[Classic] [1.13.6.37497] OnSpriteLeftClick - Targeting Units menu

User Tag List

Page 1 of 2 12 LastLast
Results 1 to 15 of 19
  1. #1
    _chase's Avatar Established Member
    Reputation
    95
    Join Date
    Dec 2019
    Posts
    57
    Thanks G/R
    16/49
    Trade Feedback
    0 (0%)
    Mentioned
    5 Post(s)
    Tagged
    0 Thread(s)

    [Classic] [1.13.6.37497] OnSpriteLeftClick - Targeting Units

    Hi, searched the forum and didn't see any thread about "CGGameUI::OnSpriteLeftClick" or "CGGameUI::OnSpriteRightClick". I struggled to effectively target units, so I figured I'd share my solution to targeting units.

    Here is my wrapper for OnSpriteLeftClick in c++
    Code:
    uintptr_t spriteLeftClick = 0xF68010;
    void Base::Functions::SpriteLeftClick(pWowGuid guid) {
    	reinterpret_cast<int64_t(__fastcall*)(pWowGuid)>(base + spriteLeftClick)(guid);
    }
    And then ya know, you can just pass a pointer to any unit's guid and target them. This updates the faceplate and you'll see your target update in the ui


    OnSpriteLeftClick(pWowGuid unitGuid) is currently at 0xF68010
    OnSpriteRightClick(pWowGuid unitGuid) is currently at 0xF68400
    CGGameUI::HandleSpriteClick(pWowGuid unitGuid) is currently at 0xF5C7E0
    Pattern for HandleSpriteClick I autogenerated with PatternMaker was: 40 53 48 83 EC ? 83 3D ? ? ? ? ? 48 8B D9 74 ? BA ? ? ? ?


    Picture below is Wow_18179_OSX_x64 dump versus my Classic 1.13.6.37497 dump
    Last edited by _chase; 03-12-2021 at 01:07 PM.

    [Classic] [1.13.6.37497] OnSpriteLeftClick - Targeting Units
  2. #2
    ChrisIsMe's Avatar Contributor
    Reputation
    164
    Join Date
    Apr 2017
    Posts
    210
    Thanks G/R
    67/100
    Trade Feedback
    0 (0%)
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    You can just write to the targetting table.

  3. #3
    _chase's Avatar Established Member
    Reputation
    95
    Join Date
    Dec 2019
    Posts
    57
    Thanks G/R
    16/49
    Trade Feedback
    0 (0%)
    Mentioned
    5 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by ChrisIsMe View Post
    You can just write to the targetting table.
    Don't have any experience with the targetting table, this works well enough for me now. But, is there any reason I should prioritize using the targeting table e.g. does it provide me some other capabilities that are worthwhile?

  4. #4
    ChrisIsMe's Avatar Contributor
    Reputation
    164
    Join Date
    Apr 2017
    Posts
    210
    Thanks G/R
    67/100
    Trade Feedback
    0 (0%)
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by _chase View Post
    Don't have any experience with the targetting table, this works well enough for me now. But, is there any reason I should prioritize using the targeting table e.g. does it provide me some other capabilities that are worthwhile?
    No, this is probably fine, my only concern with calling functions now is the return address monitoring that they've implemented on some of the lua functions. But I don't think that it's a problem here, or anywhere else really. I don't have to deal with it on the platform that I wrote my bot on, so I'm not quite up to date on what warden does on windows.

    I do remember that one of these functions though kept causing a blizzard UI warning whenever I called it, but I may have also been calling the wrong function, I think it was right clicking to interact.

  5. #5
    _chase's Avatar Established Member
    Reputation
    95
    Join Date
    Dec 2019
    Posts
    57
    Thanks G/R
    16/49
    Trade Feedback
    0 (0%)
    Mentioned
    5 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by ChrisIsMe View Post
    No, this is probably fine, my only concern with calling functions now is the return address monitoring that they've implemented on some of the lua functions. But I don't think that it's a problem here, or anywhere else really. I don't have to deal with it on the platform that I wrote my bot on, so I'm not quite up to date on what warden does on windows.

    I do remember that one of these functions though kept causing a blizzard UI warning whenever I called it, but I may have also been calling the wrong function, I think it was right clicking to interact.

    Thanks for the feedback. On your point about OnSpriteRightClick being buggy, I experienced that as well but didn't know if I was doing something wrong. So the OnSpriteLeftClick has worked very effectively for me, but OnSpriteRightClick has caused me random crashes so I agree that should probably be avoided. I added information about OnSpriteRightClick to the thread just to try and provide a more complete explanation.

