protected override bool PrepareAsm(out IEnumerable <string> assembly) { byte[] luaJumpBytes = Encoding.ASCII.GetBytes("JumpOrAscendStart();AscendStop()"); uint memoryNeeded = (uint)(4 + 40 + luaJumpBytes.Length + 1); if (Memory.AllocateMemory(memoryNeeded, out IntPtr memory)) { ExecuteAddress = memory; CommandAddress = ExecuteAddress + 4; DataAddress = CommandAddress + 40; Memory.WriteBytes(CommandAddress, luaJumpBytes); IntPtr distancePointer = DataAddress; IntPtr startPointer = IntPtr.Add(distancePointer, 0x4); IntPtr endPointer = IntPtr.Add(startPointer, 0xC); IntPtr resultPointer = IntPtr.Add(endPointer, 0xC); assembly = new List <string>() { "X:", $"TEST DWORD [{ExecuteAddress}], 1", "JE @out", "PUSH 0", "PUSH 0x120171", $"PUSH {distancePointer}", $"PUSH {resultPointer}", $"PUSH {endPointer}", $"PUSH {startPointer}", $"CALL {Memory.Offsets.FunctionTraceline}", "ADD ESP, 0x18", "TEST AL, 1", "JE @out", "PUSH 0", $"PUSH {CommandAddress}", $"PUSH {CommandAddress}", $"CALL {Memory.Offsets.FunctionLuaDoString}", "ADD ESP, 0xC", $"MOV DWORD [{ExecuteAddress}], 0", "@out:", "RET" }; return(true); } assembly = Array.Empty <string>(); return(false); }
public void ClickToMove(IntPtr playerBase, Vector3 position) { if (Memory.AllocateMemory(12, out IntPtr codeCaveVector3)) { try { if (Memory.Write(codeCaveVector3, position)) { CallObjectFunction(playerBase, Memory.Offsets.FunctionPlayerClickToMove, new() { codeCaveVector3 }); } } finally { Memory.FreeMemory(codeCaveVector3); } } }
public bool TraceLine(Vector3 start, Vector3 end, uint flags) { if (Memory.AllocateMemory(40, out IntPtr tracelineCodecave)) { try { (float, Vector3, Vector3)tracelineCombo = (1.0f, start, end); IntPtr distancePointer = tracelineCodecave; IntPtr startPointer = IntPtr.Add(distancePointer, 0x4); IntPtr endPointer = IntPtr.Add(startPointer, 0xC); IntPtr resultPointer = IntPtr.Add(endPointer, 0xC); if (Memory.Write(distancePointer, tracelineCombo)) { string[] asm = new string[] { "PUSH 0", $"PUSH {flags}", $"PUSH {distancePointer}", $"PUSH {resultPointer}", $"PUSH {endPointer}", $"PUSH {startPointer}", $"CALL {Memory.Offsets.FunctionTraceline}", "ADD ESP, 0x18", "RET", }; if (InjectAndExecute(asm, true, out IntPtr returnAddress)) { return(returnAddress != IntPtr.Zero && (returnAddress.ToInt32() & 0xFF) == 0); } } } finally { Memory.FreeMemory(tracelineCodecave); } } return(false); }
protected override bool PrepareAsm(out IEnumerable <string> assembly) { byte[] luaBytes = Encoding.ASCII.GetBytes(Lua); byte[] luaVarBytes = Encoding.ASCII.GetBytes(VarName); uint memoryNeeded = (uint)(4 + luaBytes.Length + 1 + luaVarBytes.Length + 1); if (Memory.AllocateMemory(memoryNeeded, out IntPtr memory)) { ReturnAddress = memory; CommandAddress = ReturnAddress + 4; VarAddress = CommandAddress + luaBytes.Length + 1; Memory.WriteBytes(CommandAddress, luaBytes); Memory.WriteBytes(VarAddress, luaVarBytes); assembly = new List <string>() { "X:", "PUSH 0", $"PUSH {CommandAddress}", $"PUSH {CommandAddress}", $"CALL {Memory.Offsets.FunctionLuaDoString}", "ADD ESP, 0xC", $"CALL {Memory.Offsets.FunctionGetActivePlayerObject}", "MOV ECX, EAX", "PUSH -1", $"PUSH {VarAddress}", $"CALL {Memory.Offsets.FunctionGetLocalizedText}", $"MOV DWORD [{ReturnAddress}], EAX", $"RET" }; return(true); } assembly = Array.Empty <string>(); return(false); }
