# Forum > World of Warcraft > World of Warcraft Bots and Programs > WoW Memory Editing > [Hack] / [Bot] 1.12.1 WoW Bot Source Code

## Corthezz

Edit: Someone decided to host a repository of this project: GitHub - acidburn974/CorthezzWoWBot: Bot for WoW Vanilla from OwnedCore: http://www.ownedcore.com/forums/world-of-warcraft/world-of-warcraft-bots-programs/wow-memory-editing/515591-bot-1-12-1-wow-bot-source-code.html (this is not hosted by me)

Hello,
After a lot of thoughts I finally want to share my 1.12.1 bot source code with everyone. It includes a lot of different modes aswell a teleport method stil working on Feenix.
I started programming out of the purpose to have a bot for WoW 1.12.1. I dont bothered about standarts or anything else. As long as it worked it worked. In conclusion the source code is maybe the biggest crap you will ever see but w/e.

This video mostly consits of features implemented in the bot:

YouTube

Furthermore thanks to the people mentioned in the screenshot:



I think its most important to say this here since the whole bot wouldnt be possible without the mentioned people. Namreeb who explained me how WoW handles packets, Cencil who gave me probably 90% of my function pointers and all the other people without this bot wouldnt be possible. Thanks a lot to you.

Download:
Filebeam - Beam up that File Scottie!

Also check out my blog Zzuk's stuff if you find a minute (backlink to Ownedcore included)

Enjoy!

----------


## DarkLinux

Nice release  :Big Grin:

----------


## Corthezz

102 downloads, 1 comment. Keep them coming :P




> Nice release


Thanks

----------


## Vandra

Awesome release man thanks for the community !

----------


## bobtehnerd

Thanks for the upload mate.

----------


## R4zyel

+Rep.

Everything to **** feenix is welcomed.

----------


## Trollsy

Thanks. But Im getting one problem, if I start it up and attach it, I get an "endscene has already been modified, not attaching" error. No idea what to do.

Still, good of you to release it.

----------


## DarkLinux

> Thanks. But Im getting one problem, if I start it up and attach it, I get an "endscene has already been modified, not attaching" error. No idea what to do.
> 
> Still, good of you to release it.


You cant attach OBS, Fraps... Programs like overwolf auto attach with out you knowing. So just close any programs like that.

----------


## Trollsy

> You cant attach OBS, Fraps... Programs like overwolf auto attach with out you knowing. So just close any programs like that.



I don't have any programs besides WoW running. Was this programmed for a specific private server or can I use it on any 1.12 servers?? And I appreciate the help.

----------


## DarkLinux

Should work on any 1.12.1 server. And the only way you would get that error message is if your hooking endscene or running wins 8.

----------


## Trollsy

I am running windows 8. Any way to get around that??

----------


## DarkLinux

In Offsets.cs change up,



```
internal static readonly byte[] EndSceneOriginal = new byte[5] { 0x8B, 0xFF, 0x55, 0x8B, 0xEC };
```

or in GetEndscene.cs



```
private static byte[] oldBytes = new byte[] { 0xFF, 0x91, 0xA8, 0x00, 0x00, 0x00 };
```

to whatever you have...


fallow,


```
        private static uint IsSceneEnd = 0x5A17B6;
        private static uint IsSceneEnd2 = 0x5A17B6 + 0x6;
```

to get the byte array.

----------


## Trollsy

I tried to be a brave little soldier and figure out what you're talking about, but I dont have a clue. Lol.

----------


## prospectingemu

> I tried to be a brave little soldier and figure out what you're talking about, but I dont have a clue. Lol.


I wouldn't use this on any account you care about if you don't understand what the code is doing. Nost can detect some of the patches this applies when you attach (LUA unlock and Lootpatch)

----------


## Trollsy

I don't care if I get banned. Never played WoW before, just want to mess around with some bots to see what they can do. Basically my buddy started playing a new server, and I want to help him out by any means, if I get banned...so be it.

----------


## prospectingemu

I wasn't trying to discourage you from playing with the source, that's what it's there for - just be aware the patches it applies will get you banned (or just kicked?) when warden scans it

----------


## DarkLinux

Received a couple of pm's, so...

Find this, and anything else that uses the same byte array,


```
internal static readonly byte[] EndSceneOriginal = new byte[5] { 0x8B, 0xFF, 0x55, 0x8B, 0xEC };
```

and replace it with,


```
internal static readonly byte[] EndSceneOriginal = new byte[5] { 0x6A, 0x14, 0xB8, 0x0C, 0x9A };
```

Pulled this from a windows 8 VM, hope its the same for 8.1 or even 10...

----------


## Vandra

> Received a couple of pm's, so...
> 
> Find this, and anything else that uses the same byte array,
> 
> 
> ```
> internal static readonly byte[] EndSceneOriginal = new byte[5] { 0x8B, 0xFF, 0x55, 0x8B, 0xEC };
> ```
> 
> ...


Hmm where did you find that array ?
I checked and i don't have this (on 8.1 btw)

----------


## namreeb

Or just remove the check since it likely serves no purpose.

----------


## dognip40

LF someone to add something to this, or modify it (or simply re-code me a new peice of software). I'll pay well, PM me for more information

----------


## Silbi

Can someone give an example for a CustomClass to use the grinding feature of the bot? 
To be more precise I need the file the bot requests when wanting to start grinding with a class (mage, etc).

----------


## prospectingemu

> Can someone give an example for a CustomClass to use the grinding feature of the bot? 
> To be more precise I need the file the bot requests when wanting to start grinding with a class (mage, etc).


The template is essentially in the source under custom classes but here is an example. Place the files in release/CustomClasses folder
*This will not run, it has functions not included in the bot source posted in this thread*


```
using System;
using System.Collections.Generic;
using System.Text;
using System.Diagnostics;
using BotTemplate.Engines.CustomClass;

namespace CCs
{
    public class Rogue : CustomClass
    {

        public override byte DesignedForClass
        {
            get
            {
                return 4;//Class number (1-9)
            }
        }

        public override string Name
        {
            get
            {
                return "Rogue";
            }
        }

        public override void Fight()
        {
            int Energy = (int)this.playerEnergy;
            int ComboPoint = this.ComboPoints;

            Attack();


            if (this.TotalAdds >= 2)
            {
                if(this.IsReady("Adrenaline Rush")){
                    this.Cast("Adrenaline Rush", false);
                }

                if (this.IsReady("Blood Fury")){
                    this.Cast("Blood Fury", false);
                }

                if(Energy >= 25 && this.IsReady("Blade Flurry")){
                    this.Cast("Blade Flurry", false);
                }

                if (this.IsReady("Evasion"))
                {
                    this.Cast("Evasion", false);
                }
            }
            if (Energy <= 20)
            {
                return;
            }

            if (Energy >= 35)
            {
                if (this.shouldWeEviscerate() || ComboPoint == 5)
                {
                    this.Cast("Eviscerate", false);
                }
            }

            if (Energy >= 25)
            {
                if ((!this.PlayerHasBuff("Slice and Dice") ||
                    this.getSliceAndDiceDuration() <= 2.0) &&
                    !this.shouldWeEviscerate() && ComboPoint > 0)
                {
                    this.Cast("Slice and Dice", false);
                }
                else
                {
                    if (Energy >= 40)
                    {
                        this.Cast("Sinister Strike", false);
                    }
                }
            }


        }



        public override bool BuffRoutine()
        {
            if (ItemCount("Instant Poison V") != 0) //bugged?
            {
                if (!this.IsMainHandEnchanted())
                {
                    this.ApplyMainhand("Instant Poison V");
                    System.Threading.Thread.Sleep(4000);
                    return false;
                } 
                if (!this.IsOffHandEnchanted())
                {
                    this.ApplyOffhand("Instant Poison V");
                    System.Threading.Thread.Sleep(4000);
                    return false;
                }
                return true;
            }
            return true;
        }
    }
```

----------


## thakrage

> Hmm where did you find that array ?
> I checked and i don't have this (on 8.1 btw)


I too would like to know how you're finding those bytes.
I'm on Windows 8.1 and the windows 8 values do not work.

----------


## namreeb

> Or just remove the check since it likely serves no purpose.


Yet again an answer that is being ignored...

----------


## DarkLinux

> Yet again an answer that is being ignored...


But on ejection the game would crash, so you would also need to patch that... Not like thats hard or a bad idea... If they understood what was going on the logical simple fix would be to remove the check, but they dont, so they base their actions off who gives the most information. You know, something simple to start with, like an array to search for, a concept is just to complex  :Big Grin:  They are not ignoring your post out of spite, they just dont understand.

----------


## pinny

I get



> A first chance exception of type 'System.ComponentModel.Win32Exception' occurred in System.dll


upon attempting to Attach in the output.

Thanks for the upload though.

On this same particular client i'm using I also would get ERROR_ACCESS_DENIED when I tried to OpenProcess on the client in C++ with (PROCESS_VM_READ|PROCESS_VM_WRITE), but I could open the process with PROCESS_QUERY_INFORMATION. Any ideas on how I can bypass this with either your C# solution or in c++?

----------


## Bioaim

I just don't get it to work on Windows 8.1..

changed the array to:



```
internal static readonly byte[] EndSceneOriginal = new byte[5] { 0x53, 0x56, 0x57, 0x8B, 0xF9};
```


Here's a picture of the EndScene in Ollydbg.


What am i doing wrong? :O

----------


## Silbi

> I just don't get it to work on Windows 8.1..
> 
> changed the array to:
> 
> 
> 
> ```
> internal static readonly byte[] EndSceneOriginal = new byte[5] { 0x53, 0x56, 0x57, 0x8B, 0xF9};
> ```
> ...



It would be awesome if someone could explain how to find / get the right values.

----------


## namreeb

It would be awesome if someone would read how I said you can remove that check and you don't need the right values.

----------


## Silbi

> It would be awesome if someone would read how I said you can remove that check and you don't need the right values.


I've already removed it before posting the request and it crashes WOW.exe when attaching it - so it doesn't work...

----------


## nomabond

> It would be awesome if someone would read how I said you can remove that check and you don't need the right values.


Why be a jerk about it? Just explain with a marginal amount more effort and detail and all questions will be answered.

----------


## namreeb

> Why be a jerk about it? Just explain with a marginal amount more effort and detail and all questions will be answered.


I wasn't being a jerk, nor was I asking a question. I was pointing out that I had *answered* a question (with a level of detail that should make it understandable to the target audience of this forum), and my answer was ignored.

You have been registered on this site for a year, and your first post is a total fck up. Congratulations.

That's being a jerk.

----------


## nomabond

> I wasn't being a jerk, nor was I asking a question. I was pointing out that I had *answered* a question (with a level of detail that should make it understandable to the target audience of this forum), and my answer was ignored.
> 
> You have been registered on this site for a year, and your first post is a total fck up. Congratulations.
> 
> That's being a jerk.


I think you missed something here. No one said you were asking a question. I was saying if you put in a tiny amount of effort to further explain yourself then people would stop asking. But then what would happen to your ego?

----------


## Frosttall

> I think you missed something here. No one said you were asking a question. I was saying if you put in a tiny amount of effort to further explain yourself then people would stop asking. But then what would happen to your ego?


Well, I guess he is trying to refer you to the rules of this section:



> *This section is more advanced than others on OwnedCore* Read the section specific rules, infractions will be given out if u break them! That is including the expectations! - If you don't meet them then don't post


People over here don't like it to spoonfeed and paraphrase theirs answers in a way, which you'll only understand, if you're into the topic and know the basics. Those people in this thread, which are struggeling with his answer, lack of the required knowledge for this section and should come back at a later point. 

Answers in this forum seldom go into every single detail, but provide the crucial bit which should lead you to the final solution.

----------


## Jadd

Are we really arguing about not being able to understand something as simple as "remove it because it isn't needed?"

----------


## namreeb

> I think you missed something here. No one said you were asking a question. I was saying if you put in a tiny amount of effort to further explain yourself then people would stop asking. But then what would happen to your ego?


My mistake. I took this part as implying you thought that I was asking a question which was unanswered:




> Just explain with a marginal amount more effort and detail and all questions will be answered.


My original point was that I had provided what was (in my opinion) a reasonable explanation for a possible solution to this guy's problem. Nobody had asked any questions about it, they just kept asking the same question. Eventually someone did ask a question, but I frankly am not interested in debugging the author's code to find the source of the problem. If that comes off as egotistical, I apologize. It is only meant to come off as lazy and/or uninterested.

----------


## MaiN

> My mistake. I took this part as implying you thought that I was asking a question which was unanswered:
> 
> 
> 
> My original point was that I had provided what was (in my opinion) a reasonable explanation for a possible solution to this guy's problem. Nobody had asked any questions about it, they just kept asking the same question. Eventually someone did ask a question, but I frankly am not interested in debugging the author's code to find the source of the problem. If that comes off as egotistical, I apologize. It is only meant to come off as lazy and/or uninterested.


It's not really a good solution, and probably unrelated to the author's code.
I will bet you that the check is there because the trampoline is either hardcoded to emulate instructions for those 5 bytes (in which case when the check fails, it will probably fail to emulate the prologue instructions correctly), or the trampoline is created from the original 5 bytes; but even if it is, then just removing the check will still fail if the 5 first bytes do not fall on an instruction boundary, or if the first five bytes contain relative jumps.

I wouldn't really say that it's unlikely that the check serves a purpose.

----------


## Corthezz

The reason why I didnt replied to those questions was that the release of this source wasnt meant to be a ready to go bot but rather a way to show people how I started with memory editing and help users with their first few steps.
If you are not interested into learning something from the source solving the issue with the check also wont help getting a working binary since the bot itself is pretty outdated and has other flaws which also need to be taken care of first.

I placed a jmp which lead towards my codecave. 
To tell if the bot is already attached to a selected process I read the first five bytes of EndScene and compare them to the bytes I stored statically which are the original bytes under Windows 7. If they are not equal (aka some program modified the EndScene) the bot wont attach.
The original bytes being overwritten by my jmp are then executed at the beginning of my codecave. Like MaiN already assumed those bytes are static and equals the first 5 bytes on Windows 7 resulting in a crash if you are using a different version (Windows 8 and above instructions are different).

Actually GreyMagic has a pretty cool approach on hooking functions which is way more dynamic then my way.

----------


## MaiN

I would suggest looking at HadesMem and how it does dynamic hooking. It uses Udis86 and also supports emulating relative instructions in the trampoline.
Using a disassembler is definitely the best way to solve this problem, and a much better solution than what GreyMagic does (but hey, it works for the 99.99%).

EDIT: Also you can see how to do 64-bit hooking in HadesMem, although I'm not quite sure it achieves a perfect trampoline emulation implementation. 64-bit is a lot harder because of the innate RIP-relative addressing support in all memory operands.

----------


## mikeymike

anyone still trying to figure this out? i need a windows 8 and windows 7 tester to see if my EndScene ect works, as of now i know it works 100% on 8.1, even added mesh navigation for it.

