WOTLKC Build: 46368

[Razzue]

Doesn't want to write directly to solder
Most likely the memory is somehow write-protected.

It is not, my bot is currently using this RIGHT NOW 😅

[tayl]

Doesn't want to write directly to solder
Most likely the memory is somehow write-protected.

Code:

bool RemoteProcess::WriteBytes(DWORD_PTR adress, BYTE* bytes , DWORD size)
{

	HANDLE hprocess = OpenProcess(PROCESS_VM_WRITE, false, WowInfo.WowPid);
	if (!WriteProcessMemory(hprocess, (LPVOID)adress, bytes, size, NULL))
	{
		CloseHandle(hprocess);
		return false;
	}
	else
	{
		return true;
		CloseHandle(hprocess);
	}
}

The function returns false when trying to write

Code:

RemouteMemory->WriteBytes(RemouteMemory->WowInfo.WowBaseAdrtess + 0x30701E8, Bytes, 16);

Each new answer raises more questions.

For WriteProcessMemory to work you need handle with PROCESS_VM_WRITE and PROCESS_VM_OPERATION, your handle only have former. And in your else branch you dont close handle coz its after return.

[Hrap]

I fixed everything, everything worked
It was necessary to remove VirtualProtect

Code:

DWORD  oldProtect
VirtualProtectEx(hprocess, address, size, PAGE_EXECUTE_READWRITE, &oldProtect);
//write to memory then return protection
VirtualProtectEx(hprocess, address, size, oldProtect, NULL);

or

Code:

HANDLE hprocess = OpenProcess(PROCESS_VM_WRITE | PROCESS_VM_OPERATION, false, WowInfo.WowPid);


	if (!WriteProcessMemory(hprocess, (LPVOID)adress, bytes, size, NULL))
	{

		CloseHandle(hprocess);
		return false;
	}
	else
	{

		CloseHandle(hprocess);
		return true;
		
	}

That's how it works too)


Thank you all for your help.
It's a pity that it didn't work out with W2S (

[tayl]

I fixed everything, everything worked
It was necessary to remove VirtualProtect

Code:

DWORD  oldProtect
VirtualProtectEx(hprocess, address, size, PAGE_EXECUTE_READWRITE, &oldProtect);
//write to memory then return protection
VirtualProtectEx(hprocess, address, size, oldProtect, NULL);

or

Code:

HANDLE hprocess = OpenProcess(PROCESS_VM_WRITE | PROCESS_VM_OPERATION, false, WowInfo.WowPid);


	if (!WriteProcessMemory(hprocess, (LPVOID)adress, bytes, size, NULL))
	{

		CloseHandle(hprocess);
		return false;
	}
	else
	{

		CloseHandle(hprocess);
		return true;
		
	}

Thank you all for your help.
It's a pity that it didn't work out with W2S (

There's is cleary something not right, WPM calls NtProtectVirtualMemory with ReadWrite internally.

[Hrap]

Who can help, how to find out the number of free cells in the backpack?
or when the inventory is full?

[jnco]

So appears I am getting the correct address, by calling this method
Execute("AccountLogin_Login()");
It does react but crashed after that. Why is that?
Attachment 81913

The obfuscated functions usually check the return address and if it's not within an address range crashes the game

[tommingc]

The obfuscated functions usually check the return address and if it's not within an address range crashes the game

thanks, is there a work around?
Do I have to find and allocate a memory space? Similar as allocate memories before create remote thread?

[ostapus]

you will have to patch return table (and fix crc as well), this is probably (imo) the best approach.

[tommingc]

you will have to patch return table (and fix crc as well), this is probably (imo) the best approach.

thanks, I may need more study on that...

