Couple Questions

[undrgrnd59]

Sorry for being a noob, but the vast resources of this forum and its contributors has allowed me to do a LOT in one day. I started out not knowing much at all about reading memory and such (despite previous attempts), but within a few hours, I've managed to read all of the objects and do a couple "code caving" functions (albeit the code caving is mostly copy/paste I'm still learning it)

In this code segment:

wow.Asm.AddLine("fs mov eax, [0x2C]");
wow.Asm.AddLine("mov eax, [eax]");
wow.Asm.AddLine("add eax, 8");
wow.Asm.AddLine("mov dword [eax], {0}", CurMgr);

wow.Asm.AddLine("push 0");
wow.Asm.AddLine("push 0");
wow.Asm.AddLine("push 0");
wow.Asm.AddLine("push {0}", id);

wow.Asm.AddLine("call {0}", CastSpellID);
wow.Asm.AddLine("add esp,16");
wow.Asm.AddLine("retn");

Why, and if it is necessary, how did he know to push 0 on top all of those times? There are other functions listed here findex that I would like to use but don't know if their supposed to look different.

And... So I am guessing that what I'm doing above is "injection". I just want know if Blizzard can somehow pickup that I'm doing it and ban me for it (even though they have never heard/seen/thought of the program I'm using to do it). Does the whole "keep it private and stay safe" still hold up?

[Shynd]

For the most part, yes, keeping it private will keep you safe. They are not currently, to my knowledge, walking the stack to see what called what function, so you should be relatively safe if you're just injecting small amounts of assembly that calls a simple function.

That said, nothing is 100% safe because Warden has the ability to change at any time. Play at your own risk.

By the way, I'm pretty sure the above codecave is out-dated. I believe the 3rd line should be "add eax, 0x10" instead of 8.

And, to answer your other question, read up on reverse-engineering, get yourself OLLYDBG and IDA, and you will be able to find out, for yourself, how CastSpellID (et all) is called.

[Cursed]

For the most part, yes, keeping it private will keep you safe. They are not currently, to my knowledge, walking the stack to see what called what function, so you should be relatively safe if you're just injecting small amounts of assembly that calls a simple function.

That said, nothing is 100% safe because Warden has the ability to change at any time. Play at your own risk.

By the way, I'm pretty sure the above codecave is out-dated. I believe the 3rd line should be "add eax, 0x10" instead of 8.

And, to answer your other question, read up on reverse-engineering, get yourself OLLYDBG and IDA, and you will be able to find out, for yourself, how CastSpellID (et all) is called.

Yep, TLS changed from 0x8 to 0x10 in 3.1.1, so it should be (as Shynd already said) "add eax, 0x10"

[Nesox]

was in 3.1.0 actually

[undrgrnd59]

Ya I noticed that today when I was working on the GetObjectName function, using 8 instead of 0x10 still worked, but I changed it anyway. I'm going to definitely read up on reversing because I'm so excited that I got something to work finally haha. I know reversing isn't exactly beginner material, but does anyone have any recommendations about any reverse engineering books that are somewhat geared toward beginners? (I have 0 knowledge of ASM, a huge problem, so anything that covers those basics would help)

[deCutter]

I have read russian version of this one, and i am very well satisfied with contets of this book.