Pointer chain checks#311
Draft
Krilliac wants to merge 3 commits intomangoszero:masterfrom
Draft
Conversation
Introduces a server-only check type CUSTOM_CHECK = 0xF4 that piggybacks on the existing MEM_CHECK (0xF3) wire format so the unmodified client module accepts it, but routes responses through a separate handler that walks a multi-hop pointer dereference chain and validates the final target bytes. Keeps MEM_CHECK validation logic untouched. - Warden.h: add CUSTOM_CHECK enum value - WardenCheckMgr: load Address/Length/Str/Result for CUSTOM_CHECK rows; group with MEM_CHECK in the mem-check id list - WardenWin: per-session chain state (single chain in flight), chain offset parser, hop scheduler in RequestData (emits MEM_CHECK on the wire), separate CUSTOM_CHECK case in HandleData that advances the chain on intermediate hops and memcmp-validates on the terminal hop
Renames the type-244 check across enum, struct, members, helpers, and log strings to reflect what it actually does. Adds contrib/warden/pointer_ chain_examples.sql with four annotated INSERTs demonstrating the feature against vanilla 1.12.1 (build 5875): vtable-hook detection on the Client Object Manager, IAT-detour detection on kernel32!GetTickCount, an object- type spoof check, and a zero-hop smoke test against the SFileOpenFile prologue. Addresses are templates calibrated against publicly documented disassemblies and the addresses already used in WardenWin's module-init block; expected `result` bytes are TODO placeholders to be filled from a clean client capture before deployment.
Up to standards ✅🟢 Issues
|
| Metric | Results |
|---|---|
| Duplication | 0 |
NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.
Inspired by Krilliac/AdvancedWarden's MEM2_CHECK pattern (fail when bytes match a known cheat signature) and its GAGARIN_CHECK_ID pair (carry a runtime-discovered dynamic address across two checks). Their C++ doesn't drop in (different fork: TrinityCore + boost + different DB schema), but the inverted-match capability is a small generic addition that lets one POINTER_CHAIN_CHECK row express either: - verify-clean — fail when terminal bytes don't match expected - signature detect — fail when terminal bytes DO match expected Encoded as an optional leading '!' on the chain string: '!0x2,0x4' means "2-hop chain in signature-detect mode". '!' is consumed before offset parsing, leaving the rest of the chain syntax unchanged. Result column carries the signature bytes when in detect mode. Adds a fifth example (id 10005) to contrib/warden/pointer_chain_ examples.sql modeling the AdvancedWarden 3rd-party-allocation scan case. Updates the schema-reminder comment block to document the '!' prefix.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This change is