public void ClickOnTerrain(Vector3 position) { if (Memory.AllocateMemory(20, out IntPtr codeCaveVector3)) { try { if (Memory.Write(IntPtr.Add(codeCaveVector3, 8), position)) { InjectAndExecute(new string[] { $"PUSH {codeCaveVector3.ToInt32()}", $"CALL {Memory.Offsets.FunctionHandleTerrainClick}", "ADD ESP, 0x4", "RET", }); } } finally { Memory.FreeMemory(codeCaveVector3); } } }
public bool LuaDoString(string command) { #if DEBUG if (string.IsNullOrWhiteSpace(command)) { throw new ArgumentOutOfRangeException(nameof(command), "command is empty"); } #endif AmeisenLogger.I.Log("548Hook", $"LuaDoString: {command}", LogLevel.Verbose); byte[] bytes = Encoding.UTF8.GetBytes(command + "\0"); if (Memory.AllocateMemory((uint)bytes.Length, out IntPtr memAlloc)) { try { if (Memory.WriteBytes(memAlloc, bytes)) { return(InjectAndExecute(new string[] { "PUSH 0", $"PUSH {memAlloc}", $"PUSH {memAlloc}", $"CALL {Memory.Offsets.FunctionLuaDoString}", "ADD ESP, 0xC", "RET", })); } } finally { Memory.FreeMemory(memAlloc); } } return(false); }
public bool InstallHook() { try { if (Memory.IsProcessOpen) { // check if game is already hooked and dispose Hook if (Memory.Read <byte>(_dx3D.HookPtr) == 0xE9 && (_injectedCode == IntPtr.Zero || _addresseInjection == IntPtr.Zero)) { DisposeHooking(); } // skip check since bots sometimes won't clean up after themselves //if (_memory.ReadByte(pEndScene) != 0xE9) // check if game is already hooked //{ Installed = false; // allocate memory to store injected code: _injectedCode = Memory.AllocateMemory(2048); // allocate memory the new injection code pointer: _addresseInjection = Memory.AllocateMemory(0x4); Memory.Write <int>(_addresseInjection, 0); // allocate memory the pointer return value: _retnInjectionAsm = Memory.AllocateMemory(0x4); Memory.Write <int>(_retnInjectionAsm, 0); // Generate the STUB to be injected Memory.Asm.Clear(); // $Asm // save regs AddAsmAndRandomOPs("pushad"); AddAsmAndRandomOPs("pushfd"); // Test if you need launch injected code: AddAsmAndRandomOPs("mov eax, [" + _addresseInjection + "]"); AddAsmAndRandomOPs("test eax, eax"); AddAsmAndRandomOPs("je @out"); // Launch Fonction: AddAsmAndRandomOPs("mov eax, [" + _addresseInjection + "]"); AddAsmAndRandomOPs("call eax"); // Copy pointer return value: AddAsmAndRandomOPs("mov [" + _retnInjectionAsm + "], eax"); // Enter value 0 of addresse func inject AddAsmAndRandomOPs("mov edx, " + _addresseInjection); AddAsmAndRandomOPs("mov ecx, 0"); AddAsmAndRandomOPs("mov [edx], ecx"); // Close func AddAsmAndRandomOPs("@out:"); // load reg AddAsmAndRandomOPs("popfd"); AddAsmAndRandomOPs("popad"); // injected code var sizeAsm = (uint)(Memory.Asm.Assemble().Length); Memory.Asm.Inject((uint)_injectedCode); // Size asm jumpback const int sizeJumpBack = 2; // store original bytes _endSceneOriginalBytes = Memory.ReadBytes(_dx3D.HookPtr - 5, 7); // copy and save original instructions Memory.WriteBytes(IntPtr.Add(_injectedCode, (int)sizeAsm), new[] { _endSceneOriginalBytes[5], _endSceneOriginalBytes[6] }); Memory.Asm.Clear(); Memory.Asm.AddLine("jmp " + ((uint)_dx3D.HookPtr + sizeJumpBack)); // short jump takes 2 bytes. // create jump back stub Memory.Asm.Inject((uint)_injectedCode + sizeAsm + sizeJumpBack); // create hook jump Memory.Asm.Clear(); Memory.Asm.AddLine("@top:"); Memory.Asm.AddLine("jmp " + (_injectedCode)); Memory.Asm.AddLine("jmp @top"); Memory.Asm.Inject((uint)_dx3D.HookPtr - 5); //} Installed = true; } } catch (Exception ex) { Log.WriteToLog(ex.ToString()); return(false); } return(Installed); }
