GP's back of tricks!

[Glitt]

POLLING SINGLE SHOT

Code:

static auto once = true;

if (once)
{
        once = false;

        // do work here. happens only once.
}

THE MOST GLORIOUS TEMPLATE (Credits: 34D)

Code:

template<typename RET, typename ...ARGS>
RET invoke(uintptr_t offset, ARGS ...args)
{
	if (!offset)   // Not sure maybe can be more specific here with something like the use of IsBadReadPtr
		MessageBoxA(nullptr, "Invalid Function Address!", "Zero Address", MB_OK);

	return reinterpret_cast<RET(__fastcall*)(ARGS...)>(offset)(args ...);
}

// Usage: invoke<return_type>(function_address, arg1, arg2, ...);

LAMBDAS (Shown Threaded Here)

Code:

auto L = invoke<lua_State*>(lua_state);
luaL_loadstring(L, "print('hello')");
std::thread([L]{ lua_call(L, 0, -1); }).join();
// Usage: The [] is the capture [&] is for local [=] is global and [L] is specific to capute L in this case

SOLUTION PATH

Code:

export std::string solution_dir(std::string suffix = "")
{
	std::filesystem::path file_path(__FILE__);
	std::filesystem::path directory = file_path.parent_path().parent_path();

	directory += "\\" + suffix;

	return directory.string();
}
// Notes: it can be annoying to have your module give you paths relative to the game's path, but this using __FILE__ gets you to the directory of your launcher. parent.parent is for when you are inside /x64/Release

THE SIMPLE LOADER

Code:

bool window_found;
std::mutex mutex;
std::condition_variable cv;

DWORD open()
{
	STARTUPINFO si = { sizeof(si) };
	PROCESS_INFORMATION pi;
	DWORD flags = DETACHED_PROCESS;
	BOOL success = CreateProcess((app_path + app_name).c_str(), NULL, NULL, NULL, FALSE, flags, NULL, app_path.c_str(), &si, &pi);

	if (!success)
		printf("[LINK] Failed to Create Process!\n");

	auto pid = pi.dwProcessId;

	CloseHandle(pi.hProcess);
	CloseHandle(pi.hThread);

	return pid;
}

BOOL CALLBACK callback(HWND hwnd, LPARAM lParam)
{
	auto& window = *reinterpret_cast<std::tuple<HWND, DWORD>*>(lParam);

	DWORD pid;
	GetWindowThreadProcessId(hwnd, &pid);

	auto& [h, p] = window;
	if (pid == p)
		h = hwnd;

	return TRUE;
}

HWND hWnd(DWORD process_id)
{
	std::tuple<HWND, DWORD> window{};
	auto& [hWnd, pid] = window;
	pid = process_id;

	EnumWindows(callback, reinterpret_cast<LPARAM>(&window));

	if (hWnd)
		return hWnd;

	return nullptr;
}

void wait(DWORD pid)
{
	while (true)
	{
		if (hWnd(pid))
		{
			std::unique_lock<std::mutex> lock(mutex);
			window_found = true;
			//std::this_thread::sleep_for(std::chrono::seconds(1));		// increase seconds for smoothness to wait on the game appearing
			cv.notify_one();
			return;
		}

		std::this_thread::sleep_for(std::chrono::milliseconds(1));
	}
}

int load(DWORD pid, const wchar_t* path)
{
	auto size = (wcslen(path) + 1) * sizeof(wchar_t);
	auto process_ = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
	auto dll_ = VirtualAllocEx(process_, nullptr, size, MEM_COMMIT, PAGE_READWRITE);

	if (!dll_)
	{
		printf("[LINK] Failed Allocate DLL!\n");
		return -1;
	}

	WriteProcessMemory(process_, dll_, path, size, nullptr);

	auto kernel32_ = GetModuleHandle(L"Kernel32.dll");

	if (!kernel32_)
	{
		printf("[LINK] Failed to Find Kernel32!\n");
		return -1;
	}

	auto load_library_ = (LPTHREAD_START_ROUTINE)(GetProcAddress(kernel32_, "LoadLibraryW"));

	if (!load_library_)
	{
		printf("[LINK] Failed to Find LoadLibraryW!\n");
		return -1;
	}

