Quote:
Originally Posted by NosLuna
I find this in ollyDBG [Only registered and activated users can see links. Click Here To Register...]
Example how use? :
Code:
void rest()
{
std::cout << "Debug" ;
DWORD RestAddr = 0x0053A628;
__asm
{
PUSH 1
XOR ECX,ECX
MOV EDX
MOV EDX,DWORD PTR DS:[0x0053A628]
CALL RestAddr
}
}
|
U need to know which params are sent to the function and call it in your dll,
we know that the function gets two params, eax and String "rest" in this case, maybe same function with different strings make different things.
So go back to olly and check what the hell eax points to, presumably pointer to structure or sth else.
Steps to setup:
1) Run your game.
2) Open it with cheat engine and find base address (img1)
3) Open it with olly find target function address (img2)
4) Check what params are needed for function to work
5) Call function
Image 1
[Only registered and activated users can see links. Click Here To Register...]
Image 2
[Only registered and activated users can see links. Click Here To Register...]
Offset = targetFunctionAddress - BaseAddress
Code:
#include <windows.h>
#include <iostream>
#include <stdio.h>
HANDLE hThread;
typedef void _signature(void * unk,LPSTR action);
_signature * targetFunction = NULL;
void callRest(void * unk, LPSTR action);
void setup(){
//get base address of current process
DWORD baseAddress = (DWORD)GetModuleHandle(NULL);
DWORD offset = 0x0; //this offset is obtained following image2
targetFunction = (_signature *)(baseAddress + offset);
char action_rest[] = "rest";
void param1 = NULL; //you need to check what this param is first
//your main logic here
callRest(param1,action_rest);
//
}
void callRest(void * unk, LPSTR action){
targetFunction(unk,action);
}
BOOL APIENTRY DllMain( HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
hThread = CreateThread(NULL,0,(LPTHREAD_START_ROUTINE)setup,NULL,0,NULL);
break;
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
CloseHandle(hThread);
break;
}
return TRUE;
}
Edit: i think i screw up with the image, and "rest" was the value from the instruction below, anyway u still have two params (you know number of params counting how many push are made to the stack before instruction call), if you need more info in what type those parameters are you can always go inside the function and check how they are used. A pointer to structure is a bit harder to set up because u need a way to obtain that pointer before using it.
Ex:
game calls -> getCurrentPlayer() or whatever to obtain its own pointer assuming thats needed for the function to work.