Keystroke emulation

[Hrap]

Hello,
I ran into a keystroke emulation problem in WoW 3.3.5a.

I first used WINAPI
PostMessage
but when the game window loses focus, pressing is no longer generated.
I tried all possible WINAPI options, and no one works without focus

I think I need something from WOW
But how to implement it, I do not know yet


I found the following
00765AF0 OnKeyDown
00764B90 OnKeyDownRepeat
00763BE0 OnKeyUp
as I understand, these events occur during keystrokes

005FD3D0 InputControlDestroy_0
005F9580 InputControlRegisterScriptFunctions
00868D40 InputEvent
CInputControl = 0x00C24954


as I understand it, I need to use CInputControl or InputEvent
Can you tell me how to implement keystroke emulation?
At least in which direction to look.
Thank you in advance

[ChrisIsMe]

Code:

SendInput in C++

void sendKey(int key)
{
	INPUT ip;

	ip.type = INPUT_KEYBOARD;
	ip.ki.wScan = 0; 
	ip.ki.time = 0;
	ip.ki.dwExtraInfo = 0;

	ip.ki.wVk = key; 
	ip.ki.dwFlags = 0; 
	SendInput(1, &ip, sizeof(INPUT));

	ip.ki.dwFlags = KEYEVENTF_KEYUP;
	SendInput(1, &ip, sizeof(INPUT));
}

PostMessage in C#

        public static void FakeKey(int key)
        {
            PostMessage(Application().MainWindowHandle, WM_KEYDOWN, key, 0);
            PostMessage(Application().MainWindowHandle, WM_KEYUP, key, 0);
        }

With those examples, postmessage would send it to the process if in foreground or not, sendinput will send the keystroke to where ever your active application is, so you would want to use something to check foreground.

[Hrap]

SendImput is not working

Code:

	void GenerateKey(int vk) {

		LPARAM lParam;
		int ScanCode = MapVirtualKey(vk, 0);

		lParam = ScanCode << 16;
		lParam |= 1;
		
		
			PostMessage(WoW, WM_KEYDOWN, vk, lParam);
			lParam |= 1 << 30;
			lParam |= 1 << 31;
			PostMessage(WoW, WM_KEYUP, vk, lParam);

	}

It works, but when the game window loses focus, it stops working.
My bot is written as an injection dll.

it is necessary to make it so that the bot can be run in several windows simultaneously.
And for this, it must work without focus.

[reapler]

You can try "005FBE10 CGInputControl__ToggleControlBit"

Code:

signed int __thiscall CGInputControl::ToggleControlBit(_DWORD *this, int flag, int enableFlag, int osAsyncTime, int a5)
{
    _DWORD *v5; // esi
    signed int result; // eax
    int v7; // eax

    v5 = this;
    if ( enableFlag )
        result = CGInputControl::SetControlBit((int)this, flag, osAsyncTime);
    else
        result = CGInputControl::UnsetControlBit((int)this, flag, osAsyncTime, a5);
    if ( result )
    {
        if ( enableFlag )
        {
            if ( flag & 0x10F0 || flag & 3 && (v7 = v5[1], v7 & 1) && v7 & 2 )
                CheckToCancelCurrentChannelSpell();
        }
        result = CInputControl::UpdatePlayer(v5, osAsyncTime, 1);
    }
    return result;
}

Code:

enum eMovementFlag
{
    MOVEMENT_FLAG_MOVE_FORWARD = 0x10,
    MOVEMENT_FLAG_MOVE_BACKWARD = 0x20,
    MOVEMENT_FLAG_STRAFE_LEFT = 0x40,
    MOVEMENT_FLAG_STRAFE_RIGHT = 0x80,
    MOVEMENT_FLAG_TURN_LEFT = 0x100,
    MOVEMENT_FLAG_TURN_RIGHT = 0x200,
    MOVEMENT_FLAG_PITCH_UP = 0x400,
    MOVEMENT_FLAG_PITCH_DOWN = 0x800,
    MOVEMENT_FLAG_AUTO_RUN = 0x1000,
    MOVEMENT_FLAG_ALL = 0x1FF0
};

[Hrap]

CGInputControl::ToggleControlBit
This function needs to be intercepted.
Right?

[Hrap]

Why does this function, as I understand it, switch control?

[Hrap]

Your code is not yet understood

[Hazzbazzy]

Hello,
I ran into a keystroke emulation problem in WoW 3.3.5a.

I first used WINAPI
PostMessage
but when the game window loses focus, pressing is no longer generated.
I tried all possible WINAPI options, and no one works without focus

I think I need something from WOW
But how to implement it, I do not know yet


I found the following
00765AF0 OnKeyDown
00764B90 OnKeyDownRepeat
00763BE0 OnKeyUp
as I understand, these events occur during keystrokes

005FD3D0 InputControlDestroy_0
005F9580 InputControlRegisterScriptFunctions
00868D40 InputEvent
CInputControl = 0x00C24954


as I understand it, I need to use CInputControl or InputEvent
Can you tell me how to implement keystroke emulation?
At least in which direction to look.
Thank you in advance

Can you post the code you are using for this yourself?

