-
Member
Originally Posted by
pkingd3vil
Forgive me for I'm trying to learn this. So you made a class that handles reading wow, with a method it in that will read unsigned int 64bit so "long" and your checking if its not equal to NULL with the long suffix. so that //0xB71B48 is a memory address that you did a type def on for lootwindow?
I really think you should learn the basics of your language of choice before going for these kinds of things...
-
Banned for scamming
0xB71B48 contains the GUID of the current looting wowobject, so if it's != 0, then you are currently looting something.
-
Post Thanks / Like - 1 Thanks
hordewarrior (1 members gave Thanks to JuJuBoSc for this useful post)
-
Member
PHP Code:
BlackMagic _magic = Globals.Magic;
if (_magic.IsProcessOpen)
{
while (true)
{
//check the looting window is opened
if (_magic.ReadInt64((uint)0xB71B48) != 0L)
{
uint codeCave = _magic.AllocateMemory();
try
{
_magic.Asm.Clear();
_magic.Asm.AddLine("mov ecx, 0");
//call auto loot
_magic.Asm.AddLine("call " + (uint)0x4C1FA0);
_magic.Asm.AddLine("retn");
_magic.Asm.InjectAndExecute(codeCave);
_magic.Asm.Clear();
}
catch (Exception ee)
{
MessageBox.Show(ee.ToString());
}
_magic.FreeMemory(codeCave);
}
Thread.Sleep(1000);
}
}
else
{
_magic.OpenProcessAndThread(SProcess.GetProcessFromProcessName("Wow"));
}
it crash some times, Who can tell me why, thx!
-
Contributor
Code:
_magic.Asm.InjectAndExecute(codeCave);
Wrong.
-
Member
Originally Posted by
Sacred
Code:
_magic.Asm.InjectAndExecute(codeCave);
Wrong.
how to use blackmagic to inject?
I use InjectAndExecute it works most of time, it only crash some time
-
Contributor
Detour endscene or any other function that called from main thread. There are tons of examples, use search.
-
Code:
_magic.Asm.AddLine("mov ecx, 0");
maybe I'm wrong, but I dont think this ^ will work. Isnt that loot function a thiscall?
"Threads should always commit suicide - they should never be murdered" - DirectX SDK
-
Contributor
-
Elite User
Originally Posted by
xalcon
Code:
_magic.Asm.AddLine("mov ecx, 0");
maybe I'm wrong, but I dont think this ^ will work. Isnt that loot function a thiscall?
No it's msfastcall.
-
Member
PHP Code:
Globals.Magic.SuspendThread();
try
{
uint codeCave = Globals.Magic.AllocateMemory(8);
if (codeCave != 0)
{
Globals.Magic.Asm.Clear();
//Globals.Magic.Asm.AddLine("mov ecx, 0");
Globals.Magic.Asm.AddLine("call " + (uint)0x4C1FA0);
Globals.Magic.Asm.AddLine("retn");
Globals.Magic.Asm.InjectAndExecute(codeCave);
Globals.Magic.Asm.Clear();
}
Globals.Magic.FreeMemory(codeCave);
}
catch (Exception ee)
{
MessageBox.Show("拾取call失败,原因:" + ee.ToString());
}
Globals.Magic.ResumeThread();
I change it like these, it nerver crash again
-
Member
Does anybody have SendMovementPacket address?
Last edited by nagibator; 05-31-2014 at 12:39 AM.
-
Well I'm not sure where it is but ClientServices_Send is at 0x5AB630. You can put a breakpoint on that, move forward, and see which function calls ClientServices_Send.
-
Member
-
wow-one / Feenix
Code:
EverScan
By : Darklinux @ OwnedCore.com
Address : 0x60ff71 Size : 0x1
Address : 0x7c69a0 Size : 0x3
Address : 0x5ec720 Size : 0x8
Address : 0x49f5dd Size : 0x1
Address : 0x615cf5 Size : 0x1
Address : 0x7c6269 Size : 0x4
Address : 0x7c4955 Size : 0x3
Address : 0x6334f0 Size : 0x1
Address : 0x635c3a Size : 0x1
Address : 0x60ff65 Size : 0x2
Address : 0x60bfa0 Size : 0x2
Address : 0x6ca1b5 Size : 0x1
Address : 0x60bfbf Size : 0x2
Address : 0x6ab1bf Size : 0x3
Address : 0x636198 Size : 0x1
Address : 0x7c6272 Size : 0x4
Address : 0x6341e3 Size : 0x2
Address : 0x615ba7 Size : 0x4
Address : 0x482be3 Size : 0x1
Address : 0x60bfb1 Size : 0x2
Address : 0x7c625e Size : 0x2
Address : 0x6ab494 Size : 0x1
Address : 0x618919 Size : 0x4
Address : 0x7c63a8 Size : 0x4
Address : 0x5e642c Size : 0x5
Address : 0x6163db Size : 0x3
Address : 0x7c63dd Size : 0x3
Address : 0x7c705f Size : 0x3
Address : 0x482ed8 Size : 0x6
Address : 0x4711e0 Size : 0x2
Address : 0x7c6206 Size : 0xb
Address : 0x494a50 Size : 0x7
Address : 0x636598 Size : 0x1
Address : 0x5ed28d Size : 0x6
Address : 0x636ed4 Size : 0x1
Address : 0x6d2743 Size : 0x6
Address : 0x6cee5b Size : 0x6
Address : 0x60f7c9 Size : 0x6
Address : 0x67063e Size : 0x1
Address : 0x680b81 Size : 0x5
Address : 0x7c705c Size : 0x6
Address : 0x6341bc Size : 0x2
Address : 0x4711ea Size : 0x1
Address : 0x6cee4e Size : 0x5
Address : 0x60f650 Size : 0x6
Address : 0x5ed2e3 Size : 0x6
Address : 0x518062 Size : 0x1
Address : 0x49f6f2 Size : 0x3
Address : 0x7c63da Size : 0x3
Address : 0x63379c Size : 0x1
Address : 0x6a467b Size : 0x1
Address : 0x6abf13 Size : 0x1
Address : 0x40362b Size : 0x3
Address : 0x6163de Size : 0xa
-
Banned
Am i able to shift the memcopy function Warden uses to check for an address to another place? Or simply trick warden to get always the same value?
I've read this tutorial, and i managed to get the opcode for access. Then i tried to change it to an unconditional jump (jmp) or even fill it with Nops, this just makes warden catchs and ban you instantly