Troubles calling GetUnitRelation

[hypnodok]

This is my code:

Code:

            uint GetUnitRelation = 0x00666B10;
            uint codeCave = wow.AllocateMemory(0x1000);
            byte[] bInject = { 0xFF, 0x35, 0, 0, 0, 0, 0x8b, 0x1D, 0, 0, 0, 0, 0xE8, 0, 0, 0, 0, 0x83, 0xC4, 0x04, 0xC3 };
            wow.WriteBytes(codeCave, bInject);
            GetUnitRelation -= codeCave + 17;
            wow.WriteUInt(codeCave + 13, GetUnitRelation);
            wow.WriteUInt(codeCave + 2, codeCave + 0x500);
            wow.WriteUInt64(codeCave +0x500, unit1BasePointer);
            wow.WriteUInt(codeCave + 8, codeCave + 0x504);
            wow.WriteUInt64(codeCave + 0x504, unit2BasePointer);
            IntPtr handle = wow.CreateRemoteThread(codeCave, 0);
            Memory.WaitForSingleObject(handle);
            Memory.CloseHandle(handle);
            wow.FreeMemory(codeCave);
            Console.WriteLine(Memory.GetExitCodeThread(handle));

This is how it looks in olly:

Code:

021E0000   FF35 00051E02    PUSH DWORD PTR DS:[21E0500]
021E0006   8B1D 04051E02    MOV EBX,DWORD PTR DS:[21E0504]
021E000C   E8 FF6A48FE      CALL Wow.00666B10
021E0011   83C4 04          ADD ESP,4
021E0014   C3               RETN

I understand the function looks like this:
unsigned long GetUnitRelation( CGObject_C * pObject );
This should mean that I need to push the pointer to an object to the stack prior to calling it.
Also, I sorta guessed that it also expects the pointer to a unit in EBX due to this line:
00666B31 |> 8B83 08010000 MOV EAX,DWORD PTR DS:[EBX+108]
00666B37 |. 8B88 D0000000 MOV ECX,DWORD PTR DS:[EAX+D0]
I know that theres that other pointer to UnitFields.
However this exception still occurs every time I call it:

Any help?

[kynox]

You should be moving the class pointer into ECX, not EBX.
Also, it is __stdcall, so its cleaning up the stack. Remove your Add ESP, 4

[Cypher]

You should be moving the class pointer into ECX, not EBX.
Also, it is __stdcall, so its cleaning up the stack. Remove your Add ESP, 4

Its not __stdcall its __thiscall. (Because 'this' is passed through ECX)

[hypnodok]

Thanks again.