Nofalldmg Detour causes wow to crash

[Shynd]

Only thing I'll say, since I've never played with NoFallDamage before, is it's good practice to write your code cave to memory before writing the JMP to your codecave. Think about it.

[lanman92]

Good point, I should change that, don't want to hang the whole thread. Or BSOD or someting...

Okay, I got it working Now I can gravity hack the hell out of my dailies DDDD

Out of curiousity, why do we CMP to 38D? I didn't see it anywhere in the original fall function.

[Cypher]

This thread is old, but how did you make it undetectable? I get D/C'd as soon as I jump/fall after inserting the detour + codecave. I didn't think this address was scanned by warden.

Here's the code I'm using, please don't be angry at my C# asm... Lol.

Code:

 
byte[] newBytesFirst = new Byte[] {0xE9, 0x26, 0xFB, 0x0C, 0x00, 0x90};                       //My JMP to the codecave
byte[] newBytesNext = new Byte[] {0x8B, 0x4F, 0x7C, 0x83, 0xF8, 0x00, 0x90, 0x90, 0x7D, 0x03, 0x89, 0x4E, 0x3C, 0x68, 0xC6, 0xA4, 0x7B, 0x00, 0xC3};                                                                                                 //My codecave
uint unimportant, unimportant3, unimportant2;
int vpex = VirtualProtectEx(hWow, (IntPtr)0x7BA4B0, (UIntPtr)0xF, (uint)0x40, out unimportant);
vpex = VirtualProtectEx(hWow, (IntPtr)0x889FEB, (UIntPtr)0x13, (uint)0x40, out unimportant2);
vpex = VirtualProtectEx(hWow, (IntPtr)0x7BA4C0, (UIntPtr)0xFF, (uint)0x40, out unimportant3);
Memory.WriteMemory(hWow, (long)0x7BA4C0, newBytesFirst);
Memory.WriteMemory(hWow, (long)0x889FEB, newBytesNext);
vpex = VirtualProtectEx(hWow, (IntPtr)0x7BA4B0, (UIntPtr)0x40, unimportant, out unimportant);
vpex = VirtualProtectEx(hWow, (IntPtr)0x889FEB, (UIntPtr)0x40, unimportant2, out unimportant2);
vpex = VirtualProtectEx(hWow, (IntPtr)0x7BA4C0, (UIntPtr)0x40, unimportant3, out unimportant3);

Yes, I am aware that I should use VirtualAllocEx(). But this works on private servers, so I am just curious how you did it... I have set a mem access breakpoint at 7BA4C0 and it never get's paused except while executing.

DCs have nothing to be with it 'detected' they have to do with you implementing your hook wrong. The code you just posted is ugly as **** so I'm not even gonna bother trying to decipher it.

Good point, I should change that, don't want to hang the whole thread. Or BSOD or someting...

Okay, I got it working Now I can gravity hack the hell out of my dailies DDDD

Out of curiousity, why do we CMP to 38D? I didn't see it anywhere in the original fall function.

The compare to 0x38D is done because that is the maximum fall height before you take damage. So you only want to reset the value if it is above this.

EDIT: Gravity hacks are detected if you modify the constant in the rdata segment. Be careful how you implement it.

[lanman92]

Heh, yeah... It's pretty ugly. I need to clean this app up, it's a wreck.

[Cypher]

Check out GameDeception for the C# ASM class. It's a pretty ugly implementation but it sure as hell is nicer than what you currently have.

[lanman92]

Oh, thanks for telling me. LOL. Time to find out the other way of doing it... That would have sucked. A lot.

EDIT: Are there any differences in detection between a real and trial acct? I've been playing with a wallhack, and it doesn't even DC me on a trial.

EDIT2: My code would be a lot prettier if I could just inject a DLL into the app to do it =/ I haven't managed to inject a DLL into WoW yet, it's just not working. I'm gonna try to write my own injector and grab the concept behind it to see if that helps somehow...

[Cypher]

By 'wallhack' what do you mean exactly?

A D3D hook to make walls transparent? Changing the max climb angle constant in the rdata section. Hooking the many climbing functions to use your own angle? etc.

As for your actual question, I'm not totally sure, but afaik you get banned after about 10 minutes if you're using a detected hack.

[lanman92]

I guess I should say wallclimb, not wallhack. I just use a nudge to go through walls. I'm modifying 0x8C8397 to a bunch of NOPS, but I'm not sure if it would ban my main account.

Yes, it's ugly...

Code:

byte

Code:

[] nineNOPS = new byte[9] {0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90};
uint unimportant;
int vpex = VirtualProtectEx(hWow, (IntPtr)0x8C8397, (UIntPtr)0xF, (uint)0x40, out unimportant);
bool success = Memory.WriteMemory(hWow, (long)0x8C8397, (byte[])nineNOPS, 9);

EDIT: I'm a dumbass. I wasn't putting the whole file path for my dll in my injector... Ugh.

[Cypher]

I guess I should say wallclimb, not wallhack. I just use a nudge to go through walls. I'm modifying 0x8C8397 to a bunch of NOPS, but I'm not sure if it would ban my main account.

Yes, it's ugly...

Code:

byte

Code:

[] nineNOPS = new byte[9] {0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90};
uint unimportant;
int vpex = VirtualProtectEx(hWow, (IntPtr)0x8C8397, (UIntPtr)0xF, (uint)0x40, out unimportant);
bool success = Memory.WriteMemory(hWow, (long)0x8C8397, (byte[])nineNOPS, 9);

EDIT: I'm a dumbass. I wasn't putting the whole file path for my dll in my injector... Ugh.

Rofl. At least you fixed it.

[lanman92]

Is this offset detected though? I really don't want to lose my characters... I was thinking that that offset had been detected for a long time.

[Xarg0]

breakpoint it and see if warden scanns it

[lanman92]

Ugh, I think my router reset or something. Now I don't have access through the WoW ports so no testing right now. Lame... Thanks for the suggestion though, I should have done that last night.

[Cypher]

Not currently being scanned afaik, but as Xarg0 said, breakpoint it and find out.