DoString and getting values from it?

[Viano]

Hi everyone,

today I was trying to add lua calling to my bot but I was not even close. WoW is crashing all the time. I was trying the following with BlackMagic.

Code:

 public void Lua_DoString(string command)
        {
            // command is something like "DoEmote(\"dance\")"
            uint codecave = magic.AllocateMemory();
            uint stringcave = magic.AllocateMemory();

            magic.Asm.AddLine("fs mov eax, [0x2C]");
            magic.Asm.AddLine("mov eax, [eax]");
            magic.Asm.AddLine("add eax, 0x10");
            magic.Asm.AddLine("mov dword [eax], {0}", com.getMgr());

            magic.Asm.AddLine("mov eax, 0");
            magic.Asm.AddLine("push eax");
            magic.Asm.AddLine("mov eax, {0}", stringcave);
            magic.Asm.AddLine("push eax");
            magic.Asm.AddLine("push eax");
            magic.Asm.AddLine("call {0}", 0x0049AAB0);
            magic.Asm.AddLine("add esp, 0xC");
            magic.Asm.AddLine("retn");

            magic.Asm.InjectAndExecute(codecave);
            magic.FreeMemory(codecave);
            magic.FreeMemory(stringcave);
            magic.ResumeThread();
        }

After this WoW says goodbye.

Does anybody here could provide examples of calling lua functions via BlackMagic and getting the results back into your code?

[lanman92]

You could write a wrapper that you inject that calls DoString and returns a pointer to the result in eax. You would just have to use ToString() in the wrapper and you'd be gold.

[Viano]

You could write a wrapper that you inject that calls DoString and returns a pointer to the result in eax. You would just have to use ToString() in the wrapper and you'd be gold.

Sadly I am not able to do this. But I know some of you here managed to do it via BM. I don't understand assembler code that good, so I just have to trust copy&pasta currently.

Now I have this.

Code:

public bool Lua_DoString(string command)
        {
            uint space = magic.AllocateMemory(0x2048);
            Magic bm = magic;
            bm.WriteASCIIString(space + 0x1024, command);
          

            bm.Asm.Clear();
            bm.Asm.AddLine("FS mov eax, [0x2C]");
            bm.Asm.AddLine("mov eax, [eax]");
            bm.Asm.AddLine("add eax, 0x10");
            bm.Asm.AddLine("mov dword [eax], {0}", com.getMgr());
            bm.Asm.AddLine("mov ecx, 0");
            bm.Asm.AddLine("mov eax, " + (space + 0x1024));
            bm.Asm.AddLine("push ecx");
            bm.Asm.AddLine("push eax");
            bm.Asm.AddLine("push eax");
            bm.Asm.AddLine("mov eax, " + 0x0049AAB0);
            bm.Asm.AddLine("call eax");
            bm.Asm.AddLine("add esp, 0xC");
            bm.Asm.AddLine("retn");
            bm.SuspendThread();
            bm.Asm.InjectAndExecute(space);
            bm.ResumeThread();
            bm.FreeMemory(space);
            return true;
        }

However I am having a hard time putting together the code for other lua functions like GetLocalizedText, please help ;-) Anyone?

[Viano]

Ok, now I was messing with Apoc's code, but it is just far beyond my tiny knowledge. I have questions to his code at http://www.mmowned.com/forums/wow-me...ected-clr.html.

What is the content of "Utilities"?
What is he doing at "Win32.MemoryOpen();"?
Anyone having examples of how to use his code for lua functions?

[Apoc]

Ok, now I was messing with Apoc's code, but it is just far beyond my tiny knowledge. I have questions to his code at http://www.mmowned.com/forums/wow-me...ected-clr.html.

What is the content of "Utilities"?
What is he doing at "Win32.MemoryOpen();"?
Anyone having examples of how to use his code for lua functions?

Uhhh... I already explained what was used from my Utilities class.