  6. #6
    oiramario's Avatar Established Member
    Reputation
    85
    Join Date
    Mar 2021
    Posts
    133
    Thanks G/R
    36/51
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    unlike stable CTM function, Left/Right Click causes random crashes. Could be better when hook "Endscene" and inject to mainthread?

  7. #7
    _chase's Avatar Established Member
    Reputation
    95
    Join Date
    Dec 2019
    Posts
    57
    Thanks G/R
    16/49
    Trade Feedback
    0 (0%)
    Mentioned
    5 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by oiramario View Post
    unlike stable CTM function, Left/Right Click causes random crashes. Could be better when hook "Endscene" and inject to mainthread?
    Everything was done on mainthread, I detour dx11's present function. So not a threading issue, and left click sprite has caused no issues just right click sprite
    Last edited by _chase; 03-14-2021 at 07:48 AM.

  8. #8
    hfc's Avatar Member
    Reputation
    1
    Join Date
    Feb 2021
    Posts
    8
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hello.I have trouble with using CGGameUI::OnSpriteLeftClick in retail. I found CGGameUI::OnSpriteLeftClick is sub_1419DA540 in retail.And call it like this:
    Code:
    AsmAdd("mov rcx," + guidAddr);
    AsmAdd("mov rax," + leftClickAddr);
    AsmAdd("call rax");
    AsmCall();
    Baddly, it didn't work,but not crash.I have no idea where is wrong.Can somebody help me?
    God bless you.

  9. #9
    hfc's Avatar Member
    Reputation
    1
    Join Date
    Feb 2021
    Posts
    8
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by _chase View Post
    Hi, searched the forum and didn't see any thread about "CGGameUI::OnSpriteLeftClick" or "CGGameUI::OnSpriteRightClick". I struggled to effectively target units, so I figured I'd share my solution to targeting units.

    Here is my wrapper for OnSpriteLeftClick in c++
    Code:
    uintptr_t spriteLeftClick = 0xF68010;
    void Base::Functions::SpriteLeftClick(pWowGuid guid) {
    	reinterpret_cast<int64_t(__fastcall*)(pWowGuid)>(base + spriteLeftClick)(guid);
    }
    And then ya know, you can just pass a pointer to any unit's guid and target them. This updates the faceplate and you'll see your target update in the ui


    OnSpriteLeftClick(pWowGuid unitGuid) is currently at 0xF68010
    OnSpriteRightClick(pWowGuid unitGuid) is currently at 0xF68400
    CGGameUI::HandleSpriteClick(pWowGuid unitGuid) is currently at 0xF5C7E0
    Pattern for HandleSpriteClick I autogenerated with PatternMaker was: 40 53 48 83 EC ? 83 3D ? ? ? ? ? 48 8B D9 74 ? BA ? ? ? ?


    Picture below is Wow_18179_OSX_x64 dump versus my Classic 1.13.6.37497 dump

    Hi, chase. Could u tell me how to get unitGuid ? And waht is pWowGuid struct?

  10. #10
    oiramario's Avatar Established Member
    Reputation
    85
    Join Date
    Mar 2021
    Posts
    133
    Thanks G/R
    36/51
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I searched a lot of related content on the forum. Now can I draw a conclusion: because of warden, as long as Lua script is involved, it will cause random crash?

  11. #11
    _chase's Avatar Established Member
    Reputation
    95
    Join Date
    Dec 2019
    Posts
    57
    Thanks G/R
    16/49
    Trade Feedback
    0 (0%)
    Mentioned
    5 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by hfc View Post
    Hi, chase. Could u tell me how to get unitGuid ? And waht is pWowGuid struct?
    If you don't know how to get the guid, or what a guid is then this might not be very useful to you until you've reversed the game a little bit more
    Try searching around the forums to learn about the game's 'Object Manager', once you can iterate all the objects and figure out which objects are units and which ones are not this function might be more useful for you!

