-
Member
Last edited by prospectingemu; 10-23-2014 at 07:24 PM.
-
Contributor
Im looking for the address to see if a fish is hooked... looked through the entire thread and don't really know where to start, found everything else i need to make a simple fishbot but not this important address...
Hopefully someone can help!
Thanks
-
Originally Posted by
Wesk.
Im looking for the address to see if a fish is hooked... looked through the entire thread and don't really know where to start, found everything else i need to make a simple fishbot but not this important address...
Hopefully someone can help!
Thanks
Hint: Scan inside the bobber object.
@Redarian: Reminds me of my heartbeat teleport implementation?
Last edited by Corthezz; 10-24-2014 at 02:19 AM.
-
Contributor
Thanks Corthezz!Seems to be Object.baseaddress + 0xE8 read as short !
Can you do Lua execute InteractUnit(GUID) or something to loot the bobber?
-
Originally Posted by
Wesk.
Thanks Corthezz!Seems to be Object.baseaddress + 0xE8 read as short !
Can you do Lua execute InteractUnit(GUID) or something to loot the bobber?
OnRightClickObject = 0x005F8660
Gonna see if I can post an example later
-
Contributor
That would be great, but that OnRightClickObject is that a function inside WoW?
must be something like this
Code:
public byte[] RightClick(uint BaseAddress) {
byte[] tempBytes = new byte[0];
if(!once)
{
once = true;
// Return Value
try
{
//Allocate Memory For Command
//RemoteAllocation DoStringArg_Codecave = Memory.Memory.Allocate(BitConverter.GetBytes(BaseAddress).Length + 1);
//Memory.Write<uint>(DoStringArg_Codecave.BaseAddress, BaseAddress, false);
//CallAutoLoot = 0x4C1FA0
//Execute Address
IntPtr RightClick_Execute = new IntPtr(0x005F8660);
//textBox1.Text = DoStringArg_Codecave.BaseAddress.ToString() + " : " + DoStringArg_Codecave.BaseAddress.ToString("X") + " : " + DoStringArg_Codecave.Read<uint>() + " : " + DoStringArg_Codecave.Read<uint>().ToString("X") ;
textBox1.Text = "RUNNING INJECT";
var asm = new[]
{
"mov eax, " + 0,
"mov ecx, " + BaseAddress,
"mov esi, " + BaseAddress,
"mov edi, " + 0x0080C330,
"mov ebp, " + 0x0018FAF4,
//"mov esp, " + 0x0018FAE0,
//"mov eip, " + 0x005F8660,
"call " + RightClick_Execute,
"retn",
};
//Inject and Execute
IntPtr a = Memory.Assembly.InjectAndExecute(asm);
//Memory.Memory.Deallocate(DoStringArg_Codecave);
}
catch { }
}
return tempBytes;
}
Using the cheatengine trace i seem to be missing information.'
There seem to be nothing wrong with the inject code but the code it injects
Working Loot:
EAX: 0x0
EBX 0x07097D47 (This seems to be something no idea, but i think this is crashing be because i get a pointer exception from 0x0 when this isn't set)
ECX BaseAddress for GO
EDX Always changing
ESI BaseAddress for GO again
EBP ALWAYS 0x0018FAF4
ESP ALWAYS 0x0018FAE0
EIP ALWAYS 0x005F8660
Im pretty much stuck here :S
Unrelated question, how safe is it to inject into the client on private servers? Is warden active?
+5 rep for the previous help!
Last edited by Wesk.; 10-24-2014 at 06:37 AM.
-
I don't know the answer to your question, but I think it would be useful for someone to point this and this out.
OnRightClickObject I'm assuming to be fastcall for 1.12.1, but you may want to check. From these articles you should be able to realise the only registers you should be setting are ecx and edx, for the first two arguments, and pushing the remainders onto the stack.
Last edited by Jadd; 10-24-2014 at 06:48 AM.
-
Contributor
I'll look into it, see if i can fix it.
Thanks for the help
Edit: Can't get it to work it seems :/
Last edited by Wesk.; 10-27-2014 at 06:56 PM.
