-
Established Member
How to click CSimpleButton
I've only got CSimpleButton_Click, however not find CSimpleButton::OnClick.
Code:
__int64 __fastcall CSimpleButton_Click(__int64 a1)
{
unsigned int v2; // eax
_BYTE *v3; // rsi
_BYTE *v4; // rax
__int64 result; // rax
char *v6; // rbp
__int64 v7; // rbx
unsigned int v8; // eax
const char *v9; // [rsp+48h] [rbp+10h] BYREF
v2 = sub_1D49B00();
v3 = 0i64;
v9 = 0i64;
v4 = sub_3B5DA0(&v9, a1, v2, 1u, 0, 0);
if ( v9 )
luaL_error(a1, v9);
else
v3 = v4;
if ( (v3[18] & 5) != 0 )
{
luaL_error(a1, aClickCannotBeC);
result = 0i64;
}
else
{
v6 = aLeftbutton;
if ( (unsigned int)sub_19E67E0(a1, 2i64) )
v6 = (char *)sub_19E8180(a1, 2u, 0i64);
v7 = *(_QWORD *)v3;
v8 = lua_toboolean(a1, 3i64);
(*(void (__fastcall **)(_BYTE *, char *, _QWORD, _QWORD))(v7 + 496))(v3, v6, v8, 0i64);
result = 0i64;
}
return result;
}
There is a function pointer call in CSimpleButton_Click, is that CSimpleButton::OnClick?
Try to pass through address of StaticPopup1Button1 to v2 to direct call.
Code:
"StaticPopup1"
"StaticPopup1Text" = ""
"StaticPopup1Button1"
"StaticPopup1Button1Text" = ""
Code:
click_popup_frame_func = Functions.click_popup_frame_functype(Addr + 0x1F0 )
X = b'LeftButton'
click_popup_frame_func(Addr, ctypes.c_char_p(X), ctypes.c_int64(1), ctypes.c_int64(0))
I avoid call lua directly.
But got a failure. Could you pls give me some advice?
Code:
exception: access violation writing 0x000001D85B2620B8
Any address or hints are welcome.
Thanks very much.
Last edited by oiramario; 05-09-2021 at 09:39 PM.
-
Established Member
For reversing how to click frames there is a better function to check out,
In IDA there is one function with the string, ":Click cannot be called on Forbidden frames." which I believe corresponds to wow lua's "Frame.Click()"
In this function you'll see there is a call to a function from the frame's vmt
And here is a demo of how you can use those vmt functions
=== Frame Struct ===
Code:
#pragma pack(push, 1)
class Frame
{
public:
uintptr_t vmt; // 0x08
char padding_0x20[0x18]; // 0x20
char* name; // 0x28
char padding_0xC8[0xA0]; // 0x28 - 0xC8
uint32_t visible; // 0xC8 - 0xCC
};
#pragma pack(pop)
Code:
void Frames::ClickFrame(const Frame* frame) {
auto click = *reinterpret_cast<void(__fastcall**)(const Frame*, const char*, BOOL, int64_t, BYTE, BYTE)>(frame->vmt + Offsets::Frame_Click);
click(frame, "LeftButton", false, 0i64, 0, 0);
}
void Frames::RightClickFrame(const Frame* frame) {
auto click = *reinterpret_cast<void(__fastcall**)(const Frame*, const char*, BOOL, int64_t, BYTE, BYTE)>(frame->vmt + Offsets::Frame_Click);
click(frame, "RightButton", false, 0i64, 0, 0);
}
-
Post Thanks / Like - 1 Thanks
oiramario (1 members gave Thanks to _chase for this useful post)
-
Established Member
Thank you very much. It's solved.
We're talking about the same function: CSimpleButton::OnClick, you could get it with Object_FillScriptMethodTable or FrameScript::RegisterFunctionNamespaceWithCount.
More lua functions are useful to reverse engineering even you dont call them.
Thanks for @charles420. This will be helpful. https://www.ownedcore.com/forums/wor...a-scripts.html
Code:
auto ret0 = MemoryRead<uint64_t>(StaticPopup1Button1Address);
auto ret1 = MemoryRead<uint64_t>(ret0 + ClickOffset);
Last edited by oiramario; 05-12-2021 at 06:50 PM.