-
Elite User
Originally Posted by
djanius
I am writing bot on Delphi. How to insert asm into code of program i know. Before i applied to forum, i tried autoloot via asm, but i constantly get an error "Access violation at address 005F8664 in module 'Project1.exe'. Read of address AC37A437.".
Did just as you suggested. Can it still be inject to game?
Code:
Asm
**Push AutoLoot;
**Mov ECX, BaseAddress;
**Call OnRightClickUnit;
**Retn;
End;
retn is auto generated by the compiler.
Make sure you're in the right thread. Also there's no need to use asm in delphi, except for inline hooks or other similar stuff.
For __thiscall functions you can use a small hack (this is from 7.0+):
Code:
CGUnit_C__OnRightClick: procedure(
{$IFDEF CPUX86}
__eax : Pointer;
__edx : Pointer;
{$ENDIF}
__this : Pointer;
IsLeftClick : Boolean
);
To call this function use both nil for eax and edx.
Since there's no aslr enabled before cataclysm, you could even make it const:
Code:
const
CGUnit_C__OnRightClick: procedure(
{$IFDEF CPUX86}
__eax : Pointer;
__edx : Pointer;
{$ENDIF}
__this : Pointer;
IsLeftClick : Boolean
) = Pointer($DEADBEEF);
Example for msfastcall functions (that's 1.12.1, I used a wrapper to make life easier):
Code:
[...]
type
TConsoleWrite = procedure(__eax: Pointer; AColor: TWoWConsoleColor; const AMessage: AnsiString);
[...]
const
off_ConsoleWrite = $0063CB50;
procedure ConsoleWrite(const AMessage: AnsiString;
AColor: TWoWConsoleColor = DEFAULT_COLOR);
var
fConsoleWrite: TConsoleWrite;
begin
if (NostGl.UltraSilent) then
exit;
fConsoleWrite := Pointer(off_ConsoleWrite);
fConsoleWrite(nil, AColor, AMessage);
end;
By default, delphi uses the "register" calling convention, you should also check x86 calling conventions - Wikipedia to understand above examples.
edit: Calling your code inside an exe file is completely pointless...
Last edited by culino2; 03-20-2017 at 12:02 AM.
-
Post Thanks / Like - 1 Thanks
tutrakan (1 members gave Thanks to culino2 for this useful post)
-
Elite User
Not sure if you still need auto-loot, I found this auto-loot address a while somewhere on ownedcore and it worked flawlessly:
Code:
void EnableAutoLoot()
{
uint32_t addrToNop = 0x004C1ECF;
char nops[2] = { 0x90, 0x90 };
DWORD oldProtect = 0;
VirtualProtect((LPVOID)addrToNop, sizeof(nops), PAGE_EXECUTE_READWRITE, &oldProtect);
char* patchFunc = (char*)addrToNop;
*patchFunc = nops[0];
patchFunc++;
*patchFunc = nops[1];
DWORD oldProtect2 = 0;
VirtualProtect((LPVOID)addrToNop, sizeof(nops), oldProtect, &oldProtect2);
}
Last edited by asdfx123; 04-21-2017 at 04:53 AM.
-
Active Member
Originally Posted by
asdfx123
Not sure if you still need auto-loot, I found this auto-loot address a while somewhere on ownedcore and it worked flawlessly:
Code:
void EnableAutoLoot()
{
uint32_t addrToNop = 0x004C1ECF;
char nops[2] = { 0x90, 0x90 };
DWORD oldProtect = 0;
VirtualProtect((LPVOID)addrToNop, sizeof(nops), PAGE_EXECUTE_READWRITE, &oldProtect);
char* patchFunc = (char*)addrToNop;
*patchFunc = NASM_NOP;
patchFunc++;
*patchFunc = NASM_NOP;
DWORD oldProtect2 = 0;
VirtualProtect((LPVOID)addrToNop, sizeof(nops), oldProtect, &oldProtect2);
}
I guess the risk of server operators looking for that patch might be low but to my knowledge such modifications are easily detected with warden scans if they decide to look for it :/, worth being aware of. I would recommend calling one of the other methods mentioned earlier instead if injecting. If not, just send a shiftclick
Last edited by squiggy; 03-24-2017 at 07:06 AM.