[Help] Accessing a function Out of Process

**cenron** · 10-11-2008

Hey guys I am trying to hook SetMoventFlag() but every time I try it crashes wow. Any ideas why? I am pulling my hair out trying to figure this out.

Code:

void SetMF()
{
    DWORD SetFlags = 0x005343A0;
    DWORD GetTC = 0x00BE10FC;
	DWORD dwTime = GetTickCount();
    _asm
    {
        mov eax,GetTC 
        mov ecx, DWORD PTR SS:[00CF31E4]
        push dwTime
        push eax
        push 0x01
        push 0x10
        call SetFlags
    }

}
void End() {}

void CWoW::SetMovementFlag(HANDLE hProcess,int iFlag, int Enable, DWORD dwTime ) {

	DWORD dwBytesWritten;

	LPVOID lpAlloc = VirtualAllocEx( hProcess, NULL, 0x2000, MEM_COMMIT, PAGE_EXECUTE_READWRITE );
	
	WriteProcessMemory(hProcess,lpAlloc,(LPVOID)SetMF,(SIZE_T)((DWORD_PTR)End-(DWORD_PTR)SetMF),&dwBytesWritten);


	HANDLE hRemoteThread = CreateRemoteThread(hProcess,0,0, (LPTHREAD_START_ROUTINE)lpAlloc,0,0,NULL);

	WaitForSingleObject(hRemoteThread,INFINITE);

	VirtualFreeEx(hProcess,lpAlloc,(SIZE_T)((DWORD_PTR)End-(DWORD_PTR)SetMF),MEM_RELEASE);
	CloseHandle(hRemoteThread);

	return;
}

EDIT: Here is the error I get.

Code:

This application has encountered a critical error:

ERROR #132 (0x85100084) Fatal Exception
Program:	C:wowWoW.exe
Exception:	0xC0000005 (ACCESS_VIOLATION) at 001B:0FF30A0B

The instruction at "0x0FF30A0B" referenced memory at "0x00000000".
The memory could not be "written".

**lanman92** · 10-11-2008

Originally Posted by cenron

Hey guys I am trying to hook SetMoventFlag() but every time I try it crashes wow. Any ideas why? I am pulling my hair out trying to figure this out.

Code:

void SetMF()
{
    DWORD SetFlags = 0x005343A0;
    DWORD GetTC = 0x00BE10FC;
    DWORD dwTime = GetTickCount();
    _asm
    {
        mov eax,GetTC 
        mov ecx, DWORD PTR SS:[00CF31E4]
        push dwTime
        push eax
        push 0x01
        push 0x10
        call SetFlags
    }
 
}
void End() {}
 
void CWoW::SetMovementFlag(HANDLE hProcess,int iFlag, int Enable, DWORD dwTime ) {
 
    DWORD dwBytesWritten;
 
    LPVOID lpAlloc = VirtualAllocEx( hProcess, NULL, 0x2000, MEM_COMMIT, PAGE_EXECUTE_READWRITE );
 
    WriteProcessMemory(hProcess,lpAlloc,(LPVOID)SetMF,(SIZE_T)((DWORD_PTR)End-(DWORD_PTR)SetMF),&dwBytesWritten);
 
 
    HANDLE hRemoteThread = CreateRemoteThread(hProcess,0,0, (LPTHREAD_START_ROUTINE)lpAlloc,0,0,NULL);
 
    WaitForSingleObject(hRemoteThread,INFINITE);
 
    VirtualFreeEx(hProcess,lpAlloc,(SIZE_T)((DWORD_PTR)End-(DWORD_PTR)SetMF),MEM_RELEASE);
    CloseHandle(hRemoteThread);
 
    return;
}

EDIT: Here is the error I get.

Code:

This application has encountered a critical error:
 
ERROR #132 (0x85100084) Fatal Exception
Program:    C:wowWoW.exe
Exception:    0xC0000005 (ACCESS_VIOLATION) at 001B:0FF30A0B
 
The instruction at "0x0FF30A0B" referenced memory at "0x00000000".
The memory could not be "written".

I'm no expert, but it appears that dwTime is having a value of 0, since all of your other values are static.

**Cypher** · 10-11-2008

Well obviously you've got a null pointer somewhere.

I think first of all you're handling the CInputControl pointer wrong. I'm personally doing this:
gpRedPillMgr->SetInputControl(*reinterpret_cast<CInputControl**>(gpRedPillMgr->GetFindPattern()->GetAddress("CInputControlPtr")));

Notice that I'm using type CInputControl**.

So in your ASM you want to do this:
mov ecx, dword ptr ds:[00CF31E4]
mov ecx, dword ptr ds:[ecx]

This is how I'm calling SetFlags (commented for you):
// Set input flags
void CInputControl::SetFlags(unsigned int Flag, unsigned int Enable, unsigned int Time)
{
// Function to set input flags
unsigned int SetFlags = gpRedPillMgr->GetFindPattern()->GetAddress("CInputControl__SetFlags");
// Timestamp function
unsigned int OsGetAsyncTimeMs = gpRedPillMgr->GetFindPattern()->GetAddress("OsGetAsyncTimeMs");
// Set the input flags
_asm
{
call OsGetAsyncTimeMs // Get timestamp
push Time // Time to set flag for
push eax // Current timestamp
push Enable // Whether to enable or disable the flag
push Flag // The flag to set
mov ecx, this // __thiscall, so pass class pointer
call SetFlags
}
}

Notes: I had no problem when passing the time of the last hardware action (0x00BE10FC), but just to be sure I'm sending the current timestamp. You can even pass the function null as the timestamp and it seems to work. I suspect the timestamp is only used if you use the Time param, which I don't.

EDIT: Whoops! It seems you're passsing the return value of GetTickCount as the Time param. I don't think you want to do that, from memory that param is either the timestamp you want the flag to be removed, or the time you want the flag to be applied for, either way what you're doing is incorect. I don't have my notes on this PC, but it shouldn't be hard to check.

EDIT2: Just noticed the access violation is in your DLL not WoW (you can tell from the address). That leads me to believe the screw-up is somewhere in your WriteProcessMemory call or it COULD be in the SetMF func depending on where the memory is allocated for your function call. Either way, check both.

Furthermore. Can you please build with debug info, attach your IDE's debugger to WoW, then dump a stack trace and debug info when the code crashes? Thanks.

**cenron** · 10-11-2008

Originally Posted by Cypher

Well obviously you've got a null pointer somewhere.

I think first of all you're handling the CInputControl pointer wrong. I'm personally doing this:
gpRedPillMgr->SetInputControl(*reinterpret_cast<CInputControl**>(gpRedPillMgr->GetFindPattern()->GetAddress("CInputControlPtr")));

Notice that I'm using type CInputControl**.

So in your ASM you want to do this:
mov ecx, dword ptr ds:[00CF31E4]
mov ecx, dword ptr ds:[ecx]

This is how I'm calling SetFlags (commented for you):
// Set input flags
void CInputControl::SetFlags(unsigned int Flag, unsigned int Enable, unsigned int Time)
{
// Function to set input flags
unsigned int SetFlags = gpRedPillMgr->GetFindPattern()->GetAddress("CInputControl__SetFlags");
// Timestamp function
unsigned int OsGetAsyncTimeMs = gpRedPillMgr->GetFindPattern()->GetAddress("OsGetAsyncTimeMs");
// Set the input flags
_asm
{
call OsGetAsyncTimeMs // Get timestamp
push Time // Time to set flag for
push eax // Current timestamp
push Enable // Whether to enable or disable the flag
push Flag // The flag to set
mov ecx, this // __thiscall, so pass class pointer
call SetFlags
}
}

Notes: I had no problem when passing the time of the last hardware action (0x00BE10FC), but just to be sure I'm sending the current timestamp. You can even pass the function null as the timestamp and it seems to work. I suspect the timestamp is only used if you use the Time param, which I don't.

EDIT: Whoops! It seems you're passsing the return value of GetTickCount as the Time param. I don't think you want to do that, from memory that param is either the timestamp you want the flag to be removed, or the time you want the flag to be applied for, either way what you're doing is incorect. I don't have my notes on this PC, but it shouldn't be hard to check.

EDIT2: Just noticed the access violation is in your DLL not WoW (you can tell from the address). That leads me to believe the screw-up is somewhere in your WriteProcessMemory call or it COULD be in the SetMF func depending on where the memory is allocated for your function call. Either way, check both.

Furthermore. Can you please build with debug info, attach your IDE's debugger to WoW, then dump a stack trace and debug info when the code crashes? Thanks.

Well even when I inject the function by it self, only inject __asm nop, it still crashes. I think the problem is at CreateRemoteThread()

Also I would love to post debug info but I dont know IDA well enough to do that for you. I got it to attach and follow the crash but how do I dump debug info?

**Cypher** · 10-11-2008

You don't use IDA. I assume you're using Visual Studio??

If so. Compile your project with debug info, run WoW, attach Visual Studio to it, run your project, wait for the crash. Post the code snippet that it breaks at at along with a stack trace. The stack trace and debug info (registers etc) is available in your IDE. In Visual Studio it should come up automatically. If not use your "View" menu to bring up the required windows.

**bigtimt** · 10-12-2008

if you are using CreateRemoteThread you have to make sure the the last line of you're asmcode is __asm Ret

**cenron** · 10-12-2008

Originally Posted by Cypher

You don't use IDA. I assume you're using Visual Studio??

If so. Compile your project with debug info, run WoW, attach Visual Studio to it, run your project, wait for the crash. Post the code snippet that it breaks at at along with a stack trace. The stack trace and debug info (registers etc) is available in your IDE. In Visual Studio it should come up automatically. If not use your "View" menu to bring up the required windows.

Something isnt working right with Visual Studio but I was able to get you a dump from wow itself.

Code:

This application has encountered a critical error:

ERROR #132 (0x85100084) Fatal Exception
Program:	C:wowWoW.exe
Exception:	0xC0000005 (ACCESS_VIOLATION) at 001B:0012C4D4

The instruction at "0x0012C4D4" referenced memory at "0x000016A2".
The memory could not be "read".


WoWBuild: 8606
------------------------------------------------------------------------------

----------------------------------------
    x86 Registers
----------------------------------------

EAX=00000000  EBX=00000000  ECX=1AF0FFB0  EDX=7C90E4F4  ESI=0012C140
EDI=00000000  EBP=1AF0FFEC  ESP=1AF0FFB8  EIP=0012C4D4  FLG=00010246
CS =001B      DS =0023      ES =0023      SS =0023      FS =003B      GS =0000


----------------------------------------
    Stack Trace (Manual)
----------------------------------------

Address  Frame    Logical addr  Module

Showing 26/26 threads...

--- Thread ID: 2784 ---
7C802542 0012FE90 0001:00001542 C:WINDOWSsystem32kernel32.dll
00649400 0012FEA0 0001:00248400 C:wowWoW.exe
00429BB1 0012FF0C 0001:00028BB1 C:wowWoW.exe
00429D61 0012FF24 0001:00028D61 C:wowWoW.exe
00406898 0012FFC0 0001:00005898 C:wowWoW.exe
7C817067 0012FFF0 0001:00016067 C:WINDOWSsystem32kernel32.dll

--- Thread ID: 284 ---
77DF8601 015BFFB4 0001:00027601 C:WINDOWSsystem32ADVAPI32.dll
7C80B713 015BFFEC 0001:0000A713 C:WINDOWSsystem32kernel32.dll

--- Thread ID: 2076 ---
7C802455 0286FF50 0001:00001455 C:WINDOWSsystem32kernel32.dll
0065EF34 0286FFAC 0001:0025DF34 C:wowWoW.exe
0075FDD4 0286FFEC 0001:0035EDD4 C:wowWoW.exe

--- Thread ID: 3316 ---
7C802455 0399FB6C 0001:00001455 C:WINDOWSsystem32kernel32.dll
00749C3D 0399FB78 0001:00348C3D C:wowWoW.exe
004584BD 0399FF98 0001:000574BD C:wowWoW.exe
00645617 0399FFB4 0001:00244617 C:wowWoW.exe
7C80B713 0399FFEC 0001:0000A713 C:WINDOWSsystem32kernel32.dll

--- Thread ID: 3476 ---
7C80A105 05C1FF88 0001:00009105 C:WINDOWSsystem32kernel32.dll
72D2312A 05C1FFB4 0001:0000212A C:WINDOWSsystem32wdmaud.drv
7C80B713 05C1FFEC 0001:0000A713 C:WINDOWSsystem32kernel32.dll

