Injector crashes WoW. menu
Follow us:

User Tag List

Results 1 to 2 of 2
  1. 11-13-2008 #1
    cenron's Avatar
    cenron
    cenron is offline
    Member
    Reputation
    12
    Join Date
    Mar 2008
    Posts
    93
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Injector crashes WoW.

    Hey guys I am trying to write and DLL injector that injects a stub and changes EIP in a thread to execute it. For some reason WoW crashes each time I run it.

    Code:
    void __declspec(naked) LoadDLL() {

	   _asm{
      push 0x000000
      pushfd
      pushad

      popad
      popfd

      ret
   }
}

void __declspec(naked) LoadDLLEnd() {}

int main() {

	// Variable declaration.
	char dllpath[MAX_PATH];
	u_long uLoadLib;
	u_int uFuncLen = ((u_int)LoadDLLEnd - (u_int)LoadDLL);
	
	// Set debug privileges.
	AddDebugPrivileges();

	// Intro...
	printf("[+] Syringe World of Warcraft DLL Injector\n[+] Author: Cenron\n\n");
	printf("[+] Waiting for World of Warcraft to start...\n");

	// Wait for World of Warcraft to start.
	while(!FindWindowA("GxWindowClassD3d",NULL)) { Sleep(500); }


	
	// Get the current path to the exe
	GetModuleFileName(NULL,dllpath,sizeof(dllpath));

	// Run through the string backwards and replace .exe with .dll
	for(int i = strlen(dllpath); i > 0; i--) {
		if(dllpath[i] == '.') {
			memcpy(&dllpath[i+1],"dll",3);
			break;
		}
	}

	// Get The address for our LoadLibraryA
	uLoadLib = (u_long)GetProcAddress(GetModuleHandle("kernel32.dll"),"LoadLibraryA");

	// Get the program PID.
	DWORD dwPID = dwGetPid(PROC_NAME);

	// Open a handle to world of warcraft.
	HANDLE hWoW = OpenProcess(PROCESS_ALL_ACCESS,false,dwPID);

	// Allocate memory for the dll string and stub.
	LPVOID lpDllString = VirtualAllocEx(hWoW,NULL,strlen(dllpath)+1, MEM_COMMIT, PAGE_READWRITE);
	LPVOID lpStub = VirtualAllocEx(hWoW,NULL,uFuncLen, MEM_COMMIT, PAGE_READWRITE);
	WriteProcessMemory(hWoW, lpDllString, dllpath, strlen(dllpath), NULL);

	DWORD dwThreadID = GetTargetThreadId(dwPID);
	HANDLE hThread = OpenThread(THREAD_ALL_ACCESS,false,dwThreadID);
	
	SuspendThread(hThread);

	CONTEXT ctx;
	ctx.ContextFlags = CONTEXT_CONTROL;
	GetThreadContext(hThread,&ctx);

	// Get the old EIP and change it to the stub address.
	u_long oldEIP = ctx.Eip;
	ctx.Eip = (DWORD)lpStub;
	ctx.ContextFlags = CONTEXT_CONTROL;

	DWORD oldProt = 0;
	VirtualProtect(LoadDLL, uFuncLen, PAGE_EXECUTE_READWRITE, &oldProt);
	memcpy((void *)((u_long)LoadDLL+1),&oldEIP,4);
	// Write to the stub space.
	WriteProcessMemory(hWoW, lpStub, LoadDLL, uFuncLen, NULL);

	SetThreadContext(hThread,&ctx);
	ResumeThread(hThread);

	getchar();
	
	VirtualFreeEx(hWoW, lpDllString, strlen(dllpath), MEM_DECOMMIT);
	VirtualFreeEx(hWoW, lpStub, uFuncLen, MEM_DECOMMIT);
	CloseHandle(hWoW);
	CloseHandle(hThread);

return 0;
}
    Code:
    ERROR #132 (0x85100084) Fatal Exception
Program:	C:\wow\WoW.exe
Exception:	0xC0000005 (ACCESS_VIOLATION) at 001B:7E50E4F9

The instruction at "0x7E50E4F9" referenced memory at "0x7E50E4F9".
The memory could not be "read".

----------------------------------------
    x86 Registers
----------------------------------------

EAX=00000000  EBX=00004021  ECX=0019AA70  EDX=01C00000  ESI=7C90D580
EDI=00100001  EBP=0019AD68  ESP=0019AA70  EIP=7E50E4F9  FLG=00010202
CS =001B      DS =0023      ES =0023      SS =0023      FS =003B      GS =0000
    Last edited by cenron; 11-13-2008 at 08:28 PM. Reason: Had to update code.
    Reply With Quote Reply With Quote
    Injector crashes WoW.
  2. 11-14-2008 #2
    Shynd's Avatar
    Shynd
    Shynd is offline
    Contributor
    Reputation
    97
    Join Date
    May 2008
    Posts
    393
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Is incremental linking turned on in your compiler settings?

    Edit: By the way, you can do the same thing something like:

    Code:
    int main() {

    DWORD uFuncLen;

    __asm {
        jmp End
    Start:
        push 0x000000
        pushfd
        pushad

        popad
        popfd

        ret
    End:
        push eax
        mov eax, End
        sub eax, Start
        mov uFuncLen, eax
        pop eax
    }


    //...whatever else here
}
    ...or something. Works regardless of compiler settings.
    Last edited by Shynd; 11-14-2008 at 04:44 PM.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Similar Threads

  1. Patches crash WoW
    By dev1462 in forum WoW ME Tools & Guides
    Replies: 2
    Last Post: 04-19-2008, 10:19 AM
  2. Map editing crashes WoW on Vista, why!
    By dev1462 in forum WoW ME Questions and Requests
    Replies: 0
    Last Post: 04-13-2008, 12:23 PM
  3. [Hunter] Disconect/Crash WoW
    By jonoboo in forum World of Warcraft Exploits
    Replies: 2
    Last Post: 12-28-2007, 04:45 PM
  4. Quests crashing wow
    By Le Froid in forum World of Warcraft Emulator Servers
    Replies: 7
    Last Post: 11-27-2007, 10:46 PM
  5. [Question] MEfix crashing wow still? Help please
    By ravner298 in forum WoW ME Questions and Requests
    Replies: 4
    Last Post: 10-11-2007, 04:58 PM
All times are GMT -5. The time now is 01:32 AM. Powered by vBulletin® Version 4.2.3
Copyright © 2024 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2024 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search