Create a LUA function in 3.3.5a 12340

[Blackplayer27]

Hello, i try to create a new lua function in 3.3.5a but i dont found the offset for the lua_state, can you pls help me ?

source

PHP Code:

#include <windows.h>

extern "C" {
#include "lua/src/lua.h"
#include "lua/src/lualib.h"
#include "lua/src/lauxlib.h"
}

int lua_Test (lua_State *L) {
    MessageBox(NULL, "Call Function", "Testing", MB_OK | MB_ICONEXCLAMATION);
    int numberOfArgs = lua_gettop(L);
    lua_Number n = 42;
    lua_pushnumber(L, n);
    return 1;
}

void registerLua () {
    MessageBox(NULL, "Load registerLua", "Testing", MB_OK | MB_ICONEXCLAMATION);

    // 0x00803b70  == lua_pushcclosure; Credits: berserk85
    // 0x00804070  == lua_setfield; Credits: berserk85
    // 0x00D3F78C == lua_State

    lua_State *state = (lua_State*)(*(void **)0x00D3F78C); //< OFFSET need !!!

    unsigned char * pCodeCave = (unsigned char *)0x005E7367; // replace before use

    DWORD old;
    VirtualProtect((LPVOID)pCodeCave, 5, PAGE_EXECUTE_READWRITE, &old);
    *(byte *)pCodeCave = 0xe9;
    *(int *)(pCodeCave + 1) = (int)lua_Test - (int)pCodeCave - 5;
    VirtualProtect((LPVOID)pCodeCave, 5, old, NULL);

    lua_pushcclosure(state, (lua_CFunction)(pCodeCave), 0);
    lua_setfield(state, -10002, "test");
}

BOOL WINAPI DllMain (HINSTANCE hDLL, DWORD reason, LPVOID reserved) {
    MessageBox(NULL, "START", "Testing", MB_OK | MB_ICONEXCLAMATION);
    if (reason == DLL_PROCESS_ATTACH) {        
        // patch TLS to be able to access data from WoW's main thread
        _asm {
            mov eax, dword ptr fs:[0x2c] 
            mov eax, dword ptr ds:[eax]
            add eax, 8 // current TLS
            mov ebx, dword ptr ds:[0x012705b0]
            mov ebx, dword ptr ds:[eax + 0x00002d94] // WoW's main thread TLS
            mov [eax], ebx // Perform patch
        }
        registerLua();
    }
    return TRUE;
} 


//Orginal from http://www.ownedcore.com/forums/worl..._register.html

current lua_state (0x00D3F78C) from http://www.ownedcore.com/forums/worl...ml#post1917706

[Jadd]

lua_statement?

[Blackplayer27]

lua_statement?

Sorry i mean lua_state.

[xalcon]

your offset is correct, the lua_state is at 0x00D3F78C
but you really should add the wow module base to that address ASLR!

[JuJuBoSc]

It's 3.3.5 so he don't care about ASLR I guess

[Blackplayer27]

yes in 3.3.5a ASLR is not activ

Debugging Screenshots
imgur: the simple image sharer
imgur: the simple image sharer
imgur: the simple image sharer
imgur: the simple image sharer

[Jadd]

I notice you are using a different version of Lua as WoW. They use 5.1, you are using 5.2+. This could cause some issues for you, so first and foremost I'd suggest trying your application using the older 5.1 library.

[Blackplayer27]

Ok i try it thx

[Blackplayer27]

ok i change nun the lua version to 5.1 but now i become a error on a other point :/
imgur: the simple image sharer
imgur: the simple image sharer
imgur: the simple image sharer

have anyone a other method to register lua functions ?

[Wildbreath]

[UnmanagedFunctionPointer(CallingConvention.Cdecl)]
public delegate void LuaRegisterFunction(string name, uint callback);

[Blackplayer27]

[UnmanagedFunctionPointer(CallingConvention.Cdecl)]
public delegate void LuaRegisterFunction(string name, uint callback);

Can you give me a example how i can use this ? Im not really a pro in memory editing. But i try to learn it

[Wildbreath]

delegate a function using LuaRegisterFunction offset, patch InvalidPtrCheck or create trampoline to your function and invoke delegate (c#), dont know how to do in c++
or search a wizardry (monk healing spheres program in the forum memory editing section) and research it.