Lua Do String menu

User Tag List

Page 1 of 3 123 LastLast
Results 1 to 15 of 41
  1. #1
    qjlex's Avatar Member
    Reputation
    1
    Join Date
    Oct 2007
    Posts
    39
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Lua Do String

    This is my method for inject lua, but it is does not work for me.
    Please me need your help.

    Code:
    public static object Lua_DoString(string Lua)
            {
                uint dwAddress = BotContro1l.mem.AllocateMemory(0x4096);
                BotContro1l.mem.WriteASCIIString(dwAddress + ((uint)0x200L), Lua);
                BotContro1l.mem.Asm.Clear();
                BotContro1l.mem.Asm.AddLine("mov EDX, [0x01132F60]");
                BotContro1l.mem.Asm.AddLine("mov EDX, [EDX+0x2C24]");
                BotContro1l.mem.Asm.AddLine("FS mov EAX, [0x2C]");
                BotContro1l.mem.Asm.AddLine("mov EAX, [EAX]");
                BotContro1l.mem.Asm.AddLine("add EAX, 0x10");
                BotContro1l.mem.Asm.AddLine("mov [EAX], EDX");
                BotContro1l.mem.Asm.AddLine("push {0}", new object[] { 0 });
                BotContro1l.mem.Asm.AddLine("mov eax, {0}", new object[] { dwAddress + 0x200L });
                BotContro1l.mem.Asm.AddLine("push eax");
                BotContro1l.mem.Asm.AddLine("push eax");
                BotContro1l.mem.Asm.AddLine("call {0}", new object[] { "0x7CE840" });
                BotContro1l.mem.Asm.AddLine("add esp, 0xC");
                BotContro1l.mem.Asm.AddLine("retn");
                BotContro1l.mem.SuspendThread(BotContro1l.wowmainthread);
                BotContro1l.mem.Asm.InjectAndExecute(dwAddress);
                BotContro1l.mem.FreeMemory(dwAddress);
                BotContro1l.mem.ResumeThread(BotContro1l.wowmainthread);
                return 0;
            }

    Lua Do String
  2. #2
    Nesox's Avatar ★ Elder ★
    Reputation
    1280
    Join Date
    Mar 2007
    Posts
    1,238
    Thanks G/R
    0/3
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by qjlex View Post
    This is my method for inject lua, but it is does not work for me.
    Please me need your help.
    Here you go mate

    http://www.mmowned.com/forums/search.php

  3. #3
    MaiN's Avatar Elite User
    Reputation
    335
    Join Date
    Sep 2006
    Posts
    1,047
    Thanks G/R
    0/10
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    How much C# do you know?
    Just skimming over your code, I noticed a few major flaws.
    First hint, try checking what ToString returns from an object array.
    [16:15:41] Cypher: caus the CPU is a dick
    [16:16:07] kynox: CPU is mad
    [16:16:15] Cypher: CPU is all like
    [16:16:16] Cypher: whatever, i do what i want

  4. #4
    maclone's Avatar / Authenticator enabled
    Reputation
    2420
    Join Date
    Nov 2007
    Posts
    8,726
    Thanks G/R
    0/1029
    Trade Feedback
    0 (0%)
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Nesox View Post
    Nah, search doesn't work (atleast for me right now). It doesn't show any threads older than 2 weeks.
    Zomfg. And no, don't ask. - Dombo did it.

  5. #5
    qjlex's Avatar Member
    Reputation
    1
    Join Date
    Oct 2007
    Posts
    39
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    This is my method for inject Lua in WoW, but
    pops Lua error:
    Code:
    Message: [string "self:SetCamera(0);"]:1: attempt to index global 'self' (a nil value)
    Time: 10/04/09 19:52:05
    Count: 5
    Stack: [string "Interface\FrameXML\BasicControls.xml:<Scrip..."]:18: in function <[string "Interface\FrameXML\BasicControls.xml:<Scrip..."]:4>
    [C]: ?
    [string "self:SetCamera(0);"]:1: in main chunk
    
    Locals: (*temporary) = nil
    (*temporary) = nil
    (*temporary) = nil
    (*temporary) = "attempt to index global 'self' (a nil value)"
    Code:
    public static void Lua_DoString(string Lua)
            {
    
                uint dwAddress = BotContro1l.mem.AllocateMemory(0x4096);
                BotContro1l.mem.WriteASCIIString(dwAddress + ((uint)0x200L), Lua);
    
                BotContro1l.mem.Asm.Clear();
                BotContro1l.mem.Asm.AddLine("mov EDX, [0x012705B0]");
                BotContro1l.mem.Asm.AddLine("mov EDX, [EDX+0x2D94]");
                BotContro1l.mem.Asm.AddLine("FS mov EAX, [0x2C]");
                BotContro1l.mem.Asm.AddLine("mov EAX, [EAX]");
                BotContro1l.mem.Asm.AddLine("add EAX, 0x10");
                BotContro1l.mem.Asm.AddLine("mov [EAX], EDX");
                BotContro1l.mem.Asm.AddLine("push {0}", new object[] { 0 });
                BotContro1l.mem.Asm.AddLine("mov eax, {0}", new object[] { dwAddress + 0x200L });
                BotContro1l.mem.Asm.AddLine("push eax");
                BotContro1l.mem.Asm.AddLine("push eax");
                BotContro1l.mem.Asm.AddLine("call {0}", new object[] { "0x007CF6B0" });
                BotContro1l.mem.Asm.AddLine("add esp, 0xC");
                BotContro1l.mem.Asm.AddLine("retn");
                BotContro1l.mem.SuspendThread(BotContro1l.wowmainthread);
                BotContro1l.mem.Asm.InjectAndExecute(dwAddress);
                BotContro1l.mem.FreeMemory(dwAddress);
                BotContro1l.mem.ResumeThread(BotContro1l.wowmainthread);
            }
    I can not understand where the error in my code.
    Last edited by qjlex; 10-04-2009 at 11:01 AM.

  6. #6
    Robske's Avatar Contributor
    Reputation
    305
    Join Date
    May 2007
    Posts
    1,062
    Thanks G/R
    3/4
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by MaiN View Post
    How much C# do you know?
    Just skimming over your code, I noticed a few major flaws.
    First hint, try checking what ToString returns from an object array.
    It's copypasta, the new object[] { 0 } gives it away. I've seen it pop up in multiple threads already...
    "Always code as if the guy who ends up maintaining your code will be a violent psychopath who knows where you live." - Martin Golding
    "I cried a little earlier when I had to poop" - Sku

  7. #7
    MaiN's Avatar Elite User
    Reputation
    335
    Join Date
    Sep 2006
    Posts
    1,047
    Thanks G/R
    0/10
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yeah, but that was my bad. I think one of the overloads takes an object array as parameter.
    [16:15:41] Cypher: caus the CPU is a dick
    [16:16:07] kynox: CPU is mad
    [16:16:15] Cypher: CPU is all like
    [16:16:16] Cypher: whatever, i do what i want

  8. #8
    lanman92's Avatar Active Member
    Reputation
    50
    Join Date
    Mar 2007
    Posts
    1,033
    Thanks G/R
    0/1
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You really should deallocate that 4kb of memory after you're done with it. Also the TLS offset is 0x8 now. Change the "add eax, 0x10" to "add eax, 0x8". And don't use an array of objects for all you're parameters. Just putting the value in works fine, and I think it has better performance(not sure though). Your address that you're trying to call is a string? That probably won't work. It should be an IntPtr or uint.
    Last edited by lanman92; 10-04-2009 at 11:55 AM.

  9. #9
    qjlex's Avatar Member
    Reputation
    1
    Join Date
    Oct 2007
    Posts
    39
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I changed my method. Here's a working version for me, but don't work Russian text.
    Code:
     public static void Lua_DoString(string luaString)
            {
                uint cave = 0;
                try
                {
                    while (BotContro1l.mem.ReadInt((uint)0x0133D5B0) != 0)
                    {
                        Thread.Sleep(0);
                    }
                    BotContro1l.mem.SuspendThread(BotContro1l.wowmainthread);
    
                    cave = BotContro1l.mem.AllocateMemory(0x2048);
                    BotContro1l.mem.WriteASCIIString(cave + 0x1024, luaString);
    
                    BotContro1l.mem.Asm.Clear();
    
                    BotContro1l.mem.Asm.AddLine("mov EDX, [0x012705B0]");
                    BotContro1l.mem.Asm.AddLine("mov EDX, [EDX+0x00002D94]");
    
                    BotContro1l.mem.Asm.AddLine("FS mov EAX, [0x2C]");
                    BotContro1l.mem.Asm.AddLine("mov EAX, [EAX]");
                    BotContro1l.mem.Asm.AddLine("add EAX, 8");
                    BotContro1l.mem.Asm.AddLine("mov [EAX], edx");
    
                    BotContro1l.mem.Asm.AddLine("push 0");
                    BotContro1l.mem.Asm.AddLine("mov eax, " + (cave + 0x1024));
                    BotContro1l.mem.Asm.AddLine("push eax");
                    BotContro1l.mem.Asm.AddLine("push eax");
                    BotContro1l.mem.Asm.AddLine("call 0x007CF6B0");
                    BotContro1l.mem.Asm.AddLine("add esp, 0xC");
                    BotContro1l.mem.Asm.AddLine("retn");
    
                    BotContro1l.mem.Asm.InjectAndExecute(cave);
                    BotContro1l.mem.ResumeThread(BotContro1l.wowmainthread);
    
                    BotContro1l.mem.FreeMemory(cave);
                    BotContro1l.mem.Asm.Clear();
                }
                catch
                {
                    BotContro1l.mem.ResumeThread(BotContro1l.wowmainthread);
                    BotContro1l.mem.FreeMemory(cave);
                    BotContro1l.mem.Asm.Clear();
                }
            }

  10. #10
    MaiN's Avatar Elite User
    Reputation
    335
    Join Date
    Sep 2006
    Posts
    1,047
    Thanks G/R
    0/10
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Holy crap that's ugly.
    Why the hell do you use a codecave that's 0x2048 big and then use only from 0x1024 of it?
    Also, learn to use
    try {} finally {}
    Also for russian text I think you need to write it in unicode.
    [16:15:41] Cypher: caus the CPU is a dick
    [16:16:07] kynox: CPU is mad
    [16:16:15] Cypher: CPU is all like
    [16:16:16] Cypher: whatever, i do what i want

  11. #11
    flo8464's Avatar Active Member
    Reputation
    30
    Join Date
    Apr 2009
    Posts
    434
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by MaiN View Post
    Also for russian text I think you need to write it in unicode.
    Afaik lua functions have ASCII-Support only? I am using Lua in some of my apps and I failed to add Unicode-support.

    Can anyone enlighten me how to make lua work with unicode files?

  12. #12
    qjlex's Avatar Member
    Reputation
    1
    Join Date
    Oct 2007
    Posts
    39
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    How I can get Reply resulting LuaDoString?

  13. #13
    furang's Avatar Member
    Reputation
    19
    Join Date
    Jul 2009
    Posts
    84
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    And here's my Lua_DoString function based on the above code
    Code:
    int Lua_DoString(char *luastr)
    {
    		int res;
    		do
    		{
    			ReadProcessMemory( hProc, (LPVOID)(0x0133D5B0), (LPVOID)&res, sizeof(res), NULL );
    		}
    		while (res!=0);
    		DWORD strmem;
    		DWORD codemem;
    		char shellcode[]=
    		"\x8B\x15\xB0\x05\x27\x01\x8B\x92\x94\x2D\x00\x00"//MOV EDX,DWORD PTR DS:[12705B0], MOV EDX,DWORD PTR DS:[EDX+2D94]
    		"\xA1\x2C\x00\x00\x00\x8B\x00\x83\xC0\x08"//MOV EAX,DWORD PTR DS:[2C],MOV EAX,DWORD PTR DS:[EAX],ADD EAX,8
    		"\x89\x10\x6A\x00\xB8\x78\x56\x34\x12"//MOV DWORD PTR DS:[EAX],EDX,PUSH 0,MOV EAX,12345678 - luastr addr
    		"\x50\x50\xFF\x15\xB0\xF6\x7C\x00\x83\xC4\x0C"//PUSH EAX,PUSH EAX,CALL 007CF6B0,ADD ESP,0C
    		"\xC3";//retn
    		SuspendThread(mThread);
    		strmem=(DWORD)VirtualAllocEx(hProc,NULL,1024,MEM_COMMIT,PAGE_READWRITE);
    		if (strmem==NULL)
    		ShowMessage("Can't allocate memory");
    		WriteProcessMemory(hProc, (LPVOID)(strmem),(LPVOID)&luastr[0],100,NULL);
    				
