tags:

views:

81

answers:

2
Q: 

Arbitrary pointer to unknown class function - invalid type conversion

I have a hack program; it injects some functions into a target process to control it. The program is written in C++ with inline assembly.

class GameProcMain {
 // this just a class
};

GameProcMain* mainproc; // there is no problem I can do =(GameProcMain*)0xC1EA90

Now I want to define a class function (which set ecx to class pointer) instead of writing assembly.

PPLYDATA GetNearblyMob(__Vector3* cordinate) {
    __asm {
    mov ecx, 0xC1EA90
    enter code here
    push cordinate
    mov edi, 0x4A8010
    call edi
    }
}

I want to define it and call it like.

PPLYDATA (DLPL::*GetNearblyMob)(__Vector3* cordinate);

mainproc->GetNearblyMob(ADDR_CHRB->kordinat)

When I try GetNearblyMob=(PPLYDATA (DLPL::*)(__Vector3*)) 0x4A8010;

It says something like error: invalid type conversion: "int" to "PPLYDATA (DLPL::*)(int, int)"

but I can do this to set the pointer:

void initializeHack() {
__asm {
LEA edi, GetNearblyMob
MOV eax, 0x4A8010
MOV [edi], eax
}
}

Now I want to learn "how I can set GetNearblyMob without using assembly and legitimately in C++".

+1  A: 

I am a bit surprised that it won't you cast like that.

You can try to do something like 

GetNearblyMob=reinterpret_cast<PPLYDATA (DLPL::*)(__Vector3*)> (0x4A8010);

If that still does not work, try

*(int*)(&GetNearblyMob) = 0x4A8010;
 2010-09-05 02:18:47
Thanks for you answer.first is gives this error.error: invalid type conversion: "int" to "PPLYDATA (DLPL::*)(int, int)"1> GetNearblyMob=reinterpret_cast<PPLYDATA (DLPL::*)(int, int)>(0x4A8010);the second is gives expression is non editable, when i remove
 2010-09-05 02:23:27
p.s. i want to click the answer is useful button but it doesn't work on my account yet:)
 2010-09-05 02:24:45
The second option works for me in gcc. "Expression is non editable"? That is a strange error. What is the exact wording? Maybe the function pointer is declared as const?
 2010-09-05 02:33:05
wow sorry, yes. i was tried (int)( i forgot to * operator :D \*(int\*)( it works thank you so much !
 2010-09-05 02:35:19
+1  A: 

The problem is that member functions automatically get an extra parameter for the this pointer. Sometimes you can cast between member and non-member functions, but I don't see the need to cast anything.

Typically it's easier to reverse-engineer into C functions than into C++. C typically has a more straightforward ABI, so you can keep the data structures straight as you work them out.

So, I would recommend

PPLYDATA (*GetNearblyMob)(DLPL *main_obj, __Vector3* cordinate) = 0x12345UL;

and then define your own function

class DLPL {
    GetNearblyMob( __Vector3* cordinate ) {
        return ::GetNearblyMob( this, cordinate );
    }
    // ... other program functions
};
Potatoswatter  2010-09-05 02:45:01
thank you, i will use that.
 2010-09-05 10:00:51

related questions

Of Memory Management, Heap Corruption, and C++
How do I make a GUI?
Alpha blending sprites in Nintendo DS Homebrew
Thread safe lazy contruction of a singleton in C++
Interview Programming Questions - In house Exam
Link issues (VC6)
What are the barriers to understanding pointers and what can be done to overcome them?
Why are professors or schools picking Java over C++ to teach to students?
What is the best way to create a sparse array in C++
C/C++ library for reading MIDI signals from a USB MIDI device
How do you pack a visual studio c++ project for release?
How to set up unit testing for Visual Studio C++
How do I configure and communicate with a serial port?
Lightweight IDE for Linux
Mapping Stream data to data structures in C#
CPU throttling in C++
Asynchronous multi-direction server-client communication over the same open socket?
Exceptions in C++
Heap corruption under Win32; how to locate?
Build for Windows NT 4.0 using Visual Studio 2005?
C++: Should I use nested classes in this case?
BerkeleyDB Concurrency
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
How to use the C socket API in C++ on z/OS