Problems with the hook during loading screen

[Xzord]

Hello everyone!

I use Hook from this forum for wow 3.3.5 12340
Hook:

Code:

public struct Direct3D
    {
        public static uint Direct3D9__Device = 0xC5DF88;
        public static uint Direct3D9__Device__OffsetA = 0x397C;
        public static uint Direct3D9__Device__OffsetB = 0xA8;
    }
    public class HookManager
    {
        private BlackMagic process;

        private bool mainThreadHooked;
        private bool ExecutingCode;

        private uint codeCave;
        private uint injectionAddress;
        private uint returnAddress;

        public HookManager(BlackMagic process)
        {
            this.process = process;

            this.mainThreadHooked = false;
            this.ExecutingCode = false;

            this.codeCave = 0;
            this.injectionAddress = 0;
            this.returnAddress = 0;
        }

        private void HookApplication()
        {
            if (!process.IsProcessOpen)
                throw new Exception("Process is not open");

            //uint baseAddress = (uint)process.MainModule.BaseAddress;
            uint pDevice = process.ReadUInt(/*baseAddress + */Direct3D.Direct3D9__Device);
            uint pEnd = process.ReadUInt(pDevice + Direct3D.Direct3D9__Device__OffsetA);
            uint pScene = process.ReadUInt(pEnd);
            uint pEndScene = process.ReadUInt(pScene + Direct3D.Direct3D9__Device__OffsetB);

            if (process.ReadUInt(pEndScene) == 0xE9 && (codeCave == 0 || injectionAddress == 0))
            {
                DisposeOfHook();
            }
            if (process.ReadUInt(pEndScene) != 0xE9)
            {
                try
                {
                    mainThreadHooked = false;

                    codeCave = process.AllocateMemory(2048);
                    injectionAddress = process.AllocateMemory(0x4);

                    process.WriteInt(injectionAddress, 0);

                    returnAddress = process.AllocateMemory(0x4);
                    process.WriteInt(returnAddress, 0);

                    process.Asm.Clear();

                    process.Asm.AddLine("mov edi, edi");
                    process.Asm.AddLine("push ebp");
                    process.Asm.AddLine("mov ebp, esp");

                    process.Asm.AddLine("pushfd");
                    process.Asm.AddLine("pushad");

                    //Test for waiting code?
                    process.Asm.AddLine("mov eax, [" + injectionAddress + "]");
                    process.Asm.AddLine("test eax, ebx");
                    process.Asm.AddLine("je @out");

                    //Execute waiting code
                    process.Asm.AddLine("mov eax, [" + injectionAddress + "]");
                    process.Asm.AddLine("call eax");

                    //Copy pointer to return value
                    process.Asm.AddLine("mov [" + returnAddress + "], eax");

                    process.Asm.AddLine("mov edx, " + injectionAddress);
                    process.Asm.AddLine("mov ecx, 0");
                    process.Asm.AddLine("mov [edx], ecx");

                    //Close Function
                    process.Asm.AddLine("@out:");

                    //Inject Code
                    uint sizeAsm = (uint)(process.Asm.Assemble().Length);

                    process.Asm.Inject(codeCave);

                    int sizeJumpBack = 5;

                    // create jump back stub
                    process.Asm.Clear();
                    process.Asm.AddLine("jmp " + (pEndScene + sizeJumpBack));
                    process.Asm.Inject(codeCave + sizeAsm);// + (uint)sizeJumpBack);

                    // create hook jump
                    process.Asm.Clear(); // $jmpto
                    process.Asm.AddLine("jmp " + (codeCave));
                    process.Asm.Inject(pEndScene);

                }
                catch
                {
                    mainThreadHooked = false; return;
                }
                mainThreadHooked = true;
            }

        }
        private void DisposeOfHook()
        {
            if (!process.IsProcessOpen)
                throw new Exception("Process is not open");

            //uint baseAddress = (uint)process.MainModule.BaseAddress;
            uint pDevice = process.ReadUInt(/*baseAddress + */Direct3D.Direct3D9__Device);
            uint pEnd = process.ReadUInt(pDevice + Direct3D.Direct3D9__Device__OffsetA);
            uint pScene = process.ReadUInt(pEnd);
            uint pEndScene = process.ReadUInt(pScene + Direct3D.Direct3D9__Device__OffsetB);

            try
            {
                if (process.ReadByte(pEndScene) == 0xE9) // check if wow is already hooked and dispose Hook
                {
                    // Restore origine endscene:
                    process.Asm.Clear();
                    process.Asm.AddLine("mov edi, edi");
                    process.Asm.AddLine("push ebp");
                    process.Asm.AddLine("mov ebp, esp");
                    process.Asm.Inject(pEndScene);
                }

                // free memory:
                process.FreeMemory(codeCave);
                process.FreeMemory(injectionAddress);
                process.FreeMemory(returnAddress);
            }
            catch
            {
            }
        }

        public byte[] InjectAndExecute(string[] asm)
        {
            while (ExecutingCode)
            {
                System.Threading.Thread.Sleep(5);
            }

            ExecutingCode = true;

            HookApplication();

            byte[] tempsByte = new byte[0];

            // reset return value pointer
            process.WriteInt(returnAddress, 0);

            if (process.IsProcessOpen && mainThreadHooked)
            {
                // Write the asm stuff
                process.Asm.Clear();
                foreach (string tempLineAsm in asm)
                {
                    process.Asm.AddLine(tempLineAsm);
                }

                // Allocation Memory
                int codeSize = process.Asm.Assemble().Length;
                uint injectionAsm_Codecave = process.AllocateMemory(codeSize);


                try
                {
                    // Inject
                    process.Asm.Inject(injectionAsm_Codecave);
                    process.WriteInt(injectionAddress, (int)injectionAsm_Codecave);

                    // Wait to launch code
                    while (process.ReadInt(injectionAddress) > 0)
                    {
                        System.Threading.Thread.Sleep(5);
                    }

                    byte Buf = new Byte();
                    List<byte> retnByte = new List<byte>();
                    uint dwAddress = process.ReadUInt(returnAddress);
                    Buf = process.ReadByte(dwAddress);
                    while (Buf != 0)
                    {
                        retnByte.Add(Buf);
                        dwAddress = dwAddress + 1;
                        Buf = process.ReadByte(dwAddress);
                    }
                    tempsByte = retnByte.ToArray();
                }
                catch { }

                // Free memory allocated 
                process.FreeMemory(injectionAsm_Codecave);
            }

            DisposeOfHook();

            ExecutingCode = false;

            return tempsByte;
        }
    }

FunctionManager:

Code:

public class FunctionManager
    {
        BlackMagic process;
        HookManager aHook;
        uint FrameScript__Execute = 0x00819210;
        //uint moduleBase { get { return (uint)process.MainModule.BaseAddress; } }

        public FunctionManager(BlackMagic process)
        {
            this.process = process;
            this.aHook = new HookManager(process);
        }

        public void LuaDoString(string command)
        {
            int nSize = command.Length + 0x100;
            uint codeCave = process.AllocateMemory(nSize);

            process.WriteASCIIString(codeCave, command);
            process.Asm.Clear();

            String[] asm = new String[] 
            {
                "mov eax, " + codeCave,
                "push 0",
                "push eax",
              
                "push eax",
                "mov eax, " + (/*moduleBase + */FrameScript__Execute),
                
                "call eax",
                "add esp, 0xC",
                "retn",    
            };

            aHook.InjectAndExecute(asm);
            process.FreeMemory(codeCave);
        }

        public string GetLocalizedText(string command)
        {
            uint ClntObjMgrGetActivePlayerObj = 0x004038F0;
            uint FrameScript__GetLocalizedText = 0x007225E0;

            int nSize = command.Length + 0x100;
            uint codeCave = process.AllocateMemory(nSize);
            process.WriteASCIIString(codeCave, command);

            String[] asm = new String[] 
                {
                "call " + ClntObjMgrGetActivePlayerObj,
                "mov ecx, eax",
                "push -1",
                "mov edx, " + codeCave + "",
                "push edx",
                "call " + FrameScript__GetLocalizedText,
                "retn",
                };

            string sResult = Encoding.ASCII.GetString(aHook.InjectAndExecute(asm));
            process.FreeMemory(codeCave);

            return sResult;
        }
    }

And I have wow crash without wow errors, when I use this, during loading screen (for example: BG queue pop and I accepted that):

Code:

functionManager.LuaDoString(string.Format("spell, _, _, _, startTime, _, _, _, _ = UnitCastingInfo(\"target\"); if (spell) then Time = startTime / 1000 - GetTime() else Time = 0 end;"));

                string Time = functionManager.GetLocalizedText("Time"); //Line 276

Please, help to correct it. Program error in attachments.

[Vandra]

Windows version ?

[JuJuBoSc]

Because GetLocalizedText use the player object, and the ClntObjMgrGetActivePlayerObj return null while in loading screen.

[Xzord]

Win XP. Thx and how to fix that? I tried to read ClntObjMgrGetActivePlayerObj adress when was loading screen. All time the same value.

[Wildbreath]

hook EnterWorld (last function in C_GameUI_Initialize function), or check byte by offset in first cmp with 0 in EnterWorld function, it should be equal 1

[JuJuBoSc]

Win XP. Thx and how to fix that? I tried to read ClntObjMgrGetActivePlayerObj adress when was loading screen. All time the same value.

It's an function, so there is no point reading it.

[MaiN]

It's an function, so there is no point reading it.

What if you are trying to emulate the function?

[JuJuBoSc]

imo he don't even think about doing that