    		codemem=(DWORD)VirtualAllocEx(hProc,NULL,1024,MEM_COMMIT,PAGE_EXECUTE_READWRITE);
    		if (codemem==NULL)
    		ShowMessage("Can't allocate memory");
    
    		WriteProcessMemory(hProc, (LPVOID)(codemem),&shellcode[0],sizeof(shellcode),NULL);
    		WriteProcessMemory(hProc, (LPVOID)(codemem+27),&strmem,4,NULL);
    		
    		CreateRemoteThread(hProc,NULL,0,(PTHREAD_START_ROUTINE)codemem,NULL,0,NULL);
    		
    		ResumeThread(mThread);
    		if(!VirtualFreeEx(hProc,(LPVOID)strmem,NULL,MEM_RELEASE)) ShowMessage ("Can't free memory");
    		if(!VirtualFreeEx(hProc,(LPVOID)codemem,NULL,MEM_RELEASE)) ShowMessage ("Can't free memory");
    		
    		return 0;
    }
    Does anyone have any idea why it crashes wow (Err 132)?
    I tried it so and so, but the result is the same.
    Am i doing anything wrong? Or maybe made a mess of shellcode?
    PS. I know it's ugly and disgusting, but it can work.... i believe)
    Last edited by furang; 10-06-2009 at 09:29 PM.
    i did it 4 lulz

  14. #14
    lanman92's Avatar Active Member
    Reputation
    50
    Join Date
    Mar 2007
    Posts
    1,033
    Thanks G/R
    0/1
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If you're using C++, is there ANY reason to be out of process? Anyway, I would say make an inline function and put an asm block in it. Much nicer. Then you can just copy the bytes out of that function into the process and execute it. I don't really see any problem with that asm, but you never know when it's in shellcode...

  15. #15
    furang's Avatar Member
    Reputation
    19
    Join Date
    Jul 2009
    Posts
    84
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I want as less intrusion, as it's possible. Maybe some day i inject dll...
    You mean make an inline asm part? it'd be better, but how should i write it to other process? And shellcode is more suitable ait. I checked memstr addr is written at codestr+27 rewriting 12345678 ( MOV EAX,1234567. So it seems to be alright. But it's not(
    Gonna try SEH.
    i did it 4 lulz

Page 1 of 3 123 LastLast

Similar Threads

  1. Lua Do String
    By kingdeking in forum WoW Memory Editing
    Replies: 12
    Last Post: 08-16-2012, 06:50 PM
  2. [ArcEmu] MySQL/Lua from string choosing
    By kerovi in forum WoW EMU Questions & Requests
    Replies: 0
    Last Post: 01-11-2011, 01:24 PM
  3. Lua do most of the strings?
    By luciferc in forum WoW Memory Editing
    Replies: 23
    Last Post: 07-11-2009, 04:45 AM
  4. New LUA Scripts
    By 777devil777 in forum World of Warcraft Emulator Servers
    Replies: 8
    Last Post: 11-26-2007, 05:58 PM
  5. LUA Refrences
    By 777devil777 in forum World of Warcraft Emulator Servers
    Replies: 1
    Last Post: 11-22-2007, 08:09 PM
All times are GMT -5. The time now is 11:54 AM. Powered by vBulletin® Version 4.2.3
Copyright © 2025 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2025 DragonByte Technologies Ltd.
Google Authenticator verification provided by Two-Factor Authentication (Free) - vBulletin Mods & Addons Copyright © 2025 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search