I'm making a modification for a game by injecting a DLL. So I don't have direct access to the code.
I only have the pointer of a class and the address of the function inside it.
You're really not being clear about what you are having trouble with and that's making it difficult to help you. Right now I'm guessing that you're either asking how to call a function pointer or you're asking how to inject your DLL. We can go over either one, injecting DLL's is a bit more complicated but I know of several methods depending on your skill level.
Before we go on though we need to know how you're getting the address of this member function. Do you have access to the source code for the object?
Excuse me if I'm not clear as English is not my main language. Yes, I am fully aware on how DLL injection works and it seems quite easy.
As I said before I'm making a modification for a game by injecting my DLL into it. From the DLL I manipulate the game's variables, hook functions ect.. I know the memory addresses because they are very well documented. And I'm just looking for a method to trigger a member function, that's it.
I for one wouldn't hard code function addresses but to each their own I guess. How you plan on calling this function depends on a few things, if you are calling it from the DLL then simply make a function pointer to it and call like Nexius demonstrated. If you want to call it from a program outside of the target applications memory space (something other then your injected DLL) then you'll want to use the "ReadProcessMemory()" function to turn the offset address you have into an address you can use.1 This will copy the data from the offset you designate into the third argument you pass it, you can then take that pointer and pass it to "CreateRemoteThread()" to launch the function in it's own thread on the target process.
If you are going with the second option then I suggest using "CreateProcess()" to launch the target application, this will fill in a PROCESS_INFORMATION struct for you which will have the handle to the process that you need for the "CreateRemoteThread()" function. This will also allow you to create the process in a suspended mode in case you want to see if your DLL injected properly before continuing to load the program, the command line instruction for this is tasklist -m [i]NAME_OF_YOUR_DLL.dll this will list all of the processes that have your DLL loaded.
I'm curious to know which DLL injection method you went with. Do you mind sharing? If you post the method you used I'll post a different one to keep it even, deal? Do you have a link to a tutorial you are following? Things like this are interesting to me.
EDIT: 1 I may have this wrong, I'm little out of practice at this sort of thing. You may just be able to pass the base address right into "CreateRemoteThread()" since the data is in the target process there should be no reason to copy it into yours.
I for one wouldn't hard code function addresses but to each their own I guess
I don't have the source code of the game. If I did I wouldn't need to use a DLL injection.
if you are calling it from the DLL then simply make a function pointer to it and call like Nexius demonstrated.
How can I do this if I don't have the original structure of the class?
This is how my reconstruction basically looks:
1 2 3 4 5 6 7 8 9
// recreation of the original class by pointing to it with this structure
class pClass {
public:
// manipulating classes variables this way
int var1;
int var2;
int var3;
// ...
}
The way I understood your solution:
1 2 3
void (*pFunc) = (void(*))0x5179D0; // address of class function
void (pClass::*Function)() = &(pClass::pFunc);
//error: pFunc is not a member of pClass
I would be very grateful to anyone that helped me to solve this.
Do you have a link to a tutorial you are following?
Just a random tutorial I found surfing trough google, but that's not my main concern right now.
How can I do this if I don't have the original structure of the class?
This is why I was interested in seeing the tutorial you were following, not the one for the DLL injection (by the way having looked at it I can say there is at least one flaw in the way the author has it written here*). I'd like to know what this address is. Is it a static function? Is it a random guess? How does the author go about calling this function?
*: The error is in his use of VirtualAllocEx, they pass the number of characters in the string as the amount of space to allocate when they should be passing in the number of bytes. The reason this happens to work is that the VirtualAllocEx function allocates memory by the page. If the string were longer and the difference between the length of the string and the number of bytes needed to allocate it was greater then this would fail.
This is why I was interested in seeing the tutorial you were following
I'm not really following any tutorials or instructions. Just a list of memory addresses that I try to use for my purposes.
I'd like to know what this address is. Is it a static function? Is it a random guess? How does the author go about calling this function?
No, I'm 100% sure the function is not static. The class itself is character handle that is created multiple times and the function is used to set animations for the character. Making it static would not make the slightest sense.