Fastcall function crashes

0

trying to call a process function using fastcall convention from my program, but got a crash everytime trying to. Have passed so much time on it and can't solve that... need some help please... Here's all needed informations and my trying:

enter image description here

The picture shows the instruction context after a breakpoint when the function's program is running...

And here's my code source:

typedef void (__fastcall * MyFoo)(void * client,DWORD trash, DWORD ConstantD, DWORD objBattid, DWORD zeroParam, DWORD thousParam, float fVal,DWORD targetID);
MyFoo launchMe;

DWORD getProcessBaseAdress(DWORD ProcessID);

char *flyffServer = "insanity flyff\0";

HWND neuzWindow = NULL;
DWORD neuzProcessID = NULL;
DWORD neuzRamAdress = NULL;
HANDLE neuzHandle = NULL;
DWORD clientAdr = NULL;

int main(){
neuzWindow = FindWindowA(0,flyffServer);
//--------------------------------------
if(neuzWindow){
    GetWindowThreadProcessId(neuzWindow,&neuzProcessID);

    if(neuzProcessID){
        neuzHandle = OpenProcess(PROCESS_ALL_ACCESS,false,neuzProcessID);

        if(neuzHandle){
            neuzRamAdress = getProcessBaseAdress(neuzProcessID); // Extracting Neuz's base address

            if(neuzRamAdress){
                launchMe = (MyFoo)((DWORD)neuzRamAdress + 0x5C400);
                clientAdr = (DWORD)neuzRamAdress + 0x8D0DC0;

                printf("Instruction: 0x%08X\n",launchMe);
                printf("Client ADR: 0x%08X\n",clientAdr);

                for(;;Sleep(100)){
                    //------------ init params ------------
                    void * client = (void*)clientAdr;
                    DWORD trashDX = (DWORD)0x0000000B;
                    DWORD msge = (DWORD)0x0000001D;
                    DWORD selectedBattID = 0x04D4A929;
                    DWORD zeroParam = (DWORD) 0x00000000;
                    DWORD milleParam = 0x00010000;
                    float speedAtt = 0.07f;
                    DWORD targetID = 0x0089B964;

                    printf("0x%08X\n0x%08X\n0x%08X\n0x%08X\n0x%08X\n0x%08X\n%f\n0x%08X\n",
                        client,
                        trashDX,
                        msge,
                        selectedBattID,
                        zeroParam,
                        thousParam,
                        speedAtt,
                        targetID
                    );

                        launchMe(client,trashDX,msge,selectedBattID,zeroParam,milleParam,speedAtt,targetID); // -> Error 
                        scanf("%d",&trashDX); // for blocking the program
                        return 0;
                }
            }
            else printf("Unable to access to Neuz's Ram Adress\n");
        }
        else printf("Unable to obtain neuz's handle\n");
    }
    else printf("Unable to detect neuz's process ID\n");
}
else printf("Unable to detect neuz's window\n");
return 0;
}

DWORD getProcessBaseAdress(DWORD ProcessID){
    HANDLE hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, ProcessID);
    MODULEENTRY32 me32;
    me32.dwSize = sizeof(MODULEENTRY32);
    Module32First(hModuleSnap,&me32);
    return (DWORD) me32.modBaseAddr;
}

Thanks in advance :) ...

windows
function
memory
crash
fastcall
asked on Stack Overflow Aug 9, 2017 by Mssm • edited Aug 9, 2017 by Mssm

1 Answer

1

As said IInspectable in his comment, the problem came from accessing virtual space of another process. Checking Windows memory management and DLL injection have solved the problem for me ... maybe anyone would face that in the futur.

answered on Stack Overflow Aug 11, 2017 by Mssm • edited May 19, 2020 by Mssm

User contributions licensed under CC BY-SA 3.0