Author Topic: How to call a __userpurge function  (Read 1686 times)

0 Members and 1 Guest are viewing this topic.

Mercenary_Frank

  • Online Villain
  • ***
  • Posts: 177
    • View Profile
How to call a __userpurge function
« on: December 07, 2015, 06:11:12 am »
Tally-ho chaps,

I have an issue calling the W2S function medic told me about

Code: [Select]
int __userpurge sub_434CA0@<eax>(int a1@<ecx>, int a2@<ebx>, int a3@<edi>, int a4, int a5, int a6)
This is what hex-rays ida gives me on the function. ida could be wrong? I know you have to wrap it to a STDCALL but it just crashed for me.

this is what I have so far I have been successful in injecting other calling conventions.
Code: [Select]
DWORD mainaddr = (DWORD)GetModuleHandle(TEXT("mb_warband.exe"));
DWORD address = mainaddr + 0x34CA0;

typedef int(__stdcall *worldToScreen)(int a1,int a2, int a3, int a4,int a5, int a6);
worldToScreen world;

world = (worldToScreen)(address);
float a = world(1,2,3,4,5,6);

MrMedic

  • MasstKer
  • ********
  • Posts: 8900
  • programmer/dev/software engineer
    • View Profile
Re: How to call a __userpurge function
« Reply #1 on: December 11, 2015, 05:27:02 am »
make a function ... ( an extra hand for your hand ) you cannot call something unless it exists

think about it   :smile
EnCoded Message: i3iy9yl8kr2xf3g2Txs3pr6ye3ya7jg5ty2z

https://www.youtube.com/watch?v=62_7-AYfdkQ
you need a paypal account for the private versions.

Website:
http://bit.ly/medic101

Teamspeak 3: 85.236.101.5:10157

Mercenary_Frank

  • Online Villain
  • ***
  • Posts: 177
    • View Profile
Re: How to call a __userpurge function
« Reply #2 on: December 11, 2015, 06:03:08 pm »
That was just a code snippet this is the the code of my function and W2S

https://gist.github.com/anonymous/39fa063830b61112778d

https://gist.github.com/anonymous/3c892e242f8dc24aeb34

but this W2S function doesn't get called on runtime is this the correct one? when injecting I get the return value 0

MrMedic

  • MasstKer
  • ********
  • Posts: 8900
  • programmer/dev/software engineer
    • View Profile
Re: How to call a __userpurge function
« Reply #3 on: December 11, 2015, 06:10:22 pm »
the function is debug render and v38 is holding what you need being returned in m/multiply , call it in game when you see an ent on the screen and it should return the x y in screen co-ords.

or an easier way is to hook dip and check vertex shader but make sure you innumerate the players before you check the vertex or it will not draw the esp on the correct player this second way is not a good idea as it will lead to a slow frame rate if the amount of players on screen is high.

keep trying mate you will get it in the end.

btw a bit of trivia : it took me 8 minutes to make the bot.
« Last Edit: December 11, 2015, 06:29:50 pm by MrMedic »
EnCoded Message: i3iy9yl8kr2xf3g2Txs3pr6ye3ya7jg5ty2z

https://www.youtube.com/watch?v=62_7-AYfdkQ
you need a paypal account for the private versions.

Website:
http://bit.ly/medic101

Teamspeak 3: 85.236.101.5:10157

Mercenary_Frank

  • Online Villain
  • ***
  • Posts: 177
    • View Profile
Re: How to call a __userpurge function
« Reply #4 on: December 11, 2015, 06:37:51 pm »
but where do you need to input you own matrix and how? the third parameter is just a location in memory? an array? the fourth one is the index?

MrMedic

  • MasstKer
  • ********
  • Posts: 8900
  • programmer/dev/software engineer
    • View Profile
Re: How to call a __userpurge function
« Reply #5 on: December 11, 2015, 06:43:06 pm »
have you hooked dip in your cheat or is the source the actual one you are using.

i think i explained how to do all what you are asking on ts , get local , feed your coards - the enemy coards into the function and it will return the screen location.

btw the reason i asked about dip is you can easily get your view matrix with a d3d function.
EnCoded Message: i3iy9yl8kr2xf3g2Txs3pr6ye3ya7jg5ty2z

https://www.youtube.com/watch?v=62_7-AYfdkQ
you need a paypal account for the private versions.

Website:
http://bit.ly/medic101

Teamspeak 3: 85.236.101.5:10157

MrMedic

  • MasstKer
  • ********
  • Posts: 8900
  • programmer/dev/software engineer
    • View Profile
Re: How to call a __userpurge function
« Reply #6 on: December 11, 2015, 06:47:00 pm »
frank .. read up on this

D3DXMatrixMultiply

then it will all become clear.
EnCoded Message: i3iy9yl8kr2xf3g2Txs3pr6ye3ya7jg5ty2z

https://www.youtube.com/watch?v=62_7-AYfdkQ
you need a paypal account for the private versions.

