![WoW Memory Edition start [C#]](https://www.ownedcore.com/forums/images/styles/OwnedCoreFX/addimg/menu4.svg)
I suggest you to check the return value of your 'process.ReadUInt(pEndScene + 3)' before compiling and injecting it into the process. It looks like you're getting zero pointer. (and the +3 also don't makes any sense for me o.O) But well, currently I don't need stuff like Lua_DoString or TerrainClick, so I don't have a working injection code.
![WoW Memory Edition start [C#]](https://www.ownedcore.com/forums/./ocpbanners/1/2/9/8/0/2/2/01d9781faec8bfe3abf9095ac9e57d1e.jpg)
![WoW Memory Edition start [C#]](https://www.ownedcore.com/assets/mm/images/wits.png "TradeSafe Middleman")
![WoW Memory Edition start [C#]](https://www.ownedcore.com/forums/images/styles/OwnedCoreFX/addimg/wicc.png "CoreCoins")
Shout-Out
User Tag List
Thread: WoW Memory Edition start [C#]
Results 31 to 38 of 38
-
10-11-2012 #31
Contributor ふたなり
- Reputation
- 198
- Join Date
- Oct 2008
- Posts
- 291
- Thanks G/R
- 20/58
- Trade Feedback
- 0 (0%)
- Mentioned
- 1 Post(s)
- Tagged
- 0 Thread(s)
"Threads should always commit suicide - they should never be murdered" - DirectX SDK
![WoW Memory Edition start [C#]](https://www.ownedcore.com/images/ba/g/b2.gif)
-
10-11-2012 #32
Member
- Reputation
- 1
- Join Date
- Oct 2012
- Posts
- 41
- Thanks G/R
- 0/0
- Trade Feedback
- 0 (0%)
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Hey,
I have made progress.
I changed to Win 7 to get it there running, I used new code & my progress is, that I am able to send the /dance command, but the client crashed before I can see it. But when I now restart the client and login, my Character is dancing. I am getting this WoW Error:
This is my new Code:
Of course I am not that lazy that I am just posting this code and I haven't done some investigation...PHP Code:using System;
using System.Threading;
using Magic;
using System.Text;
using System.Collections.Generic;
using System.Diagnostics;
namespace ConsoleApplication2
{
class Program
{
static Hook MyHook = null;
static void Main(string[] args)
{
Process[] Processes = Process.GetProcessesByName("Wow");
if (Processes.Length > 0)
{
Console.WriteLine("Select wow process " + Processes[0].Id);
MyHook = new Hook((uint)Processes[0].Id);
Console.WriteLine("Hook status: " + MyHook.threadHooked);
if (MyHook.threadHooked)
{
LuaDoString("DoEmote(\"Dance\")");
Console.WriteLine("INJECT LuaDoString(\"DoEmote(\"Dance\")\")");
Console.WriteLine("Dispose Hooking");
}
}
else
Console.WriteLine("WoW process not found.");
Console.ReadKey();
}
public static void LuaDoString(string command)
{
var proc = Process.GetProcessesByName("Wow");
IntPtr WoWBase = proc[0].MainModule.BaseAddress;
// Allocate memory
uint DoStringArg_Codecave = MyHook.Memory.AllocateMemory(Encoding.UTF8.GetBytes(command).Length + 1);
// offset:
uint FrameScript__Execute = 0x75350;
// Write value:
MyHook.Memory.WriteBytes(DoStringArg_Codecave, Encoding.UTF8.GetBytes(command));
// Write the asm stuff for Lua_DoString
String[] asm = new String[]
{
"mov eax, " + DoStringArg_Codecave,
"push 0",
"push eax",
"push eax",
"mov eax, " + ((uint)WoWBase + (uint)FrameScript__Execute), // Lua_DoString
"call eax",
"add esp, 0xC",
"retn",
};
// Inject
MyHook.InjectAndExecute(asm);
// Free memory allocated
