Cast Skill Function (Help?)

07/26/2011 14:42 Shortpants#1
Hey,

I have tried to reverse engineer the cast skill function, and I am unsure from where I should inject the code.

[Only registered and activated users can see links. Click Here To Register...]

If you need more information yourself, the Skill function starts at 0x00462960.

Any help would be appreciated!
07/26/2011 17:36 Sᴡoosh#2
__ASM {
push 0xff
push 0x00
push 0x00
mov edx,[ecx+0x08]
mov ecx,esi
push skillID
call __Skill
}

Cheers
07/27/2011 03:01 Shortpants#3
Quote:
Originally Posted by 2981611 View Post
__ASM {
push 0xff
push 0x00
push 0x00
mov edx,[ecx+0x08]
mov ecx,esi
push skillID
call __Skill
}

Cheers
It crashes at mov edx, [ecx+0x08]

[00000000]=???

This is most likely because ECX is not set, that is why I asked what I should be injecting because I am not entirely sure :)
07/27/2011 07:46 Interest07#4
Quote:
Originally Posted by Shortpants View Post
It crashes at mov edx, [ecx+0x08]

[00000000]=???

This is most likely because ECX is not set, that is why I asked what I should be injecting because I am not entirely sure :)
Ehm, you're already providing the skillId, no need to pull it from [ecx +0x08]

I'd leave that bit of code out of there if I were you :P

and before calling the function, ECX will be your player pointer (coming from ESI).
07/27/2011 14:28 Shortpants#5
Quote:
Originally Posted by Interest07 View Post
Ehm, you're already providing the skillId, no need to pull it from [ecx +0x08]

I'd leave that bit of code out of there if I were you :P

and before calling the function, ECX will be your player pointer (coming from ESI).
So I will have to set ESI manually?
07/27/2011 15:55 Interest07#6
Quote:
Originally Posted by Shortpants View Post
So I will have to set ESI manually?
Well, you do whatever gets the player pointer in ECX. You can either put in the asm like:
mov ECX, [baseAddress]
mov ECX, [ECX + 1C]
mov ECX, [ECX + 34]

or if somewhere in your program you already have the playerpointer defined right away:
mov ECX, playerPointer

You don't need to use ESI at all, generally the only important register before calling a function is ECX. As this is the 'this' variable. Just make sure to push and pop all the registers you use in your asm code, which is done easiest by using pushad as first operation, and popad just before ret.


This is assuming your intentions are to inject some opcode into the running process and run it via for example CreateRemoteThread. If you want to edit the client for some reason then it would depend on how you plan on doing this.
07/27/2011 21:30 Shortpants#7
Thank you, and no I am executing everything through an injected DLL. I already have most functions working but this one was different. :-]