Website:
http://bit.ly/medic101

Teamspeak 3: 85.236.101.5:10157

MrMedic

  • MasstKer
  • ********
  • Posts: 8900
  • programmer/dev/software engineer
    • View Profile
Re: How to call a __userpurge function
« Reply #7 on: December 11, 2015, 06:58:31 pm »
i can see this is going to take you forever so here study this , dont just copy paste it as you will not learn anything , so study it and work out why i did it like this.

full working screen esp and aimbot
Code: [Select]
you either got it or you didnt :)
« Last Edit: December 11, 2015, 07:37:48 pm by MrMedic »
EnCoded Message: i3iy9yl8kr2xf3g2Txs3pr6ye3ya7jg5ty2z

https://www.youtube.com/watch?v=62_7-AYfdkQ
you need a paypal account for the private versions.

Website:
http://bit.ly/medic101

Teamspeak 3: 85.236.101.5:10157

MrMedic

  • MasstKer
  • ********
  • Posts: 8900
  • programmer/dev/software engineer
    • View Profile
Re: How to call a __userpurge function
« Reply #8 on: December 11, 2015, 07:12:20 pm »
^ get ready for a lot of warband aimbots on 'elite' pay sites coming up for sale ...
EnCoded Message: i3iy9yl8kr2xf3g2Txs3pr6ye3ya7jg5ty2z

https://www.youtube.com/watch?v=62_7-AYfdkQ
you need a paypal account for the private versions.

Website:
http://bit.ly/medic101

Teamspeak 3: 85.236.101.5:10157

Mercenary_Frank

  • Online Villain
  • ***
  • Posts: 177
    • View Profile
Re: How to call a __userpurge function
« Reply #9 on: December 11, 2015, 07:41:34 pm »
Come man no spoonfeeding xd I am going to write this into an assembly version so I can atleast add my own tast to it :p

btw I am not working on this atm since I still got school till six :/

MrMedic

  • MasstKer
  • ********
  • Posts: 8900
  • programmer/dev/software engineer
    • View Profile
Re: How to call a __userpurge function
« Reply #10 on: December 11, 2015, 07:54:14 pm »
if i were you frank i would try something a bit more inside your current comfort zone as to be honest you are taking on too much too fast... learn to hook with asm or c ++ first then do something simple like making it adjust health with numpad 1 and 2 , 1 making your health lower and 2 making your health higher.

that will learn you 1 , how to hook , 2 how to use a keypress inside the hooked function without using a thread and 3 allow you to be able to test on your own server without dying a lot.
EnCoded Message: i3iy9yl8kr2xf3g2Txs3pr6ye3ya7jg5ty2z

https://www.youtube.com/watch?v=62_7-AYfdkQ
you need a paypal account for the private versions.

Website:
http://bit.ly/medic101

Teamspeak 3: 85.236.101.5:10157

Mercenary_Frank

  • Online Villain
  • ***
  • Posts: 177
    • View Profile
Re: How to call a __userpurge function
« Reply #11 on: December 11, 2015, 08:07:20 pm »
already did something like that

DLL to inject
https://gist.github.com/anonymous/81b11f1b3bdc06e1d56c
Code I hooked
https://gist.github.com/anonymous/d3bd959554b263df89c4

the problem was that eax is 0 at the point of return so it returns 0 and not the array

also the function never ran so I had to invert an if statement to get the this pointer to able to run this function

MrMedic

  • MasstKer
  • ********
  • Posts: 8900
  • programmer/dev/software engineer
    • View Profile
Re: How to call a __userpurge function
« Reply #12 on: December 11, 2015, 08:19:41 pm »
you do not need to hook it pal... it is only used when debug is activated and its not by default

...

pushad
mov eax,1 // pass args to function ..
mov....2
...
call dword ptr [worldtoscreen]
mov Store_result,eax // store result
popad
...

see what i mean?
EnCoded Message: i3iy9yl8kr2xf3g2Txs3pr6ye3ya7jg5ty2z

https://www.youtube.com/watch?v=62_7-AYfdkQ
you need a paypal account for the private versions.

Website:
http://bit.ly/medic101

Teamspeak 3: 85.236.101.5:10157

Mercenary_Frank

  • Online Villain
  • ***
  • Posts: 177
    • View Profile
Re: How to call a __userpurge function
« Reply #13 on: December 12, 2015, 01:02:00 am »


hooked and returned 0 because EAX is empty at return 0Ch

MrMedic

  • MasstKer
  • ********
  • Posts: 8900
  • programmer/dev/software engineer
    • View Profile
Re: How to call a __userpurge function
« Reply #14 on: December 12, 2015, 10:40:47 pm »
debug it frank and check eax and why it is returning 0.
EnCoded Message: i3iy9yl8kr2xf3g2Txs3pr6ye3ya7jg5ty2z

https://www.youtube.com/watch?v=62_7-AYfdkQ
you need a paypal account for the private versions.

Website:
http://bit.ly/medic101

Teamspeak 3: 85.236.101.5:10157