Lua injection return value. menu

These ads disappear when you log in.

Results 1 to 2 of 2
  1. #1
    LogicWin's Avatar Master Sergeant
    Reputation
    51
    Join Date
    Mar 2011
    Posts
    103
    Thanks G/R
    2/0
    Trade Feedback
    0 (0%)

    Lua injection return value.

    Hi, i have some problems with my Lua injector. The problem is getting return value from GetLocalizedText.
    I've have never been enable to get the return.
    The code is copy&paste from another thread.

    So please, anyone? Been trying to fix this for a week :S
    Code:
    Func DoString($command)
    
    	$desc = "s_text"
    	$cmd = "s_text = " & $command
    	
      ; write ret var
      _MemoryWrite( "0x" & hex($injected_code + 512), $wow, $desc, "char[" & StringLen( $desc )+ 1 & "]" )
    
      ; write lua command
      _MemoryWrite( "0x" & hex($injected_code + 1024), $wow, $cmd, "char[" & StringLen( $cmd )+1 & "]" )
    Sleep(100)
      ; change status
      $stat = 1
      _MemoryWrite( "0x" & hex($injected_code + 256), $wow, $stat, "dword" )
      
      ; wait execution
      do 
        $stat = _MemoryRead( "0x" & hex($injected_code + 256), $wow, "dword" )
      Until $stat = 0
      
      ; read answer  
      $ret = _MemoryRead( "0x" & hex($injected_code + 768), $wow, "char[256]" )
      
      Return $ret
      
    EndFunc
    
    ; Gets player base address
    $base = _MemoryRead($wowbase + 0x930BF8, $wow, "dword")
    $base_2 = _MemoryRead("0x" & hex($base + 0x38), $wow, "dword")
    $base_3 = _MemoryRead("0x" & hex($base_2 + 0x24), $wow, "dword")
    
    Global Const $Lua_Dostring = $wowbase + 0x003A2620
    Global Const $GetLocalizedText = $wowbase + 0x1C2250
    Global Const $oEndScene = 0xA8
    Global Const $pDevicePtr_1 = $wowbase + 0x98bcdc
    Global Const $pDevicePtr_2 = 0x27c4
    Global $ClntObjMgrGetActivePlayerObj = $wowbase + 0x3520
    
    Global Const $OM_CLIENT_CONNECTION = $wowbase + 0x8BF1A8
    Global Const $OM_OFFSET_1 = 0x462C
    $firstObject = 0xB4
    $nextObject = 0x3C
    $localGuid = 0xB8
    $GameObjectGuid = 0x30
    
    
    Func InjectIt()
    LogIt("Injecting started...")
    LogIt("Getting offsets..")
    
    $pDevice = _MemoryRead("0x" & hex($pDevicePtr_1), $wow, "dword")
    $pEnd = _MemoryRead("0x" & hex($pDevice + $pDevicePtr_2), $wow, "dword")
    $pScene = _MemoryRead("0x" & hex($pEnd), $wow, "dword")
    $pEndScene = _MemoryRead("0x" & hex($pScene + $oEndScene), $wow, "dword")
    
    LogIt("pEnd = 0x" & hex($pDevice + $pDevicePtr_2))
    LogIt("pScene = 0x" & $pScene)
    LogIt("pDevice = 0x" & hex($pDevice))
    LogIt("pEndScene = 0x" & hex($pScene + $oEndScene))
    LogIt("Offset loaded!")
    LogIt("Injection began!")
    
    ; injected code
    Global $injected_code 
    
    ; check if already hooked   
    $orig = _MemoryRead( "0x" & hex($pEndScene), $wow, "byte[64]" )
    
    ; autoit is garbage
    $orig_ptr = DllStructCreate("byte[64]")
    DllStructSetData( $orig_ptr, 1, $orig )
    
    ; check for push xxxxxxxx/ret/nop
    ; 0x68, 0xC3, 0x90
    if DllStructGetData( $orig_ptr, 1, 1 ) == 104 and _
       DllStructGetData( $orig_ptr, 1, 6 ) == -61 and DllStructGetData( $orig_ptr, 1, 7 ) == -112 Then
       
