[C# DLL] iHook, EndScene ASM Injection!

[-Ryuk-]

By the way, the way presented here is dll full shit, since its use steadily crashed Wow.exe.
In fact, it is only suitable to run a time in a console application - for use in a real BOT in it should be possible to subscribe to an event Reading / Writing to memory

I use it fine... So your doing something wrong.

@Shynd Thanks for the pastebin

[Xelper]

4.1.0.13914

Code:

        public static uint Direct3D9__Device = 0xA05E1C;
        public static uint Direct3D9__Device__OffsetA = 0x27E0;
        public static uint Direct3D9__Device__OffsetB= 0xA8;
        public static uint ClntObjMgrGetActivePlayerObjAddress = 0x31D0;
        public static uint Lua_DoStringAddress = 0x3ACF00;
        public static uint Lua_GetLocalizedTextAddress = 0x1C7780;

[Xelper]

Quick question more regarding EndScene LUA execution rather than hooking itself.

Currently my 'raid DPS bot' code looks like this, all of the logic behind setting the Next ID/action(s) is handled by an addon for ease of editing/updating.

Code:

            while (bwExecute.CancellationPending != true)
            {
                string pqNextID = clsMyMemory.GetLocalizedText("pq_NextID");
                string pqNextAction = clsMyMemory.GetLocalizedText("pq_NextAction");

                if (pqNextAction != "" && pqNextAction != "0")
                {
                    string[] splitActions = pqNextAction.Split('|');
                    foreach (string action in splitActions)
                    {
                        clsMyMemory.ExecuteLua("RunMacroText(\"" + action + "\")");
                    }
                }
                
                if (pqNextID != "" && pqNextID != "0") 
                {
                    string PQMacro = "CastSpellByID(" + pqNextID + ")";

                    clsMyMemory.ExecuteLua(PQMacro);
                }
                System.Threading.Thread.Sleep(30); //implement some sort of delay to prevent excessive LUA
            }

I originally wanted to do something like this, that way I am simply just executing a single Lua statement rather than doing 2 GetLocalizedTexts followed by multiple Executes:

Code:

PQMacro = @"
if pq_NextID ~= nil then
CastSpellByID(pq_NextID)
end
";
clsMyMemory.ExecuteLua(PQMacro);

However that throws a "(Addon Name Assigning Variable) has tried to run code reserved for the Blizzard UI" etc etc etc error ingame. I've tried to assign the NextID variable to a different variable first (NextSpellToCast = pq_NextID; CastSpellByID(NextSpellToCast)) however the error still happens. Anyone have any thoughts on getting around this?

Thanks

[Neffarian]

All over this funk...

@Xelper
L3ikDus

Hook.DoString(" RunMacroText(\"/startattack\") ");

[Xelper]

4.1.0.14007

Code:

        public static uint Direct3D9__Device = 0xA05E1C;
        public static uint Direct3D9__Device__OffsetA = 0x27E0;
        public static uint Direct3D9__Device__OffsetB = 0xA8;
        public static uint ClntObjMgrGetActivePlayerObjAddress = 0x3190;
        public static uint Lua_DoStringAddress = 0x3ACB50;
        public static uint Lua_GetLocalizedTextAddress = 0x1C7590;

Sorry for the delay, only the function addresses changed and you could have found that out by reading the InfoDump.


I'm also going to assume that there is no way around the variable tainting issues in the way that I had wanted, oh well.. I guess I can just have the addon concatenate the two variables into one then split them apart in C# and pass them both back into a single DoString.

[Thongs]

4.1.0.14007

Code:

        public static uint Direct3D9__Device = 0xA05E1C;
        public static uint Direct3D9__Device__OffsetA = 0x27E0;
        public static uint Direct3D9__Device__OffsetB = 0xA8;
        public static uint ClntObjMgrGetActivePlayerObjAddress = 0x3190;
        public static uint Lua_DoStringAddress = 0x3AE6A0;
        public static uint Lua_GetLocalizedTextAddress = 0x1C7590;

Tried using these but they're not working for me. Are these offsets working for everyone else, or am I just retarded?

