-
Elite User
Originally Posted by
thebad.cb
What you're trying may be good for learning purposes, but there's a great library for delphi:
GitHub - MahdiSafsafi/delphi-detours-library: Delphi Detours Library
Code:
var
o_NetClient__Send: procedure(__eax, __edx, __this: Pointer; DataStore: PDataStore);
procedure hook_NetClient__Send(__eax, __edx, __this: Pointer; DataStore: PDataStore);
var
i: Integer;
sBuffer: String;
begin
for i := 0 to DataStore^.Size -1 do
begin
sBuffer := sBuffer + IntToHex(DataStore^.Buffer[i], 2) + ' ';
end;
{ do something with the log... }
// call original function
o_NetClient__Send(nil, nil, __this, DataStore);
end;
procedure InstallDetours();
begin
BeginHooks();
@o_NetClient__Send := InterceptCreate(Pointer($005379A0), @hook_NetClient__Send);
EndHooks();
end;
edit: Regarding to your edit in the post below, you don't need to use asm to call msfastcall, you could also abuse delphi's calling convention for this. Just use AnsiString/PAnsiChar ;)
Last edited by culino2; 10-04-2017 at 03:44 AM.
-
Post Thanks / Like - 1 Thanks
thebad.cb (1 members gave Thanks to culino2 for this useful post)
-
Member
Originally Posted by
culino2
What you're trying may be good for learning purposes, but there's a great library for delphi:
GitHub - MahdiSafsafi/delphi-detours-library: Delphi Detours Library
Code:
var
o_NetClient__Send: procedure(__eax, __edx, __this: Pointer; DataStore: PDataStore);
procedure hook_NetClient__Send(__eax, __edx, __this: Pointer; DataStore: PDataStore);
var
i: Integer;
sBuffer: String;
begin
for i := 0 to DataStore^.Size -1 do
begin
sBuffer := sBuffer + IntToHex(DataStore^.Buffer[i], 2) + ' ';
end;
{ do something with the log... }
// call original function
o_NetClient__Send(nil, nil, __this, DataStore);
end;
procedure InstallDetours();
begin
BeginHooks();
@o_NetClient__Send := InterceptCreate(Pointer($005379A0), @hook_NetClient__Send);
EndHooks();
end;
tanks
https://i.imgur.com/NtLiupC.jpg
now it made it much easier to capture the packages
procedure ExecuteScript(CMD: String);
Var
Buffer: Array of byte;
begin
setLength(Buffer,Length(cmd));
MOve(POINTER(TEncoding.UTF8.GetBytes(CMD))^ ,Buffer[0],Length(cmd));
asm
mov eax, 0
mov ecx, buffer
mov edx, buffer
call FrameScript__Execute
end; //CastSpellByName("Lesser Heal")
//CastSpellByName("Faerie Fire (Feral)()");
end;
Last edited by thebad.cb; 09-22-2017 at 06:34 PM.
-
Active Member
Does anyone have any memory addresses or information about the auction house?
looked around in the PDB and in this thread but it seems most people don't care about the AH!
