[Help]How to call this function from c++ dll

07/29/2016 23:43 mhcruz#1

Hi, I need some help, i see some tutorials but i cant understand how do this:

I want call SendAttackPacket From c++ dll

i Read process from GF metin2 (GF.es Server) i obtain this, now what i need do
[Only registered and activated users can see links. Click Here To Register...]

In the picture i have reference string to get where are the function and
i can see in the memory viewer where start function etc...

What i need do now ?

Pls if you add me to skype i will thankful
My skype: the.cruz97

Yeah, my english is... like shit but i can speak and understand....

07/30/2016 01:46 _asm#2

either send the packet, the length seems to be 8 and the actual buffer (packet data) is in eax.
0x4b5242 also seems to be a call to sub-function (maybe an api call?) which you can use in combination with a function pointer in c++.
i'd go with the first method and rather send the packet since you won't need to update each address when the client binary is recompiled...
of course you can always use inline assembler and call the function with it's appropriate parameters.

general approach: set a breakpoint at the beginning of the function and follow the address in the stack. then see what the function actually does, e.g. find out which parameters need to be passed or what datatype it returns.
and finally "re-create" the function in your code.

07/30/2016 02:34 mhcruz#3

Quote:

Originally Posted by _asm

either send the packet, the length seems to be 8 and the actual buffer (packet data) is in eax.
0x4b5242 also seems to be a call to sub-function (maybe an api call?) which you can use in combination with a function pointer in c++.
i'd go with the first method and rather send the packet since you won't need to update each address when the client binary is recompiled...
of course you can always use inline assembler and call the function with it's appropriate parameters.

general approach: set a breakpoint at the beginning of the function and follow the address in the stack. then see what the function actually does, e.g. find out which parameters need to be passed or what datatype it returns.
and finally "re-create" the function in your code.

I will try the break point to see parameters etc, but when i have this how to i can put this code in c++?, i read that i need re-create function in asm code, but i dont know how, and what is classmanager

PD, any can say to gameforge that GameGuard is like a shit ? xD, more easy bypass is impossible

PD2............. Stupid GameGuard, I cant make a breakpoint, gameguard send initial error 500, i try jump this error or simple return but game close intantly....
---------------------------------------------------------------------------------------
Hi again, I bypass this stupid gameguard breakpoint detect

I breakpoint the jne before of the Send Battle Attack Error message

i got this but i dont know what i do now :/

[Only registered and activated users can see links. Click Here To Register...]

BP in start of function:

[Only registered and activated users can see links. Click Here To Register...]

if any can help me....

08/05/2016 20:47 EasyFarm#4

Remember the address on the left and go to the start of the binary. Then look where the address gets called

08/07/2016 03:07 mhcruz#5

i need any to explaim me how i can do this... i try 34513 things and all dont do nothing or crash game i dont know what are happening, i try simple call pickcloseitem (supposedly more easy) but i cant pick one item ;/

If any can add me to skype: the.cruz97
thx...!

-------------------------------------------------
Hi again, Im trying call SendItemDropPacket (Only need one argument item position)

i make this:
DWORD SendItemDropPacket = 0x0058C140;
__asm{
PUSH 0x00000001 //Position of item
CALL SendItemDropPacket
}

0x0058C140 is possition of function
I push 1 because is position of item
and i think that im calling it correctly but dont happens anything

i really dont know what i doing wrong, and dll get correct injected because i put MessageBox in dll to say me when finish

then i dont know what happens... if any can help me....

08/12/2016 05:34 mhcruz#6

----------------------------------------------------------------------
I follow another tutorial and i make this:

Code:

#include <windows.h>

int(*WriteToSyserr)(const char*) = (int(*)(const char*))0x0064A290;
int(*SendBattleAttackPacket)(UINT,DWORD) = (int(*)(UINT, DWORD))0x0057E490;
void (*PickCloseItem)() = (void(*)())0x004C35A0;

int Main() {
	while (true)
	{
		Sleep(250);
		//PickCloseItem();//<-- Fails Why?
		//SendBattleAttackPacket(0, 222535);//<-- Fails Why? (0 is type of attack, 222535 is VID of mob)
		WriteToSyserr("syserror test");//<-- Works
	}
	return 0;
}

BOOL APIENTRY DllMain(HMODULE hModule, DWORD  ul_reason_for_call, LPVOID lpReserved)
{
	switch (ul_reason_for_call)
	{
	case DLL_PROCESS_ATTACH:
		CreateThread(0, NULL, reinterpret_cast<LPTHREAD_START_ROUTINE>(Main), hModule, 0, NULL);
	case DLL_PROCESS_DETACH:
		break;
	}
	return TRUE;
}

I can make sys error witout problems but sendbattleattackpacket and pickcloseitem fails, and idont know why, address are correctly

Thanks to Mercel i resolve my problem

The problem is that i dont push net module pointer in ecx

Now works perfectly

Code:

		DWORD SendBattleAttackPacket = 0x0057E490;
		int VID = 335752;
		__asm {
			mov ecx, DWORD PTR DS : [0x01A8D57C]
			push VID
			push 0
			call SendBattleAttackPacket
		}

Bye!!

08/02/2021 23:12 warrior1111#7

Hi @[Only registered and activated users can see links. Click Here To Register...], can you share your tutorial with me? I can't find a tutorial about this thread. Thank you in advance.