Code:

        public static T RegisterDelegate<T>(IntPtr address) where T : class
        {
            return Marshal.GetDelegateForFunctionPointer(address, typeof(T)) as T;
        }

As for the Win32.MemoryOpen()

Code:

        [DllImport("kernel32.dll")]
        private static extern IntPtr OpenProcess(uint dwDesiredAccess, bool bInheritHandle, int dwProcessId);

        public static void MemoryOpen()
        {
            // WoW is our current proc. Flags: All = 0x001F0FFF
            _openProc = MemoryOpen(Process.GetProcessesByName("Wow")[0].Id, ProcessAccessFlags.All);
        }

        public static IntPtr MemoryOpen(int processID, ProcessAccessFlags desiredAccess)
        {
            Process myProc = Process.GetProcessById(processID);
            if (myProc.HandleCount > 0)
            {
                return OpenProcess((uint) desiredAccess, true, processID);
            }
            return IntPtr.Zero;
        }

_openProc is just used internally when we need to write memory. (As Marshal.WriteFoo seems to fail more often than not, while WriteProcessMemory works 100%)

Nothing terribly special.

As for example code; LEARN THE GOD DAMNED LANGUAGE BEFORE YOU TRY TO DO ADVANCED THINGS WITH IT!

That is all.

[lanman92]

Hey Apoc, do you not use pointers to avoid unsafe code? I don't really see any disadvantage to using the unsafe keyword :/

[Viano]

...
_openProc is just used internally when we need to write memory. (As Marshal.WriteFoo seems to fail more often than not, while WriteProcessMemory works 100%)
...
A LEARN THE GOD DAMNED LANGUAGE BEFORE YOU TRY TO DO ADVANCED THINGS WITH IT!
...

But you are not using _openProc in the code presented. Where internally do you use this?

Are there any samples on the internet where I can see this beeing used with easyhook in C#?

You are right about the learning part. But should I write my own yet another notepad? I guess not ;-) I am going to learn much more by looking at code from people like you (thanks for that). If I could only get this running ...

[flo8464]

You are right about the learning part. But should I write my own yet another notepad? I guess not ;-) I am going to learn much more by looking at code from people like you (thanks for that). If I could only get this running ...

You could read about the APIs you are using. For example.

[Apoc]

Hey Apoc, do you not use pointers to avoid unsafe code? I don't really see any disadvantage to using the unsafe keyword :/

I don't use the pointer arithmetic as it's not needed, and it creates fairly ugly code IMHO. Using delegates forces type-safety, and is also quite a bit more maintainable.

Honestly, it's just preference. I think the delegated way is easier, as I can keep track of things *much* better. And if a certain function's prototype changes, I won't even need to open Olly or IDA to find out. (.NET will just throw errors concerning that delegate)

If you have some tidbit of code that you think would be faster in the end, by all means, feel free to share. Until then though, I'll stick with my 'one time only' delegate assignment.

But you are not using _openProc in the code presented. Where internally do you use this?

Are there any samples on the internet where I can see this beeing used with easyhook in C#?

You are right about the learning part. But should I write my own yet another notepad? I guess not ;-) I am going to learn much more by looking at code from people like you (thanks for that). If I could only get this running ...

Before you learn to program, learn to read.

_openProc is just used internally when we need to write memory. (As Marshal.WriteFoo seems to fail more often than not, while WriteProcessMemory works 100%)

Jesus christ. Seriously though, go program shit basic stuff before you come back here. The next 'beginner' question from you will get you infractions. Read the section rules, and be happy I'm warning you now.

[Viano]

Mhm ... I will drop Apoc's approach since I am to stupid for it. Anyone a hint on why the following is crashing WoW?

Code:

public String Lua_GetLocalizedText(string variable)
        {
            magic.SuspendThread();
            BlackMagic wow = magic;

            String sResult = "null";

            uint codecave = wow.AllocateMemory();
            uint stringcave = wow.AllocateMemory(variable.Length + 1);
            wow.WriteASCIIString(stringcave, variable);

            wow.Asm.Clear();
            AsmUpdateCurMgr();

            wow.Asm.AddLine("mov ecx, {0}", Common.Instance.getObjectByGUID(magic.ReadUInt64(
                Common.Instance.getMgr() + (uint)Descriptors.Offsets.localGuidOffset)));
            wow.Asm.AddLine("push {0}", -1);
            wow.Asm.AddLine("push {0}", stringcave);
            wow.Asm.AddLine("call {0}", Globals.Functions.Lua_GetLocalizedText);

