GreyMagic - The best of both worlds, and then some

[jarjar1]

haha very nice.

orig
00CFF810 012E2FDA RETURN to Wow.012E2FDA from Wow.00DF5350
00CFF814 18E93F24 ASCII "OpenAllBags()"
00CFF818 18E93F24 ASCII "OpenAllBags()"
00CFF81C 0166FDE7 Wow.0166FDE7

mycall
1316AADC 13175EC5 RETURN to 13175EC5
1316AAE0 00000000
1316AAE4 2A632328 ASCII "OpenAllBags()"
1316AAE8 2A632328 ASCII "OpenAllBags()"
1316AAEC 5CAE923E
1316AAF0 647C5D60 clr.647C5D60

EDIT2: Not sure why. Especially because the first call after reading the ASCII inside the func should have Arg3 as 0, but calling it this way sets the arg to D.
mycallthat Mysteriously works
1316AADC 13175EC5 RETURN to 13175EC5
1316AAE4 2A632328 ASCII "OpenAllBags()"
1316AAE8 2A632328 ASCII "OpenAllBags()"
1316AAE0 00000000
1316AAEC 5CAE923E
1316AAF0 647C5D60 clr.647C5D60

Just gotta fix it up abit!
EDIT1: not sure where the 5CAE923E is coming from. Tried both StdCall and Cdecl.

BTW, I am having trouble with olly1.11, whenever it loads the .UDD if I reload the program, it locks all the threads and does not resume them until I delete the wow.UDD and restart olly. Anyone experience this? I like to use Olly because its fast on the binary search. IDA seems to take forever.

[jarjar1]

Code:

  
                "call " + (moduleBase + Offsets.FunctionWow.ClntObjMgrGetActivePlayerObj),
                "mov ecx, eax",
                "push -1",
                "mov edx, " + codeCave,
                "push edx",
                "call " + (moduleBase + Offsets.FunctionWow.Lua_GetLocalizedText),
                "retn",

What about working with registers. EX: I need clntObjMgr to get called before calling GetLocalizedText. How could this work using GreyMagic and delegates?

[beanso]

Make a delegate for the ClntObjMgrGetActivePlayerObj function and call that to get the pointer. That asm just moves the result from the function call into ecx (which is used by GetLocalizedText as it's __thiscall - to use thiscall in c# you just specify the calling convention as thiscall and pass the pointer as the first arg).

If you have an object manager set up you can compare guids to the local player guid (there's a static address for it) and find the pointer that way, but calling the function is the easiest and most direct way to do it.

[jarjar1]

How would I need to call GetClientObjMgrActivePlayer? No matter how I try it always returns 0.

Code:

        [UnmanagedFunctionPointer(CallingConvention.StdCall)]
        public delegate int ClntObjMgrGetActivePlayerObjDelegate(
        IntPtr instance);
        private static ClntObjMgrGetActivePlayerObjDelegate GetClntObjMgrActPlayer;
        private static IntPtr pActPlayer;

GetClntObjMgrActPlayer(pActPlayer);

GetClntObjMgrActPlayer = MemoryIn.CreateFunction<ClntObjMgrGetActivePlayerObjDelegate>((IntPtr)wfa.Objects.WowObjects.ClntObjMgrGetActivePlayerObj, true);

EDIT2: It seems pActPlayer = GetClntObjMgrActPlayer(); returns something non-zero. Hard to debug because can use either olly or VS debugger.

Make a delegate for the ClntObjMgrGetActivePlayerObj function and call that to get the pointer. That asm just moves the result from the function call into ecx (which is used by GetLocalizedText as it's __thiscall - to use thiscall in c# you just specify the calling convention as thiscall and pass the pointer as the first arg).

If you have an object manager set up you can compare guids to the local player guid (there's a static address for it) and find the pointer that way, but calling the function is the easiest and most direct way to do it.

[_Mike]

Look up the correct function signatures..

CGPlayer_C* __cdecl ClntObjMgrGetActivePlayerObj()

[Apoc]

Code:

        [UnmanagedFunctionPointer(CallingConvention.Cdecl)]
        private delegate IntPtr ClntObjMgrGetActivePlayerObjDelegate();

        private static ClntObjMgrGetActivePlayerObjDelegate ClntObjMgrGetActivePlayerObj;

        static IntPtr InProcGetActivePlayer()
        {
            if (ClntObjMgrGetActivePlayerObj == null)
                ClntObjMgrGetActivePlayerObj = Memory.CreateFunction<ClntObjMgrGetActivePlayerObjDelegate>((IntPtr) 0xDEADBEEF);

            return ClntObjMgrGetActivePlayerObj();
        }

[jarjar1]

Hum. Then there is a problem elsewhere. Also what is the difference between Absolute and Relative? Is it relative to the function starting point vs Absolute relative to the module base?

The value returned by Bytes being read from the wrong memory location.

EDIT2: byte[] bytes = MemoryIn.ReadBytes(memory, 0x04, true); // Is instant C# crash.
EDIT3: Still dont get how it works. The value I need is pointed to by EAX 'ASCII "15"'. The final call before ending the GetLocalizedText sets EAX. If I set the Delegate to type string (was worth a try) it crashes upon registering the callback.

EDIT4: No matter how I arrange it.. always crash on byte[] bytes = MemoryIn.ReadBytes(memory, 0x50, true);
EDIT5: I basically just need to extract the value from EAX before it returns. How to do?
EX:

Code:

        [UnmanagedFunctionPointer(CallingConvention.ThisCall)]
        private delegate void LuaGetTextDelegate(
        IntPtr @this, out IntPtr instance, int minone);
        private static LuaGetTextDelegate GetLocalizedText;

                Marshal.Copy(data, 0, memory, data.Length);
                Marshal.WriteByte(memory + data.Length, 0);

                GetLocalizedText(InProcGetActivePlayer(), out memory, -1);
                byte[] bytes = MemoryIn.ReadBytes(memory, 0x50, true);

Code:

       
        [UnmanagedFunctionPointer(CallingConvention.ThisCall)]
        private delegate int LuaGetTextDelegate(
        IntPtr @instance2, IntPtr instance, int minone);
        private static LuaGetTextDelegate GetLocalizedText;

 public static string LUA_GetLocalizedText(string query)
        {
            string sResult;

            var data = Encoding.ASCII.GetBytes(query);
            var memory = Marshal.AllocHGlobal(data.Length + 1);
            try
            {
                Marshal.Copy(data, 0, memory, data.Length);
                Marshal.WriteByte(memory + data.Length, 0);

                GetLocalizedText(InProcGetActivePlayer(), memory, -1);
                byte[] bytes = MemoryIn.ReadBytes(memory, 0x50); //problem here
                sResult = Encoding.ASCII.GetString(bytes, 0, bytes.Length + 1);
            }
            finally
            {
                Marshal.FreeHGlobal(memory);
            }
            return sResult;
        }

Code:

//Must be incorrectly passing ECX? probably the first @IntPtr as an arg is wrong?
//Not Working Stack :(
07BEA818     0FE55F06  RETURN to 0FE55F06
07BEA81C     2885FD38  ASCII "freeslots"
07BEA820     FFFFFFFF
07BEA824     5A5537F6  //This was not a problem before. 
07BEA828     647C5D60  clr.647C5D60
07BEA82C     07BEA9DC

//Working Stack
006BFAB4     0CDF0014  RETURN to 0CDF0014 from Wow.012BD7F0
006BFAB8     0CCA0000  ASCII "freeslots"
006BFABC     FFFFFFFF
006BFAC0     0CCB0017  RETURN to 0CCB0017
006BFAC4     00000000
006BFAC8     03A28678
006BFACC     006BFAE8

D3 Easter Egg? :P. I believe that's sometimes seen as a value in AnimPreplayData?

Code:

      
               0xDEADBEEF

[Apoc]

I'd suggest you pick up a book before going any further, you've shown that you lack the understanding to be dealing with this kind of stuff.

[jarjar1]

I dont read. Sorry.

I'd suggest you pick up a book before going any further, you've shown that you lack the understanding to be dealing with this kind of stuff.

[Apoc]

I dont read. Sorry.

Then nobody here will provide you any help.

[jarjar1]

*books/code manuscripts :P. I rather learn by doing, just my learning style. And you must admit its not your basic stuff in books. I am sure I would need to read a whole library to find out why this line says 'must be non-nullable value'.

Code:

MemoryIn.Read<string>((IntPtr)pointer);

PS: Got it to work. Just had to move some things around because I am not 100% on the syntax. And no, I will not go read a 600+ page C# book just because of a misunderstanding of correct C# syntax.

Code:

                var pointer = GetLocalizedText(aPlayer, memory, -1);
                
                sResult = wfa.Objects.Memory.ReadString((IntPtr)pointer, 0x50);

Then nobody here will provide you any help.

[Apoc]

*books/code manuscripts :P. I rather learn by doing, just my learning style. And you must admit its not your basic stuff in books. I am sure I would need to read a whole library to find out why this line says 'must be non-nullable value'.

Code:

MemoryIn.Read<string>((IntPtr)pointer);

PS: Got it to work. Just had to move some things around because I am not 100% on the syntax. And no, I will not go read a 600+ page C# book just because of a misunderstanding of correct C# syntax.

Code:

                var pointer = GetLocalizedText(aPlayer, memory, -1);
                
                sResult = wfa.Objects.Memory.ReadString((IntPtr)pointer, 0x50);

What you're misunderstanding is basic C# syntax. If you're going to work in the language, at least get a solid grasp on the syntax used in it. If you have programming knowledge in other languages, then it won't be a real problem. But "shotgun" coding will get you nowhere in the long run.

[DarkLinux]

@jarjar1
You will never learn by a simple copy and paste... And you dont read? You will never get anywhere like that. You will only be able to create what others have already.. I know many people start by asking for hand outs, and never get anywhere so they try to learn... Anyways.. learn c++ XD .... , @Apoc srry for the high-jacked thread...

[Empted]

I dont read. Sorry.

The more theory you know, the more ideas/solutions you can produce.

[eracer]

@Apoc, is it possible to make this skip entering debug mode when using InProcessMemoryReader? I can comment out "Process.EnterDebugMode();" in MemoryBase.cs but I'm sure there has to be a better way.

Thanks