WoW Client crash

**NightlyBlooD** · 03-12-2018

Hi, dear forum members and coders!!!

I`,m faced with a problem, when i try to call “Read” lua function. My wow.exe client will be crashed because of that. This is happens only if you are not in game.
E.g it crashes:
1) when we entering login and password
2) menu char set
3) when i relog my char to ingame menu

Code:

internal string Read(string localVar)
        {
            if (_wowHook.Installed)
            {
                if (true)
//(_wowHook.Memory.Read<int>(Offsets.WorldLoaded) == 1 & _wowHook.Memory.Read<int>(Offsets.InGame) == 1 & _wowHook.Memory.Read<int>(Offsets.IsLoadingOrConnecting) == 0)
                {
                    Write("ERReturnLocalizedText = " + localVar);
                    IntPtr Lua_GetLocalizedText_Space = _wowHook.Memory.AllocateMemory(Encoding.UTF8.GetBytes("ERReturnLocalizedText").Length + 1);
wowHook.Memory.Write<byte>(Lua_GetLocalizedText_Space, Encoding.UTF8.GetBytes(localVar), false);

                    String[] asm = new String[]
                    {
                    "call " + (uint) Offsets.ClntObjMgrGetActivePlayerObj,
                    "mov ecx, eax",
                    "push -1",
                    "mov edx, " + Lua_GetLocalizedText_Space + "",
                    "push edx",
                    "call " + ((uint) Offsets.FrameScript__GetLocalizedText) ,
                    "retn",
                    };
                    string sResult = Encoding.UTF8.GetString(_wowHook.InjectAndExecute(asm));
                    _wowHook.Memory.FreeMemory(Lua_GetLocalizedText_Space);
                    Write("ERReturnLocalizedText = nil");
                    return sResult;
                }
            }
            return "WoW Hook not installed";
        }

[img]
Imgur: The magic of the Internet
Imgur: The magic of the Internet

I`m trying to fix that problem by addind some new additional variables:
In my C# code I`m added additional: "isLoadingorisConnecting" "isInGame" "WorldLoaded" - all of them doesn`t helped me a lot!

[Video]
Case 1 - Crash when we try to READ our func in "Wow.exe" loginscreen (window with fields for login and pass).
case 1 - YouTube
Case 2 - Menu char set
case 2 - YouTube
Case 3 - Trying to test my custom func + "relog" = causes crash.
case 3 - YouTube

**vegoo** · 03-12-2018

Hello, IsInGame should solve you problem - that's what I am using. Maybe your value check is wrong?
0 - not in game
1 - loading
6 - cinematic
2 - in game

**NightlyBlooD** · 03-12-2018

Originally Posted by vegoo

Hello, IsInGame should solve you problem - that's what I am using. Maybe your value check is wrong?
0 - not in game
1 - loading
6 - cinematic
2 - in game

you could not give your offset?
My offset InGame(0x00BD0792) return's
0 - not in game
1 - in game
256 - loading

**vegoo** · 03-13-2018

I gave you values for current retail build x64, I see that you are looking for wotlk values and offset. If you cant find it yourself maybe its somewhere in this thread (if you are working on 3.3.5a):
3.3.5a 12340 Offsets

**tutrakan** · 03-13-2018

If you need a reliable check if in game, first get the local player guid (function @004D3790) then check the ClntObjMgrObjectPtr() @004D4DB0 for non zero.
Something like this:

Code:

call    ClntObjMgrGetActivePlayerGuid
push    0A0h                            ; line
push    offset aDBuildserve_17          ; "d:\\BuildServer\\WoW\\1\\work\\WoW-code"...
push    10h                             ; objectTypeMask
push    edx
push    eax                             ; objectGuid
call    ClntObjMgrObjectPtr
add     esp, 14h
// check here eax for non zero ...

Or, if you need not just in game execution, you should look at this.

**NightlyBlooD** · 03-14-2018

Originally Posted by tutrakan

If you need a reliable check if in game, first get the local player guid (function @004D3790) then check the ClntObjMgrObjectPtr() @004D4DB0 for non zero.
...
push offset aDBuildserve_17 ; "d:\\BuildServer\\WoW\\1\\work\\WoW-code"...
...

did not understand where to get offset aDBuildserve_17
my example

Code:

        public string Checked()
        {
            if (_wowHook.Installed)
            {
                String[] asm = new String[]
                    {
                        "call "+ (uint) Offsets.ClntObjMgrGetActivePlayerGuid,
                        "push 0A0h",
                        "push " + offset aDBuildserve_17,
                        "push 10h",
                        "push edx",
                        "push eax",
                        "call " + (uint) Offsets.ClntObjMgrObjectPtr,
                        "add esp, 14h",
                        "retn",
                    };
    
                return Encoding.UTF8.GetString(_wowHook.InjectAndExecute(asm));
            }
            return "WoW Hook not installed";
        }

**NotJuJuBoSc** · 03-14-2018

I don't think the 2 last arguments are needed, removed them and change add esp to 0xC

**tutrakan** · 03-15-2018

Originally Posted by NightlyBlooD

...
did not understand where to get offset aDBuildserve_17
my example
...

Either you push whatever number (example 0), or even simpler - use the above JuJuBo's suggestion.

My example was an extract from the client pseudo code in IDA to demonstrate how the client does it.

**Jadd** · 03-15-2018

Use GetText instead of GetLocalizedText. The only difference is that the latter returns male and female variations of the string for the unit it is provided. The former does not take a unit argument so it can be used while you are not in-game.

**tutrakan** · 03-15-2018

Originally Posted by Jadd

Use GetText instead of GetLocalizedText. The only difference is that the latter returns male and female variations of the string for the unit it is provided. The former does not take a unit argument so it can be used while you are not in-game.

Well, thanks for this excellent point. Your, so called GetLocalizedText(), turned out to become in fact this function:

Code:

char *__thiscall CGUnit_C::GetFrameScriptText(CGUnit_C *unit, const char* variable, int FFFFFFFF)
{
    CGPlayer_C *v3; // esi
    ObjectFields *v4; // eax
    unsigned int v5; // ebx
    unsigned int v6; // edi
    int v7; // eax
    _BOOL1 v8; // zf
    FRAMESCRIPT_GENDER gender; // eax

    v3 = unit;
    v4 = unit->ObjectBase.ObjDescr;
    v5 = HIDWORD(v4->OBJECT_FIELD_GUID);
    v6 = v4->OBJECT_FIELD_GUID;
    if ( __PAIR__(v5, v6) == ClntObjMgrGetActivePlayerGuid() )
        v7 = v3->PlayerDescr->PLAYER_BYTES_3[0];
    else
        v7 = v3->UnitBase.UnitDescr->UnitBytes0_Gender;
    v8 = v7 == 1;
    gender = GENDER_MALE;
    if ( v8 )
        gender = GENDER_FEMALE;
    return FrameScript_GetText(variable, FFFFFFFF, gender);
}

**NightlyBlooD** · 03-16-2018

Originally Posted by NotJuJuBoSc

I don't think the 2 last arguments are needed, removed them and change add esp to 0xC

dont work.

Code:

 "call "+ (uint) Offsets.ClntObjMgrGetActivePlayerGuid,
                        "push 0",
                        "push 10h",
                        "push edx",
                        "call "+ (uint) Offsets.ClntObjMgrObjectPtr,
                        "add esp, 0xC",
                        "retn"

Jadd
Use GetText instead of GetLocalizedText. The only difference is that the latter returns male and female variations of the string for the unit it is provided. The former does not take a unit argument so it can be used while you are not in-game.

you could not say how to implement it? not quite imagine it.
a simple replacement of the offset does not give a result

**tutrakan** · 03-16-2018

Originally Posted by NightlyBlooD

dont work.

Code:

 "call "+ (uint) Offsets.ClntObjMgrGetActivePlayerGuid,
                        "push 0",
                        "push 10h",
                        "push edx",
                        "call "+ (uint) Offsets.ClntObjMgrObjectPtr,
                        "add esp, 0xC",
                        "retn"

you could not say how to implement it? not quite imagine it.
a simple replacement of the offset does not give a result

He he you've managed to all mess it up. I suppose this is the way to do it:

Code:

"call " + (uint)Offsets.ClntObjMgrGetActivePlayerGuid,
"push 0",
"push 0",
"push 0x10",
"push edx",
"push eax",
"call " + (uint)Offsets.ClntObjMgrObjectPtr,
"add esp, 0x14",
//eax for non zero check here
"retn",

And about the FrameScript_GetText, it's a cdecl function with 3 params. You can check in IDA for references to see how is called. Example (offset aRaid here should be a pointer to your text):

Code:

.text:005011D4 push    0                               ; _DWORD
.text:005011D6 push    0FFFFFFFFh                      ; _DWORD
.text:005011D8 push    offset aRaid                    ; "RAID"
.text:005011DD call    FrameScript_GetText
.text:005011E2 add     esp, 0Ch

And you can take a look here to learn about calling conventions: x86 calling conventions - Wikipedia

**NightlyBlooD** · 03-17-2018

Originally Posted by tutrakan

He he you've managed to all mess it up. I suppose this is the way to do it:

Code:

"call " + (uint)Offsets.ClntObjMgrGetActivePlayerGuid,
"push 0",
"push 0",
"push 0x10",
"push edx",
"push eax",
"call " + (uint)Offsets.ClntObjMgrObjectPtr,
"add esp, 0x14",
//eax for non zero check here
"retn",

thanks for your assembler example,"eax" check is correct.
unfortunately, this method does not fit, still crash when executing the function "Read" (GetLocalizedText)
I noticed such a strange thing, if you execute your code, the program will fail when you restart the character

Shout-Out

User Tag List

Thread: WoW Client crash

Thread Tools

Search Thread

WoW Client crash

Similar Threads

[Bot] my wow client crash!

WoW keeps crashing...

original wow client dl?

Making WoW Clients crash

Downgrade your WoW Client

OwnedCore Forums

casino

CoreCoins

My OwnedCore

About Us

Casino