hey everyone,i just want use my hook to do some wow api,it worked great before MOP releasing
but now,even when i do luastring DoEmote("Dance") get the client crashed.
x86,c#.net
it's the code below
Code:using System; using System.Collections.Generic; using System.Text; using Magic; using System.Threading; namespace WowAssistant { public class HookStuff { private static BlackMagic Memory = null; private int _processId = 0; private bool hookedFlag = false; private bool injectionFlag = false; // Addresse Inection code: private uint hookCodeCave = 0; private uint addrCodeCave = 0; private uint retnCodeCave = 0; #region Offset //offset private bool initHook = true; private uint wowBaseAddr = 0; private uint pEndScene = 0; private uint DX_DEVICE = 0xAD773C; private uint DX_DEVICE_IDX = 0x27F8; private uint ENDSCENE_IDX = 0xA8; private uint Lua_DoStringAddress = 0x75350; private uint FrameScript__GetLocalizedText = 0x48D7F0; private uint FrameScript_GetText = 0x83D310; private uint ClntObjMgrGetActivePlayerObj = 0x34D0; private uint CGPlayer_C__ClickToMove = 0x1C1E00; private uint isInGame = 0xAD7426; #endregion public HookStuff(int processId) { _processId = processId; Memory = new BlackMagic(); Hooking(); } public string GetLocalizedText(string variable) { if (!IsLoading()) { return ""; } uint codeCave = Memory.AllocateMemory(Encoding.UTF8.GetBytes(variable).Length + 1); Memory.WriteBytes(codeCave, Encoding.UTF8.GetBytes(variable)); String[] asm = new String[] { "call " + ClntObjMgrGetActivePlayerObj, "mov ecx, eax", "push -1", "mov edx, " + codeCave + "", "push edx", "call " + FrameScript__GetLocalizedText, "retn", }; string sResult = Encoding.ASCII.GetString(InjectAndExecute(asm)); Memory.FreeMemory(codeCave); return sResult; } public void LuaDoString(string command) { // Write value: uint codeCave = Memory.AllocateMemory(Encoding.UTF8.GetBytes(command).Length + 1); Memory.WriteBytes(codeCave, Encoding.UTF8.GetBytes(command)); // Write the asm stuff for Lua_DoString String[] asm = new String[] { "mov eax, " + codeCave, "push 0", "push eax", "push eax", "mov eax, " + Lua_DoStringAddress, // Lua_DoString "call eax", "add esp, 0xC", "retn", }; // Inject InjectAndExecute(asm); Memory.FreeMemory(codeCave); } //Init wow BaseAddr; private void InitHook() { wowBaseAddr = (uint)Memory.MainModule.BaseAddress; Lua_DoStringAddress = wowBaseAddr + Lua_DoStringAddress; ClntObjMgrGetActivePlayerObj = wowBaseAddr + ClntObjMgrGetActivePlayerObj; FrameScript__GetLocalizedText = wowBaseAddr + FrameScript__GetLocalizedText; //FrameScript_GetText = wowBaseAddr + FrameScript_GetText; CGPlayer_C__ClickToMove = wowBaseAddr + CGPlayer_C__ClickToMove; uint pDevice = Memory.ReadUInt(wowBaseAddr + DX_DEVICE); uint pEnd = Memory.ReadUInt(pDevice + DX_DEVICE_IDX); uint pScene = Memory.ReadUInt(pEnd); pEndScene = Memory.ReadUInt(pScene + ENDSCENE_IDX); } public void Hooking() { // Process Connect: if (!Memory.IsProcessOpen) { Memory.OpenProcessAndThread(_processId); } if (Memory.IsProcessOpen) { if (initHook) { InitHook(); initHook = false; } //if (Memory.ReadByte(pEndScene) == 0xE9 && (hookCodeCave == 0 || addrCodeCave == 0)) // check if wow is already hooked and dispose Hook //{ // DisposeHooking(); //} if (Memory.ReadByte(pEndScene) != 0xE9) // check if wow is already hooked { try { injectionFlag = true; hookedFlag = false; // allocate memory to store injected code: hookCodeCave = Memory.AllocateMemory(2048); // allocate memory the new injection code pointer: addrCodeCave = Memory.AllocateMemory(0x4); Memory.WriteInt(addrCodeCave, 0); // allocate memory the