Calling ingame function through C++? [Question]

[nardy0145]

Hello!

I have a question.
I know, that C++ can call ingame functions through pushing register to it.
But when I was debugging LC through x64dbg, I noticed that every ingame function get called from packet sending through messageDispatcher (but I'mm not sure..).
So here is a question:
Can I execute call ingame functions not through packets? Or the only way to it - packet sending?

[universal-lc]

1) LastChaos build is 32bit, so i guess you were referring at the x32dbg.

2) Edit the packet is a little bit better for many reason: for example there could be client side checks that you need to bypass and of course you can not simply push the instructions you have to hook that if you want for example edit it.

3) Directly push may sometimes have unexpected ending or memory corruption which may cause an interrupt from the OS and a deadly ending for you program

4) Is a little bit more easy edit the packet: hook sendtoserver -> malicious hex
and after you have hooked with success this function you don't need to hook and inject all the time new function: if you wanna try another exploit you don't have to work all the time on that function, create a dll injectable (and edited) version of the function and inject it, just need to find the correct combination of the hexadecimal code and you finished!

5) Servers may edits existing function and hide the symbol during the compilation. That's may be a little bit hard to reverse all the time the struct to find how they are build, create a dll version with your own edits and inject it. More easy work all the time on sendtoserver new, the program is ... "more portable"

[nardy0145]

Yeah, of course I'm using x32dbg for LC

So, you mean that the easiest way -> sendtoservernewCmsg -> sniff packets HEX -> Create a dll hook and send hex I needed?

[wurstbrot123]

Quote:

Originally Posted by nardy0145

Hello!

I have a question.
I know, that C++ can call ingame functions through pushing register to it.

While Packets are always the better / easier way ( basicly once you
have the Packetfunctions / Proxy you can do a lot without
having tons of Functions ), Typedefs are much better than pushes etc.

Here's an example of my old Hack:

Code:

typedef void ( __thiscall* CNetwork_GoZone )( void *ecx, int zone, int extra, int npc );
CNetwork_GoZone oGoZone = 0;

oGoZone = (CNetwork_GoZone)GetProcAddress( huInst, "?GoZone@CNetworkLibrary@@QAEXHHH@Z");

// after that just call it wit hthe right parameters
oGoZone( params...);

Of course GetProcAddress wont work anymore now a days
as far as i know but that just means you either use findpattern
to find your Function or put the Address directly.

You can of course do the same with SendToServerNew function.

Of course this requires you to also develope a Packetsniffer
to know what OP Codes what Packets have and how to build
the Packets to do the Actions you actually want to do ( or have the LC
Sourcecode ).