hey everyone,i just want use my hook to do some wow api,it worked great before MOP releasing
but now,even when i do luastring DoEmote("Dance") get the client crashed.
x86,c#.net
it's the code below
Code:
using System;
using System.Collections.Generic;
using System.Text;
using Magic;
using System.Threading;
namespace WowAssistant
{
public class HookStuff
{
private static BlackMagic Memory = null;
private int _processId = 0;
private bool hookedFlag = false;
private bool injectionFlag = false;
// Addresse Inection code:
private uint hookCodeCave = 0;
private uint addrCodeCave = 0;
private uint retnCodeCave = 0;
#region Offset
//offset
private bool initHook = true;
private uint wowBaseAddr = 0;
private uint pEndScene = 0;
private uint DX_DEVICE = 0xAD773C;
private uint DX_DEVICE_IDX = 0x27F8;
private uint ENDSCENE_IDX = 0xA8;
private uint Lua_DoStringAddress = 0x75350;
private uint FrameScript__GetLocalizedText = 0x48D7F0;
private uint FrameScript_GetText = 0x83D310;
private uint ClntObjMgrGetActivePlayerObj = 0x34D0;
private uint CGPlayer_C__ClickToMove = 0x1C1E00;
private uint isInGame = 0xAD7426;
#endregion
public HookStuff(int processId)
{
_processId = processId;
Memory = new BlackMagic();
Hooking();
}
public string GetLocalizedText(string variable)
{
if (!IsLoading()) { return ""; }
uint codeCave = Memory.AllocateMemory(Encoding.UTF8.GetBytes(variable).Length + 1);
Memory.WriteBytes(codeCave, Encoding.UTF8.GetBytes(variable));
String[] asm = new String[]
{
"call " + ClntObjMgrGetActivePlayerObj,
"mov ecx, eax",
"push -1",
"mov edx, " + codeCave + "",
"push edx",
"call " + FrameScript__GetLocalizedText,
"retn",
};
string sResult = Encoding.ASCII.GetString(InjectAndExecute(asm));
Memory.FreeMemory(codeCave);
return sResult;
}
public void LuaDoString(string command)
{
// Write value:
uint codeCave = Memory.AllocateMemory(Encoding.UTF8.GetBytes(command).Length + 1);
Memory.WriteBytes(codeCave, Encoding.UTF8.GetBytes(command));
// Write the asm stuff for Lua_DoString
String[] asm = new String[]
{
"mov eax, " + codeCave,
"push 0",
"push eax",
"push eax",
"mov eax, " + Lua_DoStringAddress, // Lua_DoString
"call eax",
"add esp, 0xC",
"retn",
};
// Inject
InjectAndExecute(asm);
Memory.FreeMemory(codeCave);
}
//Init wow BaseAddr;
private void InitHook()
{
wowBaseAddr = (uint)Memory.MainModule.BaseAddress;
Lua_DoStringAddress = wowBaseAddr + Lua_DoStringAddress;
ClntObjMgrGetActivePlayerObj = wowBaseAddr + ClntObjMgrGetActivePlayerObj;
FrameScript__GetLocalizedText = wowBaseAddr + FrameScript__GetLocalizedText;
//FrameScript_GetText = wowBaseAddr + FrameScript_GetText;
CGPlayer_C__ClickToMove = wowBaseAddr + CGPlayer_C__ClickToMove;
uint pDevice = Memory.ReadUInt(wowBaseAddr + DX_DEVICE);
uint pEnd = Memory.ReadUInt(pDevice + DX_DEVICE_IDX);
uint pScene = Memory.ReadUInt(pEnd);
pEndScene = Memory.ReadUInt(pScene + ENDSCENE_IDX);
}
public void Hooking()
{
// Process Connect:
if (!Memory.IsProcessOpen)
{
Memory.OpenProcessAndThread(_processId);
}
if (Memory.IsProcessOpen)
{
if (initHook)
{
InitHook();
initHook = false;
}
//if (Memory.ReadByte(pEndScene) == 0xE9 && (hookCodeCave == 0 || addrCodeCave == 0)) // check if wow is already hooked and dispose Hook
//{
// DisposeHooking();
//}
if (Memory.ReadByte(pEndScene) != 0xE9) // check if wow is already hooked
{
try
{
injectionFlag = true;
hookedFlag = false;
// allocate memory to store injected code:
hookCodeCave = Memory.AllocateMemory(2048);
// allocate memory the new injection code pointer:
addrCodeCave = Memory.AllocateMemory(0x4);
Memory.WriteInt(addrCodeCave, 0);
// allocate memory the pointer return value:
retnCodeCave = Memory.AllocateMemory(0x4);
Memory.WriteInt(retnCodeCave, 0);
// Generate the STUB to be injected
Memory.Asm.Clear(); // $Asm
// save regs
Memory.Asm.AddLine("pushad");
Memory.Asm.AddLine("pushfd");
// Test if you need launch injected code:
Memory.Asm.AddLine("mov eax, [" + addrCodeCave + "]");
Memory.Asm.AddLine("test eax, eax");
Memory.Asm.AddLine("je @out");
// Launch Fonction:
Memory.Asm.AddLine("mov eax, [" + addrCodeCave + "]");
Memory.Asm.AddLine("call eax");
// Copie pointer return value:
Memory.Asm.AddLine("mov [" + retnCodeCave + "], eax");
// Enter value 0 of addresse func inject
Memory.Asm.AddLine("mov edx, " + addrCodeCave);
Memory.Asm.AddLine("mov ecx, 0");
Memory.Asm.AddLine("mov [edx], ecx");
// Close func
Memory.Asm.AddLine("@out:");
// load reg
Memory.Asm.AddLine("popfd");
Memory.Asm.AddLine("popad");
// injected code
uint sizeAsm = (uint)(Memory.Asm.Assemble().Length);
Memory.Asm.Inject(hookCodeCave);
// Size asm jumpback
int sizeJumpBack = 5;
// copy and save original instructions
Memory.Asm.Clear();
Memory.Asm.AddLine("mov edi, edi");
Memory.Asm.AddLine("push ebp");
Memory.Asm.AddLine("mov ebp, esp");
Memory.Asm.Inject(hookCodeCave + sizeAsm);
// create jump back stub
Memory.Asm.Clear();
Memory.Asm.AddLine("jmp " + (pEndScene + sizeJumpBack));
Memory.Asm.Inject(hookCodeCave + sizeAsm + (uint)sizeJumpBack);
// create hook jump
Memory.Asm.Clear(); // $jmpto
Memory.Asm.AddLine("jmp " + (hookCodeCave));
Memory.Asm.Inject(pEndScene);
}
catch
{
hookedFlag = false;
injectionFlag = true;
return;
}
}
hookedFlag = true;
injectionFlag = false;
}
}
public void DisposeHooking()
{
try
{
if (Memory.ReadByte(pEndScene) == 0xE9) // check if wow is already hooked and dispose Hook
{
// Restore origine endscene:
Memory.Asm.Clear();
Memory.Asm.AddLine("mov edi, edi");
Memory.Asm.AddLine("push ebp");
Memory.Asm.AddLine("mov ebp, esp");
Memory.Asm.Inject(pEndScene);
}
// free memory:
Memory.FreeMemory(hookCodeCave);
Memory.FreeMemory(addrCodeCave);
Memory.FreeMemory(retnCodeCave);
hookedFlag = false;
} catch {}
}
public byte[] InjectAndExecute(string[] asm)
{
int returnLength = 0;
//Hooking();
while (injectionFlag){ Thread.Sleep(5); }
injectionFlag = true;
byte[] tempsByte = new byte[0];
// reset return value pointer
Memory.WriteInt(retnCodeCave, 0);
if (Memory.IsProcessOpen && hookedFlag)
{
// Write the asm stuff
Memory.Asm.Clear();
foreach (string tempLineAsm in asm)
{
Memory.Asm.AddLine(tempLineAsm);
}
// Allocation Memory
uint codeCave = Memory.AllocateMemory(Memory.Asm.Assemble().Length);
try
{
// Inject
Memory.Asm.Inject(codeCave);
Memory.WriteInt(addrCodeCave, (int)codeCave);
while (Memory.ReadInt(addrCodeCave) > 0) { Thread.Sleep(5); } // Wait to launch code
if (returnLength > 0)
{
tempsByte = Memory.ReadBytes(Memory.ReadUInt(retnCodeCave), returnLength);
}
else
{
byte Buf = new Byte();
List<byte> retnByte = new List<byte>();
uint dwAddress = Memory.ReadUInt(retnCodeCave);
Buf = Memory.ReadByte(dwAddress);
while (Buf != 0)
{
retnByte.Add(Buf);
dwAddress = dwAddress + 1;
Buf = Memory.ReadByte(dwAddress);
}
tempsByte = retnByte.ToArray();
}
}
catch { }
// Free memory allocated
Memory.FreeMemory(codeCave);
}
injectionFlag = false;
return tempsByte;
}
}
}