----------


## schmiddi

hey anyone got the array for windows 10 ?

found out this "0x6A, 0x20, 0xB8, 0x99, 0x2F" but game keeps crashing  :Frown:

----------


## auroraling

anybody could tell me how to make a grind profile?plz tell me the profile syntax,tks a lot

----------


## Basti229

Link down please reup

----------


## xiathys

> Link down please reup


Looking to get this as well  :Frown:

----------


## lolp1

Not sure who the person is who uploaded it, but I saw it on a GitHub the other day randomly when searching for a friends project.

https://github.com/acidburn974/CorthezzWoWBot

----------


## xiathys

Gentleman and a scholar, thank you sir!

----------


## Rodney Aaron Cheney

For anyone interested I'm new here and have some stuff to add if you like

If you are like me and do not like the fact it removes some layer of the world then you can fix this by removing these lines from engine.cs


```
 BmWrapper.memory.WriteUInt(0x00C7B2A4, 0);
 BmWrapper.memory.WriteUInt(0x00C7B2A4, 0x0F110B73);
```

you will notice that the custom class can not read energy for rouges and such

if you goto your offsets.cs find the 


```
 internal enum descriptors : uint
```

and add this offset


```
Energy = 0x68
```

then goto CustumClass.cs
and add this to file


```
protected virtual int playerEnergy
        {
            get
            {
                return ObjectManager.PlayerObject.energy;
            }
        }
```

then open unitObject.cs
just before the #endregion add this:


```
internal int energy
        {
            get
            {
                try
                {
                    if (baseAdd == 0 || guid == 0) return 0;
                    return BmWrapper.memory.ReadInt(descriptor + (uint)Offsets.descriptors.Energy) ;
                }
                catch
                {
                    return 0;
                }
            }
        }
```

compile and everything should be fine you can now do things like this with your customClass:


```
 public override void Fight()
        {
            
            Attack();
            if (this.playerEnergy >= 35 && this.ComboPoints >= 1)
            {
                this.Cast("Eviscerate", false);
            }
            else
            {
                if (this.playerEnergy >= 45)
                {
                    this.Cast("Sinister Strike", false);
                }
               
            }
           
        }
```

I've stripped down this bot template so all I have is fishbot, grindbot, and rotaion bot i made so far I'm working on removing the profile code and adding glider profiles and if i can figure out how, navmesh movements(big if cause im not that good).

I dont know if its me or just the bot it self but the fish bot had issue where it would sometimes cast and catch, other times it would not and it would be late to catch, i figured this was cause it was looking for a bobbler and sometimes the bobbler would still be there after the next cast, to fix this i made sure that there is no bobbles before you cast and now the fish bot is working really nice.

anyways I would like to thank the creators as this is a great learning experience  :Wink:

----------


## dasheeown

Does anyone have a mirror for this? Would really like to play around with this code and have some fun. I was doing stuff back in the day, but dropped it when WoW took off into BC just because I didn't want to keep up with all the changes.

----------


## Corthezz

> Does anyone have a mirror for this? Would really like to play around with this code and have some fun. I was doing stuff back in the day, but dropped it when WoW took off into BC just because I didn't want to keep up with all the changes.


Hey,
please take a look at the top of the main post.

----------


## dasheeown

> Hey,
> please take a look at the top of the main post.


Not sure how I missed that. Thank you, sir!

----------


## Gerion

Hi guys, I'm very sorry if my question is quite stupid and seems like I havent done enough research, but Im doing my best for now and since its only my hobby and I dont have that much time to dwelve deep enough it seems I would like to ask you for some help. I want to run this bot to have a base to work on while trying to do something similar in C++. My C++ knowledge is basic and I work on it everyday, but having the code in C# doesnt change much as they are quite similar and its easy to find out what each part of the code does. However, I still struggle to start it on Windows 10 with the same problem that most of people here had - Im getting the message that its already hooked. Ive read alot about finding the end scene address, and I think I went too deep with D3D and Im even more confused now. Can someone help me with pointing at the right direction where to find knowledge to be able to modify the code so that it runs on windows 10? I'm not looking for ready solutions, just directions!  :Smile:  Thanks in advance!

----------


## tutrakan

--- removed ---

----------