[maikel233]

Not tested
Dump:

Code:

Please wait. This can take a few minutes...
CGGameObject_C_CanUse = 0x5DFD4B
CGGameObject_C_CanUseNow = 0x1494450
CGGameObject_C_IsLocked = 0x149CD30
CGItem_GetSpellIdById = 0x0
CGItem_UseItem = 0x14771A0
CGItem_UseItemParm = 0x1180717
CGPlayer_AcceptResurrect = 0x139A8D0
CGPlayer_C_HandleRepopRequest = 0x13AACE0
CGPlayer_C_SwapItems = 0x13CD7D0
CGUnit_C_CanAttack = 0x1405450
CGUnit_C_Dismount = 0x14155F0
CGUnit_C_HandleTrackingFacing = 0x1439EE0
CGUnit_C_IsInMelee = 0x1424A30
CGUnit_C_OnAttackIconPressed = 0x142AE70
CGUnit_C_OnFlightLocal = 0x142E5B0
CGUnit_C_OnJumpLocal = 0x142E610
CGUnit_C_OnSwimStartLocal = 0x1432250
CGUnit_C_SetTrackingMoveTo = 0x143A160
CGUnit_C_SetTrackingObjectInteract = 0x1439FC0
CGUnit_C_SetTrackingPosition = 0x143A160
CGUnit_C_SetTrackingTarget = 0x143A200
CGUnit_IsOutdoors = 0x1424E20
CameraMgr = 0x2F9B198
ClntObjMgrEnumVisibleObjectsPtr = 0x15B24A0
ClntObjMgrGetMapId = 0x15B6B00
ClntObjMgrIsValid = 0x15B7220
CorpseMapID = 0x2CEAF30
GameBuild = 0x25FC0F4
GameReleaseDate = 0x264AD90
GameVersion = 0x264AD9C
HardwareEventPtr = 0x2D4B378
InvalidPtrCheckMax = 0x2F53BE8
InvalidPtrCheckMin = 0x2F53BE0
IsLootWindowOpen = 0x30A4250
IsPlayerInWorld = 0x3070194
IsPlayerMoving = 0x15C5980
NameCacheBase = 0x2BEB418
RedMessage = 0x306EFC0
RuneReady = 0x0
SpellBook = 0x30A37C8

CGlueMgr_QuitGame = 0x1F4BC0
ClientConnection_CharacterLogout = 0x11BD060
CoolDown = 0x300A090
EquippedBagGUID = 0x30BF5B0
FaceTo = 0x1439EE0
FrameScript_GetText = 0x59D420
GetDefaultLanguage = 0x13C5DC0
GetItemCachEntry = 0x4B99A0
GuidToString = 0x11AA2E0
ItemCachEntryBase = 0x2D1E030
Merchant = 0x30B4158
MerchantBuyItems = 0x13B8080
MerchantCount = 0x2FBDE20
MerchantItems = 0x0
MerchantSellItems = 0x13AAD20
Movement_InputControl = 0x2BEB3E0
Movement_ToggleControlBit = 0x116F3D0
PartyInfo_GetActiveParty = 0x168DE40
Party_FindMember = 0x168DB90
PetInfo_FindSpellById = 0x16A0840
PetInfo_SendPetAction = 0x16A28A0
Player_LeaveCombatMode = 0x136C850
SendChatMessage = 0x0
Specialization_IsTalentSelectedById = 0x17B5820
SpellBook_FindSlotBySpellId = 0x165ADA0
SpellBook_FindSpellByName = 0x165AFB0
SpellBook_FindSpellOverrideById = 0x165C3A0
SpellBook_GetOverridenSpell = 0x165B670
SpellDB_GetRow = 0x2247AC0
SpellDB_HasAttribute = 0x2247A60
Spell_C_CancelActiveSpell = 0x1354220
Spell_C_CancelChannel = 0x1354B80
Spell_C_CancelSpell = 0x1354FA0
Spell_C_CastSpell = 0x1658D10
Spell_C_GetMinMaxRange = 0x135CF40
Spell_C_GetSpellCoolDown = 0x135F5F0
Spell_C_HaveSpellPower = 0x1363860
Spell_C_IsCurrentSpell = 0x1367AC0
Spell_C_IsUsableAction = 0x13680F0
Spell_C_RangeCheckSelected = 0x136A690
Spell_CancelAutoRepeat = 0x1354920
Spell_ClickSpell = 0x1358C30
Spell_GetSomeSpellInfo = 0x22462C0
Spell_GetSpellCharges = 0x1653B80
Spell_GetSpellType = 0x3B4E10
Spell_HandleTerrainClick = 0x1362EC0
Spell_IsPlayerSpell = 0x1661A20
Spell_IsStealable = 0x1658A60
Spell_SomeInfo = 0x138C3D0
Spell_isSpellKnown = 0x1661AB0
SpriteLeftClick = 0x15F3D60
SpriteRightClick = 0x15F4190
Unit_CanAttack = 0x1405450
Unit_GetAuraByIndex = 0x25C9E254
Unit_GetFacing = 0x11C13F0
Unit_GetPosition = 0x13A8790
Unit_GetPower = 0x19C6670
Unit_GetPowerMax = 0x19C67D0
Unit_IsFriendly = 0x1440380
WorldFrame_GetWorld = 0x1F4AB0
WorldFrame_HitTest = 0x109A680
WorldFrame_HitTestPoint = 0x109AC50
WorldFrame_Intersect = 0xF522F0
WorldFrame_OnLayerUpdate = 0x109CD00
World_GetFrameRateResult = 0x2560DE0
World_GetFrameRatems = 0xF53080
World_GetFramerateOffset = 0x2F8D370
World_GetNetLatency = 0xE384A0
World_GetNetLatency_GetIdx = 0x1E0330
World_GetNetLatency_RealmNamePointer = 0x2FBE7EF
pSubZoneID = 0x306FB7C
pSubZoneText = 0x306EF18
pZoneID = 0x306FB78
pZoneText = 0x306EF18