pointer return value: retnCodeCave = Memory.AllocateMemory(0x4); Memory.WriteInt(retnCodeCave, 0); // Generate the STUB to be injected Memory.Asm.Clear(); // $Asm // save regs Memory.Asm.AddLine("pushad"); Memory.Asm.AddLine("pushfd"); // Test if you need launch injected code: Memory.Asm.AddLine("mov eax, [" + addrCodeCave + "]"); Memory.Asm.AddLine("test eax, eax"); Memory.Asm.AddLine("je @out"); // Launch Fonction: Memory.Asm.AddLine("mov eax, [" + addrCodeCave + "]"); Memory.Asm.AddLine("call eax"); // Copie pointer return value: Memory.Asm.AddLine("mov [" + retnCodeCave + "], eax"); // Enter value 0 of addresse func inject Memory.Asm.AddLine("mov edx, " + addrCodeCave); Memory.Asm.AddLine("mov ecx, 0"); Memory.Asm.AddLine("mov [edx], ecx"); // Close func Memory.Asm.AddLine("@out:"); // load reg Memory.Asm.AddLine("popfd"); Memory.Asm.AddLine("popad"); // injected code uint sizeAsm = (uint)(Memory.Asm.Assemble().Length); Memory.Asm.Inject(hookCodeCave); // Size asm jumpback int sizeJumpBack = 5; // copy and save original instructions Memory.Asm.Clear(); Memory.Asm.AddLine("mov edi, edi"); Memory.Asm.AddLine("push ebp"); Memory.Asm.AddLine("mov ebp, esp"); Memory.Asm.Inject(hookCodeCave + sizeAsm); // create jump back stub Memory.Asm.Clear(); Memory.Asm.AddLine("jmp " + (pEndScene + sizeJumpBack)); Memory.Asm.Inject(hookCodeCave + sizeAsm + (uint)sizeJumpBack); // create hook jump Memory.Asm.Clear(); // $jmpto Memory.Asm.AddLine("jmp " + (hookCodeCave)); Memory.Asm.Inject(pEndScene); } catch { hookedFlag = false; injectionFlag = true; return; } } hookedFlag = true; injectionFlag = false; } } public void DisposeHooking() { try { if (Memory.ReadByte(pEndScene) == 0xE9) // check if wow is already hooked and dispose Hook { // Restore origine endscene: Memory.Asm.Clear(); Memory.Asm.AddLine("mov edi, edi"); Memory.Asm.AddLine("push ebp"); Memory.Asm.AddLine("mov ebp, esp"); Memory.Asm.Inject(pEndScene); } // free memory: Memory.FreeMemory(hookCodeCave); Memory.FreeMemory(addrCodeCave); Memory.FreeMemory(retnCodeCave); hookedFlag = false; } catch {} } public byte[] InjectAndExecute(string[] asm) { int returnLength = 0; //Hooking(); while (injectionFlag){ Thread.Sleep(5); } injectionFlag = true; byte[] tempsByte = new byte[0]; // reset return value pointer Memory.WriteInt(retnCodeCave, 0); if (Memory.IsProcessOpen && hookedFlag) { // Write the asm stuff Memory.Asm.Clear(); foreach (string tempLineAsm in asm) { Memory.Asm.AddLine(tempLineAsm); } // Allocation Memory uint codeCave = Memory.AllocateMemory(Memory.Asm.Assemble().Length); try { // Inject Memory.Asm.Inject(codeCave); Memory.WriteInt(addrCodeCave, (int)codeCave); while (Memory.ReadInt(addrCodeCave) > 0) { Thread.Sleep(5); } // Wait to launch code if (returnLength > 0) { tempsByte = Memory.ReadBytes(Memory.ReadUInt(retnCodeCave), returnLength); } else { byte Buf = new Byte(); List<byte> retnByte = new List<byte>(); uint dwAddress = Memory.ReadUInt(retnCodeCave); Buf = Memory.ReadByte(dwAddress); while (Buf != 0) { retnByte.Add(Buf); dwAddress = dwAddress + 1; Buf = Memory.ReadByte(dwAddress); } tempsByte = retnByte.ToArray(); } } catch { } // Free memory allocated Memory.FreeMemory(codeCave); } injectionFlag = false; return tempsByte; } } }
Shout-Out
User Tag List
Results 1 to 5 of 5
-
11-08-2012 #1
Contributor
- Reputation
- 273
- Join Date
- Jun 2012
- Posts
- 1,096
- Thanks G/R
- 0/2
- Trade Feedback
- 415 (96%)
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
my hook using blackmagic doesn't work after MOP releasing
Last edited by lechris29; 11-08-2012 at 07:43 AM.
