Recv Funktion nutzen in C++ [Problem]

11/13/2013 20:27 MaxMilimeter#1

Hi,
ich will mal wieder n bisschen mit der RECV Funktion rumspielen.

Code:

0051F131   > 8B45 FC        MOV EAX,DWORD PTR SS:[EBP-4] (EBP-4 !?!?!?!? WAS MACH ICH DAMIT)
0051F134   . 8B40 34        MOV EAX,DWORD PTR DS:[EAX+34]
0051F137   . 8B55 F4        MOV EDX,DWORD PTR SS:[EBP-C] (<< MEIN PAKET PER DLL)
0051F13A   . E8 35A8FFFF    CALL NostaleX.00519974                   ;RECV

Hier wird das Recv Paket an die Recv Funktion �bergeben, wie schreib ich EAX wenn EBP einen Wert hat der von meiner DLL selbst verwendet wird?
Sprich der EBP Wert l�sst sich nicht mit inline ASM beeinflussen.

In EDX befindet sich mein eigenes Paket.

MfG,
Max

11/14/2013 00:01 Sm�ke#2

if this can help you, it's the old function..

Code:

void RecvPacket(char * packet)
{
        __asm{
                mov eax,DWORD PTR DS:[0x647a4c]
                mov eax,DWORD PTR DS:[eax]
                mov eax, [eax + 0x34]          
                mov edx, packet              
                call RecvAddr
        }
}

i prefer if you learn how to do, so you don't need always ask to the community..

then i say 'see the old function, try to update it..' but if you don't know how to do this i can try to help..

NOTE: First you need try, release your code and say where is the problem..

11/14/2013 00:21 Elektrochemie#3

Quote:

Originally Posted by Sm•ke

i prefer if you learn how to do, so you don't need always ask to the community.

[Only registered and activated users can see links. Click Here To Register...]

Can't get it to work - ask the community - found an old function - copy n paste - i did it!!!111

[Only registered and activated users can see links. Click Here To Register...]

Serious? You're saying "LEARN HOW TO DO IT"? SERIOUS? YOU?

11/14/2013 00:31 snow#4

ebp ist der Basepointer des Stackframes, ebp-4 wird ne lokale Variable sein, +034 dann wohl ein Offset in einer Klasse / in einem Struct. Evtl. wird der Zeiger nur in die Variable kopiert, musst du mal weiter oben im Code schauen.

11/14/2013 01:08 Sm�ke#5

Quote:

Originally Posted by Elektrochemie

[Only registered and activated users can see links. Click Here To Register...]

Can't get it to work - ask the community - found an old function - copy n paste - i did it!!!111

[Only registered and activated users can see links. Click Here To Register...]

Serious? You're saying "LEARN HOW TO DO IT"? SERIOUS? YOU?

If you seen the thread i release the part reversed by me, i tryed to make my function and.. i solved alone.. not ? :handsdown:

try so:

Code:

DWORD RecvAddr = 0x005197CC;

void RecvPacket(char *packet)
{
	__asm{
		mov eax, DWORD PTR DS:[0x66B0A0]
		mov eax, DWORD PTR DS:[eax]
		mov eax, [eax + 0x34]
		mov edx, packet
		call recvAddr
	}
}

first to move in edx the packet do the same of send func, i'm not sure that this work because i seen in 1m, tomorrow i see better ^^

11/14/2013 13:48 MaxMilimeter#6

Thanks, but no, doesnt work.

How can I [EBP-4] subtract Pointers in Inline ASM?
[RECV_E - 0x04] doesnt work :(

RECV_E = 0x0018FC44

MfG,
Max

11/14/2013 14:24 snow#7

0x0018FC44 seems to be a stack address. The stack does not store any data permanently and your function (-> your thread) has its own stack) thus you don't have any access to the address.

Again: Take another look at the function, either the this-pointer is stored in that variable (your functions 1st variable) -> copied from the functions arguments or copied from some global variable, or the function allocates memory and initialises a class-instance. You'll have to find that pointer, any registers won't help you a lot at runtime.

11/14/2013 16:01 MaxMilimeter#8

@snow911: Big thx to you for your help :) Sth from the Stack was copied into EAX, so i looked up where this value was pushed on the stack and reversed it till ive found the pointer. Now it works :)