Code injection, random crashes

[tok_junior]

Hi all,

tl;dr - Is CreateRemoteThread() viable for injecting small snippets of code, or is that the reason of my random crashes?

I've been out of the botting scene since isxwow ceased existing, and just started looking at it again. I used to be on irc as junior|, and I'm sure some of you will remember me, and hopefully that I'm not completely clueless or asking for handouts

So, anyway, I've forgotten everything, but fired up IDA yesterday and now have a basic object manager up and running, and I'm able to run LUA code by injecting via remote threads. When just running LUA things seem to work fine, but when I'm trying to set a target by guid (calling function at 0x8CE477 in latest live) I get random crashes more often than not. I don't seem to remember having this problem back in WOTLK, so I'm wondering if anything's changed architecturally. I think I'm running into some threading issues, and I'm mainly wondering if you think this will work if I hook the mainthread (EndScene or such), or if I'm doing something else that's stupid?

[Corthezz]

LUA isnt threadsafe and should be called from the final state of the main thread (EndScene). Not sure if this applies to every WoW version tho.
Why the client is crashing when you call the SetTarget function I cant tell for sure since I am not working with your client version

[namreeb]

I can confirm that executing lua code is not thread-safe within WoW and you should execute this code from the main thread. An interesting aside, just because EndScene is called does not mean it is being called from the 'main thread'. If you are injecting a ui toolkit of some kind which also uses DirectX it may render in its own thread. I have seen that happen!

[tok_junior]

Hooking the main-thread solved everything. I didn't go for hooking D3D at all, as I figured there wouldn't be any guarantee that it was actually called from the main thread, which namreeb now confirmed.

[Corthezz]

Hooking the main-thread solved everything. I didn't go for hooking D3D at all, as I figured there wouldn't be any guarantee that it was actually called from the main thread, which namreeb now confirmed.

Sounds interesting. What function did you choose? Someone told me about a SetTimer function.
I for once tried a function (CGxDeviceD3d__ISceneEnd) also in the mainthread which leaded to very unpredictable errors (strange graphic errors, random crashes all the time etc).

[tok_junior]

Sounds interesting. What function did you choose? Someone told me about a SetTimer function once.
I for once tried a function (CGxDeviceD3d__ISceneEnd) also in the mainthread which leaded to very unpredictable errors (strange graphic errors, random crashes all the time etc).

A bit further down in the callgraph of ISceneEnd is call to CGxDeviceD3d__Present (not sure about the name, I just named it that), which works just fine. I also managed to do a bit of rendering when hooking that, even though it probably leads to very suboptimal state management in the device, which I of course don't care about

[namreeb]

Well it won't be a problem unless there is another rendering engine at work. To my knowledge, WoW calls EndScene always from it's 'main thread'. You could also just use GetCurrentThreadId() (http://msdn.microsoft.com/en-us/libr...v=vs.85).aspx) to check for being the 'main thread'.

[Wildbreath]

also you can hook a CGWorldFrame::Render and call after your lua functions.

[JuJuBoSc]

Or just hook EndScene as usual and check the device pointer ?