  12. #12
    _chase's Avatar Established Member
    Reputation
    95
    Join Date
    Dec 2019
    Posts
    57
    Thanks G/R
    16/49
    Trade Feedback
    0 (0%)
    Mentioned
    5 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by oiramario View Post
    I searched a lot of related content on the forum. Now can I draw a conclusion: because of warden, as long as Lua script is involved, it will cause random crash?
    So, random crashes usually mean you are not executing your code in the main thread e.g. what you mentioned above about not being in dx9's endscene or dx11's present. Otherwise, my UNDERSTANDING (i'm still learning as well) is that a division by zero crash means you executed code which has a mechanism to stop tampering by checking the calling stack trace. If you execute a function protected by a stack trace check from your injected dll, it's very easy for the game to see that the caller is not from it's addresse space. These division by zero crashes have nothing to do with warden, warden is the silent party which just collects information and relays it back to blizzard for later analysis and bot detection. This is why you can have a fully functioning bot where nothing crashes, but still get banned. Even if you evade all the client's anti cheat mechanisms it doesn't mean warden hasn't collected enough information in the shadows to conclude you are acting nefariously.

    For the stack trace checking here is an article I am currently reading: Faking your return address through Gadget and ROP | by Hoang Bui | Medium which might be the solution to these return address checks. But again, I am still learning. These are just my thoughts, I could be totally wrong
    Last edited by _chase; 03-18-2021 at 03:11 PM.

  13. #13
    hfc's Avatar Member
    Reputation
    1
    Join Date
    Feb 2021
    Posts
    8
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by _chase View Post
    If you don't know how to get the guid, or what a guid is then this might not be very useful to you until you've reversed the game a little bit more
    Try searching around the forums to learn about the game's 'Object Manager', once you can iterate all the objects and figure out which objects are units and which ones are not this function might be more useful for you!
    Thanks for reply. So, this function is only suitable for units? And do u know which click function is suitable for gameobject.

  14. #14
    sanyle's Avatar Member
    Reputation
    1
    Join Date
    Dec 2019
    Posts
    27
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Just send the gameobject's guid

  15. #15
    oiramario's Avatar Established Member
    Reputation
    85
    Join Date
    Mar 2021
    Posts
    133
    Thanks G/R
    36/51
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by _chase View Post
    So, random crashes usually mean you are not executing your code in the main thread e.g. what you mentioned above about not being in dx9's endscene or dx11's present. Otherwise, my UNDERSTANDING (i'm still learning as well) is that a division by zero crash means you executed code which has a mechanism to stop tampering by checking the calling stack trace. If you execute a function protected by a stack trace check from your injected dll, it's very easy for the game to see that the caller is not from it's addresse space. These division by zero crashes have nothing to do with warden, warden is the silent party which just collects information and relays it back to blizzard for later analysis and bot detection. This is why you can have a fully functioning bot where nothing crashes, but still get banned. Even if you evade all the client's anti cheat mechanisms it doesn't mean warden hasn't collected enough information in the shadows to conclude you are acting nefariously.

    For the stack trace checking here is an article I am currently reading: Faking your return address through Gadget and ROP | by Hoang Bui | Medium which might be the solution to these return address checks. But again, I am still learning. These are just my thoughts, I could be totally wrong
    Thanks for your sharing, after some hard work, OnSpriteLeftClick and OnSpriteRightClick now worked well both. They never crash even put them in while(True).
    In my knowledge background, modern engine use multithread with renderring. It means dx9's endscene or dx11's present are not in mainthread, so dont hook them anymore. Here is the better solution: ntoskrnl | Hooking Threads Without Detours or Patches

    P.S. My bot could set facing by write mem, however it does not sync to server. Anyone could share the UpdateMovement address or some hints?

Page 1 of 2 12 LastLast

Similar Threads

  1. [Classic] 1.13.6.37497
    By charles420 in forum WoW Memory Editing
    Replies: 10
    Last Post: 04-18-2021, 09:57 AM
  2. Replies: 5
    Last Post: 11-01-2019, 01:08 PM
  3. [Classic] 1.13.2.3208 - Model size of unit
    By NoxiaZ in forum WoW Memory Editing
    Replies: 1
    Last Post: 10-20-2019, 03:14 AM
  4. [Selling] Level 60 Hunter. Classic Rank 13 Warlord
    By Tschaenter in forum WoW-EU Account Buy Sell Trade
    Replies: 1
    Last Post: 11-04-2013, 03:21 PM
  5. Question: Target Unit By GUID in Addons, Possible?
    By zys924 in forum WoW Memory Editing
    Replies: 14
    Last Post: 12-30-2009, 12:57 PM
All times are GMT -5. The time now is 07:37 AM. Powered by vBulletin® Version 4.2.3
Copyright © 2024 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2024 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search