Why this will cause losting connection

[demonguy]

I have writed some codes to raise lua event when game draws line-effect, for example , when you cast "Chain Heal" as a shaman, those who are healed by you will connected by yellow lines. And there is my codes,it works well but it will cause game suddenly disconnected and return to the login screen... not really frequent but one or two times per hour.... any ideas?

Code:

__declspec(naked) unsigned int __cdecl CHack::Lua::SpellChainHook ()
{
	__asm
	{
		pushad  //esp will decrease by 32
	}

	unsigned int destGuid;
	int SpellId;
	int numTargets;
	int i;
	unsigned int srcPointer;

	__asm
	{
		mov ebp,esp
		sub esp,68  //make enough memory for local varibles
		mov eax,[ebp + 32 + 28]
		mov destGuid, eax
		mov eax,[ebp + 32 + 32]
		mov numTargets, eax
		mov eax,[ebp + 32 + 24]
		mov SpellId,eax
		mov srcPointer,edi
	}
	if (!IsBadReadPtr((void *)srcPointer,4) && !IsBadReadPtr((void *)destGuid,4 * numTargets) && numTargets > 0)
	{
		char destGUID[19];
		char srcGUID[19];

		WowObject Obj = WowObject(srcPointer);

		sprintf_s(srcGUID,"%#018llX",Obj.guid);
		srcGUID[1] == 88 ? srcGUID[1] = 120:0 ;




		reinterpret_cast<void (__cdecl*)(lua_State *L, char *s)>(CHack::WoWBase + l_pushstring)(*CHack::Lua::L,"CHAIN_EFFECT_APPLIED");
		reinterpret_cast<void (__cdecl*)(lua_State *L, char *s)>(CHack::WoWBase + l_pushstring)(*CHack::Lua::L,srcGUID);

		for (i=0;i<numTargets;i++)
		{
			sprintf_s(destGUID,"%#018llX",*(__int64 *)(destGuid + i * 8));
			destGUID[1] == 88 ? destGUID[1] = 120:0 ;
			reinterpret_cast<void (__cdecl*)(lua_State *L, char *s)>(CHack::WoWBase + l_pushstring)(*CHack::Lua::L,destGUID);
		}

		reinterpret_cast<void (__cdecl*)(lua_State * a1,  double a2)>(CHack::WoWBase + l_pushnumber)(*CHack::Lua::L, SpellId);
		reinterpret_cast<int (__cdecl*)(int EventsID, lua_State *L, int NuArg)>(CHack::WoWBase + FrameScript_SignalEvent2)(480, *CHack::Lua::L, 3 + numTargets);
		reinterpret_cast<int (__cdecl*)(lua_State * a1,  int top)>(CHack::WoWBase + l_settop)(*CHack::Lua::L, -(3 + numTargets) - 1);

	}

	static unsigned int Address = WoWBase + spellChainEffectRelated  + 0x6;

	__asm
	{
		mov esp,ebp
		popad
		push ebp
		mov ebp, esp
		mov eax, [ebp+8]
		jmp Address
	}



}

Code:

__declspec(naked) unsigned int __cdecl CHack::Lua::AddSpellVisualKitEffectHook ()
{
	__asm
	{
		pushad  //esp will decrease by 32
	}

	//unsigned int unKnownVisualKitID = 0;
	unsigned int srcPointer;
	int **SpellId;
	int *SpellVisualId;

	__asm
	{
		mov ebp,esp
		sub esp,60  //make enough memory for local varibles
		mov eax,[ebp + 32 + 4]
		mov SpellId,eax
		mov srcPointer,ecx

	}
	if (!IsBadReadPtr((void *)srcPointer,4) && !IsBadReadPtr(SpellId, 4) && !IsBadReadPtr(*SpellId, 4)  && !IsBadReadPtr(*(SpellId + 1), 4))
	{
		char srcGUID[19];

		SpellVisualId = *(SpellId + 1);

		WowObject Obj = WowObject(srcPointer);

		sprintf_s(srcGUID,"%#018llX",Obj.guid);
		srcGUID[1] == 88 ? srcGUID[1] = 120:0 ;


		reinterpret_cast<int (__cdecl*)(lua_State *L, char *s)>(CHack::WoWBase + l_pushstring)(*CHack::Lua::L,"SPELL_VISUALKIT_APPLIED");
		reinterpret_cast<int (__cdecl*)(lua_State *L, char *s)>(CHack::WoWBase + l_pushstring)(*CHack::Lua::L,srcGUID);
		reinterpret_cast<int (__cdecl*)(lua_State * a1,  double a2)>(CHack::WoWBase + l_pushnumber)(*CHack::Lua::L, **SpellId);
		reinterpret_cast<int (__cdecl*)(lua_State * a1,  double a2)>(CHack::WoWBase + l_pushnumber)(*CHack::Lua::L, *SpellVisualId);
		reinterpret_cast<int (__cdecl*)(int EventsID, lua_State *L, int NuArg)>(CHack::WoWBase + FrameScript_SignalEvent2)(480, *CHack::Lua::L, 4);
		reinterpret_cast<int (__cdecl*)(lua_State * a1,  int top)>(CHack::WoWBase + l_settop)(*CHack::Lua::L, -4 - 1);

	}

	static unsigned int Address = WoWBase + AddEffectRelate  + 0x9;

	__asm
	{
		mov esp,ebp
		popad
		push ebp
		mov ebp, esp
		sub esp, 0FCh
		jmp Address
	}



}