private void FixEndSceneForHB(IntPtr pEndScene) { Memory.Asm.Clear(); _fixHBStub = Memory.AllocateMemory(0x200); AddAsmAndRandomOPs("push ebx"); AddAsmAndRandomOPs("mov bl, [" + pEndScene + "]"); AddAsmAndRandomOPs("cmp bl, 0xE9"); // check for the long jmp that hb uses. AddAsmAndRandomOPs("jnz @HbIsNotHooked"); AddAsmAndRandomOPs("pop ebx"); // first pop the ebx register we pushed to the stack AddAsmAndRandomOPs("pop ebp"); // then pop the ebp register HB pushed to the stack AddAsmAndRandomOPs("jmp @original"); Memory.Asm.AddLine("@HbIsNotHooked:"); AddAsmAndRandomOPs("pop ebx"); Memory.Asm.AddLine("@original:"); AddAsmAndRandomOPs("Push 0x14"); AddAsmAndRandomOPs("Mov Eax, " + Memory.Read <uint>(pEndScene + 3)); IntPtr funcOffset = (pEndScene + 0xC) + Memory.Read <int>(pEndScene + 8); AddAsmAndRandomOPs("Call " + ((uint)funcOffset - (uint)_fixHBStub)); // jump back to endscene AddAsmAndRandomOPs("Jmp " + ((uint)pEndScene + 0xC - (uint)_fixHBStub)); Memory.WriteBytes(_fixHBStub, Memory.Asm.Assemble()); // pad the top of Endscene with some single and 2 byte NOPs Memory.Asm.Clear(); // try to randomize stub some. int rand = Utility.Rand.Next(0, 2); switch (rand) { case 0: if (Utility.Rand.Next(2) == 1) { InsertRandomMov(); } else { Memory.Asm.Add("Nop\nNop\n"); } if (Utility.Rand.Next(2) == 1) { InsertRandomMov(); } else { Memory.Asm.Add("Nop\nNop\n"); } Memory.Asm.AddLine("Nop"); if (Utility.Rand.Next(2) == 1) { InsertRandomMov(); } else { Memory.Asm.Add("Nop\nNop\n"); } Memory.Asm.AddLine("Jmp " + ((uint)_fixHBStub - (uint)pEndScene)); break; case 1: if (Utility.Rand.Next(2) == 1) { InsertRandomMov(); } else { Memory.Asm.Add("Nop\nNop\n"); } if (Utility.Rand.Next(2) == 1) { InsertRandomMov(); } else { Memory.Asm.Add("Nop\nNop\n"); } Memory.Asm.AddLine("Nop"); Memory.Asm.AddLine("Jmp " + ((uint)_fixHBStub - (uint)pEndScene)); if (Utility.Rand.Next(2) == 1) { InsertRandomMov(); } else { Memory.Asm.Add("Nop\nNop\n"); } break; } Memory.WriteBytes(pEndScene, Memory.Asm.Assemble()); Memory.Asm.Clear(); }
public byte[] InjectAndExecute(IEnumerable <string> asm, int returnLength = 0) { lock (_executeLockObject) { var tempsByte = new byte[0]; // reset return value pointer Memory.Write <int>(_retnInjectionAsm, 0); if (Memory.IsProcessOpen && Installed) { // Write the asm stuff Memory.Asm.Clear(); foreach (string tempLineAsm in asm) { Memory.Asm.AddLine(tempLineAsm); } // Allocation Memory IntPtr injectionAsmCodecave = Memory.AllocateMemory(Memory.Asm.Assemble().Length); try { // Inject Memory.Asm.Inject((uint)injectionAsmCodecave); Memory.Write <int>(_addresseInjection, (int)injectionAsmCodecave); while (Memory.Read <int>(_addresseInjection) > 0) { Thread.Sleep(5); } // Wait to launch code // We don't care about return values. besides this only works if a pointer is returned //if (returnLength > 0) //{ // tempsByte = Memory.ReadBytes(Memory.ReadUInt(_retnInjectionAsm), returnLength); //} //else //{ // var retnByte = new List<byte>(); // uint dwAddress = Memory.ReadUInt(_retnInjectionAsm); // if (dwAddress != 0) // { // Log.Write("dwAddress {0}", dwAddress); // byte buf = Memory.ReadByte(dwAddress); // while (buf != 0) // { // retnByte.Add(buf); // dwAddress = dwAddress + 1; // buf = Memory.ReadByte(dwAddress); // Log.Write("buf: {0}", buf); // } // } // tempsByte = retnByte.ToArray(); //} } catch (Exception ex) { Log.Write(ex.ToString()); } finally { // Free memory allocated //Memory.FreeMemory(injectionAsmCodecave); // schedule resources to be freed at a later date cause freeing it immediately was causing wow crashes new Timer(state => Memory.FreeMemory((IntPtr)state), injectionAsmCodecave, 100, 0); } } // return return(tempsByte); } }
public void InstallHook() { try { // check if target is 64 bit if (Utility.Is64BitProcess(_wowProcess)) { //MessageBox.Show("Only 32bit Wow is supported"); return; } if (Memory.IsProcessOpen) { // if we're under windows 8 then we need to patch the endscene hook to make it work with HB's hook.. this is a bit hackish if (UsingWin8 && !_dx3D.UsingDirectX11) { FixEndSceneForHB(_dx3D.HookPtr); } // check if game is already hooked and dispose Hook // Memory.Read<byte>(_dx3D.HookPtr) == 0x8B when not hooked if (Memory.Read <byte>(_dx3D.HookPtr) == 0xEB && (_injectedCode == IntPtr.Zero || _addresseInjection == IntPtr.Zero)) { DisposeHooking(); } // skip check since bots sometimes won't clean up after themselves Installed = false; // allocate memory to store injected code: _injectedCode = Memory.AllocateMemory(2048); // allocate memory the new injection code pointer: _addresseInjection = Memory.AllocateMemory(0x4); Memory.Write(_addresseInjection, 0); // allocate memory the pointer return value: _retnInjectionAsm = Memory.AllocateMemory(0x4); Memory.Write(_retnInjectionAsm, 0); // Generate the STUB to be injected Memory.Asm.Clear(); // $Asm // save regs AddAsmAndRandomOPs("pushad"); AddAsmAndRandomOPs("pushfd"); // Test if you need launch injected code: AddAsmAndRandomOPs("mov eax, [" + _addresseInjection + "]"); AddAsmAndRandomOPs("test eax, eax"); AddAsmAndRandomOPs("je @out"); // Launch Fonction: AddAsmAndRandomOPs("mov eax, [" + _addresseInjection + "]"); AddAsmAndRandomOPs("call eax"); // Copy pointer return value: AddAsmAndRandomOPs("mov [" + _retnInjectionAsm + "], eax"); // Enter value 0 of addresse func inject AddAsmAndRandomOPs("mov edx, " + _addresseInjection); AddAsmAndRandomOPs("mov ecx, 0"); AddAsmAndRandomOPs("mov [edx], ecx"); // Close func AddAsmAndRandomOPs("@out:"); // load reg AddAsmAndRandomOPs("popfd"); AddAsmAndRandomOPs("popad"); // injected code var sizeAsm = (uint)Memory.Asm.Assemble().Length; Memory.Asm.Inject((uint)_injectedCode); // Size asm jumpback const int sizeJumpBack = 2; // store original bytes _endSceneOriginalBytes = Memory.ReadBytes(_dx3D.HookPtr - 5, 7); var sBytes = ""; foreach (var b in _endSceneOriginalBytes) { sBytes += b + ", "; } Log.Write(Color.Gray, "Original EndSceneBytes = ({0})", sBytes); // copy and save original instructions Memory.WriteBytes(IntPtr.Add(_injectedCode, (int)sizeAsm), new[] { _endSceneOriginalBytes[5], _endSceneOriginalBytes[6] }); Memory.Asm.Clear(); Memory.Asm.AddLine("jmp " + ((uint)_dx3D.HookPtr + sizeJumpBack)); // short jump takes 2 bytes. // create jump back stub Memory.Asm.Inject((uint)_injectedCode + sizeAsm + sizeJumpBack); // create hook jump Memory.Asm.Clear(); Memory.Asm.AddLine("@top:"); Memory.Asm.AddLine("jmp " + _injectedCode); Memory.Asm.AddLine("jmp @top"); Memory.Asm.Inject((uint)_dx3D.HookPtr - 5); Installed = true; } } catch (Exception ex) { Log.Write(ex.ToString(), Color.Red); } }
public byte[] InjectAndExecute(IEnumerable <string> asm, int returnLength = 0) { lock (_executeLockObject) { var tempsByte = new byte[0]; // reset return value pointer Memory.Write(_retnInjectionAsm, 0); if (!Memory.IsProcessOpen || !Installed) { return(tempsByte); } // Write the asm stuff Memory.Asm.Clear(); foreach (var tempLineAsm in asm) { Memory.Asm.AddLine(tempLineAsm); } // Allocation Memory var injectionAsmCodecave = Memory.AllocateMemory(Memory.Asm.Assemble().Length); try { // Inject Memory.Asm.Inject((uint)injectionAsmCodecave); Memory.Write(_addresseInjection, (int)injectionAsmCodecave); while (Memory.Read <int>(_addresseInjection) > 0) { Thread.Sleep(5); } // Wait to launch code if (returnLength > 0) { tempsByte = Memory.ReadBytes(Memory.Read <IntPtr>(_retnInjectionAsm), returnLength); } else { var retnByte = new List <byte>(); var dwAddress = Memory.Read <IntPtr>(_retnInjectionAsm); if (dwAddress.ToInt32() != 0) { //Log.Write("dwAddress {0}", dwAddress); var buf = Memory.Read <byte>(dwAddress); while (buf != 0) { retnByte.Add(buf); dwAddress = dwAddress + 1; buf = Memory.Read <byte>(dwAddress); //Log.Write("buf: {0}", buf); } } tempsByte = retnByte.ToArray(); } } catch (Exception ex) { if (!ex.Message.StartsWith("Could not read bytes from")) { Log.Write(ex.ToString()); } } finally { // Free memory allocated // schedule resources to be freed at a later date cause freeing it immediately was causing wow crashes new Timer(state => Memory.FreeMemory((IntPtr)state), injectionAsmCodecave, 100, 0); } // return return(tempsByte); } }
private void Hooking() { try { lock (Locker) { if (Wow.Memory.WowProcess.ProcessId <= 0) { return; } // Process Connect: if (!Memory.IsProcessOpen || Memory.ProcessId != Wow.Memory.WowProcess.ProcessId) { Memory.OpenProcessAndThread(Wow.Memory.WowProcess.ProcessId); } if (Memory.IsProcessOpen) { string textBuild = Memory.ReadUTF8String(Wow.Memory.WowProcess.WowModule + (uint)Addresses.GameInfo.buildWoWVersionString); uint wowBuildVersion = Helpers.Usefuls.WowVersion(textBuild); if (wowBuildVersion != Information.TargetWowBuild) { if (System.Diagnostics.Process.GetProcessById(Memory.ProcessId).HasExited) { return; } if (wowBuildVersion == 0 || wowBuildVersion < Information.MinWowBuild || wowBuildVersion > Information.MaxWowBuild) { // Offsets seems to have changed. MessageBox.Show( Translate.Get(Translate.Id.UpdateRequiredCases) + Environment.NewLine + Environment.NewLine + Translate.Get(Translate.Id.UpdateRequiredCase1) + Environment.NewLine + Translate.Get(Translate.Id.UpdateRequiredCase2), Translate.Get(Translate.Id.UpdateRequiredCasesTitle)); return; } // Offsets has not changed, but may have a function offsets changes. We may need to create a integrated