Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Difficulty understanding __thiscall functions

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
LongBeardedLion
Expert Cheater
Reputation: 0

Joined: 10 Apr 2020
Posts: 172
PostPosted: Fri Jun 05, 2020 2:56 pm    Post subject: Difficulty understanding __thiscall functions Reply with quote
Im trying to call a __thiscall function externally in c++.

I have 1+5 arguments. One being the ECX. And the others are in the stack (supposedly).

But i dont understand what is my first argument. And if im doing it in the right order.
Please have a look at the screenshots and let me know if im doing it right.

So this is the function call:

signed int __thiscall sub_4B0820(int this, int a2, int a3, int a4, int a5, int a6)

int this = 0x14712130; //Number in ECX
int a2 = 0x41; // 1st value in the stack OR should it be 0x004A1538
// Because 004A1538 is also in the stack??
int a3 = 0x1E0001; // 2nd value in the stack
int a4 = 0x0; // 3rd value in stack
int a5 = 0x0; //4th value in stack
int a6 = 0x0; //5th value in stack

Is this right? Or should it be the inverse order

Original call function dll for injection:


Code:

[size=9]#include "Memory.h"

struct _Target
{
   typedef void(__thiscall* _Func)(int pThis, int astring, int bstring, int cstring, int dstring, int estring);
   _Func Func;
   int pThis = 0x14712130; //
   // This is ecx the unit object
   int astring = 0x41;
   int bstring = 0x1E0001;
   int cstring = 0x0;
   int dstring = 0x0;
   int estring = 0x0;
}Target;



DWORD WINAPI MainThread(LPVOID param)
{

   uintptr_t base = (uintptr_t)GetModuleHandle(0);
   Target.Func = (_Target::_Func)(base + 0xB0820);

   while (!GetAsyncKeyState(VK_END))
   {
      if (GetAsyncKeyState(VK_NUMPAD3))
      {
         Target.Func(Target.pThis, Target.astring, Target.bstring, Target.cstring, Target.dstring, Target.estring);
      }
   }
   FreeLibraryAndExitThread((HMODULE)param, 0);
   return 0;
}

BOOL WINAPI DllMain(HINSTANCE hModule, DWORD dwReason, LPVOID lpReserved)
{
   switch (dwReason)
   {
   case DLL_PROCESS_ATTACH:
      CreateThread(0, 0, MainThread, hModule, 0, 0);
      break;
   default:
      break;
   }
   return TRUE;
}[/size]


condition 3.jpg
 Description:
 Filesize:  554.21 KB
 Viewed:  867 Time(s)

condition 3.jpg
condition 2.jpg
 Description:
 Filesize:  115.92 KB
 Viewed:  867 Time(s)

condition 2.jpg
Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 199

Joined: 25 Jan 2006
Posts: 8518
Location: 127.0.0.1
PostPosted: Sat Jun 06, 2020 2:01 pm    Post subject: Reply with quote
__thiscall is a convention used for class objects. ECX holds the base pointer of the class object that is being used for the call. In 99.9% of the cases, that value will not be static/the same, so defining it specifically as having the value '0x14712130' is not going to work.

You would need to find the pointer of the object you plan to use with the call first to ensure you are calling things with the proper object pointer.
_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites