[Sample Code] EndScene Hook with ASM and blackmagic

**sPeC!** · 11-20-2010

Originally Posted by JuJuBoSc

Because 0xAC is Clear func and can be hooked the same way, and is called every frame too.

I have spent some time debugging because of this one some days ago, only to find that using 0xAC was making CheckPermissions fail when trying to use protected lua functions.
0xA8 is the correct index.

Cheers,
Edit: Posted wrong info!

**CrimeTime** · 11-20-2010

could kiss you, it works

**_Mike** · 11-20-2010

Originally Posted by JuJuBoSc

Because 0xAC is Clear func and can be hooked the same way, and is called every frame too.

Yes it works, but there's 3 calls to Clear() per frame so the performance hit is bigger than hooking EndScene.

**Millow** · 11-20-2010

To whoever trying to get this to work and it does not work, http://www.mmowned.com/forums/world-...ne-hook-3.html go there.
I've used ahook and updated the console app to get it working ! I never managed to get the version of the hook in this thread working, so I used Ahook.
Credits goes to Juju for the DLL (source someday plz ? ) and RivaLFr for some of the the memory reading code !
Enjoy

PS: fukmeimbroken, ur pm box is full, tried pming you to no avail !

**CrimeTime** · 11-20-2010

still have Problems with the GetLocalizedText!
im trying to get data out of the Auctionhouse with this code:

Code:

                    LuaDoString("Totauctions = GetNumAuctionItems(\"list\")");
                    Totauctions = GetLocalizedText("Totauctions");

but all what i get back is "5" (i have search at AH before i have used the code)
i mean i should get much more data as only the "5" = 5 Auctions.

someone a Idea what im doing wrong?

Greets CrimeTime

**miceiken** · 11-20-2010

Originally Posted by CrimeTime

still have Problems with the GetLocalizedText!
im trying to get data out of the Auctionhouse with this code:

Code:

                    LuaDoString("Totauctions = GetNumAuctionItems(\"list\")");
                    Totauctions = GetLocalizedText("Totauctions");

but all what i get back is "5" (i have search at AH before i have used the code)
i mean i should get much more data as only the "5" = 5 Auctions.

someone a Idea what im doing wrong?

Greets CrimeTime

Code:

  numBatchAuctions, totalAuctions = GetNumAuctionItems("list")

GetNumAuctionItems - World of Warcraft Programming: A Guide and Reference for Creating WoW Addons

**Ozius** · 11-21-2010

Tried to use ENDSCENE_IDX = 0xAC;//0xA8;
Doesn't work. Can somehow influences that I use the russian wow?
edit file: http://dl.dropbox.com/u/7381029/Program2.cs

**fukmeimbroken** · 11-21-2010

Originally Posted by Ozius

Tried to use ENDSCENE_IDX = 0xAC;//0xA8;
Doesn't work. Can somehow influences that I use the russian wow?
edit file: http://dl.dropbox.com/u/7381029/Program2.cs

We didn'T get it work too. Take a look into AHook http://www.mmowned.com/forums/world-...ne-hook-3.html ([C# DLL] aHook, use ASM through EndScene hook) like millow said, worked for us.

**CrimeTime** · 11-21-2010

Originally Posted by miceiken

Code:

  numBatchAuctions, totalAuctions = GetNumAuctionItems("list")

GetNumAuctionItems - World of Warcraft Programming: A Guide and Reference for Creating WoW Addons

thanks that works, but i see i have write the wrong problem, the current problem is

Code:

            LuaDoString("count = GetAuctionItemInfo(\"list\"," + index + ")");
            return GetLocalizedTextInt("count");

i get only the Name of the Item, and not the other Data, i've see that some people do Split the incoming Data but i cant Split something because i get only the Name and not the full Data String.

Edit: Got it workin, a shame that i didnt know how to do that ^^

**Millow** · 11-22-2010

Anyone knows what the step variable stands for ? It's equal to 0xE9 and is used to determine if the process is hooked.

**Scorpiona** · 11-22-2010

Originally Posted by Millow

Anyone knows what the step variable stands for ? It's equal to 0xE9 and is used to determine if the process is hooked.

0xE9 is JMP. It's checking if the detour has been applied.

**reggggg** · 01-22-2011

nevermind I worked it out

Might as well post what my problem was. I couldn't figure out why the OP was adding 0xc to the stack pointer in DoString. Turns out you need to increment the sp by the size of the parameter list for the stack pointer to be in the right place and for code to to keep going smoothly, or something? I needed to do the same thing for ConsoleWriteA("lala", 4) and ended up adding 0x8 to esp for the char* and int, or execution would screw up afterwards.

**Ozius** · 02-17-2011

nevermind I worked it out

Might as well post what my problem was. I couldn't figure out why the OP was adding 0xc to the stack pointer in DoString. Turns out you need to increment the sp by the size of the parameter list for the stack pointer to be in the right place and for code to to keep going smoothly, or something? I needed to do the same thing for ConsoleWriteA("lala", 4) and ended up adding 0x8 to esp for the char* and int, or execution would screw up afterwards.

Hasn't understood, where it is necessary to add?
Specify please a line.

**FenixTX2** · 02-22-2011

The original 'Hooking()" function was wrong. There was an error in the ASM.

Code:

        application.Asm.Clear();

        application.Asm.AddLine("mov edi, edi");
        application.Asm.AddLine("push ebp");
        application.Asm.AddLine("mov ebp, esp");

        application.Asm.AddLine("pushfd");
        application.Asm.AddLine("pushad");
                    
        //Test for waiting code
        application.Asm.AddLine("mov eax, [" + addresseInjection + "]");
        application.Asm.AddLine("test eax, ebx");
        application.Asm.AddLine("je @out");

        //Execute waiting code
        application.Asm.AddLine("mov eax, [" + addresseInjection + "]");
        application.Asm.AddLine("call eax");

        //Copy pointer to return value
        application.Asm.AddLine("mov [" + retnInjectionAsm + "], eax");

        application.Asm.AddLine("mov edx, " + addresseInjection);
        application.Asm.AddLine("mov ecx, 0");
        application.Asm.AddLine("mov [edx], ecx");

        //Close Function
        application.Asm.AddLine("@out:");

        //Inject Code
        uint sizeAsm = (uint)(application.Asm.Assemble().Length);

        application.Asm.Inject(injected_code);

        int sizeJumpBack = 5;

        // create jump back stub
        application.Asm.Clear();
        application.Asm.AddLine("jmp " + (pEndScene + sizeJumpBack));
        application.Asm.Inject(injected_code + sizeAsm);// + (uint)sizeJumpBack);

        // create hook jump
        application.Asm.Clear(); // $jmpto
        application.Asm.AddLine("jmp " + (injected_code));
        application.Asm.Inject(pEndScene);

**Ozius** · 02-23-2011

FenixTX2, thx.
Has corrected the code as you have offered. Cycling in the same place:

Code:

while (Memory.ReadInt(addresseInjection) > 0) { Thread.Sleep(5); } // Wait to launch code

The code entirely: http://dl.dropbox.com/u/7381029/Program.cs

Shout-Out

User Tag List

Thread: [Sample Code] EndScene Hook with ASM and blackmagic

Thread Tools

Search Thread

Similar Threads

[C# DLL] aHook, use ASM through EndScene hook

Sample Code - Another way of getting the EndScene address

[C#] CLR hosting using C# and BlackMagic (ASM)

[C++] Endscene hook and dostring code inject and wow crashed....

[Test Theory] EndScene hook without Native Code (Kinda)

OwnedCore Forums

casino

CoreCoins

My OwnedCore

About Us

Casino