      $injected_code = _MemoryRead( "0x" & hex($pEndScene + 1), $wow, "dword" ) 
    else
      ; allocate memory to store injected code
      $injected_code = _MemVirtualAllocEx( $wow[1], dec($wowbase), 2048, $MEM_COMMIT, $PAGE_EXECUTE_READWRITE )
      LogIt("Injection_code = " & $injected_code)
      ; Generate the STUB to be injected
      $Asm = AsmInit()
      AsmReset($Asm)
      ; save regs
      AsmAdd($Asm, "pushad")
      AsmAdd($Asm, "pushfd")
      ; check if theres something to be run
      AsmAdd($Asm, "mov esi, " & hex( $injected_code + 256 ) & "h")
      AsmAdd($Asm, "cmp dword [esi], 0" )
      AsmAdd($Asm, "jz $+73" ) ; label exit:
      ; UpdateCurMgr
      AsmAdd($Asm, "mov edx, [" & hex($OM_CLIENT_CONNECTION) & "h]")
      AsmAdd($Asm, "mov edx, [ edx + " & hex( $OM_OFFSET_1 ) & "h]")
      AsmAdd($Asm, "mov eax, fs:[2Ch]")
      AsmAdd($Asm, "mov eax, [eax]")
      AsmAdd($Asm, "add eax, 0x10");pre 0x10
      AsmAdd($Asm, "mov [eax], edx")
      ; DoString
      AsmAdd($Asm, "mov esi, " & hex( $injected_code + 1024 ) & "h")
      AsmAdd($Asm, "push 0" )
      AsmAdd($Asm, "push esi" )
      AsmAdd($Asm, "push esi" )
      AsmAdd($Asm, "mov eax, " & hex( $Lua_Dostring ) & "h" )
      AsmAdd($Asm, "call eax" )
      AsmAdd($Asm, "add esp, 0Ch" )
      ; check if theres something to be returned on
      AsmAdd($Asm, "mov esi, " & hex( $injected_code + 512 ) & "h")
      AsmAdd($Asm, "cmp dword [esi], 0" )
      AsmAdd($Asm, "jz $+2D" ) ; label exit: 
      ; GetLocalizedText
      AsmAdd($Asm, "mov ecx, " & hex( $base_3 ) & "h") ; must be made dynamic
      AsmAdd($Asm, "push -1")
      AsmAdd($Asm, "push esi")
      AsmAdd($Asm, "mov eax, " & hex( $GetLocalizedText ) & "h" )
      AsmAdd($Asm, "call eax")
      AsmAdd($Asm, "cmp eax, 0" )
      AsmAdd($Asm, "jz $+11" ) ; label exit:
      ; copy return string
      AsmAdd($Asm, "mov esi, eax")
      AsmAdd($Asm, "mov edi, " & hex( $injected_code + 768 ) & "h")
      AsmAdd($Asm, "copy:")
      AsmAdd($Asm, "lodsb")
      AsmAdd($Asm, "stosb")
      AsmAdd($Asm, "cmp al, 0")
      AsmAdd($Asm, "jnz @copy")
      ; clean state busy flag
      AsmAdd($Asm, "exit:")
      AsmAdd($Asm, "xor eax, eax")
      AsmAdd($Asm, "mov edi, " & hex( $injected_code + 256 ) & "h")
      AsmAdd($Asm, "stosd")
      AsmAdd($Asm, "mov edi, " & hex( $injected_code + 512 ) & "h")
      AsmAdd($Asm, "stosd")
      ; restore regs
      AsmAdd($Asm, "popfd")
      AsmAdd($Asm, "popad")
    
      ; copy injected code
      _MemoryWrite( "0x" & hex( $injected_code ), $wow, AsmGetBinary($Asm), "byte[" & $Asm[2] & "]" )
    
      ; create hook jump
      $jmpto = AsmInit()
      AsmReset( $jmpto )
      AsmAdd( $jmpto, "push " & hex( $injected_code ) & "h" )
      AsmAdd( $jmpto, "ret")
      AsmAdd( $jmpto, "nop")
    
      ; save original instructions
      _MemoryWrite( "0x" & hex($injected_code + $Asm[2]), $wow, $orig, "byte[64]" )
        
      ; disasm original bytes
      $DecodeArray = DllStructCreate("byte[" & $sizeofDecodedInst * 64 & "]")
      $ret = distorm_decode(0,  DllStructGetPtr($orig_ptr), 64, $Decode32Bits, DllStructGetPtr($DecodeArray), 64)
    
      ; parse until we can jump back
      $sumsize = 0
      If $ret[0] == $DECRES_SUCCESS Then
        For $i = 0 To $ret[1] ; number of decoded instructions
          ; get size of 1 instruction
          $instr = DllStructCreate($tagDecodedInst, DllStructGetPtr($DecodeArray) + ($i * $sizeofDecodedInst))
          $sumsize += DllStructGetData($instr, "size")
    
          ; check if we copied enough instructions
          if $sumsize >= $jmpto[2] Then
          
            ; create jump back stub
            $jmpback = AsmInit()
            AsmReset( $jmpback )
            AsmAdd( $jmpback, "push " & hex($pEndScene + $sumsize) & "h" )
            AsmAdd( $jmpback, "ret")
            AsmAdd( $jmpback, "nop")
    
            ; write jump back 
            _MemoryWrite( "0x" & hex($injected_code + $Asm[2] + $sumsize), $wow, AsmGetBinary($jmpback), "byte[" & $jmpback[2] & "]" )
            ExitLoop
          Endif	
        Next
      Endif
        
      ; write jump hook
      _MemoryWrite( "0x" & hex($pEndScene), $wow, AsmGetBinary($jmpto), "byte[" & $jmpto[2] & "]" )
    EndIf
    EndFunc

    These ads disappear when you log in.

  2. #2
    LogicWin's Avatar Master Sergeant
    Reputation
    51
    Join Date
    Mar 2011
    Posts
    103
    Thanks G/R
    2/0
    Trade Feedback
    0 (0%)
    Any help`?

Similar Threads

  1. [Question] Lua Callback: Return table of values
    By DrakeFish in forum WoW Memory Editing
    Replies: 6
    Last Post: 06-18-2011, 10:44 PM
  2. Assembler Injection -> Getting return value?
    By streppel in forum WoW Memory Editing
    Replies: 11
    Last Post: 06-05-2011, 07:27 AM
  3. POC Class to Manage Lua Calls and Return Values
    By Xarg0 in forum WoW Memory Editing
    Replies: 7
    Last Post: 01-22-2010, 10:38 AM
  4. [WoW][3.0.9] A way to get return values from Lua Functions
    By ramey in forum WoW Memory Editing
    Replies: 6
    Last Post: 03-22-2009, 10:09 PM
All times are GMT -5. The time now is 11:09 AM. Powered by vBulletin® Version 4.2.3
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved. Digital Point modules: Sphinx-based search