DoString Trouble

**Apoc** · 06-13-2009

Originally Posted by Cypher

In terms of CALLING functions, yes it's overrated. You don't really "need" it in any of the most popular languages around here (C#, C++, C, etc).

In terms of actually hacking games though, you really need to know ASM in order to get anywhere in finding and reversing functions/addresses/classes/etc.

Oh, duh. Knowing ASM to reverse the stuff is completely different than calling the stuff.

**xzidez** · 06-14-2009

Hi Im currently trying to make a way of retrieving values from LUA functions. So faar it seems good.

It works fine on mailbox functions.
GetMapInfo() also works like a charm.. Etc etc.

But I cant figure out why I cant get any returnvalues at all on UnitAura();

Code:

typedef char* (__thiscall * lGetText)(void* pLocalPlayer, char* sText, DWORD_PTR unk1);
lGetText Lua_GetText = reinterpret_cast<lGetText>(0x005A82F0);

typedef void (__cdecl * lDoString)(const char* sCmd1,const char* sCmd2, void* pState);
lDoString Lua_DoString = reinterpret_cast<lDoString>(0x0049AAB0);

Code:

    Lua_DoString("n,_,_,_,_,_,_,_,_=UnitAura(\"player\",1);","n,_,_,_,_,_,_,_,_=UnitAura(\"player\",1);",NULL);
    char* tmpa = Lua_GetText(reinterpret_cast<void*>(_dwLP), "n" , -1);
    MessageBox(NULL, tmpa, tmpa, MB_OK);

char* = "".....
Am I the only one having trouble with only UnitAura? And since it works fine on other functions I doubt Im doing the wrong approach? or?

**tanis2000** · 06-14-2009

@xzidez: you've probably stepped into my same problem. Actually UnitAura works for me just as any other one-line functions when using GetLocalizedText to retrieve the value of a global variable. But if you try to run anything a bit more complex than that you'll end up with GetLocalizedText returning empty strings only.

@Apoc & Cypher: I started this project in C# as a prototype to see something running quickly and of course it evolved until a point where it would be a pain in the ass to recode everything in C++, even though I'm aware that would solve a lot of my problems. BlackMagic and its Asm stuff does the job excellently until you hit a point where you see exceptions happening where they shouldn't and debugging C# code in a DLL that has been injected is just asking for more troubles. Now you just made me wonder if there's something equivalent to C++ reinterpret_cast in C# :-P

**Cypher** · 06-14-2009

@tanis2000:

Use a custom LUA callback. You can do it from C# and it will solve your LUA related woes.

EDIT:

Shit, you're using CreateRemoteThread? Nevermind then, you'd need to host the CLR and "inject" a C# app (running in the context of WoW) for that to work. Information on how to do that has been posted here though by some of the C# guys, take a look.

The most relevant link I can think of though is this:
http://www.codingthewheel.com/archiv...d-assembly-dll

**Shynd** · 06-14-2009

Originally Posted by tanis2000

C# is killing me.

I've packed all my nice LUA related routines into a DLL that I'm injecting into the client through EasyHook (which is a nice system that also features an implementation of IPC through NET remoting).

The injection works well, communicating with my main process works fine too, but using BlackMagic from inside the DLL is giving me troubles. When opening the process to read/write into its memory, it keeps throwing an exception saying that I don't have the necessary security privileges to do that.

Now.. my app launches the client, the DLL is then injected and then I supposed that the DLL would be able to open the memory space of the client being in the same process but apparently I'm wrong. Anything obvious that I'm doing wrong?

If you're injecting a DLL and still using BlackMagic inside that DLL to assemble ASM and then .InjectAndExecute in the current process, you're not gaining anything at all. I think you should look more into marshaling delegates as unmanaged function pointers, then calling them directly.

Let me reiterate: if you're dead-set on C# injection, forget about BlackMagic in-process and do a lot, lot, lot of reading on unmanaged function pointers.

**tanis2000** · 06-14-2009

@cypher: yeah I guess EasyHook pretty much does a CreateRemoteThread to inject its stuff but it actually puts the DLL into the GAC first and then hosts the CLR and retrieves the DLL from the GAC as far as I could tell. Pretty much like the guy you posted the link about does.

@shynd: that's exactly whan I'm doing now. I knew delegates were involved as they are what's closest to a c++ function pointer. It's the whole marshaling them as unmanaged function pointers that I still haven't understand how to do. Reading on that..

And no, I'm not dead set on C# injection. Every minute I'm more and more into injecting some C++ code and forget about C#. But then I'd have to write some IPC stuff to let the C# app and the injected code talk and that's going to take quite some time. So if I can get the C# DLL working quickly I'd stick to that for now

**Shynd** · 06-14-2009

The alternative, if all you want to fix is the threading issues, is having your code executed in an EndScene detour, which is technically possible with just injecting code using BlackMagic.Asm. I did it once before for another game as kind of a proof-of-concept and it worked SORTA well (though it's really, really ugly and, since switching to unmanaged function pointer delegates, I'd never use this shit again).

Private Paste :: Paste dd1tb1XZHC (Program.cs)
Private Paste :: Paste a4v10JSdwL (CreateDetour.cs)

Maybe someone wants to go this direction, I don't know, maybe it'll help someone.

**tanis2000** · 06-14-2009

Here's what I've done following your tips about unmanaged function pointers and delegates Shynd:

Code:

        public delegate void DumpParamsDelegate(uint luaState);
        [UnmanagedFunctionPointer(CallingConvention.Cdecl)]
        public delegate void Lua_RegisterDelegate(string name, IntPtr function);
        Lua_RegisterDelegate Lua_Register;

Code:

                Lua_Register = (Lua_RegisterDelegate)Marshal.GetDelegateForFunctionPointer((IntPtr)Functions.Lua_Register, typeof(Lua_RegisterDelegate));
                DumpParamsDelegate x = new DumpParamsDelegate(DumpParams);
                Lua_Register("DumpParams", Marshal.GetFunctionPointerForDelegate(x));
                Interface.Communicate(RemoteHooking.GetCurrentProcessId(), "Registered DumpParams()");

Code:

public static void DumpParams(uint luaState)
        {
            Main This = (Main)HookRuntimeInfo.Callback;

            lock (This.Queue)
            {
                This.Queue.Push("[" + RemoteHooking.GetCurrentProcessId() + ":" +
                    RemoteHooking.GetCurrentThreadId() + "]: \"" + "Hello there, I'm DumpParams!" + "\"");
            }
        }

All the DumpParams function does for now is send through IPC a message to say it's there. Nothing more for now.

The code to grab the LUA_Register pointer and passing it my DumpParams function pointer seems to be ok.

I then tried a DoString of DumpParams();

And I get this crash:

Code:

==============================================================================
World of WarCraft (build 9947)

Exe:      C:\Games\World of Warcraft\Wow.exe
Time:     Jun 14, 2009  6:02:44.843 PM
------------------------------------------------------------------------------

This application has encountered a critical error:

ERROR #134 (0x85100086) Fatal Condition
Program:	C:\Games\World of Warcraft\Wow.exe

Invalid function pointer: 1BC727C2


WoWBuild: 9947
Total lua memory: 9665KB
Add Ons: 
Settings: 
SET locale "enGB"
SET portal "eu"
SET realmList "eu.logon.worldofwarcraft.com"
SET patchlist "eu.version.worldofwarcraft.com"
SET coresDetected "2"
SET hwDetect "0"
SET gxWindow "1"
SET gxResolution "1920x1200"
SET gxRefresh "60"
SET gxMultisampleQuality "0.000000"
SET gxFixLag "0"
SET videoOptionsVersion "2"
SET textureFilteringMode "3"
SET movie "0"
SET mouseSpeed "1"
SET Gamma "1.000000"
SET readTOS "1"
SET readEULA "1"
SET readTerminationWithoutNotice "1"
SET showToolsUI "1"
SET Sound_VoiceChatInputDriverName "System Default"
SET Sound_VoiceChatOutputDriverName "System Default"
SET Sound_OutputDriverName "System Default"
SET ChatMusicVolume "0.29999998211861"
SET ChatSoundVolume "0.39999997615814"
SET ChatAmbienceVolume "0.29999998211861"
SET Sound_MasterVolume "0.10000000149012"
SET Sound_MusicVolume "0.40000000596046"
SET Sound_AmbienceVolume "0.60000002384186"
SET shadowLevel "0"
SET farclip "727"
SET specular "1"
SET spellEffectLevel "8"
SET groundEffectDensity "48"
SET groundEffectDist "120"
SET environmentDetail "1"
SET extShadowQuality "3"
SET realmName "Terokkar"
SET gameTip "99"
SET VoiceActivationSensitivity "0.39999997615814"
SET readScanning "-1"
SET readContest "-1"
SET installType "Retail"
SET Sound_EnableSoundWhenGameIsInBG "1"
SET accounttype "RT"
SET projectedTextures "1"
SET checkAddonVersion "0"
------------------------------------------------------------------------------

----------------------------------------
    Stack Trace (Manual)
----------------------------------------

Address  Frame    Logical addr  Module

Showing 34/34 threads...