[tommingc]

Not tested
Dump:

Code:

Please wait. This can take a few minutes...
CGGameObject_C_CanUse = 0x5DFD4B
CGGameObject_C_CanUseNow = 0x1494450
CGGameObject_C_IsLocked = 0x149CD30
CGItem_GetSpellIdById = 0x0
CGItem_UseItem = 0x14771A0
CGItem_UseItemParm = 0x1180717
CGPlayer_AcceptResurrect = 0x139A8D0
CGPlayer_C_HandleRepopRequest = 0x13AACE0
CGPlayer_C_SwapItems = 0x13CD7D0
CGUnit_C_CanAttack = 0x1405450
CGUnit_C_Dismount = 0x14155F0
CGUnit_C_HandleTrackingFacing = 0x1439EE0
CGUnit_C_IsInMelee = 0x1424A30
CGUnit_C_OnAttackIconPressed = 0x142AE70
CGUnit_C_OnFlightLocal = 0x142E5B0
CGUnit_C_OnJumpLocal = 0x142E610
CGUnit_C_OnSwimStartLocal = 0x1432250
CGUnit_C_SetTrackingMoveTo = 0x143A160
CGUnit_C_SetTrackingObjectInteract = 0x1439FC0
CGUnit_C_SetTrackingPosition = 0x143A160
CGUnit_C_SetTrackingTarget = 0x143A200
CGUnit_IsOutdoors = 0x1424E20
CameraMgr = 0x2F9B198
ClntObjMgrEnumVisibleObjectsPtr = 0x15B24A0
ClntObjMgrGetMapId = 0x15B6B00
ClntObjMgrIsValid = 0x15B7220
CorpseMapID = 0x2CEAF30
GameBuild = 0x25FC0F4
GameReleaseDate = 0x264AD90
GameVersion = 0x264AD9C
HardwareEventPtr = 0x2D4B378
InvalidPtrCheckMax = 0x2F53BE8
InvalidPtrCheckMin = 0x2F53BE0
IsLootWindowOpen = 0x30A4250
IsPlayerInWorld = 0x3070194
IsPlayerMoving = 0x15C5980
NameCacheBase = 0x2BEB418
RedMessage = 0x306EFC0
RuneReady = 0x0
SpellBook = 0x30A37C8

