Here is what I have been working on the last couple of days:
Download here : RapidShare: Easy Filehosting
Couldn't attach - remember to virus scan... who knows what kind of evil things are in the caves of my PC!
A couple of virus scanners will match W32/SecRisk-ProcessPatcher-based!Maximus cos that's what it does - Patches the Wow process
You can always read the source code and compile it for yourself if you like :P
This is a program that will inject and run any ASM code you give it in to WoW. It has some uses, and is a little bit amusing (if you think this sort of thing is amusing :/).
HOW TO USE
If you download and extract the archive and fire up Wow (just one) you can run
Code:
wowasm asmWriteLog.s
then look in you WoW directory in Logs\test.log and you should see some details about your current player... cool no? Simple too!
Included Examples:
- WriteLog.s : Writes player details to Logs\test.log *edit: fixed bug*
I will add some more when I make them
See the README for more details about what you can do.
README
Code:
** As for warden - I don't know, I have only tested this on a private server running OpenAcent TRUNK r143 **
Please report any bugs :]
EXAMPLE USE
If you run the following:
wowasm asmWriteLog.s
the WriteLog.s file will be assembled and inserted in to WoW and run. It should write a file to
Logstest.log in your WoW dir which will have player information in it. It uses the playerdetails
function at 0x00403D20 (2.4.2), which writes the details about the player in to a string.
In the file there is a more detailed explanation :)
WRITING A 'SCRIPT'
The files that wowasm uses are NASM syntax ASM files.
The only special notes are:
If you use a % anywhere, comments or code it should be escaped with another %, ie %%
If you need the TLS address you should put 0x%08X as in the following example.
This is because wowasm uses the printf style formatting and the TLS address is passed to it:
fprintf(code,tlsindex);
An Example:
push dword [fs:2Ch] ; Store old TLS address
mov [fs:2Ch], dword 0x%08X ; Replace with new one
; Note : 0x%08X will be replaced with TLS address,
; only the first one will be replace so if
; want to use it again you should put it in
; a register or somewhere on the stack
<more code here>
pop dword [fs:2Ch] ; Restore the old TLS address
ret ; Always return otherwise bad things
This is exactly the code that will be inserted in to the process no other instruction are done.
Long jumps should work with labels but I haven't tested them, and data will work too.
filename: "somefile.txt",0
The ORG directive is set automatically as is the BITS directive (to 32).
There are some examples included in asm so look at those if you wanna see what to do, or to test
it out :)