[Hrap]

I first tried to use it

Code:

	void GenerateKey(int vk, BOOL bExtended, BOOL Hold) {

		LPARAM lParam;
		int ScanCode = MapVirtualKey(vk, 0);

		lParam = ScanCode << 16;
		lParam |= 1;
		if (Hold)
		{
			PostMessage(WoW, WM_KEYDOWN, vk, lParam);
		}
		else
		{
			lParam |= 1 << 30;
			lParam |= 1 << 31;
			PostMessage(WoW, WM_KEYUP, vk, lParam);
		}
		return;
	}

then

Code:

	void SetMove(int movetype,bool state)
	{
		if (movetype == MoveForward)
		{
			if (state)
			{
				reinterpret_cast<void(__cdecl*)(int)>(MoveForwardStart)(time);
			}
			else
			{
				reinterpret_cast<void(__cdecl*)(int)>(MoveForwardStop)(time);
			}
		}
		if (movetype == MoveBackward)
		{
			if (state)
			{
				reinterpret_cast<void(__cdecl*)(int)>(MoveBackwardStart)(time);
			}
			else
			{
				reinterpret_cast<void(__cdecl*)(int)>(MoveBackwardStop)(time);
			}
		}
		if (movetype == TurnLeft)
		{
			if (state)
			{
				reinterpret_cast<void(__cdecl*)(int)>(TurnLeftStart)(time);
			}
			else
			{
				reinterpret_cast<void(__cdecl*)(int)>(TurnLeftStop)(time);
			}
		}
		if (movetype == TurnRight)
		{
			if (state)
			{
				reinterpret_cast<void(__cdecl*)(int)>(TurnRightStart)(time);
			}
			else
			{
				reinterpret_cast<void(__cdecl*)(int)>(TurnRightStop)(time);
			}
		}
		if (movetype == JumpOrAscend)
		{
			if (state)
			{
				reinterpret_cast<void(__cdecl*)(int)>(JumpOrAscendStart)(time);
			}
			else
			{
				reinterpret_cast<void(__cdecl*)(int)>(AscendStop)(time);
			}
		}

	}

but without focus it doesn't work

I haven't figured out CGInputControl yet
I do not understand yet how it works



I need to do so that the bot would work when the game window without focus
please tell me how it can be implemented

[Hazzbazzy]

I first tried to use it

Code:

	void GenerateKey(int vk, BOOL bExtended, BOOL Hold) {

		LPARAM lParam;
		int ScanCode = MapVirtualKey(vk, 0);

		lParam = ScanCode << 16;
		lParam |= 1;
		if (Hold)
		{
			PostMessage(WoW, WM_KEYDOWN, vk, lParam);
		}
		else
		{
			lParam |= 1 << 30;
			lParam |= 1 << 31;
			PostMessage(WoW, WM_KEYUP, vk, lParam);
		}
		return;
	}

then

Code:

	void SetMove(int movetype,bool state)
	{
		if (movetype == MoveForward)
		{
			if (state)
			{
				reinterpret_cast<void(__cdecl*)(int)>(MoveForwardStart)(1000);
			}
			else
			{
				reinterpret_cast<void(__cdecl*)(int)>(MoveForwardStop)(1000);
			}
		}
		if (movetype == MoveBackward)
		{
			if (state)
			{
				reinterpret_cast<void(__cdecl*)(int)>(MoveBackwardStart)(1000);
			}
			else
			{
				reinterpret_cast<void(__cdecl*)(int)>(MoveBackwardStop)(1000);
			}
		}
		if (movetype == TurnLeft)
		{
			if (state)
			{
				reinterpret_cast<void(__cdecl*)(int)>(TurnLeftStart)(1000);
			}
			else
			{
				reinterpret_cast<void(__cdecl*)(int)>(TurnLeftStop)(1000);
			}
		}
		if (movetype == TurnRight)
		{
			if (state)
			{
				reinterpret_cast<void(__cdecl*)(int)>(TurnRightStart)(1000);
			}
			else
			{
				reinterpret_cast<void(__cdecl*)(int)>(TurnRightStop)(1000);
			}
		}
		if (movetype == JumpOrAscend)
		{
			if (state)
			{
				reinterpret_cast<void(__cdecl*)(int)>(JumpOrAscendStart)(1000);
			}
			else
			{
				reinterpret_cast<void(__cdecl*)(int)>(AscendStop)(1000);
			}
		}

	}

but without focus it doesn't work

I haven't figured out CGInputControl yet
I do not understand yet how it works

What are you specifying "PostMessage(WoW" as?

[Hrap]

WoW is the game window HWND

Code:

HWND WoW;
...
LRESULT CALLBACK WndProc(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
{

	if (uMsg == WM_USER_UNIQUE)

	{
            // bot window is created here
	return 0;		
	}
return CallWindowProc(OldWndProc, hwnd, uMsg, wParam, lParam);
}


extern "C" DLL_EXPORT BOOL APIENTRY DllMain(HMODULE Module, DWORD fdwReason, LPVOID lpvReserved)
{
	switch (fdwReason)
	{
	case DLL_PROCESS_ATTACH:

		WoW = GetForegroundWindow();
		if (WoW != NULL)
		{
                   	WM_USER_UNIQUE = RegisterWindowMessage(TEXT("UI_WOWs_Launcher"));
			OldWndProc = (WNDPROC)SetWindowLongPtr(WoW , GWLP_WNDPROC, (LONG_PTR)WndProc);
			PostMessage(hw, WM_USER_UNIQUE, 0, 0);
		}
		
		break;

	}
	
	return TRUE; // successful
};

[Hazzbazzy]

Code:

HWND WoW;
...
extern "C" DLL_EXPORT BOOL APIENTRY DllMain(HMODULE Module, DWORD fdwReason, LPVOID lpvReserved)
{
	switch (fdwReason)
	{
	case DLL_PROCESS_ATTACH:

		WoW = GetForegroundWindow();
		if (WoW != NULL)
		{
                     ....
		}
		
		break;

	case DLL_PROCESS_DETACH:
		// detach from process
		break;

	case DLL_THREAD_ATTACH:
		// attach to thread
		break;

	case DLL_THREAD_DETACH:
		// detach from thread
		break;
	}
	
	return TRUE; // successful
};

If you want to isolate the problem, change your postmessage up slightly and use the PID to get the handle. See if the behavior is the same. If it's not then you know the above is the problem

[Hrap]

The behavior is the same.
When I run the bot everything works great.
but when i switch focus to another window the bot stops
At the same time, messages continue to be sent but the game does not respond to them.

[Hrap]

I created a class for
ToggleControlBit
but I do not understand how to use it

Code:

class CGInputControl
{  

	typedef signed int(__cdecl* tSetControlBit)(int, int, int);
	typedef signed int(__cdecl* tUnsetControlBit)(int, int, int ,int);
	typedef signed int(__cdecl* tUpdatePlayer)(DWORD*, int, int);
	typedef void(__cdecl* tCheckToCancelCurrentChannelSpell)();
	tSetControlBit SetControlBit = (tSetControlBit)0x5fa170;
	tUnsetControlBit UnsetControlBit = (tUnsetControlBit)0x5fa450;
	tUpdatePlayer UpdatePlayer = (tUpdatePlayer)0x5FBBC0;
	tCheckToCancelCurrentChannelSpell CheckToCancelCurrentChannelSpell = (tCheckToCancelCurrentChannelSpell)0x5FAA40;

	signed int __thiscall ToggleControlBit(DWORD * This, int flag, int enableFlag, int osAsyncTime, int a5)
	{
		DWORD *v5; // esi
		signed int result; // eax
		int v7; // eax

		v5 = This;
		if (enableFlag)
			result = SetControlBit((int)This, flag, osAsyncTime);
		else
			result = UnsetControlBit((int)This, flag, osAsyncTime, a5);
		if (result)
		{
			if (enableFlag)
			{
				if (flag & 0x10F0 || flag & 3 && (v7 = v5[1], v7 & 1) && v7 & 2)
					CheckToCancelCurrentChannelSpell();
			}
			result = UpdatePlayer(v5, osAsyncTime, 1);
		}
		return result;
	}

};

I tried to do so

Code:

DetourFunction(reinterpret_cast<byte*>(0x5FBE10), reinterpret_cast<byte*>(CGInputControl::ToggleControlBit));

and nothing happens



as I understand it, I need to call ToggleControlBit and pass the flags I need
Is it so?

[reapler]

as I understand it, I need to call ToggleControlBit and pass the flags I need
Is it so?

Yes, almost you also need to pass the CInputControl object & tickcount. The mentioned paste was more a example how the function itself look like. You may call it in the main thread via a delegate or asm/endscene.

C# injected (c++? dunno):

Code:

            [UnmanagedFunctionPointer(CallingConvention.Cdecl)]
            internal delegate IntPtr CGInputControl_GetActiveDelegate();
            internal static CGInputControl_GetActiveDelegate CGInputControl_GetActive;

            [UnmanagedFunctionPointer(CallingConvention.ThisCall)]
            internal delegate int CGInputControl_ToggleControlBitDelegate(IntPtr activeCtrl, int type, int enable, int osAsyncTime, int unk0);
            internal static CGInputControl_ToggleControlBitDelegate CGInputControl_ToggleControlBit;

        public void MoveForward()
        {
            //delegates need to assigned before calling...
            Generic.MainThread.Instance.Invoke(() => 
            {
                Functions.Client.CGInputControl_ToggleControlBit(Functions.Client.CGInputControl_GetActive(), 0x10, 1, System.Environment.TickCount, 0);
            }
        }

or in asm

Code:

            Memory.WowMemory.Inject(new[]
            {
                "call " + (uint) 0x5F95D0,
                "mov ecx, eax",
                "call " + (KernelTickCountAddress),
                "push 0",
                "push eax",
                "mov ebx, [" + enablePtr + "]",
                "push ebx",//or push directly if pointer not needed
                "mov ebp, [" + flagPtr + "]",
                "push ebp",
                "call " + (uint) 0x5FBE10,
                "ret"
            }, out toggleControlBitBase, out toggleControlBitFunc);