Deprecated: The behavior of unparenthesized expressions containing both '.' and '+'/'-' will change in PHP 8: '+'/'-' will take a higher precedence in /home/iano/public_html/tpforums-vb5/forum/includes/class_core.php on line 5842

PHP Warning: Use of undefined constant MYSQL_NUM - assumed 'MYSQL_NUM' (this will throw an Error in a future version of PHP) in ..../includes/init.php on line 165

PHP Warning: Use of undefined constant MYSQL_ASSOC - assumed 'MYSQL_ASSOC' (this will throw an Error in a future version of PHP) in ..../includes/init.php on line 165

PHP Warning: Use of undefined constant MYSQL_BOTH - assumed 'MYSQL_BOTH' (this will throw an Error in a future version of PHP) in ..../includes/init.php on line 165

PHP Warning: "continue" targeting switch is equivalent to "break". Did you mean to use "continue 2"? in ..../includes/functions_navigation.php on line 588

PHP Warning: "continue" targeting switch is equivalent to "break". Did you mean to use "continue 2"? in ..../includes/functions_navigation.php on line 612

PHP Warning: Use of undefined constant archive_postsperpage - assumed 'archive_postsperpage' (this will throw an Error in a future version of PHP) in ..../archive/index.php on line 456
Hooked use [Archive] - Forums
PDA

View Full Version : Hooked use


Peter12
02-24-2015, 12:56 PM
Hello,
I have problem with hooked Tibia 7.72 use.
I hooked it like this:

typedef void _UseContainerItem(int arg1, int arg2, int arg3, int arg4, int arg5, int arg6);
static _UseContainerItem *UseContainerItem = (_UseContainerItem*)0x438FA6;
When Tibia calls this function it looks like this:
http://iv.pl/images/47682814448177965729.png
But when i call this function:


UseContainerItem(0, 2, 0xE0F, 2, 0x40, 0xFFFF);
it looks like this:
http://www.iv.pl/images/55271870089638951798.png
Could anyone tell me what is wrong?
ottizy
02-24-2015, 01:32 PM
the 0x40 argument is carried via EDI, not the stack.
Peter12
02-24-2015, 08:56 PM
So how should i modify this?
ottizy
02-24-2015, 09:19 PM
Not sure if this will work, could you show us some more of what is done in asm before the function is called?



DWORD arg5 = 0xFFFF;
DWORD arg4 = 2;
DWORD arg3 = 0xE0F;
DWORD arg2 = 2;
DWORD arg1 = 0;
DWORD EDIarg = 0x40;

DWORD function = 0x438FA6;

__asm{
PUSH arg1
PUSH arg2
PUSH arg3
PUSH arg4
PUSH arg5
MOV EDI, EDIarg
CALL function
}
Peter12
02-24-2015, 09:55 PM
Same thing :|http://iv.pl/images/75740161547650795673.png


@edit
ok, i figured it out.
Just wrong address. I should enter the function first.