CGlueMgr_QuitGame = 0x1F4BC0
ClientConnection_CharacterLogout = 0x11BD060
CoolDown = 0x300A090
EquippedBagGUID = 0x30BF5B0
FaceTo = 0x1439EE0
FrameScript_GetText = 0x59D420
GetDefaultLanguage = 0x13C5DC0
GetItemCachEntry = 0x4B99A0
GuidToString = 0x11AA2E0
ItemCachEntryBase = 0x2D1E030
Merchant = 0x30B4158
MerchantBuyItems = 0x13B8080
MerchantCount = 0x2FBDE20
MerchantItems = 0x0
MerchantSellItems = 0x13AAD20
Movement_InputControl = 0x2BEB3E0
Movement_ToggleControlBit = 0x116F3D0
PartyInfo_GetActiveParty = 0x168DE40
Party_FindMember = 0x168DB90
PetInfo_FindSpellById = 0x16A0840
PetInfo_SendPetAction = 0x16A28A0
Player_LeaveCombatMode = 0x136C850
SendChatMessage = 0x0
Specialization_IsTalentSelectedById = 0x17B5820
SpellBook_FindSlotBySpellId = 0x165ADA0
SpellBook_FindSpellByName = 0x165AFB0
SpellBook_FindSpellOverrideById = 0x165C3A0
SpellBook_GetOverridenSpell = 0x165B670
SpellDB_GetRow = 0x2247AC0
SpellDB_HasAttribute = 0x2247A60
Spell_C_CancelActiveSpell = 0x1354220
Spell_C_CancelChannel = 0x1354B80
Spell_C_CancelSpell = 0x1354FA0
Spell_C_CastSpell = 0x1658D10
Spell_C_GetMinMaxRange = 0x135CF40
Spell_C_GetSpellCoolDown = 0x135F5F0
Spell_C_HaveSpellPower = 0x1363860
Spell_C_IsCurrentSpell = 0x1367AC0
Spell_C_IsUsableAction = 0x13680F0
Spell_C_RangeCheckSelected = 0x136A690
Spell_CancelAutoRepeat = 0x1354920
Spell_ClickSpell = 0x1358C30
Spell_GetSomeSpellInfo = 0x22462C0
Spell_GetSpellCharges = 0x1653B80
Spell_GetSpellType = 0x3B4E10
Spell_HandleTerrainClick = 0x1362EC0
Spell_IsPlayerSpell = 0x1661A20
Spell_IsStealable = 0x1658A60
Spell_SomeInfo = 0x138C3D0
Spell_isSpellKnown = 0x1661AB0
SpriteLeftClick = 0x15F3D60
SpriteRightClick = 0x15F4190
Unit_CanAttack = 0x1405450
Unit_GetAuraByIndex = 0x25C9E254
Unit_GetFacing = 0x11C13F0
Unit_GetPosition = 0x13A8790
Unit_GetPower = 0x19C6670
Unit_GetPowerMax = 0x19C67D0
Unit_IsFriendly = 0x1440380
WorldFrame_GetWorld = 0x1F4AB0
WorldFrame_HitTest = 0x109A680
WorldFrame_HitTestPoint = 0x109AC50
WorldFrame_Intersect = 0xF522F0
WorldFrame_OnLayerUpdate = 0x109CD00
World_GetFrameRateResult = 0x2560DE0
World_GetFrameRatems = 0xF53080
World_GetFramerateOffset = 0x2F8D370
World_GetNetLatency = 0xE384A0
World_GetNetLatency_GetIdx = 0x1E0330
World_GetNetLatency_RealmNamePointer = 0x2FBE7EF
pSubZoneID = 0x306FB7C
pSubZoneText = 0x306EF18
pZoneID = 0x306FB78
pZoneText = 0x306EF18

Thank you, @maikel233.
I have one input here.
WorldFrame_Intersect = 0xF522F0 is the correct address,
but i tested with full parameter it will crash the client, maybe i did something wrong, in the end, i have to use the address inside that function and everything works.
method is from @ChrisIsMe
https://www.ownedcore.com/forums/wor...ml#post4391410
Snipaste_2022-11-22_10-11-52.jpg

also yesterday the PTR server has updated to 3.4.1.46722, the interest now have one more parameter(trying to align with 10.0?), so for anyone who need that be prepare for that.