Black Magic

[Shamun]

I'm trying to use the Black Magic lib and inject an assembly code into WoW so I can use interact function...

For some reason the debugger shows me an exception:
Injection failed for some reason (VS 2005)

Code:

public void Interact()
        {
            UInt64 targetGUID = wow.ReadUInt64(0x010A58B8);

            uint VFunc = wow.ReadUInt(wow.ReadUInt(objects[targetGUID].Address) + (36 * 4));

            wow.Asm.Clear();
            uint codeCave = wow.AllocateMemory(0x1000);

            wow.Asm.AddLine("mov EDX, [0x011CA260]");
            wow.Asm.AddLine("mov EDX, [EDX+0x2864]");
            wow.Asm.AddLine("FS mov EAX, [0x2C]");
            wow.Asm.AddLine("mov EAX, [EAX]");
            wow.Asm.AddLine("add EAX, 8");
            wow.Asm.AddLine("mov [EAX], edx");
            wow.Asm.AddLine("mov ecx, {0}", objects[targetGUID].Address);
            wow.Asm.AddLine("call {0}", VFunc);
            wow.Asm.AddLine("retn");

            uint interact = wow.Asm.InjectAndExecute(codeCave);
            wow.FreeMemory(codeCave);
        }

As you can guess wow is the object of Black Magic.
objects is my dictionary for the objects in the linked list using GUID as key.

This is how I initialize wow:

Code:

Process[] processes = Process.GetProcessesByName("Wow");
            wow = new BlackMagic();
            if (!wow.OpenProcessAndThread(processes[pIndex].MainWindowHandle))
                throw new Exception("Can't open the process");

pIndex is an index for the instance of wow i want to use.

Here is some info from olly:

Registers:
EAX 0029E9AC
ECX 00000001
EDX 00000000
EBX E0434F4D
ESP 0029E9AC
EBP 0029E9FC
ESI 0029EA34
EDI 00447498
EIP 779542EB KERNEL32.779542EB
C 0 ES 0023 32bit 0(FFFFFFFF)
P 1 CS 001B 32bit 0(FFFFFFFF)
A 0 SS 0023 32bit 0(FFFFFFFF)
Z 0 DS 0023 32bit 0(FFFFFFFF)
S 0 FS 003B 32bit 7FFDF000(FFF)
T 0 GS 0000 NULL
D 0
O 0 LastErr ERROR_MOD_NOT_FOUND (0000007E)
EFL 00000206 (NO,NB,NE,A,NS,PE,GE,G)
ST0 empty 0.0
ST1 empty 0.0
ST2 empty 0.0
ST3 empty 0.0
ST4 empty 0.0
ST5 empty 0.0
ST6 empty 0.0
ST7 empty 0.0
3 2 1 0 E S P U O Z D I
FST 0000 Cond 0 0 0 0 Err 0 0 0 0 0 0 0 0 (GT)
FCW 027F Prec NEAR,53 Mask 1 1 1 1 1 1


Code in CPU: (Only two lines which the exception come between)
779542E5 FF15 14179177 CALL DWORD PTR DS: <&ntdll.RtlRaiseExcep>; ntdll.RtlRaiseException
779542EB C9 LEAVE

[Robske]

The code looks fine,

I think shynd said that fasm_managed.dll is a wrapper for fasm.dll, so make sure you include fasm.dll in your project.

Does it work if you build your project with FASM.dll in the bin/release folder? (run the exe after instead of debugging in VC)

[Shamun]

hmm i can't use fasm.dll as reference but i'll try what you said

[Shamun]

yes! it works thx