Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Weird GetAsyncKeyState behaviour in Shadow of War

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
predprey
Master Cheater
Reputation: 24

Joined: 08 Oct 2015
Posts: 486
PostPosted: Wed Oct 18, 2017 1:13 am    Post subject: Weird GetAsyncKeyState behaviour in Shadow of War Reply with quote
Code:
[ENABLE]
aobscanmodule(aob_MultiSkillUpgrade,ShadowOfWar.exe,49 8B 16 45 8B C7)
alloc(newmem_MultiSkillUpgrade,1024,ShadowOfWar.exe)
label(backup_MultiSkillUpgrade)
label(return_MultiSkillUpgrade)
registersymbol(aob_MultiSkillUpgrade)
registersymbol(backup_MultiSkillUpgrade)

newmem_MultiSkillUpgrade:
  push rax
  push rcx
  push rdx
  push r8
  push r9
  push r10
  push r11
  sub rsp,8
  mov rcx,11
  call GetAsyncKeyState
  test rax,rax
  add rsp,8
  pop r11
  pop r10
  pop r9
  pop r8
  pop rdx
  pop rcx
  pop rax
  jz long return_MultiSkillUpgrade
  reassemble(aob_MultiSkillUpgrade+9)
@@:
  jmp long return_MultiSkillUpgrade
backup_MultiSkillUpgrade:
  readmem(aob_MultiSkillUpgrade+9,5)

aob_MultiSkillUpgrade+9:
  jmp newmem_MultiSkillUpgrade
return_MultiSkillUpgrade:

[DISABLE]
aob_MultiSkillUpgrade+9:
  readmem(backup_MultiSkillUpgrade,5)

unregistersymbol(aob_MultiSkillUpgrade)
unregistersymbol(backup_MultiSkillUpgrade)
dealloc(newmem_MultiSkillUpgrade)

{
// ORIGINAL CODE - INJECTION POINT: ShadowOfWar.AK::StreamMgr::SetFileLocationResolver+8A184A

"ShadowOfWar.exe"+18572C5: 48 8B 8E A0 03 00 00  -  mov rcx,[rsi+000003A0]
"ShadowOfWar.exe"+18572CC: 48 85 C9              -  test rcx,rcx
"ShadowOfWar.exe"+18572CF: 74 21                 -  je ShadowOfWar.exe+18572F2
"ShadowOfWar.exe"+18572D1: 4C 39 61 40           -  cmp [rcx+40],r12
"ShadowOfWar.exe"+18572D5: 74 1B                 -  je ShadowOfWar.exe+18572F2
"ShadowOfWar.exe"+18572D7: 48 8B 0D 02 3D AD 00  -  mov rcx,[ShadowOfWar.exe+232AFE0]
"ShadowOfWar.exe"+18572DE: BA 08 00 00 00        -  mov edx,00000008
"ShadowOfWar.exe"+18572E3: 4D 8B 06              -  mov r8,[r14]
"ShadowOfWar.exe"+18572E6: 48 8B 89 18 6D 00 00  -  mov rcx,[rcx+00006D18]
"ShadowOfWar.exe"+18572ED: E8 76 86 F6 FF        -  call ShadowOfWar.exe+17BF968
// ---------- INJECTING HERE ----------
"ShadowOfWar.exe"+18572F2: 49 8B 16              -  mov rdx,[r14]
"ShadowOfWar.exe"+18572F5: 45 8B C7              -  mov r8d,r15d
// ---------- DONE INJECTING  ----------
"ShadowOfWar.exe"+18572F8: 48 8B CE              -  mov rcx,rsi
"ShadowOfWar.exe"+18572FB: E8 68 72 C7 FE        -  call ShadowOfWar.exe+4CE568
"ShadowOfWar.exe"+1857300: 49 83 C6 08           -  add r14,08
"ShadowOfWar.exe"+1857304: 48 FF C7              -  inc rdi
"ShadowOfWar.exe"+1857307: 48 3B FB              -  cmp rdi,rbx
"ShadowOfWar.exe"+185730A: 75 A7                 -  jne ShadowOfWar.exe+18572B3
"ShadowOfWar.exe"+185730C: 8B 85 90 01 00 00     -  mov eax,[rbp+00000190]
"ShadowOfWar.exe"+1857312: 48 8D 8D 98 01 00 00  -  lea rcx,[rbp+00000198]
"ShadowOfWar.exe"+1857319: 49 8B FC              -  mov rdi,r12
"ShadowOfWar.exe"+185731C: 4C 8D B5 98 01 00 00  -  lea r14,[rbp+00000198]
}


The above was what I had wrote and executes fine without crashes etc. except that GetAsyncKeyState seems to skips checking the key pressed or fails and always return 0. I have tested GetAsyncKeyState using createThread so that rules out the function not being available in x64 or that the dll isn't imported by the main executable. I did break and trace for both cases and without any reversing documentation of GetAsyncKeyState, all I could glean from it was that the execution path is different. Can someone enlighten me on why the behaviour is such? Thank you.
Back to top
View user's profile Send private message
SunBeam
I post too much
Reputation: 65

Joined: 25 Feb 2005
Posts: 4022
Location: Romania
PostPosted: Wed Oct 18, 2017 3:28 am    Post subject: Reply with quote
Should be 'test ax,ax", else that condition will never happen. See this: http://www.winasm.net/forum/index.php?showtopic=1879.

Code:
.WHILE !bLoop; WHY is this checking for a key press ?
 invoke GetAsyncKeyState,VK_ESCAPE
.IF ax != 0 <-- here :)
..
..

Just one example.

Peace,
Sun
Back to top
View user's profile Send private message
predprey
Master Cheater
Reputation: 24

Joined: 08 Oct 2015
Posts: 486
PostPosted: Wed Oct 18, 2017 5:39 am    Post subject: Reply with quote
Solved:
Code:
http://fearlessrevolution.com/viewtopic.php?f=4&t=5120&p=20847#p20847


Silly me
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites