private void DisposeOfHook() { if (!process.IsProcessOpen) { throw new Exception("Process is not open"); } uint baseAddress = (uint)process.MainModule.BaseAddress; uint pDevice = process.ReadUInt(baseAddress + Offsets.Direct3D.Direct3D9__Device); uint pEnd = process.ReadUInt(pDevice + Offsets.Direct3D.Direct3D9__Device__OffsetA); uint pScene = process.ReadUInt(pEnd); uint pEndScene = process.ReadUInt(pScene + Offsets.Direct3D.Direct3D9__Device__OffsetB); try { if (process.ReadByte(pEndScene) == 0xE9) // check if wow is already hooked and dispose Hook { // Restore origine endscene: process.Asm.Clear(); process.Asm.AddLine("mov edi, edi"); process.Asm.AddLine("push ebp"); process.Asm.AddLine("mov ebp, esp"); process.Asm.Inject(pEndScene); } // free memory: process.FreeMemory(codeCave); process.FreeMemory(injectionAddress); process.FreeMemory(returnAddress); } catch { } }
static void Main(string[] args) { //Open the proccess wow = new BlackMagic(); wow.OpenProcessAndThread(SProcess.GetProcessFromWindowTitle(PROCESS_WINDOW_TITLE)); //Setup Object Manager and First object base address ObjMgrAddr = wow.ReadUInt(wow.ReadUInt((uint)wow.MainModule.BaseAddress + (uint)Constants.Const.ObjectManager.CurMgrPointer) + (uint)Constants.Const.ObjectManager.CurMgrOffset); FirstObject = new GameObject(wow.ReadUInt(ObjMgrAddr + (uint)Constants.Const.ObjectManager.FirstObject)); //Read TargetGUID from globals and find in the Object Manager //UInt64 CurrTargetGUID = wow.ReadUInt64((uint)wow.MainModule.BaseAddress + (uint)Const.Globals.CurrentTargetGUID); UInt64 CurrTargetGUID = wow.ReadUInt64((uint)wow.MainModule.BaseAddress + (uint)Constants.Const.Globals.CurrentTargetGUID); PlayerObject = new GameObject(wow.ReadUInt64((uint)wow.MainModule.BaseAddress + (uint)Constants.Const.Globals.PlayerGUID)); TargetObject = new GameObject(CurrTargetGUID); PlayerObject.Wowclass = wow.ReadByte(PlayerObject.DescriptorArrayAddress + (uint)Const.descriptors.Class8); System.Timers.Timer aTimer = new System.Timers.Timer(); aTimer.Interval = 100; if (PlayerObject.Wowclass == 9) { Console.WriteLine("Initiate Affliction Warlock DPS BOT v1.0"); aTimer.Elapsed += WarlockDPS.DpsEvent; } else if (PlayerObject.Wowclass == 11) { Console.WriteLine("Initiate Feral Druid DPS BOT v0.1"); aTimer.Elapsed += DruidDPS.DpsEvent; } aTimer.AutoReset = true; aTimer.Enabled = true; while (true) { switch (Console.ReadLine()) { case "stop": Console.WriteLine("STOP"); aTimer.Elapsed -= DruidDPS.DpsEvent; aTimer.Elapsed -= WarlockDPS.DpsEvent; aTimer.Elapsed -= PrinterEvent; break; case "printer": aTimer.Elapsed += PrinterEvent; break; case "start": if (PlayerObject.Wowclass == 9) { Console.WriteLine("Initiate Affliction Warlock DPS BOT v1.0"); aTimer.Elapsed += WarlockDPS.DpsEvent; } else if (PlayerObject.Wowclass == 11) { Console.WriteLine("Initiate Feral Druid DPS BOT v0.1"); aTimer.Elapsed += DruidDPS.DpsEvent; } break; } } }
public uint InjectAndExecute(string[] asm, bool allowOffline = false) { lock (Locker) { if (!allowOffline && (!Helpers.Usefuls.InGame || Helpers.Usefuls.IsLoading)) { return(0); } /*List<string> asmCode = new List<string>(); * foreach (string s in asm) * { * asmCode.Add(s); * if (Others.Random(0, 100) > 50) * { * int nR = Others.Random(1, 3); * for (int i = nR; i >= 1; i--) * { * asmCode.Add(ProtectHook()); * } * } * } * return (uint) Wow.Memory.WowProcess.Executor.Call(asmCode.ToArray());*/ if (!ThreadHooked) { return(0); } var fasm = new ManagedFasm(Memory.ProcessHandle); fasm.SetMemorySize(0x1000); fasm.SetPassLimit(100); foreach (string s in asm) { fasm.AddLine(s); } fasm.Inject(_mInjectionCode); Memory.WriteByte(_mExecuteRequested, 1); Timer injectTimer = new Timer(2000); injectTimer.Reset(); while (Memory.ReadByte(_mExecuteRequested) == 1 && !injectTimer.IsReady) { Thread.Sleep(1); } if (injectTimer.IsReady) { Logging.WriteError("Injection have been aborted, execution too long from " + CurrentCallStack); return(0); } Memory.WriteBytes(_mInjectionCode, _mZeroBytesInjectionCodes); uint returnValue = Memory.ReadUInt(_mResult); return(returnValue); } }
public void DisposeHooking() { // get D3D9 Endscene Pointer uint endscene = GetEndScene(); endscene += ENDSCENE_HOOK_OFFSET; // check if WoW is hooked if (BlackMagic.ReadByte(endscene) == 0xE9) { BlackMagic.WriteBytes(endscene, originalEndscene); BlackMagic.FreeMemory(codeCave); BlackMagic.FreeMemory(codeToExecute); BlackMagic.FreeMemory(codeCaveForInjection); } isHooked = false; hookWorker.Join(); }
public static bool WowIsUsed(int processId) { try { //return false; uint pJump = 0; if (D3D.IsD3D11(processId)) { pJump = D3D.D3D11Adresse(); } else { pJump = D3D.D3D9Adresse(processId); } var memory = new BlackMagic(processId); return(memory.ReadByte(pJump) == 0xE9); } catch (Exception e) { Logging.WriteError("WowIsUsed(int processId): " + e); } return(false); }
private bool IsHooked() { return(d3.ReadByte(oEndScene) == 0xE9); }
public static bool IsInGame(int processId) { try { // init memory var memory = new BlackMagic(processId); // System.Diagnostics.Process processById = System.Diagnostics.Process.GetProcessById(processId); uint baseModule = 0; foreach (ProcessModule v in from ProcessModule v in memory.Modules where String.Equals(v.ModuleName, (processById.ProcessName + ".exe"), StringComparison.CurrentCultureIgnoreCase) select v) { baseModule = (uint)v.BaseAddress; } return((memory.ReadInt(baseModule + (uint)Addresses.GameInfo.isLoading) == 0) && (memory.ReadByte(baseModule + (uint)Addresses.GameInfo.gameState) > 0)); } catch (Exception e) { Logging.WriteError("IsInGame(int processId): " + e); } return(false); }
public void Hooking() { // Process Connect: if (!Memory.IsProcessOpen) { Memory.OpenProcessAndThread(processId); } if (Memory.IsProcessOpen) { txtDebug.Text += "VirtualAlloc Hook: " + vaHookPtr.ToString("X") + " | " + Memory.ReadByte(vaHookPtr).ToString("X") + "\r\n"; if (Memory.ReadByte(vaHookPtr) == 0xE9 && (injected_code == 0 || eaxStore == 0)) // check if wow is already hooked and dispose Hook { DisposeHooking(); } if (Memory.ReadByte(vaHookPtr) != 0xE9) // check if wow is already hooked { try { threadHooked = false; // allocate memory to store injected code: (Das ist die codecave wohin die Endscene umgeleitet wird) injected_code = Memory.AllocateMemory(2048); txtDebug.Text += "injected_code: " + injected_code.ToString("X") + "\r\n"; // die Adresse in welche EAX hingespeichert wird eaxStore = Memory.AllocateMemory(0x4); txtDebug.Text += "eaxStore: " + eaxStore.ToString("X") + "\r\n"; // allocate memory the pointer return value: retnInjectionAsm = Memory.AllocateMemory(0x4); txtDebug.Text += "retnInjectionAsm: " + retnInjectionAsm.ToString("X") + "\r\n"; Memory.WriteInt(retnInjectionAsm, 0); // Generate the STUB to be injected Memory.Asm.Clear(); // $Asm // save regs //Memory.Asm.AddLine("pushad"); //Memory.Asm.AddLine("pushfd"); Memory.Asm.AddLine("mov [" + eaxStore + "],eax"); // Size asm jumpback int sizeJumpBack = 5; Memory.Asm.AddLine("jmp " + (vaHookPtr + sizeJumpBack)); // inject code in codecave uint sizeAsm = (uint)(Memory.Asm.Assemble().Length); Memory.Asm.Inject(injected_code); txtDebug.Text += "Injecting ...\r\n"; // create hook jump Memory.Asm.Clear(); // $jmpto Memory.Asm.AddLine("jmp " + (injected_code)); Memory.Asm.AddLine("retn 10h"); Memory.Asm.Inject(vaHookPtr); } catch { threadHooked = false; return; } } threadHooked = true; } }
public void Read() { try { try { playerbase = wow.ReadUInt(wow.ReadUInt(wow.ReadUInt((uint)Globals.s_PlayerBase) + 0x34) + 0x24); if (playerbase != 0) { Online = true; } else { Online = false; } } //this is the player base catch (Exception) { Online = false; } BgStatus = wow.ReadUInt((uint)Globals.BGStatus); IsIndoors = wow.ReadUInt((uint)Globals.IsIndoors); LastError = ReadRealName(wow.ReadBytes((uint)Globals.LastError, 120)); BattlefieldInstanceExpiration = 0; //wow.ReadUInt(0xC55A24) & 1; Combopoints = Convert.ToInt16(wow.ReadByte((uint)Globals.s_ComboPoint)); CharCount = Convert.ToInt16(wow.ReadByte((uint)Globals.CharCount)); CharNo = Convert.ToInt16(wow.ReadByte((uint)Globals.CharNo)); String WOWBuild = ReadRealName(wow.ReadBytes(0x00A30BE6, 10)); byte[] TT = wow.ReadBytes(0x00A30BE6, 10); LoginState = wow.ReadASCIIString(0xB6A9E0, 40); RealmName = ReadRealName(wow.ReadBytes((uint)Globals.s_RealmName, 120)); LoadingState = (int)wow.ReadUInt((uint)Globals.s_IsLoadingOrConnecting); WowControl.CheckLastError(LastError); ObjectInfo Target = new ObjectInfo(); byte[] UnitFields = wow.ReadBytes(wow.ReadUInt(playerbase + 0x8) + (0x17 * 4), 4); PlayerForm = Convert.ToInt32(UnitFields[3]); Objects.Clear(); IsMounted = wow.ReadUInt(playerbase + 0x9C0);// &1; Temp = new ObjectInfo(); Temp.Auras = getAuras(playerbase); WowControl.PlayerBuffs.Clear(); for (int i = 0; i < Temp.Auras.Count; i++) { WowControl.PlayerBuffs.Add(Temp.Auras[i].auraId); } Temp.Name = ReadRealName(wow.ReadBytes((uint)Globals.s_PlayerName, 120)); Temp.Level = wow.ReadUInt(wow.ReadUInt(playerbase + 0x8) + (0x36 * 4)); // Reads players level Temp.Health = wow.ReadUInt(wow.ReadUInt(playerbase + 0x8) + (0x18 * 4)); // Reads players health PowerList.Clear(); Temp.Power = GetUnitPower(playerbase); Temp.MaxHealth = wow.ReadUInt(wow.ReadUInt(playerbase + 0x8) + (0x20 * 4)); // Reads players maxhealth if ((Location != null) & (Location != "")) { if (Location != ReadRealName(wow.ReadBytes(wow.ReadUInt((uint)Globals.LocationName), 60))) { WowControl.LocationChangeTime = DateTime.Now; Location = ReadRealName(wow.ReadBytes(wow.ReadUInt((uint)Globals.LocationName), 60)); WowControl.BadObjects.Clear(); if (BgStatus == 3) { WowControl.WaitTime = DateTime.Now.AddSeconds(20); } else { WowControl.WaitTime = DateTime.Now.AddSeconds(1); } return; } } else { Location = ReadRealName(wow.ReadBytes(wow.ReadUInt((uint)Globals.LocationName), 60)); } Temp.X = wow.ReadFloat(playerbase + 0x798); // Read players xlocation Temp.Y = wow.ReadFloat(playerbase + 0x79C); // Read players ylocation Temp.Z = wow.ReadFloat(playerbase + 0x7A0); // Read players zlocation double Time = (DateTime.Now - LastRead).TotalMilliseconds; Speed = WowControl.CheckPoint(Temp.X, Temp.Y, Temp.Z, X, Y, Z) / Time; X = Temp.X; Y = Temp.Y; Z = Temp.Z; Temp.R = wow.ReadFloat(playerbase + 0x7A8); // Read players rotation Temp.IsInCombat = (wow.ReadUInt(wow.ReadUInt(playerbase + 208) + 212) >> 19) & 1; Temp.Faction = GetFaction(wow.ReadUInt(wow.ReadUInt(playerbase + 0x8) + (0x37 * 4))); //Faction Temp.Type = 4; Temp.GUID = wow.ReadUInt64(playerbase + 0x30); Objects.Add(Temp); LastRead = DateTime.Now; uint s_curMgr = wow.ReadUInt(wow.ReadUInt((uint)ObjectManager.CurMgrPointer) + (uint)ObjectManager.CurMgrOffset); uint curObj = wow.ReadUInt(s_curMgr + 0xAC); uint nextObj = curObj; UInt64 playerGUID = wow.ReadUInt64((uint)Globals.PlayerGUID); UInt64 targetGUID = wow.ReadUInt64((uint)Globals.TargetGUID); UInt64 localGUID = wow.ReadUInt64(s_curMgr + 0xC0); while (curObj != 0 && (curObj & 1) == 0) { UInt64 type = wow.ReadUInt(curObj + 0x14); UInt64 cGUID = wow.ReadUInt64(curObj + 0x30); Temp.Type = Convert.ToUInt32(type); if (Temp.Type == 7) { Temp.Type = 7; } Temp.GUID = cGUID; switch (type) { case 3: Temp.IsInCombat = (wow.ReadUInt(wow.ReadUInt(curObj + 208) + 212) >> 19) & 1; Temp.IsPlayer = false; Temp.IsTarget = false; Temp.Name = "Unit"; if (cGUID == targetGUID) { Temp.IsTarget = true; } Temp.X = wow.ReadFloat(curObj + 0x7D4); Temp.Y = wow.ReadFloat(curObj + 0x7D8); Temp.Z = wow.ReadFloat(curObj + 0x7DC); Temp.R = wow.ReadFloat(curObj + 0x7A8); Temp.Health = wow.ReadUInt(wow.ReadUInt(curObj + 0x8) + (0x18 * 4)); // Reads health Temp.MaxHealth = wow.ReadUInt(wow.ReadUInt(curObj + 0x8) + (0x20 * 4)); // Reads maxhealth Temp.Level = wow.ReadUInt(wow.ReadUInt(curObj + 0x8) + (0x36 * 4)); // Reads level Temp.Name = ReadRealName(wow.ReadBytes(wow.ReadUInt(wow.ReadUInt(curObj + 0x964) + 0x5c), 60)); Temp.Faction = "Mob"; Temp.IsLootable = wow.ReadUInt(wow.ReadUInt(curObj + 0x8) + (0x4F * 4)); Temp.Auras = getAuras(curObj); Temp.Power = GetUnitPower(curObj); if (cGUID == targetGUID) { Temp.IsTarget = true; Target = Temp; Target.Auras = getAuras(curObj); } Objects.Add(Temp); break; case 4: Temp.IsInCombat = (wow.ReadUInt(wow.ReadUInt(curObj + 208) + 212) >> 19) & 1; Temp.IsTarget = false; Temp.IsPlayer = false; Temp.Name = GetPlayerNameByGuid(cGUID); Temp.X = wow.ReadFloat(curObj + 0x7D4); Temp.Y = wow.ReadFloat(curObj + 0x7D8); Temp.Z = wow.ReadFloat(curObj + 0x7DC); Temp.R = wow.ReadFloat(curObj + 0x7A8); Temp.Health = wow.ReadUInt(wow.ReadUInt(curObj + 0x8) + (0x18 * 4)); // Reads health Temp.MaxHealth = wow.ReadUInt(wow.ReadUInt(curObj + 0x8) + (0x20 * 4)); // Reads maxhealth Temp.Level = wow.ReadUInt(wow.ReadUInt(curObj + 0x8) + (0x36 * 4)); // Reads level Temp.Faction = GetFaction(wow.ReadUInt(wow.ReadUInt(curObj + 0x8) + (0x37 * 4))); //Faction Temp.Auras = getAuras(curObj); Temp.Power = GetUnitPower(curObj); if (cGUID == targetGUID) { Temp.IsTarget = true; Target = Temp; Target.Auras = getAuras(curObj); } else if (cGUID == playerGUID) { break; } if (Objects[0].GUID != Temp.GUID) { Objects.Add(Temp); } break; case 5: Temp.Faction = "Object"; Temp.IsInCombat = 0; Temp.Name = ""; Temp.IsPlayer = false; Temp.IsTarget = false; if (cGUID == targetGUID) { Temp.IsTarget = true; } Temp.Level = 0; Temp.Health = 0; Temp.MaxHealth = 0; Temp.X = wow.ReadFloat(curObj + 0xE8); Temp.Y = wow.ReadFloat(curObj + 0xEC); Temp.Z = wow.ReadFloat(curObj + 0xF0); Temp.R = wow.ReadFloat(curObj + 0x7A8); Temp.Name = ReadRealName(wow.ReadBytes(wow.ReadUInt(wow.ReadUInt(curObj + 0x1A4) + 0x90), 60)); Temp.Power = GetUnitPower(curObj); Objects.Add(Temp); break; } nextObj = wow.ReadUInt(curObj + 0x3C); if (nextObj == curObj) { break; } else { curObj = nextObj; } } Objects.Add(Target); WowControl.TargetBuffs.Clear(); if (Target.Auras != null) { for (int i = 0; i < Target.Auras.Count; i++) { WowControl.TargetBuffs.Add(Target.Auras[i].auraId); } } if (LastError == "Нет места.") { WowControl.FullBag = true; } } catch (Exception) { //WowControl.UpdateStatus("Error. " + E.Message); InitMemory(); } }
public void Hooking() { // Offset: uint DX_DEVICE = 0xAD773C + baseAdress; uint DX_DEVICE_IDX = 0x27F8; uint ENDSCENE_IDX = 0xA8; // Process Connect: if (!Memory.IsProcessOpen) { Memory = new BlackMagic((int)_processId); } if (Memory.IsProcessOpen) { // Get address of EndScene uint pDevice = Memory.ReadUInt(DX_DEVICE); uint pEnd = Memory.ReadUInt(pDevice + DX_DEVICE_IDX); uint pScene = Memory.ReadUInt(pEnd); uint pEndScene = Memory.ReadUInt(pScene + ENDSCENE_IDX); if (Memory.ReadByte(pEndScene) == 0xE9 && (injected_code == 0 || addresseInjection == 0)) // check if wow is already hooked and dispose Hook { DisposeHooking(); } if (Memory.ReadByte(pEndScene) != 0xE9) // check if wow is already hooked { try { threadHooked = false; // allocate memory to store injected code: injected_code = Memory.AllocateMemory(2048); // allocate memory the new injection code pointer: addresseInjection = Memory.AllocateMemory(0x4); Memory.WriteInt(addresseInjection, 0); // allocate memory the pointer return value: retnInjectionAsm = Memory.AllocateMemory(0x4); Memory.WriteInt(retnInjectionAsm, 0); Memory.Asm.Clear(); Memory.Asm.AddLine("mov edi, edi"); Memory.Asm.AddLine("push ebp"); Memory.Asm.AddLine("mov ebp, esp"); Memory.Asm.AddLine("pushfd"); Memory.Asm.AddLine("pushad"); //Test for waiting code Memory.Asm.AddLine("mov eax, [" + addresseInjection + "]"); Memory.Asm.AddLine("test eax, ebx"); Memory.Asm.AddLine("je @out"); //Execute waiting code Memory.Asm.AddLine("mov eax, [" + addresseInjection + "]"); Memory.Asm.AddLine("call eax"); //Copy pointer to return value Memory.Asm.AddLine("mov [" + retnInjectionAsm + "], eax"); Memory.Asm.AddLine("mov edx, " + addresseInjection); Memory.Asm.AddLine("mov ecx, 0"); Memory.Asm.AddLine("mov [edx], ecx"); //Close Function Memory.Asm.AddLine("@out:"); //Inject Code uint sizeAsm = (uint)(Memory.Asm.Assemble().Length); Memory.Asm.Inject(injected_code); int sizeJumpBack = 5; // create jump back stub Memory.Asm.Clear(); Memory.Asm.AddLine("jmp " + (pEndScene + sizeJumpBack)); Memory.Asm.Inject(injected_code + sizeAsm);// + (uint)sizeJumpBack); // create hook jump Memory.Asm.Clear(); // $jmpto Memory.Asm.AddLine("jmp " + (injected_code)); Memory.Asm.Inject(pEndScene); } catch { threadHooked = false; return; } } threadHooked = true; } }
public void HookEndScene() { ThreadManager.suspendMainThread(this.getProcessId()); uint pDevice = Memory.ReadUInt(0x00BB672C); uint pEnd = Memory.ReadUInt(pDevice + 0x397C); uint pScene = Memory.ReadUInt(pEnd); uint pEndScene = Memory.ReadUInt(pScene + 0xA8); SendConsole("EndScene Offset : " + pEndScene.ToString("X"), ConsoleLvl.Debug); if (Memory.ReadByte(pEndScene) != 0xe9) // check if not already hooked { codeCave = Memory.AllocateMemory(0x2048); Memory.Asm.Clear(); //Demerdation de laddresse de endscene mon amour :))) byte[] Backup = Memory.ReadBytes(pEndScene, 25); int size = Memory.Asm.GetMemorySize(); Memory.Asm.AddLine("pushad"); Memory.Asm.AddLine("pushfd"); Memory.Asm.AddLine("mov esi, " + (codeCave + 256).ToString("X") + "h"); Memory.Asm.AddLine("cmp dword [esi], 0"); Memory.Asm.AddLine("je " + (codeCave + 0x1D).ToString("X") + "h"); //DO STRING Memory.Asm.AddLine("push {0}", 0); Memory.Asm.AddLine("mov eax, {0}", codeCave + 0x1024); Memory.Asm.AddLine("push eax"); Memory.Asm.AddLine("push eax"); Memory.Asm.AddLine("call {0}", (uint)0x004B32B0); Memory.Asm.AddLine("add esp, 0xC"); //EXIT Memory.Asm.AddLine("mov dword[" + (codeCave + 256).ToString("X") + "h], 0"); Memory.Asm.AddLine("popfd"); Memory.Asm.AddLine("popad"); Memory.Asm.Inject(codeCave); Memory.WriteBytes(codeCave + 0x29, Backup); Memory.Asm.Clear(); Memory.Asm.AddLine("jmp " + (pEndScene + 25).ToString("X") + "h"); //REMPLACEMENT POUR NOBUG Memory.Asm.Inject(codeCave + 0x29 + 25); // Okay on a le pointeur , que les choses serieuses commencent : YOUMEW EN MODE EXTRA BOUISSINCE Memory.Asm.Clear(); Memory.Asm.AddLine("jmp " + codeCave.ToString("X") + "h"); Memory.Asm.Inject(pEndScene); } else { codeCave = Memory.ReadUInt(pEndScene + 1) + 4 + pEndScene - 0xffffffff; } ThreadManager.resumeMainThread(this.getProcessId()); // ENDSCENE IS NOW HOOKED // HOOK BY LMEW // LA BOUISINCE A LETAT PURE }