| View previous topic :: View next topic |
| Author |
Message |
Frouk
Grandmaster Cheater
![]() Reputation: 5
Joined: 22 Jun 2021
Posts: 510
|
 Posted: Mon May 30, 2022 1:18 am Post subject: Call vtbl function |
 |
|
So i tried to call function from virtual table, it crashes for me, am i doing something wrong?
So the virtual table is having a lot of functions like fix, teleport, blow and etc.
Virtual table is pointing to the class of vehicle function(for car its CAutomobile::Fix, for bike CBike::Fix and etc.)
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25791
Location: The netherlands
|
| Posted: Mon May 30, 2022 1:57 am Post subject: |
|
|
very likely you're doing it wrong yes
Called it from the wrong thread?
Gave the wrong parameters?
Used the wrong calling convention?
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Frouk
Grandmaster Cheater
![]() Reputation: 5
Joined: 22 Jun 2021
Posts: 510
|
| Posted: Mon May 30, 2022 2:21 am Post subject: |
|
|
all function that in vtbl are having only one parameter(vehicle *this) where vehicle represents the type of it
i'm calling the function as default | Code: | | ((int(__cdecl *)(int))addr)(vehicle); |
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25791
Location: The netherlands
|
| Posted: Mon May 30, 2022 2:25 am Post subject: |
|
|
is the target 32-bit ?
and is addr correct?
and are you sure it's __cdecl ? (If it's 32-bit, the function ends with a ret. If it ends with ret 4 , it's stdcall )
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Frouk
Grandmaster Cheater
![]() Reputation: 5
Joined: 22 Jun 2021
Posts: 510
|
| Posted: Mon May 30, 2022 2:39 am Post subject: |
|
|
yes target is 32 bit
and its virtual table addr will change corresponding to a vehicle type
i'm doing this to "fix" vehicle
| Code: | local vtbl = readPointer(FindPlayerPed().ped:GetVehicle().addr)
local vtbl_fix = readPointer(vtbl+0xC8) --> fix function
local s = [[
globalalloc(fixVtbl,128)
createThread(fixVtbl)
fixVtbl:
{$ccode}
((int(__cdecl *)(int))0x%x)(%d); // i guess its digits?
{$asm}
ret
]]
autoAssemble(s:format(vtbl_fix,FindPlayerPed().ped:GetVehicle().addr)) |
in IDA end of function is retn
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25791
Location: The netherlands
|
| Posted: Mon May 30, 2022 5:08 am Post subject: |
|
|
check if the function you're calling assumes ECX is filled in, or if it takes it from the stack each time
else try
| Code: |
fixVtbl:
mov ecx,%x
{$ccode}
((int(__cdecl *)(int))0x%x)(%d); // i guess its digits?
{$asm}
ret
]]
autoAssemble(s:format(FindPlayerPed().ped:GetVehicle().addr, vtbl_fix,FindPlayerPed().ped:GetVehicle().addr))
|
also, instead of ccode you could try executeMethod:
| Code: |
executeMethod(1, nil, vtbl_fix, FindPlayerPed().ped:GetVehicle().addr)
|
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Frouk
Grandmaster Cheater
![]() Reputation: 5
Joined: 22 Jun 2021
Posts: 510
|
| Posted: Mon May 30, 2022 5:20 am Post subject: |
|
|
| i'll try it
|
|
| Back to top |
|
|
Frouk
Grandmaster Cheater
![]() Reputation: 5
Joined: 22 Jun 2021
Posts: 510
|
| Posted: Thu Jun 02, 2022 6:03 am Post subject: |
|
|
It works, thank you
EDIT:
How is execute method works?
Also is that possible to call an empty function(no parameters) with executeMethod?
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25791
Location: The netherlands
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
