code injection for OnRightClickUnit setting the params of the function

[killmeplease]

Hi all,

So I am trying to call a function OnRightClickUnit at 0x60BEA0 and pass two parameters to it.
Param 1: unit address from the object manager
Param 2: integer with a value of 1 for autoloot

I ve been following up on WiNiFiX post from here https://www.ownedcore.com/forums/wor...ml#post3436933 (1.12.1（5875）AutoLoot)

Code:

 internal void OnRightClickObject(uint baseAddr, int autoLoot)
        {
            if (_wowHook.Installed)
            {
                if (baseAddr != 0 && (autoLoot == 1 || autoLoot == 0))
                {
                    // Write the asm stuff for Lua_DoString
                    String[] asm = new String[]
                        {
                        "push " + autoLoot,
                        "mov ECX, " + (uint)baseAddr,
                        "call " + (uint)Offsets.OnRightClickObject,
                        "retn",
                        };

                    _wowHook.InjectAndExecute(asm);
                }
            }
        }

KeyNote: He is calling OnRightClickObject and I want to call OnRightClickUnit ( two fairly similar functions)

I am primarily using it as a guideline as I am not injecting the way he is doing it. But the principal remains the same.
Set two parameters and call the function at an address.

Now the part that I have been struggling with is setting the two parameters for this function. Previously I have called setTarget with a code cave injection and that worked out fine. But what I would like now is to call OnRightClickUnit. However setting the parameters for that function has proven somewhat tricky. I am not using blackMagic or anything like that I am relying on Windows API for C++ for all Ram related operations.

Could anybody help me out in setting the two parameters for the function.
Thus far I seam to be able to set one of the params without problems. With an opcode of b9. So in essence just a move instruction to move the value that is the address of the unit in the object manager into a register. But am not sure as how to handle the other argument which is 1 for autoloot.

Patch 1.12.1

Thank you all for your time and effort.

[vegoo]

Tested and it works for me. Shellcode injection:

Code:

OnRightClickUnitAddress = 0x60BEA0

def OnRightClickUnit(address):
    FunctionSpacee = VirtualAllocEx(processHandle, 0, 300, VIRTUAL_MEM, PAGE_EXECUTE_READWRITE)
    packedfunctionaddress = struct.pack("i", (OnRightClickUnitAddress - FunctionSpacee - 12))
    packedaddress = struct.pack("i", address)

    injectcode = "\x6A\x01\xB9"
    injectcode += packedaddress
    injectcode += "\xE8"
    injectcode += packedfunctionaddress
    injectcode += "\xC3"

    written = c_ulong()
    thread_id = c_ulong()

    WriteProcessMemory(processHandle, FunctionSpacee, injectcode, len(injectcode), byref(written))
    thisthread = CreateRemoteThread(processHandle, None, 0, FunctionSpacee, None, 0, byref(thread_id))
    if WaitForSingleObject(thisthread, 5000) == 0:
        CloseHandle(thisthread)
        VirtualFree(processHandle, FunctionSpacee, 0, 0x8000)

I assumed autoloot is 1. Simple call with address from objectmanager.

[DarkLinux]

But am not sure as how to handle the other argument which is 1 for autoloot.

I feel like you don't really know what you're doing. Sounds like you understand the mov, but what don't you get about the push? You have the source... If you don't know the hex value then open CE, allocate some memory and enter the asm. Really hard to help when it looks like you have a large disconect.

[killmeplease]

Okay so I see what the problem was. I simply used a wrong push. Thank you both.