FrameScriptExecute crashes game somtimes? (WoW 1.12.1.5875)

[mskc33]

Hi there. So I used some code posted by someone on here to implement a Lua-DoString function:

Code:

public void DoString(string luacode) {
            if (luacode == null)
                throw new ArgumentNullException("Game->DoString: LuaCode cannot be null");
            if (Wow == null || Wow == null)
                throw new ArgumentNullException("Wow and MemorySharp must both be initialized before calling DoString");

            RemoteAllocation cave = Wow.Memory.Allocate(luacode.Length + 0x01);
            cave.WriteString(luacode, Encoding.ASCII);

            string[] asmcode = new[] {
                "mov eax, 0",
                "mov ecx, 0" + cave.BaseAddress,
                "mov edx, "+ cave.BaseAddress,
                "call 0x704cd0",
                "retn"
            };

            Wow.Assembly.InjectAndExecute(asmcode);

            cave.Dispose();
        }

When doing this every 500ms+ it works perfectly, but SOMETIMES it crashes the game (Access Violation - The memory at X could not be read). When changing the interval to 100ms it crashes immediately.

Could anybody explain to me why this happens and if I am doing something wrong?

Thanks!

[Filint]

First off, you're checking
if (Wow==null || Wow==null)
That's not necessary - you only need to check it once.

Second, Lua is not thread safe so you will need to ensure you are executing this from the main thread, my guess is that's the problem here.

If you are executing from the main thread, then the problem lies elsewhere.

[mskc33]

Ooops yeah the null check was for something else that has been removed already.

I am doing this from outside of the process, just attaching to the process using MemorySharp.

Any advice on how to do this without injecting a DLL?

[Jadd]

Ooops yeah the null check was for something else that has been removed already.

I am doing this from outside of the process, just attaching to the process using MemorySharp.

Any advice on how to do this without injecting a DLL?

You could detour some function you know will be called from the main thread (ie. OnPaint) and process your queue of Lua commands there. If you have a good understanding of assembly this should be no problem for you.

[mskc33]

If you have a good understanding of assembly this should be no problem for you.

Sadly, I don't so I will have to find a way to go around this. Thanks everyone!

[Saridormi]

Sadly, I don't so I will have to find a way to go around this. Thanks everyone!

If you're just getting started, read this: The Beginners Guide to Codecaves - CodeProject

It's not perfect by any means, but it's complete enough to get a newbie started with hooking remote functions without being complete spoonfeed (assuming you actually, you know, read the article).

Also, most assembly really isn't that difficult. Get used to googling instructions that you don't understand (e.g. "add x86", "cmp x86", "mov x86" etc) and you'll soon be able to read most assembly without problems.

[lolp1]

Hi,

May I ask why you are writing out the assembly and managing the memory for calling the function while using MemorySharp? I personally called FrameScript::ExecuteBuffer (aka LuaDoString) a significant amount more than once every 100 ms with nearly zero issues using the remote pointers Execute methods.

You should just be able to do

Code:

MemorySharp[address].Execute(CallingConventions.Cdecl,"lua", "lua", 0);

[Saridormi]

Hi,

May I ask why you are writing out the assembly and managing the memory for calling the function while using MemorySharp? I personally called FrameScript::ExecuteBuffer (aka LuaDoString) a significant amount more than once every 100 ms with nearly zero issues using the remote pointers Execute methods.

You should just be able to do

Code:

MemorySharp[address].Execute(CallingConventions.Cdecl,"lua", "lua", 0);

I'm assuming they copied my code sample from here: http://www.ownedcore.com/forums/worl...ml#post3431513 ([WoW] 1.12.1.5875 Info Dump Thread)

(which uses the assembler to demonstrate how to call the function in terms of raw assembly rather than getting into calling conventions)

[WiNiFiX]

I personally hook directx, i dont like running my bots from the main-thread.

See: https://github.com/winifix/iRobot-Live
The hook itself doesn't change much in 1.12.1 only the offsets change.

[rndamboss]

Hi,

May I ask why you are writing out the assembly and managing the memory for calling the function while using MemorySharp? I personally called FrameScript::ExecuteBuffer (aka LuaDoString) a significant amount more than once every 100 ms with nearly zero issues using the remote pointers Execute methods.

You should just be able to do

Code:

MemorySharp[address].Execute(CallingConventions.Cdecl,"lua", "lua", 0);

Hi hi,

when I use this:

Code:

internal static void LuaDoString(string command)
        {
            Program.MemorySharp[Pointers.FramescriptExecuteBuffer].Execute(CallingConventions.Cdecl, command, command, 0);
        }

and call it like this:

Code:

LuaDoString("JumpOrAscendStart()");

Nothing actually happens in game. I'm testing this on wow 3.3.5a 12340

Code:

internal static IntPtr FramescriptExecuteBuffer = (IntPtr)0x419210;

Would be glad if you could help me out, thanks.

[lolp1]

I have not used it in a while and when I did it was on live. It worked fine though with default memory sharp. Perhaps the calling convention or something is different on old patches.

It should just be something like this

Code:

        private static IntPtr _funcPtr = IntPtr.Zero;
        public static int LuaDoString(string lua, string lua, int number = 0)
        {
            return MemorySharp.Assembly.Execute<T>(_funcPtr, CallingConventions.Cdecl, lua, lua, number);
        }

[rndamboss]

I have not used it in a while and when I did it was on live. It worked fine though with default memory sharp. Perhaps the calling convention or something is different on old patches.

It should just be something like this

Code:

        private static IntPtr _funcPtr = IntPtr.Zero;
        public static int LuaDoString(string lua, string lua, int number = 0)
        {
            return MemorySharp.Assembly.Execute<T>(_funcPtr, CallingConventions.Cdecl, lua, lua, number);
        }

Why are there 2 lua strings? Would you call that by passing the same command twice?
Also is the pointer absolute or relative?

edit:

Ok, first param is the command second i pass string.empty and third 0, using the absolute pointer and it works.

Code:

 internal static int LuaDoString(string command)
        {
            return Program.MemorySharp.Assembly.Execute<int>(
                Pointers.FramescriptExecuteBuffer2,
                CallingConventions.Cdecl,
                command,
                string.Empty,
                0);
        }

Thank you very much.

But how can I use protected lua functions with this?

[luckruns0ut]

You need to write few bytes (instructions) to a certain address which bypasses the check to see if the function is protected or not. Warden will pick it up though (on Molten, anyway) so you want to copy the bytes that were at that address before you modified it, then patch it and run your lua, then restore the bytes that were there in the first place as if you didn't do anything. I'd give you the address etc but I can't find wherever I had them saved... You can find them on here though after some digging