Understanding FrameScript_GetTop

[Neverhaven]

I'm trying to use FrameScript_GetTop to get values returned from functions, as an alternative to FrameScript__GetLocalizedText, to see if it's faster, however it doesn't seem to work properly. Here's how it use it:

Code:

...
    Lua.Print("Interface.FrameScript__GetTop() = " + Interface.FrameScript_GetTop());
    Lua.DoString("print('test'); return 'test';");
    Lua.Print("Interface.FrameScript__GetTop() = " + Interface.FrameScript_GetTop());
...

And here's what it prints:

Code:

Interface.FrameScript__GetTop() = 0
Interface.FrameScript__GetTop() = 0

However, according to the lua manual, it should print this

Code:

Interface.FrameScript__GetTop() = 0
Interface.FrameScript__GetTop() = 1

Anyone able to help me out, or point in a direction so i can figure out what's wrong?

[Cheatz0]

As far as i know, DoString does not push any values on the stack. Therefore, GetTop() will return 0 in both cases.

[eLaps]

You need to register a lua callback to get returned values from lua functions.

[ramey]

You need to register a lua callback to get returned values from lua functions.

Need would be wrong term to use. You don't need to, but you can.

[jjaa]

The lua fuction called "DoString" is not the lua one. Its common name around here is FrameScript_Execute. Basically if you reverse the function you will see a call to lua_pcall with nresults set to 0.

EDIT: Btw is should add that if you want to find all the lua functions. Just download the Lua 5.1 binary. Disassemble it, IDA recognizes all the function names because of the debug info. Then just use the patchdiff plug-in to do a comparison.

[Neverhaven]

The lua fuction called "DoString" is not the lua one. Its common name around here is FrameScript_Execute. Basically if you reverse the function you will see a call to lua_pcall with nresults set to 0.

EDIT: Btw is should add that if you want to find all the lua functions. Just download the Lua 5.1 binary. Disassemble it, IDA recognizes all the function names because of the debug info. Then just use the patchdiff plug-in to do a comparison.

Yea, i kinda figured that after taking a look at the FrameScript_Execute in IDA. That explains why the arguments doesn't match those of luaL_dostring. So, is using the native luaL_dostring just as safe as FrameScript_Execute? I don't mean in terms of getting caught/detected, but in terms of not crashing and so.

[jjaa]

Yea, i kinda figured that after taking a look at the FrameScript_Execute in IDA. That explains why the arguments doesn't match those of luaL_dostring. So, is using the native luaL_dostring just as safe as FrameScript_Execute? I don't mean in terms of getting caught/detected, but in terms of not crashing and so.

looking at the include files, luaL_dostring is just a macro. The wow devs just made there own version. Hence FrameScript_Execute.

#define luaL_dostring(L, s) \
(luaL_loadstring(L, s) || lua_pcall(L, 0, LUA_MULTRET, 0))

[Neverhaven]

This might sound like an akward solution, but do you think it'd work if i change the FrameScript_Execute function temporarily, so that i change the two calls to FrameScript_PCall, so that instead of passing 0 nresults, i pass -1 nresults? Or should i just do the luaL_loadstring || lua_pcall? Btw, i tried the patchdiff plugin, very nice plugin, but it didn't find luaL_loadstring in wow. Which file should i load first? Also, i found binaries for lua 5.1.4 and not 5.1.0 if that's a problem.

[saagarp]

As jjaa stated, there is no function named luaL_dostring. It's a preprocessor macro, and no symbol is created for it at compile-time. See source here. If this doesn't make sense, I don't know where to point you. Sorry.

When luaL_dostring is referenced, it is automatically split into a call to LoadString and a call to pcall.

Your options, as stated in numerous other places on the forum, are:
1) write and register a custom LUA wrapper to take the arguments and then parse them. Continue calling FrameScript_Execute.
2) manually call loadstring, pcall, parse elements off the LUA stack, and restore the stack to the previous state.

Personally I choose option 2, and found that the LUA reference page was fantastic for information. Especially this. Once you grasp how the stack functions, pulling the elements off is very simple using lua_gettop/lua_type/lua_to[whatever].

EDIT: wanted to add in response to your question:
> but do you think it'd work if i change the FrameScript_Execute function temporarily, so that i change the two calls to FrameScript_PCall, so that instead of passing 0 nresults, i pass -1 nresults?

I'm sure that, SOMEHOW, you could make it work. You'd end up having to demangle the stack in your own routine afterwards anyways, and FrameScript_Execute isn't really that complicated of a function to reverse. I think IDA reversed it to approximately 10 lines of code. Run Hex-Rays over it, get the function addresses you need, and call pcall yourself.

[MaiN]

Changing FrameScript::Execute is not a good idea. It is used internally by WoW in some places.