--- Thread ID: 3932 ---
009235BD 0019F264 0001:005225BD C:\Games\World of Warcraft\Wow.exe
0091BABD 0019F27C 0001:0051AABD C:\Games\World of Warcraft\Wow.exe
006F56FB 0019FE58 0001:002F46FB C:\Games\World of Warcraft\Wow.exe
008356B9 0019FE88 0001:004346B9 C:\Games\World of Warcraft\Wow.exe
00833DFB 0019FF0C 0001:00432DFB C:\Games\World of Warcraft\Wow.exe
00833F11 0019FF24 0001:00432F11 C:\Games\World of Warcraft\Wow.exe
00406C7D 0019FFC0 0001:00005C7D C:\Games\World of Warcraft\Wow.exe
7C817077 0019FFF0 0001:00016077 C:\WINDOWS\system32\kernel32.dll

--- Thread ID: 3428 ---
77F68631 028CFFB4 0001:00027631 C:\WINDOWS\system32\ADVAPI32.dll
7C80B729 028CFFEC 0001:0000A729 C:\WINDOWS\system32\kernel32.dll

--- Thread ID: 3216 ---
7C802455 0293FF4C 0001:00001455 C:\WINDOWS\system32\kernel32.dll
004245E4 0293FF74 0001:000235E4 C:\Games\World of Warcraft\Wow.exe
008D967F 0293FFAC 0001:004D867F C:\Games\World of Warcraft\Wow.exe
008D9724 0293FFEC 0001:004D8724 C:\Games\World of Warcraft\Wow.exe

--- Thread ID: 3220 ---
004480B9 03E2F174 0001:000470B9 C:\Games\World of Warcraft\Wow.exe
0041E805 03E2F1A0 0001:0001D805 C:\Games\World of Warcraft\Wow.exe
0041E263 03E2F244 0001:0001D263 C:\Games\World of Warcraft\Wow.exe
004470D2 03E2F268 0001:000460D2 C:\Games\World of Warcraft\Wow.exe
0041D31F 03E2F28C 0001:0001C31F C:\Games\World of Warcraft\Wow.exe
00425C96 03E2F2B4 0001:00024C96 C:\Games\World of Warcraft\Wow.exe
00429C88 03E2F2E4 0001:00028C88 C:\Games\World of Warcraft\Wow.exe
00454514 03E4F470 0001:00053514 C:\Games\World of Warcraft\Wow.exe
0044B2D3 03E4F4B4 0001:0004A2D3 C:\Games\World of Warcraft\Wow.exe
00421F80 03E4F4EC 0001:00020F80 C:\Games\World of Warcraft\Wow.exe
0041D471 03E4F508 0001:0001C471 C:\Games\World of Warcraft\Wow.exe
0044EBC1 03E4FA38 0001:0004DBC1 C:\Games\World of Warcraft\Wow.exe
00455F6C 03E4FB64 0001:00054F6C C:\Games\World of Warcraft\Wow.exe
007DA9D9 03E4FF98 0001:003D99D9 C:\Games\World of Warcraft\Wow.exe
0053BBE7 03E4FFB4 0001:0013ABE7 C:\Games\World of Warcraft\Wow.exe
7C80B729 03E4FFEC 0001:0000A729 C:\WINDOWS\system32\kernel32.dll

--- Thread ID: 316 ---
7C802542 0491FF70 0001:00001542 C:\WINDOWS\system32\kernel32.dll
00540210 0491FF80 0001:0013F210 C:\Games\World of Warcraft\Wow.exe
00477D72 0491FF98 0001:00076D72 C:\Games\World of Warcraft\Wow.exe
0053BBE7 0491FFB4 0001:0013ABE7 C:\Games\World of Warcraft\Wow.exe
7C80B729 0491FFEC 0001:0000A729 C:\WINDOWS\system32\kernel32.dll

--- Thread ID: 2292 ---
7C80A115 079CFF88 0001:00009115 C:\WINDOWS\system32\kernel32.dll
72C9312A 079CFFB4 0001:0000212A C:\WINDOWS\system32\wdmaud.drv
7C80B729 079CFFEC 0001:0000A729 C:\WINDOWS\system32\kernel32.dll

--- Thread ID: 3288 ---
7C80A115 07B3FE40 0001:00009115 C:\WINDOWS\system32\kernel32.dll
73E814A2 07B3FE58 0001:000004A2 C:\WINDOWS\system32\dsound.dll
73E82862 07B3FF78 0001:00001862 C:\WINDOWS\system32\dsound.dll
73E898DF 07B3FF98 0001:000088DF C:\WINDOWS\system32\dsound.dll
73E82896 07B3FFB4 0001:00001896 C:\WINDOWS\system32\dsound.dll
7C80B729 07B3FFEC 0001:0000A729 C:\WINDOWS\system32\kernel32.dll

--- Thread ID: 908 ---
7C80A115 07CAFE48 0001:00009115 C:\WINDOWS\system32\kernel32.dll
73E814A2 07CAFE60 0001:000004A2 C:\WINDOWS\system32\dsound.dll
73E82862 07CAFF80 0001:00001862 C:\WINDOWS\system32\dsound.dll
73E8292B 07CAFFB4 0001:0000192B C:\WINDOWS\system32\dsound.dll
7C80B729 07CAFFEC 0001:0000A729 C:\WINDOWS\system32\kernel32.dll

--- Thread ID: 1252 ---
7C802455 07F1FF94 0001:00001455 C:\WINDOWS\system32\kernel32.dll
008552DD 07F1FFA0 0001:004542DD C:\Games\World of Warcraft\Wow.exe
00855B0C 07F1FFB4 0001:00454B0C C:\Games\World of Warcraft\Wow.exe
7C80B729 07F1FFEC 0001:0000A729 C:\WINDOWS\system32\kernel32.dll

--- Thread ID: 1900 ---
7C802455 0808FF94 0001:00001455 C:\WINDOWS\system32\kernel32.dll
008552DD 0808FFA0 0001:004542DD C:\Games\World of Warcraft\Wow.exe
00855B0C 0808FFB4 0001:00454B0C C:\Games\World of Warcraft\Wow.exe
7C80B729 0808FFEC 0001:0000A729 C:\WINDOWS\system32\kernel32.dll

--- Thread ID: 3884 ---
7C802455 081FFF94 0001:00001455 C:\WINDOWS\system32\kernel32.dll
008552DD 081FFFA0 0001:004542DD C:\Games\World of Warcraft\Wow.exe
00855B0C 081FFFB4 0001:00454B0C C:\Games\World of Warcraft\Wow.exe
7C80B729 081FFFEC 0001:0000A729 C:\WINDOWS\system32\kernel32.dll

--- Thread ID: 764 ---
7C802455 0836FF94 0001:00001455 C:\WINDOWS\system32\kernel32.dll
008552DD 0836FFA0 0001:004542DD C:\Games\World of Warcraft\Wow.exe
00855B0C 0836FFB4 0001:00454B0C C:\Games\World of Warcraft\Wow.exe
7C80B729 0836FFEC 0001:0000A729 C:\WINDOWS\system32\kernel32.dll

--- Thread ID: 2112 ---
7C802542 084DFF74 0001:00001542 C:\WINDOWS\system32\kernel32.dll
00540210 084DFF84 0001:0013F210 C:\Games\World of Warcraft\Wow.exe
007ADA89 084DFFB4 0001:003ACA89 C:\Games\World of Warcraft\Wow.exe
7C80B729 084DFFEC 0001:0000A729 C:\WINDOWS\system32\kernel32.dll

--- Thread ID: 252 ---
7C802542 0864FF64 0001:00001542 C:\WINDOWS\system32\kernel32.dll
00540210 0864FF74 0001:0013F210 C:\Games\World of Warcraft\Wow.exe
00462125 0864FF8C 0001:00061125 C:\Games\World of Warcraft\Wow.exe
00462291 0864FF98 0001:00061291 C:\Games\World of Warcraft\Wow.exe
0053BBE7 0864FFB4 0001:0013ABE7 C:\Games\World of Warcraft\Wow.exe
7C80B729 0864FFEC 0001:0000A729 C:\WINDOWS\system32\kernel32.dll

--- Thread ID: 3800 ---
7C80A115 087BFD34 0001:00009115 C:\WINDOWS\system32\kernel32.dll
0046293B 087BFF8C 0001:0006193B C:\Games\World of Warcraft\Wow.exe
004620CE 087BFF98 0001:000610CE C:\Games\World of Warcraft\Wow.exe
0053BBE7 087BFFB4 0001:0013ABE7 C:\Games\World of Warcraft\Wow.exe
7C80B729 087BFFEC 0001:0000A729 C:\WINDOWS\system32\kernel32.dll

--- Thread ID: 3068 ---
7E3995F9 0892FF14 0001:000085F9 C:\WINDOWS\system32\USER32.dll
7E3996A8 0892FF30 0001:000086A8 C:\WINDOWS\system32\USER32.dll
004415D9 0892FF60 0001:000405D9 C:\Games\World of Warcraft\Wow.exe
004425DA 0892FF74 0001:000415DA C:\Games\World of Warcraft\Wow.exe
008D967F 0892FFAC 0001:004D867F C:\Games\World of Warcraft\Wow.exe
008D9724 0892FFEC 0001:004D8724 C:\Games\World of Warcraft\Wow.exe

--- Thread ID: 3896 ---
719D5FA7 08D9FC04 0001:00004FA7 C:\WINDOWS\system32\mswsock.dll
71A3314F 08D9FC54 0001:0000214F C:\WINDOWS\system32\WS2_32.dll
3F9DE99F 08D9FFAC 0001:0000D99F C:\WINDOWS\system32\WININET.dll
3F9FDEDB 08D9FFB4 0001:0002CEDB C:\WINDOWS\system32\WININET.dll
7C80B729 08D9FFEC 0001:0000A729 C:\WINDOWS\system32\kernel32.dll

--- Thread ID: 3936 ---
7C80B729 0BDAFFEC 0001:0000A729 C:\WINDOWS\system32\kernel32.dll

--- Thread ID: 728 ---
7C80B729 0BF1FFEC 0001:0000A729 C:\WINDOWS\system32\kernel32.dll

--- Thread ID: 1428 ---
7C802542 0C08FF74 0001:00001542 C:\WINDOWS\system32\kernel32.dll
00895FF5 0C08FF90 0001:00494FF5 C:\Games\World of Warcraft\Wow.exe
0085547A 0C08FFA0 0001:0045447A C:\Games\World of Warcraft\Wow.exe
00855AD0 0C08FFB4 0001:00454AD0 C:\Games\World of Warcraft\Wow.exe
7C80B729 0C08FFEC 0001:0000A729 C:\WINDOWS\system32\kernel32.dll

--- Thread ID: 1904 ---
7E3995F9 0C1FFF14 0001:000085F9 C:\WINDOWS\system32\USER32.dll
7E3996A8 0C1FFF30 0001:000086A8 C:\WINDOWS\system32\USER32.dll
004415D9 0C1FFF60 0001:000405D9 C:\Games\World of Warcraft\Wow.exe
004425DA 0C1FFF74 0001:000415DA C:\Games\World of Warcraft\Wow.exe
008D967F 0C1FFFAC 0001:004D867F C:\Games\World of Warcraft\Wow.exe
008D9724 0C1FFFEC 0001:004D8724 C:\Games\World of Warcraft\Wow.exe

--- Thread ID: 1448 ---
7C802542 0C36FF74 0001:00001542 C:\WINDOWS\system32\kernel32.dll
00895FF5 0C36FF90 0001:00494FF5 C:\Games\World of Warcraft\Wow.exe
0085547A 0C36FFA0 0001:0045447A C:\Games\World of Warcraft\Wow.exe
00855AD0 0C36FFB4 0001:00454AD0 C:\Games\World of Warcraft\Wow.exe
7C80B729 0C36FFEC 0001:0000A729 C:\WINDOWS\system32\kernel32.dll

--- Thread ID: 2664 ---
7C80B729 0C4DFFEC 0001:0000A729 C:\WINDOWS\system32\kernel32.dll

--- Thread ID: 2688 ---
7E3995F9 0E54FF14 0001:000085F9 C:\WINDOWS\system32\USER32.dll
7E3996A8 0E54FF30 0001:000086A8 C:\WINDOWS\system32\USER32.dll
004415D9 0E54FF60 0001:000405D9 C:\Games\World of Warcraft\Wow.exe
004425DA 0E54FF74 0001:000415DA C:\Games\World of Warcraft\Wow.exe
008D967F 0E54FFAC 0001:004D867F C:\Games\World of Warcraft\Wow.exe
008D9724 0E54FFEC 0001:004D8724 C:\Games\World of Warcraft\Wow.exe

--- Thread ID: 3664 ---
7C802542 0ED6FF78 0001:00001542 C:\WINDOWS\system32\kernel32.dll
00540210 0ED6FF88 0001:0013F210 C:\Games\World of Warcraft\Wow.exe
008F15C6 0ED6FF98 0001:004F05C6 C:\Games\World of Warcraft\Wow.exe
0053BBE7 0ED6FFB4 0001:0013ABE7 C:\Games\World of Warcraft\Wow.exe
7C80B729 0ED6FFEC 0001:0000A729 C:\WINDOWS\system32\kernel32.dll

--- Thread ID: 3600 ---
7E3995F9 0EEDFF14 0001:000085F9 C:\WINDOWS\system32\USER32.dll
7E3996A8 0EEDFF30 0001:000086A8 C:\WINDOWS\system32\USER32.dll
004415D9 0EEDFF60 0001:000405D9 C:\Games\World of Warcraft\Wow.exe
004425DA 0EEDFF74 0001:000415DA C:\Games\World of Warcraft\Wow.exe
008D967F 0EEDFFAC 0001:004D867F C:\Games\World of Warcraft\Wow.exe
008D9724 0EEDFFEC 0001:004D8724 C:\Games\World of Warcraft\Wow.exe

--- Thread ID: 2028 ---
**** Unable to retrieve thread context, error: 6

--- Thread ID: 1416 ---
7C80A115 1BEAFEF4 0001:00009115 C:\WINDOWS\system32\kernel32.dll
79F025C1 1BEAFF54 0001:000915C1 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
79F0251E 1BEAFF84 0001:0009151E c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
79F02445 1BEAFFB4 0001:00091445 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
7C80B729 1BEAFFEC 0001:0000A729 C:\WINDOWS\system32\kernel32.dll

--- Thread ID: 3516 ---
7C80A115 1E0BFD8C 0001:00009115 C:\WINDOWS\system32\kernel32.dll
79F92C5B 1E0BFDAC 0001:00121C5B c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
79F970B8 1E0BFDC0 0001:001260B8 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
79E984CF 1E0BFDD4 0001:000274CF c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
79E9846B 1E0BFE68 0001:0002746B c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
79E98391 1E0BFEA4 0001:00027391 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
79EEF74C 1E0BFECC 0001:0007E74C c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
79EEF75D 1E0BFEDC 0001:0007E75D c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
79F3C6BC 1E0BFF14 0001:000CB6BC c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
79F920A5 1E0BFFB4 0001:001210A5 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
7C80B729 1E0BFFEC 0001:0000A729 C:\WINDOWS\system32\kernel32.dll

--- Thread ID: 3648 ---
79E8C639 1E22FD64 0001:0001B639 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
79E8C56F 1E22FDB4 0001:0001B56F c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
79E8C58E 1E22FDC8 0001:0001B58E c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
79EE3FB5 1E22FE94 0001:00072FB5 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
79F920A5 1E22FFB4 0001:001210A5 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
7C80B729 1E22FFEC 0001:0000A729 C:\WINDOWS\system32\kernel32.dll

--- Thread ID: 2620 ---
7A13C20D 1E47FFB4 0001:002CB20D c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
7C80B729 1E47FFEC 0001:0000A729 C:\WINDOWS\system32\kernel32.dll

--- Thread ID: 2948 ---
79F3E57C 1E5EFE14 0001:000CD57C c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
79F920A5 1E5EFFB4 0001:001210A5 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
7C80B729 1E5EFFEC 0001:0000A729 C:\WINDOWS\system32\kernel32.dll

--- Thread ID: 2108 ---
79E8D090 1E75FE98 0001:0001C090 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
79E8D0AA 1E75FED4 0001:0001C0AA c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
79E7C815 1E75FEE4 0001:0000B815 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
79FCBB4B 1E75FFB4 0001:0015AB4B c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
7C80B729 1E75FFEC 0001:0000A729 C:\WINDOWS\system32\kernel32.dll

--- Thread ID: 1596 [Current Thread] ---
0053E085 08A4FD9C 0001:0013D085 C:\Games\World of Warcraft\Wow.exe
0046EDCE 08A4FDF8 0001:0006DDCE C:\Games\World of Warcraft\Wow.exe
00922979 08A4FE10 0001:00521979 C:\Games\World of Warcraft\Wow.exe
00925F2A 08A4FE9C 0001:00524F2A C:\Games\World of Warcraft\Wow.exe
00922C47 08A4FEB8 0001:00521C47 C:\Games\World of Warcraft\Wow.exe
0091B926 08A4FECC 0001:0051A926 C:\Games\World of Warcraft\Wow.exe
00921F93 08A4FF28 0001:00520F93 C:\Games\World of Warcraft\Wow.exe
00922E09 08A4FF50 0001:00521E09 C:\Games\World of Warcraft\Wow.exe
0091B97F 08A4FF7C 0001:0051A97F C:\Games\World of Warcraft\Wow.exe
0049AB72 08A4FFA4 0001:00099B72 C:\Games\World of Warcraft\Wow.exe
08930023 08A4FFEC 0000:00000000 <unknown>

----------------------------------------
    Stack Trace (Using DBGHELP.DLL)
----------------------------------------

Showing 34/34 threads...

--- Thread ID: 3932 ---
009235BD Wow.exe      <unknown symbol>+0 (0x0A07C128,0x0292F220,0x0A07C128,0x10AE8D58)
0091BABD Wow.exe      <unknown symbol>+0 (0x0A07C128,0x00000005,0x00000001,0x0292F2C4)
006F56FB Wow.exe      <unknown symbol>+0 (0x0019FEE8,0x00000000,0x00000000,0x0292F210)
008356B9 Wow.exe      <unknown symbol>+0 (0x0292F210,0x00000006,0x0019FEE8,0x00000A28)
00833DFB Wow.exe      <unknown symbol>+0 (0x00000000,0x00406C02,0x00000001,0x00000001)
00833F11 Wow.exe      <unknown symbol>+0 (0x0040AFD9,0x00400000,0x00000000,0x001C2334)
00406C7D Wow.exe      <unknown symbol>+0 (0x000949C0,0x0379F1AC,0x7FFDF000,0x8054B6ED)
7C817077 kernel32.dll RegisterWaitForInputIdle+73 (0x00401000,0x00000000,0x78746341,0x00000020)

--- Thread ID: 3428 ---
77F68631 ADVAPI32.dll WmiFreeBuffer+590 (0x00000000,0x7C9242AF,0x00000000,0x00000000)
7C80B729 kernel32.dll GetModuleFileNameA+442 (0x77F6848A,0x00000000,0x00000000,0x000000C8)

--- Thread ID: 3216 ---
7C802455 kernel32.dll Sleep+15 (0x00000064,0x4EB42C5D,0x0292CA30,0x0292C9D0)
004245E4 Wow.exe      <unknown symbol>+0 (0x0292C9D0,0xC753EE0B,0x4EB42C5D,0x0292CA30)
008D967F Wow.exe      <unknown symbol>+0 (0x68428C36,0x7C80B729,0x0292CA30,0x4EB42C5D)
008D9724 Wow.exe      <unknown symbol>+0 (0x008D96A5,0x0292CA30,0x00000000,0x00000001)

--- Thread ID: 3220 ---
004480B9 Wow.exe      <unknown symbol>+0 (0x00000000,0x1322F4B0,0x03E2F1B8,0x03E2F240)
0041E805 Wow.exe      <unknown symbol>+0 (0x02922840,0x03E2F1E0,0x0292AD78,0x00000054)
0041E263 Wow.exe      <unknown symbol>+0 (0x02927F28,0x1322F4B0,0x733A56FB,0x00000000)
0044710C Wow.exe      <unknown symbol>+0 (0x1322F4B0,0x733A56FB,0x00000000,0x0000000C)
0041D31F Wow.exe      <unknown symbol>+0 (0x1322F4B0,0x733A56FB,0x00000000,0x0000000C)
0044D4C4 Wow.exe      <unknown symbol>+0 (0x00000000,0x00000000,0x00020000,0x03E2F304)
004543CE Wow.exe      <unknown symbol>+0 (0x00A62650,0x00000000,0x00000000,0x00000A04)
0044B2D3 Wow.exe      <unknown symbol>+0 (0x00A62650,0x00000000,0x00000000,0x00000A04)
00421F80 Wow.exe      <unknown symbol>+0 (0x00A62650,0x00000000,0x00000000,0x00000A04)
0041D471 Wow.exe      <unknown symbol>+0 (0x00A62650,0x00000000,0x00000000,0x00000A04)
0044EBC1 Wow.exe      <unknown symbol>+0 (0x1322F598,0x00A62650,0x00000A04,0x03E4FB74)
00455F6C Wow.exe      <unknown symbol>+0 (0x1335C850,0x00A62650,0x00000000,0x00000000)
007DA9D9 Wow.exe      <unknown symbol>+0 (0x02ACCBD8,0x00000000,0x00000000,0x02ACCBF8)
0053BBE7 Wow.exe      <unknown symbol>+0 (0x00002198,0x00000000,0x00000000,0x02ACCBF8)
7C80B729 kernel32.dll GetModuleFileNameA+442 (0x0053BB90,0x02ACCBF8,0x00000000,0x05370000)

--- Thread ID: 316 ---
7C802542 kernel32.dll WaitForSingleObject+18 (0x000020D8,0xFFFFFFFF,0x0491FF98,0x00477D72)
00540210 Wow.exe      <unknown symbol>+0 (0xFFFFFFFF,0x01072010,0x0000013C,0x00477D10)
00477D72 Wow.exe      <unknown symbol>+0 (0x01072010,0x00000020,0x00000000,0x04607CB8)
0053BBE7 Wow.exe      <unknown symbol>+0 (0x0000219C,0x00000020,0x00000000,0x04607CB8)
7C80B729 kernel32.dll GetModuleFileNameA+442 (0x0053BB90,0x04607CB8,0x00000000,0x06090000)

--- Thread ID: 2292 ---
7C80A115 kernel32.dll WaitForMultipleObjects+24 (0x00000002,0x079CFFA4,0x00000000,0xFFFFFFFF)
72C9312A wdmaud.drv   midMessage+840 (0x00000000,0x00000000,0x00000000,0x00000000)
7C80B729 kernel32.dll GetModuleFileNameA+442 (0x72C930E8,0x00000000,0x00000000,0x00000000)

--- Thread ID: 3288 ---
7C80A115 kernel32.dll WaitForMultipleObjects+24 (0x00000040,0x07B3FE78,0x00000000,0xFFFFFFFF)
73E814A2 dsound.dll   <unknown symbol>+0 (0x00000040,0xFFFFFFFF,0x00000000,0x07B3FE78)
73E82862 dsound.dll   <unknown symbol>+0 (0xFFFFFFFF,0x0000003F,0x029B4D50,0x07B3FF94)
73E898DF dsound.dll   DirectSoundCreate+20900 (0x029B2268,0x029B4234,0x73E8B2E9,0x0019F740)
73E82896 dsound.dll   <unknown symbol>+0 (0x029B4234,0x029B2268,0x0019F740,0x029B4234)
7C80B729 kernel32.dll GetModuleFileNameA+442 (0x73E8B2A1,0x029B4234,0x00000000,0x00000000)

--- Thread ID: 908 ---
7C80A115 kernel32.dll WaitForMultipleObjects+24 (0x00000001,0x07CAFE80,0x00000000,0x000001F4)
73E814A2 dsound.dll   <unknown symbol>+0 (0x00000001,0x000001F4,0x00000000,0x07CAFE80)
73E82862 dsound.dll   <unknown symbol>+0 (0x000001F4,0x00000000,0x00000000,0x00000000)
73E8292B dsound.dll   <unknown symbol>+0 (0x029B1EFC,0x00000000,0x0019F518,0x029B1EFC)
7C80B729 kernel32.dll GetModuleFileNameA+442 (0x73E8B2A1,0x029B1EFC,0x00000000,0x00000008)

--- Thread ID: 1252 ---
7C802455 kernel32.dll Sleep+15 (0x0000000A,0x07F1FFB4,0x00855B0C,0x0000000A)
008552DD Wow.exe      <unknown symbol>+0 (0x0000000A,0x7C921028,0x000004E4,0x07F1FFEC)
00855B0C Wow.exe      <unknown symbol>+0 (0x0677D288,0x0019F52C,0x7C921028,0x0677D288)
7C80B729 kernel32.dll GetModuleFileNameA+442 (0x00855A90,0x0677D288,0x00000000,0x00000000)

--- Thread ID: 1900 ---
7C802455 kernel32.dll Sleep+15 (0x0000000A,0x0808FFB4,0x00855B0C,0x0000000A)
008552DD Wow.exe      <unknown symbol>+0 (0x0000000A,0x00000000,0x0000076C,0x0808FFEC)
00855B0C Wow.exe      <unknown symbol>+0 (0x06891628,0x7C92043E,0x00000000,0x06891628)
7C80B729 kernel32.dll GetModuleFileNameA+442 (0x00855A90,0x06891628,0x00000000,0x00000000)

--- Thread ID: 3884 ---
7C802455 kernel32.dll Sleep+15 (0x0000000A,0x081FFFB4,0x00855B0C,0x0000000A)
008552DD Wow.exe      <unknown symbol>+0 (0x0000000A,0x7C921028,0x00000F2C,0x081FFFEC)
00855B0C Wow.exe      <unknown symbol>+0 (0x068D3CE0,0x0019F52C,0x7C921028,0x068D3CE0)
7C80B729 kernel32.dll GetModuleFileNameA+442 (0x00855A90,0x068D3CE0,0x00000000,0x00000000)

--- Thread ID: 764 ---
7C802455 kernel32.dll Sleep+15 (0x0000000A,0x0836FFB4,0x00855B0C,0x0000000A)
008552DD Wow.exe      <unknown symbol>+0 (0x0000000A,0x00000000,0x000002FC,0x0836FFEC)
00855B0C Wow.exe      <unknown symbol>+0 (0x06888FA8,0x7C92043E,0x00000000,0x06888FA8)
7C80B729 kernel32.dll GetModuleFileNameA+442 (0x00855A90,0x06888FA8,0x00000000,0x00000000)

--- Thread ID: 2112 ---
7C802542 kernel32.dll WaitForSingleObject+18 (0x000020E8,0xFFFFFFFF,0x084DFFB4,0x007ADA89)
00540210 Wow.exe      <unknown symbol>+0 (0xFFFFFFFF,0x00000840,0x007AD8B0,0x00000000)
007ADA89 Wow.exe      <unknown symbol>+0 (0x00002380,0x00000FED,0x104C5098,0x075A9CF8)
7C80B729 kernel32.dll GetModuleFileNameA+442 (0x0053BB90,0x075A9CF8,0x00000000,0x00000000)

--- Thread ID: 252 ---
7C802542 kernel32.dll WaitForSingleObject+18 (0x00002388,0x000003E8,0x0864FF8C,0x00462125)
00540210 Wow.exe      <unknown symbol>+0 (0x000003E8,0x000000FC,0x00462280,0x076626D0)
00462125 Wow.exe      <unknown symbol>+0 (0x00000000,0x0864FFB4,0x0053BBE7,0x076626D0)
00462291 Wow.exe      <unknown symbol>+0 (0x076626D0,0x00000000,0x00000000,0x075A9CF8)
0053BBE7 Wow.exe      <unknown symbol>+0 (0x00002428,0x00000000,0x00000000,0x075A9CF8)
7C80B729 kernel32.dll GetModuleFileNameA+442 (0x0053BB90,0x075A9CF8,0x00000000,0x00000000)

--- Thread ID: 3800 ---
7C80A115 kernel32.dll WaitForMultipleObjects+24 (0x00000002,0x087BFE58,0x00000000,0x000001F4)
0046293B Wow.exe      <unknown symbol>+0 (0x004620C0,0x087BFFB4,0x0053BBE7,0x076626C0)
004620CE Wow.exe      <unknown symbol>+0 (0x076626C0,0x00000000,0x00000000,0x07662FB8)
0053BBE7 Wow.exe      <unknown symbol>+0 (0x0000242C,0x00000000,0x00000000,0x07662FB8)
7C80B729 kernel32.dll GetModuleFileNameA+442 (0x0053BB90,0x07662FB8,0x00000000,0x00000000)

--- Thread ID: 3068 ---
7E3995F9 USER32.dll   GetLastInputInfo+261 (0x00000002,0x0892FF58,0xFFFFFFFF,0x00000000)
7E3996A8 USER32.dll   MsgWaitForMultipleObjects+31 (0x00000002,0x0892FF58,0x00000000,0xFFFFFFFF)
004415D9 Wow.exe      <unknown symbol>+0 (0x0106A1D0,0x00000000,0x09F4A790,0x0892FFAC)
004425DA Wow.exe      <unknown symbol>+0 (0x09E29290,0xCD52EE0B,0x00000000,0x09F4A790)
008D967F Wow.exe      <unknown symbol>+0 (0x00000000,0x7C80B729,0x09F4A790,0x00000000)
008D9724 Wow.exe      <unknown symbol>+0 (0x008D96A5,0x09F4A790,0x00000000,0x002CA164)

--- Thread ID: 3896 ---
719D5FA7 mswsock.dll  <unknown symbol>+0 (0x00000001,0x08D9FE84,0x08D9FC7C,0x08D9FD80)
71A3314F WS2_32.dll   select+167 (0x00000001,0x08D9FE84,0x08D9FC7C,0x08D9FD80)
3F9DE99F WININET.dll  Ordinal346+1700 (0x08D9FFEC,0x7C80B729,0x00261300,0x0019F25C)
3F9FDEDB WININET.dll  InternetSetStatusCallback+483 (0x00261300,0x0019F25C,0x00000040,0x00261300)
7C80B729 kernel32.dll GetModuleFileNameA+442 (0x3F9FDECE,0x00261300,0x00000000,0x00010000)

--- Thread ID: 3936 ---
7C80B729 kernel32.dll GetModuleFileNameA+442 (0x7C937EDB,0x00000000,0x00000000,0x00000000)

--- Thread ID: 728 ---
7C80B729 kernel32.dll GetModuleFileNameA+442 (0x7C920250,0x00000000,0x00000000,0x00000000)

--- Thread ID: 1428 ---
7C802542 kernel32.dll WaitForSingleObject+18 (0x00002504,0xFFFFFFFF,0x00000000,0x02F35E9C)
00895FF5 Wow.exe      <unknown symbol>+0 (0x0687E7C8,0xFFFFFFFF,0x0C08FFB4,0x00855AD0)
0085547A Wow.exe      <unknown symbol>+0 (0x0687E7C8,0x4E554F53,0x00000594,0x0C08FFEC)
00855AD0 Wow.exe      <unknown symbol>+0 (0x02F35E9C,0x00000000,0x4E554F53,0x02F35E9C)
7C80B729 kernel32.dll GetModuleFileNameA+442 (0x00855A90,0x02F35E9C,0x00000000,0x00000000)

--- Thread ID: 1904 ---
7E3995F9 USER32.dll   GetLastInputInfo+261 (0x00000002,0x0C1FFF58,0xFFFFFFFF,0x00000000)
7E3996A8 USER32.dll   MsgWaitForMultipleObjects+31 (0x00000002,0x0C1FFF58,0x00000000,0xFFFFFFFF)
004415D9 Wow.exe      <unknown symbol>+0 (0x0106A218,0x00000000,0x0A275228,0x0C1FFFAC)
004425DA Wow.exe      <unknown symbol>+0 (0x0A438200,0xC9DFEE0B,0x00000000,0x0A275228)
008D967F Wow.exe      <unknown symbol>+0 (0x00000000,0x7C80B729,0x0A275228,0x00000000)
008D9724 Wow.exe      <unknown symbol>+0 (0x008D96A5,0x0A275228,0x00000000,0x00000000)

--- Thread ID: 1448 ---
7C802542 kernel32.dll WaitForSingleObject+18 (0x0000253C,0xFFFFFFFF,0x0A5F7AF0,0x0A613D64)
00895FF5 Wow.exe      <unknown symbol>+0 (0x0A09CFC8,0xFFFFFFFF,0x0C36FFB4,0x00855AD0)
0085547A Wow.exe      <unknown symbol>+0 (0x0A09CFC8,0x00000000,0x000005A8,0x0C36FFEC)
00855AD0 Wow.exe      <unknown symbol>+0 (0x0A613D64,0x0A5F7AF0,0x00000000,0x0A613D64)
7C80B729 kernel32.dll GetModuleFileNameA+442 (0x00855A90,0x0A613D64,0x00000000,0x00000000)

--- Thread ID: 2664 ---
7C80B729 kernel32.dll GetModuleFileNameA+442 (0x719DD2C6,0x0C56ECD0,0x00000000,0x00000008)

--- Thread ID: 2688 ---
7E3995F9 USER32.dll   GetLastInputInfo+261 (0x00000002,0x0E54FF58,0xFFFFFFFF,0x00000000)
7E3996A8 USER32.dll   MsgWaitForMultipleObjects+31 (0x00000002,0x0E54FF58,0x00000000,0xFFFFFFFF)
004415D9 Wow.exe      <unknown symbol>+0 (0x0106A278,0x00000000,0x0A43BDB8,0x0E54FFAC)
004425DA Wow.exe      <unknown symbol>+0 (0x06875160,0xCB94EE0B,0x00000000,0x0A43BDB8)
008D967F Wow.exe      <unknown symbol>+0 (0x00000000,0x7C80B729,0x0A43BDB8,0x00000000)
008D9724 Wow.exe      <unknown symbol>+0 (0x008D96A5,0x0A43BDB8,0x00000000,0x00020000)

--- Thread ID: 3664 ---
7C802542 kernel32.dll WaitForSingleObject+18 (0x000025F8,0x00000064,0x0ED6FF98,0x008F15C6)
00540210 Wow.exe      <unknown symbol>+0 (0x00000064,0x008F15B0,0x0ED6FFB4,0x0053BBE7)
008F15C6 Wow.exe      <unknown symbol>+0 (0x0A8B04A8,0x00000000,0x00000028,0x0A4394D8)
0053BBE7 Wow.exe      <unknown symbol>+0 (0x000025F4,0x00000000,0x00000028,0x0A4394D8)
7C80B729 kernel32.dll GetModuleFileNameA+442 (0x0053BB90,0x0A4394D8,0x00000000,0x00000000)

--- Thread ID: 3600 ---
7E3995F9 USER32.dll   GetLastInputInfo+261 (0x00000002,0x0EEDFF58,0xFFFFFFFF,0x00000000)
7E3996A8 USER32.dll   MsgWaitForMultipleObjects+31 (0x00000002,0x0EEDFF58,0x00000000,0xFFFFFFFF)
004415D9 Wow.exe      <unknown symbol>+0 (0x0106A2D8,0x008DAB1A,0x0A8DB990,0x0EEDFFAC)
004425DA Wow.exe      <unknown symbol>+0 (0x0A08CF20,0xCB2DEE0B,0x008DAB1A,0x0A8DB990)
008D967F Wow.exe      <unknown symbol>+0 (0x0864E10C,0x7C80B729,0x0A8DB990,0x008DAB1A)
008D9724 Wow.exe      <unknown symbol>+0 (0x008D96A5,0x0A8DB990,0x00000000,0x00010000)

--- Thread ID: 2028 ---
**** Unable to gain access to the thread, error: 

--- Thread ID: 1416 ---
7C80A115 kernel32.dll WaitForMultipleObjects+24 (0x00000003,0x1BEAFF1C,0x00000000,0xFFFFFFFF)
79F025C1 mscorwks.dll ClrCreateManagedInstance+58035 (0x1D841BCD,0x00000000,0x79F013DC,0x00000000)
79F0251E mscorwks.dll ClrCreateManagedInstance+57872 (0x1D841BFD,0x79F90DC1,0x79F013DC,0x00000000)
79F02445 mscorwks.dll ClrCreateManagedInstance+57655 (0x00000000,0x79F90DC1,0x79F013DC,0x00000000)
7C80B729 kernel32.dll GetModuleFileNameA+442 (0x79F023FF,0x00000000,0x00000000,0x1BEB1024)

--- Thread ID: 3516 ---
7C80A115 kernel32.dll WaitForMultipleObjects+24 (0x00000002,0x7A3B8D28,0x00000000,0xFFFFFFFF)
79F92C5B mscorwks.dll CreateApplicationContext+51179 (0x0E0AD730,0x1E0BFEB0,0x0023D170,0x1E0BFDD4)
79F970B8 mscorwks.dll CreateApplicationContext+68680 (0x1E0BFEB0,0x00000000,0x00000000,0x1E0BFE68)
79E984CF mscorwks.dll CoUninitializeEE+19979 (0x1E0BFEB0,0x1E0BFE5C,0x79F7762B,0x18651A21)
79E9846B mscorwks.dll CoUninitializeEE+19879 (0x1E0BFEB0,0x18651AED,0x00000000,0x00000001)
79E98391 mscorwks.dll CoUninitializeEE+19661 (0x1E0BFEB0,0x00000000,0x19774600,0x00000000)
79EEF74C mscorwks.dll GetPrivateContextsPerfCounters+61901 (0x79F9706D,0x00000008,0x1E0BFF14,0x79F3C6BC)
79EEF75D mscorwks.dll GetPrivateContextsPerfCounters+61918 (0x79F9706D,0x18651B5D,0x00000000,0x79F3C613)
79F3C6BC mscorwks.dll CorExitProcess+3206 (0x00000000,0x895B9BF0,0x804FB078,0x895B9D5C)
79F920A5 mscorwks.dll CreateApplicationContext+48181 (0x0023D170,0x00730074,0x00610020,0x0023D170)
7C80B729 kernel32.dll GetModuleFileNameA+442 (0x79F9205F,0x0023D170,0x00000000,0x00000000)

--- Thread ID: 3648 ---
79E8C639 mscorwks.dll LogHelp_TerminateOnAssert+97 (0x000026B4,0xFFFFFFFF,0x00000000,0x184C19FD)
79E8C56F mscorwks.dll DllUnregisterServerInternal+66851 (0xFFFFFFFF,0x00000000,0x00000000,0x1E22FE94)
79E8C58E mscorwks.dll DllUnregisterServerInternal+66882 (0xFFFFFFFF,0x00000000,0x00000000,0x1E22FE88)
79EE3FB5 mscorwks.dll GetPrivateContextsPerfCounters+14902 (0x19787748,0x00000000,0x00000000,0x00000000)
79F920A5 mscorwks.dll CreateApplicationContext+48181 (0x19786778,0x00000004,0x79E7F1E8,0x19786778)
7C80B729 kernel32.dll GetModuleFileNameA+442 (0x79F9205F,0x19786778,0x00000000,0x00905A4D)

--- Thread ID: 2620 ---
7A13C20D mscorwks.dll TranslateSecurityAttributes+169170 (0x0D5697F0,0x00000000,0x00000410,0x0D5697F0)
7C80B729 kernel32.dll GetModuleFileNameA+442 (0x7A13C12C,0x0D5697F0,0x00000000,0x00000000)

--- Thread ID: 2948 ---
79F3E57C mscorwks.dll CorExitProcess+11078 (0x00000000,0x00000000,0x00000000,0x00000000)
79F920A5 mscorwks.dll CreateApplicationContext+48181 (0x1979AD20,0x00000000,0x0000001F,0x1979AD20)
7C80B729 kernel32.dll GetModuleFileNameA+442 (0x79F9205F,0x1979AD20,0x00000000,0x00000000)

--- Thread ID: 2108 ---
79E8D090 mscorwks.dll LogHelp_TerminateOnAssert+2744 (0x000001F4,0x00000000,0x181B1A9D,0x00000000)
79E8D0AA mscorwks.dll LogHelp_TerminateOnAssert+2770 (0x000001F4,0x00000000,0x1E75FFB4,0x79FCBB4B)
79E7C815 mscorwks.dll DllUnregisterServerInternal+1993 (0x000001F4,0x7D8500B4,0x00000011,0x0BF4BD80)
79FCBB4B mscorwks.dll StrongNameErrorInfo+161327 (0x00000000,0x7C9201DB,0x00000000,0x00000000)
7C80B729 kernel32.dll GetModuleFileNameA+442 (0x79FCBAB6,0x00000000,0x00000000,0x00905A4D)

--- Thread ID: 1596 [Current Thread] ---
**** Unable to gain access to the thread, error: 


----------------------------------------
    Loaded Modules
----------------------------------------

0x003B0000 - 0x003B9000  C:\WINDOWS\system32\Normaliz.dll
0x00400000 - 0x01758000  C:\Games\World of Warcraft\Wow.exe
0x03C40000 - 0x03CD6000  C:\WINDOWS\system32\nvapi.dll
0x10000000 - 0x10069000  C:\Games\World of Warcraft\DivxDecoder.dll
0x16080000 - 0x160A5000  C:\Programmi\Bonjour\mdnsNSP.dll
0x1B290000 - 0x1B3A5000  C:\Games\World of Warcraft\dbghelp.dll
0x1BC10000 - 0x1BC2B000  C:\lavori\babbot\BabBot\BabBot\bin\Debug\EasyHook32.dll
0x1E230000 - 0x1E240000  C:\WINDOWS\assembly\GAC_MSIL\EasyHook\2.5.0.0__4b580fca19d0b0c5\EasyHook.dll
0x1E760000 - 0x1E768000  C:\WINDOWS\assembly\GAC_MSIL\Dante\1.0.0.0__85381029ecd6945b\Dante.dll
0x3F9D0000 - 0x3FAB6000  C:\WINDOWS\system32\WININET.dll
0x40070000 - 0x40258000  C:\WINDOWS\system32\iertutil.dll
0x45010000 - 0x45141000  C:\WINDOWS\system32\urlmon.dll
0x4FD60000 - 0x4FF06000  C:\WINDOWS\system32\d3d9.dll
0x5BC70000 - 0x5BCC5000  C:\WINDOWS\system32\NETAPI32.dll
0x5C8A0000 - 0x5C8C1000  C:\WINDOWS\system32\GLU32.dll
0x5D4D0000 - 0x5D56A000  C:\WINDOWS\system32\comctl32.dll
0x5F140000 - 0x5F20C000  C:\WINDOWS\system32\OPENGL32.dll
0x66750000 - 0x667A8000  C:\WINDOWS\system32\hnetcfg.dll
0x67770000 - 0x67831000  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2abd876a3c8a6b088fa6d8d39d901e3c\System.Runtime.Remoting.ni.dll
0x68000000 - 0x68036000  C:\WINDOWS\system32\rsaenh.dll
0x6D330000 - 0x6D36A000  C:\WINDOWS\system32\DINPUT8.dll
0x6DEB0000 - 0x6DEB6000  C:\WINDOWS\system32\d3d8thk.dll
0x719D0000 - 0x71A10000  C:\WINDOWS\system32\mswsock.dll
0x71A10000 - 0x71A18000  C:\WINDOWS\System32\wshtcpip.dll
0x71A20000 - 0x71A28000  C:\WINDOWS\system32\WS2HELP.dll
0x71A30000 - 0x71A47000  C:\WINDOWS\system32\WS2_32.dll
0x71B80000 - 0x71B93000  C:\WINDOWS\system32\SAMLIB.dll
0x72C80000 - 0x72C88000  C:\WINDOWS\system32\msacm32.drv
0x72C90000 - 0x72C99000  C:\WINDOWS\system32\wdmaud.drv
0x736D0000 - 0x7371B000  C:\WINDOWS\system32\DDRAW.dll
0x73B30000 - 0x73B36000  C:\WINDOWS\system32\DCIMAN32.dll
0x73E50000 - 0x73E54000  C:\WINDOWS\system32\KsUser.dll
0x73E80000 - 0x73EDC000  C:\WINDOWS\system32\dsound.dll
0x752E0000 - 0x7530E000  C:\WINDOWS\system32\msctfime.ime
0x76340000 - 0x7635D000  C:\WINDOWS\system32\IMM32.dll
0x76980000 - 0x76A35000  C:\WINDOWS\system32\USERENV.dll
0x76B00000 - 0x76B2E000  C:\WINDOWS\system32\WINMM.dll
0x76BB0000 - 0x76BBB000  C:\WINDOWS\system32\PSAPI.DLL
0x76BF0000 - 0x76C1E000  C:\WINDOWS\system32\WINTRUST.dll
0x76C50000 - 0x76C78000  C:\WINDOWS\system32\IMAGEHLP.dll
0x76D20000 - 0x76D39000  C:\WINDOWS\system32\Iphlpapi.dll
0x76E40000 - 0x76E4E000  C:\WINDOWS\system32\rtutils.dll
0x76E50000 - 0x76E62000  C:\WINDOWS\system32\rasman.dll
0x76E70000 - 0x76E9F000  C:\WINDOWS\system32\TAPI32.dll
0x76EA0000 - 0x76EDC000  C:\WINDOWS\system32\RASAPI32.dll
0x76EE0000 - 0x76F07000  C:\WINDOWS\system32\DNSAPI.dll
0x76F20000 - 0x76F4D000  C:\WINDOWS\system32\WLDAP32.dll
0x76F70000 - 0x76F78000  C:\WINDOWS\System32\winrnr.dll
0x76F80000 - 0x76F86000  C:\WINDOWS\system32\rasadhlp.dll
0x770F0000 - 0x7717B000  C:\WINDOWS\system32\OLEAUT32.dll
0x773A0000 - 0x774A3000  C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x774B0000 - 0x775ED000  C:\WINDOWS\system32\ole32.dll
0x77660000 - 0x77681000  C:\WINDOWS\system32\NTMARTA.DLL
0x778F0000 - 0x779E7000  C:\WINDOWS\system32\SETUPAPI.dll
0x77A50000 - 0x77AE6000  C:\WINDOWS\system32\CRYPT32.dll
0x77AF0000 - 0x77B02000  C:\WINDOWS\system32\MSASN1.dll
0x77BA0000 - 0x77BA7000  C:\WINDOWS\system32\midimap.dll
0x77BB0000 - 0x77BC5000  C:\WINDOWS\system32\MSACM32.dll
0x77BD0000 - 0x77BD8000  C:\WINDOWS\system32\VERSION.dll
0x77BE0000 - 0x77C38000  C:\WINDOWS\system32\msvcrt.dll
0x77DA0000 - 0x77E32000  C:\WINDOWS\system32\RPCRT4.dll
0x77E40000 - 0x77E89000  C:\WINDOWS\system32\GDI32.dll
0x77E90000 - 0x77F06000  C:\WINDOWS\system32\SHLWAPI.dll
0x77F10000 - 0x77F21000  C:\WINDOWS\system32\Secur32.dll
0x77F40000 - 0x77FEB000  C:\WINDOWS\system32\ADVAPI32.dll
0x78130000 - 0x781CB000  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
0x79000000 - 0x79046000  C:\WINDOWS\system32\mscoree.dll
0x79060000 - 0x790BB000  c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
0x790C0000 - 0x79BB7000  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\6d667f19d687361886990f3ca0f49816\mscorlib.ni.dll
0x79E70000 - 0x7A400000  c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
0x7A440000 - 0x7ABC5000  C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\80978a322d7dd39f0a71be1251ae395a\System.ni.dll
0x7C800000 - 0x7C901000  C:\WINDOWS\system32\kernel32.dll
0x7C910000 - 0x7C9C8000  C:\WINDOWS\system32\ntdll.dll
0x7C9D0000 - 0x7D1EE000  C:\WINDOWS\system32\SHELL32.dll
0x7E390000 - 0x7E421000  C:\WINDOWS\system32\USER32.dll


----------------------------------------
    Memory Dump
----------------------------------------

Stack: 1024 bytes starting at (ESP = 08A4E7C0)

* = addr  **                                                  *               
08A4E7C0: A0 27 00 00  02 00 00 00  BC 3A 54 00  C0 E7 A4 08  .'.......:T.....
08A4E7D0: D4 E7 A4 08  60 F5 A4 08  83 D9 53 00  01 00 6E 00  ....`.....S...n.
08A4E7E0: D0 C6 53 00  A0 27 00 00  03 00 00 00  00 00 00 00  ..S..'..........
08A4E7F0: 30 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  0...............
08A4E800: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
08A4E810: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
08A4E820: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
08A4E830: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
08A4E840: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
08A4E850: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
08A4E860: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
08A4E870: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
08A4E880: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
08A4E890: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
08A4E8A0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
08A4E8B0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
08A4E8C0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
08A4E8D0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
08A4E8E0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
08A4E8F0: 00 00 00 00  00 00 00 00  00 00 00 00  54 68 69 73  ............This
08A4E900: 20 61 70 70  6C 69 63 61  74 69 6F 6E  20 68 61 73   application has
08A4E910: 20 65 6E 63  6F 75 6E 74  65 72 65 64  20 61 20 63   encountered a c
08A4E920: 72 69 74 69  63 61 6C 20  65 72 72 6F  72 3A 0A 0A  ritical error:..
08A4E930: 45 52 52 4F  52 20 23 31  33 34 20 28  30 78 38 35  ERROR #134 (0x85
08A4E940: 31 30 30 30  38 36 29 20  46 61 74 61  6C 20 43 6F  100086) Fatal Co
08A4E950: 6E 64 69 74  69 6F 6E 0A  50 72 6F 67  72 61 6D 3A  ndition.Program:
08A4E960: 09 43 3A 5C  47 61 6D 65  73 5C 57 6F  72 6C 64 20  .C:\Games\World 
08A4E970: 6F 66 20 57  61 72 63 72  61 66 74 5C  57 6F 77 2E  of Warcraft\Wow.
08A4E980: 65 78 65 0A  0A 49 6E 76  61 6C 69 64  20 66 75 6E  exe..Invalid fun
08A4E990: 63 74 69 6F  6E 20 70 6F  69 6E 74 65  72 3A 20 31  ction pointer: 1
08A4E9A0: 42 43 37 32  37 43 32 0A  0A 00 00 00  00 00 00 00  BC727C2.........
08A4E9B0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
08A4E9C0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
08A4E9D0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
08A4E9E0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
08A4E9F0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
08A4EA00: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
08A4EA10: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
08A4EA20: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
08A4EA30: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
08A4EA40: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
08A4EA50: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
08A4EA60: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
08A4EA70: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
08A4EA80: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
08A4EA90: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
08A4EAA0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
08A4EAB0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
08A4EAC0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
08A4EAD0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
08A4EAE0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
08A4EAF0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
08A4EB00: 00 00 00 00  00 00 00 00  24 EB A4 08  39 52 92 7C  ........$...9R.|
08A4EB10: 4C EB A4 08  E4 00 1A 00  04 00 00 00  D4 00 1A 00  L...............
08A4EB20: 00 00 1A 00  64 EB A4 08  2B 54 92 7C  4C EB A4 08  ....d...+T.|L...
08A4EB30: D4 00 1A 00  00 00 00 00  10 00 00 00  74 54 92 7C  ............tT.|
08A4EB40: 00 00 1A 00  D8 EB A4 08  FC FF FF FF  02 00 00 00  ................
08A4EB50: 52 D6 6C 53  A4 EB A4 08  C1 57 92 7C  88 EC A4 08  R.lS.....W.|....
08A4EB60: 00 00 00 00  94 EB A4 08  4A 53 92 7C  A0 10 1A 00  ........JS.|....
08A4EB70: 08 00 15 C0  00 00 00 00  10 EC A4 08  02 00 00 00  ................
08A4EB80: F4 EB A4 08  08 00 15 C0  00 00 00 00  00 F0 FD 7F  ................
08A4EB90: 00 90 F3 7F  B4 EB A4 08  42 57 92 7C  D8 EB A4 08  ........BW.|....
08A4EBA0: 10 EC A4 08  FC EB A4 08  B0 EB A4 08  A0 10 1A 00  ................
08A4EBB0: 00 00 00 00  00 EC A4 08  ED 55 92 7C  D8 EB A4 08  .........U.|....


