[WoW DF Patch 10.1] ExecuteBuffer not working using return address bypass

**scizzydo** · 06-09-2023

Originally Posted by Glitt

With some help I'm getting close to circumventing the new ret check system. Before they just check a range, and now they compare bytes so the check is more specific. The key characteristic though seems to be a while loop that traps you into a divide by zero which can normally just be ripped, but if you're doing external L like scizzy talks about you have do more than just rip the routine's context. I'm hoping tomorrow I'll have this solved... I have a lib in use to check the mnemonics and planning to patch out the zero divider trap if feasible instead of having to write a bunch of hooks and functions.

I think you all missed the main thing I talked about. But sure! Your method you're looking for is immensely more complicated. Ensure you have a good integrity check bypass, and anti warden if you go the route of modifying the .text. Depending on the route too, you may need to remap the main module due to it being mapped to prevent writing to it

**Glitt** · 06-09-2023

Originally Posted by scizzydo

I think you all missed the main thing I talked about. But sure! Your method you're looking for is immensely more complicated. Ensure you have a good integrity check bypass, and anti warden if you go the route of modifying the .text. Depending on the route too, you may need to remap the main module due to it being mapped to prevent writing to it

Ha yes I woke up today and was like wait I'm just doing all these extra things because I can. Turns out there is a way to just route your call properly, and the final bit of the call is handled slightly different than the part that works as your lua_CFunction. I've spent all this time teaching myself how to walk and jog this past week or two, and it didn't occur to me that I already had what I needed just needed to revisit some of my former setups. I'm speaking vague because I think explaining the recipe I'm using allows further protection to arrive, and that is no fun. It reminds sometimes of my materialism problems... all this shit I keep around knowing I could use it and at one point I did enjoy using stuff but now I just think about why I might want to keep it.

edit: man sometimes I'm just useless.. I further simplified it with no nonsense just this now in game and it works no writing taint catching exceptions crc changes etc just works lol:

Code:

/run local tears = function() RunMacroText('/me kneels down not so gracefully and cries in agony.'); Logout() end; tears()

**Razzue** · 10-21-2023

Originally Posted by darheroc

-Take interacting with a unit as an example: You can read the location of the unit from memory and do a camera world to screen transformation. Afterwards you use the screen coordinates to click the unit. What if anyone stands in front of the unit and you can't interact by clicking?

Necroing but... You can write a unit/object's guid to your mouse over guid, then send the InteractWithMouseover/TargetMouseover bindings 🤷 rarely will you want the game window minimized, most botters I've encountered prefer some way to visually check what the bot is doing at any given moment.

Though I will say recently I've become more of a believer of "If you're writing to memory, might as well go internal"