Hello,
I recently got interested in WoW hacking. Thanks to various resources on this board I managed to inject a assembly into WoW using EasyHook. Next I was interested in calling WoW functions by converting an unmanaged function pointer to a delegate. I started with CGObject's GetObjectName.
First I tried it using the WhiteMagic library available on this forum
Code:
// WoW VMT index
public const uint Wow_VMT_GetName = 52;
...
// Delegate declaration
[UnmanagedFunctionPointer(CallingConvention.Cdecl)]
private delegate string VMT_GetNameDelegate();
...
// Function
private static VMT_GetNameDelegate VMT_FuncGetName;
...
// Returns the WoW name for the specified object address by marshalling the WoW GetObjectName() function
public static string Wow_GetName(uint objectAddr)
{
Logger.Debug("Wow_GetName("+objectAddr.ToString()+")");
IntPtr getNameFuncPtr = Magic.GetObjectVtableFunction((IntPtr)objectAddr, Wow_VMT_GetName);
Logger.Debug("Object's VMT_FuncGetName found at: " + getNameFuncPtr.ToString());
VMT_FuncGetName = Marshal.GetDelegateForFunctionPointer(getNameFuncPtr, typeof(VMT_GetNameDelegate)
Logger.Debug("Calling VMT_FuncGetName()");
string result = VMT_FuncGetName((IntPtr)objectAddr);
Logger.Debug("Result: " + result);
return result;
}
But trying the function on different kind of WoW objects all made the WoW process crash. After reading some more on this forum, Instead of using Cdecl I'd try using ThisCall.
Code:
// WoW function addresses
public const uint Wow_GetName = 0x006A2150;
...
// Delegate declaration
[UnmanagedFunctionPointer(CallingConvention.ThisCall)]
private delegate string VMT_GetNameDelegate(IntPtr objectBase);
...
// Function
private static VMT_GetNameDelegate VMT_FuncGetName;
...
// Register WoW function
public void RegisterWowDelegate()
{
Logger.Debug("RegisterWowDelegate: Wow_FuncGetName");
VMT_FuncGetName = Tools.GetRegisterDelegate<VMT_GetNameDelegate>(Wow_GetName);
}
...
// Returns the WoW name for the specified object address by marshalling the WoW GetObjectName() function
public static string Wow_GetName(uint objectAddr)
{
Logger.Debug("Wow_GetName("+objectAddr.ToString()+")");
Logger.Debug("Calling VMT_FuncGetName()");
string result = VMT_FuncGetName((IntPtr)objectAddr);
Logger.Debug("Result: " + result);
return result;
}
This aswell made the process crash. So next I (even though I have no clue how use it ), opened IDA and looked up the address and it's function.
I found the class method, and the function declaration showed this
Code:
char *__thiscall sub_6A2150(int this, int a2, unsigned int a3)
{
...
}
The whole code contained sutff like "UNKNOWNOBJECT" and "Unknown Being", so I'm pretty sure I have the correct method.
But I'm at a loss now, the function is a class method of the CGObject class. I see my function delegate doesn't have the 2nd and 3rd parameter, and I don't know what they do, or what I'm suppose to feed the arguments.
I'm stuck at this point, so if looking for some help.
thanks in advance