Code:
#define INJECTSIZE 65536
DWORD __stdcall mySnubber( DWORD c )
{
/*
0 float float float
0xC float float float
0x18 float float float
0x24 float
0x28 int (flag)
0x2C int
*/
typedef bool (__cdecl *tTraceLine)(int*, int*, int*, int*, int, int*);
tTraceLine pTraceLine = (tTraceLine)0x506060; // changed to your version
*(int*)(c+0x28) = pTraceLine((int*)c, (int*)(c+0xC), (int*)(c+0x18), (int*)(c+0x24) ,*(int*)(c+0x28) , (int*)0); // use flag as return value
return 1;
}
typedef struct TraceArg{
float startY;
float startX;
float startZ;
float endY;
float endX;
float endZ;
float outY;
float outX;
float outZ;
float distance;
DWORD flag;
DWORD option;
}TRACEARG, *PTRACEARG;
void testRemoteCall(){
DWORD RmThdId;
LPVOID procAdd, paraAdd;
TRACEARG localarg = {player.y,player.x,player.z+1.0f,player.y+cosf(player.facing)*1.0f,player.x+sinf(player.facing)*1.0f, player.z+1.0f, 0.0f,0.0f,0.0f,1.0f, 0x1000124, 0}; // I use flag value 0x1000124, not sure about other possible values like 0x20000, 0x120171
procAdd = VirtualAllocEx(wowprohnd,NULL, INJECTSIZE, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
if(!procAdd){
printf("can't allocate proc Memory\n");
goto cleanup;
}
paraAdd = VirtualAllocEx(wowprohnd,NULL, INJECTSIZE, MEM_COMMIT, PAGE_READWRITE );
if(!paraAdd){
printf("can't allocate parameters Memory\n");
goto cleanup;
}
DWORD szWritten;
if(!WriteProcessMemory(wowprohnd, procAdd, mySnubber, INJECTSIZE, &szWritten)){
printf("can't write procedure into proc memory\n");
goto cleanup;
}
if(!WriteProcessMemory(wowprohnd, paraAdd, &localarg, sizeof(TRACEARG), &szWritten)){
printf("can't write procedure into proc memory\n");
goto cleanup;
}
char testbuff[INJECTSIZE+4];
ReadStr(procAdd, testbuff, INJECTSIZE);
HANDLE hRmThd = CreateRemoteThread(wowprohnd, NULL, NULL,(DWORD (__stdcall *)( void *))procAdd, paraAdd, NULL, &RmThdId);
if(!hRmThd){
printf("can't create thread \n");
goto cleanup;
}
RmThdId = WaitForSingleObject(hRmThd, 3000);
CloseHandle(hRmThd);
ReadStr(LPCVOID((int*)paraAdd+0), &localarg, sizeof(TRACEARG));
printf("traceline returned: %08X %.2f %.2f %.2f\n", localarg.flag, localarg.outY, localarg.outX, localarg.outZ);
//POINT pt;
//if(localarg.flag){
// scrPos(localarg.outX, localarg.outY, localarg.outZ, &pt);
// MouseClick(wowhwnd, pt.x,pt.y, FALSE);
//}
cleanup:
if(procAdd)
if(!VirtualFreeEx(wowprohnd, procAdd, 0, MEM_RELEASE))
printf("Can't free allocated proc memory\n");
if(paraAdd)
if(!VirtualFreeEx(wowprohnd, paraAdd, 0, MEM_RELEASE))
printf("Can't free allocated proc memory\n");
}