--- Thread ID: 3840 ---
7C80A105 05D1FE40 0001:00009105 C:WINDOWSsystem32kernel32.dll
73F114A2 05D1FE58 0001:000004A2 C:WINDOWSsystem32dsound.dll
73F12862 05D1FF78 0001:00001862 C:WINDOWSsystem32dsound.dll
73F198DF 05D1FF98 0001:000088DF C:WINDOWSsystem32dsound.dll
73F12896 05D1FFB4 0001:00001896 C:WINDOWSsystem32dsound.dll
7C80B713 05D1FFEC 0001:0000A713 C:WINDOWSsystem32kernel32.dll

--- Thread ID: 2416 ---
7C80A105 05F1FE48 0001:00009105 C:WINDOWSsystem32kernel32.dll
73F114A2 05F1FE60 0001:000004A2 C:WINDOWSsystem32dsound.dll
73F12862 05F1FF80 0001:00001862 C:WINDOWSsystem32dsound.dll
73F1292B 05F1FFB4 0001:0000192B C:WINDOWSsystem32dsound.dll
7C80B713 05F1FFEC 0001:0000A713 C:WINDOWSsystem32kernel32.dll

--- Thread ID: 2524 ---
7C802455 0601FF98 0001:00001455 C:WINDOWSsystem32kernel32.dll
007FDB00 0601FFB4 0001:003FCB00 C:wowWoW.exe
7C80B713 0601FFEC 0001:0000A713 C:WINDOWSsystem32kernel32.dll

--- Thread ID: 2220 ---
7C802455 0611FF98 0001:00001455 C:WINDOWSsystem32kernel32.dll
007FDB00 0611FFB4 0001:003FCB00 C:wowWoW.exe
7C80B713 0611FFEC 0001:0000A713 C:WINDOWSsystem32kernel32.dll

--- Thread ID: 2940 ---
7C802455 0621FF98 0001:00001455 C:WINDOWSsystem32kernel32.dll
007FDB00 0621FFB4 0001:003FCB00 C:wowWoW.exe
7C80B713 0621FFEC 0001:0000A713 C:WINDOWSsystem32kernel32.dll

--- Thread ID: 2652 ---
7C802455 0631FF98 0001:00001455 C:WINDOWSsystem32kernel32.dll
007FDB00 0631FFB4 0001:003FCB00 C:wowWoW.exe
7C80B713 0631FFEC 0001:0000A713 C:WINDOWSsystem32kernel32.dll

--- Thread ID: 356 ---
7C802542 0751FF64 0001:00001542 C:WINDOWSsystem32kernel32.dll
00649400 0751FF74 0001:00248400 C:wowWoW.exe
00425215 0751FF8C 0001:00024215 C:wowWoW.exe
00425351 0751FF98 0001:00024351 C:wowWoW.exe
00645617 0751FFB4 0001:00244617 C:wowWoW.exe
7C80B713 0751FFEC 0001:0000A713 C:WINDOWSsystem32kernel32.dll

--- Thread ID: 2868 ---
7C80A105 0761FD30 0001:00009105 C:WINDOWSsystem32kernel32.dll
00425ACB 0761FF88 0001:00024ACB C:wowWoW.exe
00425328 0761FF98 0001:00024328 C:wowWoW.exe
00645617 0761FFB4 0001:00244617 C:wowWoW.exe
7C80B713 0761FFEC 0001:0000A713 C:WINDOWSsystem32kernel32.dll

--- Thread ID: 576 ---
7E4195F9 0871FF1C 0001:000085F9 C:WINDOWSsystem32USER32.dll
7E4196A8 0871FF38 0001:000086A8 C:WINDOWSsystem32USER32.dll
006771C8 0871FFAC 0001:002761C8 C:wowWoW.exe
0075FDD4 0871FFEC 0001:0035EDD4 C:wowWoW.exe

--- Thread ID: 1912 ---
71A55F9F 09A3FC04 0001:00004F9F C:WINDOWSsystem32mswsock.dll
71AB314F 09A3FC54 0001:0000214F C:WINDOWSsystem32WS2_32.dll
780760ED 09A3FFAC 0001:000250ED C:WINDOWSsystem32WININET.dll
78072A68 09A3FFB4 0001:00021A68 C:WINDOWSsystem32WININET.dll
7C80B713 09A3FFEC 0001:0000A713 C:WINDOWSsystem32kernel32.dll

--- Thread ID: 200 ---
7C80B713 09B3FFEC 0001:0000A713 C:WINDOWSsystem32kernel32.dll

--- Thread ID: 2776 ---
7C802542 0A57FF84 0001:00001542 C:WINDOWSsystem32kernel32.dll
0083544E 0A57FFB4 0001:0043444E C:wowWoW.exe
7C80B713 0A57FFEC 0001:0000A713 C:WINDOWSsystem32kernel32.dll

--- Thread ID: 3928 ---
7E4195F9 0A67FF1C 0001:000085F9 C:WINDOWSsystem32USER32.dll
7E4196A8 0A67FF38 0001:000086A8 C:WINDOWSsystem32USER32.dll
006771C8 0A67FFAC 0001:002761C8 C:wowWoW.exe
0075FDD4 0A67FFEC 0001:0035EDD4 C:wowWoW.exe

--- Thread ID: 3852 ---
7C802542 0A77FF84 0001:00001542 C:WINDOWSsystem32kernel32.dll
0083544E 0A77FFB4 0001:0043444E C:wowWoW.exe
7C80B713 0A77FFEC 0001:0000A713 C:WINDOWSsystem32kernel32.dll

--- Thread ID: 1708 ---
7C80B713 0AABFFEC 0001:0000A713 C:WINDOWSsystem32kernel32.dll

--- Thread ID: 1060 ---
7E4195F9 0ACBFF1C 0001:000085F9 C:WINDOWSsystem32USER32.dll
7E4196A8 0ACBFF38 0001:000086A8 C:WINDOWSsystem32USER32.dll
006771C8 0ACBFFAC 0001:002761C8 C:wowWoW.exe
0075FDD4 0ACBFFEC 0001:0035EDD4 C:wowWoW.exe

