[WoW] 1.12.1.5875 Info Dump Thread

[tok_junior]

Forgive me for I'm trying to learn this. So you made a class that handles reading wow, with a method it in that will read unsigned int 64bit so "long" and your checking if its not equal to NULL with the long suffix. so that //0xB71B48 is a memory address that you did a type def on for lootwindow?

I really think you should learn the basics of your language of choice before going for these kinds of things...

[JuJuBoSc]

0xB71B48 contains the GUID of the current looting wowobject, so if it's != 0, then you are currently looting something.

[wearecs]

PHP Code:

 BlackMagic _magic = Globals.Magic;
            if (_magic.IsProcessOpen)
            {
                while (true)
                {
                    //check the looting window is opened
                    if (_magic.ReadInt64((uint)0xB71B48) != 0L)
                    {
                        uint codeCave = _magic.AllocateMemory();
                        try
                        {
                            _magic.Asm.Clear();
                            _magic.Asm.AddLine("mov ecx, 0");
                            //call auto loot
                            _magic.Asm.AddLine("call " + (uint)0x4C1FA0);
                            _magic.Asm.AddLine("retn");
                            _magic.Asm.InjectAndExecute(codeCave);
                            _magic.Asm.Clear();
                        }
                        catch (Exception ee)
                        {
                            MessageBox.Show(ee.ToString());
                        }
                        _magic.FreeMemory(codeCave);
                    }

                    Thread.Sleep(1000);
                }
            }
            else
            {
                _magic.OpenProcessAndThread(SProcess.GetProcessFromProcessName("Wow"));
            } 


it crash some times， Who can tell me why， thx！

[Sacred]

Code:

_magic.Asm.InjectAndExecute(codeCave);

Wrong.

[wearecs]

Code:

_magic.Asm.InjectAndExecute(codeCave);

Wrong.

how to use blackmagic to inject?
I use InjectAndExecute it works most of time, it only crash some time

[Sacred]

Detour endscene or any other function that called from main thread. There are tons of examples, use search.

[xalcon]

Code:

_magic.Asm.AddLine("mov ecx, 0");

maybe I'm wrong, but I dont think this ^ will work. Isnt that loot function a thiscall?

[Sacred]

So what's the problem?

[culino2]

Code:

_magic.Asm.AddLine("mov ecx, 0");

maybe I'm wrong, but I dont think this ^ will work. Isnt that loot function a thiscall?

No it's msfastcall.

[wearecs]

PHP Code:

                Globals.Magic.SuspendThread();
                try
                {
                    uint codeCave = Globals.Magic.AllocateMemory(8);
                    if (codeCave != 0)
                    {
                        Globals.Magic.Asm.Clear();
                        //Globals.Magic.Asm.AddLine("mov ecx, 0");
                        Globals.Magic.Asm.AddLine("call " + (uint)0x4C1FA0);
                        Globals.Magic.Asm.AddLine("retn");
                        Globals.Magic.Asm.InjectAndExecute(codeCave);
                        Globals.Magic.Asm.Clear();
                    }
                    Globals.Magic.FreeMemory(codeCave);
                }
                catch (Exception ee)
                {
                    MessageBox.Show("拾取call失败，原因：" + ee.ToString());
                }
               Globals.Magic.ResumeThread(); 


I change it like these, it nerver crash again

[nagibator]

Does anybody have SendMovementPacket address?

[namreeb]

Well I'm not sure where it is but ClientServices_Send is at 0x5AB630. You can put a breakpoint on that, move forward, and see which function calls ClientServices_Send.

[nagibator]

Thank you.

[DarkLinux]

wow-one / Feenix

Code:

EverScan 
By : Darklinux @ OwnedCore.com 

Address : 0x60ff71     Size : 0x1
Address : 0x7c69a0     Size : 0x3
Address : 0x5ec720     Size : 0x8
Address : 0x49f5dd     Size : 0x1
Address : 0x615cf5     Size : 0x1
Address : 0x7c6269     Size : 0x4
Address : 0x7c4955     Size : 0x3
Address : 0x6334f0     Size : 0x1
Address : 0x635c3a     Size : 0x1
Address : 0x60ff65     Size : 0x2
Address : 0x60bfa0     Size : 0x2
Address : 0x6ca1b5     Size : 0x1
Address : 0x60bfbf     Size : 0x2
Address : 0x6ab1bf     Size : 0x3
Address : 0x636198     Size : 0x1
Address : 0x7c6272     Size : 0x4
Address : 0x6341e3     Size : 0x2
Address : 0x615ba7     Size : 0x4
Address : 0x482be3     Size : 0x1
Address : 0x60bfb1     Size : 0x2
Address : 0x7c625e     Size : 0x2
Address : 0x6ab494     Size : 0x1
Address : 0x618919     Size : 0x4
Address : 0x7c63a8     Size : 0x4
Address : 0x5e642c     Size : 0x5
Address : 0x6163db     Size : 0x3
Address : 0x7c63dd     Size : 0x3
Address : 0x7c705f     Size : 0x3
Address : 0x482ed8     Size : 0x6
Address : 0x4711e0     Size : 0x2
Address : 0x7c6206     Size : 0xb
Address : 0x494a50     Size : 0x7
Address : 0x636598     Size : 0x1
Address : 0x5ed28d     Size : 0x6
Address : 0x636ed4     Size : 0x1
Address : 0x6d2743     Size : 0x6
Address : 0x6cee5b     Size : 0x6
Address : 0x60f7c9     Size : 0x6
Address : 0x67063e     Size : 0x1
Address : 0x680b81     Size : 0x5
Address : 0x7c705c     Size : 0x6
Address : 0x6341bc     Size : 0x2
Address : 0x4711ea     Size : 0x1
Address : 0x6cee4e     Size : 0x5
Address : 0x60f650     Size : 0x6
Address : 0x5ed2e3     Size : 0x6
Address : 0x518062     Size : 0x1
Address : 0x49f6f2     Size : 0x3
Address : 0x7c63da     Size : 0x3
Address : 0x63379c     Size : 0x1
Address : 0x6a467b     Size : 0x1
Address : 0x6abf13     Size : 0x1
Address : 0x40362b     Size : 0x3
Address : 0x6163de     Size : 0xa

[broly7]

Am i able to shift the memcopy function Warden uses to check for an address to another place? Or simply trick warden to get always the same value?
I've read this tutorial, and i managed to get the opcode for access. Then i tried to change it to an unconditional jump (jmp) or even fill it with Nops, this just makes warden catchs and ban you instantly