public void SendTalk(StdString message, StdString receiver, int mode, int channel)
{
int baseAddress = this.Client.TibiaProcess.MainModule.BaseAddress.ToInt32();
int functionAddress = 0x289140 + baseAddress;
int objectAddress = 0x48E844 + baseAddress;
/* Getting real object address by reading the static reference */
byte[] object_pointer = new byte[4];
IntPtr bytesRead;
WinAPI.ReadProcessMemory(this.Client.TibiaHandle, new IntPtr(objectAddress), object_pointer, 4, out bytesRead);
//Allocate our strings in Medivias memory
message.Allocate(this.Client.TibiaHandle);
receiver.Allocate(this.Client.TibiaHandle);
byte[] message_pointer = BitConverter.GetBytes(message.BasePointer.ToInt32());
byte[] receiver_pointer = BitConverter.GetBytes(receiver.BasePointer.ToInt32());
/* Constructing the skeleton of the codecave */
byte[] codeCave =
{
0x68, 0x00, 0x00, 0x00, 0x00, //PUSH message
0x68, 0x00, 0x00, 0x00, 0x00, //PUSH receiver
0x68, 0x00, 0x00, 0x00, 0x00, //PUSH channel
0x68, 0x00, 0x00, 0x00, 0x00, //PUSH mode
0xB9, 0x00, 0x00, 0x00, 0x00, //MOV ECX, objectPointer
0xB8, 0x00, 0x00, 0x00, 0x00, //MOV EAX, functionAddress
0xFF, 0xD0, //CALL EAX
0xC2, //RETN
};
//Copy our values to codeCave
Array.Copy(message_pointer, 0, codeCave, 1, 4);
Array.Copy(receiver_pointer, 0, codeCave, 6, 4);
Array.Copy(BitConverter.GetBytes(channel), 0, codeCave, 11, 4);
Array.Copy(BitConverter.GetBytes(mode), 0, codeCave, 16, 4);
Array.Copy(object_pointer, 0, codeCave, 21, 4);
Array.Copy(BitConverter.GetBytes(functionAddress), 0, codeCave, 26, 4);
CallCodeCave(this.Client.TibiaHandle, codeCave);
//Free the strings
receiver.Free(this.Client.TibiaHandle);
message.Free(this.Client.TibiaHandle);
}
