# Forum > World of Warcraft > World of Warcraft Bots and Programs > WoW Memory Editing > [Release] [C# DLL] iHook, EndScene ASM Injection!

## -Ryuk-

Hello OwnedCore,

Today I have decided to release iHook.

*06/11/2012 : iHook's code is now available at: https://dl.dropbox.com/u/7923805/MMOwned/iHook.rar*
*What does it do?*

iHook, is a C# DLL that hooks EndScene and allows you(the user) to inject ASM into WoW!
The ASM that you inject will be inside WoW's Main Thread, and therefore you can use Lua such as DefaultServerLogin() without crashes.

*Features:*

Built in DoString function,
Built in GetLocalizedText function,
Built in Memory Reading/Writing Class which includes:
OpenProcessCloseProcessBaseAddressWrite<T>Read<T>ReadStruct<T>FindPatternAllocateMemoryFreeMemoryMakeMemoryWriteable<T>And more!

*Why use this over any other public hook?*

There is no specific reason. The best reason I can think of is that this can also Read/Write Memory; without BlackMagic!

*Ok, Where can I download it, and what does it include?*

The download includes a working .Net 4.0 Console Application example(Wow 4.0.3 - See bottom of post for updated addresses)

*Download:*

http://dl.dropbox.com/u/7923805/MMOw...ookExample.rar

*Virus Scan:*

VirusTotal - Free Online Virus, Malware and URL Scanner

*Credits:*

JuJuBoSc - For a lot of help,
RivaLfr - For the MakeMemoryWriteable<T> function,
And everyone else in the Memory Editing section.(Apart from the trolls :P)
Shynd - fasm_managed.dll

Enjoy -Ryuk-



*FAQ's:*

Q: How do I use this after the next patch?
A: That's easy, Open up the project file and change the pointers so that they are correct with the Current Patch!

Q: Where do I find these Pointers?
A: Asking for updated Addresses/Pointers is against the rules! Also if you don't know how to do this, then theres a 99.99999% chance that this dll isn't for you!

Q: Can I use this in a commercial Bot/Hack?
A: No! This is for non-commercial use ONLY!

Q: Help!!!! The hook isnt injecting!!!
A: First of all, this isn't a question! :P Try running WoW and the Application as Admin!

Q: Why do I get the error "Mixed mode assembly is built against version 'v2.0.50727' of the runtime and cannot be loaded in the 4.0 runtime without additional configuration information."?
A: This is because you need some more additional configuration information. Open the App.Config file from example, just copy that into your application and it should now work.

Q: Are these real FAQ's?
A: No, but hopefully, it will save these questions being repeatedly asked.


*Updated Addresses:*


Updated Offsets 4.0.6a

Updated Offsets 4.0.6 CLICK HERE!

*[4.0.3.13329]*



```
        public static uint Direct3D9__Device = 0x97F7F4;
        public static uint Direct3D9__Device__OffsetA = 0x27C4;
        public static uint Direct3D9__Device__OffsetB= 0xA8;
        public static uint ClntObjMgrGetActivePlayerObjAddress = 0x3580;
        public static uint Lua_DoStringAddress = 0x39D8C0;
        public static uint Lua_GetLocalizedTextAddress = 0x1C4280;
```

----------


## DarkLinux

Nice Looks good! +Rep

----------


## Millow

Thank you, looking at it right now !

----------


## -Ryuk-

> Nice Looks good! +Rep





> Thank you, looking at it right now !



Glad I can help  :Smile:

----------


## Millow

Will you release the DLL's source ?

----------


## -Ryuk-

> Will you release the DLL's source ?


No, I will not,

You shouldn't need it

----------


## Ozius

+rep
Whether there are differences DoString and GetLocalizedText which are described EndScene Hook with ASM and blackmagic?
iHook for me works, but example EndScene Hook with ASM and blackmagic isn't present...
My code

----------


## -Ryuk-

> +rep
> Whether there are differences DoString and GetLocalizedText which are described EndScene Hook with ASM and blackmagic?
> iHook for me works, but example EndScene Hook with ASM and blackmagic isn't present...
> My code


The sample code there is no longer working.

It is now there for a sample of what it used to do :P

There are differences in iHook and in the sample code you posted.
Save yourself the headache and use iHook :P Thats why I released it!

----------


## miceiken

> OpenProcesCloseProcessBaseAddressWrite<T>Read<T>ReadStruct<T>FindPatternAllocateMemory



Looks like BlackMagic/Apoc's memory reading class  :Wink:

----------


## -Ryuk-

> Looks like BlackMagic/Apoc's memory reading class



It could well be...

Thanks why I thanked the whole memory editing section, I don't remember where I got stuff.

----------


## dook123

> Looks like BlackMagic/Apoc's memory reading class


Even if it wasnt, those are the basic functions needed to work with memory and having them templated is the best way to go. Just good practice so it should be similar if not the same.

----------


## yeahlol

Nice, +rep

----------


## -Ryuk-

Updated Addresses, See First Post!

----------


## GameAssist

by anyone know the correct offset for 4.0.3.13329

----------


## JuJuBoSc

> by anyone know the correct offset for 4.0.3.13329


What the hell, they are in red and bold in first post, waw!

----------


## GameAssist

> What the hell, they are in red and bold in first post, waw!


oh thank you, found it - sorry)

----------


## Hanfer

Hi
i got this problem:


4.0.3 Offsets (from the first post) are set.....
the GetEndscene funtion gives back "0" ......

----------


## JuJuBoSc

> Hi
> i got this problem:
> 
> 
> 4.0.3 Offsets (from the first post) are set.....
> the GetEndscene funtion gives back "0" ......


So you fail somewhere else, too bad.

----------


## -Ryuk-

> Hi
> i got this problem:
> 
> 
> 4.0.3 Offsets (from the first post) are set.....
> the GetEndscene funtion gives back "0" ......


Download the example again, and use the addresses from the post... just copy then over... Do not edit anything else. It works.

----------


## Hanfer

same problem again......i just copied the addresses.....did nothing else....idk...
i run both example and wow as admin.....

----------


## -Ryuk-

> same problem again......i just copied the addresses.....did nothing else....idk...
> i run both example and wow as admin.....


Make sure your running wow under directx9(i think)

----------


## Hanfer

OMG......sry guys....i set my WoW to OpenGL because of my linux.....spent 3h for that shit...
thx -Ryuk-
+ Rep

----------


## -Ryuk-

> OMG......sry guys....i set my WoW to OpenGL because of my linux.....spent 3h for that shit...
> thx -Ryuk-
> + Rep



Np... enjoy

----------


## simplecan

Thank you!
It's very nice library  :Cool:

----------


## Seifer

> Make sure your running wow under directx9(i think)


You don't know which version of DirectX you have been reversing? :P

Also, is this an ASM-oriented hook as posted by RivalFr a while ago? If so, what perk(s) does it have over, say aHook?
And last of all, did you program it to be synchronous or asynchronous?

