DoString silently failing

[vulcanaoc]

Hi all,

So I'm having trouble calling WoW's lua_DoString function from my injected code. Everything seems to work; the function even gets called without any errors, and, as far as I can tell, doesn't differ from a natural call triggered by a /run or /script.

IDA spits out this function signature, which I have defined in my code as:

Code:

int _cdecl GameFunction_Lua_DoString(int* pLua, char* strToDo1, char* strToDo2);

To provide some more (hopefully helpful) information,

-I have the function's 3.1.3 address set to 0x49AAB0;
-I am retrieving the pointer to LUA? at the 3.1.3 address 0xA3D93C; (pLua)
-I am calling the function thusly:

Code:

GameFunction_Lua_DoString(pLua, strDoString, strDoString);

-I have checked that strDoString and pLua are returning the correct values, etc.


Anyone have any clue as to what I need to do? Do I need to unprotect something or remove some checks? Any tips are much appreciated! I'm going to try and run the code through olly and see what's going on in the meantime.

[ramey]

Um.. I think the state is last param instead of first if it is the right function.

Edit: It is the correct address.

Code:

	typedef void ( __cdecl * tLua_DoString )( char * pszString, char * pszString2, void * pState );
	tLua_DoString Lua_DoString = reinterpret_cast<tLua_DoString>( 0x0049AAB0 );

	Lua_DoString("message(\"Hello World!\")","message(\"Hello World!\")", NULL) // You don't have to have pState for DoString, you can pass NULL.

Edit2: Make sure your pState is correct, because I am getting mine differently.

[vulcanaoc]

Whoops@ the wrong argument order..

hmm, it seemed like my pState was somehow incorrect. passing in null fixed it. Just wondering, would WoW ever pass in a null "pState"?

Thanks a lot anyway. +rep

[ramey]

No, I don't think WoW would pass in a NULL state. I haven't look at how WoW calls DoString though.

Thanks for the rep.

[vulcanaoc]

hmm.. TODO: never pass in a null to DoString...

Oh well, that's a problem for another day

[ramey]

Quote:

Originally Posted by vulcanaoc

hmm.. TODO: never pass in a null to DoString...

Oh well, that's a problem for another day

Just find where WoW gets the state from.

[Apoc]

Just pass 0 as the state. You don't need it.

Code:

        /// <summary>
        /// Calls WoW's internal FrameScript_Execute (Lua_DoString)
        /// </summary>
        /// <param name="lua">The actual Lua code to execute.</param>
        /// <param name="fileName">A file name to use in case of an error. (Will be shown as: x error (fileName) ln y)</param>
        /// <param name="pState">Pass 0. This isn't really used as FrameScript_Execute is just a wrapper around the actual lua_dostring
        /// You do NOT need to pass the actual Lua state. You can retrieve that from the function callbacks!</param>
        [UnmanagedFunctionPointer(CallingConvention.Cdecl)]
        private delegate void LuaDoString(string lua, string fileName, uint pState);

Fairly simple to understand isn't it?

Also, make sure you're calling DoString FROM THE MAIN THREAD! It will silently fail on some functions if not called from the main thread.

[vulcanaoc]

Of course I called it from the main thread, I forgot to add that to the OP. It's working now, though

[flo8464]

Obviously a stupid question but as there are no stupid questions I just ask :>

What do you mean "call it from the main thread"... ?

I think I do it correctly but here is what I do and I have a problem with failing functions:

I made a Byte-String containing Asm Code for my routine to load the dll. I create a remote thread to load my .dll into WoW and start the "unofficial main-function" (a normal exported function I use to manage actions) of my dll. In that function I execute DoString().

Anything wrong about it?

[vulcanaoc]

Quote:

Originally Posted by flo8464

Obviously a stupid question but as there are no stupid questions I just ask :>

What do you mean "call it from the main thread"... ?

I think I do it correctly but here is what I do and I have a problem with failing functions:

I made a Byte-String containing Asm Code for my routine to load the dll. I create a remote thread to load my .dll into WoW and start the "unofficial main-function" (a normal exported function I use to manage actions) of my dll. In that function I execute DoString().

Anything wrong about it?

If I understand you correctly, you're just calling WoW's functions from your own thread. This is a no-no.

You're probably going to want to hook a function that is in WoW's main thread, such as (I believe- this isn't what I hook) D3DDevice::EndScene. After you've hooked a function in the main thread, you can just call your functions and they should work.

[ramey]

Quote:

Originally Posted by vulcanaoc

If I understand you correctly, you're just calling WoW's functions from your own thread. This is a no-no.

You're probably going to want to hook a function that is in WoW's main thread, such as (I believe- this isn't what I hook) D3DDevice::EndScene. After you've hooked a function in the main thread, you can just call your functions and they should work.

Sounds about right. EndScene() is called every frame in WoW. Hook it, and execute your code in there. EndScene() is in the main thread.

You aren't calling your Dostring in main thread, rather in some dll thread.

[Apoc]

Quote:

Originally Posted by flo8464

Obviously a stupid question but as there are no stupid questions I just ask :>

Even so, it was a stupid question.

[vulcanaoc]

Come on, it wasn't that stu- Oh, I see what you did there... :P

[Cypher]

Fyi the final argument of DoString is the hardware event code I think. It's not a pointer, it's an integer.

The prototype is (or very close to it):
void FrameScript__Execute(const char* pBuffer, const char* pFile, unsigned int HWEvent);

So you might call it with:
Framescript__Execute("MoveForwardStart()", "FakeFileName.lua", 0);

[schlumpf]

Being the hardware event, this is also the reason, why certain functions wont be called (restricted) if you passed something.

The filename does not need to be a *.lua one but can be used for you to help you debugging in lua. You could pass the name of the function you're executing your script. The filename will be printed on lua errors seen in those message boxes with red font ingame.