The function is being called inside a function starting at address 0x465730 in PWI
The function I'm looking for is called twice here, namely at 0x4657C7 and 0x465879. The code where it is called looks something like this:
Now, I'm interested in the value that is put into EAX right after the function call. What this function does: It takes in a pointer to your coords, a pointer to the result and a pointer to the angles of the floor you're standing at, oh and 1000.0 (god knows what for).
In the result it will store some coords again, among which is the height of whatever object is right under you (for example the floor). The reason I want to call this function, is that instead of your character's coordinates I'd throw in some random other coords and see the height of whatever object at that point, so I'd know whether I can jump over it, wallhack through it, or simply have to avoid that spot.
You can get the height of any coord in about 256 meter radius around you. I've managed to get results I want by setting breakpoints in MHS and automatically increasing the character's coords, so I know it is possible and shouldn't crash because of that.
Sadly, when I try to inject some opcode to call it with custom coordinates (or even my own) the stupid game crashes after it returns from the function. Obviously I'm doing something wrong in the opcode I use to call the function, but I'm lost as to what is causing this.
Some code I've used to try it:
Code:
byte[] functionOpcode = new byte[]
{
0x60, //PUSHAD
0x9C, //PUSHFD
0x68, 0x00, 0x00, 0x7A, 0x44, //PUSH 1000.0F
0x68, 0x78, 0x56, 0x34, 0x12, //PUSH anglesAddress
0x68, 0x89, 0x67, 0x45, 0x23, //PUSH returnCoordsAddress
0x68, 0x90, 0x78, 0x56, 0x34, //PUSH playerCoordsAddress
0xB8, 0xA0, 0x88, 0x40, 0x00, //MOV EAX, funcAddress
0xFF, 0xD0, //CALL EAX
0x9D, //POPFD
0x61, //POPAD
0xC3 //RET
};
int opcodeAddress = MemFunctions.AllocateMemory(processHandle, functionOpcode.Length);
MemFunctions.MemWriteBytes(processHandle, opcodeAddress, functionOpcode);
int anglePtrAddress = opcodeAddress + 8;
int returnPtrAddress = opcodeAddress + 13;
int coordPtrAddress = opcodeAddress + 18;
int functionAddress = opcodeAddress + 23;
//Handle angle
int anglePtr = MemFunctions.AllocateMemory(processHandle, 12);
int playerPointer = player.getPlayerAddress();
MemFunctions.MemWriteInt(processHandle, anglePtrAddress, playerPointer + 0xBAC);
//Return values
int returnPtr = MemFunctions.AllocateMemory(processHandle, 4);
MemFunctions.MemWriteInt(processHandle, returnPtrAddress, returnPtr);
//Current Coordinates
int coordPtr = MemFunctions.AllocateMemory(processHandle, 12);
Coordinates currentCoords = player.coordinates;
MemFunctions.MemWriteFloat(processHandle, coordPtr + 0, currentCoords.x);
MemFunctions.MemWriteFloat(processHandle, coordPtr + 4, currentCoords.y + 1);
MemFunctions.MemWriteFloat(processHandle, coordPtr + 8, currentCoords.z);
MemFunctions.MemWriteInt(processHandle, coordPtrAddress, coordPtr);
//Run the opcode
IntPtr threadHandle = MemFunctions.CreateRemoteThread(processHandle, opcodeAddress);
//Wait for opcode to be done
MemFunctions.WaitForSingleObject(threadHandle);
float result = MemFunctions.MemReadFloat(processHandle, returnPtr);
//Close the thread
MemFunctions.CloseProcess(threadHandle);
return result;
Any help would be appreciated