----------


## mongoosed

Ryuk, would it be possible for you to release or re-release this .dll using non-static methods so that we can hook multiple processes within the same application space?

----------


## -Ryuk-

> You don't know which version of DirectX you have been reversing? :P
> 
> Also, is this an ASM-oriented hook as posted by RivalFr a while ago? If so, what perk(s) does it have over, say aHook?
> And last of all, did you program it to be synchronous or asynchronous?


Yes this is ASM-oriented.
I have always had problems with RivalFr's hook and aHook.
I found that RivalFr's hook crashed wow often and then since 4.x it doesnt work at all.
I also found that aHook causes a lot of lag(framerate lag) while playing, and could you couldn't really have your bot fighting using asm injection, without it killing wow for 20~ seconds.

The major perk to using my dll, is that it has built in DoString and GetLocalizedText, while this is good for people just wanting an off the bat working dll, it doesn't offer any knowledge about how the functions work, and I do not intend on posting any information about this, as there already available on here.

The hook is very basic, but it works. It was intended just to give something back to the community, for the amount of help that you have given me.

I don't understand what you mean by "synchronous or asynchronous", but I programmed it so that it wouldn't pause wow at all. So if I have understood 'synchronous' correctly(thank you Google :P) I would say thats how I coded it.

---------- Post added at 01:10 PM ---------- Previous post was at 01:09 PM ----------




> Ryuk, would it be possible for you to release or re-release this .dll using non-static methods so that we can hook multiple processes within the same application space?


Yes, but right now I don't have much spare time.

Thanks for the ideas, I will get around to this soon.

----------


## Seifer

> I don't understand what you mean by "synchronous or asynchronous", but I programmed it so that it wouldn't pause wow at all. So if I have understood 'synchronous' correctly(thank you Google :P) I would say thats how I coded it.


Basically, synchronous means it'll wait for its previous actions to be executed before attempting a new one. Asynchronous is the opposite, meaning in the event of two (fast) consecutive injects, the first injection may not be fully completed when the second one is insigated. (Things like the codecave is cleared before the call to the code cave has been made is often one of the problematic things you encounter when you are working with an out-of-sync hook)

I made this mistake in my own hook a while back, and it took me quite a while to figure out what exactly went wrong. Something like an EventWaitHandle can help making your hook in sync, and that much better.

----------


## dook123

Im not sure how warden works at all other than what I have read on here. That being said, if a lot of people used this hook wouldnt that decrease the security? 

I already know that I shouldnt bot if Im afraid to lose my account but I prefer to minimize the risk. I know you said you would not release the source either  :Frown:  sad day.

It seems like some bots get caught in the crossfire of others because they are using the same hook?

----------


## nilum

Hi. I am a novice, but I got this example working (not that it took much effort). I wanted to know if there was a way to set up an on KeyPress event handler.

I've been messing with the DoString() function and it works well, but I would like to be able to control it in game so I can test it multiple times.

Right now I have to alt tab out of WoW and run the program each time. I would like to run a certain DoString() each time I press a certain key and end the program when I press another.

Can anyone help me out?

----------


## dook123

This type of code is well documented on other sites. You will need to do a global keyboard hook from within your test application.

WH_KEYBOARD_LL
^hook this
User32.dll 
^inside this

SetWindowsHookEx(..)

----------


## nilum

> This type of code is well documented on other sites. You will need to do a global keyboard hook from within your test application.
> 
> WH_KEYBOARD_LL
> ^hook this
> User32.dll 
> ^inside this
> 
> SetWindowsHookEx(..)


Hi, Dook.
Thanks for the response.

I did some searching and I think I found what you were referring to:
A Simple C# Global Low Level Keyboard Hook - CodeProject

Would this be the best method to use or is there a better hook? This seems to be for form applications, and I want to stick with console apps for now.

Thank you.

----------


## dook123

2shared - download KeyboardHookCSharp.7z

Link above has example project. Run it and you will see. The example you found its applied to his application but can be done system wide. Remember that not all keys are caught this way. Things like alt and ctrl are special.

Rep my post if it was helpful. Credits are in the source comments. I did not write the code at all but I have similar classes somewhere... cleaning the computer today.

----------


## nilum

Thanks for that dook. I will check it out. In the meantime I was able to find some other examples. Here is one I modified:



```
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Runtime.InteropServices;

//Author: ComputerAnalysis
//The Computer Analysis: Episode 2
//This code is designated for educational use only.
//Please do not plagiarize my code.
//I do not take responsiblity for any illegal uses of this code.
//Modified by nilum
//Original Source: http://www.freewebs.com/computeranalysis/keylogger.txt

namespace KeyHook
{
    class Program
    {
        [DllImport("user32.dll")]
        private static extern short GetAsyncKeyState(int vKey);


        static void Main(string[] args)
        {
            bool terminate = false;
            while (terminate == false)
            {
                for (int i = 1; i < 255; i++)
                {
                    int result = GetAsyncKeyState(i);

                    if (result != 0)
                    {
                        Console.WriteLine(checkExceptions(i));
                        if (checkExceptions(i) == "T")
                        {
                            terminate = true;
                        }
                        System.Threading.Thread.Sleep(115); //115 works best for my computer.
                    }
                }
            }    
        }

        public static string checkExceptions(int i) // makes log files easier to read and cleaner
        {
            switch (i)
            {
                case 1:
                    return "<Left Click>";
                case 2:
                    return "<Right Click>";
                case 13:
                    return "<Enter>";
                case 9:
                    return "<Tab>";
                case 20:
                    return "<Caps Lock>";
                case 160:
                    return "<Left Shift>";
                case 161:
                    return "<Right Shift>";
                case 16:
                    return "";
                case 162:
                    return "<Ctrl>";
                case 163:
                    return "<Ctrl>";
                case 17:
                    return "";
                case 164:
                    return "<Alt>";
                case 165:
                    return "<Alt>";
                case 18:
                    return "";
                case 93:
                    return "<Menu Key>";
                case 37:
                    return "<Left Arrow>";
                case 39:
                    return "<Right Arrow>";
                case 38:
                    return "<Up Arrow>";
                case 40:
                    return "<Down Arrow>";
                case 220:
                    return "\\";
                case 191:
                    return "/";
                case 222:
                    return "'";
                case 186:
                    return ";";
                case 8:
                    return "<BackSpace>";
                case 33:
                    return "<Page Up>";
                case 34:
                    return "<Page Down>";
                case 35:
                    return "<End>";
                case 36:
                    return "<Home>";
                case 144:
                    return "<Num Lk>";
                case 44:
                    return "<Prnt Scrn>";
                case 45:
                    return "<Insert>";
                case 112:
                    return "<F1>";
                case 113:
                    return "<F2>";
                case 114:
                    return "<F3>";
                case 115:
                    return "<F4>";
                case 116:
                    return "<F5>";
                case 117:
                    return "<F6>";
                case 118:
                    return "<F7>";
                case 119:
                    return "<F8>";
                case 120:
                    return "<F9>";
                case 121:
                    return "<F10>";
                case 122:
                    return "<F11>";
                case 123:
                    return "<F12>";
                case 219:
                    return "[";
                case 221:
                    return "]";
                case 189:
                    return "-";
                case 187:
                    return "=";
                case 91:
                    return "<Windows Key>";
                case 188:
                    return ",";
                case 190:
                    return ".";
                default:
                    return ((char)i).ToString();
            }
        }
    }
}
```

----------


## Cypher

> Thanks for that dook. I will check it out. In the meantime I was able to find some other examples. Here is one I modified:
> 
> 
> 
> ```
> using System;
> using System.Collections.Generic;
> using System.Linq;
> using System.Text;
> ...


