Casting spells out of process?

[Dustxxx]

Yo peepz

I've been searching around in the old posts here on the site and can't quite figure out how I would go about casting spells from an out-of-process bot using memory editing. What kind of offsets should I be looking for?
Or do I have to inject a dll and call some function? And in that case can anyone point out the function(s) I should be calling?

Thank you in advance!

[Beaving]

If you want to be out of process/external, why do you want to inject a DLL in first place? The easiest way to achieve what you want is to inject a DLL yes, but if you still want to be external, heres what you could do:

1. Write a function that calls the wanted function (easiest approach is to just use ASM and CALL if you use C), or if you are familiar with opcodes you can directly write to the memory
2. Write the function to empty space in the D3 process (you could use VirtualAllocEx to know where you should write to)
3. Start the function with CreateRemoteThread

In order to avoid CreateRemoteThread, you can hook a function in the D3 process that is called many times a second, like the Gameloop or GetMessage, let it call the function and then unhook again or w/e.

Anyway, I suggest you use a DLL, that's really the easiest way. When it comes to anticheat, a DLL hasn't much more disadvantages. You just need to do 1 or 2 more things. If they want to catch you really, you are ****ed up anyway.

[hb123220]

which one is safer, hook d3 function or inject a dll?? if i keep my dll private, can i avoid Warden detected?

[RamirezX]

which one is safer, hook d3 function or inject a dll?? if i keep my dll private, can i avoid Warden detected?

Warden does scan some parts of memory atm, so if you will modify it, you will be catched. There is a thread about Warden in the forum, just read it.
But back to your question, which one is safer: my way is to hook D3 function by injecting dll

[bossfong]

You don't necessarily have to call a function to cast a spell, do you? why not just simulate input, when you're external anyways?

[TKG]

You don't necessarily have to call a function to cast a spell, do you? why not just simulate input, when you're external anyways?

Well, I have more or less the same problem: I know how to use the movement class for click-to-move, but I am not sure if Warden can detect it or not.

But PostMessage / DirectXInput seem so 'unelegant' in comparison ...

Maybe one of the more experienced users can drop a statement if warden can detect writing bytes directly to the movement class ( writeprocessmemory).

[Beaving]

You can safely write to the movement class. Tho they could include a crc/hash check later on and then ban you.

[TKG]

Ty Beaving for the quick reply, if they dont do it now I am not too worried: they also have to balance performance against anti-cheat .

Anyway , with a fixed camera position its also easy to project 2D to 3D positions if one prefers to use DxInput.