--- Thread ID: 2924 ---
7C802542 0AF1FF78 0001:00001542 C:WINDOWSsystem32kernel32.dll
00649400 0AF1FF88 0001:00248400 C:wowWoW.exe
00424E66 0AF1FF98 0001:00023E66 C:wowWoW.exe
00645617 0AF1FFB4 0001:00244617 C:wowWoW.exe
7C80B713 0AF1FFEC 0001:0000A713 C:WINDOWSsystem32kernel32.dll

--- Thread ID: 3040 ---
7C802455 0C45FF98 0001:00001455 C:WINDOWSsystem32kernel32.dll
007FDB00 0C45FFB4 0001:003FCB00 C:wowWoW.exe
7C80B713 0C45FFEC 0001:0000A713 C:WINDOWSsystem32kernel32.dll

--- Thread ID: 3028 ---
7C802455 0C55FF98 0001:00001455 C:WINDOWSsystem32kernel32.dll
007FDB00 0C55FFB4 0001:003FCB00 C:wowWoW.exe
7C80B713 0C55FFEC 0001:0000A713 C:WINDOWSsystem32kernel32.dll

--- Thread ID: 3148 ---
7C80A105 0C65FE40 0001:00009105 C:WINDOWSsystem32kernel32.dll
73F114A2 0C65FE58 0001:000004A2 C:WINDOWSsystem32dsound.dll
73F12862 0C65FF78 0001:00001862 C:WINDOWSsystem32dsound.dll
73F198DF 0C65FF98 0001:000088DF C:WINDOWSsystem32dsound.dll
73F12896 0C65FFB4 0001:00001896 C:WINDOWSsystem32dsound.dll
7C80B713 0C65FFEC 0001:0000A713 C:WINDOWSsystem32kernel32.dll

--- Thread ID: 1316 [Current Thread] ---
0012C4D4 1AF0FFEC 0000:00000000 <unknown>

----------------------------------------
    Stack Trace (Using DBGHELP.DLL)
----------------------------------------

Showing 26/26 threads...

--- Thread ID: 2784 ---
7C802542 kernel32.dll WaitForSingleObject+18 (0x00002138,0x00000001,0x0012FF0C,0x00429BB1)
00649400 WoW.exe      <unknown symbol>+0 (0x00000001,0x00000A28,0x00000002,0x00000001)
00429BB1 WoW.exe      <unknown symbol>+0 (0x00000001,0x00406858,0x00000001,0x00000001)
00429D61 WoW.exe      <unknown symbol>+0 (0x0040A4E9,0x00400000,0x00000000,0x00152320)
00406898 WoW.exe      <unknown symbol>+0 (0x00000000,0x0012DDB0,0x7FFD4000,0x8054B6B8)
7C817067 kernel32.dll RegisterWaitForInputIdle+73 (0x00401000,0x00000000,0x78746341,0x00000020)

--- Thread ID: 284 ---
77DF8601 ADVAPI32.dll WmiFreeBuffer+590 (0x00000000,0x7C91428F,0x00000000,0x00000000)
7C80B713 kernel32.dll GetModuleFileNameA+436 (0x77DF845A,0x00000000,0x00000000,0x78746341)

--- Thread ID: 2076 ---
7C802455 kernel32.dll Sleep+15 (0x00000064,0x7C91540B,0x016127F0,0x016127B8)
0065EF34 WoW.exe      <unknown symbol>+0 (0x0012E9C8,0x7C80B713,0x016127F0,0x7C91540B)
0075FDD4 WoW.exe      <unknown symbol>+0 (0x0075FD55,0x016127F0,0x00000000,0x05DDC603)

--- Thread ID: 3316 ---
7C802455 kernel32.dll Sleep+15 (0x00000001,0x0399FF98,0x004584BD,0x00000001)
00749C3D WoW.exe      <unknown symbol>+0 (0x00000001,0x00000000,0x004582E0,0x00000CF4)
004584BD WoW.exe      <unknown symbol>+0 (0x00000000,0x0012FAB0,0x00643A54,0x02A0CBA8)
00645617 WoW.exe      <unknown symbol>+0 (0x00002140,0x0012FAB0,0x00643A54,0x02A0CBA8)
7C80B713 kernel32.dll GetModuleFileNameA+436 (0x006455E0,0x02A0CBA8,0x00000000,0x28E5A305)

--- Thread ID: 3476 ---
7C80A105 kernel32.dll WaitForMultipleObjects+24 (0x00000002,0x05C1FFA4,0x00000000,0xFFFFFFFF)
72D2312A wdmaud.drv   midMessage+840 (0x00000000,0x00000000,0x00150000,0x00000000)
7C80B713 kernel32.dll GetModuleFileNameA+436 (0x72D230E8,0x00000000,0x00000000,0x00000000)

--- Thread ID: 3840 ---
7C80A105 kernel32.dll WaitForMultipleObjects+24 (0x00000040,0x05D1FE78,0x00000000,0xFFFFFFFF)
73F114A2 dsound.dll   <unknown symbol>+0 (0x00000040,0xFFFFFFFF,0x00000000,0x05D1FE78)
73F12862 dsound.dll   <unknown symbol>+0 (0xFFFFFFFF,0x0000003F,0x059C6830,0x05D1FF94)
73F198DF dsound.dll   DirectSoundCreate+20900 (0x00150608,0x059C33BC,0x73F1B2E9,0x7C91003D)
73F12896 dsound.dll   <unknown symbol>+0 (0x059C33BC,0x00150608,0x7C91003D,0x059C33BC)
7C80B713 kernel32.dll GetModuleFileNameA+436 (0x73F1B2A1,0x059C33BC,0x00000000,0x00000008)

--- Thread ID: 2416 ---
7C80A105 kernel32.dll WaitForMultipleObjects+24 (0x00000001,0x05F1FE80,0x00000000,0x000001F4)
73F114A2 dsound.dll   <unknown symbol>+0 (0x00000001,0x000001F4,0x00000000,0x05F1FE80)
73F12862 dsound.dll   <unknown symbol>+0 (0x000001F4,0x00000000,0x00000000,0x00000000)
73F1292B dsound.dll   <unknown symbol>+0 (0x059C1EFC,0x01000001,0x0012F59C,0x059C1EFC)
7C80B713 kernel32.dll GetModuleFileNameA+436 (0x73F1B2A1,0x059C1EFC,0x00000000,0x00000000)

--- Thread ID: 2524 ---
7C802455 kernel32.dll Sleep+15 (0x0000000A,0x008020C5,0x0000000A,0x00000000)
007FDB00 WoW.exe      <unknown symbol>+0 (0x054B0288,0x7C911008,0x00000000,0x054B0288)
7C80B713 kernel32.dll GetModuleFileNameA+436 (0x00802057,0x054B0288,0x00000000,0x00000000)

--- Thread ID: 2220 ---
7C802455 kernel32.dll Sleep+15 (0x0000000A,0x008020C5,0x0000000A,0x00000000)
007FDB00 WoW.exe      <unknown symbol>+0 (0x054A7FA8,0x7C91041E,0x00000000,0x054A7FA8)
7C80B713 kernel32.dll GetModuleFileNameA+436 (0x00802057,0x054A7FA8,0x00000000,0x00000000)

--- Thread ID: 2940 ---
7C802455 kernel32.dll Sleep+15 (0x0000000A,0x008020C5,0x0000000A,0x7C91017B)
007FDB00 WoW.exe      <unknown symbol>+0 (0x05500288,0x7C910202,0x7C91017B,0x05500288)
7C80B713 kernel32.dll GetModuleFileNameA+436 (0x00802057,0x05500288,0x00000000,0x00000000)

--- Thread ID: 2652 ---
7C802455 kernel32.dll Sleep+15 (0x0000000A,0x008020C5,0x0000000A,0x00000000)
007FDB00 WoW.exe      <unknown symbol>+0 (0x05497FA8,0x7C91041E,0x00000000,0x05497FA8)
7C80B713 kernel32.dll GetModuleFileNameA+436 (0x00802057,0x05497FA8,0x00000000,0x00000008)

--- Thread ID: 356 ---
7C802542 kernel32.dll WaitForSingleObject+18 (0x00002310,0x000003E8,0x0751FF8C,0x00425215)
00649400 WoW.exe      <unknown symbol>+0 (0x000003E8,0x0666D018,0x00425340,0x00000164)
00425215 WoW.exe      <unknown symbol>+0 (0x00000000,0x0751FFB4,0x00645617,0x0666D018)
00425351 WoW.exe      <unknown symbol>+0 (0x0666D018,0x00000000,0x00000000,0x0666CBC8)
00645617 WoW.exe      <unknown symbol>+0 (0x000023B0,0x00000000,0x00000000,0x0666CBC8)
7C80B713 kernel32.dll GetModuleFileNameA+436 (0x006455E0,0x0666CBC8,0x00000000,0x00000000)

--- Thread ID: 2868 ---
7C80A105 kernel32.dll WaitForMultipleObjects+24 (0x00000002,0x0761FE54,0x00000000,0x000001F4)
00425ACB WoW.exe      <unknown symbol>+0 (0x00425360,0x0042536B,0x0761FFB4,0x00645617)
00425328 WoW.exe      <unknown symbol>+0 (0x0666D008,0x00000000,0x00000000,0x0666CBE8)
00645617 WoW.exe      <unknown symbol>+0 (0x000023B4,0x00000000,0x00000000,0x0666CBE8)
7C80B713 kernel32.dll GetModuleFileNameA+436 (0x006455E0,0x0666CBE8,0x00000000,0x9190000B)

--- Thread ID: 576 ---
7E4195F9 USER32.dll   GetLastInputInfo+261 (0x00000002,0x0871FF60,0xFFFFFFFF,0x00000000)
7E4196A8 USER32.dll   MsgWaitForMultipleObjects+31 (0x00000002,0x0871FF60,0x00000000,0xFFFFFFFF)
006771C8 WoW.exe      <unknown symbol>+0 (0x00000000,0x7C80B713,0x0640A8B8,0x00000000)
0075FDD4 WoW.exe      <unknown symbol>+0 (0x0075FD55,0x0640A8B8,0x00000000,0x00905A4D)

--- Thread ID: 1912 ---
71A55F9F mswsock.dll  <unknown symbol>+0 (0x00000001,0x09A3FE84,0x09A3FC7C,0x09A3FD80)
71AB314F WS2_32.dll   select+167 (0x00000001,0x09A3FE84,0x09A3FC7C,0x09A3FD80)
780760ED WININET.dll  Ordinal101+10220 (0x09A3FFEC,0x7C80B713,0x001A2C80,0x0012F238)
78072A68 WININET.dll  InternetSetStatusCallback+473 (0x001A2C80,0x0012F238,0x00150000,0x001A2C80)
7C80B713 kernel32.dll GetModuleFileNameA+436 (0x78072A5B,0x001A2C80,0x00000000,0x00000000)

--- Thread ID: 200 ---
7C80B713 kernel32.dll GetModuleFileNameA+436 (0x7C927EBB,0x00000000,0x00000000,0x0000C000)

--- Thread ID: 2776 ---
7C802542 kernel32.dll WaitForSingleObject+18 (0x000024D4,0xFFFFFFFF,0x073B8E24,0x007FDC2B)
0083544E WoW.exe      <unknown symbol>+0 (0x073B8E24,0x0012F338,0x00080000,0x073B8E24)
7C80B713 kernel32.dll GetModuleFileNameA+436 (0x00802057,0x073B8E24,0x00000000,0x00000000)

--- Thread ID: 3928 ---
7E4195F9 USER32.dll   GetLastInputInfo+261 (0x00000002,0x0A67FF60,0xFFFFFFFF,0x00000000)
7E4196A8 USER32.dll   MsgWaitForMultipleObjects+31 (0x00000002,0x0A67FF60,0x00000000,0xFFFFFFFF)
006771C8 WoW.exe      <unknown symbol>+0 (0x00000000,0x7C80B713,0x0640D508,0x00000000)
0075FDD4 WoW.exe      <unknown symbol>+0 (0x0075FD55,0x0640D508,0x00000000,0x00000000)

--- Thread ID: 3852 ---
7C802542 kernel32.dll WaitForSingleObject+18 (0x000024F8,0xFFFFFFFF,0x08979424,0x007FDC2B)
0083544E WoW.exe      <unknown symbol>+0 (0x08979424,0x00000000,0x00000000,0x08979424)
7C80B713 kernel32.dll GetModuleFileNameA+436 (0x00802057,0x08979424,0x00000000,0x44855558)

--- Thread ID: 1708 ---
7C80B713 kernel32.dll GetModuleFileNameA+436 (0x71A5D33A,0x0A0B2D78,0x00000000,0x00010000)

--- Thread ID: 1060 ---
7E4195F9 USER32.dll   GetLastInputInfo+261 (0x00000002,0x0ACBFF60,0xFFFFFFFF,0x00000000)
7E4196A8 USER32.dll   MsgWaitForMultipleObjects+31 (0x00000002,0x0ACBFF60,0x00000000,0xFFFFFFFF)
006771C8 WoW.exe      <unknown symbol>+0 (0x00000132,0x7C80B713,0x09750548,0x00000000)
0075FDD4 WoW.exe      <unknown symbol>+0 (0x0075FD55,0x09750548,0x00000000,0x43130000)

--- Thread ID: 2924 ---
7C802542 kernel32.dll WaitForSingleObject+18 (0x00002574,0x00000064,0x0AF1FF98,0x00424E66)
00649400 WoW.exe      <unknown symbol>+0 (0x00000064,0x00424E50,0x0AF1FFB4,0x00645617)
00424E66 WoW.exe      <unknown symbol>+0 (0x0941C850,0x00000010,0x00000000,0x0941AF48)
00645617 WoW.exe      <unknown symbol>+0 (0x00002530,0x00000010,0x00000000,0x0941AF48)
7C80B713 kernel32.dll GetModuleFileNameA+436 (0x006455E0,0x0941AF48,0x00000000,0x0047C00F)

--- Thread ID: 3040 ---
7C802455 kernel32.dll Sleep+15 (0x0000000A,0x008020C5,0x0000000A,0x7C911066)
007FDB00 WoW.exe      <unknown symbol>+0 (0x073BC288,0x7C911008,0x7C911066,0x073BC288)
7C80B713 kernel32.dll GetModuleFileNameA+436 (0x00802057,0x073BC288,0x00000000,0x00000000)

--- Thread ID: 3028 ---
7C802455 kernel32.dll Sleep+15 (0x0000000A,0x008020C5,0x0000000A,0x00000000)
007FDB00 WoW.exe      <unknown symbol>+0 (0x08817FA8,0x7C91041E,0x00000000,0x08817FA8)
7C80B713 kernel32.dll GetModuleFileNameA+436 (0x00802057,0x08817FA8,0x00000000,0x00000000)

--- Thread ID: 3148 ---
7C80A105 kernel32.dll WaitForMultipleObjects+24 (0x00000040,0x0C65FE78,0x00000000,0xFFFFFFFF)
73F114A2 dsound.dll   <unknown symbol>+0 (0x00000040,0xFFFFFFFF,0x00000000,0x0C65FE78)
73F12862 dsound.dll   <unknown symbol>+0 (0xFFFFFFFF,0x0000003F,0x05D865F8,0x0C65FF94)
73F198DF dsound.dll   DirectSoundCreate+20900 (0x00150778,0x05D4A2B4,0x73F1B2E9,0x7C91003D)
73F12896 dsound.dll   <unknown symbol>+0 (0x05D4A2B4,0x00150778,0x7C91003D,0x05D4A2B4)
7C80B713 kernel32.dll GetModuleFileNameA+436 (0x00545453,0x00555555,0x00626162,0x005A5A59)
00565554 WoW.exe      <unknown symbol>+0 (0x00000000,0x00000000,0x00000000,0x00000000)

--- Thread ID: 1316 [Current Thread] ---
**** Unable to gain access to the thread, error: 


----------------------------------------
    Loaded Modules
----------------------------------------

0x00340000 - 0x00349000  C:WINDOWSsystem32Normaliz.dll
0x00400000 - 0x00EC8000  C:wowWoW.exe
0x10000000 - 0x10069000  C:wowDivxDecoder.dll
0x16080000 - 0x160A5000  C:Program FilesBonjourmdnsNSP.dll
0x1AF10000 - 0x1B025000  C:wowdbghelp.dll
0x4FDD0000 - 0x4FF76000  C:WINDOWSsystem32d3d9.dll
0x5B860000 - 0x5B8B5000  C:WINDOWSsystem32NETAPI32.dll
0x5D090000 - 0x5D12A000  C:WINDOWSsystem32comctl32.dll
0x5ED00000 - 0x5EDCC000  C:WINDOWSsystem32OPENGL32.dll
0x662B0000 - 0x66308000  C:WINDOWSsystem32hnetcfg.dll
0x68000000 - 0x68036000  C:WINDOWSsystem32rsaenh.dll
0x68B20000 - 0x68B40000  C:WINDOWSsystem32GLU32.dll
0x6D990000 - 0x6D996000  C:WINDOWSsystem32d3d8thk.dll
0x71A50000 - 0x71A8F000  C:WINDOWSsystem32mswsock.dll
0x71A90000 - 0x71A98000  C:WINDOWSSystem32wshtcpip.dll
0x71AA0000 - 0x71AA8000  C:WINDOWSsystem32WS2HELP.dll
0x71AB0000 - 0x71AC7000  C:WINDOWSsystem32WS2_32.dll
0x71BF0000 - 0x71C03000  C:WINDOWSsystem32SAMLIB.dll
0x722B0000 - 0x722B5000  C:WINDOWSsystem32sensapi.dll
0x72D10000 - 0x72D18000  C:WINDOWSsystem32msacm32.drv
0x72D20000 - 0x72D29000  C:WINDOWSsystem32wdmaud.drv
0x73760000 - 0x737AB000  C:WINDOWSsystem32DDRAW.dll
0x73BC0000 - 0x73BC6000  C:WINDOWSsystem32DCIMAN32.dll
0x73EE0000 - 0x73EE4000  C:WINDOWSsystem32KsUser.dll
0x73F10000 - 0x73F6C000  C:WINDOWSsystem32dsound.dll
0x76390000 - 0x763AD000  C:WINDOWSsystem32IMM32.dll
0x769C0000 - 0x76A74000  C:WINDOWSsystem32USERENV.dll
0x76B40000 - 0x76B6D000  C:WINDOWSsystem32WINMM.dll
0x76C30000 - 0x76C5E000  C:WINDOWSsystem32WINTRUST.dll
0x76C90000 - 0x76CB8000  C:WINDOWSsystem32IMAGEHLP.dll
0x76D60000 - 0x76D79000  C:WINDOWSsystem32Iphlpapi.dll
0x76E80000 - 0x76E8E000  C:WINDOWSsystem32rtutils.dll
0x76E90000 - 0x76EA2000  C:WINDOWSsystem32rasman.dll
0x76EB0000 - 0x76EDF000  C:WINDOWSsystem32TAPI32.dll
0x76EE0000 - 0x76F1C000  C:WINDOWSsystem32RASAPI32.dll
0x76F20000 - 0x76F47000  C:WINDOWSsystem32DNSAPI.dll
0x76F60000 - 0x76F8C000  C:WINDOWSsystem32WLDAP32.dll
0x76FB0000 - 0x76FB8000  C:WINDOWSSystem32winrnr.dll
0x76FC0000 - 0x76FC6000  C:WINDOWSsystem32rasadhlp.dll
0x77120000 - 0x771AB000  C:WINDOWSsystem32OLEAUT32.dll
0x773D0000 - 0x774D3000  C:WINDOWSWinSxSx86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83comctl32.dll
0x774E0000 - 0x7761D000  C:WINDOWSsystem32ole32.dll
0x77690000 - 0x776B1000  C:WINDOWSsystem32NTMARTA.DLL
0x77A80000 - 0x77B15000  C:WINDOWSsystem32CRYPT32.dll
0x77B20000 - 0x77B32000  C:WINDOWSsystem32MSASN1.dll
0x77BD0000 - 0x77BD7000  C:WINDOWSsystem32midimap.dll
0x77BE0000 - 0x77BF5000  C:WINDOWSsystem32MSACM32.dll
0x77C00000 - 0x77C08000  C:WINDOWSsystem32VERSION.dll
0x77C10000 - 0x77C68000  C:WINDOWSsystem32msvcrt.dll
0x77DD0000 - 0x77E6B000  C:WINDOWSsystem32ADVAPI32.dll
0x77E70000 - 0x77F02000  C:WINDOWSsystem32RPCRT4.dll
0x77F10000 - 0x77F59000  C:WINDOWSsystem32GDI32.dll
0x77F60000 - 0x77FD6000  C:WINDOWSsystem32SHLWAPI.dll
0x77FE0000 - 0x77FF1000  C:WINDOWSsystem32Secur32.dll
0x78000000 - 0x78045000  C:WINDOWSsystem32iertutil.dll
0x78050000 - 0x78120000  C:WINDOWSsystem32WININET.dll
0x78130000 - 0x78257000  C:WINDOWSsystem32urlmon.dll
0x7C800000 - 0x7C8F6000  C:WINDOWSsystem32kernel32.dll
0x7C900000 - 0x7C9AF000  C:WINDOWSsystem32ntdll.dll
0x7C9C0000 - 0x7D1D7000  C:WINDOWSsystem32SHELL32.dll
0x7E410000 - 0x7E4A1000  C:WINDOWSsystem32USER32.dll


----------------------------------------
    Memory Dump
----------------------------------------

Code: 16 bytes starting at (EIP = 0012C4D4)

0012C4D4: A0 A2 16 00  00 A3 16 00  20 AE 16 00  F8 C4 12 00  ........ .......


Stack: 1024 bytes starting at (ESP = 1AF0FFB8)

* = addr                            **                                *       
1AF0FFB0: CC CC CC CC  CC CC CC CC  13 B7 80 7C  00 00 00 00  ...........|....
1AF0FFC0: 00 00 00 00  40 C1 12 00  00 00 00 00  00 A0 F4 7F  ....@...........
1AF0FFD0: 05 00 00 C0  C0 FF F0 1A  DC FB F0 1A  FF FF FF FF  ................
1AF0FFE0: C0 9A 83 7C  20 B7 80 7C  00 00 00 00  00 00 00 00  ...| ..|........
1AF0FFF0: 00 00 00 00  D4 C4 12 00  00 00 00 00  00 00 00 00  ................
1AF10000: 4D 5A 90 00  03 00 00 00  04 00 00 00  FF FF 00 00  MZ..............
1AF10010: B8 00 00 00  00 00 00 00  40 00 00 00  00 00 00 00  ........@.......
1AF10020: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
1AF10030: 00 00 00 00  00 00 00 00  00 00 00 00  00 01 00 00  ................
1AF10040: 0E 1F BA 0E  00 B4 09 CD  21 B8 01 4C  CD 21 54 68  ........!..L.!Th
1AF10050: 69 73 20 70  72 6F 67 72  61 6D 20 63  61 6E 6E 6F  is program canno
1AF10060: 74 20 62 65  20 72 75 6E  20 69 6E 20  44 4F 53 20  t be run in DOS 
1AF10070: 6D 6F 64 65  2E 0D 0D 0A  24 00 00 00  00 00 00 00  mode....$.......
1AF10080: 12 8C D3 DB  56 ED BD 88  56 ED BD 88  56 ED BD 88  ....V...V...V...
1AF10090: 5A 01 D3 88  6E ED BD 88  5A 01 D0 88  54 ED BD 88  Z...n...Z...T...
1AF100A0: 71 2B C0 88  5B ED BD 88  56 ED BC 88  B5 ED BD 88  q+..[...V.......
1AF100B0: 71 2B C6 88  5F ED BD 88  71 2B D0 88  3C ED BD 88  q+.._...q+..<...
1AF100C0: 71 2B C7 88  57 ED BD 88  71 2B D3 88  6C ED BD 88  q+..W...q+..l...
1AF100D0: 71 2B C3 88  7A ED BD 88  71 2B C1 88  57 ED BD 88  q+..z...q+..W...
1AF100E0: 71 2B C5 88  57 ED BD 88  52 69 63 68  56 ED BD 88  q+..W...RichV...
1AF100F0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
1AF10100: 50 45 00 00  4C 01 04 00  74 11 B0 44  00 00 00 00  PE..L...t..D....
1AF10110: 00 00 00 00  E0 00 02 21  0B 01 08 00  00 9E 0E 00  .......!........
1AF10120: 00 8C 02 00  00 00 00 00  14 C3 07 00  00 10 00 00  ................
1AF10130: 00 B0 0E 00  00 00 00 03  00 10 00 00  00 02 00 00  ................
1AF10140: 06 00 00 00  06 00 00 00  04 00 00 00  00 00 00 00  ................
1AF10150: 00 50 11 00  00 04 00 00  7C 27 10 00  03 00 40 01  .P......|'....@.
1AF10160: 00 00 04 00  00 10 00 00  00 00 10 00  00 10 00 00  ................
1AF10170: 00 00 00 00  10 00 00 00  40 97 0E 00  48 16 00 00  [email protected]...
1AF10180: EC 89 0E 00  64 00 00 00  00 70 10 00  E0 03 00 00  ....d....p......
1AF10190: 00 00 00 00  00 00 00 00  00 B8 0F 00  70 25 00 00  ............p%..
1AF101A0: 00 80 10 00  64 8E 00 00  20 13 00 00  1C 00 00 00  ....d... .......
1AF101B0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
1AF101C0: 00 00 00 00  00 00 00 00  20 79 01 00  40 00 00 00  ........ y..@...
1AF101D0: 00 00 00 00  00 00 00 00  00 10 00 00  BC 02 00 00  ................
1AF101E0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
1AF101F0: 00 00 00 00  00 00 00 00  2E 74 65 78  74 00 00 00  .........text...
1AF10200: 88 9D 0E 00  00 10 00 00  00 9E 0E 00  00 04 00 00  ................
1AF10210: 00 00 00 00  00 00 00 00  00 00 00 00  20 00 00 60  ............ ..`
1AF10220: 2E 64 61 74  61 00 00 00  6C BC 01 00  00 B0 0E 00  .data...l.......
1AF10230: 00 48 00 00  00 A2 0E 00  00 00 00 00  00 00 00 00  .H..............
1AF10240: 00 00 00 00  40 00 00 C0  2E 72 73 72  63 00 00 00  [email protected]...
1AF10250: E0 03 00 00  00 70 10 00  00 04 00 00  00 EA 0E 00  .....p..........
1AF10260: 00 00 00 00  00 00 00 00  00 00 00 00  40 00 00 40  ............@..@
1AF10270: 2E 72 65 6C  6F 63 00 00  B0 C8 00 00  00 80 10 00  .reloc..........
1AF10280: 00 CA 00 00  00 EE 0E 00  00 00 00 00  00 00 00 00  ................
1AF10290: 00 00 00 00  40 00 00 42  00 00 00 00  00 00 00 00  [email protected]........
1AF102A0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
1AF102B0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
1AF102C0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
1AF102D0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
1AF102E0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
1AF102F0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
1AF10300: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
1AF10310: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
1AF10320: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
1AF10330: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
1AF10340: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
1AF10350: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
1AF10360: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
1AF10370: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
1AF10380: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
1AF10390: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
1AF103A0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
1AF103B0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................


