How to click CSimpleButton

[oiramario]

I've only got CSimpleButton_Click, however not find CSimpleButton::OnClick.

Code:

__int64 __fastcall CSimpleButton_Click(__int64 a1)
{
  unsigned int v2; // eax
  _BYTE *v3; // rsi
  _BYTE *v4; // rax
  __int64 result; // rax
  char *v6; // rbp
  __int64 v7; // rbx
  unsigned int v8; // eax
  const char *v9; // [rsp+48h] [rbp+10h] BYREF

  v2 = sub_1D49B00();
  v3 = 0i64;
  v9 = 0i64;
  v4 = sub_3B5DA0(&v9, a1, v2, 1u, 0, 0);
  if ( v9 )
    luaL_error(a1, v9);
  else
    v3 = v4;
  if ( (v3[18] & 5) != 0 )
  {
    luaL_error(a1, aClickCannotBeC);
    result = 0i64;
  }
  else
  {
    v6 = aLeftbutton;
    if ( (unsigned int)sub_19E67E0(a1, 2i64) )
      v6 = (char *)sub_19E8180(a1, 2u, 0i64);
    v7 = *(_QWORD *)v3;
    v8 = lua_toboolean(a1, 3i64);
    (*(void (__fastcall **)(_BYTE *, char *, _QWORD, _QWORD))(v7 + 496))(v3, v6, v8, 0i64);
    result = 0i64;
  }
  return result;
}

There is a function pointer call in CSimpleButton_Click, is that CSimpleButton::OnClick?
Try to pass through address of StaticPopup1Button1 to v2 to direct call.

Code:

        "StaticPopup1"
            "StaticPopup1Text" = ""
        "StaticPopup1Button1"
            "StaticPopup1Button1Text" = ""

Code:

    click_popup_frame_func = Functions.click_popup_frame_functype(Addr + 0x1F0 )
    X = b'LeftButton'
    click_popup_frame_func(Addr, ctypes.c_char_p(X), ctypes.c_int64(1), ctypes.c_int64(0))

I avoid call lua directly.
But got a failure. Could you pls give me some advice?

Code:

exception: access violation writing 0x000001D85B2620B8

Any address or hints are welcome.
Thanks very much.

[_chase]

For reversing how to click frames there is a better function to check out,
In IDA there is one function with the string, ":Click cannot be called on Forbidden frames." which I believe corresponds to wow lua's "Frame.Click()"
In this function you'll see there is a call to a function from the frame's vmt



And here is a demo of how you can use those vmt functions

=== Frame Struct ===

Code:

#pragma  pack(push, 1)
class Frame
{
public:
	uintptr_t vmt; // 0x08

	char padding_0x20[0x18]; // 0x20
	char* name; // 0x28

	char padding_0xC8[0xA0]; // 0x28 - 0xC8
	uint32_t visible; // 0xC8 - 0xCC
};
#pragma  pack(pop)

Code:

void Frames::ClickFrame(const Frame* frame) {
	auto click = *reinterpret_cast<void(__fastcall**)(const Frame*, const char*, BOOL, int64_t, BYTE, BYTE)>(frame->vmt + Offsets::Frame_Click);
	click(frame, "LeftButton", false, 0i64, 0, 0);
}

void Frames::RightClickFrame(const Frame* frame) {
	auto click = *reinterpret_cast<void(__fastcall**)(const Frame*, const char*, BOOL, int64_t, BYTE, BYTE)>(frame->vmt + Offsets::Frame_Click);
	click(frame, "RightButton", false, 0i64, 0, 0);
}

[oiramario]

Thank you very much. It's solved.
We're talking about the same function: CSimpleButton::OnClick, you could get it with Object_FillScriptMethodTable or FrameScript::RegisterFunctionNamespaceWithCount.
More lua functions are useful to reverse engineering even you dont call them.
Thanks for @charles420. This will be helpful. https://www.ownedcore.com/forums/wor...a-scripts.html

Code:

auto ret0 = MemoryRead<uint64_t>(StaticPopup1Button1Address);
auto ret1 = MemoryRead<uint64_t>(ret0 + ClickOffset);