MyHook.Memory.FreeMemory(DoStringArg_Codecave);
}
}
class Hook
{
// Addresse Inection code:
uint injected_code = 0;
uint addresseInjection = 0;
public bool threadHooked = false;
uint retnInjectionAsm = 0;
bool InjectionUsed = false;
public BlackMagic Memory = new BlackMagic();
public uint _processId = 0;
public Hook(uint processId)
{
_processId = processId;
Hooking();
}
public void Hooking()
{
var proc = Process.GetProcessesByName("Wow");
IntPtr WoWBase = proc[0].MainModule.BaseAddress;
// Offset:
uint DX_DEVICE = 0xAD773C;
uint DX_DEVICE_IDX = 0x27F8;
uint ENDSCENE_IDX = 0xA8;
// Process Connect:
if (!Memory.IsProcessOpen)
{
Memory = new BlackMagic((int)_processId);
}
if (Memory.IsProcessOpen)
{
// Get address of EndScene
uint pDevice = Memory.ReadUInt((uint)WoWBase + DX_DEVICE);
uint pEnd = Memory.ReadUInt(pDevice + DX_DEVICE_IDX);
uint pScene = Memory.ReadUInt(pEnd);
uint pEndScene = Memory.ReadUInt(pScene + ENDSCENE_IDX);
if (Memory.ReadByte(pEndScene) == 0xE9 && (injected_code == 0 || addresseInjection == 0)) // check if wow is already hooked and dispose Hook
{
DisposeHooking();
}
if (Memory.ReadByte(pEndScene) != 0xE9) // check if wow is already hooked
{
try
{
threadHooked = false;
// allocate memory to store injected code:
injected_code = Memory.AllocateMemory(2048);
// allocate memory the new injection code pointer:
addresseInjection = Memory.AllocateMemory(0x4);
Memory.WriteInt(addresseInjection, 0);
// allocate memory the pointer return value:
retnInjectionAsm = Memory.AllocateMemory(0x4);
Memory.WriteInt(retnInjectionAsm, 0);
// Generate the STUB to be injected
Memory.Asm.Clear(); // $Asm
// save regs
Memory.Asm.AddLine("pushad");
Memory.Asm.AddLine("pushfd");
// Test if you need launch injected code:
Memory.Asm.AddLine("mov eax, [" + addresseInjection + "]");
Memory.Asm.AddLine("test eax, eax");
Memory.Asm.AddLine("je @out");
// Launch Fonction:
Memory.Asm.AddLine("mov eax, [" + addresseInjection + "]");
Memory.Asm.AddLine("call eax");
// Copie pointer return value:
Memory.Asm.AddLine("mov [" + retnInjectionAsm + "], eax");
// Enter value 0 of addresse func inject
Memory.Asm.AddLine("mov edx, " + addresseInjection);
Memory.Asm.AddLine("mov ecx, 0");
Memory.Asm.AddLine("mov [edx], ecx");
// Close func
Memory.Asm.AddLine("@out:");
// load reg
Memory.Asm.AddLine("popfd");
Memory.Asm.AddLine("popad");
// injected code
uint sizeAsm = (uint)(Memory.Asm.Assemble().Length);
Memory.Asm.Inject(injected_code);
// Size asm jumpback
int sizeJumpBack = 5;
// copy and save original instructions
Memory.Asm.Clear();
Memory.Asm.AddLine("mov edi, edi");
Memory.Asm.AddLine("push ebp");
Memory.Asm.AddLine("mov ebp, esp");
Memory.Asm.Inject(injected_code + sizeAsm);
// create jump back stub
Memory.Asm.Clear();
Memory.Asm.AddLine("jmp " + (pEndScene + sizeJumpBack));
Memory.Asm.Inject(injected_code + sizeAsm + (uint)sizeJumpBack);
// create hook jump
Memory.Asm.Clear(); // $jmpto
Memory.Asm.AddLine("jmp " + (injected_code));
Memory.Asm.Inject(pEndScene);
}
catch { threadHooked = false; return; }
}
threadHooked = true;
}
}
public void DisposeHooking()
{
try
{
var proc = Process.GetProcessesByName("Wow");
IntPtr WoWBase = proc[0].MainModule.BaseAddress;
// Offset:
uint DX_DEVICE = 0xAD773C;
uint DX_DEVICE_IDX = 0x27F8;
uint ENDSCENE_IDX = 0xA8;
uint pDevice = Memory.ReadUInt((uint)WoWBase + DX_DEVICE);
uint pEnd = Memory.ReadUInt(pDevice + DX_DEVICE_IDX);
uint pScene = Memory.ReadUInt(pEnd);
uint pEndScene = Memory.ReadUInt(pScene + ENDSCENE_IDX);
if (Memory.ReadByte(pEndScene) == 0xE9) // check if wow is already hooked and dispose Hook
{
// Restore origine endscene:
Memory.Asm.Clear();
Memory.Asm.AddLine("mov edi, edi");
Memory.Asm.AddLine("push ebp");
Memory.Asm.AddLine("mov ebp, esp");
Memory.Asm.Inject(pEndScene);
}
// free memory:
Memory.FreeMemory(injected_code);
Memory.FreeMemory(addresseInjection);
Memory.FreeMemory(retnInjectionAsm);
}
catch { }
}
public byte[] InjectAndExecute(string[] asm)
{
while (InjectionUsed)
{ Thread.Sleep(5); }
InjectionUsed = true;
// Hook Wow:
Hooking();
byte[] tempsByte = new byte[0];
// reset return value pointer
Memory.WriteInt(retnInjectionAsm, 0);
if (Memory.IsProcessOpen && threadHooked)
{
// Write the asm stuff
Memory.Asm.Clear();
foreach (string tempLineAsm in asm)
{
Memory.Asm.AddLine(tempLineAsm);
}
// Allocation Memory
uint injectionAsm_Codecave = Memory.AllocateMemory(Memory.Asm.Assemble().Length);
try
{
// Inject
Memory.Asm.Inject(injectionAsm_Codecave);
Memory.WriteInt(addresseInjection, (int)injectionAsm_Codecave);
while (Memory.ReadInt(addresseInjection) > 0) { Thread.Sleep(5); } // Wait to launch code
byte Buf = new Byte();
List<byte> retnByte = new List<byte>();
uint dwAddress = Memory.ReadUInt(retnInjectionAsm);
Buf = Memory.ReadByte(dwAddress);
while (Buf != 0)
{
retnByte.Add(Buf);
dwAddress = dwAddress + 1;
Buf = Memory.ReadByte(dwAddress);
}
tempsByte = retnByte.ToArray();
}
catch { }
// Free memory allocated
Memory.FreeMemory(injectionAsm_Codecave);
}
DisposeHooking();
InjectionUsed = false;
// return
return tempsByte;
}
}
}
I found out with debug messages that it does not go past the following snippet and is crashing somewhere there.
Does anyone have an advice?PHP Code:while (Memory.ReadInt(addresseInjection) > 0) { Thread.Sleep(5); } // Wait to launch code
Thanks!
Best regards
-
10-11-2012 #33
Contributor
- Reputation
- 201
- Join Date
- Feb 2011
- Posts
- 75
- Thanks G/R
- 0/0
- Trade Feedback
- 0 (0%)
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
for the windows 8 version
Code:// Size asm jumpback int sizeJumpBack = 7;
xalcon, the process.ReadUInt(pEndScene + 3) code is basically just reading the address from the mov instruction in the original endscene, it works on my test version here but I am using GreyMagic instead of BlackMagic.. should still be fine though, definitely nothing wrong with debuging i and making sure though of courseCode:// create hook jump Memory.Asm.Clear(); // $jmpto Memory.Asm.AddLine("jmp " + (injected_code)); Memory.Asm.AddLine("nop"); Memory.Asm.AddLine("nop"); Memory.Asm.Inject(pEndScene);
push 0x14 // 2 bytes
mov eax, ADDRESSWEWANT // mov eax is 1 byte
so thats why its pEndScene+3
Edit:
doing this for each function is really not a good idea IMHO
you could hook one process and then end up trying to remove the hook from another process because proc[0] may not be the same one you started with.Code:var proc = Process.GetProcessesByName("Wow"); IntPtr WoWBase = proc[0].MainModule.BaseAddress;
I would recommend getting the process once reusing it.Last edited by eracer; 10-11-2012 at 06:45 PM.
-
10-11-2012 #34
Member
- Reputation
- 1
- Join Date
- Oct 2012
- Posts
- 41
- Thanks G/R
- 0/0
- Trade Feedback
- 0 (0%)
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Hi,
I replaced
with your code but I am getting this error:PHP Code:// create hook jump
Memory.Asm.Clear(); // $jmpto
Memory.Asm.AddLine("jmp " + (injected_code));
Memory.Asm.Inject(pEndScene);
(I am using Win 7 at the moment,)
I am trying to get this work for over 10 hours now, it injects the /dance command but I do not know why the client is crashing.
I am very thankful for all of your help.
Best regards
-
10-11-2012 #35
Contributor
- Reputation
- 201
- Join Date
- Feb 2011
- Posts
- 75
- Thanks G/R
- 0/0
- Trade Feedback
- 0 (0%)
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
for windows 7 this code is fine
for windows 8 you need the 2 extra nops to make it 7 bytes longCode:// create hook jump Memory.Asm.Clear(); // $jmpto Memory.Asm.AddLine("jmp " + (injected_code)); Memory.Asm.Inject(pEndScene);
The error messages you're getting is just telling me that some memory can't be written, i can't actually tell what that memory address is though.Code:// create hook jump Memory.Asm.Clear(); // $jmpto Memory.Asm.AddLine("jmp " + (injected_code)); Memory.Asm.AddLine("nop"); Memory.Asm.AddLine("nop"); Memory.Asm.Inject(pEndScene);
-
10-11-2012 #36
Member
- Reputation
- 1
- Join Date
- Oct 2012
- Posts
- 41
- Thanks G/R
- 0/0
- Trade Feedback
- 0 (0%)
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Ah okay, understood.
Thanks for the snippet.
First thing I want to get running is the Hook under Win 7 - after that I am making it compatible with win 8.
Well I am out of ideas at the moment I have tried everything what came to my mind.
Can you please check your PM?
Best regards
-
10-11-2012 #37
Former Staff
- Reputation
- 1627
- Join Date
- May 2010
- Posts
- 1,846
- Thanks G/R
- 193/539
- Trade Feedback
- 16 (100%)
- Mentioned
- 7 Post(s)
- Tagged
- 0 Thread(s)
Do everything from in process and its 100x better
-
10-12-2012 #38
Member
- Reputation
- 1
- Join Date
- Oct 2012
- Posts
- 41
- Thanks G/R
- 0/0
- Trade Feedback
- 0 (0%)
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
What exactly do you mean?
Best regards
Reply With Quote-
OwnedCore Forums
casino news World of Warcraft Pokemon GO MMO Overwatch RTS Casino reviews www.planet-casino.com lucky 8 lucky8 no deposit codes bc game bc game lucky8 -
casino
Casino Gambling Online casinos Casino en ligne bc game bc game bc game no deposit bonus codes roobet Top 10 Casinos Casino reviews Bitcoin casino Paypal Casino Lucky8 1xbit heycasino MD help!!! Please Read! Paypal Help Blank US account Ban account please info EU FROZEN NOT GLIDED acc. Looking for Repped MD account! Remote Keylogger? [US] Account Giveaway! -
CoreCoins
CoreCoins CoreCoins FAQ Shout-Out Banner Ads -
My OwnedCore
My Profile Notifications Settings Buy CoreCoins About Us
Privacy Policy | Cookie Policy | Terms | Contact Us
Available Payment Methods:-
![WoW Memory Edition start [C#]](https://www.ownedcore.com/images/paybutton/paypal.png)
![WoW Memory Edition start [C#]](https://www.ownedcore.com/images/paybutton/skrill.png)
![WoW Memory Edition start [C#]](https://www.ownedcore.com/images/paybutton/payop.png)
-
Casino
amazon | vave | amazon | amazon | casino | casino | amazon | vave | vave | casino | amazon | amazon | vave | casino | casino | casino | vave | vave | casino | amazon | amazon | casino | casino | amazon | mystake | amazon | amazon | amazon | amazon | amazon | amazon | amazon | casino | amazon | casino | mystake | amazon | amazon | amazon | amazon | amazon | amazon | amazon | amazon | amazon | amazon | amazon | amazon | casino | casino | amazon | amazon | casino | amazon | mystake | amazon | casino | amazon | vave | casino