That code is ****ing awful. Seriously.

----------


## nilum

> That code is ****ing awful. Seriously.


Well, at least I wasn't the one who wrote it (though admittedly I wouldn't have done much better).

Thanks for the feedback.

PS. Maybe one of you could check out my other awful code and tell me how I can improve it:

http://www.mmowned.com/forums/world-...ml#post1997238

Thanks again.

----------


## Xelper

Sorry for bumping a thread that is a couple of weeks old, figured my question might be relevant to those looking to start hooking EndScene.

I wrote a DPS addon that sets a variable to whatever spell ID needs to be cast next. I am then using an EndScene hook to read that variable and cast accordingly. That is all well and good.

My only issue is that I will crash (WoW) if I go into a loading screen while it is trying to read the variable. I have put some safeguards in place (if UnitIsDeadOrGhost then restore, because they will likely be releasing soon), I am also checking:



```
public static readonly uint InGame = 0x99069A;
public static readonly uint isLoadingOrConnecting = 0x97BD6C;
uint playerIngame = Memory.Read<uint>(Memory.BaseAddress + (uint)clsMyOffsets.InGame);
uint playerLoading = Memory.Read<uint>(Memory.BaseAddress + (uint)clsMyOffsets.isLoadingOrConnecting);
```

Before I do every single DoString/GetLocalizedText, however it still manages to try and do a read before one of these variables is updated. 

Anyone have any thoughts on preventing the application of the hook, restoring the hook prior to a loadscreen (automatically), or other thoughts?

Thanks!

----------


## Flushie

> Will you release the DLL's source ?


You can always reverse engineer it? Obviously thats not the source/source, but you can gain an idea on how he approached it.
And -Ryuak- this is pretty cool, thank you for your contribution.

----------


## theomi

Awesome work -Ryuak-...
Thank you

----------


## Xelper

4.0.6.13596



```
        public static uint Direct3D9__Device = 0x98ACDC;
        public static uint Direct3D9__Device__OffsetA = 0x27C4;
        public static uint Direct3D9__Device__OffsetB = 0xA8;
        public static uint ClntObjMgrGetActivePlayerObjAddress = 0x3540;
        public static uint Lua_DoStringAddress = 0x3A26B0;
        public static uint Lua_GetLocalizedTextAddress = 0x1C2270;
```

----------


## -Ryuk-

> 4.0.6.13596
> 
> 
> 
> ```
>         public static uint Direct3D9__Device = 0x98ACDC;
>         public static uint Direct3D9__Device__OffsetA = 0x27C4;
>         public static uint Direct3D9__Device__OffsetB = 0xA8;
>         public static uint ClntObjMgrGetActivePlayerObjAddress = 0x3540;
> ...


Added to first post. =)

Good to see people are using this  :Smile: 

+Rep

----------


## reeveerx

Just wondering, does anyone have the updated ones for 13623? TIA.

----------


## Xelper

4.0.6.13623


```
        public static uint Direct3D9__Device = 0x98BCDC; 
        public static uint Direct3D9__Device__OffsetA = 0x27C4;
        public static uint Direct3D9__Device__OffsetB = 0xA8;
        public static uint ClntObjMgrGetActivePlayerObjAddress = 0x3520;
        public static uint Lua_DoStringAddress = 0x3A2620;
        public static uint Lua_GetLocalizedTextAddress = 0x1C2250;
```

Just an FYI to everyone, this stuff is normally in the InfoDump thread (usually on the 1st page since EndScene stuff is pretty popular). They might go by slightly different names though, usually they are pretty close. Also, some tips on 'finding' them yourself (using that term loosely since you are still relying on the InfoDump!) 

Direct3D9__Device = DXDEVICE, you can use RivaLfr's OffsetFinder to use his pattern for finding this. Check out his app here: Click

From the Function Dump (very 1st post in the InfoDump usually, see here for this patch example): 
Lua_DoStringAddress = (FrameScript::Execute - 0x400000) so for example, the offset listed for this patch is 7A2620. Subtract 0x400000 and you get 0x3A2620.
Lua_GetLocalizedTextAddress = (FrameScript::GetLocalizedText - 0x400000)
ClntObjMgrGetActivePlayerObjAddress = (ClntObjMgrGetActivePlayerObjAddress - 0x400000)

----------


## -Ryuk-

> 4.0.6.13623
> 
> 
> ```
>         public static uint Direct3D9__Device = 0x98BCDC; 
>         public static uint Direct3D9__Device__OffsetA = 0x27C4;
>         public static uint Direct3D9__Device__OffsetB = 0xA8;
>         public static uint ClntObjMgrGetActivePlayerObjAddress = 0x3520;
>         public static uint Lua_DoStringAddress = 0x3A2620;
> ...



TY again  :Smile: 

+Rep (If I dont have to spread)

----------


## wowsc4p3

Any chance of a source to the dll? Would like to add it to my existing hack...

----------


## -Ryuk-

> Any chance of a source to the dll? Would like to add it to my existing hack...


nope just use the dll

----------


## wowsc4p3

Why not?  :Frown:

----------


## Bananenbrot

.NET Reflector, class browser, analyzer and decompiler for .NET

----------


## -Ryuk-

> Why not?


Because I don't want to.

And if I do, People will just rip it off and use it in "commercial" bots. Its easy enough to do, just go and learn!




> .NET Reflector, class browser, analyzer and decompiler for .NET


This wont work... The DLL is SA protected.

----------


## smm298

> Ryuk, would it be possible for you to release or re-release this .dll using non-static methods so that we can hook multiple processes within the same application space?


You said you eventually planned on this, any idea when? Would be nice to have for a project i'm working on.

----------


## -Ryuk-

> You said you eventually planned on this, any idea when? Would be nice to have for a project i'm working on.


I honestly have no idea... Im moving house tomorrow, and I expect at least 1 week internet downtime =/ I also have alot of "Real Life" matters(Coursework ect)

I do plan to release alot more "tools" for bot developers, just hang on in there for me to sort out my life first  :Smile:

----------


## Shynd

It's pretty cool that you attached fasm_managed.dll without credits. I wish I could be that cool.

----------


## Jadd

> It's pretty cool that you attached fasm_managed.dll without credits. I wish I could be that cool.


Bam. (filler)

----------


## -Ryuk-

> It's pretty cool that you attached fasm_managed.dll without credits. I wish I could be that cool.


Added, Sorry I forgot  :Smile:

----------


## Shynd

I really just wanted an excuse to be mean to someone on the interwebs. It's no problem. Thanks though.

Nice contribution, by the way.

----------


## Cypher

> I really just wanted an excuse to be mean to someone on the interwebs. It's no problem. Thanks though.
> 
> Nice contribution, by the way.


Pfft, like you need an excuse. Allow me to demonstrate...

**** you!

See, it's just that easy!

----------


## Shynd

GET OUT OF HERE CYPHER I AIN'T GOT SHIT TO SAY TO YOU.

Oh, and I actually read the thread (gasp!) and heard some talk about using Events to make sure you don't run into threading issues, etc. Thought this might help: [C#] Executor.cs - Pastebin.com (yes, it's ugly, go **** yourself)

----------


## GameAssist

By the way, the way presented here is dll full shit, since its use steadily crashed Wow.exe.
In fact, it is only suitable to run a time in a console application - for use in a real BOT in it should be possible to subscribe to an event Reading / Writing to memory

----------


## Cypher

> GET OUT OF HERE CYPHER I AIN'T GOT SHIT TO SAY TO YOU.
> 
> Oh, and I actually read the thread (gasp!) and heard some talk about using Events to make sure you don't run into threading issues, etc. Thought this might help: [C#] Executor.cs - Pastebin.com (yes, it's ugly, go **** yourself)


Nigga you crazy.

----------


## Shynd

Edit: Wow this is not how I talk.

----------


## -Ryuk-

> By the way, the way presented here is dll full shit, since its use steadily crashed Wow.exe.
> In fact, it is only suitable to run a time in a console application - for use in a real BOT in it should be possible to subscribe to an event Reading / Writing to memory


I use it fine... So your doing something wrong.

@Shynd Thanks for the pastebin  :Big Grin:

----------


## Xelper

4.1.0.13914



```
        public static uint Direct3D9__Device = 0xA05E1C;
        public static uint Direct3D9__Device__OffsetA = 0x27E0;
        public static uint Direct3D9__Device__OffsetB= 0xA8;
        public static uint ClntObjMgrGetActivePlayerObjAddress = 0x31D0;
        public static uint Lua_DoStringAddress = 0x3ACF00;
        public static uint Lua_GetLocalizedTextAddress = 0x1C7780;
```

----------


## Xelper

Quick question more regarding EndScene LUA execution rather than hooking itself. 

Currently my 'raid DPS bot' code looks like this, all of the logic behind setting the Next ID/action(s) is handled by an addon for ease of editing/updating.



```
            while (bwExecute.CancellationPending != true)
            {
                string pqNextID = clsMyMemory.GetLocalizedText("pq_NextID");
                string pqNextAction = clsMyMemory.GetLocalizedText("pq_NextAction");

                if (pqNextAction != "" && pqNextAction != "0")
                {
                    string[] splitActions = pqNextAction.Split('|');
                    foreach (string action in splitActions)
                    {
                        clsMyMemory.ExecuteLua("RunMacroText(\"" + action + "\")");
                    }
                }
                
                if (pqNextID != "" && pqNextID != "0") 
                {
                    string PQMacro = "CastSpellByID(" + pqNextID + ")";

                    clsMyMemory.ExecuteLua(PQMacro);
                }
                System.Threading.Thread.Sleep(30); //implement some sort of delay to prevent excessive LUA
            }
```

I originally wanted to do something like this, that way I am simply just executing a single Lua statement rather than doing 2 GetLocalizedTexts followed by multiple Executes:



```
PQMacro = @"
if pq_NextID ~= nil then
CastSpellByID(pq_NextID)
end
";
clsMyMemory.ExecuteLua(PQMacro);
```

However that throws a "(Addon Name Assigning Variable) has tried to run code reserved for the Blizzard UI" etc etc etc error ingame. I've tried to assign the NextID variable to a different variable first (NextSpellToCast = pq_NextID; CastSpellByID(NextSpellToCast)) however the error still happens. Anyone have any thoughts on getting around this?

Thanks  :Smile:

----------


## Neffarian

All over this funk...

@Xelper
L3ikDus

Hook.DoString(" RunMacroText(\"/startattack\") ");

----------


## Xelper

4.1.0.14007


```
        public static uint Direct3D9__Device = 0xA05E1C;
        public static uint Direct3D9__Device__OffsetA = 0x27E0;
        public static uint Direct3D9__Device__OffsetB = 0xA8;
        public static uint ClntObjMgrGetActivePlayerObjAddress = 0x3190;
        public static uint Lua_DoStringAddress = 0x3ACB50;
        public static uint Lua_GetLocalizedTextAddress = 0x1C7590;
```

Sorry for the delay, only the function addresses changed and you could have found that out by reading the InfoDump.  :Smile: 


I'm also going to assume that there is no way around the variable tainting issues in the way that I had wanted, oh well.. I guess I can just have the addon concatenate the two variables into one then split them apart in C# and pass them both back into a single DoString.

----------


## Thongs

> 4.1.0.14007
> 
> 
> ```
>         public static uint Direct3D9__Device = 0xA05E1C;
>         public static uint Direct3D9__Device__OffsetA = 0x27E0;
>         public static uint Direct3D9__Device__OffsetB = 0xA8;
>         public static uint ClntObjMgrGetActivePlayerObjAddress = 0x3190;
>         public static uint Lua_DoStringAddress = 0x3AE6A0;
> ...


Tried using these but they're not working for me. Are these offsets working for everyone else, or am I just retarded?

Edit:
Did a bit of reversing and found that the Lua_DoString address is incorrect. The correct address for it is 0x3ACB50.
*Working addresses:*


```
        public static uint Direct3D9__Device = 0xA05E1C;
        public static uint Direct3D9__Device__OffsetA = 0x27E0;
        public static uint Direct3D9__Device__OffsetB = 0xA8;
        public static uint ClntObjMgrGetActivePlayerObjAddress = 0x3190;
        public static uint Lua_DoStringAddress = 0x3ACB50;
        public static uint Lua_GetLocalizedTextAddress = 0x1C7590;
```

----------


## Xelper

Oops- sorry about that. Thanks Thongs. +rep Corrected it in my first post incase people don't read further.

