I'd like to print out my own text in RoM. I dont want to use D3D-Hooks or other premade project. Why not? Because I'd like to learn and understand the mechanics of calling ingame functions.
I wrote a program that injects a test.dll into the RoM-process. The dll creates a new thread and the function will be called from this thread.
the biggest problem: How to find the "Printtext"-function?
I did it like this (using Cheat Engine):
-press CTRL+X in RoM to enable the "FPS:..."-text
-search for [x] Unicode text "FPS:", one addy should pop up only, 0x11B15200 was my
-a BP on this addy
[COLOR="Blue"]-> 78180B56 - 66 3b 02 - cmp ax,[edx]
-> 78180B64 - 0f b7 0a - movzx ecx,word ptr [edx]
-> 78180B82 - 66 89 07 - mov [edi],eax // write new string into mem
-> 0067D300 - 66 8b 08 - mov cx,[eax]
-> 0067D316 - 66 39 3b - cmp [ebx],di
-> 0067D33A - 66 83 3c 7b 7c - cmp word ptr [ebx+edi*2],7c
-> 0067D4C2 - 0f b7 14 1e - movzx edx,word ptr [esi+ebx]
-> 0067D50A - 66 83 3c 7b 00 - cmp word ptr [ebx+edi*2],00[/COLOR]
I searched around and the best thing I could find was this:
[COLOR="Blue"]0067D4BD - e8 8e af f5 ff - call 005d8450 // EBX = addr of unicodetext[/COLOR]
If I change EBX to the address of another unicode text and then RoM will print my custom text for one frame.
Another thing that confuses me is - before the call 005d8450 is executed only one thing seems to be pushed but for 5D8450 IDA shows me the function has 2 parameters.
Lets assume I found the RoM's-function to print out text, how should I call the function from my dll?
[COLOR="SeaGreen"]// pseudocode assuming the function takes 3 parameters[/COLOR]
call [function address]
Is this enough or should I save the registers using pushad/popad?
I hope somebody can help me here. Oh the code is C++ btw.