public string ReadUTF8String(uint Address, int Length)
{
byte[] buffer = Memory.ReadBytes(Address, Length);
string ret = Encoding.UTF8.GetString(buffer);
if (ret.IndexOf('\0') != -1)
{
ret = ret.Remove(ret.IndexOf('\0'));
}
return(ret);
}
private void InstallHook()
{
#region Inject New Method
ManagedFasm fasm = new ManagedFasm(d3.ProcessHandle);
fasm.SetMemorySize(0x4096); // Allocate 16KB of memory
string[] endSceneHookASM = new string[]
{
// Original EndScene instructions
"mov edi, edi",
"push ebp",
"mov ebp, esp",
// Save the state of the FPU and general purpose registers
"pushfd",
"pushad",
"call " + InstallUsePower(),
"call " + InstallPressButton(),
// Restore FPU and general purpose registers
"@out:",
"popad",
"popfd",
// Return to right after where we detoured
"jmp " + (oEndScene + 5),
};
foreach (string line in RandomizeAsm(endSceneHookASM))
{
fasm.AddLine(line);
}
byte[] compiled = fasm.Assemble();
uint hookCode = AllocateMemory("EndSceneHook", compiled.Length);
fasm.Inject(hookCode);
fasm.Clear();
#endregion Inject New Method
#region Detour EndScene
origEndSceneBytes = d3.ReadBytes(oEndScene, 5);
fasm.AddLine("jmp 0x{0:X08}", hookCode);
fasm.Inject(oEndScene);
fasm.Clear();
#endregion Detour EndScene
}
private void bCreatePattern_Click(object sender, EventArgs e)
{
if (cbProcess1.Text.Replace(" ", "") != "" && cbProcess2.Text.Replace(" ", "") != "" && tbOffset1.Text.Replace(" ", "").Replace("0x", "") != "" && tbOffset2.Text.Replace(" ", "").Replace("0x", "") != "")
{
string[] process1Array = cbProcess1.Text.Replace(" ", "").Split(Convert.ToChar("-"));
string[] process2Array = cbProcess2.Text.Replace(" ", "").Split(Convert.ToChar("-"));
if (process1Array != null && process2Array != null)
{
if (process1Array.Length > 0 && process2Array.Length > 0)
{
try
{
// Process choose to ID
int process1Id = Convert.ToInt32(process1Array[0]);
int process2Id = Convert.ToInt32(process2Array[0]);
// Open Process
BlackMagic process1BM = new BlackMagic();
BlackMagic process2BM = new BlackMagic();
if (!process1BM.OpenProcessAndThread(process1Id))
{
MessageBox.Show("Open Process 1 failled.");
return;
}
if (!process2BM.OpenProcessAndThread(process2Id))
{
MessageBox.Show("Open Process 2 failled.");
return;
}
// Get Module
uint moduleBase1BM = 0;
uint moduleBase2BM = 0;
string moduleShow = "";
if (baseModuleNameTB.Text != "")
{
moduleBase1BM = (uint)process1BM.GetModule(baseModuleNameTB.Text).BaseAddress;
moduleBase2BM = (uint)process2BM.GetModule(baseModuleNameTB.Text).BaseAddress;
moduleShow = baseModuleNameTB.Text + " + ";
if (moduleBase1BM <= 0 || moduleBase2BM <= 0)
{
MessageBox.Show("Module not found.");
return;
}
}
// Offset choose to uint
uint offset1 = uint.Parse(tbOffset1.Text.Replace(" ", "").Replace("0x", ""), System.Globalization.NumberStyles.HexNumber) + moduleBase1BM;
uint offset2 = uint.Parse(tbOffset2.Text.Replace(" ", "").Replace("0x", ""), System.Globalization.NumberStyles.HexNumber) + moduleBase2BM;
// Offset to 4 Byte
string tPattern1 = offset1.ToString("X");
while (tPattern1.Length < 8)
{
tPattern1 = "0" + tPattern1;
}
string tPattern2 = offset2.ToString("X");
while (tPattern2.Length < 8)
{
tPattern2 = "0" + tPattern2;
}
// Offset 4 byte inverse
string t2Pattern1 = tPattern1.Substring(6, 2);
t2Pattern1 += " " + tPattern1.Substring(4, 2);
t2Pattern1 += " " + tPattern1.Substring(2, 2);
t2Pattern1 += " " + tPattern1.Substring(0, 2);
string t2Pattern2 = tPattern2.Substring(6, 2);
t2Pattern2 += " " + tPattern2.Substring(4, 2);
t2Pattern2 += " " + tPattern2.Substring(2, 2);
t2Pattern2 += " " + tPattern2.Substring(0, 2);
// Find offset used at
string tMask = "xxxx";
uint dwCodeLoc1 = process1BM.FindPattern(t2Pattern1, tMask);
uint dwCodeLoc2 = process2BM.FindPattern(t2Pattern2, tMask);
if (dwCodeLoc1 <= 0 || dwCodeLoc2 <= 0)
{
MessageBox.Show("Offset not found.");
return;
}
// Read Pattern
byte[] bytesPorcess1 = process1BM.ReadBytes(dwCodeLoc1, 16);
byte[] bytesPorcess2 = process2BM.ReadBytes(dwCodeLoc2, 16);
// Make mask
string mask = "";
for (int i = 0; i <= bytesPorcess1.Length - 1; i++)
{
if (bytesPorcess1[i] == bytesPorcess2[i] && i > 3)
{
mask += "x";
}
else
{
bytesPorcess1[i] = 0;
bytesPorcess2[i] = 0;
mask += "?";
}
}
// Pattern to String
string pattern = BitConverter.ToString(bytesPorcess1);
pattern = pattern.Replace("-", " ");
// Show Result
tbPattern.Text = "";
tbPattern.Text += "Offset 1 used at: " + moduleShow + "0x" + (dwCodeLoc1 - moduleBase1BM).ToString("x") + Environment.NewLine;
tbPattern.Text += "Offset 2 used at: " + moduleShow + "0x" + (dwCodeLoc2 - moduleBase2BM).ToString("x") + Environment.NewLine + Environment.NewLine;
tbPattern.Text += "<Pattern>" + Environment.NewLine;
tbPattern.Text += " <offsetName>" + tbOffsetName.Text + "</offsetName>" + Environment.NewLine;
tbPattern.Text += " <pattern>" + pattern + "</pattern>" + Environment.NewLine;
tbPattern.Text += " <mask>" + mask + "</mask>" + Environment.NewLine;
tbPattern.Text += " <offsetLocation>0</offsetLocation>" + Environment.NewLine;
tbPattern.Text += " <type>" + cbValueType.Text + "</type>" + Environment.NewLine;
tbPattern.Text += "</Pattern>";
process1BM.Close();
process2BM.Close();
}
catch
{
MessageBox.Show("Error, please verif all info.");
}
}
else
{
MessageBox.Show("Please select Process.");
}
}
else
{
MessageBox.Show("Please select Process.");
}
}
else
{
MessageBox.Show("Please enter all information.");
}
}
public void Read()
{
try
{
try
{
playerbase = wow.ReadUInt(wow.ReadUInt(wow.ReadUInt((uint)Globals.s_PlayerBase) + 0x34) + 0x24);
if (playerbase != 0)
{
Online = true;
}
else
{
Online = false;
}
} //this is the player base
catch (Exception) { Online = false; }
BgStatus = wow.ReadUInt((uint)Globals.BGStatus);
IsIndoors = wow.ReadUInt((uint)Globals.IsIndoors);
LastError = ReadRealName(wow.ReadBytes((uint)Globals.LastError, 120));
BattlefieldInstanceExpiration = 0; //wow.ReadUInt(0xC55A24) & 1;
Combopoints = Convert.ToInt16(wow.ReadByte((uint)Globals.s_ComboPoint));
CharCount = Convert.ToInt16(wow.ReadByte((uint)Globals.CharCount));
CharNo = Convert.ToInt16(wow.ReadByte((uint)Globals.CharNo));
String WOWBuild = ReadRealName(wow.ReadBytes(0x00A30BE6, 10));
byte[] TT = wow.ReadBytes(0x00A30BE6, 10);
LoginState = wow.ReadASCIIString(0xB6A9E0, 40);
RealmName = ReadRealName(wow.ReadBytes((uint)Globals.s_RealmName, 120));
LoadingState = (int)wow.ReadUInt((uint)Globals.s_IsLoadingOrConnecting);
WowControl.CheckLastError(LastError);
ObjectInfo Target = new ObjectInfo();
byte[] UnitFields = wow.ReadBytes(wow.ReadUInt(playerbase + 0x8) + (0x17 * 4), 4);
PlayerForm = Convert.ToInt32(UnitFields[3]);
Objects.Clear();
IsMounted = wow.ReadUInt(playerbase + 0x9C0);// &1;
Temp = new ObjectInfo();
Temp.Auras = getAuras(playerbase);
WowControl.PlayerBuffs.Clear();
for (int i = 0; i < Temp.Auras.Count; i++)
{
WowControl.PlayerBuffs.Add(Temp.Auras[i].auraId);
}
Temp.Name = ReadRealName(wow.ReadBytes((uint)Globals.s_PlayerName, 120));
Temp.Level = wow.ReadUInt(wow.ReadUInt(playerbase + 0x8) + (0x36 * 4)); // Reads players level
Temp.Health = wow.ReadUInt(wow.ReadUInt(playerbase + 0x8) + (0x18 * 4)); // Reads players health
PowerList.Clear();
Temp.Power = GetUnitPower(playerbase);
Temp.MaxHealth = wow.ReadUInt(wow.ReadUInt(playerbase + 0x8) + (0x20 * 4)); // Reads players maxhealth
if ((Location != null) & (Location != ""))
{
if (Location != ReadRealName(wow.ReadBytes(wow.ReadUInt((uint)Globals.LocationName), 60)))
{
WowControl.LocationChangeTime = DateTime.Now;
Location = ReadRealName(wow.ReadBytes(wow.ReadUInt((uint)Globals.LocationName), 60));
WowControl.BadObjects.Clear();
if (BgStatus == 3)
{
WowControl.WaitTime = DateTime.Now.AddSeconds(20);
}
else
{
WowControl.WaitTime = DateTime.Now.AddSeconds(1);
}
return;
}
}
else
{
Location = ReadRealName(wow.ReadBytes(wow.ReadUInt((uint)Globals.LocationName), 60));
}
Temp.X = wow.ReadFloat(playerbase + 0x798); // Read players xlocation
Temp.Y = wow.ReadFloat(playerbase + 0x79C); // Read players ylocation
Temp.Z = wow.ReadFloat(playerbase + 0x7A0); // Read players zlocation
double Time = (DateTime.Now - LastRead).TotalMilliseconds;
Speed = WowControl.CheckPoint(Temp.X, Temp.Y, Temp.Z, X, Y, Z) / Time;
X = Temp.X;
Y = Temp.Y;
Z = Temp.Z;
Temp.R = wow.ReadFloat(playerbase + 0x7A8); // Read players rotation
Temp.IsInCombat = (wow.ReadUInt(wow.ReadUInt(playerbase + 208) + 212) >> 19) & 1;
Temp.Faction = GetFaction(wow.ReadUInt(wow.ReadUInt(playerbase + 0x8) + (0x37 * 4))); //Faction
Temp.Type = 4;
Temp.GUID = wow.ReadUInt64(playerbase + 0x30);
Objects.Add(Temp);
LastRead = DateTime.Now;
uint s_curMgr = wow.ReadUInt(wow.ReadUInt((uint)ObjectManager.CurMgrPointer) + (uint)ObjectManager.CurMgrOffset);
uint curObj = wow.ReadUInt(s_curMgr + 0xAC);
uint nextObj = curObj;
UInt64 playerGUID = wow.ReadUInt64((uint)Globals.PlayerGUID);
UInt64 targetGUID = wow.ReadUInt64((uint)Globals.TargetGUID);
UInt64 localGUID = wow.ReadUInt64(s_curMgr + 0xC0);
while (curObj != 0 && (curObj & 1) == 0)
{
UInt64 type = wow.ReadUInt(curObj + 0x14);
UInt64 cGUID = wow.ReadUInt64(curObj + 0x30);
Temp.Type = Convert.ToUInt32(type);
if (Temp.Type == 7)
{
Temp.Type = 7;
}
Temp.GUID = cGUID;
switch (type)
{
case 3:
Temp.IsInCombat = (wow.ReadUInt(wow.ReadUInt(curObj + 208) + 212) >> 19) & 1;
Temp.IsPlayer = false;
Temp.IsTarget = false;
Temp.Name = "Unit";
if (cGUID == targetGUID)
{
Temp.IsTarget = true;
}
Temp.X = wow.ReadFloat(curObj + 0x7D4);
Temp.Y = wow.ReadFloat(curObj + 0x7D8);
Temp.Z = wow.ReadFloat(curObj + 0x7DC);
Temp.R = wow.ReadFloat(curObj + 0x7A8);
Temp.Health = wow.ReadUInt(wow.ReadUInt(curObj + 0x8) + (0x18 * 4)); // Reads health
Temp.MaxHealth = wow.ReadUInt(wow.ReadUInt(curObj + 0x8) + (0x20 * 4)); // Reads maxhealth
Temp.Level = wow.ReadUInt(wow.ReadUInt(curObj + 0x8) + (0x36 * 4)); // Reads level
Temp.Name = ReadRealName(wow.ReadBytes(wow.ReadUInt(wow.ReadUInt(curObj + 0x964) + 0x5c), 60));
Temp.Faction = "Mob";
Temp.IsLootable = wow.ReadUInt(wow.ReadUInt(curObj + 0x8) + (0x4F * 4));
Temp.Auras = getAuras(curObj);
Temp.Power = GetUnitPower(curObj);
if (cGUID == targetGUID)
{
Temp.IsTarget = true;
Target = Temp;
Target.Auras = getAuras(curObj);
}
Objects.Add(Temp);
break;
case 4:
Temp.IsInCombat = (wow.ReadUInt(wow.ReadUInt(curObj + 208) + 212) >> 19) & 1;
Temp.IsTarget = false;
Temp.IsPlayer = false;
Temp.Name = GetPlayerNameByGuid(cGUID);
Temp.X = wow.ReadFloat(curObj + 0x7D4);
Temp.Y = wow.ReadFloat(curObj + 0x7D8);
Temp.Z = wow.ReadFloat(curObj + 0x7DC);
Temp.R = wow.ReadFloat(curObj + 0x7A8);
Temp.Health = wow.ReadUInt(wow.ReadUInt(curObj + 0x8) + (0x18 * 4)); // Reads health
Temp.MaxHealth = wow.ReadUInt(wow.ReadUInt(curObj + 0x8) + (0x20 * 4)); // Reads maxhealth
Temp.Level = wow.ReadUInt(wow.ReadUInt(curObj + 0x8) + (0x36 * 4)); // Reads level
Temp.Faction = GetFaction(wow.ReadUInt(wow.ReadUInt(curObj + 0x8) + (0x37 * 4))); //Faction
Temp.Auras = getAuras(curObj);
Temp.Power = GetUnitPower(curObj);
if (cGUID == targetGUID)
{
Temp.IsTarget = true;
Target = Temp;
Target.Auras = getAuras(curObj);
}
else if (cGUID == playerGUID)
{
break;
}
if (Objects[0].GUID != Temp.GUID)
{
Objects.Add(Temp);
}
break;
case 5:
Temp.Faction = "Object";
Temp.IsInCombat = 0;
Temp.Name = "";
Temp.IsPlayer = false;
Temp.IsTarget = false;
if (cGUID == targetGUID)
{
Temp.IsTarget = true;
}
Temp.Level = 0;
Temp.Health = 0;
Temp.MaxHealth = 0;
Temp.X = wow.ReadFloat(curObj + 0xE8);
Temp.Y = wow.ReadFloat(curObj + 0xEC);
Temp.Z = wow.ReadFloat(curObj + 0xF0);
Temp.R = wow.ReadFloat(curObj + 0x7A8);
Temp.Name = ReadRealName(wow.ReadBytes(wow.ReadUInt(wow.ReadUInt(curObj + 0x1A4) + 0x90), 60));
Temp.Power = GetUnitPower(curObj);
Objects.Add(Temp);
break;
}
nextObj = wow.ReadUInt(curObj + 0x3C);
if (nextObj == curObj)
{
break;
}
else
{
curObj = nextObj;
}
}
Objects.Add(Target);
WowControl.TargetBuffs.Clear();
if (Target.Auras != null)
{
for (int i = 0; i < Target.Auras.Count; i++)
{
WowControl.TargetBuffs.Add(Target.Auras[i].auraId);
}
}
if (LastError == "Нет места.")
{
WowControl.FullBag = true;
}
}
catch (Exception)
{
//WowControl.UpdateStatus("Error. " + E.Message);
InitMemory();
}
}
public void HookEndScene()
{
ThreadManager.suspendMainThread(this.getProcessId());
uint pDevice = Memory.ReadUInt(0x00BB672C);
uint pEnd = Memory.ReadUInt(pDevice + 0x397C);
uint pScene = Memory.ReadUInt(pEnd);
uint pEndScene = Memory.ReadUInt(pScene + 0xA8);
SendConsole("EndScene Offset : " + pEndScene.ToString("X"), ConsoleLvl.Debug);
if (Memory.ReadByte(pEndScene) != 0xe9) // check if not already hooked
{
codeCave = Memory.AllocateMemory(0x2048);
Memory.Asm.Clear();
//Demerdation de laddresse de endscene mon amour :)))
byte[] Backup = Memory.ReadBytes(pEndScene, 25);
int size = Memory.Asm.GetMemorySize();
Memory.Asm.AddLine("pushad");
Memory.Asm.AddLine("pushfd");
Memory.Asm.AddLine("mov esi, " + (codeCave + 256).ToString("X") + "h");
Memory.Asm.AddLine("cmp dword [esi], 0");
Memory.Asm.AddLine("je " + (codeCave + 0x1D).ToString("X") + "h");
//DO STRING
Memory.Asm.AddLine("push {0}", 0);
Memory.Asm.AddLine("mov eax, {0}", codeCave + 0x1024);
Memory.Asm.AddLine("push eax");
Memory.Asm.AddLine("push eax");
Memory.Asm.AddLine("call {0}", (uint)0x004B32B0);
Memory.Asm.AddLine("add esp, 0xC");
//EXIT
Memory.Asm.AddLine("mov dword[" + (codeCave + 256).ToString("X") + "h], 0");
Memory.Asm.AddLine("popfd");
Memory.Asm.AddLine("popad");
Memory.Asm.Inject(codeCave);
Memory.WriteBytes(codeCave + 0x29, Backup);
Memory.Asm.Clear();
Memory.Asm.AddLine("jmp " + (pEndScene + 25).ToString("X") + "h");
//REMPLACEMENT POUR NOBUG
Memory.Asm.Inject(codeCave + 0x29 + 25);
// Okay on a le pointeur , que les choses serieuses commencent : YOUMEW EN MODE EXTRA BOUISSINCE
Memory.Asm.Clear();
Memory.Asm.AddLine("jmp " + codeCave.ToString("X") + "h");
Memory.Asm.Inject(pEndScene);
}
else
{
codeCave = Memory.ReadUInt(pEndScene + 1) + 4 + pEndScene - 0xffffffff;
}
ThreadManager.resumeMainThread(this.getProcessId());
// ENDSCENE IS NOW HOOKED
// HOOK BY LMEW
// LA BOUISINCE A LETAT PURE
}
public byte[] ReadBytes(uint dwAddress, int length)
{
return(D3.ReadBytes(dwAddress, length, buffer));
}
private void button2_Click(object sender, EventArgs e)
{
if (Utils.IsUserAdministrator())
{
Utils.SYSTEM_INFO sys_info = new Utils.SYSTEM_INFO();
Utils.GetSystemInfo(out sys_info);
IntPtr proc_min_address = sys_info.minimumApplicationAddress;
IntPtr proc_max_address = sys_info.maximumApplicationAddress;
long proc_min_address_l = (long)proc_min_address;
long proc_max_address_l = (long)proc_max_address;
logDebug(String.Format("Min {0} Max {1}", proc_min_address_l, proc_max_address_l));
BlackMagic bm = new BlackMagic();
if (bm.OpenProcessAndThread(SProcess.GetProcessFromProcessName(windowName[0])))
{
logDebug("Found");
Utils.MEMORY_BASIC_INFORMATION mem_basic_info = new Utils.MEMORY_BASIC_INFORMATION();
while (proc_min_address_l < proc_max_address_l)
{
// 28 = sizeof(MEMORY_BASIC_INFORMATION)
Utils.VirtualQueryEx(bm.ProcessHandle, proc_min_address, out mem_basic_info, 28);
//logDebug(mem_basic_info.ToString());
// if this memory chunk is accessible
if ((mem_basic_info.Protect == Utils.PAGE_READWRITE || mem_basic_info.Protect == Utils.PAGE_READONLY) && mem_basic_info.State == Utils.MEM_COMMIT)
{
//logDebug(String.Format("Addr={0:X8} Size={1}", mem_basic_info.BaseAddress, mem_basic_info.RegionSize));
byte[] buffer = new byte[mem_basic_info.RegionSize];
// read everything in the buffer above
buffer = bm.ReadBytes((uint)mem_basic_info.BaseAddress, mem_basic_info.RegionSize);
//Utils.ReadProcessMemory((int)bm.ProcessHandle, mem_basic_info.BaseAddress, buffer, mem_basic_info.RegionSize, ref bytesRead);
MemoryStream ms = new MemoryStream(buffer);
BinaryReader br = new BinaryReader(ms);
while (ms.Position != ms.Length)
{
int data = br.ReadInt32();
if ((data == 18248) || (data == 18622))
{
int readData = bm.ReadInt((uint)(mem_basic_info.BaseAddress + ms.Position - 4));
logDebug(String.Format("Found Addr={0:X8} Size={1}", mem_basic_info.BaseAddress + ms.Position - 4, readData));
}
}
// then output this in the file
//for (int i = 0; i < mem_basic_info.RegionSize; i++)
// sw.WriteLine("0x{0} : {1}", (mem_basic_info.BaseAddress + i).ToString("X"), (char)buffer[i]);
}
// move to the next memory chunk
proc_min_address_l += mem_basic_info.RegionSize;
proc_min_address = new IntPtr(proc_min_address_l);
}
bm.Close();
logDebug("Done");
}
}
else
{
logDebug("Need admin user");
}
}