I see what happened, I was being lazy and just copied from TOM_RUS's function list... Previously I had just been using FrameScript_Execute... but now I guess it is FrameScript_ExecuteBuffer.
7AE6A0 FrameScript_Execute
7ACB50 FrameScript_ExecuteBuffer

----------


## TOM_RUS

> Oops- sorry about that. Thanks Thongs. +rep Corrected it in my first post incase people don't read further.
> 
> I see what happened, I was being lazy and just copied from TOM_RUS's function list... Previously I had just been using FrameScript_Execute... but now I guess it is FrameScript_ExecuteBuffer.
> 7AE6A0 FrameScript_Execute
> 7ACB50 FrameScript_ExecuteBuffer


Some functions were renamed according to leaked Mac binary with functions names. And "FrameScript_ExecuteBuffer" was previously "FrameScript_Execute".

----------


## Freibeuter

public static uint Direct3D9__Device = 0xA7E20C;
public static uint Direct3D9__Device__OffsetA = 0x27E8;
public static uint Direct3D9__Device__OffsetB = 0xA8;
public static uint ClntObjMgrGetActivePlayerObjAddress = 0x3280;
public static uint Lua_DoStringAddress = 0x425A30;
public static uint Lua_GetLocalizedTextAddress = 0x1B22E0;

Are these addresses correct for 4.2.0.14333?
At this point
_Hook.DoString("DoEmote(\"Dance\")")_
Wow crashes. :-(

----------


## Xelper

Those look like the right addresses to me, I was using iHook about a week ago and those offsets match what I have in my app. Pasted them into Ryuk's example app and they work fine.You are running in DX9 mode correct?

----------


## Freibeuter

> Those look like the right addresses to me, I was using iHook about a week ago and those offsets match what I have in my app. Pasted them into Ryuk's example app and they work fine.You are running in DX9 mode correct?


Thanx for your help!

My Options:


Should be correct. (German Client)

----------


## kall12

hook is slow as **** .. even slower than my autoit hook ...

----------


## -Ryuk-

> hook is slow as **** .. even slower than my autoit hook ...


Then you sir... are doing it wrong  :Wink:

----------


## Naice

Hey Ryuk,

just checked your sample project and found it nice! good job

but i got a issue if i try "EnterWorld()" the wowclient crashes but sometimes it work. Any one who get the same error?

offsets:
public static uint Direct3D9__Device = 0xA7E20C;
public static uint Direct3D9__Device__OffsetA = 0x27E8;
public static uint Direct3D9__Device__OffsetB = 0xA8;
public static uint ClntObjMgrGetActivePlayerObjAddress = 0x3280;
public static uint Lua_DoStringAddress = 0x425C20;
public static uint Lua_GetLocalizedTextAddress = 0x1B25A0;

----------


## debiangrub

how i get wow 4.1 offset address？

---------- Post added at 12:14 PM ---------- Previous post was at 12:09 PM ----------

what tools or programe can get/watch the offset address like this????

how can I see offset 0xA7E20C 
where? what tools?

public static uint Direct3D9__Device = 0xA7E20C;
public static uint Direct3D9__Device__OffsetA = 0x27E8;
public static uint Direct3D9__Device__OffsetB = 0xA8;
public static uint ClntObjMgrGetActivePlayerObjAddress = 0x3280;
public static uint Lua_DoStringAddress = 0x425A30;
public static uint Lua_GetLocalizedTextAddress = 0x1B22E0;



thanks.

----------


## hamburger12

You can find it with ida or ollydbg

----------


## Chaak

Correct pointers for *[4.2.2.14545]*


```
        public static uint Direct3D9__Device = 0xA80D04;
        public static uint Direct3D9__Device__OffsetA = 0x27E8;
        public static uint Direct3D9__Device__OffsetB= 0xA8;
        public static uint ClntObjMgrGetActivePlayerObjAddress = 0x3410;
        public static uint Lua_DoStringAddress = 0x426870;
        public static uint Lua_GetLocalizedTextAddress = 0x1B2140;
```

----------


## sitnspinlock

so the whole purpose of this mess is to call a function within the context of the main thread right?

why not enumerate the threads in start time order.

write your bytecode to some arbitrary memory location.

hijack the context and profit? 

Im just confused why everyone is hooking endscene to call stuff like scriptexecutbuffer.

----------


## MaiN

> so the whole purpose of this mess is to call a function within the context of the main thread right?
> 
> why not enumerate the threads in start time order.
> 
> write your bytecode to some arbitrary memory location.
> 
> hijack the context and profit? 
> 
> Im just confused why everyone is hooking endscene to call stuff like scriptexecutbuffer.


Threading issues... Have fun calling FrameScript_ExecuteBuffer if you hijack the main thread while it is in the middle of anything with Lua.

----------


## Cypher

> Threading issues... Have fun calling FrameScript_ExecuteBuffer if you hijack the main thread while it is in the middle of anything with Lua.


^ This.

Plus, hooking EndScene gives you a decent 'pulse' callback for your bot.

----------


## sitnspinlock

I must just be lucky then ;p

haven't had anything happen yet as far as a crash is concerned  :Smile:

----------


## Cypher

> I must just be lucky then ;p
> 
> haven't had anything happen yet as far as a crash is concerned


Race conditions are sporadic by nature.

----------


## levela13

Hey!

First of all, thanks for writing iHook, it's great, I'm noob enough to have a problem with it  :Big Grin: 

My goal was to code a program in c# which warns the user, if his random dungeon group is ready. 
Using your attached example, I managed to hook with the Wow.exe, tested some API stuff (got them from here) (Google <3) .
My problem is, that I can't manage to get "GetLFGProposal" to work. 


```
Hook.DoString("lfg = GetLFGProposal()");
Console.WriteLine(Hook.GetLocalizedText("lfg"));
```

I tried this ^ but it doesn't return anything.

What I noticed is that "proposalExists" is a flag, not a string, still I don't know how to handle this problem. I tried with multiple syntaxes, etc, none working for me. I'm sure this is possible somehow, because the rest of the API is working flawlessly, (primitive stuff like dancing etc.) I'm just stuck with this.

Thanks in forward!

----------


## -Ryuk-

> Hey!
> 
> First of all, thanks for writing iHook, it's great, I'm noob enough to have a problem with it 
> 
> My goal was to code a program in c# which warns the user, if his random dungeon group is ready. 
> Using your attached example, I managed to hook with the Wow.exe, tested some API stuff (got them from here) (Google <3) .
> My problem is, that I can't manage to get "GetLFGProposal" to work. 
> 
> 
> ...


Hey

Try this(untested):



```
Hook.DoString("proposalExists, typeID, id, name, texture, role, hasResponded, totalEncounters, completedEncounters, numMembers, isLeader = GetLFGProposal();");
Console.WriteLone(hook.GetLocalizedText("propsalExists");

```

----------


## levela13

> Hey
> 
> Try this(untested):
> 
> 
> 
> ```
> Hook.DoString("proposalExists, typeID, id, name, texture, role, hasResponded, totalEncounters, completedEncounters, numMembers, isLeader = GetLFGProposal();");
> Console.WriteLone(hook.GetLocalizedText("propsalExists");
> ...


