Inject dll in OTClient

[gugu15]

Hello guys!
My name is Gustavo, and i have one problem with dll injection in OTClient.
I injected the dll in OTClient and i try call the function "ProtocolGame::sendExtendedOpcode"(
I picked up the function address using theOllyDbg), but whenever I try to call the function the otclient stops working.
Can anyone help me with this? please!

Function ProtocolGame::sendExtendedOpcode:

void ProtocolGame::sendExtendedOpcode(uint8 opcode, const std::string& buffer)
{
    if(m_enableSendExtendedOpcode) {
        OutputMessagePtr msg(new OutputMessage);
        msg->addU8(Proto::ClientExtendedOpcode);
        msg->addU8(opcode);
        msg->addString(buffer);
        send(msg);
    } else {
        g_logger.error(stdext::format("Unable to send extended opcode %d, extended opcodes are not enabled", opcode));
    }
}

My Dll:

#include <Windows.h>
#include <stdint.h>
#include <string>
#include <String.h>

void principal(){
    typedef void tipo(UINT8 opcode, const std::string& buffer);
    void (*func)(UINT8 opcode, const std::string& buffer);
    func = (tipo*)0x4d9c00;
    UINT8 op = 6;
    const std::string buf = "all";
    func(op, buf);
}
extern "C" BOOL APIENTRY DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
    switch (fdwReason)
    {
        case DLL_PROCESS_ATTACH:
             CreateThread( 0, 0,(LPTHREAD_START_ROUTINE) principal, 0, 0, 0 ); //call function principal
            break;

        case DLL_PROCESS_DETACH:
            // detach from process
            break;

        case DLL_THREAD_ATTACH:
            // attach to thread
            break;

        case DLL_THREAD_DETACH:
            // detach from thread
            break;
    }
    return TRUE; // succesful
}

Crash log:

== application crashed
app name: OTClient
app version: 0.6.6
build compiler: gcc 4.8.1
build date: Oct 15 2015
build type: Release
build revision: 0 (devel)
crash date: Dec 24 2015 14:30:57
exception: Access violation (0xc0000005)
exception address: 0x004d9c0e
  backtrace:
    0: C:\Users\Principal\Desktop\otclient-1082-trpgb\otclient.exe [0x00000000004D9C0E]
    1: C:\Users\Principal\Desktop\programação\C e C++\tibia func\bin\Release\tibia func.dll(Z9principalv+0x75) [0x0000000068041289]
    2: C:\Windows\SysWOW64\ntdll.dll(RtlInitializeExceptionChain+0x63) [0x000000007DEA9F72]
    3: C:\Windows\SysWOW64\ntdll.dll(RtlInitializeExceptionChain+0x36) [0x000000007DEA9F45]


Crash report saved to file C:\Users\Principal\Desktop\otclient-1082-trpgb\crashreport.log

 

[Nothxbye]

Why you need to inject .dll in otclient?

 

[gugu15]

I am studying code injection and did already injected several dll's in my programs , but I wanted to practice with something functional like otclient . Sorry, my English is bad and I'm using the google translator .