------------------------------------------------------------------------------

EDIT: At this point I am just pushing __asm ret into WoW and it still crashes at CreateRemoteThread(). This is strange.

Code:

void SetMF()
{

	__asm ret

}
void End() { }

void CWoW::SetMovementFlag(HANDLE hProcess,int iFlag, int Enable, DWORD dwTime ) {

	DWORD dwBytesWritten;

	LPVOID lpAlloc = VirtualAllocEx( hProcess, NULL, 0x2000, MEM_COMMIT, PAGE_EXECUTE_READWRITE );
	
	WriteProcessMemory(hProcess,lpAlloc,(LPVOID)SetMF,((DWORD)End-(DWORD)SetMF),&dwBytesWritten);


	printf("Bytes Written %dn",dwBytesWritten);

	HANDLE hRemoteThread = CreateRemoteThread(hProcess,0,0, (LPTHREAD_START_ROUTINE)lpAlloc,0,0,NULL);

	WaitForSingleObject(hRemoteThread,INFINITE);

	CloseHandle(hRemoteThread);

	return;
}

**kynox** · 10-12-2008

Upload your DLL, i'll take a look.

**Xarg0** · 10-12-2008

I think the casting in your write Memory call is wrong, Use PtrToUlong(var) instead of (DWORD).

@kynox he doesn't inject a dll, he injects a void function and executes them with CreateRemoteThread, or atleast he tried to.

**kynox** · 10-12-2008

Originally Posted by Xarg0

I think the casting in your write Memory call is wrong, Use PtrToUlong(var) instead of (DWORD).

@kynox he doesn't inject a dll, he injects a void function and executes them with CreateRemoteThread, or atleast he tried to.

Yeah, i understand what he's doing. Just got the terminology wrong

. Upload your EXE and i'll take a look*.

**cenron** · 10-12-2008

Originally Posted by kynox

Yeah, i understand what he's doing. Just got the terminology wrong

. Upload your EXE and i'll take a look*.

Sweet, here is the EXE. You have to select a target for it to run the specified function.

My Test Bot

**Cypher** · 10-12-2008

When running your exe I'm getting an error about 'clear' not being a recognized command etc. It finds the PID okay but nothing happens after that.

Could you please double check your binary, or, even better, upload your entire project's source code and build settings. ie If you're using Visual Studio zip up the solution folder and upload that.

Using that I could dump all the debug info myself and also step through each line of code and pinpoint any that aren't working as intented. Short of hacking your binary without the source it's difficult for me to check API return values and other valuable information.

**kynox** · 10-12-2008

The problem is that you are using incremental linking. This inserts a jmp to your function so if you were to change it, you can easily edit the function and reassign the jmp destination.

So, what you are injecting, is a series of JMP's. This is not what you want, as you can imagine.

Turn off Incremental Linking in your Visual Studio Project options and try again

.

**cenron** · 10-13-2008

Originally Posted by kynox

The problem is that you are using incremental linking. This inserts a jmp to your function so if you were to change it, you can easily edit the function and reassign the jmp destination.

So, what you are injecting, is a series of JMP's. This is not what you want, as you can imagine.

Turn off Incremental Linking in your Visual Studio Project options and try again

.

DUDE THAT WAS A GREAT IDEA! But I am still having the same problem after I turned that option off

This is freaking crazy. DAM WOW AND ITS COMPLICATIONS!

**kynox** · 10-13-2008

Upload your new version.

Shout-Out

User Tag List

Thread: [Help] Accessing a function Out of Process

Thread Tools

Search Thread

[Help] Accessing a function Out of Process

Similar Threads

Need Help - Spell Cooldown and Out of Process Targeting

out-of process targeting help needed

[Out of Process] Calling functions in the VTable.

[HELP] Access Restriction Crash

[help] authentication has timed out

OwnedCore Forums

casino

CoreCoins

My OwnedCore

About Us

Casino