[Help]EndScene Hooking

[jrozparovac]

Hello guys,
first as a new member of ownedcore community I would like to thank you all for this incerdible forum which is full of many very usefull informations.

Not to get to the point ...
I would like to do bot so for last two weeks or so I've read many things about that task. One of the thing I've read here is hooking of EndScene. I understood that hooking EndScene is used to perform an operation before each frame is rendered. What I could not find is what operations most of the bots doing or why do you hooking endscene in world of warcraft?

[namreeb]

It's generally just an easy way to tick your bot's logic, update state, etc. and be reasonably sure that you are executing your code in the main thread of the game.

[jrozparovac]

Thank you very much

[DarkLinux]

Some lue functions must be called from the main thread, like JumpOrAscendStart(); or it will not work.. So call everything from EndScene..

wow pedia

DoString Code from around the forum...
Filebeam - Beam up that File Scottie!

One small problem is that FrameScript_Execute should be FrameScript_ExecuteBuffer

FrameScript_ExecuteBuffer = 0x75AC0
Direct3D9__Device = 0xB18ADC;
Direct3D9__Device__idk= 0x2808;
Direct3D9__Device__Endscene_idk = 0xA8;

Or look at this so you dont need to update the Direct offsets,
http://www.ownedcore.com/forums/worl...n-scanner.html (EverScan - An Open Source Warden Scanner)

[zys924]

There is only one defects for endscene hook. When the game window is minimized, the tick will be freezed so your bot logic is also stopped.

[Jadd]

There is only one defects for endscene hook. When the game window is minimized, the tick will be freezed so your bot logic is also stopped.

You should not use EndScene for keeping your bot updated. Instead, you should use the main thread's looped function or a function inside this loop. This applies for all games for the reason above. In WoW, the looped function is named SchedulerThreadProcProcess (0x004701E0 16357 x86 non-rebased), and it is called like so:

Code:

while ( !SchedulerThreadProcProcess(v3, v1, (int)&a1) )
  ;

WoW also has some nice timer event functions you can work with. Try EventSetTimer. You specify a __cdecl callback function and interval (milliseconds). The function will be executed from the main thread, when the interval is hit. This is a good way to loop your bot's "refresh" code in the main thread, however the first call to EventSetTimer must also be from the main thread (NOT from a SchedulerThreadProcProcess hook, it does not work).

Code:

typedef BOOL( __cdecl *EventSetTimer_t )( UINT uInterval, void( __cdecl *pCallbackFunction )( void ), UINT unk1 );

For example:

Code:

void __cdecl Pulse()
{
	Delegates::EventSetTimer( 10, Pulse, 0 );
}

It is nice not having to maintain function call intervals like you normally would, I would strongly recommend using this function as you can.

[zys924]

You should not use EndScene for keeping your bot updated. Instead, you should use the main thread's looped function or a function inside this loop. This applies for all games for the reason above. In WoW, the looped function is named SchedulerThreadProcProcess (0x004701E0 16357 x86 non-rebased), and it is called like so:

Code:

while ( !SchedulerThreadProcProcess(v3, v1, (int)&a1) )
  ;

WoW also has some nice timer event functions you can work with. Try EventSetTimer. You specify a __cdecl callback function and interval (milliseconds). The function will be executed from the main thread, when the interval is hit. This is a good way to loop your bot's "refresh" code in the main thread, however the first call to EventSetTimer must also be from the main thread (NOT from a SchedulerThreadProcProcess hook, it does not work).

Code:

typedef BOOL( __cdecl *EventSetTimer_t )( UINT uInterval, void( __cdecl *pCallbackFunction )( void ), UINT unk1 );

For example:

Code:

void __cdecl Pulse()
{
	Delegates::EventSetTimer( 10, Pulse, 0 );
}

It is nice not having to maintain function call intervals like you normally would, I would strongly recommend using this function as you can.

In a word, thus, what you mean exactly is try to use EventSetTimer, which must be called from EndScene. Am I correct?
BTW, this approach solves the freeze problem but turns to be more specific than the Direct hook. Everything comes with a price, isnt it?

[~Unknown~]

You should not use EndScene for keeping your bot updated. Instead, you should use the main thread's looped function or a function inside this loop. This applies for all games for the reason above. In WoW, the looped function is named SchedulerThreadProcProcess (0x004701E0 16357 x86 non-rebased), and it is called like so:

Code:

while ( !SchedulerThreadProcProcess(v3, v1, (int)&a1) )
  ;

This has me wondering. I haven't tried to search for it, but why is EndScene so popular if there are other functions that are better for this purpose? Is it because it is supposed to be "safer" because legit programs hook it to use overlays? or because originally people used it for their own overlays?

[Jadd]

In a word, thus, what you mean exactly is try to use EventSetTimer, which must be called from EndScene. Am I correct?
BTW, this approach solves the freeze problem but turns to be more specific than the Direct hook. Everything comes with a price, isnt it?

In WoWPlus, we used EndScene to initialize our environment (functions that required main thread execution). This included interval hotkey checks, object manager refreshes, etc. - all of which made usage of EventSetTimer.

We found another function recently called IEvtTimerDispatch (0x00472C70 16357 x86 non-rebased). It is called within SchedulerThreadProcProcess and is called just as often (minimized or not). I figure it's kind of hackish to use a function like this, but it works with EventSetTimer.

This has me wondering. I haven't tried to search for it, but why is EndScene so popular if there are other functions that are better for this purpose? Is it because it is supposed to be "safer" because legit programs hook it to use overlays? or because originally people used it for their own overlays?

That's a good point. As long as you don't have some sort of anti-cheat countermeasure, I would recommend the EndScene option. A lot of anti-cheats don't allow you to modify the main .text segment.

But with that said, a lot of games enforce screenshot analysis assuming you can do anything malicious within EndScene (ESPs?) - so be careful in any case.

[~Unknown~]

That's a good point. As long as you don't have some sort of anti-cheat countermeasure, I would recommend the EndScene option. A lot of anti-cheats don't allow you to modify the main .text segment.

But with that said, a lot of games enforce screenshot analysis assuming you can do anything malicious within EndScene (ESPs?) - so be careful in any case.

Yeah, that's good to know. I just read this after I finished hooking the SchedulerThreadProcProcess function you mention. It isn't all that difficult in WoW in particular, but I have pretty much zero knowledge of Warden so its probably in my best interest to stick with EndScene hooks. One day I'll stop being a noob and learn something about anti-cheat methods. Thanks. :P

[namreeb]

Note also that if you are including in an injected library some sort of GUI API, that it may also be using EndScene in its thread and context. So you are not guaranteed that EndScene is always called from the "main" thread.