Still doesnt return anything  :Frown: 

P.s: I found another way: I check the minimap displaywith GetMinimapZoneText(), start a loop, scan it again until it changes, and if it changes, play sound etc. Don't know if it works, but it should, in theory. Yet I want to know how this GetLFGProposal(); works.

----------


## MaiN

..just do:


```
Hook.DoString("if GetLFGProposal() then proposalExists = \"1\" else proposalExists = \"0\" end");
bool proposalExists = Hook.GetLocalizedText("proposalExists") == "1";
```

----------


## levela13

> ..just do:
> 
> 
> ```
> Hook.DoString("if GetLFGProposal() then proposalExists = \"1\" else proposalExists = \"0\" end");
> bool proposalExists = Hook.GetLocalizedText("proposalExists") == "1";
> ```


Not working  :Frown:

----------


## MaiN

> Not working


Then you are doing something wrong. I think GetLocalizedText has issues with bools, but it definitely doesn't have issues with strings.

----------


## -Ryuk-

> Not working


Are you using the correct addresses?

It could be that the method I used in the dll is now broken :P

----------


## serock1

> Hey!
> 
> First of all, thanks for writing iHook, it's great, I'm noob enough to have a problem with it 
> 
> My goal was to code a program in c# which warns the user, if his random dungeon group is ready. 
> Using your attached example, I managed to hook with the Wow.exe, tested some API stuff (got them from here) (Google <3) .
> My problem is, that I can't manage to get "GetLFGProposal" to work. 
> 
> 
> ...


Three chances can cause 'doesnt work' or 'doesnt return anything'. 'DoString()', 'GetLFGProposal()' or 'GetLocalizedText()' work incorrectly. I think it is helpful to debug them individually.

e.g.

1. Execute the code below IN GAME, instead of using 'DoString()', to check what happened on 'GetLFGProposal()'


```
/run print(GetLFGProposal())
```

2. If 'GetLFGProposal()' works fine, try C# code below, and check the result in game:


```
Hook.DoString("print(GetLFGProposal())");
```

3. Check anything else, etc.

GL

----------


## ~Unknown~

> Are you using the correct addresses?
> 
> It could be that the method I used in the dll is now broken :P



He's doing something wrong. I use your ihook extensively in my private bot. It works great. Thanks btw.


*EDIT Not sure if this matter but according to API GetLFGProposal - WoWWiki - Your guide to the World of Warcraft this call expects a ; after the call. Add that and see if it works properly.

----------


## levela13

GOT IT WORKING!!!

Thanks guys, for all your help. MaiN's code*is*working, maybe I was too bored to get it working. (been working 12+h with this ****).
Thanks serock1 for your step-by-step hint, it helped a lot!
I'm planning on implementing more features in the future , but that's a long way to go.
Another question: Should I/May I(?) release a version to the public? (open source)

----------


## LegacyAX

+Repx3 for this lib, I know its older but def. something to test out  :Smile:  tyvm

----------


## Vandra

A little tip about this that drive me crazy for 3 hours, Xfire client and logitech Gxx driver (like g15) are hooking endscene and may cause iHook to crash wow.

----------


## Cypher

> A little tip about this that drive me crazy for 3 hours, Xfire client and logitech Gxx driver (like g15) are hooking endscene and may cause iHook to crash wow.



This right here is why you should use a disassembler to dynamically generate trampolines in your hooking library (so you can support hook chains without crashing).

----------


## Vandra

> This right here is why you should use a disassembler to dynamically generate trampolines in your hooking library (so you can support hook chains without crashing).


Can this be done without iHook sourcecode ? (i kind of sucks with asm)

----------


## streppel

well,just look how logitech/xfire hooks it,and in the easiest case,copy their jmp statement and put it at the end of your hook.
idk about ihook,but this would be how you'd do it in pure asm,not?

----------


## Cypher

> Can this be done without iHook sourcecode ? (i kind of sucks with asm)


Huh? What I'm suggesting is just a general approach to solving this problem with any hooking library. You will of course need the source code to the hooking library if you want to modify it to support that feature.




> well,just look how logitech/xfire hooks it,and in the easiest case,copy their jmp statement and put it at the end of your hook.
> idk about ihook,but this would be how you'd do it in pure asm,not?


A better solution is to embed a disassembler like BeaEngine into your library so you can generate the trampoline and resolve any jumps etc at runtime.

----------


## _Mike

> You will of course need the source code to the hooking library if you want to modify it to support that feature.


Or you could hook the hooking code. And if you decide to add additional features later on.. hook the hooking code hook..  :Stick Out Tongue: 
*Waiting for someone to release an iHook hook hook hook hook hooking library*

----------


## Cypher

> Or you could hook the hooking code. And if you decide to add additional features later on.. hook the hooking code hook.. 
> *Waiting for someone to release an iHook hook hook hook hook hooking library*




(Lol :P)

----------


## ranassa

that means i have use the vs 2010,right?

----------


## Mirro

Dont work at 4.3.0 15005 ptr patch.

I use next Offsets:

public static uint Direct3D9__Device = 0xABF2FC;
public static uint Direct3D9__Device__OffsetA = 0x27f8;
public static uint Direct3D9__Device__OffsetB= 0xB0;
public static uint ClntObjMgrGetActivePlayerObjAddress = 0x34B0;
 public static uint Lua_DoStringAddress = 0x43C010;
public static uint Lua_GetLocalizedTextAddress = 0x1BB0C0;

Help pls.

----------


## Sacred

> Dont work at 4.3.0 15005 ptr patch.
> 
> I use next Offsets:
> 
> public static uint Direct3D9__Device = 0xABF2FC;
> public static uint Direct3D9__Device__OffsetA = 0x27f8;
> public static uint Direct3D9__Device__OffsetB= 0xB0;
> public static uint ClntObjMgrGetActivePlayerObjAddress = 0x34B0;
> public static uint Lua_DoStringAddress = 0x43C010;
> ...


 public static uint Direct3D9__Device__OffsetB = 0xA8

----------


## Mirro

Thank!!! All work.

----------


## simplecan

*Offsets to [4.3.0.15005]*


```
        public static uint Direct3D9__Device = 0xABF2FC;
        public static uint Direct3D9__Device__OffsetA = 0x27F8;
        public static uint Direct3D9__Device__OffsetB = 0xA8;
        public static uint ClntObjMgrGetActivePlayerObjAddress = 0x34B0;
        public static uint Lua_DoStringAddress = 0x43C010;
        public static uint Lua_GetLocalizedTextAddress = 0x1BB0C0;
```

p.s. Thx for this library !

----------


## Edder

Nice dll, but it doesnt work for clients <= 3.3.5a because of the BaseAddress use in the dll?!

edit: well it does work, but you have to write your own DoString function without the BaseAddress, am I right?