------------------------------------------------------------------------------

======================================================================
Hardware/Driver Information:
Processor:              0x0
Page Size:              4096
Min App Address:        0x10000
Max App Address:        0x7ffeffff
Processor Mask:         0x3
Number of Processors:   2
Processor Type:         586
Allocation Granularity: 65536
Processor Level:        6
Processor Revision:     3851
Os Version:             5.1
Os Service Pack:        3.0

Percent memory used:    90
Total physical memory:  2145824768
Free Memory:            208343040
Page file:              4130111488
Total virtual memory:   2147352576

Notice two things:

0x1E760000 - 0x1E768000 C:\WINDOWS\assembly\GAC_MSIL\Dante\1.0.0.0__85381029ecd6945b\Dante.dll

my DLL is there, cool, but..

--- Thread ID: 2028 ---
**** Unable to gain access to the thread, error:

--- Thread ID: 1596 [Current Thread] ---
**** Unable to gain access to the thread, error:

Those two might as well be 2028-EasyHook and 1596 my Dante.DLL thread. Now I haven't found anything in EasyHook docs about forcing the Injection function to set the security of the thread that it starts.. and I guess that might be the problem now. I'm going to try to run both my app and wow.exe with the same user now and see what happens.

**xzidez** · 06-14-2009

Originally Posted by tanis2000

@xzidez: you've probably stepped into my same problem. Actually UnitAura works for me just as any other one-line functions when using GetLocalizedText to retrieve the value of a global variable. But if you try to run anything a bit more complex than that you'll end up with GetLocalizedText returning empty strings only.

Anything complex? I get empty strings even if I only inject and write my 3 lines of code while doing nothing else : P

**Shynd** · 06-14-2009

You're registering a function pointer for a LUA Callback that is outside the scope of Wow.exe's .text segment, which causes a crash. You have to either patch the IsFuncPointerInScope check, or do something else that makes the check think that your callback is inside the .text segment.

**tanis2000** · 06-14-2009

Originally Posted by Shynd

You're registering a function pointer for a LUA Callback that is outside the scope of Wow.exe's .text segment, which causes a crash. You have to either patch the IsFuncPointerInScope check, or do something else that makes the check think that your callback is inside the .text segment.

Heck! I completely forgot about that! I think it was Cypher who originally told me that there was that thing to take care of.. damn! short memory ftl!

It's weird that warden doesn't check if someone tampers that function though

**Cypher** · 06-14-2009

Originally Posted by tanis2000

Heck! I completely forgot about that! I think it was Cypher who originally told me that there was that thing to take care of.. damn! short memory ftl!

It's weird that warden doesn't check if someone tampers that function though

It does. Lol.

You just have to avoid the small part that it monitors. It's very easy to do.

**tanis2000** · 06-14-2009

Originally Posted by Cypher

It does. Lol.

You just have to avoid the small part that it monitors. It's very easy to do.

Which is of course the one I stepped into and tried to modify

So the point is.. don't change the jumps.. change something before that.. i'll use the goodold trick of changing something at the beginning and see what happens

**Cypher** · 06-14-2009

Originally Posted by tanis2000

Which is of course the one I stepped into and tried to modify

So the point is.. don't change the jumps.. change something before that.. i'll use the goodold trick of changing something at the beginning and see what happens

The beginning is probably checked because the easiest way to hook that function is to just drop a "xor eax, eax; retn" at the top.

Modify somewhere in the middle.

**tanis2000** · 06-14-2009

Originally Posted by Cypher

The beginning is probably checked because the easiest way to hook that function is to just drop a "xor eax, eax; retn" at the top.

Modify somewhere in the middle.

Well.. I've dropped into this function:

Code:

    .text:0046ED80 ; =============== S U B R O U T I N E =======================================
    .text:0046ED80
    .text:0046ED80 ; Attributes: bp-based frame
    .text:0046ED80
    .text:0046ED80 sub_46ED80      proc near               ; CODE XREF: sub_54E090+B9p
    .text:0046ED80                                         ; sub_551FA0+1Ap ...
    .text:0046ED80
    .text:0046ED80 Args            = byte ptr -40h
    .text:0046ED80 arg_0           = dword ptr  8
    .text:0046ED80
    .text:0046ED80                 push    ebp
    .text:0046ED81                 mov     ebp, esp
    .text:0046ED83                 mov     eax, dword_1070740
    .text:0046ED88                 mov     ecx, dword_1070744
    .text:0046ED8E                 sub     esp, 40h
    .text:0046ED91                 test    eax, eax
    .text:0046ED93                 jz      short loc_46ED99
    .text:0046ED95                 test    ecx, ecx
    .text:0046ED97                 jnz     short loc_46EDA9
    .text:0046ED99
    .text:0046ED99 loc_46ED99:                             ; CODE XREF: sub_46ED80+13j
    .text:0046ED99                 call    sub_46ECF0
    .text:0046ED9E                 mov     eax, dword_1070740
    .text:0046EDA3                 mov     ecx, dword_1070744
    .text:0046EDA9
    .text:0046EDA9 loc_46EDA9:                             ; CODE XREF: sub_46ED80+17j
    .text:0046EDA9                 mov     edx, [ebp+arg_0]
    .text:0046EDAC                 cmp     edx, eax
    .text:0046EDAE                 jb     short loc_46EDD1
    .text:0046EDB0 ; ---------------------------------------------------------------------------
    .text:0046EDB0                 cmp     edx, ecx
    .text:0046EDB2                 jb      short loc_46EDD1
    .text:0046EDB4                 push    edx
    .text:0046EDB5                 push    offset aInvalidFunctio ; "Invalid function pointer: %p"
    .text:0046EDBA                 lea     eax, [ebp+Args]
    .text:0046EDBD                 push    40h
    .text:0046EDBF                 push    eax             ; Args
    .text:0046EDC0                 call    sub_53ACD0
    .text:0046EDC5                 lea     ecx, [ebp+Args]
    .text:0046EDC8                 push    ecx             ; Format
    .text:0046EDC9                 call    sub_53E070
    .text:0046EDC9 ; ---------------------------------------------------------------------------
    .text:0046EDCE                 db  83h ; â
    .text:0046EDCF                 db 0C4h ; -
    .text:0046EDD0                 db  14h
    .text:0046EDD1 ; ---------------------------------------------------------------------------
    .text:0046EDD1
    .text:0046EDD1 loc_46EDD1:                             ; CODE XREF: sub_46ED80+2Ej
    .text:0046EDD1                                         ; sub_46ED80+32j
    .text:0046EDD1                 mov     esp, ebp
    .text:0046EDD3                 pop     ebp
    .text:0046EDD4                 retn
    .text:0046EDD4 sub_46ED80      endp

You are right.. the beginning of this function is being checked.. just as well as it's being checked the part with the jumps.. I tried patching 0046EDAE with a jmp 0046EDD1 and it made warden kick in as well.

Shout-Out

User Tag List

Thread: DoString Trouble

Thread Tools

Search Thread

UnitAura ?

Similar Threads

Glider Trouble

Glider trouble

trouble finding .blp

Blizz is in some trouble. youll love this :)

Idea to get people you dont like in trouble!!!

OwnedCore Forums

casino

CoreCoins

My OwnedCore

About Us

Casino