Thread Synchronization menu

User Tag List

Page 1 of 2 12 LastLast
Results 1 to 15 of 21
  1. #1
    qwjqwj's Avatar Member
    Reputation
    1
    Join Date
    Aug 2008
    Posts
    11
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Thread Synchronization

    I have also found CastSpellById and DoLuaString unstable while using Injection method to create new thread. WOW will crash randomly at random address when executing new thread, or crash at main thread after executing new thread.
    After heavy debugging, I found a good way to keep thread synchronization. I want to share my method here.

    [0x12ea330] - Addon Name String (if null, it is running in blizzard protected mode)
    [0x12ea334] - Addon Lock
    [0x12ea338] - Unknown

    The injection is executed as follows:

    1. suspend the main thread
    2. check [0x12ea334], if nonzero, resume main thread, sleep a while, and suspend again
    3. until [0x12ea334] == 0
    4. do the injection
    5. resume the main thread

    With this method, I can do castspellbyid 100 times per second and don't crash wow for a long time. Still, there is small possibility to crash WOW. I haven't find a better way to do synchronization now. Maybe the best way is to execute the injection wholly on main thread.

    Only the injection interfering with UI need this method to synchronize. Some other methods are completely safe, and don't need synchronization.

    If there is a better way, please tell me. Thanks

    Thread Synchronization
  2. #2
    Nesox's Avatar ★ Elder ★
    Reputation
    1280
    Join Date
    Mar 2007
    Posts
    1,238
    Thanks G/R
    0/3
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    how would you go about suspending wow's main thread?

  3. #3
    lanman92's Avatar Active Member
    Reputation
    50
    Join Date
    Mar 2007
    Posts
    1,033
    Thanks G/R
    0/1
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Uhm, SuspendThread()...?

  4. #4
    Nesox's Avatar ★ Elder ★
    Reputation
    1280
    Join Date
    Mar 2007
    Posts
    1,238
    Thanks G/R
    0/3
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    ok <3
    <fillah />

  5. #5
    testout's Avatar Member
    Reputation
    7
    Join Date
    May 2008
    Posts
    44
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Instead of creating a new thread could you do the following:

    Find a function thats called on the main thread (maybe like presenting the render for example)
    When you want to inject, patch this to make it jump to your injected code
    (which will run your code, undo the patch and jump back)

    You might have some problems with DEP or something, and I guess warden could detect it easy (but if you arent making your code public thats not a problem)
    Last edited by testout; 01-07-2009 at 08:34 AM.

  6. #6
    Cypher's Avatar Kynox's Sister's Pimp
    Reputation
    1358
    Join Date
    Apr 2006
    Posts
    5,368
    Thanks G/R
    0/6
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Just use DirectX hooks, the game is rendered in the main thread.

    You have two advantages then:
    1. No need to create new threads.
    2. No need to fear Warden, because legitimate tools already hook DirectX so they can't ban you just based off a DirectX.
    3. Warden currently doesn't check for any API hooks anyway.

  7. #7
    qwjqwj's Avatar Member
    Reputation
    1
    Join Date
    Aug 2008
    Posts
    11
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thank you very much for your advice. CreateRemoteThread is implemented in many bots but is really unreliable when interacting with UI. Is there any successful implementation with DirectX hooks already?

  8. #8
    hypnodok's Avatar Member
    Reputation
    19
    Join Date
    Nov 2007
    Posts
    65
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You could take a look at the WowX Basehack over at the GD forums (WoW Hack(base) - Game Deception - Forums).

  9. #9
    qwjqwj's Avatar Member
    Reputation
    1
    Join Date
    Aug 2008
    Posts
    11
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    hi, hypnodok, I have seen this source already, but can't download. Anonymous user don't have the right. I registered an account, but also don't have right to download. Can anybody here do me a favor to share that source for me? Thank you very much

  10. #10
    qwjqwj's Avatar Member
    Reputation
    1
    Join Date
    Aug 2008
    Posts
    11
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I have been debugging in Ollydbg for a couple of weeks for this thread issue. Everytime I logged on gamedeception, it says:

    "You have been banned for the following reason:
    No reason was specified.

    Date the ban will be lifted: Never
    "

  11. #11
    Nesox's Avatar ★ Elder ★
    Reputation
    1280
    Join Date
    Mar 2007
    Posts
    1,238
    Thanks G/R
    0/3
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I tried to suspend wow's main thread but it was a little bitchy and still is here's how i enumerate the threads ripped some of it from wowdev.dk
    Code:
    [DllImport("kernel32.dll", SetLastError = true)]
            static extern uint SuspendThread(IntPtr hThread);
    
            [DllImport("kernel32.dll", SetLastError = true)]
            static extern uint ResumeThread(IntPtr hThread);
    
            [DllImport("kernel32.dll", SetLastError = true)]
            private static extern IntPtr CreateToolhelp32Snapshot(uint dwFlags, uint th32ProcessID);
    
            [DllImport("kernel32.dll")]
            private static extern bool Thread32First(IntPtr hSnapshot, ref THREADENTRY32 lppe);
    
            [DllImport("kernel32.dll")]
            private static extern bool Thread32Next(IntPtr hSnapshot, ref THREADENTRY32 lppe);
    
            [DllImport("kernel32.dll")]
            private static extern IntPtr OpenThread(uint dwDesiredAccess, bool bInheritHandle, uint dwThreadId);
    
            [DllImport("ntdll.dll")]
            private static extern uint NtQueryInformationThread(IntPtr handle, uint infclass, ref THREAD_BASIC_INFORMATION info, uint length, IntPtr bytesread);
    
            [DllImport("kernel32.dll")]
            private static extern bool CloseHandle(IntPtr handle);
    
            [DllImport("advapi32.dll", SetLastError = true)]
            static extern uint GetSecurityInfo(
            IntPtr handle,
            _SE_OBJECT_TYPE ObjectType,
            SECURITY_INFORMATION SecurityInfo,
            out IntPtr pSidOwner,
            out IntPtr pSidGroup,
            out IntPtr pDacl,
            out IntPtr pSacl,
            out IntPtr pSecurityDescriptor);
    
            [DllImport("advapi32.dll", SetLastError = true)]
            static extern uint SetSecurityInfo(
            IntPtr handle,
            _SE_OBJECT_TYPE ObjectType,
            SECURITY_INFORMATION SecurityInfo,
            out IntPtr pSidOwner,
            out IntPtr pSidGroup,
            out IntPtr pDacl,
            out IntPtr pSacl,
            out IntPtr pSecurityDescriptor);
    
            enum SECURITY_INFORMATION
            {
                DACL_SECURITY_INFORMATION,
                LABEL_SECURITY_INFORMATION,
                GROUP_SECURITY_INFORMATION,
                OWNER_SECURITY_INFORMATION,
                PROTECTED_DACL_SECURITY_INFORMATION,
                PROTECTED_SACL_SECURITY_INFORMATION,
                SACL_SECURITY_INFORMATION,
                UNPROTECTED_DACL_SECURITY_INFORMATION,
                UNPROTECTED_SACL_SECURITY_INFORMATION
            };
    
            enum _SE_OBJECT_TYPE 
            {
                  SE_UNKNOWN_OBJECT_TYPE = 0,
                  SE_FILE_OBJECT,
                  SE_SERVICE,
                  SE_PRINTER,
                  SE_REGISTRY_KEY,
                  SE_LMSHARE,
                  SE_KERNEL_OBJECT,
                  SE_WINDOW_OBJECT,
                  SE_DS_OBJECT,
                  SE_DS_OBJECT_ALL,
                  SE_PROVIDER_DEFINED_OBJECT,
                  SE_WMIGUID_OBJECT,
                  SE_REGISTRY_WOW64_32KEY ,
                  SE_OBJECT_TYPE,
            };
    
            [StructLayout(LayoutKind.Sequential)]
            private struct THREADENTRY32
            {
                public UInt32 dwSize;
                public UInt32 cntUsage;
                public UInt32 th32ThreadID;
                public UInt32 th32OwnerProcessID;
                public Int32 tpBasePri;
                public Int32 tpDeltaPri;
                public UInt32 dwFlags;
            }
    
            [StructLayout(LayoutKind.Sequential)]
            private struct THREAD_BASIC_INFORMATION
            {
                public bool ExitStatus;
                public IntPtr TebBaseAddress;
                public uint processid;
                public uint threadid;
                public uint AffinityMask;
                public uint Priority;
                public uint BasePriority;
            }
    
            private const uint TH32CS_SNAPTHREAD = 0x00000004;
            private const uint THREAD_SUSPEND_RESUME = 0x0002;
    
            private IntPtr GetWowsMainThread(Process process)
            {
                uint THREAD_QUERY_INFORMATION = 0x40;
                IntPtr snaphandle = IntPtr.Zero;
                IntPtr threadhandle = IntPtr.Zero;
    
                snaphandle = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
                if (snaphandle != null)
                {
                    THREADENTRY32 info = new THREADENTRY32();
                    info.dwSize = (uint)System.Runtime.InteropServices.Marshal.SizeOf(typeof(THREADENTRY32));
                    bool morethreads = true;
                    bool found = false;
                    if (Thread32First(snaphandle, ref info))
                    {
                        while (morethreads && !found)
                        {
                            if (info.th32OwnerProcessID == process.Id)
                            {
                                threadhandle = OpenThread(THREAD_QUERY_INFORMATION, false, info.th32ThreadID);
                                if (threadhandle != null)
                                {
                                    THREAD_BASIC_INFORMATION tbi = new THREAD_BASIC_INFORMATION();
                                    NtQueryInformationThread(threadhandle, 0, ref tbi, (uint)System.Runtime.InteropServices.Marshal.SizeOf(typeof(THREAD_BASIC_INFORMATION)), IntPtr.Zero);
    
                                    if (tbi.processid == process.Id)
                                    {
                                        SetSecurityInfo(
                                            threadhandle,
    
    
                                        Console.WriteLine("TBI");
                                        Console.WriteLine("0x{0:X08}", tbi.threadid);
                                        Console.WriteLine("hThread:0x{0:X04}", threadhandle);
                                        Console.WriteLine("Trying to suspend");
    
                                        Console.WriteLine("Result:0x{0:X08}", SuspendThread(threadhandle) );
                                        CloseHandle(threadhandle);
                                        break;
                                    }
                                }
                            }
    
                            info.dwSize = (uint)System.Runtime.InteropServices.Marshal.SizeOf(typeof(THREADENTRY32));
                            morethreads = Thread32Next(snaphandle, ref info);
                        }
                    }
    
                    CloseHandle(snaphandle);
                }
    
                return threadhandle;
            }
    I figured you need to set the Security Information on wow's main thread to
    Code:
    private const uint THREAD_SUSPEND_RESUME = 0x0002;
    but i cant figure out how to use SetSecurityInfo, anyone of you ever used it for something cunny?
    Last edited by Nesox; 01-07-2009 at 10:41 AM.

  12. #12
    testout's Avatar Member
    Reputation
    7
    Join Date
    May 2008
    Posts
    44
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Sign up again?

  13. #13
    qwjqwj's Avatar Member
    Reputation
    1
    Join Date
    Aug 2008
    Posts
    11
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I have signed many accounts there. All been banned immediately after registered.

  14. #14
    qwjqwj's Avatar Member
    Reputation
    1
    Join Date
    Aug 2008
    Posts
    11
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes, first use GetSecurityInfo,
    then SetSecurityInfo, and OpenThread with the arg 0x1F03FF
    After that, you can SuspendThread or ResumeThread easily.
    There is no need to enum all threads in WOW. Just main thread is ok


    Originally Posted by Nesox View Post
    I tried to suspend wow's main thread but it was a little bitchy and still is here's how i enumerate the threads ripped some of it from wowdev.dk
    Code:
    [DllImport("kernel32.dll", SetLastError = true)]
            static extern uint SuspendThread(IntPtr hThread);
    
            [DllImport("kernel32.dll", SetLastError = true)]
            static extern uint ResumeThread(IntPtr hThread);
    
            [DllImport("kernel32.dll", SetLastError = true)]
            private static extern IntPtr CreateToolhelp32Snapshot(uint dwFlags, uint th32ProcessID);
    
            [DllImport("kernel32.dll")]
            private static extern bool Thread32First(IntPtr hSnapshot, ref THREADENTRY32 lppe);
    
            [DllImport("kernel32.dll")]
            private static extern bool Thread32Next(IntPtr hSnapshot, ref THREADENTRY32 lppe);
    
            [DllImport("kernel32.dll")]
            private static extern IntPtr OpenThread(uint dwDesiredAccess, bool bInheritHandle, uint dwThreadId);
    
            [DllImport("ntdll.dll")]
            private static extern uint NtQueryInformationThread(IntPtr handle, uint infclass, ref THREAD_BASIC_INFORMATION info, uint length, IntPtr bytesread);
    
            [DllImport("kernel32.dll")]
            private static extern bool CloseHandle(IntPtr handle);
    
            [DllImport("advapi32.dll", SetLastError = true)]
            static extern uint GetSecurityInfo(
            IntPtr handle,
            _SE_OBJECT_TYPE ObjectType,
            SECURITY_INFORMATION SecurityInfo,
            out IntPtr pSidOwner,
            out IntPtr pSidGroup,
            out IntPtr pDacl,
            out IntPtr pSacl,
            out IntPtr pSecurityDescriptor);
    
            [DllImport("advapi32.dll", SetLastError = true)]
            static extern uint SetSecurityInfo(
            IntPtr handle,
            _SE_OBJECT_TYPE ObjectType,
            SECURITY_INFORMATION SecurityInfo,
            out IntPtr pSidOwner,
            out IntPtr pSidGroup,
            out IntPtr pDacl,
            out IntPtr pSacl,
            out IntPtr pSecurityDescriptor);
    
            enum SECURITY_INFORMATION
            {
                DACL_SECURITY_INFORMATION,
                LABEL_SECURITY_INFORMATION,
                GROUP_SECURITY_INFORMATION,
                OWNER_SECURITY_INFORMATION,
                PROTECTED_DACL_SECURITY_INFORMATION,
                PROTECTED_SACL_SECURITY_INFORMATION,
                SACL_SECURITY_INFORMATION,
                UNPROTECTED_DACL_SECURITY_INFORMATION,
                UNPROTECTED_SACL_SECURITY_INFORMATION
            };
    
            enum _SE_OBJECT_TYPE 
            {
                  SE_UNKNOWN_OBJECT_TYPE = 0,
                  SE_FILE_OBJECT,
                  SE_SERVICE,
                  SE_PRINTER,
                  SE_REGISTRY_KEY,
                  SE_LMSHARE,
                  SE_KERNEL_OBJECT,
                  SE_WINDOW_OBJECT,
                  SE_DS_OBJECT,
                  SE_DS_OBJECT_ALL,
                  SE_PROVIDER_DEFINED_OBJECT,
                  SE_WMIGUID_OBJECT,
                  SE_REGISTRY_WOW64_32KEY ,
                  SE_OBJECT_TYPE,
            };
    
            [StructLayout(LayoutKind.Sequential)]
            private struct THREADENTRY32
            {
                public UInt32 dwSize;
                public UInt32 cntUsage;
                public UInt32 th32ThreadID;
                public UInt32 th32OwnerProcessID;
                public Int32 tpBasePri;
                public Int32 tpDeltaPri;
                public UInt32 dwFlags;
            }
    
            [StructLayout(LayoutKind.Sequential)]
            private struct THREAD_BASIC_INFORMATION
            {
                public bool ExitStatus;
                public IntPtr TebBaseAddress;
                public uint processid;
                public uint threadid;
                public uint AffinityMask;
                public uint Priority;
                public uint BasePriority;
            }
    
            private const uint TH32CS_SNAPTHREAD = 0x00000004;
            private const uint THREAD_SUSPEND_RESUME = 0x0002;
    
            private IntPtr GetWowsMainThread(Process process)
            {
                uint THREAD_QUERY_INFORMATION = 0x40;
                IntPtr snaphandle = IntPtr.Zero;
                IntPtr threadhandle = IntPtr.Zero;
    
                snaphandle = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
                if (snaphandle != null)
                {
                    THREADENTRY32 info = new THREADENTRY32();
                    info.dwSize = (uint)System.Runtime.InteropServices.Marshal.SizeOf(typeof(THREADENTRY32));
                    bool morethreads = true;
                    bool found = false;
                    if (Thread32First(snaphandle, ref info))
                    {
                        while (morethreads && !found)
                        {
                            if (info.th32OwnerProcessID == process.Id)
                            {
                                threadhandle = OpenThread(THREAD_QUERY_INFORMATION, false, info.th32ThreadID);
                                if (threadhandle != null)
                                {
                                    THREAD_BASIC_INFORMATION tbi = new THREAD_BASIC_INFORMATION();
                                    NtQueryInformationThread(threadhandle, 0, ref tbi, (uint)System.Runtime.InteropServices.Marshal.SizeOf(typeof(THREAD_BASIC_INFORMATION)), IntPtr.Zero);
    
                                    if (tbi.processid == process.Id)
                                    {
                                        SetSecurityInfo(
                                            threadhandle,
    
    
                                        Console.WriteLine("TBI");
                                        Console.WriteLine("0x{0:X08}", tbi.threadid);
                                        Console.WriteLine("hThread:0x{0:X04}", threadhandle);
                                        Console.WriteLine("Trying to suspend");
    
                                        Console.WriteLine("Result:0x{0:X08}", SuspendThread(threadhandle) );
                                        CloseHandle(threadhandle);
                                        break;
                                    }
                                }
                            }
    
                            info.dwSize = (uint)System.Runtime.InteropServices.Marshal.SizeOf(typeof(THREADENTRY32));
                            morethreads = Thread32Next(snaphandle, ref info);
                        }
                    }
    
                    CloseHandle(snaphandle);
                }
    
                return threadhandle;
            }
    I figured you need to set the Security Information on wow's main thread to
    Code:
    private const uint THREAD_SUSPEND_RESUME = 0x0002;
    but i cant figure out how to use SetSecurityInfo, anyone of you ever used it for something cunny?

  15. #15
    Nesox's Avatar ★ Elder ★
    Reputation
    1280
    Join Date
    Mar 2007
    Posts
    1,238
    Thanks G/R
    0/3
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ah ok, cheers
    EDIT: Works like a charm
    Last edited by Nesox; 01-07-2009 at 01:57 PM.

Page 1 of 2 12 LastLast

Similar Threads

  1. Joana Mancow Leveling Video Request Thread
    By Matt in forum World of Warcraft General
    Replies: 31
    Last Post: 11-19-2006, 02:54 PM
  2. Decide which Banner we use voting thread
    By Matt in forum Community Chat
    Replies: 43
    Last Post: 06-30-2006, 06:22 AM
  3. MMOwned's Official Unofficial PTR (Public Test Realm) Thread!
    By janzi9 in forum World of Warcraft General
    Replies: 11
    Last Post: 05-27-2006, 06:56 PM
  4. Gimped Thread!
    By janzi9 in forum Community Chat
    Replies: 5
    Last Post: 05-24-2006, 11:36 PM
  5. Pimped Thread!
    By janzi9 in forum Community Chat
    Replies: 1
    Last Post: 05-24-2006, 03:49 AM
All times are GMT -5. The time now is 08:20 AM. Powered by vBulletin® Version 4.2.3
Copyright © 2025 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2025 DragonByte Technologies Ltd.
Google Authenticator verification provided by Two-Factor Authentication (Free) - vBulletin Mods & Addons Copyright © 2025 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search