There’s a thing that has been bugging me recently. I'm trying to write a semi-bot to help me keep dots up on a target at all time, but I can’t seem to find a reliable way to cast spells.
I have tried several including calling the castSpellById function directly in ASM, calling the function using a functionpointer (typedef...), calling the function from a codeCave using BlackMagic and my latest attempt was to use LUA doString to cast spells.
I tested the mentioned methods by casting the spell "Demon Skin" over and over again. Usually it works fine at first, but after a while it crashes. Its quite random sometimes it crashes after 10 casts, and sometimes it can run for 30 minutes.
The errors are of the type access violations and occurs in various places, its the same errors as described in the similar topic Weird issues calling CastSpellByID.
Here are some codesnippits:
ASM function call:
Code:
DWORD* pTmp = NULL;
_asm
{
MOV EAX, DWORD PTR FS:[0x2C]
MOV EAX, DWORD PTR DS:[eax]
MOV pTmp, EAX
}
*(DWORD*)((DWORD)pTmp + 0x8) = curMgr;
DWORD dwCall = 0x00773400;
_asm
{
push 0
push 0
push 0
push 686 //spellId for Demon Skin
call dwCall
add esp, 0x10
}
Crashinfo: ASM Function crash.txt
Function pointer:
Code:
typedef bool (__cdecl * tCastSpellById)(unsigned int SpellId, unsigned int Unk2, unsigned int Unk3, unsigned int Unk4);
tCastSpellById oCastSpellById = (tCastSpellById)gpWoWX->GetFindPattern()->GetAddress( "CastSpellById" );;
DWORD* pTmp = NULL;
_asm
{
MOV EAX, DWORD PTR FS:[0x2C]
MOV EAX, DWORD PTR DS:[eax]
MOV pTmp, EAX
}
*(DWORD*)((DWORD)pTmp + 0x8) = curMgr;
oCastSpellById(687,0,0,0);
Crashinfo: Function Pointer crash.txt, Function Pointer crash.dmp
BlackMagic codeCave:
Code:
uint codeCave = wow.AllocateMemory();
int CASTSPELLBYID = 0x00773400;
wow.Asm.Clear();
wow.Asm.AddLine("fs mov eax, [0x2C]");
wow.Asm.AddLine("mov eax, [eax]");
wow.Asm.AddLine("add eax, 8");
wow.Asm.AddLine("mov dword [eax], {0}", objectManager);
wow.Asm.AddLine("push 0");
wow.Asm.AddLine("push 0");
wow.Asm.AddLine("push 0");
wow.Asm.AddLine("push {0}", id);
wow.Asm.AddLine("call {0}", CASTSPELLBYID);
wow.Asm.AddLine("add esp,16");
wow.Asm.AddLine("retn");
wow.Asm.InjectAndExecute(codeCave);
wow.FreeMemory(codeCave);
Crashinfo: codeCave crash.txt, codeCave crash.dmp
LUA_Dostring
Code:
DWORD* pTmp = NULL;
_asm
{
MOV EAX, DWORD PTR FS:[0x2C]
MOV EAX, DWORD PTR DS:[eax]
MOV pTmp, EAX
}
*(DWORD*)((DWORD)pTmp + 0x8) = curMgr;
void * pState = gpWoWX->GetGameLua()->GetState();
char* command = "CastSpellByName(\"Demon Skin\");";
gpWoWX->GetGameLua()->Lua_Dostring(command,"",pState);
Crashinfo: lua crash.txt, lua crash.dmp
I don't know if it has any significance but im running Windows Vista 32bit with admin privileges and UAC disabled. The tests are done on a private server (Mangos).
I hope someone can help me out as I find this issue very annoying and would I would hate to resolve to sending keystrokes by sendkeys or something similar.