trying to call a process function using fastcall convention from my program, but got a crash everytime trying to. Have passed so much time on it and can't solve that... need some help please... Here's all needed informations and my trying:
The picture shows the instruction context after a breakpoint when the function's program is running...
And here's my code source:
typedef void (__fastcall * MyFoo)(void * client,DWORD trash, DWORD ConstantD, DWORD objBattid, DWORD zeroParam, DWORD thousParam, float fVal,DWORD targetID);
MyFoo launchMe;
DWORD getProcessBaseAdress(DWORD ProcessID);
char *flyffServer = "insanity flyff\0";
HWND neuzWindow = NULL;
DWORD neuzProcessID = NULL;
DWORD neuzRamAdress = NULL;
HANDLE neuzHandle = NULL;
DWORD clientAdr = NULL;
int main(){
neuzWindow = FindWindowA(0,flyffServer);
//--------------------------------------
if(neuzWindow){
GetWindowThreadProcessId(neuzWindow,&neuzProcessID);
if(neuzProcessID){
neuzHandle = OpenProcess(PROCESS_ALL_ACCESS,false,neuzProcessID);
if(neuzHandle){
neuzRamAdress = getProcessBaseAdress(neuzProcessID); // Extracting Neuz's base address
if(neuzRamAdress){
launchMe = (MyFoo)((DWORD)neuzRamAdress + 0x5C400);
clientAdr = (DWORD)neuzRamAdress + 0x8D0DC0;
printf("Instruction: 0x%08X\n",launchMe);
printf("Client ADR: 0x%08X\n",clientAdr);
for(;;Sleep(100)){
//------------ init params ------------
void * client = (void*)clientAdr;
DWORD trashDX = (DWORD)0x0000000B;
DWORD msge = (DWORD)0x0000001D;
DWORD selectedBattID = 0x04D4A929;
DWORD zeroParam = (DWORD) 0x00000000;
DWORD milleParam = 0x00010000;
float speedAtt = 0.07f;
DWORD targetID = 0x0089B964;
printf("0x%08X\n0x%08X\n0x%08X\n0x%08X\n0x%08X\n0x%08X\n%f\n0x%08X\n",
client,
trashDX,
msge,
selectedBattID,
zeroParam,
thousParam,
speedAtt,
targetID
);
launchMe(client,trashDX,msge,selectedBattID,zeroParam,milleParam,speedAtt,targetID); // -> Error
scanf("%d",&trashDX); // for blocking the program
return 0;
}
}
else printf("Unable to access to Neuz's Ram Adress\n");
}
else printf("Unable to obtain neuz's handle\n");
}
else printf("Unable to detect neuz's process ID\n");
}
else printf("Unable to detect neuz's window\n");
return 0;
}
DWORD getProcessBaseAdress(DWORD ProcessID){
HANDLE hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, ProcessID);
MODULEENTRY32 me32;
me32.dwSize = sizeof(MODULEENTRY32);
Module32First(hModuleSnap,&me32);
return (DWORD) me32.modBaseAddr;
}
Thanks in advance :) ...
As said IInspectable in his comment, the problem came from accessing virtual space of another process. Checking Windows memory management and DLL injection have solved the problem for me ... maybe anyone would face that in the futur.
User contributions licensed under CC BY-SA 3.0