C# Lua Wrapper (No ASM, Requires injected CLR)

[Apoc]

This is some code from my private bot Onyx. It currently injects the CLR into the target process, and does everything within the main thread (via an EndScene hook, credits to kynox for that code).

Keep in mind; EVERYTHING IN THIS CLASS MUST BE CALLED FROM WOW'S MAIN THREAD OR IT WILL FAIL! Got that? If something seems to 'not work' properly, then it's your own damned fault for not calling it from the main thread. No, I won't explain how to create an EndScene hook, you can go look it up. And no, I won't explain how to inject the CLR in WoW. You can look that up as well.

On to the nitty gritty!

Some of the stuff in this class are just quick wrappers. I do use WriteProcessMemory instead of Marshal.WriteX due to a bug that won't allow us to actually write to the targeted memory address. It happens randomly, but WPM works 100%.

I do NOT provide the code to patch the InvalidPtrCheck, or any code to get around it entirely. That's up to you. (You didn't seriously think I'd just 'hand' you this code, did you?)

The offsets are up to date. And if you do things properly, it works 100% without a single issue.

The code:

Code:

using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Runtime.InteropServices;
using Onyx.WoW.Native;

namespace Onyx.WoW
{
    internal enum Luas
    {
        Lua_DoString = 0x0049AAB0,
        Lua_Register = 0x004998E0,
        Lua_GetTop = 0x0091A8B0,
        Lua_ToString = 0x0091ADC0,
        Lua_InvalidPtrCheck = 0x0046ED80,
    }

    public static class Lua
    {
        #region Delegates

        public delegate int ConsoleCommandCallback();

        [UnmanagedFunctionPointer(CallingConvention.Cdecl)]
        public delegate uint LuaRegisterCommand(string szName, IntPtr pFunc);

        [UnmanagedFunctionPointer(CallingConvention.Cdecl)]
        public delegate int RegisteredLuaCommandHandler(IntPtr pLuaState);

        #endregion

        private static readonly RegisteredLuaCommandHandler CommandParser = OnyxInputHandler;
        private static readonly LuaDoString DoStringHandler;
        private static readonly LuaGetTop GetTopHandler;
        private static readonly List<string> LuaValues = new List<string>();
        public static readonly LuaRegisterCommand RegisterCommandHandler;
        private static readonly LuaToString ToStringHandler;

        static Lua()
        {
            Process.EnterDebugMode();
            Win32.MemoryOpen();
            RegisterCommandHandler = Utilities.RegisterDelegate<LuaRegisterCommand>((uint) Luas.Lua_Register);
            DoStringHandler = Utilities.RegisterDelegate<LuaDoString>((uint) Luas.Lua_DoString);
            GetTopHandler = Utilities.RegisterDelegate<LuaGetTop>((uint) Luas.Lua_GetTop);
            ToStringHandler = Utilities.RegisterDelegate<LuaToString>((uint) Luas.Lua_ToString);
            RegisterCommand("OnyxInput", CommandParser);
        }

        private static int OnyxInputHandler(IntPtr pLuaState)
        {
            LuaValues.Clear();
            int num = GetTop(pLuaState);
            for (int i = 0; i < num; i++)
            {
                string tmp = ToString(pLuaState, i);
                LuaValues.Add(tmp);
            }
            return 0;
        }

        public static void DoString(string lua)
        {
            DoStringHandler(lua, "Onyx.lua", 0);
        }

        public static string[] GetReturnValues(string lua)
        {
            DoString(string.Format("OnyxInput({0})", lua));
            return LuaValues.ToArray();
        }

        public static T GetReturnVal<T>(string lua, uint retVal)
        {
            DoString(string.Format("OnyxInput({0})", lua));
            object tmp;
            if (typeof(T) == typeof(bool))
            {
                tmp = LuaValues[(int) retVal] == "1";
            }
            else
            {
                tmp = (T) Convert.ChangeType(LuaValues[(int) retVal], typeof(T));
            }
            return (T) tmp;
        }

        public static void RegisterCommand(string commandName, RegisteredLuaCommandHandler handler)
        {
            RegisterCommandHandler(commandName, WriteLuaCallback(Marshal.GetFunctionPointerForDelegate(handler)));
            return;
        }

        private static IntPtr WriteLuaCallback(IntPtr callbackPtr)
        {
            // You need to either patch the InvalidPtrCheck, or do something else to avoid the EndOfText scan
            // and check. Sorry, no code here.
            return callbackPtr;
        }

        private static int GetTop(IntPtr pLuaState)
        {
            return GetTopHandler(pLuaState);
        }

        private static string ToString(IntPtr pLuaState, int index)
        {
            return ToStringHandler(pLuaState, index + 1, 0);
        }

        #region Nested type: LuaDoString

        [UnmanagedFunctionPointer(CallingConvention.Cdecl)]
        private delegate void LuaDoString(string lua, string fileName, uint pState);

        #endregion

        #region Nested type: LuaGetTop

        [UnmanagedFunctionPointer(CallingConvention.Cdecl)]
        private delegate int LuaGetTop(IntPtr pLuaState);

        #endregion

        #region Nested type: LuaToString

        [UnmanagedFunctionPointer(CallingConvention.Cdecl)]
        private delegate string LuaToString(IntPtr pLuaState, int idx, int length);

        #endregion
    }
}

That's it. Yes, GetReturnVal<int>("GetTime()", 0); will return whatever GetTime() usually would return.

The RegisterDelegate code (overloads removed for brevity)

Code:

        public static T RegisterDelegate<T>(IntPtr address) where T : class
        {
            return Marshal.GetDelegateForFunctionPointer(address, typeof(T)) as T;
        }

Yes, I'm lazy.

Credits;

kynox - Creating the AWESOME CLR loader and EndScene hook we use in Onyx, and helping debug some things (even if you did *Something* which I shall not mention via TeamViewer).
jjaa - Helping debug stupid stuff, and the awesome code contribs.
Cypher - ******.
Other people I forgot to mention: Tough shit.

P.S; JuJu, you are specifically prohibited from using any of this code. Period. If I find this stuff in a commercial bot, you shall be ruined!

P.P.S: Yes, it IS injection. So if you're scared about it, DON'T USE IT!

P.P.P.S: No, this wasn't 'stolen' from the other thread. Ask anybody who has access to the Elite Memory Editing section. (Yes, we have one.)

[Cypher]

Oh noez. News of the Elite Memory Editing section is out. Now I'm gonna get another 50 PMs per day.

Meh, not like it matters anyway. I ignore 99% of my PMs.

Lol @ pwning JuJu. **** you @ calilng me a ******. ******.

P.S. Your code is teh ghey.

[KuRIoS]

No it is not stolen and no you will not get access to that section, we pick you, not the other way around

[Robske]

There's a huge concentration of awesome in this thread.

Needs more "nil" tho

[Apoc]

Fixt

Code:

        public static T GetReturnVal<T>(string lua, uint retVal)
        {
            DoString(string.Format("OnyxInput({0})", lua));
            object tmp;

            if (LuaValues[(int)retVal] == "nil")
                return default(T);

            if (typeof(T) == typeof(bool))
            {
                tmp = LuaValues[(int) retVal] == "1" || LuaValues[(int)retVal].ToLower() == "true";
            }
            else
            {
                tmp = (T) Convert.ChangeType(LuaValues[(int) retVal], typeof(T));
            }
            return (T) tmp;
        }

[tanis2000]

Damn you Apoc.. if you posted this a week ago you'd saved me a lot of time
Just kidding, good one! Thx for sharing!

[Maeco]

You don't know how grateful I am for this. It will surely help me a great deal in my learning process and finishing my ANN-driven bot.

Thanks a million guys!

[barthen]

Thanks for sharing!

A few pointers for the lost souls:

- You have several examples on hooking EndScene at gamedeception (bobbysing's WoWX being one of them)

- As for injecting a native dll that will start the .NET runtime you can learn a lot here: How To Inject a Managed .NET Assembly (DLL) Into Another Process - Coding the Wheel

- It may be worth looking at EasyHook if you need to make managed detours

Hope it helps

[lanman92]

With easyhook's managed hooking, you have to write your routines in an external DLL to actually mod the function, don't you? Or can you use Marshal and such classes to modify the params, etc. in C#?

[tanis2000]

With easyhook's managed hooking, you have to write your routines in an external DLL to actually mod the function, don't you? Or can you use Marshal and such classes to modify the params, etc. in C#?

Check out the source code of BabBot. We use EasyHook to inject the LUA stuff.
SourceForge.net Repository - [babbot] Index of /

[tanis2000]

btw according to LUA's manual, your code should not work Shynd

Code:

int luaL_dostring (lua_State *L, const char *str);
const char *lua_tostring (lua_State *L, int index); // same as lua_tolstring with no length passed
const char *lua_tolstring (lua_State *L, int index, size_t *len);

whereas your code is

Code:

private delegate void LuaDoString(string lua, string fileName, uint pState);
private delegate string LuaToString(IntPtr pLuaState, int idx, int length);

It's like you are calling DoString with one more parameter and the state being passed in the wrong position and ToString actually calling toLstring instead (but your offset is the one of tostring apparently).

I wonder how is it possible for that code to actually work :-P

[jjaa]

btw according to LUA's manual, your code should not work Shynd

Code:

int luaL_dostring (lua_State *L, const char *str);
const char *lua_tostring (lua_State *L, int index); // same as lua_tolstring with no length passed
const char *lua_tolstring (lua_State *L, int index, size_t *len);

whereas your code is

Code:

private delegate void LuaDoString(string lua, string fileName, uint pState);
private delegate string LuaToString(IntPtr pLuaState, int idx, int length);

It's like you are calling DoString with one more parameter and the state being passed in the wrong position and ToString actually calling toLstring instead (but your offset is the one of tostring apparently).

I wonder how is it possible for that code to actually work :-P

Lua_DoString is not the actual Lua_DoString function. It should actually be called Lua_RunScript or something, because its from API RunScript - WoWWiki - Your guide to the World of Warcraft
EDIT: btw i should add that the class works perfectly.

[tanis2000]

Lua_DoString is not the actual Lua_DoString function. It should actually be called Lua_RunScript or something, because its from API RunScript - WoWWiki - Your guide to the World of Warcraft

Yeah that whole DoString stuff is actually misdirecting.

[Shynd]

btw according to LUA's manual, your code should not work Shynd

Have I posted in this thread without realizing it?

[tanis2000]

LOL! Sorry Shynd I meant Apoc but for some reason I wrote your name.. d'oh! /facepalm