Problem with CInputControl in C#

[charly]

Hello,

It's my first post on this forum so I'll begin by thanking all those who share a lot of incredible information about WoW memory :wave:

This is my problem: I would like to use CInputControl in C#, so I downloaded the BlackMagic library and copy-pasted the example code of Cypher. But my code isn't working..

Code:

if (!wow.OpenProcessAndThread(Memory.GetProcessIdByProcessName("Wow.exe")))
                throw new Exception("Can't open the process");

uint codeCave = wow.AllocateMemory();
wow.Asm.Clear();
wow.Asm.AddLine("mov eax, " + 0x00BE10FC); // Randomness Tick
wow.Asm.AddLine("mov ecx, " + this); // Address of this instance
wow.Asm.AddLine("push eax");
wow.Asm.AddLine("push 0"); // Enable
wow.Asm.AddLine("push 0"); // dwTime
wow.Asm.AddLine("push " + 0x10); // Movement
wow.Asm.AddLine("call " + SetFlag); // Address of function SetFlag
wow.Asm.InjectAndExecute(codeCave);
wow.FreeMemory(codeCave);

1) I begin in C# and I don't find the address of this.. I searched on Google but no result.

2) I don't find the address of SetFlag. I used those 3.0.3 offsets:

• CInputControl: 0x011779A4
• CInputControl__SetFlag: 0x005548F0

My wrong address of SetFlag is Read(clientConnection + 0x005548F0). I know it's a second noob question but I really don't find the explanation saying what's the base to find SetFlag address. Could you tell me what's wrong please?

Hoping you understand my english
Merry Christmas

[Apoc]

The "this" keyword doesn't return an address in C#. (It does in C++ however.)

You'll need to figure out the address you need by yourself.

[charly]

The "this" keyword doesn't return an address in C#. (It does in C++ however.)

You'll need to figure out the address you need by yourself.

Thanks for your answer in this Christmas day You're right.

Apparently it's easy to get address of primitive types in C# with the unsafe code. But it seems that it's not possible to get the address of an instance...

Someone else could help me please?

[Apoc]

Thanks for your answer in this Christmas day You're right.

Apparently it's easy to get address of primitive types in C# with the unsafe code. But it seems that it's not possible to get the address of an instance...

Someone else could help me please?

You missed what I said. .NET code runs in the CLR, which is like the Java VM. It has its own address space, completely different than what other processes have. You can't reference a "this" or get the address of "this" in memory. (Technically you can, but it's useless)

[charly]

It's what I tried to say in other words

And..
- Store this in ecx, is it necessary?
- How is compute the SetFlag address?

[Apoc]

It's what I tried to say in other words

And..
- Store this in ecx, is it necessary?
- How is compute the SetFlag address?

What are you not understanding? You can't store "this" in a register, as it won't return the base address like you think it will. (In the way you're storing it, it will actually convert the "this" call to "this.ToString()" which is not something you normally want to do in ASM.)

And read the other threads in this forum for the SetFlag address. (Or learn how to reverse the client, and find it yourself.)

[charly]

What are you not understanding? You can't store "this" in a register, as it won't return the base address like you think it will. (In the way you're storing it, it will actually convert the "this" call to "this.ToString()" which is not something you normally want to do in ASM.)

And read the other threads in this forum for the SetFlag address. (Or learn how to reverse the client, and find it yourself.)

I repeat the question in other words: Why do we need to store this in ecx (not how)?

About SetFlag address, I found nothing. I would appreciate if you gave me a link that explains how to compute it.

Thx.

[Apoc]

I repeat the question in other words: Why do we need to store this in ecx (not how)?

About SetFlag address, I found nothing. I appreciate if you gave me a link that explains how to compute it.

Thx.

From the code you copy/pasted (since it's obvious you don't understand what it does...), no you don't need to store anything in the ECX register.

And again, for SetFlag, read the threads in this forum. Search is your friend. Stop being lazy.

[charly]

From the code you copy/pasted (since it's obvious you don't understand what it does...), no you don't need to store anything in the ECX register.

If I ask why do I need to store this, it's maybe I understand.

And again, for SetFlag, read the threads in this forum. Search is your friend. Stop being lazy.

I found threads with:
only address or pointer of SetFlag.
or code that isn't working

On the blog of Shynd, he uses user32. In WoWX, CInputControl isn't used too (It's the LUA function MoveForwardStart()).

I need your help Apoc

[Apoc]

You need to figure it out yourself.

We don't spoonfeed here.

[lanman92]

RTFM, lookup __thiscall calling convention in MSDN.

[Nesox]

If I ask why do I need to store this, it's maybe I understand.

I found threads with:
only address or pointer of SetFlag.
or code that isn't working

On the blog of Shynd, he uses user32. In WoWX, CInputControl isn't used too (It's the LUA function MoveForwardStart()).

I need your help Apoc

omg just open it in olly or ida write some asm and live happiley ever after.

[charly]

Okay, it's working. But my character moves only if I nudge him before.

Example:
1. I set the flag to 0x100 (turn left).
2. Nothing happens
3. I press the key Z (forward) in the game.
4. Character begins to turn left.

I forgot something?

Code:

mov eax,  GetTickCount
mov ecx, DWORD PTR SS:[0x011779A4]
push dwTime
push eax
push Enable
push iFlag
call 0x005548F0
retn

[Cypher]

zzzzzz

"this" is a C++ keyword that holds a pointer to the current class instance. The reason its stored in ECX is because of calling conventions. When compiled code calls a class method it passes the class instance pointer to the function through the ECX register, the calling convention is called 'thiscall'. Its just a standard calling convention for non-vararg member functions (vararg member functions will use __cdecl and pass 'this' as the first param).

[charly]

Thanks for this information

Have you an idea about my last problem? It's the post just above yours.