C# Troubleshooting my endscene detour 3.3.5 (12340)

[opulent]

I stopped writing my wow bot project in order to focus more on uni work. A few days ago I decided to return to it to try to implement some design patterns and clean it up..

My problem:

It's been about 4 months since I last tested this project and it seems that the endscene hook that I previously never had a problem with, is causing a major spanner in the works.

Notes:

• I'm using visual studio 2010, the original source was written in visual studio 2008. I opened the project in VS2010 and let it do it's conversion thing.
• The Wow version used for testing is Version 3.3.5(12340).
• The assembly is loaded from a native bootstrap which is injected using Cypher's Loader_IA32.exe.
• All code in the function posted below can be debugged.

Below is a heavily commented test version of the endscene hook.

Code:

public static void DetourEndscene()
{
    //Offsets posted by JuJuBoSc
    //http://www.mmowned.com/forums/world-of-warcraft/bots-programs/memory-editing/300463-wow-3-3-5-12340-info-dump-thread.html
    //public enum Direct3D9
    //{
        
        //    pDevicePtr_1 = 0x00C5DF88,                  // 3.3.5a 12340
        //    pDevicePtr_2 = 0x397C,                      // 3.3.5a 12340
        //    oBeginScene = 0xA4,                         // 3.3.5a 12340
        //    oEndScene = 0xA8,                           // 3.3.5a 12340
        //    oClear = 0xAC,                              // 3.3.5a 12340
        
    //}
    
    
    //Careful reads aren't working.
    //uint pDevicePtr = Magic.Instance.Read<uint>(0x00C5DF88);
    //pDevicePtr = Magic.Instance.Read<uint>(pDevicePtr + 0x397C); //<-- returns 0 here No exception thrown.
    
    
    //uint endSceneAddr = Magic.Instance.Read<uint>(pDevicePtr); // <-- The previous 0 makes this line angry.
    //endSceneAddr = Magic.Instance.Read<uint>(endSceneAddr + 0xA8);
    
    //My original code isn't working.
    //IntPtr endSceneAddr = Magic.Instance.GetObjectVtableFunction
    //(Magic.Instance.Read<IntPtr>(0x0C5DF88, 0x397C), 42); <-- This fails, Hence the above tests
    
    //The code below doesn't install the detour, or detours something
    //that isn't endscene.
    
    //In case the addresses were wrong, I implemented this DirectX class by Apoc / Onyx team.
    //http://www.mmowned.com/forums/world-of-warcraft/bots-programs/memory-editing/299688-finding-direct3d-vmt-table-hook-endscene.html
    IntPtr endSceneAddr = DirectX.GetEndScenePointer();
    
    //WhiteMagic Detour.
    Magic.Instance.Detours.CreateAndApply(Magic.Instance.RegisterDelegate<EndSceneDelegate>(endSceneAddr), EndSceneHandler, "EndScene");
    
    
}

I hate to post for help, I've been staring at this for hours and I can't see the solution, Any help would be greatly appreciated.

[Apoc]

What's the signature of your EndSceneDelegate?

[opulent]

This:

Code:

       //Direct3dEndScene delegate
        [UnmanagedFunctionPointer(CallingConvention.Winapi)]
        public delegate int EndSceneDelegate(IntPtr instance);
        private static readonly EndSceneDelegate EndSceneHandler = EndScene;

[MaiN]

Try:
uint devicePtr = *(uint*)((*(uint*)0xC5DF8 + 0x397C);
If that's zero, then you should control when you are injecting your dll.

[opulent]

Thanks Main, I tried that, and it was zero.

Would you mind elaborating on what you mean by controlling when I inject my dll?

[mnbvc]

he means that you are probably executing your dll code before the directx stuff is loaded by wow (can ofc only happen if you are injecting the dll at startup and not while wow is already running)

[opulent]

Wow is running, it can be at the login screen or in game. Either way there's no dice here.

I tried reading from a native module and those reads still returned a zero.

[barthen]

I just posted some sample code that might help you: http://www.mmowned.com/forums/world-of-warcraft/bots-programs/memory-editing/301101-source-c-endscene-hook-example.html

[opulent]

Thanks for your post barthen but my endscene hook uses exactly the same code as yours, and your doesn't work for me either.

It returns I_POINTER to the bootstrap when it tries to read (*(uint*)0xC5DF8 + 0x397C, gets a zero and passes it to GetObjectVtableFunction.

I started again from the ground up back in VS2008, racking my tiny brain but still no dice.

I redid the bootstrap and after receiving E_POINTER from ExecuteInDefaultAppDomain I suspected the issue to be the same as mentioned here:

Link:

Just to make sure this was covered I added VirtualProtect calls in WhiteMagic (well, I think I did). but it still never managed to solve my issue.

I gave up on using hard coded offsets to read the pointers to the dx interface because
Magic.Instance.Read<uint>(pDevicePtr + 0x397C); is always zero when the game is open and the assembly is definately inside it, and that just sux..


and like I said before:

Code:

IntPtr endSceneAddr = DirectX.GetEndScenePointer(); //Using apocs code to be sure
Magic.Instance.Detours.CreateAndApply(m.RegisterDelegate<EndSceneDelegate>(endSceneAddr), EndSceneHandler, "EndScene");

executes fine with S_OK to my bootstrap but the function Endscene never gets hit which I'm guessing means no detour.

I then thought that maybe I was building the WhiteMagic lib all wrong (which is probably the case knowing me) but I used the whitemagic lib included in barthen's post and got exactly the same results. are you positive this code works for you mate? I ran your project on my server2008 machine and it did exactly the same thing as mine


This is doing my head in, everything looks perfect, if anything it's way neater than it ever was when it was working perfectly.

Is WhiteMagic still working fine for everyone else? I can't figure out why the detour isn't working and I'm all out of ideas.

[mnbvc]

the pointer to the dx device: uint devicePtr = *(uint*)((*(uint*)0xC5DF8 + 0x397C);
is always zero and you say "everything looks perfect"? not really...

[opulent]

It took me 6 days but I finally got it to work. I have no idea how this solved the issue but it did.

• I rewrote the bootstrap to include .NET v4.0.X support (get the meat here)
• I updated all projects in my solution to reflect this change. Now I'm using v4.0.30319 and everything works perfectly.

Thanks all for your helpful posts..

Peace.

[Bananenbrot]

Instead of hardcoding the framework version, you could also use Assembly.ImageRuntimeVersion as your version string.