Nofalldmg Detour causes wow to crash menu

Shout-Out

User Tag List

Page 3 of 3 FirstFirst 123
Results 31 to 43 of 43
  1. #31
    Shynd's Avatar Contributor
    Reputation
    97
    Join Date
    May 2008
    Posts
    393
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Only thing I'll say, since I've never played with NoFallDamage before, is it's good practice to write your code cave to memory before writing the JMP to your codecave. Think about it.

    Nofalldmg Detour causes wow to crash
  2. #32
    lanman92's Avatar Active Member
    Reputation
    50
    Join Date
    Mar 2007
    Posts
    1,033
    Thanks G/R
    0/1
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Good point, I should change that, don't want to hang the whole thread. Or BSOD or someting...

    Okay, I got it working Now I can gravity hack the hell out of my dailies DDDD

    Out of curiousity, why do we CMP to 38D? I didn't see it anywhere in the original fall function.
    Last edited by lanman92; 09-20-2008 at 11:09 PM.

  3. #33
    Cypher's Avatar Kynox's Sister's Pimp
    Reputation
    1358
    Join Date
    Apr 2006
    Posts
    5,368
    Thanks G/R
    0/6
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by lanman92 View Post
    This thread is old, but how did you make it undetectable? I get D/C'd as soon as I jump/fall after inserting the detour + codecave. I didn't think this address was scanned by warden.

    Here's the code I'm using, please don't be angry at my C# asm... Lol.

    Code:
     
    byte[] newBytesFirst = new Byte[] {0xE9, 0x26, 0xFB, 0x0C, 0x00, 0x90};                       //My JMP to the codecave
    byte[] newBytesNext = new Byte[] {0x8B, 0x4F, 0x7C, 0x83, 0xF8, 0x00, 0x90, 0x90, 0x7D, 0x03, 0x89, 0x4E, 0x3C, 0x68, 0xC6, 0xA4, 0x7B, 0x00, 0xC3};                                                                                                 //My codecave
    uint unimportant, unimportant3, unimportant2;
    int vpex = VirtualProtectEx(hWow, (IntPtr)0x7BA4B0, (UIntPtr)0xF, (uint)0x40, out unimportant);
    vpex = VirtualProtectEx(hWow, (IntPtr)0x889FEB, (UIntPtr)0x13, (uint)0x40, out unimportant2);
    vpex = VirtualProtectEx(hWow, (IntPtr)0x7BA4C0, (UIntPtr)0xFF, (uint)0x40, out unimportant3);
    Memory.WriteMemory(hWow, (long)0x7BA4C0, newBytesFirst);
    Memory.WriteMemory(hWow, (long)0x889FEB, newBytesNext);
    vpex = VirtualProtectEx(hWow, (IntPtr)0x7BA4B0, (UIntPtr)0x40, unimportant, out unimportant);
    vpex = VirtualProtectEx(hWow, (IntPtr)0x889FEB, (UIntPtr)0x40, unimportant2, out unimportant2);
    vpex = VirtualProtectEx(hWow, (IntPtr)0x7BA4C0, (UIntPtr)0x40, unimportant3, out unimportant3);
    Yes, I am aware that I should use VirtualAllocEx(). But this works on private servers, so I am just curious how you did it... I have set a mem access breakpoint at 7BA4C0 and it never get's paused except while executing.

    DCs have nothing to be with it 'detected' they have to do with you implementing your hook wrong. The code you just posted is ugly as **** so I'm not even gonna bother trying to decipher it.

    Originally Posted by lanman92 View Post
    Good point, I should change that, don't want to hang the whole thread. Or BSOD or someting...

    Okay, I got it working Now I can gravity hack the hell out of my dailies DDDD

    Out of curiousity, why do we CMP to 38D? I didn't see it anywhere in the original fall function.

    The compare to 0x38D is done because that is the maximum fall height before you take damage. So you only want to reset the value if it is above this.

    EDIT: Gravity hacks are detected if you modify the constant in the rdata segment. Be careful how you implement it.

  4. #34
    lanman92's Avatar Active Member
    Reputation
    50
    Join Date
    Mar 2007
    Posts
    1,033
    Thanks G/R
    0/1
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Heh, yeah... It's pretty ugly. I need to clean this app up, it's a wreck.

  5. #35
    Cypher's Avatar Kynox's Sister's Pimp
    Reputation
    1358
    Join Date
    Apr 2006
    Posts
    5,368
    Thanks G/R
    0/6
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Check out GameDeception for the C# ASM class. It's a pretty ugly implementation but it sure as hell is nicer than what you currently have.

  6. #36
    lanman92's Avatar Active Member
    Reputation
    50
    Join Date
    Mar 2007
    Posts
    1,033
    Thanks G/R
    0/1
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Oh, thanks for telling me. LOL. Time to find out the other way of doing it... That would have sucked. A lot.

    EDIT: Are there any differences in detection between a real and trial acct? I've been playing with a wallhack, and it doesn't even DC me on a trial.

    EDIT2: My code would be a lot prettier if I could just inject a DLL into the app to do it =/ I haven't managed to inject a DLL into WoW yet, it's just not working. I'm gonna try to write my own injector and grab the concept behind it to see if that helps somehow...
    Last edited by lanman92; 09-21-2008 at 12:14 AM.

  7. #37
    Cypher's Avatar Kynox's Sister's Pimp
    Reputation
    1358
    Join Date
    Apr 2006
    Posts
    5,368
    Thanks G/R
    0/6
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    By 'wallhack' what do you mean exactly?

    A D3D hook to make walls transparent? Changing the max climb angle constant in the rdata section. Hooking the many climbing functions to use your own angle? etc.

    As for your actual question, I'm not totally sure, but afaik you get banned after about 10 minutes if you're using a detected hack.

  8. #38
    lanman92's Avatar Active Member
    Reputation
    50
    Join Date
    Mar 2007
    Posts
    1,033
    Thanks G/R
    0/1
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I guess I should say wallclimb, not wallhack. I just use a nudge to go through walls. I'm modifying 0x8C8397 to a bunch of NOPS, but I'm not sure if it would ban my main account.

    Yes, it's ugly...

    Code:
    byte
    Code:
    [] nineNOPS = new byte[9] {0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90};
    uint unimportant;
    int vpex = VirtualProtectEx(hWow, (IntPtr)0x8C8397, (UIntPtr)0xF, (uint)0x40, out unimportant);
    bool success = Memory.WriteMemory(hWow, (long)0x8C8397, (byte[])nineNOPS, 9);


    EDIT: I'm a dumbass. I wasn't putting the whole file path for my dll in my injector... Ugh.
    Last edited by lanman92; 09-21-2008 at 12:34 AM.

  9. #39
    Cypher's Avatar Kynox's Sister's Pimp
    Reputation
    1358
    Join Date
    Apr 2006
    Posts
    5,368
    Thanks G/R
    0/6
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by lanman92 View Post
    I guess I should say wallclimb, not wallhack. I just use a nudge to go through walls. I'm modifying 0x8C8397 to a bunch of NOPS, but I'm not sure if it would ban my main account.

    Yes, it's ugly...

    Code:
    byte
    Code:
    [] nineNOPS = new byte[9] {0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90};
    uint unimportant;
    int vpex = VirtualProtectEx(hWow, (IntPtr)0x8C8397, (UIntPtr)0xF, (uint)0x40, out unimportant);
    bool success = Memory.WriteMemory(hWow, (long)0x8C8397, (byte[])nineNOPS, 9);
    EDIT: I'm a dumbass. I wasn't putting the whole file path for my dll in my injector... Ugh.

    Rofl. At least you fixed it.

  10. #40
    lanman92's Avatar Active Member
    Reputation
    50
    Join Date
    Mar 2007
    Posts
    1,033
    Thanks G/R
    0/1
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Is this offset detected though? I really don't want to lose my characters... I was thinking that that offset had been detected for a long time.

  11. #41
    Xarg0's Avatar Member
    Reputation
    61
    Join Date
    Jan 2008
    Posts
    389
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    breakpoint it and see if warden scanns it
    I hacked 127.0.0.1

  12. #42
    lanman92's Avatar Active Member
    Reputation
    50
    Join Date
    Mar 2007
    Posts
    1,033
    Thanks G/R
    0/1
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ugh, I think my router reset or something. Now I don't have access through the WoW ports so no testing right now. Lame... Thanks for the suggestion though, I should have done that last night.

  13. #43
    Cypher's Avatar Kynox's Sister's Pimp
    Reputation
    1358
    Join Date
    Apr 2006
    Posts
    5,368
    Thanks G/R
    0/6
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Not currently being scanned afaik, but as Xarg0 said, breakpoint it and find out.

Page 3 of 3 FirstFirst 123

Similar Threads

  1. [Question] Mounting causes WoW crashing
    By Nerfretplz in forum WoW ME Questions and Requests
    Replies: 1
    Last Post: 12-27-2008, 11:54 PM
  2. [Question] WoW keep crashing in new zones or discovery?
    By Frombehind in forum WoW ME Questions and Requests
    Replies: 1
    Last Post: 04-04-2008, 05:27 PM
  3. WoW keeps crashing
    By zeratul774 in forum World of Warcraft General
    Replies: 3
    Last Post: 07-14-2007, 12:15 PM
  4. WoW keeps crashing...
    By zeratul774 in forum Community Chat
    Replies: 2
    Last Post: 07-13-2007, 11:28 PM
  5. Making WoW Clients crash
    By Siker in forum World of Warcraft Exploits
    Replies: 103
    Last Post: 12-31-2006, 09:42 AM
All times are GMT -5. The time now is 12:53 PM. Powered by vBulletin® Version 4.2.3
Copyright © 2025 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2025 DragonByte Technologies Ltd.
Google Authenticator verification provided by Two-Factor Authentication (Free) - vBulletin Mods & Addons Copyright © 2025 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search