[3.1.1] Movement with simple memory writes

[amadmonk]

up to this day Blizz followed a strict policy. They only ban people when they exactly know what hack / bot the person used. (execluding gold selling / server side detection)

By Gliders downfall and the rise of many new bots at the same time they have to change the strategy, in a way to more generic methods or they will lose in the long run.

personally I would do:

- implement some stack trace and flag checks
- randomize the packet opcodes with each little patch
- implement some counter for console commands which autoit bots heavily use

but I don't expect them to do it. They will stick to Warden which means that such stuff is safe.

I think that Blizzard has shown a pretty clear pattern of going for the low-hanging fruit OR the most abusive/annoying folks (gold sellers, etc.)

This means that if you don't use a blatantly obvious method of interacting with WoW (or if you have good plausible deniability), and if you're not publicly releasing or selling your code, you're probably safe, for a time.

Note that there are methods that they can block without banning you; for instance, they could implement the CTM flag check mentioned without it being a ban. It would just render all the copypasta CTM useless, without them having to worry about whether some legitimate users were being banned.

Note that there are a lot of suspect technologies that have legitimate uses -- custom HID drivers for unusual hardware, IAT hooking for shim engine stuff, and so on. Heck, you could even argue that virii could patch binaries in a way that would trigger a disconnect (although Blizz shouldn't ban since it shouldn't match any known signatures).

In my evil days, I've thought about creating a virus that just seeks and patches WoW in a way that matches some known signature, thus producing a huge wave of innocent people being banned. The egg on Blizzard's face would be delicious, but it would also cause a lot of grief. So, naah...

[0_00_0]

4 = move

There are other things that can be put in place instead of 4. Try them out.

I know I have tried them out. I thought 6 was loot, but my code doesn't work. this method works for moving with go as 4 but I can't get it to loot or interact.

C++ code:

Code:

void LootTarget(HANDLE hProcess, float destX, float destY, float destZ, INT64 GUID){
     int go = 6;
     if(WriteProcessMemory(hProcess, (LPVOID)click_GUID, &GUID, sizeof(GUID), NULL)==0)
                                      std::cout<<"Error setting GUId for click-to-move\n";
     WriteProcessMemory(hProcess, (LPVOID)clickset_X, &destX, sizeof(destX), NULL);
     WriteProcessMemory(hProcess, (LPVOID)clickset_Y, &destY, sizeof(destY), NULL);
     WriteProcessMemory(hProcess, (LPVOID)clickset_Z, &destZ, sizeof(destZ), NULL);
     if(WriteProcessMemory(hProcess, (LPVOID)clickset_Go, &go, sizeof(go), NULL) == 0)
                                     std::cout<<"Error looting target!\n";
}

do I need to pass it more parameters?

[Oowafas]

I just use the interact virtual function to loot right now. Works well if you can inject. I'm pretty sure I saw a post with all the movement flags a while ago though, I'll see if I can dig it up.

Also, the XYZ writes are sequential so you could do them all with one call to WriteProcessMemory.

[voron23]

So other flags (5,6,7) dont work, or we write GUID to wrong place in memory! I want use inject Interact() (all time from april..), but i can't figure it out in AutoIt!

[voron23]

Code:

_MemoryWrite(0x011180C0, $handle, $targetGUID, 'uint64')
_MemoryWrite(0x011180BC, $handle, "6", 'int')

it loot your target, but only interact, dont really take items from loot window.. what may be wrong?

[dnl]

Code:

_MemoryWrite(0x011180C0, $handle, $targetGUID, 'uint64')
_MemoryWrite(0x011180BC, $handle, "6", 'int')

it loot your target, but only interact, dont really take items from loot window.. what may be wrong?

Enable autoloot?

[1814]

Enable autoloot?

Afaik you cant autoloot with CTM. You need to call Interact.

[voron23]

(F***ing Interact()))))
Method to autoloot with CTM:

Code:

_MemoryWrite(0x011180C0, $handle, $cGUID, 'uint64')
_MemoryWrite(0x011180BC, $handle, "6", 'int')
$lt=1
Do
	$iloot=_MemoryRead(0x011E9ADC, $handle, 'int') ;LootSlot(1) ItemID
		If $iloot>0 Then
		$lootcount+=1
		GUICtrlSetData($LabelKill, $killcount&"/"&$lootcount&"/"&$deadhapens)
		EndIf
	$loottime=TimerDiff($timer)
	If $loottime>4000 And $lt=1 Then
	_MemoryWrite(0x011180C0, $handle, $cGUID, 'uint64')
    _MemoryWrite(0x011180BC, $handle, "6", 'int')
	Sleep(300)
    Key("{DOWN}")
	$lt=0
	EndIf
	Sleep(100)
Until $iloot>0 Or $loottime>7000
Bar(2)
Key(3)

In Bar2,Key3 i put macro to loot items

Code:

/script LootSlot(1)
/script LootSlot(2)
/script LootSlot(3)
/script LootSlot(4)
/script LootSlot(5)

So when ItemID of first lootslot >0 script will take items)

[voron23]

Now after some tests, wow crash about every ~100 Loots()...132 Error.
After this happens(and randomly through the time), looting dont work. If i CTM(hardware event) manualy on random position - it works again)
So my question is..what is the CTM flag u talking about in the thread? maybe it cause 132 error and loot shutdown?

