Correct me

Could you please correct me if im wrong. I want to make sure im understanding this.

Im making some of these up I just want to understand the concept of it

Description:
Retrieving the module handle to store in a DWORD.

Code:

DWORD CShellBase = (DWORD) GetModuleHandle("cshell.dll");

Question:
Why do we need to retrieve the modulehandle?

Description:
Add the LTC to the ModuleHandle that you retrieved before.

Code:

DWORD *LTClient = ( DWORD* )( (CShellBase + 0x005976) );

Question:
Why do you need to add it to the ModuleHandle? Why not just the LTC?

This little section if from Lauwy's Tutorial for a base:

Code:

void __cdecl PushToConsole(char* szVal ) {
	DWORD dwCShell = (DWORD)GetModuleHandleA("CShell.dll");
	if( dwCShell != NULL )
	{
		DWORD *LTClient = ( DWORD* )( (dwCShell + 0x299D40) );
		void* CONoff = ( void* )*( DWORD* )( *LTClient + 0x1F8 );
		_asm
		{
			push szVal;
			call CONoff;
			add esp, 4;
		}
	}
}

Question:
What is this doing exactly?

Thanks in advance

Originally Posted by aanthonyz

Code:

DWORD CShellBase = (DWORD) GetModuleHandle("cshell.dll");

Question:
Why do we need to retrieve the modulehandle?

Description:
Add the LTC to the ModuleHandle that you retrieved before.

Code:

DWORD *LTClient = ( DWORD* )( (CShellBase + 0x005976) );

Question:
Why do you need to add it to the ModuleHandle? Why not just the LTC?

This little section if from Lauwy's Tutorial for a base:

Code:

void __cdecl PushToConsole(char* szVal ) {
	DWORD dwCShell = (DWORD)GetModuleHandleA("CShell.dll");
	if( dwCShell != NULL )
	{
		DWORD *LTClient = ( DWORD* )( (dwCShell + 0x299D40) );
		void* CONoff = ( void* )*( DWORD* )( *LTClient + 0x1F8 );
		_asm
		{
			push szVal;
			call CONoff;
			add esp, 4;
		}
	}
}

Question:
What is this doing exactly?

Thanks in advance

Why do we need to retrieve the modulehandle?

You need to retrieve the modulehandle because you need the address of the module to add the offset of the variable you need inside it to it.

The module handle is the starting (base) offset of that module in the calling processes context(think of it as memory for now): cShell.dll is a module loaded Engine.exe's process.

CShellBase + 0x005976

You stored the base address of CShell and now you add the offset of the variable you need to it. You need the address of CShell because the variable you need is in there.

What is this doing exactly?

I'll comment the lines one by one for you.

Code:

void __cdecl PushToConsole(char* szVal ) {

This is as you know a function, don't be thrown off by the __cdecl thingy, it just tells windows what to expect form the caller (This means: caller fixes the stack)

Code:

DWORD dwCShell = (DWORD)GetModuleHandleA("CShell.dll");

We just discussed this one.

Code:

if( dwCShell != NULL )

This checks if dwCShell (the one that receives the module handle) is not NULL, if it is it means that the module is not loaded into memory, and thus we cannot use it

Code:

		DWORD *LTClient = ( DWORD* )( (dwCShell + 0x299D40) );
		void* CONoff = ( void* )*( DWORD* )( *LTClient + 0x1F8 );

We already did the first line, and the second line is almost the same, apart from the fact that it's a multi level pointer.

Code:

		_asm
		{
			push szVal;
			call CONoff;
			add esp, 4;
		}

The __asm statement tells your compiler that you're going to input some ASM code into your code.

The push instruction pushes the push to console command onto the stack. Windows functions take their variables of the stack to use.

The call instruction tells windows/processor to call the address that you've stored in CONoff, CONoff if I'm correct points to some in-game console function. I'm sure you know what that is. In most games you can put such a console up with the '`' key(so you know what I'm talking about)

add esp, 4 is a mandatory because you just told windows with __cdecl that you're going to fix the stack. Adding 4 to the esp register fixes the stack

And that's basically what this code does. It shoves commands to the in-game command function that Nexon has removed from the GUI (you can't bring it up with the '`' key in CA or Warrock)

-SCHiM

Thank you very much.

+rep and thanked

thanks SCHiM for the explanation, i know i learned something from it

Correct me

Code:

DWORD CShellBase = (DWORD) GetModuleHandle("cshell.dll");

Question:
Why do we need to retrieve the modulehandle?

Description:
Add the LTC to the ModuleHandle that you retrieved before.

Code:

DWORD *LTClient = ( DWORD* )( (CShellBase + 0x005976) );

Question:
Why do you need to add it to the ModuleHandle? Why not just the LTC?

This little section if from Lauwy's Tutorial for a base:

Code:

void __cdecl PushToConsole(char* szVal ) {
	DWORD dwCShell = (DWORD)GetModuleHandleA("CShell.dll");
	if( dwCShell != NULL )
	{
		DWORD *LTClient = ( DWORD* )( (dwCShell + 0x299D40) );
		void* CONoff = ( void* )*( DWORD* )( *LTClient + 0x1F8 );
		_asm
		{
			push szVal;
			call CONoff;
			add esp, 4;
		}
	}
}

Question:
What is this doing exactly?

Thanks in advance

Originally Posted by aanthonyz

Code:

DWORD CShellBase = (DWORD) GetModuleHandle("cshell.dll");

Question:
Why do we need to retrieve the modulehandle?

Description:
Add the LTC to the ModuleHandle that you retrieved before.

Code:

DWORD *LTClient = ( DWORD* )( (CShellBase + 0x005976) );

Question:
Why do you need to add it to the ModuleHandle? Why not just the LTC?

This little section if from Lauwy's Tutorial for a base:

Code:

void __cdecl PushToConsole(char* szVal ) {
	DWORD dwCShell = (DWORD)GetModuleHandleA("CShell.dll");
	if( dwCShell != NULL )
	{
		DWORD *LTClient = ( DWORD* )( (dwCShell + 0x299D40) );
		void* CONoff = ( void* )*( DWORD* )( *LTClient + 0x1F8 );
		_asm
		{
			push szVal;
			call CONoff;
			add esp, 4;
		}
	}
}

Question:
What is this doing exactly?

Thanks in advance

Why do we need to retrieve the modulehandle?

CShellBase + 0x005976

You stored the base address of CShell and now you add the offset of the variable you need to it. You need the address of CShell because the variable you need is in there.

What is this doing exactly?

I'll comment the lines one by one for you.

Code:

void __cdecl PushToConsole(char* szVal ) {

This is as you know a function, don't be thrown off by the __cdecl thingy, it just tells windows what to expect form the caller (This means: caller fixes the stack)

Code:

DWORD dwCShell = (DWORD)GetModuleHandleA("CShell.dll");

We just discussed this one.

Code:

if( dwCShell != NULL )

This checks if dwCShell (the one that receives the module handle) is not NULL, if it is it means that the module is not loaded into memory, and thus we cannot use it

Code:

		DWORD *LTClient = ( DWORD* )( (dwCShell + 0x299D40) );
		void* CONoff = ( void* )*( DWORD* )( *LTClient + 0x1F8 );

We already did the first line, and the second line is almost the same, apart from the fact that it's a multi level pointer.

Code:

		_asm
		{
			push szVal;
			call CONoff;
			add esp, 4;
		}

Thank you very much.

+rep and thanked

thanks SCHiM for the explanation, i know i learned something from it

Correct me

Post a Reply

Tags for this Thread

Correct me

Post a Reply

Tags for this Thread