SetFacing VMT

[ap0stle2482]

I am currently trying to set my facing using the setfacing vmt, but so far ive only managed to crash wow

Code:

public static void SetFacing(float Angle)
{

int SetFacingVMT = 19;
uint pAngle = Endscene.BlackMagic.AllocateMemory(0x4);
EndScene.BlackMagic.WriteFloat(pAngle, Angle);
uint VMT = EndScene.BlackMagic.ReadUInt((EndScene.BlackMagic.ReadUInt(LocalPlayer.BaseAddress) + ((uint)SetFacingVMT * 4)));

EndScene.Hook_AsmAddLine("push " + pAngle);
EndScene.Hook_AsmAddLine("mov ecx, " + LocalPlayer.BaseAddress);
EndScene.Hook_AsmAddLine("call " + VMT);
EndScene.Hook_AsmAddLine("retn");

EndScene.Hook_AsmInject();

}

Couldnt get the above code to work so i changed it to:

Code:

public static void SetFacing(float Angle)
{

uint pAngle = Endscene.BlackMagic.AllocateMemory(0x4);
EndScene.BlackMagic.WriteFloat(pAngle, Angle);

EndScene.Hook_AsmAddLine("push " + pAngle);
EndScene.Hook_AsmAddLine("mov ecx, " + LocalPlayer.BaseAddress);
EndScene.Hook_AsmAddLine("call " + ((uint)Wowbase + 0x55ED70);
EndScene.Hook_AsmAddLine("retn");

EndScene.Hook_AsmInject();

}

It doesnt crash wow anymore, but nothing happens, is there another or better way i should be using to set facing or am i just missing something =x

[Edder]

I think its unnecessary to create a new topic and this one isnt that old.

I have the same problem with SetFacing and I have the same approach as OP and I cant get it to work, I think its alright but it wont work:

Code:

        public static void SetFacing(float angle)
        {
            uint pAngle = Hook.Memory.AllocateMemory(0x4);
            Hook.Memory.WriteFloat(pAngle, angle);

            string[] asm = new string[]
            {
                "push " + pAngle,                                 // push pAngle in the function (as the first value, right-to-left)
                "mov ecx, " + Player.BaseAddress,       // make ecx to the Player.BaseAddress -> this
                "call " + 0x989B70,                            // call the function
                "retn",
            };

            Hook.InjectAndExecute(asm);
        }

IDA Pseudocode says that its a __thiscall function and I think I followed the calling conventions for thiscall functions...
the float value is written to the mem and the pointer is pushed into the stack as the first argument, this (playerbase) is moved to ecx like thiscall desired it and then I call the function (without the base because Im working with 3.3.5a, no need for stack cleanup, cause that does the function, whats wrong?

edit: It must be the float value, because I managed to get UnitReaction to work, this is the same as SetFacing, only SetFacing takes a float instead of a uint and returns a value...

[miceiken]

Missing BaseAddress for the offset aren't you?

[Edder]

Missing BaseAddress for the offset aren't you?

I thought there is no need for the wow base since it's for a 3.3.5a binary?!

[miceiken]

I thought there is no need for the wow base since it's for a 3.3.5a binary?!

Oh sorry, didn't read all of your text. Guess you're right then, must be another issue.

[Edder]

Oh sorry, didn't read all of your text. Guess you're right then, must be another issue.

Nevermind, dunno whats wrong though

UnitReaction works the same way

Code:

        public static uint UnitReaction(uint baseaddress)
        {
            uint pReaction = Hook.Memory.AllocateMemory(0x4);

            string[] asm = new string[]
            {
                "push " + baseaddress,
                "mov ecx, " + Player.BaseAddress,
                "call " + 0x7251C0,
                "mov [" + pReaction + "], eax",
                "retn",
            };

            Hook.InjectAndExecute(asm);

            uint reaction = Hook.Memory.ReadUInt(pReaction);

            Hook.Memory.FreeMemory(pReaction);

            return reaction;
        }

Howto proper push a float on the stack? Im pretty sure its the float which causes the issue.

[_Mike]

Why not just patch InjectAndExecute() to return eax and avoid all this ugly temporary memory allocation?

[lanman92]

On the topic of SetFacing, maybe the function doesn't pass by pointer. Did you try passing by value?

EDIT: Better solution than using the virtual functions of your player is to use CGInputControl functions. They work great for mouse-turning, setting facing, etc...

[Edder]

On the topic of SetFacing, maybe the function doesn't pass by pointer. Did you try passing by value

You mean pushing the float directly onto the stack? Yea I tried that, it crashs the client, will look at the inputcontrol.

[_Mike]

Wouldn't byval floats normally go on the fpu stack and not the cpu stack? Note, I haven't looked at the function(s) to see how they handle the arguments and if they are byval or byref. I'm just throwing out random guesses

[MaiN]

Wouldn't byval floats normally go on the fpu stack and not the cpu stack? Note, I haven't looked at the function(s) to see how they handle the arguments and if they are byval or byref. I'm just throwing out random guesses

I don't think they do, no. MSVC only returns floating point values on the FPU stack, floating point arguments are sent on the normal stack. At least that's how I recall it.

[Cypher]

I don't think they do, no. MSVC only returns floating point values on the FPU stack, floating point arguments are sent on the normal stack. At least that's how I recall it.

[MaiN]

[_Mike]

I don't think they do, no. MSVC only returns floating point values on the FPU stack, floating point arguments are sent on the normal stack. At least that's how I recall it.

Yeah you are right. I guess I must have confused arguments with return values. I just knew the FPU was used for something

[Edder]

Code:

        public static void SetFacing(float angle)
        {
            string[] asm = new string[]
            {
                "mov ecx, " + Bot.Player.BaseAddress,
                "push " + angle,
                "call " + 0x989B70,
                "retn",
            };

            Hook.InjectAndExecute(asm);
        }

I was wrong, pushing the stack directly gives an assembly error (-109) no client crash.