Problems calling ObjectByGuid / Console stuff

[SKU]

Hello thar.

Problem: I can't morph units with this implementation because somehow GetObjectByGuid alsways returns 0 when applied 'on units'. It does however work when I try to morph other players.

Wall of code: (Syntax highlight: NoMorePasting.com)

Code:

        public static uint StringToInt = 0x6A6F10;
        public static uint ObjectByGuid = 0x46DB20;
        public static uint UpdateModel = 0x6806D0;
        public static uint StringToFloat = 0; // ?

        /// <summary>
        /// Function that will be called once the user enters 'morph [arg]'.
        /// Morphs the localplayer's target.
        /// TODO: Get ObjectByGuid to work via ASM, find a StringToFloat function.
        /// </summary>
        /// <param name="w"></param>
        /// <returns></returns>
        public static uint MorphFunctionASM(BlackMagic w)
        {
            // Codecave + offsets that'll hold certain values for further use
            uint dwCodeCaveMorphF = 0;
            uint dwMorphId = 0x2500;
            uint dwMorphScale = 0x2600;
            uint dwMorphTargetBase = 0x2700;
            uint dwLocalPlayer = 0x2800;

            if (Program.I(w)) // wrapper for 'bool OpenProcessAndThread(..)'
            {
                dwCodeCaveMorphF = w.AllocateMemory(0x3000); // teh bigz
                dwMorphId += dwCodeCaveMorphF;
                dwMorphScale += dwCodeCaveMorphF;
                dwMorphTargetBase += dwCodeCaveMorphF;
                dwLocalPlayer += dwCodeCaveMorphF;

                w.Asm.Clear();
                // get the 2 arguments
                w.Asm.AddLine("push esi");
                w.Asm.AddLine("call {0}", StringToInt); // ret 4
                w.Asm.AddLine("mov [{0}], eax", dwMorphId); // <- 1st arg, ID; TODO: cmp eax, 0 -> je to end
                w.Asm.AddLine("add edx, 1");
                w.Asm.AddLine("push edx");
                w.Asm.AddLine("call {0}", StringToInt);
                w.Asm.AddLine("mov [{0}], eax", dwMorphScale); // <- 2nd arg, Scale, currently an int
                // s_curMgr
                w.Asm.AddLine("mov eax, [0x11CB310]");
                w.Asm.AddLine("mov eax, [eax+0x28A4]");
                w.Asm.AddLine("mov edx, eax");
                // TIB
                w.Asm.AddLine("xor eax, eax");
                w.Asm.AddLine("fs mov eax, [0x2C]");
                w.Asm.AddLine("mov eax, [eax]");
                w.Asm.AddLine("add eax, 8");
                w.Asm.AddLine("mov dword [eax], edx");
                // get the local player
                w.Asm.AddLine("mov eax, [0x127F13C]");
                w.Asm.AddLine("mov eax, [eax+0x30]");
                w.Asm.AddLine("mov eax, [eax+0x28]");
                w.Asm.AddLine("mov [{0}], eax", dwLocalPlayer);
                w.Asm.AddLine("mov ecx, eax");
                // get targetguid of local player
                w.Asm.AddLine("mov ecx, [ecx+0x8]");
                w.Asm.AddLine("mov ebx, dword [ecx+0x13*4]"); // high
                w.Asm.AddLine("mov edx, dword [ecx+0x12*4]"); // low
                // objectbyguid
                w.Asm.AddLine("xor eax, eax");
                w.Asm.AddLine("push 0x86");
                w.Asm.AddLine("push 0x92F3B0");
                w.Asm.AddLine("push 0x10");
                w.Asm.AddLine("push ebx"); // high
                w.Asm.AddLine("push edx"); // low
                w.Asm.AddLine("call {0}", ObjectByGuid);
                w.Asm.AddLine("add esp, 0x14");
                w.Asm.AddLine("mov [{0}], eax", dwMorphTargetBase);
                // change target id
                w.Asm.AddLine("mov eax, [eax+0x8]");
                w.Asm.AddLine("add eax, 0x108");
                w.Asm.AddLine("mov ebx, [{0}]", dwMorphId);
                w.Asm.AddLine("mov dword [eax], ebx");
                // call updateModel
                w.Asm.AddLine("push 1");
                w.Asm.AddLine("push 1");
                w.Asm.AddLine("mov ecx, [{0}]", dwMorphTargetBase);
                w.Asm.AddLine("call {0}", UpdateModel); // ret 8
                // goodbye
                w.Asm.AddLine("retn");
                w.Asm.Inject(dwCodeCaveMorphF);
            }
            return dwCodeCaveMorphF;
        }

I know it's a pain to even read it, guess how much fun debugging was.

Orange: How I try to get the GUID of my target ([[player+0x8] + UNIT_FIELD_TARGET * 4])
Red: eax is always 0 when I have a unit as target, works if I have other players / myself as target.

Do I need to read the GUID somehow else or is something different flawed?

If I get the GUID by using ReadUInt64, then write it into a codecave and grab it via [location+0x4]=hi, [location]=lo it works.

Thanks in advance, greetings

Sku

[shingetterrobo]

w.Asm.AddLine("push 0x86");
w.Asm.AddLine("push 0x92F3B0");
w.Asm.AddLine("push 0x10");
w.Asm.AddLine("push ebx"); // high
w.Asm.AddLine("push edx"); // low
w.Asm.AddLine("call {0}", ObjectByGuid);


push 1 instead of 0x10 for the third parameter of GetObjectByGuid that parameter determines whether or not the caller wants a player or unit (if the object is a unit and you push 0x10 it will return 0 :P ) this is there for functions that only can only be done on players.

[SKU]

Wow thanks! Gonna try it. So from which ObjectByGuid call did I grab that 0x10 hmpf.

Edit: Holy crap it works. Thanks alot!

[shingetterrobo]

btw StringToFloat 6A75A0h

[SKU]

Thanks again, tried to follow the call of a console command that takes a float argument but somehow never saw a conversion *blind is*.

[Shynd]

Holy ****, that's ugly, and it's no fault of your own. The fault rests entirely on me, the author of an asm-for-c# library. WHAT HAVE I DONE.

[SKU]

Holy ****, that's ugly, and it's no fault of your own. The fault rests entirely on me, the author of an asm-for-c# library. WHAT HAVE I DONE.

I forgive you. "settitle ID" now working aswell, thanks again.

[lanman92]

It's not really THAT ugly, I guess. Pretty much the same as writing a naked C++ function(with the ugly Fasm syntax...) It was a great idea, Shynd. I give you many thanks for writing it, as I would have no means to interact, cast, etc. without my code looking ABSOLUTELY retarded as bytecode being injected with WriteProcessMemory()... Thanks again, Shynd.

[Cypher]

Err, it's FAR from writing a naked C++ function.

In naked functions you can still do most of your work in C++.

Besides, there are very few reasons to use naked functions when working in pure C++ code anyway.

[Robske]

Gonna hijack the thread with a totally irrelavant question concerning weapon enchants.

/Console MorphMHWeapon 32837
/Console MorphOHWeapon 32838

(Working on something like /Console MorphWeapon *Slot* *DisplayID*)

Gives me a nice set-o-warglaives, obviously with the enchant glow that's on the actual weapon. (in my case this would be double beserking, red glow) which imo, isn't that visually appealing as mongoose.

The enchant seems to be part of the item and not the player struct (yea duh) at ITEM_FIELD_ENCHANTMENT_1_1. After dumping around abit I got the ID's for most popular enchants (gathered alot of weapons during the years )

Soo I thought, just overwrite it and call UpdateModel() easy enough! Guess not.

When overwriting the old enchants value the tooltip's enchant name changes (on the player character sheet) and when shift clicking the item I see my weapon with the new enchant, cool. There's however no update on the actual ingame enchant glow.

Any hints?

[shingetterrobo]

PLAYER_VISIBLE_ITEM_1_PROPERTIES = enchant ID

also, see http://www.mmowned.com/forums/bots-p...ml#post1422797

[Robske]

PLAYER_VISIBLE_ITEM_1_PROPERTIES = enchant ID

also, see http://www.mmowned.com/forums/bots-p...ml#post1422797

Awk, tried those - every single one of them is 0.

Here's my code to loop over the PLAYER_VISIBLE_ITEM_XX_PROPERTIES fields:

Code:

int Id = 0;
for (uint Offset = 0x111; Offset <= 0x255; Offset += 0x012)
{
       Id++;
       Console.WriteLine("PLAYER_VISIBLE_ITEM_" + Id + "_PROPERTIES" +
                                        " = 0x" + Offset.ToString("X") + " * 4" +
                                        " contains: " + Memory.ReadUInt(dwDescriptor+(Offset)*4)); 
}

dumps:

PLAYER_VISIBLE_ITEM_1_PROPERTIES = 0x111 * 4 contains 0
PLAYER_VISIBLE_ITEM_2_PROPERTIES = 0x123 * 4 contains 0
...
PLAYER_VISIBLE_ITEM_19_PROPERTIES = 0x255 * 4 contains 0

Can you confirm that the offsets posted in the 3.0.2 sticky are still valid?

[shingetterrobo]

i'm sorry, now i feel stupid. i was in a rush and simply assumed that the next one on the list was correct without checking first.

the actual offset is 1 above PLAYER_VISIBLE_ITEM_XX_0 (ie for item 1 its 0x105)

i access it like this

call GetBaseByGUID
mov eax, [eax+8]
lea eax, [eax+ebx] // ebx = PLAYER_VISIBLE_ITEM_XX_CREATOR *4
mov [eax+8], edi // edi = new item id.
mov dword [eax+0Ch], 0ECCh // 0ECCh = 3788, i forget which enchant this is.

[Robske]

Thanks for the quick reply

HURR DURR

[shingetterrobo]

np. sorry for the mixed up :P