DoString Trouble

[ramey]

Lua_Register.

Check out The Programming Language Lua, and download the source code. Find how functions get registered. Look at WoWX, WoWX hooks Lua_Register. You need to patch a invalid function check to be able to register your own functions, but once you do you can call it in game and pass whatever you want through it to your C++ function.

[tanis2000]

Ok forget my last question .. I found the address of both lua_getstate and lua_register that were the missing functions to close the loop.. now I have to find a way to get C# to pass a function pointer to a function .. and I have no clue if using a delegate and passing that could work :-P

[SKU]

Read the thread again, it's there. (http://www.mmowned.com/forums/wow-me...ml#post1427177)

Edit: Gnah stoopid internetz ~~ Ignore. :P

[Cypher]

Ok forget my last question .. I found the address of both lua_getstate and lua_register that were the missing functions to close the loop.. now I have to find a way to get C# to pass a function pointer to a function .. and I have no clue if using a delegate and passing that could work :-P

I've read that thread and some more and it's pretty obvious how to implement lua_tostring and lua_gettop but I can't find the function that is used to register our own function in LUA. Any hint at what's its name supposed to be?

See below. >_>

Read the thread again, it's there. (http://www.mmowned.com/forums/wow-me...ml#post1427177)

Edit: Gnah stoopid internetz ~~ Ignore. :P

Teach a man to fish.

<3

[tanis2000]

See below. >_>



Teach a man to fish.

<3

... and he will come up with a basket full of boots and wonder what he's doing wrong

which is just my case as the nice lua_getstate call is returning 0.

Code:

        public uint Lua_GetState()
        {
            ProcessManager.SuspendMainWowThread();
            uint result = 0;
            uint codecave = wow.AllocateMemory();

            wow.Asm.Clear();
            AsmUpdateCurMgr();

            wow.Asm.AddLine("call {0}", Globals.Functions.Lua_GetState); // 0x00499700

            AsmSendResumeMessage();
            wow.Asm.AddLine("retn");

            try
            {
                result = wow.Asm.InjectAndExecute(codecave);
                Thread.Sleep(10);
            }
            catch (Exception e)
            {
                ProcessManager.ResumeMainWowThread();
                throw e;
            }
            finally
            {
                wow.FreeMemory(codecave);
            }

            return result;
        }

It takes quite a long time to execute and then it returns 0 but no exceptions.

[SKU]

Overkill much

Lua_GetState (according to your supplied address):

Code:

00499700                 /$  A1 F4350701                MOV EAX,DWORD PTR DS:[10735F4]
00499705                 \.  C3                         RETN

[tanis2000]

Ok let's say that I read directly from [0x010735F4] for now just to make things quicker.

The next question is.. if I call lua_register and pass an address of a function that resides in my application (and thus out of the client process), is it bound to fail miserably?

Would it be a good choice to put that function into an injected DLL and let the client call that one instead so that it's in its process?

I guess that having it call a function in my address space would just give an access violation.

[Cypher]

WoW checks function pointers to make sure they're inside .text of WoW.exe. Do a search in IDA for "invalid function pointer" and you'll find what you need to do to get around that (be it patch the function, put callgates in WoW.exe, etc).

EDIT:

Why would it give an access violation? That makes no sense. Code is code, as long as the page flags are set correctly the CPU doesn't give a shit where it is.

[amadmonk]

if I call lua_register and pass an address of a function that resides in my application (and thus out of the client process)

C'mon Cypher, you're usually better on the reading comprehension than that... :P

Tanis: yes, attempting to register a lua function whose code resides in a different process is going to fail badly, unless you wanna implement some kind of RPC scheme for LUA

[Cypher]

C'mon Cypher, you're usually better on the reading comprehension than that... :P

Tanis: yes, attempting to register a lua function whose code resides in a different process is going to fail badly, unless you wanna implement some kind of RPC scheme for LUA

It was 3:30 AM when I posted and it's 6:30 AM now, I'm tired.

But yeah, sorry. Missed that one. I thought he meant inside an injected DLL, not a totally different process. I blame the fact that the question is so retarded it shouldn't need asking in the first place.

ITS EVERYONES FAULT BUT MINE DAMMIT!



P.S. Kynox's sister likes it in the pooper.

[amadmonk]

I can't speak regarding Kynox's sister, or her pooper.

I'm still sort of intrigued with the idea of implementing some kind of RPC system for LUA. I only like the ridiculously complicated tasks, that way nobody blames me when I fail...

[Cypher]

I can't speak regarding Kynox's sister, or her pooper.

I'm still sort of intrigued with the idea of implementing some kind of RPC system for LUA. I only like the ridiculously complicated tasks, that way nobody blames me when I fail...

Rofl. I like your style.

[tanis2000]

C# is killing me.

I've packed all my nice LUA related routines into a DLL that I'm injecting into the client through EasyHook (which is a nice system that also features an implementation of IPC through NET remoting).

The injection works well, communicating with my main process works fine too, but using BlackMagic from inside the DLL is giving me troubles. When opening the process to read/write into its memory, it keeps throwing an exception saying that I don't have the necessary security privileges to do that.

Now.. my app launches the client, the DLL is then injected and then I supposed that the DLL would be able to open the memory space of the client being in the same process but apparently I'm wrong. Anything obvious that I'm doing wrong?

[Apoc]

Like I said in another thread (or was it this one?)

ASM is overrated. (I don't use ASM in my library anymore. ) Hell, I don't even look at what the functions internals are anymore.

[Cypher]

Like I said in another thread (or was it this one?)

ASM is overrated. (I don't use ASM in my library anymore. ) Hell, I don't even look at what the functions internals are anymore.

In terms of CALLING functions, yes it's overrated. You don't really "need" it in any of the most popular languages around here (C#, C++, C, etc).

In terms of actually hacking games though, you really need to know ASM in order to get anywhere in finding and reversing functions/addresses/classes/etc.