Quote:
Originally Posted by mildegusti
Hello, i'm trying to make my first send hack without asm inline code but the client crashes at injection and i dont know why 
That's the code for calling the send attack function i'm fighting with:
Code:
DWORD baseaddr = (DWORD)GetModuleHandleW(NULL);
uint32_t targetvid = ((baseaddr + 0x000B4EF3) + (baseaddr + 0x000FA4FA));
uint8_t push0 = (uint8_t)(baseaddr + 0x000F7C66);
uint32_t movlast = (uint32_t)(baseaddr + 0x000F7C67);
void SendAttackPacket(const uint32_t movlast, const uint8_t push0, const uint32_t targetvid)
{
typedef bool(__thiscall* tSendAttackPacket)(int, const uint32_t, const uint8_t, const uint32_t);
const auto fSendAttackPacket = reinterpret_cast<tSendAttackPacket>(baseaddr + 0x000F7C6A); /* SendAttackPacket Function Call */
if (fSendAttackPacket)
fSendAttackPacket(*reinterpret_cast<uintptr_t*>(baseaddr + 0x000F7C57), movlast, push0, targetvid); /* CNetworkStream Class Pointer Instance */
}
and that's the main function
Code:
void(Main)
while (true)
{
SendAttackPacket(movlast, push0, targetvid);
Sleep(10);
}
this is the code in cheat engine
if someone has any ideea i'm all ears |
It's very simple, you call that function bad, below i wrote right parameters for that function and what are:
typedef bool(__thiscall* tSendAttackPacket)(void* pthis, UINT uMotAttack, DWORD dwVIDVictim);
tSendAttackPacket SendAttackPacket = (tSendAttackPacket)0xCCCCCCCC; // address for that function from memory
As you can see, the first parameter of this function is "pThis", now you probably ask me what is it? That parameter is instance pointer address of this class: "CPythonNetworkStream" (you need to be sure if the address for this class is correctly, else you receive crash from application), next parameter is "type of motion attack" where the default value is 0 (type of attack) and the last parameter is "VID" (you must be sure again if the VID for target entity is valid as well).
From your capture, i seen this instruction: "mov [ebp - 24], eax", where after this instruction: "call 00D020F0" you receive in "eax" register, address for "CPythonNetworkStream"
Now, when you have all address, you must call something like this that function "SendAttackPacket":
DWORD CPythonNetworkStream = 0xAAAAAAAA; // address for CPythonNetworkStream
DWORD uMotAttack = 0; // type of motion attack
DWORD dwVIDVictim = 0XBBBBBBBB; // your target vid, usually i recommand to use GetTargetVID function from
to return correct VID from the target
SendAttackPacket((void*)(*(DWORD*)CPythonNetworkSt ream), uMotAttack, dwVIDVictim);
Now, after this, the function will send a hit to that entity with that "VID", is simple.
