C# how to call a function? menu

User Tag List

Results 1 to 8 of 8
  1. #1
    alcor75's Avatar Active Member
    Reputation
    37
    Join Date
    Oct 2008
    Posts
    252
    Thanks G/R
    1/0
    Trade Feedback
    7 (100%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    C# how to call a function?

    After completing the platform(mem reading, key and mouse posts,skills and settings, and most logic) for my bot(personal project i run to endure my C# and reverse skills), i was in the process to write some logic for combat and few specific scopes, and i felt in a problem i cant solve since 7 days (my summer vacation).

    Now my vacation are running out, and after have read tons and tons of shit in the quest to learn it, i ended telling myself to ask.

    I'm trying to find enemy without the need to target them (i already can get DispositionToTarget), but it ended that the best solution is to call LUA function GetDispositionTo
    as described here .

    Not being able to call LUA function, i decided i for now can live knowing the Unit Faction, and it ended being another LUA function.

    And like those, many other suffs i wish i can use are function.

    Can someone pls give me some idea of how should i call a LUA function with C#?

    I'm really confused about what istruction (should i just write some intPtr in the process memory and read the output from somewhere)

    For exemple:
    this are the most recent Function call posted:
    Code:
    enum Functions
    {
       RegisterEvent = 0x179DD0,
       UnregisterEvent = 0x17A240,
       SetTarget = 0x4EF5E0,
       PerformAction = 0x455140,
       VacuumLoot = 0x378670,
       ClickToMove = 0x4832D0,
    }
    I Set my target writing directly the ID if the Unit i want to target to my Target ID, and it work, i don't call the function SetTarget, is dirty, ugly stinky, but work.

    This is my Click to move....call it function

    Code:
    public void move(Vector4 v4)
            {
                IntPtr g = gamemanagerptr();
                Game.memory.Write<float>(g + (int)GameManager.movements.ClickToMoveX, v4.x);
                Game.memory.Write<float>(g + (int)GameManager.movements.ClickToMoveY, v4.y);
                Game.memory.Write<float>(g + (int)GameManager.movements.ClickToMoveZ, v4.z);
                byte[] data = { 0x00, 0x00, 0x00, 0x00 };
                Game.memory.WriteBytes(g + (int)GameManager.movements.ClickToMoveGo, data);          
            }
    But the Address i use are nowhere near the Standard ClickToMove function you all report, my address are:

    Code:
    enum Global
    	{
            pGameManager = 0xAB7B48, //ok
            pSpellManager = 0xAB8930, //ok (1..10 skills manager)
            pInnateManager = 0xAD8DB0, // ok (innate ability manager)
            pSkillXManager = 0xAD8E78  // ok (X ability manager)
    	};
    
    enum movements
        {
            ClickToMoveX = 0x7540,  //ok
            ClickToMoveY = 0x7548,  //ok
            ClickToMoveZ = 0x7544,  //ok
            ClickToMoveW = 0x754c,  //ok
            ClickToMoveGo = 0x7524, //ok
        };
    (So you now know my special address call it a contrib. )

    What i do is write the coordinate of the destination directly to the address the client read, and trigger the movement, all based on some address i have found (you have no idea how much time i'm spending to learn, and wildstar is neither looking so promising, but is letting me learn alot) in my long search.

    Is this a LUA Function called by me magically without me knowing i were doing it?
    Obviously no, i'm aware i'm not calling anything, pls what is the way to call a ingame LUA function and read the result, eventually?

    If someone want to give me a lesson, i'll be gland to pay(well) for your time, send me a pm if interessed, i'm online all the day and night, and tomorrow too (last day of vacation).

    Pls give me a hand.

    Alcor75

    These ads disappear when you log in.

  2. #2
    Midi12's Avatar Contributor
    Reputation
    90
    Join Date
    Sep 2012
    Posts
    182
    Thanks G/R
    6/13
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    There is two way for achieving what you are looking for (from what I know) :
    1. Finding the internal GetDispositionTo function offset and calling the function
    2. Calling the lua GetDispostionTo through you lua wrapper then get back the result


    I will only remain on the first option because it's what I am doing.

    Assuming you are internal (example : injected dll) :

    Code:
    		//Quick pseudo code from an old base
    		GetDispositionTo_t fnGetDispositionTo = (fnGetDispositionTo_t)((DWORD)GetModuleHandle(NULL) + Offsets::Functions::GetDispositionTo);
    		ResultType result = fnGetDispositionTo(params);
    Basically you cast the function offset to function declaration then call it like a normal function. (You might need to be in main thread in some case).


    Assuming you are external (example : C# bot) :

    Code:
    		//still pseudo code
    		string asmcode = "push eax";
    		asmcode += "push arg1";
    		asmcode += "push arg2";
    		asmcode += "call 0x" + Offsets.Functions.GetDispositionTo.toString();
    		WildStarProcess.InjectCode(asmcode);
    Here you are litterally building asm code which will be executed inside your target process;
    You might need to be in main thread too in some case.
    You can get ideas on doing this in BlackMagic/fasm_managed (doesn't remember the one who implemented it) or iHook dll (doesn't remember if sources are available).
    If you prefer C++, AsmJit is superb

  3. #3
    alcor75's Avatar Active Member
    Reputation
    37
    Join Date
    Oct 2008
    Posts
    252
    Thanks G/R
    1/0
    Trade Feedback
    7 (100%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Tnx for answering me, my brain is really hurting and i sleep 4h per night, but i want this learned before i got back to work full time.

    I try to stick with C# (is the only thing i really know, i've some base know of alot of stuffs but my try is pure C#, and ASM )

    So what i learned here is:
    I'll probably try to inject ASM code and see what uppen, and in the try to do it, i learnt that...i can write my code to use the 64bit ws client(get the process in 64bit ecc) and build my solution targeting "AnyCPU" instead of "64bit" AND SO be able to refer Fasmdll_managed.... that is awesome, i was stuck being convinced that it needed to be targeted to "64bit" stupid me, and trying to find a alternative to Fasmdll_managed.

    So now i-ll experiment with that.

    First question that come in my mind is, where do i read the result? maybe digging more the answer will become clear, and that what i'll do now, you opened a door to a whole new world, any tips while i step into it would be helpfull.

    Also my Offer for a paid skype session is still available, i'm here all the day, if you have 1 free hour or 2 i'll be pay it well.
    send me a pm.

    I'll post here my finding, tnx again.

    p.s. You must spread some Reputation around before giving it to Midi12 again.
    Last edited by alcor75; 08-25-2014 at 06:32 AM.

  4. #4
    Midi12's Avatar Contributor
    Reputation
    90
    Join Date
    Sep 2012
    Posts
    182
    Thanks G/R
    6/13
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by alcor75 View Post
    First question that come in my mind is, where do i read the result? maybe digging more the answer will become clear, and that what i'll do now, you opened a door to a whole new world, any tips while i step into it would be helpfull.
    Ha right, I forgot to answer you about that.
    You just have to allocate some memory, then move the value from the register where the result was to this allocated space and read the result from those allocated space. I am not sure if this is the right way, wait an answer from any asm-experienced member.

    Originally Posted by alcor75 View Post
    Also my Offer for a paid skype session is still available, i'm here all the day, if you have 1 free hour or 2 i'll be pay it well.
    send me a pm.
    Thanks for the offer but I don't have the time nor the skills to teach about this subject ^^.
    92izii !

  5. #5
    alcor75's Avatar Active Member
    Reputation
    37
    Join Date
    Oct 2008
    Posts
    252
    Thanks G/R
    1/0
    Trade Feedback
    7 (100%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Tnx for coming back and clirify it, i now have a good idea of what i should do, and found a tutorial that helped me to Crash my client!!, i'm so happy, this mean i'm interacting with it

    Here's the post: ([C#] ASM Injection (CreateRemoteThread))


    I also found that...
    Originally Posted by alcor75 View Post
    So what i learned here is:
    I'll probably try to inject ASM code and see what uppen, and in the try to do it, i learnt that...i can write my code to use the 64bit ws client(get the process in 64bit ecc) and build my solution targeting "AnyCPU" instead of "64bit" AND SO be able to refer Fasmdll_managed.... that is awesome, i was stuck being convinced that it needed to be targeted to "64bit" stupid me, and trying to find a alternative to Fasmdll_managed.
    Is a great mountain of shit, it do not work (compiled but when i call fasmdll boom, it throw "go back to x86 if you want this!"

    So now my injection want me to sed my ASM code as byte[] like this:

    Code:
    byte[] asm = new byte[] {
    	0x31, 0xD2,                               // XOR   EDX, EDX
    	0x52,                                     // PUSH  EDX
    	0x68, 0x63, 0x61, 0x6C, 0x63,             // PUSH  'calc'
    	0x89, 0xE6,                               // MOV   ESI, ESP
    	0x52,                                     // PUSH  EDX
    	0x56,                                     // PUSH  ESI
    	0x64, 0x8B, 0x72, 0x30,                   // MOV   ESI, DWORD PTR FS:[EDX+30]
    	0x8B, 0x76, 0x0C,                         // MOV   ESI, DWORD PTR DS:[ESI+C]
    	0x8B, 0x76, 0x0C,                         // MOV   ESI, DWORD PTR DS:[ESI+C]
    	0xAD,                                     // LODS  DWORD PTR DS:[ESI]
    	0x8B, 0x30,                               // MOV   ESI, DWORD PTR DS:[EAX]
    	0x8B, 0x7E, 0x18,                         // MOV   EDI, DWORD PTR DS:[ESI+18]
    	0x8B, 0x5F, 0x3C,                         // MOV   EBX, DWORD PTR DS:[EDI+3C]
    	0x8B, 0x5C, 0x1F, 0x78,                   // MOV   EBX, DWORD PTR DS:[EDI+EBX+78]
    	0x8B, 0x74, 0x1F, 0x20,                   // MOV   ESI, DWORD PTR DS:[EDI+EBX+20]
    	0x01, 0xFE,                               // ADD   ESI, EDI
    	0x8B, 0x4C, 0x1F, 0x24,                   // MOV   ECX, DWORD PTR DS:[EDI+EBX+24]
    	0x01, 0xF9,                               // ADD   ECX, EDI
    	//                                           label1:
    	0x0F, 0xB7, 0x2C, 0x51,                   // MOVZX EBP, WORD PTR DS:[ECX+EDX*2]
    	0x42,                                     // INC   EDX
    	0xAD,                                     // LODS  DWORD PTR DS:[ESI]
    	0x81, 0x3C, 0x07, 0x57, 0x69, 0x6E, 0x45, // CMP   DWORD PTR DS:[EDI+EAX], 'WinE'
    	0x75, 0xF1,                               // JNZ   SHORT label1
    	0x8B, 0x74, 0x1F, 0x1C,                   // MOV   ESI, DWORD PTR DS:[EDI+EBX+1C]
    	0x01, 0xFE,                               // ADD   ESI, EDI
    	0x03, 0x3C, 0xAE,                         // ADD   EDI, DWORD PTR DS:[ESI+EBP*4]
    	0xFF, 0xD7,                               // CALL  EDI
    	0x58,                                     // POP   EAX (stack alignment)
    	0x58,                                     // POP   EAX (stack alignment)
    	0xC3                                      // RET
    };
    This open the calc and were a example.

    Are there a better way or at least a way to convert byte[] to assembly without fasmdll, or, are there a way to use fasmdll with a 64bit process(not sure if it compatible with the 64bit register ecc) ?

    I'm still experimenting...

  6. #6
    Midi12's Avatar Contributor
    Reputation
    90
    Join Date
    Sep 2012
    Posts
    182
    Thanks G/R
    6/13
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by alcor75 View Post
    Are there a better way or at least a way to convert byte[] to assembly without fasmdll, or, are there a way to use fasmdll with a 64bit process(not sure if it compatible with the 64bit register ecc) ?

    I'm still experimenting...
    As far as I know fasm is only x86
    92izii !

  7. #7
    alcor75's Avatar Active Member
    Reputation
    37
    Join Date
    Oct 2008
    Posts
    252
    Thanks G/R
    1/0
    Trade Feedback
    7 (100%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I'm still to figure out how to resolve this problem, but my tenacity made so i found a way to get DispositionTo to work.

    What i did is patiently test various combinations of address with CE, guessing, reading and trying to understand the function IDA decompiled, then i wrote that strange test combination in a function able to read those address and BooM! Disposition.

    Is been long... ****ing long and got me a strong headache, but you cant imagine the satisfaction of seeing it work, and while i was in that trance, i got CCState too.

    This is good enough to build my tool with the precision i need, but i'm still curious to understand the "Proper way" to call a function and read the result, so if someone want to add some comment that could allow me to extend my research, i'll be very grateful.

    What is really sad is that WS look to me like a dead game, if it wasn't for what it allow me to learn, i would have already left it, but is fun to understand and being able to code so many stuffs, so i really hope Carbine pump it up a little.

    /bow Alcor75
    Last edited by alcor75; 08-25-2014 at 06:37 AM.

  8. #8
    iamclint's Avatar Master Sergeant
    Reputation
    14
    Join Date
    Aug 2012
    Posts
    84
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I would write a C++ dll and use IPC to communicate with it to do the calls.

Similar Threads

  1. [C#]How to call function
    By RD49 in forum Diablo 3 Memory Editing
    Replies: 2
    Last Post: 10-25-2012, 04:40 AM
  2. Problems calling VMT Function 47
    By djvoid in forum WoW Memory Editing
    Replies: 16
    Last Post: 01-14-2009, 08:22 AM
  3. Calling LUA Functions
    By cloud_wizard in forum WoW Memory Editing
    Replies: 7
    Last Post: 01-04-2009, 08:24 AM
  4. Call lua function and get result
    By starfish99 in forum WoW Memory Editing
    Replies: 4
    Last Post: 12-26-2008, 05:15 AM
  5. Replies: 1
    Last Post: 08-26-2008, 10:49 PM
All times are GMT -5. The time now is 12:54 AM. Powered by vBulletin® Version 4.2.3
Copyright © 2020 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search