-
Code:
enum WorldEnables
{
TerrainDoodads = 0x1,
Terrain = 0x2,
TerrainLOD = 0x4,
TerrainCulling = 0x20,
TerrainShadows = 0x40,
TerrainDoodadCollisionVisuals = 0x80,
MapObjects = 0x100,
MapObjectLighting = 0x200,
FootPrints = 0x400,
MapObjectTextures = 0x800,
PortalDisplay = 0x1000,
PortalVisual = 0x2000,
DisableDoodadFullAlpha = 0x4000,
DoodadAnimation = 0x8000,
TriangleStrips = 0x10000,
CrappyBatches = 0x20000,
ZoneBoundaryVisuals = 0x40000,
BSPRender = 0x80000,
DetailDoodads = 0x100000,
ShowQuery = 0x200000,
TerrainDoodadAABoxVisuals = 0x400000,
TrilinearFiltering = 0x800000,
Water = 0x1000000,
WaterParticulates = 0x2000000,
TerrainLowDetail = 0x4000000,
Specular = 0x8000000,
PixelShaders = 0x10000000,
Unknown6737F9 = 0x20000000,
Unknown673820 = 0x40000000,
Anisotropic = 0x80000000,
};
static constexpr std::uint32_t CWorld__enables = 0xC7B2A4;
-
Post Thanks / Like - 2 Thanks
-
Contributor
Originally Posted by
namreeb
Code:
enum WorldEnables
{
TerrainDoodads = 0x1,
Terrain = 0x2,
TerrainLOD = 0x4,
TerrainCulling = 0x20,
TerrainShadows = 0x40,
TerrainDoodadCollisionVisuals = 0x80,
MapObjects = 0x100,
MapObjectLighting = 0x200,
FootPrints = 0x400,
MapObjectTextures = 0x800,
PortalDisplay = 0x1000,
PortalVisual = 0x2000,
DisableDoodadFullAlpha = 0x4000,
DoodadAnimation = 0x8000,
TriangleStrips = 0x10000,
CrappyBatches = 0x20000,
ZoneBoundaryVisuals = 0x40000,
BSPRender = 0x80000,
DetailDoodads = 0x100000,
ShowQuery = 0x200000,
TerrainDoodadAABoxVisuals = 0x400000,
TrilinearFiltering = 0x800000,
Water = 0x1000000,
WaterParticulates = 0x2000000,
TerrainLowDetail = 0x4000000,
Specular = 0x8000000,
PixelShaders = 0x10000000,
Unknown6737F9 = 0x20000000,
Unknown673820 = 0x40000000,
Anisotropic = 0x80000000,
};
static constexpr std::uint32_t CWorld__enables = 0xC7B2A4;
last struct i had for this showed:
Code:
Unknown6737F9 = 0x20000000,
Unknown673820 = 0x40000000,
as Tris and Normals been awhile since i looked at this tho
-
Active Member
can anyone tell me please updateDisplayinfo address ?
-
Originally Posted by
uzzy13u
can anyone tell me please updateDisplayinfo address ?
really...
[WoW] 1.12.1.5875 Info Dump Thread
-
Post Thanks / Like - 1 Thanks
uzzy13u (1 members gave Thanks to DarkLinux for this useful post)
-
Originally Posted by
uzzy13u
can anyone tell me please updateDisplayinfo address ?
Just going to leave this here: Memory Editing Section Rules
-
Post Thanks / Like - 1 Thanks
uzzy13u (1 members gave Thanks to namreeb for this useful post)
-
Running into a small problem, when I press ESC it looks to clear my loaded lua scripts (does not happen in TBC). Does anyone know what gets called when you press ESC? I would like to stop it from reloading or reload my scripts after it.
Was going to do a 1/2 ass fix but failed to even find the error window.
I set a bp on the following but they never get triggered.
Code:
FrameScript_DisplayError 007040E0
CGGameUI__DisplayError 00496720
ErrorDisplayCallback 00402EE0
CGGameUI__AddErrorMessage 004945B0
luaL_error 006F4940 (danwins)
Was thinking it was related to the exit menu, because if you click the computer button or the ESC key it reloads, but if I target something and then hit ESC it reloads, clears the target but no menu.
-----
A little more info, so I'm calling dostring 1x for something like this,
Code:
function ESC_TEST()
DEFAULT_CHAT_FRAME:AddMessage('ESC_TEST was called!');
end
after that, I can call ESC_TEST from all my other scripts/macros. ESC clears ESC_TEST so I can't call it anymore.
-----
danwins sent me this,
Code:
CGUIBindings::ExecCommand 004B7B50
found the string TOGGLEGAMEMENU leading to this,
Blizzard-WoW-Interface/UIParent.lua at d162a4c0d198a4381b5b6573d975635ed7316702 * MOUZU/Blizzard-WoW-Interface * GitHub
Blizzard-WoW-Interface/UIParent.lua at d162a4c0d198a4381b5b6573d975635ed7316702 * MOUZU/Blizzard-WoW-Interface * GitHub
but based off the if statement, each one would need to reload so it must be called before or after...
-----
Code:
lua_dofile 006F5700
Going to see if that will save the state vs calling dostring. Anyone know what folder the files need to be in?