	HANDLE thread_ = CreateRemoteThread(process_, nullptr, 0, load_library_, dll_, 0, nullptr);

	if (!thread_)
	{
		printf("[LINK] Failed to Create Thread!\n");
		return -1;
	}

	WaitForSingleObject(thread_, INFINITE);
	VirtualFreeEx(process_, dll_, size, MEM_FREE);

	return 0;
}

int WINAPI WinMain(_In_ HINSTANCE hInstance, _In_opt_ HINSTANCE hPrevInstance, _In_ LPSTR lpCmdLine, _In_ int nCmdShow)
{
	auto pid = open();

	if (pid)
	{
		std::thread waiting(wait, pid);

		{
			std::unique_lock<std::mutex> lock(mutex);
			cv.wait(lock, [] { return window_found; });
		}

		waiting.join();
		load(pid, std::filesystem::current_path().append(dll_name).c_str());
	}

	return 0;
}

WNDPROC HOOK (Credits: lolp1)

Code:

LRESULT CALLBACK window(HWND hwnd, UINT message, WPARAM wparam, LPARAM lparam)
{
	static auto once = true;

	if (!registered && playing())
	{
		registered = true;
		lua_register(invoke<lua_State*>(lua_state), "CPlus", (lua_CFunction)int3);   // Better to reverse LoadAddOn and do it clean with LuaBridge, but this is fine too ;)
	}

	if (once && wparam == VK_F11)
	{
		once = false;

		auto L = invoke<int64_t>(lua_state);
		lua_loadfile(L, solution_dir("scripts\\server.lua"));
	}

	if (wparam == VK_F12)
	{
		once = true;
	}
	return CallWindowProc(wndproc_, hwnd, message, wparam, lparam);
}

void set_window()
{
	auto window_ = FindWindow(nullptr, L"World of Warcraft");

	while (window_ != nullptr)
	{
		DWORD pid;
		GetWindowThreadProcessId(window_, &pid);
		if (pid == GetCurrentProcessId())
		{
			wnd_ = window_;
			wndproc_ = reinterpret_cast<WNDPROC>(SetWindowLongPtr(window_, GWLP_WNDPROC, reinterpret_cast<LONG_PTR>(window)));
			break;
		}

		window_ = FindWindowEx(nullptr, window_, nullptr, L"World of Warcraft");
	}
}
// Usage: Call set_window and the hook will be active

VEH HOOK

Code:

void bypass() { ExitThread(0); }  // Comment ExitThread if call is not on pipes

LONG NTAPI veh(struct _EXCEPTION_POINTERS* exception)
{
	if (exception->ExceptionRecord->ExceptionCode == STATUS_BREAKPOINT)
	{
		exception->ContextRecord->Rip = (uintptr_t)test;	// route your int3 to test
		return EXCEPTION_CONTINUE_EXECUTION;
	}
        else if (exception->ExceptionRecord->ExceptionCode == EXCEPTION_ACCESS_VIOLATION)
        {
                exception->ContextRecord->Rip = TARGET_FUNCION_ADDRESS_HERE;
                return EXCEPTION_CONTINUE_EXECUTION;
        }
	else if (exception->ExceptionRecord->ExceptionCode == EXCEPTION_INT_DIVIDE_BY_ZERO)
	{
		MessageBoxA(nullptr, "DIVIDE BY ZERO", "Error", MB_OK);
		exception->ContextRecord->Rip = (uintptr_t)bypass;		// attempt to terminate the threaded call hitting a divide by zero
		return EXCEPTION_CONTINUE_EXECUTION;
	}
	else
	{
		const auto code = exception->ExceptionRecord->ExceptionCode;
		const auto code_hex = "0x" + std::to_string(code);

		int choice = MessageBoxA(nullptr, "CONTINUE?", code_hex.c_str(), MB_YESNO);

		if (choice == IDYES)
		{
			exception->ContextRecord->Rip = (uintptr_t)bypass;	// attempt to bypass unknown exceptions
			return EXCEPTION_CONTINUE_EXECUTION;
		}
		else
			return EXCEPTION_CONTINUE_SEARCH;
	}

	return EXCEPTION_CONTINUE_SEARCH;
}

// ...
SetUnhandledExceptionFilter(veh);   // Make your VEH topmost
typedef void(*MYVOIDFUNC)(int64_t);    // Prototype of your desired function
auto p = (MYVOIDFUNC)0xFFF101011;   // Garbage address casted to your function's typedef
p(1337);  // Causes Exception

