private void CreateTrampolineDX() { _mTrampolineDX = Memory.AllocateMemory(0x1000); Console.WriteLine("m_trampoline : " + _mTrampolineDX.ToString("X")); var fasm = new ManagedFasm(Memory.ProcessHandle); fasm.SetMemorySize(0x1000); fasm.SetPassLimit(100); fasm.AddLine("pushad"); fasm.AddLine("pushfd"); fasm.AddLine("mov eax, [{0}]", _mLocked); // _mLockedDX fasm.AddLine("@execution:"); fasm.AddLine("mov eax, [{0}]", _mExecuteRequested); // DX fasm.AddLine("test eax, eax"); fasm.AddLine("je @lockcheck"); /*fasm.AddLine("mov ebx, [{0}]", (Wow.Memory.WowProcess.WowModule + (uint) Addresses.FunctionWow.SpellChecker)); * fasm.AddLine("mov eax, [ebx+" + (uint) Addresses.FunctionWow.SpellCheckerOff1 + "]"); * fasm.AddLine("mov esi, [ebx+" + (uint) Addresses.FunctionWow.SpellCheckerOff2 + "]"); * fasm.AddLine("mov [" + _mSavedAntiban + "], esi"); * fasm.AddLine("mov [ebx+" + (uint) Addresses.FunctionWow.SpellCheckerOff2 + "], eax");*/ fasm.AddLine("call {0}", _mInjectionCode); fasm.AddLine("mov [" + _mResult + "], eax"); /*fasm.AddLine("mov edx, {0}", (uint) (Wow.Memory.WowProcess.WowModule + (uint) Addresses.FunctionWow.CTMChecker)); * fasm.AddLine("call " + (uint) (Wow.Memory.WowProcess.WowModule + (uint) Addresses.FunctionWow.WoWTextCaller)); * fasm.AddLine("push happilyeverafter"); * fasm.AddLine("push " + (uint) (Wow.Memory.WowProcess.WowModule + (uint) Addresses.FunctionWow.RetFromFunctionBelow)); * fasm.AddLine("jmp " + (uint) (Wow.Memory.WowProcess.WowModule + (uint) Addresses.FunctionWow.CTMChecker2)); * fasm.AddLine("happilyeverafter:");*/ /*fasm.AddLine("mov ebx, [{0}]", (Wow.Memory.WowProcess.WowModule + (uint) Addresses.FunctionWow.SpellChecker)); * fasm.AddLine("mov esi, [" + _mSavedAntiban + "]"); * fasm.AddLine("mov [ebx+" + (uint) Addresses.FunctionWow.SpellCheckerOff2 + "], esi");*/ fasm.AddLine("xor eax, eax"); fasm.AddLine("mov [" + _mExecuteRequested + "], eax"); // DX fasm.AddLine("@lockcheck:"); fasm.AddLine("mov eax, [{0}]", _mLocked); // DX fasm.AddLine("test eax, eax"); fasm.AddLine("jne @execution"); fasm.AddLine("push 0"); fasm.AddLine("add esp, 4"); fasm.AddLine("popfd"); fasm.AddLine("popad"); Memory.WriteBytes(_mTrampolineDX, D3D.OriginalBytesDX); fasm.AddLine("jmp " + (JumpAddressDX + D3D.OriginalBytesDX.Length)); fasm.Inject((uint)(_mTrampolineDX + D3D.OriginalBytesDX.Length)); }
public void DoString(string lua) { Thread.Sleep(75); utf_8 = System.Text.Encoding.UTF8; lua += '\0'; // Convert a string to utf-8 bytes. byte[] utf8Bytes = System.Text.Encoding.UTF8.GetBytes(lua); Memory.WriteBytes(codeCave + 0x1024, utf8Bytes); // Memory.WriteASCIIString(codeCave + 0x1024, lua+'\0'); // Memory.WriteUnicodeString(codeCave + 0x1024, lua + '\0'); Memory.WriteInt(codeCave + 256, 0xBABABA); }