-----
Code:
lua_State GetState()
{
return (lua_State)*(DWORD*)(0x00CEEF74);
}
typedef int(FASTCALL *p_lua_dofile) (lua_State L, const char *filename);
p_lua_dofile lua_dofile = (p_lua_dofile)0x006F5700;
int DoFile(const char *filename)
{
return lua_dofile(GetState(), filename);
}
DoFile("core\\menu.lua")
Loads my file but still gets cleared.
-----
fuck me...renamed my file/class and everything works... I guess wow uses the same name...
do not use,
Code:
menu.lua
menu = {
--Setup
isSetup = false
}
function menu:draw()
DEFAULT_CHAT_FRAME:AddMessage('menu:draw loaded!');
end
Last edited by DarkLinux; 11-05-2017 at 11:12 PM.
-
Post Thanks / Like - 2 Thanks
tutrakan,
Vandra (2 members gave Thanks to DarkLinux for this useful post)
-
Code:
006F2F30 lua_checkstack
006F2F80 lua_xmove
006F3020 lua_atpanic
006F3030 lua_newthread
006F3080 lua_settop
006F30D0 lua_remove
006F31A0 lua_insert
006F3350 lua_pushvalue
006F3400 lua_type
006F3480 lua_typename
006F34A0 lua_iscfunction
006F3530 lua_isuserdata
006F3550 lua_rawequal
006F3590 lua_equal
006F35E0 lua_lessthan
006F3660 lua_toboolean
006F36E0 lua_strlen
006F3720 lua_tocfunction
006F3740 lua_touserdata
006F3770 lua_tothread
006F3790 lua_topointer
006F3840 lua_pushlstring
006F3920 lua_pushcclosure
006F3A20 lua_pushlightuserdata
006F3A40 lua_gettable
006F3B00 lua_rawget
006F3BC0 lua_rawgeti
006F3C90 lua_newtable
006F3E20 lua_settable
006F3EA0 lua_rawset
006F3EA0 lua_rawseti
006F3F60 lua_rawseti
006F4020 lua_setmetatable
006F4180 lua_call
006F41A0 lua_pcall
006F43D0 lua_disablegc
006F43E0 lua_getgcthreshold
006F4400 lua_setgcthreshold
006F4430 lua_version
006F4450 lua_next
006F4560 lua_newuserdata
006F45B0 lua_pushupvalues
006F47B0 lua_setupvalue
006F4810 luaL_argerror
006F48A0 luaL_typerror
006F48E0 luaL_where
006F4940 _luaL_error
006F4980 luaL_findstring
006F49E0 luaL_newmetatable
006F4A70 luaL_getmetatable
006F4A90 luaL_checkudata
006F4B20 luaL_checkstack
006F4B50 luaL_checktype
006F4BB0 luaL_checkany
006F4BE0 luaL_checklstring
006F4C20 luaL_optlstring
006F4C80 luaL_checknumber
006F4CD0 luaL_optnumber
006F4D00 luaL_getmetafield
006F4D60 luaL_callmeta
006F4EA0 luaL_setn
006F5050 luaL_getn
006F5120 luaL_prepbuffer
006F51F0 luaL_addlstring
006F5230 luaL_addstring
006F5250 luaL_pushresult
006F5270 luaL_addvalue
006F5300 luaL_buffinit
006F5310 luaL_ref
006F5400 luaL_unref
006F5490 luaL_loadfile
006F58B0 luaO_rawequalObj
006F5D80 luaD_throw
006F5DB0 luaD_rawrunprotected
006F5E20 luaD_reallocstack
006F5EF0 luaD_reallocCI
006F5F60 luaD_growstack
006F5F80 luaD_callhook
006F6050 luaD_precall
006F6470 luaD_poscall
006F65A0 luaD_call
006F6620 lua_resume
006F6872 lua_yield
006F6B10 luaE_newthread
006F6C90 luaE_freethread
006F6D20 lua_open
006F6F80 lua_close
006F7C80 luaV_tostring
006F8190 luaV_lessthan
006F9F60 luaF_close
006F9FE0 luaF_newproto
006FA050 luaF_freeproto
006FA110 luaF_freeclosure
006FAE90 luaM_reallocPool
006FBAA0 lua_getstack
006FBC70 lua_getinfo
006FC780 luaG_errormsg
006FC870 _luaG_runerror
006FC900 luaM_growaux
006FC980 luaM_irealloc
00703BA0 FrameScript_Destroy
004036C0 WowClientDestroy
00703B80 FrameScript_Flush
007039E0 FrameScript_Initialize
00704C70 FrameScript_CompileFunction
00704CB0 FrameScript_ReleaseFunction
00704CD0 FrameScript_Execute
00704AE0 FrameScript_ExecuteBuffer
Last edited by DarkLinux; 11-05-2017 at 10:35 PM.
