LordJZ/near_compound_hook.asm

## near_compound_hook.asm
; hook for jmp at recv funct 0x004870B7 (build 14333)

; JumpAtValue    = 0x22222222
; AddPacketValue = 0x33333333
; StorageValue   = 0x44444444
; BaseAddressValue=0x55555555
use32

; LINK CREATURE_QUERY
; pushfd
; pushad

; jmp _nolink			; skip linking npcs

; mov eax, 0x55555555 ; base address
; add eax, 0x477D20	; OsGetAsyncTimeMs 15354
; call eax
; bt eax, 0
; jc _nolink

; mov eax, 0x55555555	; base address
; add eax, 0x934A90	; isInWorld 15354
; mov eax, [eax]
; test eax, eax
; jz _nolink

; mov eax, 0x55555555	; base address
; add eax, 0x9D600C	; counter 15354
; mov ecx, [eax]
; cmp ecx, 0x186A0	; 60000
; jg _nolink

; inc ecx
; mov [eax], ecx
; xor eax, eax

; sub esp, 0B0h
; mov [esp+09Ch], ecx
; mov [esp+0ACh], eax
; mov eax, esp
; push eax
; mov ecx, 0x55555555	; base address
; add ecx, 0x996110	; WDB_CACHE_CREATURE 15354
; mov eax, 0x55555555	; base address
; add eax, 0x9C140	; DBCache_CreatureStats_C__SendSingleQuery 15354
; call eax
; add esp, 0B0h

; _nolink:
; popad
; popfd

; prologue
pushfd
pushad

; cx        = opcode
; edi       = CDataStore*
; [bp+8]    = WowConnection*
mov ecx, ecx
mov esi, edi

; skip compressed opcodes
and ecx, 0FFFFh
cmp ecx, 0D40h	; 15595                            -- update crap here!!!
jz _epilogue
bt ecx, 0fh
jc _epilogue

; calculate conn idx
mov ebx, [ebp+8]   ; ebx = WowConnection*
mov eax, [ebx+14h] ; eax = NetClient*
xor edi, edi       ; itr
_loop:
cmp ebx, [eax+edi*4+4640h]
jz _callToAddPacket
inc edi
cmp edi, 4
jl _loop
mov edi, 0FFFFFFFFh

; CALL TO ADDPACKET
_callToAddPacket:
push edi			; connectionIndex
push 0				; isSend          - isC2S, false
mov eax, esi
mov ebx, [eax+4]   ; buffer
sub ebx, [eax+8]   ; sub base
mov edx, [eax+10h] ; size
mov eax, [eax+14h] ; read
add ebx, eax       ; add read
sub edx, eax
push edx            ; dataLength
push ecx            ; opcode
push ebx            ; data
mov eax, 0x33333333
call eax

; epilogue
_epilogue:
popad
popfd
; back
and ecx, 0B3FDh ; 15595 REPLACED INSTRUCTION
mov edx, 0x22222222
inc edx ; replaced instruction is 6 bytes
jmp edx

## netclient__disconnect_hook.asm
; hook for jmp at send funct 0x00486215 (build 14333)
; ecx is safe to use

; JumpAtValue    = 0x22222222
; CloseFileValue = 0x33333333
use32

; prologue
pushfd
pushad

mov eax, 0x33333333
call eax

; epilogue
_epilogue:
popad
popfd

mov ecx, 0x22222222
jmp ecx

## wowconnection__send_hook.asm
; hook for jmp at send funct 0x0054B503 (build 14333)
; ecx is safe to use

; JumpAtValue    = 0x22222222
; AddPacketValue = 0x33333333
use32

; replaced instructions

add ecx, 2
add edi, ecx

; prologue
pushfd
pushad
push eax
push ebx
push ecx
push edx
push edi

; ebx     - size
; [bp-Ch] - data
; esi     - WowConnection*

; same checks as in client
cmp ebx, 0
jle _epilogue
cmp dword [esi+10h], 5 ; wowConnection->State
jnz _epilogue

mov ecx, [ebp-0Ch] ; ecx = ptr to data
mov edx, [ecx]     ; edx = opcode
; skip hello packet
cmp edx, 4C524F57h
jz _epilogue

; calculate conn idx
mov eax, [esi+14h] ; eax = NetClient*
xor edi, edi       ; itr
_loop:
cmp esi, [eax+edi*4+4640h]
jz _callToAddPacket
inc edi
cmp edi, 4
jl _loop
mov edi, 0FFFFFFFFh

; CALL TO ADDPACKET
_callToAddPacket:
push edi         ; connectionIndex
push 1           ; isC2S = 1
sub ebx, 4
push ebx         ; dataLength
push edx         ; opcode
lea ebx, [ecx+4]
push ebx         ; data
mov eax, 0x33333333
call eax

; epilogue
_epilogue:
pop edi
pop edx
pop ecx
pop ebx
pop eax
popad
popfd

mov ecx, 0x22222222
jmp ecx
	; hook for jmp at recv funct 0x004870B7 (build 14333)

