Register for your free account! | Forgot your password?

Go Back   elitepvpers > Coders Den > C/C++
You last visited: Today at 13:11

  • Please register to post and access all features, it's quick, easy and FREE!

Advertisement



[ASM] C++ Call function

Discussion on [ASM] C++ Call function within the C/C++ forum part of the Coders Den category.

Reply
 
Old   #1
 
elite*gold: 0
Join Date: Feb 2017
Posts: 27
Received Thanks: 1
[ASM] C++ Call function

I find this in ollyDBG

Example how use? :

Code:
void rest()
{
	std::cout << "Debug" ;
	DWORD RestAddr = 0x0053A628;
	__asm
	{
		PUSH 1
		XOR ECX,ECX
		MOV EDX
		MOV EDX,DWORD PTR DS:[0x0053A628]
		CALL RestAddr
		}

	}
NosLuna is offline  
Old 05/23/2020, 18:45   #2
C/C++, C#, Java & Python

 
elite*gold: 150
Join Date: Sep 2010
Posts: 1,827
Received Thanks: 713
Arrow Nostale -> C/C++

#moved
IceTrailer is offline  
Old 05/23/2020, 20:44   #3
 
elite*gold: 0
Join Date: Apr 2011
Posts: 340
Received Thanks: 141
Red face

Quote:
Originally Posted by NosLuna View Post
I find this in ollyDBG

Example how use? :

Code:
void rest()
{
	std::cout << "Debug" ;
	DWORD RestAddr = 0x0053A628;
	__asm
	{
		PUSH 1
		XOR ECX,ECX
		MOV EDX
		MOV EDX,DWORD PTR DS:[0x0053A628]
		CALL RestAddr
		}

	}
U need to know which params are sent to the function and call it in your dll,
we know that the function gets two params, eax and String "rest" in this case, maybe same function with different strings make different things.
So go back to olly and check what the hell eax points to, presumably pointer to structure or sth else.

Steps to setup:
1) Run your game.
2) Open it with cheat engine and find base address (img1)
3) Open it with olly find target function address (img2)
4) Check what params are needed for function to work
5) Call function

Image 1


Image 2


Offset = targetFunctionAddress - BaseAddress

Code:
#include <windows.h>
#include <iostream>
#include <stdio.h>

HANDLE hThread;

typedef void _signature(void * unk,LPSTR action);
_signature * targetFunction = NULL;

void callRest(void * unk, LPSTR action);

void setup(){
  //get base address of current process
    DWORD baseAddress = (DWORD)GetModuleHandle(NULL);
   DWORD offset = 0x0; //this offset is obtained following image2
 targetFunction = (_signature *)(baseAddress + offset);
char action_rest[] = "rest";
void param1 = NULL; //you need to check what this param is first
//your main logic here
callRest(param1,action_rest);
//
}

void callRest(void * unk, LPSTR action){
targetFunction(unk,action);
}


BOOL APIENTRY DllMain( HMODULE hModule,
                       DWORD  ul_reason_for_call,
                       LPVOID lpReserved
                     )
{
    switch (ul_reason_for_call)
    {
    case DLL_PROCESS_ATTACH:
        hThread = CreateThread(NULL,0,(LPTHREAD_START_ROUTINE)setup,NULL,0,NULL);

        break;
    case DLL_THREAD_ATTACH:
    case DLL_THREAD_DETACH:
    case DLL_PROCESS_DETACH:
        CloseHandle(hThread);
        break;
    }
    return TRUE;
}
Edit: i think i screw up with the image, and "rest" was the value from the instruction below, anyway u still have two params (you know number of params counting how many push are made to the stack before instruction call), if you need more info in what type those parameters are you can always go inside the function and check how they are used. A pointer to structure is a bit harder to set up because u need a way to obtain that pointer before using it.

Ex:

game calls -> getCurrentPlayer() or whatever to obtain its own pointer assuming thats needed for the function to work.
elmarcia is offline  
Thanks
2 Users
Old 05/26/2020, 07:03   #4
 
elite*gold: 26
Join Date: Aug 2018
Posts: 8
Received Thanks: 2
wait so is this reading game memory?
//enhance is offline  
Old 05/26/2020, 14:46   #5
 
elite*gold: 0
Join Date: Apr 2011
Posts: 340
Received Thanks: 141
Quote:
Originally Posted by //enhance View Post
wait so is this reading game memory?
Is a step further, using debugger to find assembly instructions that do things in game (Ex: doRest(), attack(), findEntity() ...)
elmarcia is offline  
Old 12/07/2020, 18:55   #6
 
elite*gold: 0
Join Date: Aug 2018
Posts: 27
Received Thanks: 0
find the params, get the calling convention

build the function prototype

call the function

profit
kraneqq is offline  
Old 12/17/2020, 05:29   #7
 
elite*gold: 0
Join Date: May 2014
Posts: 1,122
Received Thanks: 246
I would use IDA PRO on the target and press F5 this will get you the function calling conversion, then you can inline the function prototype.

Following prototype will look something like this

Code:
static auto game_rest_function= reinterpret_cast<void(__fastcall*)(*int unknown, LSTR action)>(0x11F4B41);
Call it like this

Code:
game_rest_function(0x12345678, "rest");
I make game hacks and bots for a living this is very easy for me, and hooking asm functions isn't complicated at all, make sure your target game is fully unpacked and runnable to prevent debugger detection, when injecting your DLL make breakpoints in ollydbg where your prototype function is called and step it line by line to see if it gets called properly.
HighGamer. is offline  
Reply

« [C++] Read Value | - »

Similar Threads Similar Threads
std::function of a function returning an std::function
11/11/2013 - C/C++ - 19 Replies
Nun muss ich nach langer Zeit auch mal wieder einen Thread erstellen, weil mir Google nicht mehr weiterhelfen kann. Ich verzweifle an Folgendem Vorhaben: #include <Windows.h> #include <string> #include <iostream> using namespace std;
WarRock Direct3D [16.05.2012] ( ASM Bullets, ASM, OPK / SVP , ASM UNL AMMO )
05/17/2012 - WarRock Hacks, Bots, Cheats & Exploits - 8 Replies
Direct3D Hook 85% Credits to BlackLegend - helping me alot. Viva la Revolución http://www.abload.de/img/wr31lmaex.png http://www.abload.de/img/wr3253bzf.png Virustotal ( Packed / Compressed ) Click
2.9|Incredible-Hax VIP| Fully Bypassed Hack|ASM|RadarGPS;MAPGPS;WTW|&lots of more ASM
09/02/2011 - WarRock Hacks, Bots, Cheats & Exploits - 14 Replies
http://www.bilderkiste.org/show/original/313149758 4796/PublicHack.png This hack is now packed, and unpacking is not working ;) This hack is public and free for a little time! :D http://ind01.bilderkiste.org/3131497451181/Hack.p ng Virustotal (packed with Themida) Download
|||KingClem Public D3D | Full ASM Bypassed| Enough ASM Functions! | BIg Public! | |||
08/03/2011 - WarRock Hacks, Bots, Cheats & Exploits - 27 Replies
Screenshot: http://kingclem.co.de/uploads/screen.png Crediting: -KingClem™ -KitoKid -Cracken



All times are GMT +1. The time now is 13:11.


Powered by vBulletin®
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

BTC: 33E6kMtxYa7dApCFzrS3Jb7U3NrVvo8nsK
ETH: 0xc6ec801B7563A4376751F33b0573308aDa611E05

Support | Contact Us | FAQ | Advertising | Privacy Policy | Terms of Service | Abuse
Copyright ©2020 elitepvpers All Rights Reserved.