/// <summary> /// Execute the given LUA command inside WoW's MainThread /// </summary> /// <param name="command">lua command to run</param> public static void LuaDoString(string command) { AmeisenLogger.Instance.Log(LogLevel.VERBOSE, $"Doing string: Command [{command}]", "AmeisenCore"); uint argCC = BlackMagic.AllocateMemory(Encoding.UTF8.GetBytes(command).Length + 1); BlackMagic.WriteBytes(argCC, Encoding.UTF8.GetBytes(command)); string[] asm = new string[] { $"MOV EAX, {(argCC)}", "PUSH 0", "PUSH EAX", "PUSH EAX", $"CALL {(Offsets.luaDoString)}", "ADD ESP, 0xC", "RETN", }; HookJob hookJob = new HookJob(asm, false); AmeisenHook.AddHookJob(ref hookJob); while (!hookJob.IsFinished) { Thread.Sleep(1); } AmeisenLogger.Instance.Log(LogLevel.VERBOSE, $"Command returned: Command [{command}]", "AmeisenCore"); BlackMagic.FreeMemory(argCC); }
/// <summary> /// Get Localized Text for command /// </summary> /// <param name="command">lua command to run</param> /// <param name="variable">variable to read</param> /// <returns>localized text for the executed functions return value</returns> public static string GetLocalizedText(string command, string variable) { if (command.Length > 0 && variable.Length > 0) { uint argCCCommand = BlackMagic.AllocateMemory(Encoding.UTF8.GetBytes(command).Length + 1); BlackMagic.WriteBytes(argCCCommand, Encoding.UTF8.GetBytes(command)); string[] asmDoString = new string[] { $"MOV EAX, {(argCCCommand) }", "PUSH 0", "PUSH EAX", "PUSH EAX", $"CALL {(Offsets.luaDoString)}", "ADD ESP, 0xC", "RETN", }; uint argCC = BlackMagic.AllocateMemory(Encoding.UTF8.GetBytes(variable).Length + 1); BlackMagic.WriteBytes(argCC, Encoding.UTF8.GetBytes(variable)); uint playerBase = BlackMagic.ReadUInt(Offsets.playerBase); playerBase = BlackMagic.ReadUInt(playerBase + 0x34); playerBase = BlackMagic.ReadUInt(playerBase + 0x24); string[] asmLocalText = new string[] { $"CALL {(Offsets.clientObjectManagerGetActivePlayerObject)}", "MOV ECX, EAX", "PUSH -1", $"PUSH {(argCC)}", $"CALL {(Offsets.luaGetLocalizedText)}", "RETN", }; HookJob hookJobLocaltext = new HookJob(asmLocalText, true); ReturnHookJob hookJobDoString = new ReturnHookJob(asmDoString, false, hookJobLocaltext); AmeisenHook.AddHookJob(ref hookJobDoString); while (!hookJobDoString.IsFinished || !hookJobDoString.IsFinished) { Thread.Sleep(5); } string result = Encoding.UTF8.GetString((byte[])hookJobDoString.ReturnValue); AmeisenLogger.Instance.Log(LogLevel.VERBOSE, "DoString(" + command + "); => " + variable + " = " + result, "AmeisenCore"); BlackMagic.FreeMemory(argCCCommand); BlackMagic.FreeMemory(argCC); return(result); } return(""); }
public void DisposeHooking() { // get D3D9 Endscene Pointer uint endscene = GetEndScene(); endscene += ENDSCENE_HOOK_OFFSET; // check if WoW is hooked if (BlackMagic.ReadByte(endscene) == 0xE9) { BlackMagic.WriteBytes(endscene, originalEndscene); BlackMagic.FreeMemory(codeCave); BlackMagic.FreeMemory(codeToExecute); BlackMagic.FreeMemory(codeCaveForInjection); } isHooked = false; hookWorker.Join(); }
private void RemoveHook() { d3.WriteBytes(oEndScene, origEndSceneBytes); }