[WarCraft III] TextOut Function (v1.22)

[Perma]

Click here for an updated version for patch 1.22.

Thanks to Palomino's notes for clarifying what some parts of this are actually meant for.

Code:

.data

        WC3FXN_Text             dd 6F663740h
        WC3FXN_GlobalClass      dd 6F84CC20h

.code

Warcraft_TextOut proc           textloc:DWORD

        push eax
        push edx
        push ecx
        push 0FFFFFFFFh

        ;Get the pointer to Warcraft's global class.
        mov eax, WC3FXN_GlobalClass
        mov eax, dword ptr ds:[eax]

        ;Get the pointer to the output class.
        mov eax, dword ptr ds:[eax+3E0h]
        mov edx, dword ptr ds:[eax]
        push 0
        push 41200000h
        lea ecx, dword ptr ss:[esp+08h]
        push ecx

        ;Push the text address.
        mov ecx, textloc
        push ecx
        mov ecx, eax
        call dword ptr [WC3FXN_Text]
        pop ecx
        pop edx
        pop eax
        ret

Warcraft_TextOut endp

[K? Pŕo?ćtiόnŹ]

gj

[bulk_4me]

nice.

[Perma]

Moved to the Warcraft hacking related section.

[topaz]

Is anyone willing to port this to C (or a language thats easily understandable)?

[Perma]

Code:

void Warcraft_TextOut(DWORD sText)
{
    static int WC3FXN_GlobalClass = 0x6F84CC20;
    static int WC3FXN_Text = 0x6F663740;
    __asm
    {       
        push eax
        push edx
        push ecx
        push 0x0FFFFFFFF
        mov eax, WC3FXN_GlobalClass
        mov eax, dword ptr ds:[eax]
        mov eax, dword ptr ds:[eax+0x3E0]
        mov edx, dword ptr ds:[eax]
        push 0
        push 0x41200000
        lea ecx, dword ptr ss:[esp+0x08]
        push ecx        
        mov ecx, sText
        push ecx
        mov ecx, eax
        call dword ptr [WC3FXN_Text]
        pop ecx
        pop edx
        pop eax
    }
}

That should work.

[topaz]

Nice...

[saren]

Inline ASM is the devil.

[Rufus]

could u do an example in asm of how a "pressing Q (or any key) to show a certain message" would work :P?

[sharpz]

I can't get this function to work. I've injected the hook successfully, and the function gets called, but there is simply no display. What exactly isthe global class and could the address have changed?

[BitSaber]

Quote:

Originally Posted by Perma

That should work.

Code:

void Warcraft_TextOut(char *cText)
{
    static unsigned long WC3FXN_GlobalClass = 0x6F84CC20;
    static unsigned long WC3FXN_Text = 0x6F663740;

    __asm {       
        push 0FFFFFFFFh
        mov eax, WC3FXN_GlobalClass
        mov eax, dword ptr ds:[eax]
        mov eax, dword ptr ds:[eax+0x3E0]
        mov edx, dword ptr ds:[eax]
        push 0
        push 41200000h
        mov ecx, esp
        lea ecx, dword ptr ss:[ecx+0x08]
        push ecx        
        mov ecx, cText
        push ecx
        mov ecx, eax
        call dword ptr [WC3FXN_Text]
    }
}

[BitSaber]

Code:

void Warcraft_TextOut(char *cText)
{
    static unsigned long WC3CLS_OutputClass = (*(int*)(*(int*)0x6F84CC20+0x3E0));
    static unsigned long WC3FXN_PrintText = 0x6F663740;

    __asm {       
        push -1
        push 0
        push 0x41200000
        lea ecx, dword ptr [esp+0x08]
        push ecx        
        push cText
        mov ecx, WC3CLS_OutputClass
        call dword ptr [WC3FXN_Text]
    }
}

For whatever reason, I wasn't able to just edit my above post.

I didn't do any work on Warcraft III yet, but this should work.

[Phoenixs]

Do I need some special compiler / library to compile ASM that is integrated to C++?

I wasn't able to compile this code with Dev-C++ 4.9.9.2 so..
Someone explain?

[Shimano]

Then use vc++

[Phoenixs]

Quote:

Originally Posted by Shimano

Then use vc++

Yea google up abit and many other recommend VC++ to compile inline asm too.

Somebody said that syntax of inline assembler in gcc is strange, too.

Well, gotta try with VC++ when I'm at home again.

Thanks

[Dyndrilliac]

How do you guys think Inline ASM is accomplished? Inline ASM is possible only when the IDE makes use of an ASM compiler/linker. Inline ASM that uses MASM syntax therefore needs MASM compiling tools, which of course are built-in to Microsoft's Visual C++. To check to see if your IDE has the tools required to compile MASM code, search for the utility ml.exe (or ml64.exe for 64-bit compiling).

[Perma]

Here is a different text function for the current patch.

Code:

Game_TextOut proc       szText:DWORD
   ;//Local text out function.

        .data
        WC3FXN_TextOut           dd 6F2F3130h

        .code
        push 0FF00FF00h
        push 41200000h
        push szText
        mov ecx, dword ptr ds:[6FAA1988h]
        call dword ptr [WC3FXN_TextOut]
        ret

Game_TextOut endp

This makes the text appear where other status messages appear (several indents to the right and lower than normal text messages). The first parameter is your default color (opacity, red value, green value, blue value), the next parameter is the timer, and the last is your text pointer.

Because you can change the color in the text string itself, the actual value of this color parameter is pretty much irrelevant. You can simplify your call parameters as I've shown above to save time.