----------


## akarner

Since Patch 4.3 its impossible for me to get the LocalizedText from LUA ... i used the simplest example (with latest offsets)



> Hook.DoString("freeslots = GetContainerNumFreeSlots(0) + GetContainerNumFreeSlots(1) + GetContainerNumFreeSlots(2) + GetContainerNumFreeSlots(3) + GetContainerNumFreeSlots(4)");
> Console.WriteLine("Bag Space: " + Hook.GetLocalizedText("freeslots"));


But my Client crashes, when i run this...
please help

----------


## Vandra

> Since Patch 4.3 its impossible for me to get the LocalizedText from LUA ... i used the simplest example (with latest offsets)
> 
> 
> But my Client crashes, when i run this...
> please help


Which offsets are you using ?

----------


## vitecp

Can I use this DLL to Hook.DoString("InteractUnit(unit)"); ??

----------


## lasbat

4.3.3.15354


```
public static uint Direct3D9__Device = 0xABD694;      
public static uint Direct3D9__Device__OffsetA = 0x2800;
public static uint Direct3D9__Device__OffsetB = 0xA8;
public static uint ClntObjMgrGetActivePlayerObjAddress = 0x3200;
public static uint Lua_DoStringAddress = 0x43A810;
public static uint Lua_GetLocalizedTextAddress = 0x1BB6E0;
```

tested and working with these

and btw
GetLocalizedText doesnt work on russian realms: returns ?????????(and it is really "?" tried to decode it, but no luck) <- can anyone help with that?

----------


## Wildbreath

try to read a byte buffer from GetLocalizedText return ptr and encode it with Encoding.UTF8.GetString(buffer)

----------


## eracer

5.0.5.16057



```
        public static uint Direct3D9__Device = 0xAD773C;
        public static uint Direct3D9__Device__OffsetA = 0x27F8;
        public static uint Direct3D9__Device__OffsetB = 0xA8;
        public static uint ClntObjMgrGetActivePlayerObjAddress = 0x34D0;
        public static uint Lua_DoStringAddress = 0x75350;
        public static uint Lua_GetLocalizedTextAddress = 0x48D7F0;
```

I tried the example project with these updated offsets, both with and without administrator privileges but it crashes every time at Hook.DoString("DoEmote(\"Dance\")");

Edit: I was wrong, it is crashing at Hook.Appy

----------


## ~Unknown~

> 5.0.5.16057
> 
> 
> 
> ```
>         public static uint Direct3D9__Device = 0xAD773C;
>         public static uint Direct3D9__Device__OffsetA = 0x27F8;
>         public static uint Direct3D9__Device__OffsetB = 0xA8;
>         public static uint ClntObjMgrGetActivePlayerObjAddress = 0x34D0;
> ...


Your app is running as administrator as well as the 32bit wow exe? I have no problems with the library at the time of posting.

----------


## -Ryuk-

> Your app is running as administrator as well as the 32bit wow exe? I have no problems with the library at the time of posting.


Hook.Apply will crash if you/wow are not admin and if you have invalid addresses.

----------


## eracer

I found out it is because I am running windows 8, the exact same solution works fine in windows 7.

----------


## ~Unknown~

> I found out it is because I am running windows 8, the exact same solution works fine in windows 7.


Ha, I tried out Windows 8 and am not sure if I like it or not. For future compatibility you are suggesting it still doesn't work on Windows 8 or it does function now?

----------


## eracer

iHook won't work on windows 8 the way it is currently because the endscene functions that are hooked/detoured are different on windows 8.

Win 7 EndScene looks like (5 bytes)
----------------------------------------
mov edi, edi
push ebp
mov ebp, esp

Win 8 EndScene looks like this (7 bytes)
------------------------------------
push 14
mov eax, d3d9.dll+149A0C

I ended up writing my own version of iHook that uses BeaEngine to disassemble the functions so it can work on both win7 and win8 so I know iHook could do something similar but that would be up to Ryuk since it is closed source.

----------


## Jeepers

I'm having some weird problems here... The Hook is properly applied and Hook.doString() works just fine, but whenever i try to inject asm my wow (32*,admin) just crashes...

here's the code for my ctm-func:


```
internal void ClickToMove(Single x, Single y, Single z, UInt64 guid = 0, Int32 action = 0x4, Single precision = 2.5f)
        {
            // Allocate Memory:
            UInt32 Pos_Codecave = Memory.AllocateMemory(0x4 * 3);
            UInt32 GUID_Codecave = Memory.AllocateMemory(0x8);
            UInt32 Precision_Codecave = Memory.AllocateMemory(0x4);
            // Write value:
            Memory.Write<UInt64>(GUID_Codecave, guid);
            Memory.Write<float>(Precision_Codecave, precision);
            Memory.Write<float>(Pos_Codecave, x);
            Memory.Write<float>(Pos_Codecave + 0x4, y);
            Memory.Write<float>(Pos_Codecave + 0x8, z);
            // BOOL __thiscall CGPlayer_C__ClickToMove(WoWActivePlayer *this, CLICKTOMOVETYPE clickType, WGUID *interactGuid, WOWPOS *clickPos, float precision)
            string[] asm = new string[]
            {
                "mov edx, [" + Precision_Codecave + "]",
                "push edx",
                "call " + (uint)Offsets.Global.ClntObjMgrGetActivePlayerObj+Memory.BaseAddress,
                "mov ecx, eax",
                "push " + Pos_Codecave,
                "push " + GUID_Codecave,
                "push " + action,
                "call " + (uint)Offsets.CTM.CGPlayer_C__ClickToMove+Memory.BaseAddress,
                "retn",
            };
            Hook.InjectAndExecute(asm);
            Memory.FreeMemory(Pos_Codecave);
            Memory.FreeMemory(GUID_Codecave);
            Memory.FreeMemory(Precision_Codecave);
        }
//Offsets used:
            FrameScript_ExecuteBuffer = 0x75350,            // 5.0.5
            ClntObjMgrGetActivePlayerObj = 0x4034D0,        // 5.0.5
            FrameScript__GetLocalizedText = 0x48D7F0,       // 5.0.5
            Direct3D9__Device = 0xAD773C,                   // 5.0.5
            Direct3D9__Device__OffsetA = 0x27F8,            // 5.0.5
            Direct3D9__Device__OffsetB = 0xA8,              // 5.0.5
            CGPlayer_C__ClickToMove = 0x493760,             // 5.0.5
```

Anyone else ever experienced this? I would really appreciate your help ;D

----------


## Frosttall

> I'm having some weird problems here... The Hook is properly applied and Hook.doString() works just fine, but whenever i try to inject asm my wow (32*,admin) just crashes...
> 
> here's the code for my ctm-func:
> 
> 
> ```
> internal void ClickToMove(Single x, Single y, Single z, UInt64 guid = 0, Int32 action = 0x4, Single precision = 2.5f)
>         {
>             // Allocate Memory:
> ...