-
Post Thanks / Like - 2 Thanks
tutrakan,
uzzy13u (2 members gave Thanks to DarkLinux for this useful post)
-
Contributor
If still anybody works with reversing and/or needs the descriptors offsets, here are my updated (and fixed now) structures ([WoW] 1.12.1.5875 Info Dump Thread).
Last edited by tutrakan; 11-14-2017 at 02:06 AM.
-
Code:
00468460 ClntObjMgrObjectPtr
00468550 ClntObjMgrGetActivePlayer
004E7F70 CGPartyInfo__IsMember
004E8250 CGPartyInfo__SetLeader
004E82D0 CGPartyInfo__AddMember
004E84A0 CGPartyInfo__RemoveAll
004E85D0 CGPartyInfo__EnableMember
004E86D0 CGPartyInfo__NumMembers
004E86F0 CGPartyInfo__SetLootMethod
004E8820 CGPartyInfo__GetRemoteStats
0084C150 CGPartyInfo__m_leaderIndex
00BC6F48 CGPartyInfo__m_members
00BC70B0 CGPartyInfo__m_remoteStats
00BC75F8 CGPartyInfo__m_leader
00BC7600 CGPartyInfo__m_lootMethod
00BC7608 CGPartyInfo__m_lootMaster
004E9050 Script_GetNumPartyMembers
004E9090 Script_GetPartyMember
00515970 Script_GetGUIDFromName
00607260 CGUnit_C__AddWorldXPGainText
00609210 CGUnit_C__GetUnitName
006094C0 CGUnit_C__GetUnitTitle
0060A0C0 CGUnit_C__StoreXPGain
006251E0 CGUnit_C__ShowPlayerXPGained
00402AD0 WowClientInit
0066F6C0 CWorld__Initialize
0046A400 CGlueMgr__Initialize
0046B930 CGlueMgr__Idle
00401570 ClientInitializeGame
006033C0 CGUnit_C__Initialize
006E7150 Spell_C_Initialize
005AB650 ClientServices_SetMessageHandler
006E7330 CastResultHandler
006E7640 SpellStartHandler
006E8D80 SpellFailedHandler
006E8EB0 PetSpellFailedHandler
006E9460 SpellCooldownHandler
006E95D0 ItemCooldownHandler
006E9670 CooldownEvent
006E9730 CooldownCheat
006E97E0 PetTameFailure
006E74F0 SpellDelayed
006E7550 SpellChannelStart
005AAE20 ClientServices_CharacterLogin
005AB490 GetCurrentConnection
00C28128 s_currentConnection
00B41E30 s_loginGUID
00C6326C g_clientConnection
Last edited by DarkLinux; 11-16-2017 at 04:08 AM.
