public void MemoryAllocFreeTest()
{
MemoryAllocation memAlloc = TrashMem.AllocateMemory(32);
Assert.IsNotNull(memAlloc);
Assert.IsTrue(memAlloc.Address != 0x0);
Assert.IsTrue(memAlloc.Free());
}
public string GetLocalizedText(string variable)
{
AmeisenBotLogger.Instance.Log($"[{ProcessId.ToString("X", CultureInfo.InvariantCulture.NumberFormat)}]\tReading Lua variable \"{variable}\"", LogLevel.Verbose);
if (variable.Length > 0)
{
byte[] bytes = Encoding.UTF8.GetBytes(variable);
MemoryAllocation memAlloc = TrashMem.AllocateMemory(bytes.Length + 1);
if (memAlloc == null)
{
return("");
}
TrashMem.WriteBytes(memAlloc.Address, bytes);
string[] asmLocalText = new string[]
{
$"CALL 0x{OffsetList.FunctionGetActivePlayerObject.ToString("X")}",
"MOV ECX, EAX",
"PUSH -1",
$"PUSH 0x{memAlloc.Address.ToString("X")}",
$"CALL 0x{OffsetList.FunctionGetLocalizedText.ToString("X")}",
"RETN",
};
string result = Encoding.UTF8.GetString(InjectAndExecute(asmLocalText, true));
TrashMem.FreeMemory(memAlloc);
return(result);
}
return("");
}
public void LuaDoString(string command)
{
AmeisenBotLogger.Instance.Log($"[{ProcessId.ToString("X", CultureInfo.InvariantCulture.NumberFormat)}]\tExecuting Lua \"{command}\"", LogLevel.Verbose);
if (command.Length > 0)
{
byte[] bytes = Encoding.UTF8.GetBytes(command);
MemoryAllocation memAlloc = TrashMem.AllocateMemory(bytes.Length + 1);
if (memAlloc == null)
{
return;
}
TrashMem.WriteBytes(memAlloc.Address, bytes);
if (memAlloc.Address == 0)
{
return;
}
string[] asm = new string[]
{
$"MOV EAX, 0x{memAlloc.Address.ToString("X")}",
"PUSH 0",
"PUSH EAX",
"PUSH EAX",
$"CALL 0x{OffsetList.FunctionLuaDoString.ToString("X")}",
"ADD ESP, 0xC",
"RETN",
};
InjectAndExecute(asm, false);
TrashMem.FreeMemory(memAlloc);
}
}
private void ButtonNewAlloc_Click(object sender, RoutedEventArgs e)
{
if (TrashMem != null)
{
if (int.TryParse(textboxAllocSize.Text, out int allocSize))
{
TrashMem.AllocateMemory(allocSize);
}
UpdateAllocationsAndThreads();
}
}
private void SetupEndsceneHook()
{
// first thing thats 5 bytes big is here
// we are going to replace this 5 bytes with
// our JMP instruction (JMP (1 byte) + Address (4 byte))
EndsceneAddress += ENDSCENE_HOOK_OFFSET;
// if WoW is already hooked, unhook it
if (IsWoWHooked)
{
DisposeHook();
}
else
{
originalEndsceneBytes = TrashMem.ReadChars(EndsceneAddress, 5);
}
// if WoW is now/was unhooked, hook it
if (!IsWoWHooked)
{
AmeisenBotLogger.Instance.Log($"[{ProcessId.ToString("X", CultureInfo.InvariantCulture.NumberFormat)}]\tHooking EndScene at \"0x{EndsceneAddress.ToString("X", CultureInfo.InvariantCulture.NumberFormat)}\"", LogLevel.Verbose);
// the address that we will return to after
// the jump wer'e going to inject
EndsceneReturnAddress = EndsceneAddress + 0x5;
// integer to check if there is code waiting to be executed
CodeToExecuteAddress = TrashMem.AllocateMemory(4);
TrashMem.Write(CodeToExecuteAddress.Address, 0);
// integer to save the address of the return value
ReturnValueAddress = TrashMem.AllocateMemory(4);
TrashMem.Write(ReturnValueAddress.Address, 0);
// codecave to check if we need to execute something
CodecaveForCheck = TrashMem.AllocateMemory(128);
AmeisenBotLogger.Instance.Log($"[{ProcessId.ToString("X", CultureInfo.InvariantCulture.NumberFormat)}]\tCCCheck is at \"0x{CodecaveForCheck.Address.ToString("X", CultureInfo.InvariantCulture.NumberFormat)}\"", LogLevel.Verbose);
// codecave for the code we wa't to execute
CodecaveForExecution = TrashMem.AllocateMemory(2048);
AmeisenBotLogger.Instance.Log($"[{ProcessId.ToString("X", CultureInfo.InvariantCulture.NumberFormat)}]\tCCExecution is at \"0x{CodecaveForExecution.Address.ToString("X", CultureInfo.InvariantCulture.NumberFormat)}\"", LogLevel.Verbose);
TrashMem.Asm.Clear();
// save registers
TrashMem.Asm.AddLine("PUSHFD");
TrashMem.Asm.AddLine("PUSHAD");
// check for code to be executed
TrashMem.Asm.AddLine($"MOV EBX, [0x{CodeToExecuteAddress.Address.ToString("X")}]");
TrashMem.Asm.AddLine("TEST EBX, 1");
TrashMem.Asm.AddLine("JE @out");
// execute our stuff and get return address
TrashMem.Asm.AddLine($"MOV EDX, 0x{CodecaveForExecution.Address.ToString("X")}");
TrashMem.Asm.AddLine("CALL EDX");
TrashMem.Asm.AddLine($"MOV [0x{ReturnValueAddress.Address.ToString("X")}], EAX");
// finish up our execution
TrashMem.Asm.AddLine("@out:");
TrashMem.Asm.AddLine("MOV EDX, 0");
TrashMem.Asm.AddLine($"MOV [0x{CodeToExecuteAddress.Address.ToString("X")}], EDX");
// restore registers
TrashMem.Asm.AddLine("POPAD");
TrashMem.Asm.AddLine("POPFD");
byte[] asmBytes = TrashMem.Asm.Assemble();
// needed to determine the position where the original
// asm is going to be placed
int asmLenght = asmBytes.Length;
// inject the instructions into our codecave
TrashMem.Asm.Inject(CodecaveForCheck.Address);
// ---------------------------------------------------
// End of the code that checks if there is asm to be
// executed on our hook
// ---------------------------------------------------
// Prepare to replace the instructions inside WoW
TrashMem.Asm.Clear();
// do the original EndScene stuff after we restored the registers
// and insert it after our code
TrashMem.WriteBytes(CodecaveForCheck.Address + (uint)asmLenght, originalEndsceneBytes);
// return to original function after we're done with our stuff
TrashMem.Asm.AddLine($"JMP 0x{EndsceneReturnAddress.ToString("X")}");
TrashMem.Asm.Inject(CodecaveForCheck.Address + (uint)asmLenght + 5);
TrashMem.Asm.Clear();
// ---------------------------------------------------
// End of doing the original stuff and returning to
// the original instruction
// ---------------------------------------------------
// modify original EndScene instructions to start the hook
TrashMem.Asm.AddLine($"JMP 0x{CodecaveForCheck.Address.ToString("X")}");
TrashMem.Asm.Inject(EndsceneAddress);
AmeisenBotLogger.Instance.Log($"[{ProcessId.ToString("X", CultureInfo.InvariantCulture.NumberFormat)}]\tInjected Hook [IsWoWHooked = {IsWoWHooked}]", LogLevel.Verbose);
// we should've hooked WoW now
}
}