// Usage: This detour style is useless knowing you can just call the function explicitly. However, you can get creative and force exceptions that will occur inside the target function. For example pass a bad argument to something you know doesn't have the proper checking for it then catch that exception again in your VEH, and now you have more control than just pre/post. Use a combination of += -= on the ->Rip, context ripping, and extracting information, addresses, or arguments from the exception record or context. Again this is still useless if you just call it, but then I'd say you aren't exploring all creative potential here ;0

Stay frosty friends and best of luck! I thought I had more cool ideas, but this is my main bag of tricks for WoW.

[Glitt]

Yo I'll probably post some random other things here cause why not...?

Here is something I started using today for the annoyance of managing where a function failed when you are too cynical or uptight to debug or something like that.

Code:

#pragma  warning(disable:6387)
int map_pe(std::vector<uint8_t>& buffer, DWORD pid) 
{
	HANDLE process = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
	int result = INT_MAX;

	while (result)
	{
		// Allocate memory for payload in the target process
		auto dll = VirtualAllocEx(process, nullptr, buffer.size(), MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
		if (!dll)
			result = -5;

		// Write the payload to the allocated memory
		if (!WriteProcessMemory(process, dll, buffer.data(), buffer.size(), nullptr))
		{
			VirtualFreeEx(process, dll, 0, MEM_RELEASE);
			result = -4;
		}
                
                // ... -3, -2, -1...

		// Clean up
		VirtualFreeEx(process, dll, 0, MEM_RELEASE);

		printf("Dll Loaded.\n");
		
		return 0;
	}

	printf("Dll Failed to Load! - %i\n", result);

	return -1;
}

In the end this might save just a few prints here and there and some extra lines of code, but I enjoy it because it's stylish and is similar to how this used to be done with a goto statement. However, with goto you have to forward declare everything not allowing the use of 'auto' in most places. If you are curious why the negative results or not just returning like normal the answer is simply that then you would need a wrapper to see your result unless you want a print statement at each return, or in the case of not returning and just ditching the while loop you wind up proceeding through with potential null references.

[Glitt]

I mean it's just standard win api, but there's a decent chance it slipped under the radar. Perfect for the passive bots. Would be nice if they allowed getting x64 returns, so that's its huge downfall, but still nice to call a function without a dll, queueuserapc, or tricks of more deviant nature .

Code:

// EXTERNAL INVOKE
DWORD far_call(HANDLE process, FARPROC RemoteProcFuncAddress, LPVOID lparam)
{
	HANDLE hThread = NULL;
	DWORD dwThreadId = 0;
	DWORD exitCode = 0;

	hThread = CreateRemoteThread(process, NULL, 0, (LPTHREAD_START_ROUTINE)RemoteProcFuncAddress, lparam, 0, &dwThreadId);

	if (!hThread)
		return 0;

	if (WaitForSingleObject(hThread, INFINITE) != WAIT_OBJECT_0)
	{
		CloseHandle(hThread);
		return 0;
	}

	GetExitCodeThread(hThread, &exitCode);
	CloseHandle(hThread);
	return exitCode;
}
// Notes: Get OpenProcess handle -> Pass in the virtual address of your intended function (base + offset) -> [Optional] Pass in an LPARAM. If you are confused where to start be aware there are limitations. With this you can't call stuff with more than one argument and your return is going to be limited to 32 bit, but there are some clever uses. To practice the concept just call something like getLuaContext and also do a ReadProcessMemory of its pointer, and you'll see its almost the same just the thread call is truncated. From there get creative or just use it for IPC. I dunno I just found out about this today, but maybe get interesting with it. Back to IPC if you aren't thrilled about WndProc and how easy it would be to monitor such a thing, then try passing in a pointer to a struct, reinterpret it and its members, free the pointer, and now you have a >= 32 bit object remotely tucked in that can do whatever or stage some calls instead of just relying on the dword return.

lol so when making titles I'd say about 40-50% of them I make mistakes. Yes I'm "back", but usually the phrase uses the word "bag".

