Writing bot for Vanilla WoW. I need your help.

[culino2]

I am writing bot on Delphi. How to insert asm into code of program i know. Before i applied to forum, i tried autoloot via asm, but i constantly get an error "Access violation at address 005F8664 in module 'Project1.exe'. Read of address AC37A437.".

Did just as you suggested. Can it still be inject to game?

Code:

Asm
**Push AutoLoot;
**Mov ECX, BaseAddress;
**Call OnRightClickUnit;
**Retn;
End;

retn is auto generated by the compiler.

Make sure you're in the right thread. Also there's no need to use asm in delphi, except for inline hooks or other similar stuff.
For __thiscall functions you can use a small hack (this is from 7.0+):

Code:

  CGUnit_C__OnRightClick: procedure(
{$IFDEF CPUX86}
    __eax             : Pointer;
    __edx             : Pointer;
{$ENDIF}
    __this            : Pointer;
    IsLeftClick       : Boolean
  );

To call this function use both nil for eax and edx.
Since there's no aslr enabled before cataclysm, you could even make it const:

Code:

const
  CGUnit_C__OnRightClick: procedure(
{$IFDEF CPUX86}
    __eax             : Pointer;
    __edx             : Pointer;
{$ENDIF}
    __this            : Pointer;
    IsLeftClick       : Boolean
  ) = Pointer($DEADBEEF);

Example for msfastcall functions (that's 1.12.1, I used a wrapper to make life easier):

Code:

[...]
type
  TConsoleWrite = procedure(__eax: Pointer; AColor: TWoWConsoleColor; const AMessage: AnsiString);
[...]
const
  off_ConsoleWrite                            = $0063CB50;

procedure ConsoleWrite(const AMessage: AnsiString;
  AColor: TWoWConsoleColor = DEFAULT_COLOR);
var
  fConsoleWrite: TConsoleWrite;
begin
  if (NostGl.UltraSilent) then
    exit;

  fConsoleWrite := Pointer(off_ConsoleWrite);
  fConsoleWrite(nil, AColor, AMessage);
end;

By default, delphi uses the "register" calling convention, you should also check x86 calling conventions - Wikipedia to understand above examples.

edit: Calling your code inside an exe file is completely pointless...

[asdfx123]

Not sure if you still need auto-loot, I found this auto-loot address a while somewhere on ownedcore and it worked flawlessly:

Code:

void EnableAutoLoot()
{
  uint32_t addrToNop = 0x004C1ECF;

  char nops[2] = { 0x90, 0x90 };
 
  DWORD oldProtect = 0;
  VirtualProtect((LPVOID)addrToNop, sizeof(nops), PAGE_EXECUTE_READWRITE, &oldProtect);

  char* patchFunc = (char*)addrToNop;
  *patchFunc = nops[0];
  patchFunc++;
  *patchFunc = nops[1];

  DWORD oldProtect2 = 0;
  VirtualProtect((LPVOID)addrToNop, sizeof(nops), oldProtect, &oldProtect2);
}

[squiggy]

Not sure if you still need auto-loot, I found this auto-loot address a while somewhere on ownedcore and it worked flawlessly:

Code:

void EnableAutoLoot()
{
  uint32_t addrToNop = 0x004C1ECF;

  char nops[2] = { 0x90, 0x90 };
 
  DWORD oldProtect = 0;
  VirtualProtect((LPVOID)addrToNop, sizeof(nops), PAGE_EXECUTE_READWRITE, &oldProtect);

  char* patchFunc = (char*)addrToNop;
  *patchFunc = NASM_NOP;
  patchFunc++;
  *patchFunc = NASM_NOP;

  DWORD oldProtect2 = 0;
  VirtualProtect((LPVOID)addrToNop, sizeof(nops), oldProtect, &oldProtect2);
}

I guess the risk of server operators looking for that patch might be low but to my knowledge such modifications are easily detected with warden scans if they decide to look for it :/, worth being aware of. I would recommend calling one of the other methods mentioned earlier instead if injecting. If not, just send a shiftclick