-
Actually warden bans you as soon as they issue a scan for an address and the bytes returned are different than the one which are expected. I guess Kronos isnt scanning those bytes but Feenix does for sure.
You can quite easily detour the memory scan function of Warden and modify the byte buffer.
Just place a read breakpoint using cheat engine on an address which is scanned for sure (like wallclimb address) and look where its coming from (this will be the scan function).
Check my blog: https://zzuks.blogspot.com
-
Banned
Originally Posted by
Corthezz
Actually warden bans you as soon as they issue a scan for an address and the bytes returned are different than the one which are expected. I guess Kronos isnt scanning those bytes but Feenix does for sure.
You can quite easily detour the memory scan function of Warden and modify the byte buffer.
Just place a read breakpoint using cheat engine on an address which is scanned for sure (like wallclimb address) and look where its coming from (this will be the scan function).
Thanks will check it out, just to confirm the address is?
WallClimb = 0x0080DFFC, // 1.12.1.5875 (Float)
And when I find the address that scans it (warden), how do I detour it?
-
The warden module is send to the client after each authentication and then mapped into memory. You can detour VirtualAllocEx and see where the memory for warden is allocated or look somewhere in the thread for the pointers to the warden module.
After aquiring the start address of the warden module you can calculate the address of the memory scan function adding a static offset to it:
Find memory start address of Warden
Place hardware bp on scanned address and see what reads from it
Open up Disassembler of CE and jump to the address which did the read and scroll up to the function start
Function start address - module start address = Your offset
For detouring functions there are actually enough examples on OC but basically it breaks down to:
Allocate memory and write your Assembler code there
Place a jmp inside the function which will detour to your code
After your code finished doing everything it should do (replace the buffer etc.) jmp back to the next instruction of the function
Check my blog: https://zzuks.blogspot.com
-
Post Thanks / Like - 1 Thanks
luckruns0ut (1 members gave Thanks to Corthezz for this useful post)
-
Banned
Is there an equivalent to "/reload" in 1.12.1,
Edit: /console reloadui
Last edited by WiNiFiX; 11-12-2016 at 09:11 AM.
-
Found a better fix sometime back for click to move, just set 860A90 to 0. No more stutter and no more animation stutter.
The game also sets that value to 0, so they can't ban for it. Just update it every frame and you should be good.
Also for WallClimb, I think they only scan the value, you can always patch the code that reads the value. I think its a total of 6 to 8 places.
Last edited by DarkLinux; 11-12-2016 at 04:48 AM.
-
Post Thanks / Like - 1 Thanks
WiNiFiX (1 members gave Thanks to DarkLinux for this useful post)
-
Banned
Originally Posted by
DarkLinux
Found a better fix sometime back for click to move, just set 860A90 to 0. No more stutter and no more animation stutter.
The game also sets that value to 0, so they can't ban for it.
Just update it every frame and you should be good.
Also for WallClimb, I think they only scan the value, you can always patch the code that reads the value. I think its a total of 6 to 8 places.
Works perfectly thanks DarkLinux
-
Banned
I have been trying to find out if a spell is on CD, but cant seem to find any lua function that works like
/run usable, nomana = IsUsableSpell(20589); DEFAULT_CHAT_FRAME:AddMessage(usable);
Where can I see the API commands that actually exist in 1.12.1?
-
Member
If you want to do it with lua you can use API GetSpellCooldown | Vanilla WoW Wiki | Fandom powered by Wikia
otherwise there is a function to do this somewhere in this thread
-
Banned
Originally Posted by
prospectingemu
Thanks figured it out
PHP Code:
public int GetSpellRemainingCD(string spellName)
{
DoString($@"function _spellNameToID(name) for i=1,999 do if GetSpellName(i,""spell"")==name then return i end end end;
start, duration, _ = GetSpellCooldown(_spellNameToID(""{spellName}""), ""spell"");
local getTime = GetTime();
cooldownLeft = math.floor(start + duration - getTime);
if cooldownLeft < 0 then cooldownLeft = 0 end;
DEFAULT_CHAT_FRAME:AddMessage(cooldownLeft);");
string seconds = GetLocalizedText("cooldownLeft");
return int.Parse(seconds);
}
-
Originally Posted by
WiNiFiX
Where can I see the API commands that actually exist in 1.12.1?
In general, you can look at the various WoW Lua API wikis, and go back in their history to 2006 when 1.12.1 was live.
-
Banned
Originally Posted by
namreeb
In general, you can look at the various WoW Lua API wikis, and go back in their history to 2006 when 1.12.1 was live.
Yes, I tried to do this but the wiki's I used this time didn't appear to have that history, but I managed to find one now thanks.
As a side question what's the best way to go about facing the current target, currently I'm using the below, but seems to keep facing target even when I don't ask it to re-face target.
also facing seems slow compared to live (maybe it a limitation on Vanilla)
PHP Code:
wow.ClickToMove(wow.Player.X,wow.Player.Y,wow.Player.Z,wow.TargetGUID,WoW.CTMAction.FaceTarget);
-
Originally Posted by
WiNiFiX
Yes, I tried to do this but the wiki's I used this time didn't appear to have that history, but I managed to find one now thanks.
As a side question what's the best way to go about facing the current target, currently I'm using the below, but seems to keep facing target even when I don't ask it to re-face target.
also facing seems slow compared to live (maybe it a limitation on Vanilla)
PHP Code:
wow.ClickToMove(wow.Player.X,wow.Player.Y,wow.Player.Z,wow.TargetGUID,WoW.CTMAction.FaceTarget);
About the API thing: World of Warcraft API | Vanilla WoW Wiki | Fandom powered by Wikia (first link in google btw).
What you do right now is the constant facing triggered by spells like Mind Flay which is not bad at all but needs to be canceled (set ctm state to 4 again). There are functions posted in this thread to directly set the facing IIRC.
Check my blog: https://zzuks.blogspot.com
-
Contributor
Originally Posted by
WiNiFiX
I have been trying to find out if a spell is on CD, but cant seem to find any lua function that works like
/run usable, nomana = IsUsableSpell(20589); DEFAULT_CHAT_FRAME:AddMessage(usable);
Where can I see the API commands that actually exist in 1.12.1?
Code:
[UnmanagedFunctionPointer(CallingConvention.StdCall)]
public delegate bool IsUsableSpellDelegate(ref SpellEntry spellRec, ref bool notEnoughPower);
_isUsableSpell = Fastcall.StdcallToFastcall<IsUsableSpellDelegate>((IntPtr)0x006E3D60, "IsUsableSpell");
From here.
And for the CD:
Code:
[UnmanagedFunctionPointer(CallingConvention.StdCall)]
public delegate bool GetSpellCooldownDelegate(int spellId, bool isPet, ref int duration, ref int start, ref bool isEnabled);
_getSpellCooldown = Fastcall.StdcallToFastcall<GetSpellCooldownDelegate>((IntPtr)0x006E2EA0);
Originally Posted by
WiNiFiX
Thanks figured it out
PHP Code:
public int GetSpellRemainingCD(string spellName)
{
DoString($@"function _spellNameToID(name) for i=1,999 do if GetSpellName(i,""spell"")==name then return i end end end;
start, duration, _ = GetSpellCooldown(_spellNameToID(""{spellName}""), ""spell"");
local getTime = GetTime();
cooldownLeft = math.floor(start + duration - getTime);
if cooldownLeft < 0 then cooldownLeft = 0 end;
DEFAULT_CHAT_FRAME:AddMessage(cooldownLeft);");
string seconds = GetLocalizedText("cooldownLeft");
return int.Parse(seconds);
}
Code:
[UnmanagedFunctionPointer(CallingConvention.ThisCall)]
public delegate int GetSpellIdByNameDelegate([MarshalAs(UnmanagedType.LPStr)] string spellName);
_getSpellIdByName = Marshal.GetDelegateForFunctionPointer<GetSpellIdByNameDelegate>((IntPtr)0x006E30A0);
Originally Posted by
WiNiFiX
As a side question what's the best way to go about facing the current target, currently I'm using the below, but seems to keep facing target even when I don't ask it to re-face target.
also facing seems slow compared to live (maybe it a limitation on Vanilla)
(007C6F30)void __thiscall CMovement::SetFacing(int this, float angle) - for the this arg, you pass the unit(local player or possessed unit) address + 0x9A8.
Even more: you could send a movement update after the change of the facing: (00600A30)int __thiscall SendMovementPacket(int addr, int timeStamp, int opcode, float zero, int zero1).
StdcallToFastcall
Last edited by tutrakan; 11-25-2016 at 08:01 AM.
-
Banned
Please can someone explain to me how/why a vector3 position is only 0x8 in size?
PHP Code:
public unsafe struct CGCamera
{
public IntPtr vTable; // 0x0
private int unk0; // 0x4
public Vector3 Position; // 0x8
public fixed float Facing[9]; // 0x14 (3x3 Matrix)
public float NearClip; // 0x38
public float FarClip; // 0x3C
public float FieldOfView; // 0x40
public float Aspect; // 0x44
}
to my knowledge float is 0x4 in size and 0x4 * 3 [for x,y,z] = 12 not 0x8 ?
Last edited by WiNiFiX; 11-15-2016 at 09:00 AM.
-
Contributor
Originally Posted by
WiNiFiX
Please can someone explain to me how/why a vector3 position is only 0x8 in size?
PHP Code:
public unsafe struct CGCamera
{
public IntPtr vTable; // 0x0
private int unk0; // 0x4
public Vector3 Position; // 0x8
public fixed float Facing[9]; // 0x14 (3x3 Matrix)
public float NearClip; // 0x38
public float FarClip; // 0x3C
public float FieldOfView; // 0x40
public float Aspect; // 0x44
}
to my knowledge float is 0x4 in size and 0x4 * 3 [for x,y,z] = 12 not 0x8 ?
yep.. but 12 in dec, 0x04*3=0x0C
and its struct number is offset from start (not size) and Vector3= 0x14-0x08=0x0C .... Hex-decimal operations.... First lesson ))
Last edited by Zazazu; 11-15-2016 at 10:16 AM.