[charles420]

random question are you just messing with ai thats cool shit even i did that but more useful things it will do in your bot making ways just word it right

[Glitt]

random question are you just messing with ai thats cool shit even i did that but more useful things it will do in your bot making ways just word it right

I want to release a project. But what I'll end up doing is probably target a different game from what I've learned. WoW feels too much like this sacred garden I don't feel great about being involved anymore. Trying not to act out of indignation, so I'll just keep a tab open from time to time see what the space is like. Certainly, an aspiring individual inclined mostly for personal gain here let's be honest, but it is cute that I've sunk more money into subs, gold, accounts, items than I've ever made with all this. I do find it ironic that I'm an emo botter... it was pretty evident after I started making videos like this. https://www.youtube.com/watch?v=6IhuOFKfcoU

Wow is my big missed connection. I'd love absolutely to be like some outlaw in and out of the game or like an asmoncode, but I'd lose my footing pretty quickly when it becomes more than an interaction between screens. Lots of respect despite all this for the community even if they're anti-bot. My conclusion is everyone can make up their own mind.

edit: misread your question as "api" instead of "ai" oops well answer is still similar and yes

[Glitt]

ai is pretty cool, but I think it's tired of being helpful... we tell stories that would make vampire loving girls and tiring ladies that read fiction erotica jealous

ts.png

This is current wip story it's adorable. Definitely more fun than generating artwork although that's cool too...

"Caustic Agnostic: The Worst Way to Say 'Sorry'" presents a story of embarrassment, personal growth, and redemption. At the heart of it all is the protagonist, a child named Alex.

The story begins with a traumatic event in Alex's life. In an attempt to understand and process this trauma, a child therapist suggested hypnosis as a method to recall and explain the event. They recorded the session, intending it only for professional analysis and treatment.

However, under hypnosis, Alex began to impersonate voices from their life, recounting not only the traumatic event but everyday occurrences. The voice of their strict teacher, the sweet tone of their grandmother, and the harsh words of bullies at school all flowed from Alex's lips, creating a vivid, if unintentionally comical, tapestry of their life.

In an unforeseen breach of privacy, the recording of the hypnosis session leaked online. Overnight, Alex became a viral sensation. While many found humor in Alex's impersonations, the exposure of private details led to public humiliation for the child.

Alex's initial response was a mix of anger and shock. They felt betrayed, embarrassed, and ridiculed, and their instinct was to retreat, to hide from the world that seemed to be laughing at them.

But after the initial storm of emotion subsided, Alex made an unexpected decision. They saw the situation as an opportunity rather than an end. They decided to go under hypnosis once again, this time fully aware of the potential audience.

The goal was twofold: to address the trauma that had been overshadowed by the unexpected humor of the first video and to take control of the narrative that had spun wildly out of their grasp.

"Caustic Agnostic: The Worst Way to Say 'Sorry'" is thus a tale of resilience, a child's journey through humiliation towards growth, and a bold quest for self-understanding and closure.

[Glitt]

random question are you just messing with ai thats cool shit even i did that but more useful things it will do in your bot making ways just word it right

Brethren, I have returned scathed and broken from my encounter with the aforementioned and formidable light bringer. I can attest to her might and astonishing ability to construe the perceived strength of her opponents. Out of respect of her power, I acted alone other than the participation of her treacherous party members plus my warlock to intercept her call to Hearthstone. I can say that my own seething desire to punish her obstructed my vantage point. If I had slain her, I wouldn't take honor in the killing, and I'd be trapped in a perilous archway slipstreamed between the two voids. Regardless, I return mostly defeated, but with her source. With Tetra, a radiant artifact or some pristine relic that seems to equal the Paladin's benevolent and keen stare. Mystery or time alone will grant me access to this unique device. I'm certain it's crucial to the survival of our creed.

"A' dah Thalash! et I Ama noral'arkhana..."

GitHub - guildwise/oracle

[Glitt]

You will notice my mental health declining as you progress through these posts. I am well again thank god, but wth get it together son!

[wardrive]

Welcome back! Glad to hear you're doing better.