Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Calling fire function in Jazz Jackrabbit 2

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
Henk
How do I cheat?
Reputation: 0

Joined: 16 Jan 2018
Posts: 2

PostPosted: Tue Jan 16, 2018 3:40 pm    Post subject: Calling fire function in Jazz Jackrabbit 2 Reply with quote

I've been trying to call the fire function in Jazz Jackrabbit 2 and I've been trying for hours and hours, but I keep crashing my game when I allocate memory and then create a thread.

I found out that the actual calling of the fire function happens at the following line:
Code:
Jazz2.exe+34E2D - E8 EE31FFFF           - call Jazz2.exe+28020

When I do for example an AOB injection and repeat the line that calls the function (call Jazz2.exe+28020), I can see that the actual firing action is triggered multiple times.

However, allocating memory and creating a thread with the following code doesn't work:
Code:
call Jazz2.exe+28020
ret

I know I have to push stuff on the stack and set registers, but how do I find out what I have to set? My cheat table, which contains a lot of memory addresses and some scripts, can be found on this Pastebin: pastebin[dot]com/ZP6620iC.

Please push me into the right direction. Smile
Back to top
View user's profile Send private message
FreeER
Grandmaster Cheater Supreme
Reputation: 53

Joined: 09 Aug 2013
Posts: 1091

PostPosted: Tue Jan 16, 2018 4:47 pm    Post subject: Reply with quote

look at what the code that calls it does and how those values are used inside the function, in other words, reverse engineer the code to the point that you understand what it does and how it works.
Back to top
View user's profile Send private message
Henk
How do I cheat?
Reputation: 0

Joined: 16 Jan 2018
Posts: 2

PostPosted: Wed Jan 24, 2018 12:54 pm    Post subject: Reply with quote

That's what I've done, but are there any methods to support and improve the process of doing this? I have no idea where to start.
Back to top
View user's profile Send private message
FreeER
Grandmaster Cheater Supreme
Reputation: 53

Joined: 09 Aug 2013
Posts: 1091

PostPosted: Wed Jan 24, 2018 3:34 pm    Post subject: Reply with quote

I really haven't done a lot of reversing on that level so all I could mention are a few popular debuggers like CE, Ollydbg, x64dbg, and IDA (most specifically the graph view which tries to show functions/loops as discrete things rather than all just one execution flow, though it has that too).

Look on some sites dedicated to reverse engineering hacking and see what tools they recommend.
Back to top
View user's profile Send private message
TheyCallMeTim13
Wiki Contributor
Reputation: 50

Joined: 24 Feb 2017
Posts: 976
Location: Pluto

PostPosted: Wed Jan 24, 2018 3:49 pm    Post subject: Reply with quote

I haven't messed with it my self yet, but I came across this in the "celua.txt" file:
Code:

executeCode(address, parameter OPTIONAL, timeout OPTIONAL) : address - Executes a stdcall function with 1 parameter at the given address in the target process  and wait for it to return. The return value is the result of the function that was called


Not sure if this will help but perhaps.

EDIT:
I would listen to @FreeER on this one my self. This was more if you now how the function works and only uses 1 argument.

_________________


Last edited by TheyCallMeTim13 on Wed Jan 24, 2018 4:28 pm; edited 1 time in total
Back to top
View user's profile Send private message Visit poster's website
FreeER
Grandmaster Cheater Supreme
Reputation: 53

Joined: 09 Aug 2013
Posts: 1091

PostPosted: Wed Jan 24, 2018 4:19 pm    Post subject: Reply with quote

TLDR: you still have to fully understand the function, it's mostly just a different way to use the asm createThread.

executeCode only allows 1 (pointer) argument and is for stdcall functions, so not generally useful to directly call game functions since they typically require multiple.

The way it tends to get used (excluding the rare win api function that take a single argument) is by using autoAssemble to create a function that takes a pointer to arguments in memory and setups up the call to the function you actually want, calls it, and returns the result, you'd then have a lua function which took the arguments, wrote them to memory and called executeCode on the asm wrapper with the address of the arguments in memory.

When I asked DB about multi-argument executeCode awhile back he mentioned several of the challenges with supporting the different standards (even x64 uses xmm registers for floats not just rcx, rdx, etc.) but did provide this https://pastebin.com/raw/NcPUe4XL as a kind of example. Haven't really needed it since then so never worked on it more though...
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites