Pointer chain checks#311
Open
Krilliac wants to merge 4 commits into
Open
Conversation
Introduces a server-only check type CUSTOM_CHECK = 0xF4 that piggybacks on the existing MEM_CHECK (0xF3) wire format so the unmodified client module accepts it, but routes responses through a separate handler that walks a multi-hop pointer dereference chain and validates the final target bytes. Keeps MEM_CHECK validation logic untouched. - Warden.h: add CUSTOM_CHECK enum value - WardenCheckMgr: load Address/Length/Str/Result for CUSTOM_CHECK rows; group with MEM_CHECK in the mem-check id list - WardenWin: per-session chain state (single chain in flight), chain offset parser, hop scheduler in RequestData (emits MEM_CHECK on the wire), separate CUSTOM_CHECK case in HandleData that advances the chain on intermediate hops and memcmp-validates on the terminal hop
Renames the type-244 check across enum, struct, members, helpers, and log strings to reflect what it actually does. Adds contrib/warden/pointer_ chain_examples.sql with four annotated INSERTs demonstrating the feature against vanilla 1.12.1 (build 5875): vtable-hook detection on the Client Object Manager, IAT-detour detection on kernel32!GetTickCount, an object- type spoof check, and a zero-hop smoke test against the SFileOpenFile prologue. Addresses are templates calibrated against publicly documented disassemblies and the addresses already used in WardenWin's module-init block; expected `result` bytes are TODO placeholders to be filled from a clean client capture before deployment.
Up to standards ✅🟢 Issues
|
| Metric | Results |
|---|---|
| Complexity | 0 |
| Duplication | 0 |
NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.
Inspired by Krilliac/AdvancedWarden's MEM2_CHECK pattern (fail when bytes match a known cheat signature) and its GAGARIN_CHECK_ID pair (carry a runtime-discovered dynamic address across two checks). Their C++ doesn't drop in (different fork: TrinityCore + boost + different DB schema), but the inverted-match capability is a small generic addition that lets one POINTER_CHAIN_CHECK row express either: - verify-clean — fail when terminal bytes don't match expected - signature detect — fail when terminal bytes DO match expected Encoded as an optional leading '!' on the chain string: '!0x2,0x4' means "2-hop chain in signature-detect mode". '!' is consumed before offset parsing, leaving the rest of the chain syntax unchanged. Result column carries the signature bytes when in detect mode. Adds a fifth example (id 10005) to contrib/warden/pointer_chain_ examples.sql modeling the AdvancedWarden 3rd-party-allocation scan case. Updates the schema-reminder comment block to document the '!' prefix.
Contributor
There was a problem hiding this comment.
Pull request overview
This PR appears intended to introduce/support “pointer chain checks” for Warden, but the code changes themselves don’t implement a new Warden check type; instead it adds a contrib SQL seed/example file describing a new check type (244 / 0xF4) plus a small header-include change.
Changes:
- Add a new contrib SQL file (
pointer_chain_examples.sql) with examplewardentable rows for a proposedPOINTER_CHAIN_CHECKtype. - Add an extra standard library include in
WardenWin.h. - No functional logic changes are evident in
WardenWin.cpp/WardenCheckMgr.cppbeyond the diff re-rendering.
Reviewed changes
Copilot reviewed 2 out of 4 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| src/game/Warden/WardenWin.h | Adds a standard header include (currently unused as written). |
| src/game/Warden/WardenWin.cpp | No functional change observed in the shown diff. |
| src/game/Warden/WardenCheckMgr.cpp | No functional change observed in the shown diff; review focused on DB-driven type handling. |
| contrib/warden/pointer_chain_examples.sql | Adds example SQL seeds/documentation for a new proposed Warden check type. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
29
to
31
| #include "Warden.h" | ||
| #include <vector> | ||
|
|
Comment on lines
+1
to
+5
| -- ============================================================================ | ||
| -- POINTER_CHAIN_CHECK (type 244 / 0xF4) example seeds for the `warden` table. | ||
| -- | ||
| -- Wire format on the client side is identical to MEM_CHECK (243 / 0xF3); the | ||
| -- server walks a multi-hop pointer dereference chain across consecutive Warden |
Comment on lines
+112
to
+123
| uint16 id = fields[0].GetUInt16(); | ||
| uint16 build = fields[1].GetUInt16(); | ||
| uint8 checkType = fields[2].GetUInt8(); | ||
| std::string data = fields[3].GetString(); | ||
| std::string checkResult = fields[4].GetString(); | ||
| uint32 address = fields[5].GetUInt32(); | ||
| uint8 length = fields[6].GetUInt8(); | ||
| std::string str = fields[7].GetString(); | ||
| std::string comment = fields[8].GetString(); | ||
|
|
||
| WardenCheck* wardenCheck = new WardenCheck(); | ||
| wardenCheck->Type = checkType; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This change is