            AsmSendResumeMessage();
            wow.Asm.AddLine("retn");

            try
            {
                uint result = wow.Asm.InjectAndExecute(codecave);
                Thread.Sleep(10);

                if (result != 0)
                {
                    sResult = wow.ReadASCIIString(result, 256);
                }
            }
            catch (Exception e)
            {
                magic.ResumeThread();
                throw e;
            }
            finally
            {
                wow.FreeMemory(codecave);
                wow.FreeMemory(stringcave);
            }

            return sResult;
        }

[Nesox]

Hook EndScene and do your function calls from there

[Viano]

Hook EndScene and do your function calls from there

Currently I am not capable of doing this (or show me how) and as I managed to call dostring that way I was hoping some of you can help here.

[Shynd]

God, this makes my mother ****ing brain hurt. You have a globally accessible BlackMagic object called 'magic' which you sometimes use but also create a reference to it called 'wow' which you ALSO sometimes use. Pick one or the other, holy christ.

Anyway, it seems that you're only resuming WoW's main thread when catching an exception. That'd be my first and best guess as to why you're having issues. There's a bunch of other shit that stands out--namely that you use someone else's AsmSendResumeMessage(); but then ignore it and just do a static sleep of 10ms, which is completely useless, among other copypasta that you obviously don't understand--but I'm not going to waste my time sifting through crap like this.

When I wrote and released BlackMagic with an ASM injection class, I didn't really think that this is the kind of shit it'd spawn. This is just getting pathetic.

[vulcanaoc]

Mhm ... I will drop Apoc's approach since I am to stupid for it. Anyone a hint on why the following is crashing WoW?

Code:

            wow.Asm.AddLine("mov ecx, {0}", Common.Instance.getObjectByGUID(magic.ReadUInt64(
                Common.Instance.getMgr() + (uint)Descriptors.Offsets.localGuidOffset)));
            wow.Asm.AddLine("push {0}", -1);
            wow.Asm.AddLine("push {0}", stringcave);
            wow.Asm.AddLine("call {0}", Globals.Functions.Lua_GetLocalizedText

The fact that you have both Common.Instance AND Globals.Functions namespaces calling getObjectByGUID (what is this naming convention? java?) and Lua_GetLocalizedText, respectively, is deeply unsettling and confusing.

I feel like you just *may* be cooking up some copy-pasta. Don't leave out the Common.Instance.Globals.Copypasta.AddAlfredoSauce() method!

[Viano]

God, this makes my mother ****ing brain hurt.

Your mom is reading code at mmwoned? You have to love her

You have a globally accessible BlackMagic object called 'magic' which you sometimes use but also create a reference to it called 'wow' which you ALSO sometimes use. Pick one or the other, holy christ.

Well that was just a very quick fix just to make it work as that was copy and pasted from this forum. I want to get things running and see how they work then and clean up the code afterwards. Even if this is not the way it should be done.

Anyway, it seems that you're only resuming WoW's main thread when catching an exception. That'd be my first and best guess as to why you're having issues. There's a bunch of other shit that stands out--namely that you use someone else's AsmSendResumeMessage(); but then ignore it and just do a static sleep of 10ms, which is completely useless, among other copypasta that you obviously don't understand--but I'm not going to waste my time sifting through crap like this.

True. I still don't understand IPC, ASM fully and C# syntax is still hard to read sometimes. Nevertheless thank you for the answer, BlackMagic and your help.

When I wrote and released BlackMagic with an ASM injection class, I didn't really think that this is the kind of shit it'd spawn. This is just getting pathetic.

I will try to spare you more shitty posts from me. I promise

The fact that you have both Common.Instance AND Globals.Functions namespaces calling getObjectByGUID (what is this naming convention? java?) and Lua_GetLocalizedText, respectively, is deeply unsettling and confusing.

I feel like you just *may* be cooking up some copy-pasta. Don't leave out the Common.Instance.Globals.Copypasta.AddAlfredoSauce() method!

Yes, at the beginning my naming convention was Java as I was coding some bullshit in Java for weeks and now can't get rid of it.

I am copy and pasting ASM code from here as I simply have no idea about it at the moment. And I was just trying to get things work without thinking of design, patterns or organizing code.