	; JumpAtValue = 0x22222222
	; AddPacketValue = 0x33333333
	; StorageValue = 0x44444444
	; BaseAddressValue=0x55555555
	use32

	; LINK CREATURE_QUERY
	; pushfd
	; pushad

	; jmp _nolink ; skip linking npcs

	; mov eax, 0x55555555 ; base address
	; add eax, 0x477D20 ; OsGetAsyncTimeMs 15354
	; call eax
	; bt eax, 0
	; jc _nolink

	; mov eax, 0x55555555 ; base address
	; add eax, 0x934A90 ; isInWorld 15354
	; mov eax, [eax]
	; test eax, eax
	; jz _nolink

	; mov eax, 0x55555555 ; base address
	; add eax, 0x9D600C ; counter 15354
	; mov ecx, [eax]
	; cmp ecx, 0x186A0 ; 60000
	; jg _nolink

	; inc ecx
	; mov [eax], ecx
	; xor eax, eax

	; sub esp, 0B0h
	; mov [esp+09Ch], ecx
	; mov [esp+0ACh], eax
	; mov eax, esp
	; push eax
	; mov ecx, 0x55555555 ; base address
	; add ecx, 0x996110 ; WDB_CACHE_CREATURE 15354
	; mov eax, 0x55555555 ; base address
	; add eax, 0x9C140 ; DBCache_CreatureStats_C__SendSingleQuery 15354
	; call eax
	; add esp, 0B0h

	; _nolink:
	; popad
	; popfd

	; prologue
	pushfd
	pushad

	; cx = opcode
	; edi = CDataStore*
	; [bp+8] = WowConnection*
	mov ecx, ecx
	mov esi, edi

	; skip compressed opcodes
	and ecx, 0FFFFh
	cmp ecx, 0D40h ; 15595 -- update crap here!!!
	jz _epilogue
	bt ecx, 0fh
	jc _epilogue

	; calculate conn idx
	mov ebx, [ebp+8] ; ebx = WowConnection*
	mov eax, [ebx+14h] ; eax = NetClient*
	xor edi, edi ; itr
	_loop:
	cmp ebx, [eax+edi*4+4640h]
	jz _callToAddPacket
	inc edi
	cmp edi, 4
	jl _loop
	mov edi, 0FFFFFFFFh

	; CALL TO ADDPACKET
	_callToAddPacket:
	push edi ; connectionIndex
	push 0 ; isSend - isC2S, false
	mov eax, esi
	mov ebx, [eax+4] ; buffer
	sub ebx, [eax+8] ; sub base
	mov edx, [eax+10h] ; size
	mov eax, [eax+14h] ; read
	add ebx, eax ; add read
	sub edx, eax
	push edx ; dataLength
	push ecx ; opcode
	push ebx ; data
	mov eax, 0x33333333
	call eax

	; epilogue
	_epilogue:
	popad
	popfd
	; back
	and ecx, 0B3FDh ; 15595 REPLACED INSTRUCTION
	mov edx, 0x22222222
	inc edx ; replaced instruction is 6 bytes
	jmp edx
	; hook for jmp at send funct 0x00486215 (build 14333)
	; ecx is safe to use

	; JumpAtValue = 0x22222222
	; CloseFileValue = 0x33333333
	use32

	; prologue
	pushfd
	pushad

	mov eax, 0x33333333
	call eax

	; epilogue
	_epilogue:
	popad
	popfd

	mov ecx, 0x22222222
	jmp ecx
	; hook for jmp at send funct 0x0054B503 (build 14333)
	; ecx is safe to use

	; JumpAtValue = 0x22222222
	; AddPacketValue = 0x33333333
	use32

	; replaced instructions

	add ecx, 2
	add edi, ecx

	; prologue
	pushfd
	pushad
	push eax
	push ebx
	push ecx
	push edx
	push edi

	; ebx - size
	; [bp-Ch] - data
	; esi - WowConnection*

	; same checks as in client
	cmp ebx, 0
	jle _epilogue
	cmp dword [esi+10h], 5 ; wowConnection->State
	jnz _epilogue

	mov ecx, [ebp-0Ch] ; ecx = ptr to data
	mov edx, [ecx] ; edx = opcode
	; skip hello packet
	cmp edx, 4C524F57h
	jz _epilogue

	; calculate conn idx
	mov eax, [esi+14h] ; eax = NetClient*
	xor edi, edi ; itr
	_loop:
	cmp esi, [eax+edi*4+4640h]
	jz _callToAddPacket
	inc edi
	cmp edi, 4
	jl _loop
	mov edi, 0FFFFFFFFh

	; CALL TO ADDPACKET
	_callToAddPacket:
	push edi ; connectionIndex
	push 1 ; isC2S = 1
	sub ebx, 4
	push ebx ; dataLength
	push edx ; opcode
	lea ebx, [ecx+4]
	push ebx ; data
	mov eax, 0x33333333
	call eax

	; epilogue
	_epilogue:
	pop edi
	pop edx
	pop ecx
	pop ebx
	pop eax
	popad
	popfd

	mov ecx, 0x22222222
	jmp ecx