[help] Lua_Dostring and Asembler

**BersAcc** · 07-30-2012

Good day. that's a problem:

Exception: 0xC0000005 (ACCESS_VIOLATION)

referenced memory at "0x0000000C"

I think a true test? the problem is in GetLocalizedText and when we are not logged in and not in the game, then the function returns ClntObjMgrGetActivePlayerObj us 0

You can decide whether it is something like: "cmp eax, 0" and do so, would feature more non-complying?

I apologize for my terrible English, and my question is stupid.

Code:

        public static string GetLocalizedText2(string command)
        {

            int nSize = Encoding.UTF8.GetBytes(command).Length + 0x100;
            uint codeCave = process.AllocateMemory(nSize);
            process.WriteBytes(codeCave, Encoding.UTF8.GetBytes(command));
            //process.WriteUnicodeString(codeCave, command);


            String[] asm = new String[] 
                {

                "call " + (moduleBase +Offset.ClntObjMgrGetActivePlayerObjAddress),
                "mov ecx, eax",
                "push -1",
                "mov edx, " + codeCave + "",
                "push edx",
                "call " + (moduleBase + Offset.Lua_GetLocalizedTextAddress),
                "retn",
                };

            string sResult = Encoding.ASCII.GetString(aHook.InjectAndExecute(asm));
            process.FreeMemory(codeCave);

            return sResult;

        }

Code:

private void HookApplication()
    {
        if (!process.IsProcessOpen)
            throw new Exception("Process is not open");

        uint baseAddress = (uint)process.MainModule.BaseAddress;
        uint pDevice = process.ReadUInt(baseAddress + Direct3DUnhole.Direct3D9__Device);
        uint pEnd = process.ReadUInt(pDevice + Direct3DUnhole.Direct3D9__Device__OffsetA);
        uint pScene = process.ReadUInt(pEnd);
        uint pEndScene = process.ReadUInt(pScene + Direct3DUnhole.Direct3D9__Device__OffsetB);

        if (process.ReadUInt(pEndScene) == 0xE9 && (codeCave == 0 || injectionAddress == 0))
        {
            DisposeOfHook();
        }
        if (process.ReadUInt(pEndScene) != 0xE9)
        {
            try
            {
                mainThreadHooked = false;

                codeCave = process.AllocateMemory(2048);
                injectionAddress = process.AllocateMemory(0x4);

                process.WriteInt(injectionAddress, 0);

                returnAddress = process.AllocateMemory(0x4);
                process.WriteInt(returnAddress, 0);

                process.Asm.Clear();

                process.Asm.AddLine("mov edi, edi");
                process.Asm.AddLine("push ebp");
                process.Asm.AddLine("mov ebp, esp");

                process.Asm.AddLine("pushfd");
                process.Asm.AddLine("pushad");

                //Test for waiting code?
                process.Asm.AddLine("mov eax, [" + injectionAddress + "]");
                process.Asm.AddLine("test eax, ebx");
                process.Asm.AddLine("je @out");

                //Execute waiting code
                process.Asm.AddLine("mov eax, [" + injectionAddress + "]");
                process.Asm.AddLine("call eax");

                //Copy pointer to return value
                process.Asm.AddLine("mov [" + returnAddress + "], eax");

                process.Asm.AddLine("mov edx, " + injectionAddress);
                process.Asm.AddLine("mov ecx, 0");
                process.Asm.AddLine("mov [edx], ecx");

                //Close Function
                process.Asm.AddLine("@out:");

                //Inject Code
                uint sizeAsm = (uint)(process.Asm.Assemble().Length);

                process.Asm.Inject(codeCave);

                int sizeJumpBack = 5;

                // create jump back stub
                process.Asm.Clear();
                process.Asm.AddLine("jmp " + (pEndScene + sizeJumpBack));
                process.Asm.Inject(codeCave + sizeAsm);// + (uint)sizeJumpBack);

                // create hook jump
                process.Asm.Clear(); // $jmpto
                process.Asm.AddLine("jmp " + (codeCave));
                process.Asm.Inject(pEndScene);

            }
            catch
            {
                mainThreadHooked = false; return;
            }
            mainThreadHooked = true;
        }

    }

**Jadd** · 07-31-2012

Use FrameScript_GetText instead. It does the same thing and doesn't require any object pointer.

Or better yet, write a Lua API wrapper that uses lua_isxxx and lua_toxxx functions.

**BersAcc** · 08-08-2012

Tell me please. What has changed in the Mop? Code that the above does not want to work.
**** / / 15 929
**** public static uint ClntObjMgrGetActivePlayerObjAddress = 0x4030;
**** public static uint Lua_DoStringAddress = 0x85980;
**** public static uint Lua_GetLocalizedTextAddress = 0x53E490;
Offsets like a true test.
I apologize if the topic is raised.

**Seifer** · 08-08-2012

Attach a debugger and it should be pretty obvious within minutes.

**BersAcc** · 08-08-2012

sorry I'm newbie

Code:

>	Lua.dll!Lua.FunctionManager.LuaDoStringUTF8(string command) Строка 132 + 0x11 байт	C#
aHook.InjectAndExecute(asm);

 	Lua.dll!HookManager.InjectAndExecute(string[] asm) Строка 157 + 0x9 байт	C#
HookApplication();

 	Lua.dll!HookManager.HookApplication() Строка 39 + 0x1a байт	C#
        uint baseAddress = (uint)process.MainModule.BaseAddress;
        uint pDevice = process.ReadUInt(baseAddress + Direct3D.Direct3D9__Device);
=>        uint pEnd = process.ReadUInt(pDevice + Direct3D.Direct3D9__Device__OffsetA);
        uint pScene = process.ReadUInt(pEnd);
        uint pEndScene = process.ReadUInt(pScene + Direct3D.Direct3D9__Device__OffsetB);

>	BlackMagic.dll!Magic.BlackMagic.ReadUInt(uint dwAddress) Строка 293 + 0x8 байт	C#
	public uint ReadUInt(uint dwAddress)
		{
=>			return this.ReadUInt(dwAddress, false);
		}
>	BlackMagic.dll!Magic.BlackMagic.ReadUInt(uint dwAddress, bool bReverse) Строка 306 + 0x1b байт	C#
public uint ReadUInt(uint dwAddress, bool bReverse)
		{
=>			if (!this.m_bProcessOpen || this.m_hProcess == IntPtr.Zero)
				throw new Exception("Process is not open for read/write.");

			return SMemory.ReadUInt(this.m_hProcess, dwAddress, bReverse);
		}

>	BlackMagic.dll!Magic.SMemory.ReadUInt(System.IntPtr hProcess, uint dwAddress, bool bReverse) Строка 227 + 0x2b байт	C#
public static uint ReadUInt(IntPtr hProcess, uint dwAddress, bool bReverse)
		{
			byte[] buf = ReadBytes(hProcess, dwAddress, sizeof(uint));
			if (buf == null)
=>				throw new Exception("ReadUInt failed.");

			if (bReverse)
				Array.Reverse(buf);

			return BitConverter.ToUInt32(buf, 0);
		}

The problem with this?
public static uint Direct3D9__Device = 0xABF47C;
public static uint Direct3D9__Device__OffsetA = 0x2800;
public static uint Direct3D9__Device__OffsetB = 0xA8;

Shout-Out

User Tag List

Thread: [help] Lua_Dostring and Asembler

Thread Tools

Search Thread

[help] Lua_Dostring and Asembler

Similar Threads

[Help] M2 AND BLP in 3D MAX

[Help] Trainers and Rev 4541?

[idea] new kind of pvp need people to help build and test

we where all no0bs once! Help Please! and merry x-mas

Need help badly and fast!

OwnedCore Forums

casino

CoreCoins

My OwnedCore

About Us

Casino