Try it with 


```
                "push [" + Pos_Codecave + "]",
                "push [" + GUID_Codecave + "]",
                "push [" + action + "]",
```

Even if a codecave (or injection in general) isn't required at all, but this should work  :Wink:

----------


## Jeepers

Okay... just tried that - didnt work ;D

i get two Exceptions everytime i try to inject ASM...(should have mentioned that earlier^^)



```
Exception : 
System.Exception: Assembly failed! Error code: -120; Error Line: 5
 at Fasm.ManagedFasm.Inject(IntPtr hProcess, UInt32 dwAdress)
 at Fasm.ManagedFasm.Inject(UInt32 dwAdress)
 at (Object, UInt 32)
 at iHook.Hook. (String[], UInt32)
```



```
Exception:
System.Exception: Could not write the specified bytes! 05FF0000 [5]
 at iHook.Memory.WriteBytes(UInt32 adress, Byte[] val)
 at iHook.Hook.InjectAndExecute(String [] ASM)
```

These exceptions even occur when i leave the string array empty... i just wonder why this is happening, because "doString" is injecting asm as well and is working...

----------


## DarkLinux

Directx should not change depending on your operating system. It will change if your using a different version of Directx. -_- You must be doing something wrong lols. My hook works on windows 7 and windows 8. Would love to see a screen shot to see the differences  :Big Grin:

----------


## eracer

Windows 7 EndScene d3d9.dll ver 6.1.7601.17514



Windows 8 EndScene d3d9.dll ver 6.2.9200.16384

----------


## -Ryuk-

*06/11/2012 : iHook's code is now available at: https://dl.dropbox.com/u/7923805/MMOwned/iHook.rar*

----------


## Edder

Thank you Ryuk, awesome. +rep

----------


## hb123220

> iHook won't work on windows 8 the way it is currently because the endscene functions that are hooked/detoured are different on windows 8.
> 
> Win 7 EndScene looks like (5 bytes)
> ----------------------------------------
> mov edi, edi
> push ebp
> mov ebp, esp
> 
> Win 8 EndScene looks like this (7 bytes)
> ...


thx,eracer. Now i understand why my bot doesn't work on Windows 8,, where should i hook EndScene on Win8  :Frown:  ..

----------


## _Mike

> thx,eracer. Now i understand why my bot doesn't work on Windows 8,, where should i hook EndScene on Win8  ..


Eracer already told you what to do. Use BeaEngine and a JIT assembler.
Or just take the easy road and overwrite the vtable entry.  :Smile:

----------


## TOM_RUS

> Or just take the easy road and overwrite the vtable entry.


Isn't it the best way? Easier, faster, no ASM required etc...

----------


## Master674

> Isn't it the best way? Easier, faster, no ASM required etc...


The best way is to create a dummy device, get your pointers and destroy it.
That way it will work for all games and any os.

----------


## TOM_RUS

> The best way is to create a dummy device, get your pointers and destroy it.
> That way it will work for all games and any os.


And hooking device vtable won't work for all games and any os?

----------


## Master674

> And hooking device vtable won't work for all games and any os?


Why not? Thats what I said. I'm getting the VMT pointers and hook on that function, doesn't matter at all if you overwrite the vmt pointer itself and store the previous value or if you let your detour interface generate a trampoline... ?!

----------


## _Mike

> Isn't it the best way? Easier, faster, no ASM required etc...


Depends on what your goals are; Maybe the person I quoted might learn something new by making a dynamic hooking library  :Smile: 
But yes, personally I always use vtable hooking whenever possible.




> The best way is to create a dummy device, get your pointers and destroy it.
> That way it will work for all games and any os.


I remember Cypher saying something about it having issues in some specific games. Your creation parameters has to exactly match the game's device or something like that.

----------


## Kristina520

Updated Addresses, See First Post!

----------


## siriuz

Sample project isn't working for me

used offsets:


```
        public static uint Direct3D9__Device = 0xB18ADC;
        public static uint Direct3D9__Device__OffsetA = 0x2808;
        public static uint Direct3D9__Device__OffsetB = 0xA8;
        public static uint ClntObjMgrGetActivePlayerObjAddress = 0x33E0;
        public static uint Lua_DoStringAddress = 0x75AC0;
        public static uint Lua_GetLocalizedTextAddress = 0x4AB6A0;
```

GetEndscene() returns 0 so it crashes at Hook.Apply()

Both wow.exe and the example app are running with admin rights

Any clues?

----------


## ccKep

> Any clues?


Sure your game isn't running in DX11 mode?

----------


## siriuz

Ahh damm it doesn't work with DX11? Thats a pity :-/

But thx 4 letting me know anyway.

----------


## Frosttall

> Ahh damm it doesn't work with DX11? Thats a pity :-/
> 
> But thx 4 letting me know anyway.


What? Seriously? A DirectX 9 function doesn't work with DirectX 11?..... :Roll Eyes (Sarcastic): 

P.S. Hook SwapChain to get it work with DirectX 11

----------


## siriuz

> What? Seriously? A DirectX 9 function doesn't work with DirectX 11?.....
> 
> P.S. Hook SwapChain to get it work with DirectX 11


I'm very new to this, so does this mean there is a way to get Hook.Apply() from iHook work with DX11?

----------


## CellPunk

> I'm very new to this, so does this mean there is a way to get Hook.Apply() from iHook work with DX11?


You're going to have to find the offsets for the DX11 functions. I'd suggest looking in to assembly and how memory/library injection before trying to rewrite something like this.

----------


## DarkLinux

I think its his own static hook, so it would only work on D3D9. If the hook was dynamic it should work, but you could not apply it to EndScene as its not used in D3D11.

----------


## citrot

Edited: i would like to delete this post.

----------


## Achilees

Has anyone able to get this to work for 1.12 I am stuck at figuring out
public static uint Direct3D9__Device = ????;
public static uint Direct3D9__Device__OffsetA = ???;
public static uint Direct3D9__Device__OffsetB= ???;

and 
public static uint Lua_DoStringAddress = ??;
public static uint Lua_GetLocalizedTextAddress = ???;

Also i am assuming have to deal with DirectX11 diffrently ?

----------


## DarkLinux

> Has anyone able to get this to work for 1.12 I am stuck at figuring out
> public static uint Direct3D9__Device = ????;
> public static uint Direct3D9__Device__OffsetA = ???;
> public static uint Direct3D9__Device__OffsetB= ???;
> 
> and 
> public static uint Lua_DoStringAddress = ??;
> public static uint Lua_GetLocalizedTextAddress = ???;
> 
> Also i am assuming have to deal with DirectX11 diffrently ?


It will not work with 1.12.1 b/c its a __fastcall. Just take a look at this thread http://www.ownedcore.com/forums/worl...mp-thread.html ([WoW] 1.12.1.5875 Info Dump Thread)

----------


## Smarter

Anyone still have a copy of the source for this? Looking for all the reading material i can find.

----------