[vulcanaoc]

Hey guys, I just got CTM working without having to manually perform a CTM first. It only requires a few more memory writes.

I will post the solution ASAP, but it is late as shit here..

[ramey]

Hey guys, I just got CTM working without having to manually perform a CTM first. It only requires a few more memory writes.

I will post the solution ASAP, but it is late as shit here..

Or people could just do it properly instead of memory writes! :x

[voron23]

Hey guys, I just got CTM working without having to manually perform a CTM first. It only requires a few more memory writes.

I will post the solution ASAP, but it is late as shit here..

Will wait ur post ^_^

Or people could just do it properly instead of memory writes! :x

Dear rameyc, please tell me how to create mouse background clicker, so i can loot mobs without mem writing

[Robske]

Or people could just do it properly instead of memory writes! :x

Whishful thinking

[vulcanaoc]

Or people could just do it properly instead of memory writes! :x

Check it out: thread title: [3.1.1] Movement with simple memory writes

"Har Har Har" people can do it properly by calling the actual function. Or they can follow the... following if they don't feel like using code injection:

Required Memlocs:
-------------------------------
All text in quotes is a type of what you all call "patterns". The substring before the first "," is a Regex pattern to match before a number of bytes. The substring after the first "," is a pattern to match after a number of bytes. If there is a second ",", the integer after it represents how many bytes in between the two patterns there are. Otherwise, four bytes are assumed.
I also included the results that these patterns would yield in 3.1.3.

Code:

InterfaceOptionsMouse_Pointer = "75-25-A1,39-50-XX-74" //3.1.3: 0x11D40C0
InterfaceOptionsMouse_ClickToMove_Offset = "75-XX-A1-XX-XX-XX-XX-39-50,74-XX-D9-EE,1" //3.1.3: 0x30
ClickToMoveUnk1 = "D9-5D-XX-57-D9-05,D8-4D-XX-DD-05" //3.1.3: 0x11180A4
ClickToMoveTightness = "75-64-83-F8-04-D9-05,D9-55-XX-75-XX-8B-8E" //3.1.3: 0x11180AC
ClickToMoveX = "8B-06-A3,89-0D-XX-XX-XX-XX-8B-4E" //3.1.3: 0x111812C
ClickToMoveGUID = "8B-06-A3-XX-XX-XX-XX-89-0D,8B-4E-XX-89-0D" //3.1.3: 0x11D3F68
ClickToMoveGoType = "8B-4D-XX-89-0D,E8-XX-XX-XX-XX-8B-13" //3.1.3: 0x11180BC

Required Code: (or similar)
-------------------------------

Code:

public void DoClickToMove(Location location, ClickToMoveType ctmType)
{
//retrieve required memory locations

//required to enable ctm
int ctmOptionAddr = wow.memlocs.GetMemloc("InterfaceOptionsMouse_Pointer");
int ctmOptionOffset = wow.memlocs.GetMemloc("InterfaceOptionsMouse_ClickToMove_Offset");
ctmOptionAddr = wow.memory.ReadInt(ctmOptionAddr) + ctmOptionOffset;

//required to perform ctm
int ctmXAddr = wow.memlocs.GetMemloc("ClickToMoveX");
int ctmTypeAddr = wow.memlocs.GetMemloc("ClickToMoveGoType");
int ctmGUIDAddr = wow.memlocs.GetMemloc("ClickToMoveGUID");
int ctmUnk1Addr = wow.memlocs.GetMemloc("ClickToMoveUnk1");
int ctmTightnessAddr = wow.memlocs.GetMemloc("ClickToMoveTightness");

//write enable ctm
wow.memory.WriteInt(ctmOptionAddr, 1);

//write location info
wow.memory.WriteFloat(ctmXAddr, location.X);
wow.memory.WriteFloat(ctmXAddr + 0x4, location.Y);
wow.memory.WriteFloat(ctmXAddr + 0x8, location.Z);

//write guid info
wow.memory.WriteLong(ctmGUIDAddr, wow.memory.ReadLong(wow.memlocs.GetMemloc("CurrentTargetGUID")));

//write other required info
wow.memory.WriteFloat(ctmUnk1Addr, 14.0f); //this seems to work...
wow.memory.WriteFloat(ctmUnk1Addr + 0x4, 0.25f); // normal scale turn radius
wow.memory.WriteFloat(ctmTightnessAddr, 0.5f); // set to stop if distance from xyz is 0.5 or less

//write ctm "go" type/bit
wow.memory.WriteInt(ctmTypeAddr, (int)ctmType);
}

[Rival-Fr]

Very usefull +rep