Edit:
Did a bit of reversing and found that the Lua_DoString address is incorrect. The correct address for it is 0x3ACB50.
Working addresses:

Code:

        public static uint Direct3D9__Device = 0xA05E1C;
        public static uint Direct3D9__Device__OffsetA = 0x27E0;
        public static uint Direct3D9__Device__OffsetB = 0xA8;
        public static uint ClntObjMgrGetActivePlayerObjAddress = 0x3190;
        public static uint Lua_DoStringAddress = 0x3ACB50;
        public static uint Lua_GetLocalizedTextAddress = 0x1C7590;

[Xelper]

Oops- sorry about that. Thanks Thongs. +rep Corrected it in my first post incase people don't read further.

I see what happened, I was being lazy and just copied from TOM_RUS's function list... Previously I had just been using FrameScript_Execute... but now I guess it is FrameScript_ExecuteBuffer.
7AE6A0 FrameScript_Execute
7ACB50 FrameScript_ExecuteBuffer

[TOM_RUS]

Oops- sorry about that. Thanks Thongs. +rep Corrected it in my first post incase people don't read further.

I see what happened, I was being lazy and just copied from TOM_RUS's function list... Previously I had just been using FrameScript_Execute... but now I guess it is FrameScript_ExecuteBuffer.
7AE6A0 FrameScript_Execute
7ACB50 FrameScript_ExecuteBuffer

Some functions were renamed according to leaked Mac binary with functions names. And "FrameScript_ExecuteBuffer" was previously "FrameScript_Execute".

[Freibeuter]

public static uint Direct3D9__Device = 0xA7E20C;
public static uint Direct3D9__Device__OffsetA = 0x27E8;
public static uint Direct3D9__Device__OffsetB = 0xA8;
public static uint ClntObjMgrGetActivePlayerObjAddress = 0x3280;
public static uint Lua_DoStringAddress = 0x425A30;
public static uint Lua_GetLocalizedTextAddress = 0x1B22E0;

Are these addresses correct for 4.2.0.14333?
At this point
Hook.DoString("DoEmote(\"Dance\")")
Wow crashes. :-(

[Xelper]

Those look like the right addresses to me, I was using iHook about a week ago and those offsets match what I have in my app. Pasted them into Ryuk's example app and they work fine.You are running in DX9 mode correct?

[Freibeuter]

Those look like the right addresses to me, I was using iHook about a week ago and those offsets match what I have in my app. Pasted them into Ryuk's example app and they work fine.You are running in DX9 mode correct?

Thanx for your help!

My Options:


Should be correct. (German Client)

[kall12]

hook is slow as **** .. even slower than my autoit hook ...

[-Ryuk-]

hook is slow as **** .. even slower than my autoit hook ...

Then you sir... are doing it wrong

[Naice]

Hey Ryuk,

just checked your sample project and found it nice! good job

but i got a issue if i try "EnterWorld()" the wowclient crashes but sometimes it work. Any one who get the same error?

offsets:
public static uint Direct3D9__Device = 0xA7E20C;
public static uint Direct3D9__Device__OffsetA = 0x27E8;
public static uint Direct3D9__Device__OffsetB = 0xA8;
public static uint ClntObjMgrGetActivePlayerObjAddress = 0x3280;
public static uint Lua_DoStringAddress = 0x425C20;
public static uint Lua_GetLocalizedTextAddress = 0x1B25A0;

[debiangrub]

how i get wow 4.1 offset address？

---------- Post added at 12:14 PM ---------- Previous post was at 12:09 PM ----------

what tools or programe can get/watch the offset address like this????

how can I see offset 0xA7E20C
where? what tools?

public static uint Direct3D9__Device = 0xA7E20C;
public static uint Direct3D9__Device__OffsetA = 0x27E8;
public static uint Direct3D9__Device__OffsetB = 0xA8;
public static uint ClntObjMgrGetActivePlayerObjAddress = 0x3280;
public static uint Lua_DoStringAddress = 0x425A30;
public static uint Lua_GetLocalizedTextAddress = 0x1B22E0;



thanks.