Need help in asm

[N1ghtmaree]

Trying to call ClntObjMgrGetActivePlayer
Asm code is:

Code:

"call " + ((uint)Globals.WoW.MainModule.BaseAddress + Offsets.ObjectManager.ClntObjMgrGetActivePlayer)
"retn"

Then i have to get returned value. Here is the trouble... How int64 is returned? I googled and found its returned in edx + eax pair. But that looks a bit strange in Olly.

So can someone help me with this?

[serock1]

As you know result of function is in edx + eax pair, why not store it somewhere before "ret"?

I never used memory injecting library and C#, so I cannot show you the code. But I guess it is like mostly:

Code:

code_piece = mem_lib.new();
code_piece.allocate_variable("guid", "uint64");
string _ar_asm[] =
{
    "call " + ((uint)Globals.WoW.MainModule.BaseAddress + Offsets.ObjectManager.ClntObjMgrGetActivePlayer),
    "mov " + code_piece.variable_address("guid") + ", eax",
    "mov " + (code_piece.variable_address("guid") + 4) + ", edx",
    "retn",
};
code_piece.add_code(_ar_asm);

Sorry for just pseudo code.

[N1ghtmaree]

Thanks, sure the way is to store it somewhere (thats how i hook another functions). I just wasnt sure that ret value is in edx + eax.[COLOR="Silver"]

[amadmonk]

Oy, you people and your "I'm out-of-process!" (just, injecting ASM via string compilation and then running it locally...) code.

If you were running in-process, you just define a function pointer that returns an __int64 and -- bam -- you're done. But y'all gotta stick with your faux-security...

[N1ghtmaree]

Ofc, but im too lazy to host CLR to inejct C# dll (C++ is too hard for me atm. (.NET is coolyeah)). Im not so stupid to think that writing asm code to memory makes any difference from injected dll. Also its nice purpose to learn how everyting works.

[amadmonk]

You can inject the CLR in about 50 lines of code, and it's all copy-pasteable right here from MMOwned. I think Apoc & co posted some really nice code samples a while back.

site:mmowned.com inject CLR - Google Search

Once you've done that, just write your bot in C#, which has nice native support for 64 bit ints through p/invoke.

I don't mean to be rude, but I will NEVER understand why people use that hacky "build the ASM via a string" method. There's simply NO good reason, if you're doing that, not to inject into the process.

[N1ghtmaree]

I've injected CLR some time ago already. Had problems with exporing my C++ dll function to call it properly (had to use offsets). But calling exported function is the most correct way to pass base directiory of loader to DLL i think.