Recv Funktion nutzen in C++ [Problem]

MaxMilimeter · 11/13/2013, 20:27

Hi,
ich will mal wieder n bisschen mit der RECV Funktion rumspielen.

Code:

0051F131   > 8B45 FC        MOV EAX,DWORD PTR SS:[EBP-4] (EBP-4 !?!?!?!? WAS MACH ICH DAMIT)
0051F134   . 8B40 34        MOV EAX,DWORD PTR DS:[EAX+34]
0051F137   . 8B55 F4        MOV EDX,DWORD PTR SS:[EBP-C] (<< MEIN PAKET PER DLL)
0051F13A   . E8 35A8FFFF    CALL NostaleX.00519974                   ;RECV

Hier wird das Recv Paket an die Recv Funktion übergeben, wie schreib ich EAX wenn EBP einen Wert hat der von meiner DLL selbst verwendet wird?
Sprich der EBP Wert lässt sich nicht mit inline ASM beeinflussen.

In EDX befindet sich mein eigenes Paket.

MfG,
Max

~~Sm•ke~~ · 11/14/2013, 00:01

if this can help you, it's the old function..

Code:

void RecvPacket(char * packet)
{
        __asm{
                mov eax,DWORD PTR DS:[0x647a4c]
                mov eax,DWORD PTR DS:[eax]
                mov eax, [eax + 0x34]          
                mov edx, packet              
                call RecvAddr
        }
}

i prefer if you learn how to do, so you don't need always ask to the community..

then i say 'see the old function, try to update it..' but if you don't know how to do this i can try to help..

NOTE: First you need try, release your code and say where is the problem..

~~Elektrochemie~~ · 11/14/2013, 00:21

Quote:

Originally Posted by Sm•ke

i prefer if you learn how to do, so you don't need always ask to the community.

Can't get it to work - ask the community - found an old function - copy n paste - i did it!!!111

Serious? You're saying "LEARN HOW TO DO IT"? SERIOUS? YOU?

snow · 11/14/2013, 00:31

ebp ist der Basepointer des Stackframes, ebp-4 wird ne lokale Variable sein, +034 dann wohl ein Offset in einer Klasse / in einem Struct. Evtl. wird der Zeiger nur in die Variable kopiert, musst du mal weiter oben im Code schauen.

~~Sm•ke~~ · 11/14/2013, 01:08

Quote:

Originally Posted by Elektrochemie

Can't get it to work - ask the community - found an old function - copy n paste - i did it!!!111

Serious? You're saying "LEARN HOW TO DO IT"? SERIOUS? YOU?

If you seen the thread i release the part reversed by me, i tryed to make my function and.. i solved alone.. not ?

try so:

Code:

DWORD RecvAddr = 0x005197CC;

void RecvPacket(char *packet)
{
	__asm{
		mov eax, DWORD PTR DS:[0x66B0A0]
		mov eax, DWORD PTR DS:[eax]
		mov eax, [eax + 0x34]
		mov edx, packet
		call recvAddr
	}
}

first to move in edx the packet do the same of send func, i'm not sure that this work because i seen in 1m, tomorrow i see better ^^

MaxMilimeter · 11/14/2013, 13:48

Thanks, but no, doesnt work.

How can I [EBP-4] subtract Pointers in Inline ASM?
[RECV_E - 0x04] doesnt work

RECV_E = 0x0018FC44

MfG,
Max

snow · 11/14/2013, 14:24

0x0018FC44 seems to be a stack address. The stack does not store any data permanently and your function (-> your thread) has its own stack) thus you don't have any access to the address.

Again: Take another look at the function, either the this-pointer is stored in that variable (your functions 1st variable) -> copied from the functions arguments or copied from some global variable, or the function allocates memory and initialises a class-instance. You'll have to find that pointer, any registers won't help you a lot at runtime.

MaxMilimeter · 11/14/2013, 16:01

@snow911: Big thx to you for your help

Sth from the Stack was copied into EAX, so i looked up where this value was pushed on the stack and reversed it till ive found the pointer. Now it works