Catch ASM function

10/16/2016 20:20 Rifuge#1
Hello,

I'm actually trynna understand ASM around NosTale. But i'm a bit confused, I don't know if I'm injecting correctly or if I'm missing something. And I don't know how to catch few function although they look easy. Anyone could explain me how he does such things on cheat engine? And give me few explanations?

here or through skype : mattisb33
10/16/2016 21:32 WalrossGreat#2
What do you mean by catch function?
If you mean find addy of function just put breakpoint eg. memory breakpoint in cheat engine(right mouse button -> check what write/access to this addy) and you will get list of every function that write/acc this addy. Then you can look on this in debugger. This is one of hundreds possibility
10/17/2016 21:03 Rifuge#3
Evening Walross.
I mean for example get the function who cast a skill then try it on cheat engine by using auto asssembly. You know what I mean?
10/18/2016 05:08 Cryless~#4
Quote:
Originally Posted by Rifuge View Post
Evening Walross.
I mean for example get the function who cast a skill then try it on cheat engine by using auto asssembly. You know what I mean?
You are the welcome.

Run odbg110, attach NostaleX.dat, search for string (packet), set a breakpoint and step back. What you need is the call to the function, check stack for return address and scroll up an instruction.
10/19/2016 10:15 Rifuge#5
Mornin SystemX64,
Thanks for answering, from odbg, do I can Inject ASM through client? Basically, before implement asm into my code, I wanna understand clearly how it works through soft like CE or odbg. Oh, and do what do you mean by check stack? Basically anything with "push" and "pop" instruction?
10/19/2016 13:21 BladeTiger12#6
I think u should learn assembler, instead of asking after instructions.
When u learnt it, you know what the stack is. After that u know what "pop" and "push" is...
And so on... It's useless to use a debugger like odbg without assembler knowledge.
It's useless to try to find functions in debugger without assembler knowledge.
10/20/2016 02:23 Rifuge#7
Well,
contrary to what you might think, I'm not a leecher I'm currently learning and I've misspoken, I admit it. However, I started learning ASM lately and I imagined it as such:

Push pushes an address on a plate stack basically, and Pop pull out this adress from the stack.
I didn't say that I don't know how stacks work. I just need a clue, cause I'm a bit lost and I roughly ran on NosTale.
10/20/2016 23:04 Cryless~#8
Quote:
Originally Posted by BladeTiger12 View Post
I think u should learn assembler, instead of asking after instructions.
When u learnt it, you know what the stack is. After that u know what "pop" and "push" is...
And so on... It's useless to use a debugger like odbg without assembler knowledge.
It's useless to try to find functions in debugger without assembler knowledge.
I do not agree, everything comes from experience.
10/21/2016 00:45 BladeTiger12#9
Quote:
Originally Posted by SystemX64™ View Post
I do not agree, everything comes from experience.
Yeah... That's right. I just wanted to say, that he/she needs the basics.
It's toooo hard without.

(I agree with you :D)
10/21/2016 07:08 Cryless~#10
Quote:
Originally Posted by BladeTiger12 View Post
Yeah... That's right. I just wanted to say, that he/she needs the basics.
It's toooo hard without.
He/she needs a debugger, you can learn basics by doing and i am a living proof.

Quote:
Originally Posted by Rifuge View Post
Well,
contrary to what you might think, I'm not a leecher I'm currently learning and I've misspoken, I admit it. However, I started learning ASM lately and I imagined it as such:

Push pushes an address on a plate stack basically, and Pop pull out this adress from the stack.
I didn't say that I don't know how stacks work. I just need a clue, cause I'm a bit lost and I roughly ran on NosTale.
Example

Code:
..
void __stdcall Function(int a, int b)
..
Call

Code:
..
push b // esp -= 4
push a // esp -= 4
call Function // esp -= 4
..
Stack

Code:
..
return address // <- esp
a
b
..
Function

Code:
..
push ebp // esp -= 4
mov ebp, esp // ebp = stack frame
add ebp, 8 // ebp += 8
..
Stack

Code:
..
ebp // <- esp
return address
a // <- ebp
b
..
Function

Code:
..
mov param1, dword ptr ds : [ebp]
mov param2, dword ptr ds : [ebp + 4]
..
10/24/2016 16:05 Rifuge#11
SystemX64, thanks you. Things are clearer !
10/24/2016 17:23 Cryless~#12
Quote:
Originally Posted by Rifuge View Post
SystemX64, thanks you. Things are clearer !
You should also read https://en.wikipedia.org/wiki/X86_calling_conventions

If you have questions you can contact me in private, happy to help anyone who wants to learn.