-
Post Thanks / Like - 1 Thanks
tutrakan (1 members gave Thanks to DarkLinux for this useful post)
-
Contributor
Adding to DarkLinux:
Party:
Code:
004E7C70 CGPartyInfo::InitializeGame
004E7E60 PH_SMSG_INSTANCE_SAVE_CREATED
004E7F00 CGPartyInfo::EnterWorld
004E7F10 CGPartyInfo::LeaveWorld
004E7F20 CGPartyInfo::ShutdownGame
004E7F70 CGPartyInfo::IsMember
004E8250 CGPartyInfo::SetLeader
004E82D0 CGPartyInfo::AddMember
004E84A0 CGPartyInfo::RemoveAll
004E85D0 CGPartyInfo::EnableMember
004E86D0 CGPartyInfo::NumMembers
004E86F0 CGPartyInfo::SetLootMethod
004E8820 CGPartyInfo::GetRemoteStats
004E88C0 CGPartyInfo::SetLookingForGroup
004E8DC0 PH_MSG_LOOKING_FOR_GROUP
004E9BE0 PartyInfoRegisterScriptFunctions
004E9C10 PartyInfoUnregisterScriptFunctions
004E9050 Script_GetNumPartyMembers
004E9090 Script_GetPartyMember
004E9100 Script_GetPartyLeaderIndex
004E9130 Script_IsPartyLeader
004E9180 Script_LeaveParty
004E91B0 Script_GetLootMethod
004E92A0 Script_SetLootMethod
004E94E0 Script_GetLootThreshold
004E9500 Script_SetLootThreshold
004E95D0 Script_GetLookingForGroup
004E96B0 Script_SetLookingForGroup
004E9760 Script_LFGQuery
004E9870 Script_GetNumLFGResults
004E98C0 Script_GetLFGResults
004E9A70 Script_GetLFGTypes
004E9AA0 Script_GetLFGTypeEntries
0084C150 CGPartyInfo::m_leaderIndex
00BC6F48 CGPartyInfo::m_members
00BC70B0 CGPartyInfo::m_remoteStats
00BC75F8 CGPartyInfo::m_leader
00BC7600 CGPartyInfo::m_lootMethod
00BC7608 CGPartyInfo::m_lootMaster
Raid:
Code:
004BA0B0 CGRaidInfo::InitializeGame
004BA140 CGRaidInfo::EnterWorld
004BA1C0 CGRaidInfo::LeaveWorld
004BA1D0 CGRaidInfo::ShutdownGame
004BA220 PH_MSG_RAID_TARGET_UPDATE
004BA360 PH_MSG_RAID_READY_CHECK
004BB080 CGRaidInfo::IsOfficer
004BB0F0 CGRaidInfo::GetRemoteStats
004BC130 RaidInfoRegisterScriptFunctions
004BC160 RaidInfoUnregisterScriptFunctions
004BB4B0 Script_GetRaidTargetIndex
004BB530 Script_GetNumRaidMembers
004BB560 Script_GetRaidRosterInfo
004BB820 Script_SetRaidRosterSelection
004BB890 Script_GetRaidRosterSelection
004BB8C0 Script_IsRaidLeader
004BB910 Script_IsRaidOfficer
004BB990 Script_SetRaidSubgroup
004BBB00 Script_SwapRaidSubgroup
004BBC90 Script_ConvertToRaid
004BBD20 Script_PromoteToAssistant
004BBDF0 Script_DemoteAssistant
004BBEC0 Script_SetRaidTarget
004BC080 Script_DoReadyCheck
004BC090 Script_ConfirmReadyCheck
004BC120 Script_CheckReadyCheckTime
00B712A8 CGRaidInfo::m_members
00B713E0 g_curRaidMembers
Structs:
Code:
struct CGPartyInfo::RemoteStats
{
int health;
int maxHealth;
POWER_TYPE powerType;
int power;
int maxPower;
int classID;
int level;
int mapID;
int areaID;
C3Vector pos;
int connected;
};
struct RAID_MEMBER
{
__int64 m_guid;
int m_groupNum;
RAID_RANK m_rank;
};
enum POWER_TYPE
{
POWER_TYPE_MANA = 0x0,
POWER_TYPE_RAGE = 0x1,
POWER_TYPE_FOCUS = 0x2,
POWER_TYPE_ENERGY = 0x3,
}
enum RAID_RANK
{
RAID_RANK_0 = 0,
RAID_ASSIST = 1,
RAID_LEADER = 2,
};
Last edited by danwins; 11-16-2017 at 09:48 AM.
-
Post Thanks / Like - 2 Thanks
-
Elysium Project - Main is loading a new warden module. My bot got hit, never added a version check... Every server I have been on has used the same old one.
Other public bots like zzuks could be detected.
Last edited by DarkLinux; 12-15-2017 at 02:22 PM.
-
Contributor
Had a quick look, Looks like they're using the one(s?) that namreeb linked with his warden project on github
First log in gave me the E191991EC6CB175A213B124019B2FEB0 module.
Lights hope still isn't running warden at all by the looks of it.