[Help] Movement

[cenron]

There's a few different ways. You can either go all-out and write and inject a DLL that sends information back and forth between processes--sockets, named pipes, shared memory, Windows messages--or, if you're only going to be needing the return value every so often, as with GetNumLootItems or something, you can put what you want to be returned into the EAX register, RETN, and then call kernel32.GetExitCodeThread(hThread);.

For instance, say you inject code that does something like:

Code:

CALL wow.GetNumLootItems ;return value will be in EAX
RETN

and execute it using CreateRemoteThread. Your code might look like:

Code:

//do whatever injection up here somewhere
HANDLE hThread = CreateRemoteThread(..whatever);
WaitForSingleObject(hThread, INFINITE);
DWORD dwNumLootItems = GetExitCodeThread(hThread);
CloseHandle(hThread);

Now dwNumLootItems holds the exit code, or value of EAX upon RETN, of your injected thread. Make sense?

Wow thanks man. Thats awesome!

[Cypher]

There's a few different ways. You can either go all-out and write and inject a DLL that sends information back and forth between processes--sockets, named pipes, shared memory, Windows messages--or, if you're only going to be needing the return value every so often, as with GetNumLootItems or something, you can put what you want to be returned into the EAX register, RETN, and then call kernel32.GetExitCodeThread(hThread);.

For instance, say you inject code that does something like:

Code:

CALL wow.GetNumLootItems ;return value will be in EAX
RETN

and execute it using CreateRemoteThread. Your code might look like:

Code:

//do whatever injection up here somewhere
HANDLE hThread = CreateRemoteThread(..whatever);
WaitForSingleObject(hThread, INFINITE);
DWORD dwNumLootItems = GetExitCodeThread(hThread);
CloseHandle(hThread);

Now dwNumLootItems holds the exit code, or value of EAX upon RETN, of your injected thread. Make sense?

Just to point something out so it's not confusing to people.

You're not "putting the return value in EAX". EAX is the standard register used to hold the return values of functions. All you're doing is creating a thread which calls another function, then passing along the return value of that function by not modifying it when your thread returns (ie You're not modifying EAX so its value is the same when your thread returns, and hence your thread's return value is the return value of the last function you called).

It's not an important distinction in this case, but it is when you're doing other things.

[Neffarian]

this is already solved

http://forum.gamedeception.net/showt...981#post101981

nox posted an olly plugin. currently warden can check what your reading, however i havnt been banned yet.

if your going to inject code in the future, make sure your detours arent default

[Cypher]

this is already solved

WoW OllyDbg Plugin - Game Deception - Forums

nox posted an olly plugin. currently warden can check what your reading, however i havnt been banned yet.

if your going to inject code in the future, make sure your detours arent default

What the **** are you talking about. Do you even understand what that plugin is for? Obviously you don't.

The plugin is used to bypass the CRC check upon login that is fired if you have software breakpoints enabled which put an int3 in the code segment and hence forth change the expected CRC.

Please, if you're going to post, make sure you know what you're talking about.