Hello everyone,
New to here, I got the Traceline function using this signature.
//48 83 EC 58 8B 42 08 F2 0F 10 02 48 8D 54 24 ?? 89 44 24 28 41 8B 40 08 89 44 24 34 48 8B 84 24 ?? ?? ?? ?? 48 89 44 24 ?? 48 8B 84 24 ?? ?? ?? ?? F2 0F 11 44 24 ?? F2 41 0F 10 00 48 89 44 24 ?? F2 0F 11 44 24 ?? 4C 89 4C 24 ?? E8 ?? ?? ?? ?? 48 83 C4 58 C3
by looking at the structure it apears this function requires (worldptr &end, &start, &hit, &distance, intersectFlags)
I then get the worldptr using
ulong worldPtr = Client.Read<ulong>(MainModule.BaseAddress + WorldFrameOffset)
applied the end/start/hit and distance code cave in the memory.
I then use CreateRemoteThread to execute below shell code,
Code:
string[] mnemonics =
{
"mov rax, " + (uint)IntersectFlags.LineOfSight, //0x5D,//0b01011011
"mov [rsp+0x28], rax",
"mov rax, " + distanceCave,
"mov [rsp+0x20], rax",
"mov r9, " + hitCave,
"mov r8, " + startCave,
"mov rdx, " + endCave,
"mov rcx, " + worldPtr,
"mov rbx, " + ((long)ps.MainModule.BaseAddress + (long)caddr.WorldFrameIntersect),
"sub rsp, 0x28",
"call rbx",
"mov [" + resultCollisionCave + "], rax"
"add rsp, 0x28",
"ret"
};
the client froze for 1 second and disappeared, unlike other calls, if i call using a wrong parameter it will crash by #138 or such.
and this is how it looks like in the memory
Code:
000002098C260000 | 48:C74424 28 11001000 | mov qword ptr ss:[rsp+28],100011 |
000002098C260009 | 48:B8 2A00248C09020000 | mov rax,2098C24002A |
000002098C260013 | 48:894424 20 | mov qword ptr ss:[rsp+20],rax |
000002098C260018 | 49:B9 1E00248C09020000 | mov r9,2098C24001E |
000002098C260022 | 49:B8 1C00248C09020000 | mov r8,2098C24001C |
000002098C26002C | 48:BA 1000248C09020000 | mov rdx,2098C240010 |
000002098C260036 | 48:B9 A098BAF709020000 | mov rcx,209F7BA98A0 |
000002098C260040 | 48:B8 90B3B9C5F77F0000 | mov rax,wowclassict.7FF7C5B9B390 |
000002098C26004A | 48:83EC 28 | sub rsp,28 |
000002098C26004E | FFD0 | call rax |
000002098C260050 | 48:83C4 28 | add rsp,28 |
000002098C260054 | C3 | ret
I have done similar calls using createremotethread for functions like click move, spell cast, etc, for the intersect I tried hard and never succeeded.
I'm new to the Shellcode, I believe I did something wrong to the above processes, and I don't know how to invoke the main thread using C#, do we have to execute in the main thread? how to?
Kindly please review and give suggestions.
Cheers!.