CastSpellByID Weird asm crash

[xLeo123]

Code:

__asm
{
	push 0
	push 0
	push 0
	push 78
	mov eax, [OFFSET_LUACASTSPELLBYID]//Offset is OK
	call eax //<-- Crash after the call.
	add esp, 0x10
}

EDIT: Oh and yeah, im calling it from WoW's main thread, so its not about the TLS.

The exact error is an access violation while trying to read from 0x5E, very strange.
Any ideas why?


Leo

[akh]

I guess you have to give a little more info on the error message, but you could try using a function pointer instead of asm:

Code:

typedef bool ( __cdecl * tCastSpellById )( unsigned long, unsigned long, WGUID, unsigned long );
tCastSpellById oCastSpellById = (tCastSpellById)gpWoWX->GetFindPattern()->GetAddress( "CastSpellById" );
oCastSpellById( dwSpellId, 0, targetGuid, 0 );

Edit:
Just noticed that you are using

mov eax, [OFFSET_LUACASTSPELLBYID]//Offset is OK

It could be that you are using the wrong offset, the current offset for CastSpellById is 0x007E6700

[xLeo123]

Yup, i've tried using a typedef too,

Code:

typedef bool(__cdecl* fnCastSpellByID)(unsigned int SpellID,unsigned int Unk2,unsigned int Unk3, unsigned int Unk4);
...
fnCastSpellByID LUACastSpellByID;
...
LUACastSpellByID = (fnCastSpellByID)OFFSET_LUACASTSPELLBYID;
...
bool ret = LUACastSpellByID(78,0,0,0);//Heroic Strike (R1)

Gives the exact same error..

EDIT:
Turns out here is where the code is crashing, apparently according to Visual Studio 2010:

Code:

/***
* _unlock - Release multi-thread lock
*
*Purpose:
*       Note that it is legal for a thread to aquire _EXIT_LOCK1
*       multiple times.
*
*Entry:
*       locknum = number of the lock to release
*
*Exit:
*
*Exceptions:
*
*******************************************************************************/

void __cdecl _unlock (
        int locknum
        )
{
        /*
         * leave the critical section.
         */
        LeaveCriticalSection( _locktable[locknum].lock ); <-- Access violation reading 0x5E here..
}

[akh]

What about the offset, it looks like you are using the Lua_CastSpellById offset

[xLeo123]

The offset is 0x4D6FC0, which is correct according to the current build (11159)
???

[akh]

Yes, thats the offset for the Lua_CastSpellByID, try using the offset for CastSpellById: 0x007E6700.

If you are going to use the Lua version you must pass the Lua state and some other parameters I guess.

[xLeo123]

Sir, you are a genius. THANK YOU! By the way, how did you find this offset? Lua_X is easy because it's clearly labeled as a string in IDA, but what about the pure versions like this?

Thanks!!

[akh]

Try searching for CFindPattern either on this site or on GameDeception and you will find more info on how to find function addresses.

[flo8464]

By the way, how did you find this offset? Lua_X is easy because it's clearly labeled as a string in IDA, but what about the pure versions like this?

Open lua_CastSpellById in IDA and reverse the function. The luafunction also has to call the gamefunction
It is pretty simple.

Try searching for CFindPattern either on this site or on GameDeception and you will find more info on how to find function addresses.

That is the leecher way and you learn nothing by doing it.
It is ok for updating your code, but for sure no help to get better in anything.

[Seifer]

If you have LUA.DoString() working properly, you could also use:

Code:

/// <summary>
        /// Casts a spell by ID.
        /// </summary>
        /// <param name="SpellID">Spell ID</param>
        /// <param name="SpellBook">Pet or Spell, depending on the caster.</param>
        public static void CastSpellByID(int SpellID, string SpellBook)
        {
            if (SpellID >= 0 && !string.IsNullOrEmpty(SpellBook))
            {
                Lua.DoString("CastSpellByID(\"" + SpellID + "\", \"" + SpellBook + "\")", "hax.lua", 0);
            }
        }

Not a direct answer to your question, but hey, it works! Ship it!

[JuJuBoSc]

Code:

typedef void (__cdecl * tCastSpell)(const int SpellId, const int Unknown1, const int Unknown2, const int Unknown3, const int Unknown4);
tCastSpell oCastSpell = reinterpret_cast<tCastSpell>(0x007E6700);

This one work fine for me.

[Nesox]

UREDOINITWRONG!

const unsigned int CastSpellById = 0x007E6700;
const unsigned int SpellId = 78;

push 0
push 0
push 0
push SpellId
call CastSpellById
add esp, 0x10
retn

[hamburger12]

Mh this don't work for me :S he injected it and then nothing happens... He just stand there and don't cast -.- my code:

DWORD CastSpellById = 0x007E6700;

void Castspell(unsigned int SpellId)
{
__asm
{
push 0
push 0
push 0
push 1443
call CastSpellById
add esp, 0x10
}
}

[Cypher]

[lanman92]

Cypher, you are a fag.