Calling a thiscall function?

JamesMenetrey / MemorySharp

A C# based memory editing library targeting Windows applications, offering various functions to extract and inject data and codes into remote processes to allow interoperability.

Other

634 stars 135 forks source link

Calling a thiscall function? #23

Closed splatert closed 2 years ago

splatert commented 2 years ago

How do you call a thiscall function? I know the function's address and the 'this' pointer but when I call it like 'sharp.Assembly.Execute((IntPtr)0x0123, CallingConventions.Thiscall, (IntPtr)0x0123);', the program crashes.

splatert commented 2 years ago

Little help?

JamesMenetrey commented 2 years ago

Hey!

According to ThiscallCallingConvention, it injects a payload of assembly script, moving the function pointer into the ECX register and the additional parameters on the stack.

The first parameter must be the location of the function to execute into the target process (not sure you need that third argument, unless the function expects one parameter).

If you still cannot make it work, check the assembly code generated by MemorySharp, to see if you can spot any issues.

Cheers