function offsets pattern finder in that case. if (Information.TargetWowBuild > wowBuildVersion) { MessageBox.Show( Translate.Get(Translate.Id.UpdateRequireOlderTheNoobBot) + Information.TargetWowVersion + Translate.Get(Translate.Id.RunningWoWBuildDot) + Information.TargetWowBuild + Translate.Get(Translate.Id.RunningWoWBuild) + wowBuildVersion + Translate.Get(Translate.Id.RunningWoWBuildDot) + Environment.NewLine + Environment.NewLine + Translate.Get(Translate.Id.PleaseDownloadOlder), Translate.Get(Translate.Id.UpdateRequireOlderTheNoobBotTitle)); } if (Information.TargetWowBuild < wowBuildVersion) { MessageBox.Show( Translate.Get(Translate.Id.UpdateRequireNewerTheNoobBot) + Information.TargetWowVersion + Translate.Get(Translate.Id.RunningWoWBuildDot) + Information.TargetWowBuild + Translate.Get(Translate.Id.RunningWoWBuild) + wowBuildVersion + Translate.Get(Translate.Id.RunningWoWBuildDot) + Environment.NewLine + Environment.NewLine + Translate.Get(Translate.Id.PleaseDownloadNewer), Translate.Get(Translate.Id.UpdateRequireNewerTheNoobBotTitle)); } return; } /*if (Wow.Memory.WowProcess.Executor != null) * { * Wow.Memory.WowProcess.Executor.Dispose(); * } * * RemoteProcess m_Process = new RemoteProcess((uint) Wow.Memory.WowProcess.ProcessId); * Wow.Memory.WowProcess.Executor = new WndProcExecutor2(m_Process, (IntPtr) Wow.Memory.WowProcess.MainWindowHandle); */ // Get address of EndScene JumpAddress = GetJumpAdresse(); JumpAddressDX = GetJumpAdresseDX(); if (/*Memory.ReadByte(JumpAddress) == 0xE9 ||*/ Memory.ReadByte(JumpAddressDX) == 0xE9) { DisposeHooking(); } try { if (D3D.OriginalBytes == null) { byte[] extractAllBytes = Memory.ReadBytes(JumpAddressDX, 10); // Gather as much data as possible if there is others graphic cards system. string bytes = ""; foreach (uint bit in extractAllBytes) { if (bytes == "") { bytes = bit.ToString(); } else { bytes = bytes + ", " + bit; } } Logging.WriteFileOnly("Hooking Informations: " + bytes); D3D.OriginalBytes = Memory.ReadBytes(JumpAddress, 5); // WinXP - Win7, with standards graphic drivers. D3D.OriginalBytesDX = Memory.ReadBytes(JumpAddressDX, 5); // WinXP - Win7, with standards graphic drivers. if (D3D.OriginalBytesDX[0] == 0x55) { D3D.OriginalBytesDX = Memory.ReadBytes(JumpAddressDX, 6); // WinXP - Win7, with specific graphic drivers. } else if (D3D.OriginalBytesDX[0] == 0x6A) { D3D.OriginalBytesDX = Memory.ReadBytes(JumpAddressDX, 7); // Win8, add 2 nop to fit 5 bytes for UnHook. } } //_mLockRequested = Memory.AllocateMemory(0x4); _mLocked = Memory.AllocateMemory(0x4); _mLockedDX = Memory.AllocateMemory(0x4); _mResult = Memory.AllocateMemory(0x4); _mSavedAntiban = Memory.AllocateMemory(0x4); _mExecuteRequested = Memory.AllocateMemory(0x4); _mExecuteRequestedDX = Memory.AllocateMemory(0x4); _mZeroBytesInjectionCodes = new byte[0x1000]; for (int i = 0; i < 0x1000; i++) { _mZeroBytesInjectionCodes[i] = 0; } _mInjectionCode = Memory.AllocateMemory(_mZeroBytesInjectionCodes.Length); //CreateTrampoline(); CreateTrampolineDX(); //Apply(); ApplyDX(); } catch (Exception e) { Logging.WriteError("Hooking()#1: " + e); ThreadHooked = false; return; } } } ThreadHooked = true; AllowReHook = false; } catch (Exception e) { Logging.WriteError("Hooking()#2: " + e); } }