-
Active Member
Scan on Feenix / Emerald dream 10.29.2014 @ 3:00
they added a few more scans from the last time this was posted
credits go to DarkLinux for his warden scanner, without that I would not be posting this
Code:
EverScan
By : Darklinux @ Ever-Devs.com / OwnedCore.com
Address : 0x7c705f Size : 0x3
Address : 0x618919 Size : 0x4
Address : 0x7c63dd Size : 0x3
Address : 0x17fb58 Size : 0xd
Address : 0x6163db Size : 0x3
Address : 0x60bfb1 Size : 0x2
Address : 0x60ff71 Size : 0x1
Address : 0x635c3a Size : 0x1
Address : 0x60f7c9 Size : 0x6
Address : 0x63379c Size : 0x1
Address : 0x6341bc Size : 0x2
Address : 0x49f5dd Size : 0x1
Address : 0x4711ea Size : 0x1
Address : 0x615ba7 Size : 0x4
Address : 0x7c6272 Size : 0x4
Address : 0x7c63da Size : 0x3
Address : 0x5ec720 Size : 0x8
Address : 0x7c69a0 Size : 0x3
Address : 0x5ed28d Size : 0x6
Address : 0x7c6206 Size : 0xb
Address : 0x7c705c Size : 0x6
Address : 0x636ed4 Size : 0x1
Address : 0x6341e3 Size : 0x2
Address : 0x7c625e Size : 0x2
Address : 0x6cee5b Size : 0x6
Address : 0x6ab1bf Size : 0x3
Address : 0x60ff65 Size : 0x2
Address : 0x7c4955 Size : 0x3
Address : 0x7c6269 Size : 0x4
Address : 0x60fc30 Size : 0x4
Address : 0x60bfbf Size : 0x2
Address : 0x6ab494 Size : 0x1
Address : 0x67063e Size : 0x1
Address : 0x4711e0 Size : 0x2
Address : 0x518062 Size : 0x1
Address : 0x7c63a8 Size : 0x4
Address : 0x494a50 Size : 0x7
Address : 0x636598 Size : 0x1
Address : 0x6334f0 Size : 0x1
Address : 0x5ed2e3 Size : 0x6
Address : 0x482ed8 Size : 0x6
Address : 0x60bfa0 Size : 0x2
Address : 0x6cee4e Size : 0x5
Address : 0x680b81 Size : 0x5
Address : 0x5e642c Size : 0x5
Address : 0x538610 Size : 0x4
Address : 0x49f6f2 Size : 0x3
Address : 0x40362b Size : 0x3
Address : 0x636198 Size : 0x1
Address : 0x6d2743 Size : 0x6
Address : 0x6ca1b5 Size : 0x1
Address : 0x6a467b Size : 0x1
Address : 0x6abf13 Size : 0x1
Address : 0x6163de Size : 0xa
Address : 0x615cf5 Size : 0x1
Address : 0x482be3 Size : 0x1
Address : 0x60f650 Size : 0x6
-
Active Member
LF someone to assist me with a new undetected teleport @ feenix. I am willing to pay for your time and help. Please pm me if you know how or are willing to try and find a new method for me. Thanks, hope to hear from someone soon.
-
This is only marginally on-topic (but more so than the guy above me hahaha).
I wanted to have a 'smart' solution to the problem of stop-casting since my latency on European (read: all) private servers is typically in the 250-350ms range. I tried modifying the game to not give an error if you tried to cast a spell while it was already casting and it negatively affected too many other things. Then I tried adding my own lua function called CastSpellAtTarget() which takes the spell id and casts it at your current target. This bypasses all client-side checking entirely. The results were tremendous. All I had to do was this:
Code:
private static int CastSpellAtTarget(IntPtr luaStatePtr)
{
var spellId = (uint) Lua.Core.GetNumber(luaStatePtr, 1);
var targetGuid = (ulong) Marshal.ReadInt64(Locator.TargetGuid);
if (targetGuid != 0)
{
var targetPackedGuid = new WowGuid(targetGuid).PackedGuid;
var packet = new CDataStore(10 + targetPackedGuid.Length) {OpCode = OpCode.CMSG_CAST_SPELL};
packet.Write(spellId);
packet.Write((ushort) 2); // TARGET_FLAG_UNIT
packet.Write(targetPackedGuid);
Net.Send(packet);
}
return 1;
}
Edit: Also, I patched two locations with 5x NOP (0x90) to prevent spamming of the error message and sound. Those two locations are 0x6E1AA6 and 0x6E21DD. This makes things run smoother.
Last edited by namreeb; 11-05-2014 at 03:29 AM.
-
Post Thanks / Like - 1 Thanks
dreadcraft (1 members gave Thanks to namreeb for this useful post)
-
Contributor
Originally Posted by
abystus
Appreciate the response. Looks like SetFacing = 0x76DCE0. Hope that helps.
This is incorrect and refers to API Model SetFacing - WoWWiki - Your guide to the World of Warcraft, I believe that CMovement::SetFacing is at 0x7c6f30
-
Donator
Does anyone have the correct playerbase offset?
0x853D40 + 0x9C8 (playerbase + Z) doesnt seem to return the correct Z coordinate
-
Donator
Originally Posted by
culino2
0x9C0
filleeeeeeeeeeeeeeer
That's not the playerbase offset.
-
Member
Originally Posted by
whitekidney
Does anyone have the correct playerbase offset?
0x853D40 + 0x9C8 (playerbase + Z) doesnt seem to return the correct Z coordinate
Code:
DWORD
ClntObjMgrObjectPtr(
QWORD Guid
)
{
UINT UnitGuid;
UINT UnitBaseAddress;
UnitBaseAddress = ReadDword(ReadDword(s_curMgr) + 0xAC);
while (UnitBaseAddress != 0) {
if ((UnitGuid = (ReadQword(UnitBaseAddress + 0x30) == Guid)) != 0) {
return UnitBaseAddress;
}
UnitBaseAddress = ReadDword(UnitBaseAddress + 0x3C);
}
return 0;
}
QWORD
ClntObjMgrGetActivePlayer(
VOID
)
{
return ReadDword(ReadDword(s_curMgr) + 0xC0);
}
Playerbase = ClntObjMgrObjectPtr(ClntObjMgrGetActivePlayer());
Not exactly an offset but hey it works like a charm...
Just in case these might be of use to someone:
Kill local player
Instant guild creation (not sure if it still works on Feenix though)
Heartbeat teleporter (used to work on Feenix, guessing it done got fixed by now)
Instant logout anywhere in the world
Last edited by nagibator; 03-03-2015 at 10:34 AM.