-
11-08-2012 #2
Active Member
- Reputation
- 49
- Join Date
- May 2009
- Posts
- 225
- Thanks G/R
- 0/0
- Trade Feedback
- 0 (0%)
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Are you sure?? (edit: don't answer that)Originally Posted by lechris29
are you sure?Code:public void LuaDoString(string command) { // Write value: uint codeCave = Memory.AllocateMemory(Encoding.UTF8.GetBytes(command).Length + 1); Memory.WriteBytes(codeCave, Encoding.UTF8.GetBytes(command)); // Write the asm stuff for Lua_DoString String[] asm = new String[] { "mov eax, " + codeCave, "push 0", "push eax", "push eax", "mov eax, " + Lua_DoStringAddress, // Lua_DoString "call eax", "add esp, 0xC", "retn", };
Maybe LuaDoString function changed in wow.exe ?! Did you check?
Did you check that the bytecode is actually written to wow space correctly? Did it patch correctly so byte code gets run?
My guess is you're patching in the wrong spot?
^^idk*, but did you check?Last edited by abuckau907; 11-08-2012 at 09:08 AM.
-
11-08-2012 #3
Contributor
- Reputation
- 83
- Join Date
- Aug 2011
- Posts
- 117
- Thanks G/R
- 0/5
- Trade Feedback
- 2 (100%)
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Hello, man. Your code works just fine for me, don't know where should it crash (looked in debugger also, working as intended).
The only thing I noticed that it will cause very rare crashes since you write JMP to STUB while thread is executing (pretend EIP being in those 5 bytes range, it's a crash, though rare one). The solution is suspend wow thread, get it's context and check for EIP (if it's there just resume and retry).PHP Code:HookStuff hs = new HookStuff(2352);
hs.Hooking();
hs.LuaDoString("DoEmote(\"dance\")");//makes my char dance on live
P.S. I can only assume that you need to run your wow in D3D9 mode.Last edited by Empted; 11-08-2012 at 09:44 AM.
-
11-12-2012 #4
Contributor
- Reputation
- 273
- Join Date
- Jun 2012
- Posts
- 1,096
- Thanks G/R
- 0/2
- Trade Feedback
- 415 (96%)
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
thank you everyone,rep given
-
11-12-2012 #5
Contributor
- Reputation
- 113
- Join Date
- Apr 2009
- Posts
- 195
- Thanks G/R
- 5/21
- Trade Feedback
- 0 (0%)
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
try
Code:// create jump back stub Memory.Asm.Clear(); Memory.Asm.AddLine("jmp " + (pEndScene + sizeJumpBack)); Memory.Asm.Inject(hookCodeCave + sizeAsm);// + (uint)sizeJumpBack);
Reply With QuoteSimilar Threads
-
Race edits not working after patch
By Elax in forum WoW ME Questions and RequestsReplies: 1Last Post: 06-11-2007, 02:38 PM -
Gold to Karazhan doesn't work,help please
By Raijin in forum WoW ME Questions and RequestsReplies: 2Last Post: 10-10-2006, 07:40 PM -
Patch 1.11.0 doesn't work
By SuperSirius in forum World of Warcraft GeneralReplies: 1Last Post: 10-10-2006, 10:51 AM -
A Speeder trial still works after the trial has run out.
By Kenjii in forum World of Warcraft Bots and ProgramsReplies: 1Last Post: 09-20-2006, 08:03 PM
-
OwnedCore Forums
casino news World of Warcraft Pokemon GO MMO Overwatch RTS Casino reviews bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game -
casino
Casino Gambling Online casinos Casino en ligne bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game bc game no deposit bonus codes roobet Top 10 Casinos Casino reviews Bitcoin casino Paypal Casino Lucky8 1xbit heycasino ✅Madnix Casino - ⭐ Dublinbet Casino - FreshBet Casino - Bonus Stake Casino Bonus Sans Casino Bitcoin in the ⭐ Limitless Casino - ✅Ruby Fortune Casino - ✅AllSlots Casino Bonus Best Slots Machines - -
CoreCoins
CoreCoins CoreCoins FAQ Shout-Out Banner Ads -
My OwnedCore
My Profile Notifications Settings Buy CoreCoins About Us
Privacy Policy | Cookie Policy | Terms | Contact Us
Available Payment Methods:-
-
Casino
Casino | InstantPay | Drake Casino | NeedForSpin | Crypto Casino | Bitstarz | Lucky Dreams Casino | Stake Casino | Casobet | ZenCasino | Bonus code | Mystake Casino | Sportsbook | Jackpotcity | Casino Reviews | How to Play BlackJack Online | Oshi Casino | BuzzLuck | Rollino Casino | Millionz | No deposit bonus | Lucky8 | Dublinbet | Bovada casino | Casino deposit offers | Betflip Casino | Slot machines | PalmSlots Casino