following link for examples with rotation macros:
[PLUA/MACRO] Unofficial PLUA/MACRO Thread
Had no idea about dnspy that would have been quicker than ildasm.
https://mega.nz/#!HIQnBboC!E7rQSkFA2Szqkd2qAhVtXQlo-hLwJNJRaXDvzpuRBkU
Multibox friendly version of the above, will inject into all running copies of wow that it finds instead of only the first one.
*edit* Doesnt work, Apoc’s code that’s used uses a bunch of static vars, so only the first hook works. Will fix later,
Just noticed, you dont get a full unlock on 3.3.5, /run TargetUnit(«player»); fails as do other targeting commands.
Upon further reading, Targeting commands have their own checks as well as the check this patches. Everything bar those work, so just /assist to target hostiles and for friendly spells the following works
Targeting could be gotten working individually, or maybe could bp reads to the lua taint state and always return clean.
Works a treat on 1.12 as mentioned above though for all commands.
Can confirm, my lua macros still blocked on 3.3.5a
So the above didnt work for multiboxing, the ExternalProcessHook class was not designed to hook multiple procs, lots of use of static etc and unthread safe use of a list etc.
So below find a modified version of Apoc’s hook code to handle hooking upto 4 different processes, as well as ability to run the app like unlocker.exe charname1 charname2 and have the unlocker skip those 2 copies of wow. only added offsets for 3.3.5 to handle name reading but can be removed then built with no dependencies.
Full credit to APOC for the ExternalProcessHook and greenthing for the rest of the code and not obsfucating his source.
Hopefully someone finds this useful.
Lua unlocker что такое
Код помещаем в аддон BindBP. Открывается он по слеш команде /bp, далее кликаем по крестику, задаём имя и иконку, нажимаем «ок» и у нас появится основное окно в которое нужно вписывать скрипт. Для последующего редактирования нужно будет кликать левой клавишей мышки по иконке «макроса» т.к. правая задаёт бинд. Бинд на скрипт во избежание «палева» лучше не ставить т.к. всё содержимое улетит в чат.
Запускать нужно 1 раз, вошли в игру запустили и забыли до тех пор, пока не перезагрузите интерфейс /reload или релогнитесь.
Не даёт использовать Хватку Смерти в Тотем Заземления и Отражение заклинания. Если на цели есть данные бафы то используется спел Темная власть, который сбивает данные бафы.
/run if (not UnitBuff(«target», «Отражение заклинания»)) and (not UnitBuff(«target», «Эффект тотема заземления»)) then RunMacroText(«/cast Хватка смерти») end
/run if UnitBuff(«target», «Отражение заклинания») or UnitBuff(«target», «Эффект тотема заземления») then RunMacroText(«/cast Темная власть») end
Для Ледяных оков
/run if (not UnitBuff(«target», «Эффект тотема заземления»)) and (not UnitBuff(«target», «Отражение заклинания»)) then RunMacroText(«/cast Ледяные оковы»)end
/run if UnitBuff(«target», «Эффект тотема заземления») or (UnitBuff(«target», «Отражение заклинания»)) then RunMacroText(«/cast Темная власть»)end
Для Лика смерти
/run if (not UnitBuff(«target», «Эффект тотема заземления»)) and (not UnitBuff(«target», «Отражение заклинания»)) then RunMacroText(«/cast Лик смерти») end
/run if UnitBuff(«target»,»Отражение заклинания») or UnitBuff(«target»,»Эффект тотема заземления») then RunMacroText(«/cast Темная власть») end
PS: Я никому не навязываю использование запрещенный скриптов и макросов. Я понимаю что в некоторых ситуациях они только усугубят положение. Я понимаю что руки главное и ничто их не заменит.
Играл на пиратке, был интерес. Результат тут. Надеюсь это кого-то заинтересует и он сделает большее хотя бы для себя.
PPS: Данная информация составлена мной(DiSq) и использовалась на клиенте 3.3.5
Thread: What is LUA Unlocking?
Thread Tools
Search Thread
What is LUA Unlocking?
im going to snipe the AH at Everlook. ive done it before the old school way, but theres a new method that involves unlocking the LUA. i have the program to unlock it, but im just curious, what does unlocking it exactly do? what else can i do with the lua unlocked?
These ads disappear when you log in.
There are functions in WoW’s addon API which are «protected», and can only be called from secure (Blizzard) Lua code. These protected functions do things such as control movement, spell casting, etc.. A Lua Unlock will allow insecure code (regular addons) to call these protected functions. Lua Unlocks are usually used for AH sniping, or for automating your rotation. You can find macros and scripts which use a Lua Unlock for your class here.
interesting, thanks =) sounds like you could do some crazy shit with unlocking the lua.
Sorry for necroposting.
I’ve been thinking about this whole unlocking thing, got me very curious. Can’t really understand how you can «unlock» protected methods while bypassing the interface rules. I mean i always thought this is pretty much impossible without altering the source code.
I’m not familiar with lua and wow api, but if anyone can briefly (if possible at all) explain how this whole thing works, i’d be very thankful.
LUA unlocker simply reads the function’s value. Using a reverse engineering program such as IDA, a programmer tries to isolate the offset which triggers such value. WoW is one of the more easier games to read, because the offsets usually has a specific string, such as «Obj_TargetGUID». Once you find these offsets, you can use a client-sided program, a bot, to run these functions. Here is a video of what I mean: https://www.youtube.com/watch?v=hABj_mrP-no
Here is an example of using a protected function. The non-protected API is the range check of the spell. The protected API is casting the spell: