Showing results 1 to 12 of 12

Thread: [WarCraft III] Say Function(local) (v1.21)

  1. #1

    Default [WarCraft III] Say Function(local) (v1.21)

    thanks to Perma's "[WarCraft III] TextOut Function (v1.21)"

    others can't "hear" what do you say, so it is local.
    be ware that the function "WC3FXN_Say = 0x6F0EF6C0;" is a _fast call, so it uses edx and ecx as a param.
    Code:
     
    void Warcraft_Say(DWORD sText)
    {
        static int WC3FXN_GlobalClass = 0x6F84CC20;
        static int WC3FXN_Say = 0x6F0EF6C0;
        __asm
        {       
            mov eax, WC3FXN_GlobalClass
            mov eax, dword ptr ds:[eax]
            push 0x41200000
            push 0x0//say to whom 0=all 1=ali 2=spec 3=private
            mov ecx, sText
            push ecx
            push 0x0//which player(interesting),can be modified from 0-10
            mov ecx, eax
            mov edx, 0x100
            call WC3FXN_Say
        }
    }
    usage:
    Code:
     
    void main()
    {
    char hi[]="|cff0042ffmaphcak enabled!";
    Warcraft_Say((DWORD)hi);
    }
    Tested under 1.21, works well.

  2. #2

    Advocate
    Shimano's Avatar
    Join Date
    Jan 2007
    Location
    Boise, ID
    Posts
    309

    Default

    Tried it. Works great. love how you can select who to send it to.

  3. #3
    mov esi, 0x0539 Senior Member
    Retired Staff Member

    Saint
    Perma's Avatar
    Join Date
    Jul 2004
    Location
    Canada
    Posts
    6,526

    Default

    Great work!

  4. #4
    Banned

    Deviant

    Join Date
    Nov 2007
    Posts
    75

    Default

    Quote Originally Posted by Shimano View Post
    Tried it. Works great. love how you can select who to send it to.
    Actually, you can't select who to send it to, as no message is really sent :p

    This function is just a upper level function used to format and print the chat after a message is sent.

    Besides that, the function uses the thiscall calling convention, means it uses ecx to pass the so called _this_, all other parameters are pushed on the stack.

    The first parameter has to do with formating the text, it's used to retrieve the name and color of the specified player.

    Not to offend you, but this just looks like a rip off of Perma's published source to call another function..

  5. #5

    Disciple
    ulliklliwi's Avatar
    Join Date
    May 2007
    Location
    The Code Cave after the JMP Gate
    Posts
    568

    Default

    idk if this works, but it should look something like this, if your going to use c/c++
    PHP Code:
    typedef int (WINAPItWC3SAY)(int, const char*, intint);

    tWC3SAY pWC3SAY = (tWC3SAY)0x6F0EF6C0;

    void WC3SendText(const charpszFormat, ...) {
        
    char szBuffer[255] = {'\0'};
        
    va_list vlArgs;

        
    va_start(vlArgs);
        
    _vsnprintf(szBuffersizeof(szBuffer), pszFormatvlArgs);
        
    vs_end(vlArgs);

        
    pWC3SAY(0szBuffer00x412)
    }


    // Call like this
    WC3SendText("%s %d %2X""hi"10x44);
    //or
    WC3SendText("%s: %s""Hack""Enabled"); 

  6. #6

    Disciple
    Rufus's Avatar
    Join Date
    May 2007
    Location
    Liverpool, England, UK
    Posts
    483

    Default

    or you could just use inline asm like he did... lol
    DrubZ says:
    IpwnU would be a great hack name... cuz like.. it's right in ur face

  7. #7

    Disciple
    ulliklliwi's Avatar
    Join Date
    May 2007
    Location
    The Code Cave after the JMP Gate
    Posts
    568

    Default

    Quote Originally Posted by Rufus View Post
    or you could just use inline asm like he did... lol
    the point is dumb ass! that theres no need for asm, cuz if you want to use asm, then program in MASM, or some other asm language.

  8. #8
    Banned

    Deviant

    Join Date
    Oct 2005
    Location
    www.w3jsp.com
    Posts
    49

    Default

    Quote Originally Posted by Rufus View Post
    or you could just use inline asm like he did... lol
    And that results in messy code. :/

  9. #9

    Default

    to zev:
    thanks for your imformative "_this call", and "_this_", i think i have made a mistake on saying it's a _fast call.

    after reading Perma's published source i had a basic idea about War3's calls, other wise i could't figure out that _this_ pointer.

    i was just trying to share something .

    to ulliklliwi:
    inline asm is sometime not so messy, it is deep into the core and sometime helpful. especially for me who don't know how to declare a _this call(any one can tell me how to do this?)

    at the end, if you feel inline asm is messy, you can build a "call gate",
    it looks something like this:
    Code:
    __declspec(naked) VOID A_call(d,c,b,a)
    {
     _asm
     {
    PUSH a
    PUSH b
    PUSH c
    PUSH d
    mov ecx, _this_
    jmp address
    //don't use call address because the ret address has already been pushed into the stack when you called "A_call(d,c,b,a)", and the _naked convention won't do anything to the stack.
     }
    }

  10. #10

    Disciple
    ulliklliwi's Avatar
    Join Date
    May 2007
    Location
    The Code Cave after the JMP Gate
    Posts
    568

    Default

    Quote Originally Posted by helinwang View Post
    to zev:
    thanks for your imformative "_this call", and "_this_", i think i have made a mistake on saying it's a _fast call.

    after reading Perma's published source i had a basic idea about War3's calls, other wise i could't figure out that _this_ pointer.

    i was just trying to share something .

    to ulliklliwi:
    inline asm is sometime not so messy, it is deep into the core and sometime helpful. especially for me who don't know how to declare a _this call(any one can tell me how to do this?)

    at the end, if you feel inline asm is messy, you can build a "call gate",
    it looks something like this:
    Code:
    __declspec(naked) VOID A_call(d,c,b,a)
    {
     _asm
     {
    PUSH a
    PUSH b
    PUSH c
    PUSH d
    mov ecx, _this_
    jmp address
    //don't use call address because the ret address has already been pushed into the stack when you called "A_call(d,c,b,a)", and the _naked convention won't do anything to the stack.
     }
    }
    PHP Code:
    #define WC3FXN_GlobalClass *((int*)0x6F84CC20)

    class Wc3 {
        
    /*virtual function pointers here */
        
    virtual void SendText(/*blah*/);
        
    /*members here*/
    }


    // set like so

    Wc3pWc3 = (Wc3*)WC3FXN_GlobalClass;

    //call like
    pWc3->SendText(/*blah*/); 
    but ull need to use a program like structBuild or reclass to reverse engineer the wc3 class. in c++/c u not need to use thiscall to call functions. if u want to you need to do the way in the example. the 1st way i post is how you call that function with out thiscall convertion.
    Last edited by ulliklliwi : 06-17-2008 at 08:52 AM

  11. #11

    Default

    could someone update?

  12. #12

    Default

    Could someone explain how they got to this address?

    I'm not looking for someone to spit out new addresses, but simply some guidance on how it is found.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [Source] TextOut Function for Warcraft 3 v1.22
    By Perma in forum Open Source and Tutorials
    Replies: 19
    Last Post: 05-20-2009, 09:50 AM
  2. [Source] Game State Checking for Warcraft 3 v1.21
    By Perma in forum Open Source and Tutorials
    Replies: 17
    Last Post: 07-21-2008, 06:15 AM
  3. [WarCraft III] Visual Custom Kick
    By sd333221 in forum Old User Downloads
    Replies: 133
    Last Post: 11-21-2007, 11:17 AM

Posting Rules

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •