Failfest 2k14

1. Func LuaDoString($theCode = "")
2.     If $theCode == "" Then Return -1
3.  
4.     Local $CodeCave
5.  
6.  
7.     ;Create the codecave?
8.     $CodeCave = StringLen(StringToBinary($theCode, 4)) + 1; 4 parameter is utf-8
9.  
10.     ;This one im worried about...
11.     $CodeCave &= $theCode
12.  
13.     ;Yes. This is how its done in autoit...
14.     Local $Asm = AsmInit()
15.     AsmReset($Asm)
16.  
17.     AsmAdd($Asm, "mov eax, " + StringToBinary($CodeCave, 4))
18.     AsmAdd($Asm, "push 0")
19.     AsmAdd($Asm, "push eax")
20.  
21.     AsmAdd($Asm, "push eax")
22.     AsmAdd($Asm, "mov eax, " + ($aWoWModuleBaseAdress + 0x4FD12));Lua_Dostring
23.  
24.     AsmAdd($Asm, "call eax")
25.     AsmAdd($Asm, "add esp, 0xC")
26.     AsmAdd($Asm, "retn")
27.  
28.     ;yes, its excatly what you see!
29.     $asmRet = $Asm
30.  
31.     ;$aWoWMemoryHWND[1] is the handle of _MemoryOpen(wow[i])
32.     ;$Asm[2] is the size of our opcode
33.     $mVirtualMem = _MemVirtualAllocEx($aWoWMemoryHWND[1], 0, $asmRet[2], $MEM_COMMIT, $PAGE_EXECUTE_READWRITE)
34.  
35.     ;Write the stub into wow memory?
36.     _MemoryWrite($aWoWModuleBaseAdress + $mVirtualMem, $aWoWMemoryHWND, AsmGetBinary($Asm)), "byte[" & $Asm[2] & "]")
37.  
38.     ;Free the memory allocated earlier
39.     _MemVirtualFreeEx($aWowTitleHWND[1], $mVirtualMem, $Asm[2], $MEM_RELEASE)
40. EndFunc   ;==>LuaDoString
41.  
42.  
43. LuaDoString("MoveForwardStart();")