Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Calling a function using CreateRemoteThread

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
cioace9
How do I cheat?
Reputation: 0

Joined: 26 Jan 2016
Posts: 3

PostPosted: Tue Feb 14, 2017 11:13 am    Post subject: Calling a function using CreateRemoteThread Reply with quote

Hi guys. I'm beginner in cheat engine but i know c++ and i have a project which used assembly code. In this project, i need to call a function from client game and when i call this function i give crash at game, so my question is, how to put my value in parameters function like as this:

Code:


mov ecx,[0151800C]  // this is a pointer from Streaming
push [esp]
add ecx,04
mov eax,[ecx]
call dword ptr[eax+08] // until here, when i create thread in function, work perfectly

// test eax,eax
// je 00633D2F

mov ecx, eax // i don't know what is this
call 0061D1A0 // this is function from the game which i need to call for return value in eax
mov [004000000], eax // i put a fictive address for example where i stock value from eax.

ret



So, you can see "test" and "je" in comments because i no need to used it..


In bottom is my concept code
Code:


push VID // i set my VID value in parameters for send in function to call
mov ecx, eax
call 0061D1A0 //function to call
mov [address], eax // i give return value from call
ret



When i create a RemoteThread i give a crash but i don't know why? I change at final "ret" in "int 3" or "int 24" but again i give crash at game...
So, can help me to find error in my concept code?

_________________
Hacker
Back to top
View user's profile Send private message Yahoo Messenger
ulysse31
Master Cheater
Reputation: 2

Joined: 19 Mar 2015
Posts: 324
Location: Paris

PostPosted: Tue Feb 14, 2017 1:22 pm    Post subject: Reply with quote

Because it is unclear to me what the original not messed up code is, I can't tell you what is wrong but I can tell you a more effective way to proceed :

Step 1/
Use cheat engine to make a code template (in disasembler window ctrl+A )after allocating some memory that only belongs to you.

Step2/
In the allocated memory put your code
Code:

push VID // i set my VID value in parameters for send in function to call
mov ecx, eax
call 0061D1A0 //function to call
mov [address], eax // i give return value from call
add esp,4
ret

notice i added 4 to esp because you pushed VID (maybe that's not the only thing you did wrong)

Step 3/
Use cheat engine to create thread where you assembled your code (memory view -> tool -> create thread and give the virtual address

Step4/
Does it work as intended ? if not keep debugging (only debugging with CE is a lot faster than debugging by compiling code as byte to translate into asm and create remote thread), if yes go step 5

Step5/
Go in the hex viewer and copy the bytes corresponding to your assembled code.

Step6/
Put it in your compiler as an array of byte and use writeprocessmemory to write it, then createremote thread.
Note that for step 6 in order to format the bytes correctly and gain time i use some autoIt script.
Back to top
View user's profile Send private message
cioace9
How do I cheat?
Reputation: 0

Joined: 26 Jan 2016
Posts: 3

PostPosted: Tue Feb 14, 2017 1:51 pm    Post subject: Explicit Reply with quote

I know to use Auto Assembly ( CTRL+A -> CTRL+i) and assembly my code at allocate memory but this is not important now. Look at images.


4f43cdf9497947faa7404e37fadd9afa.png
 Description:
 Filesize:  24.49 KB
 Viewed:  18205 Time(s)

4f43cdf9497947faa7404e37fadd9afa.png



_________________
Hacker
Back to top
View user's profile Send private message Yahoo Messenger
ulysse31
Master Cheater
Reputation: 2

Joined: 19 Mar 2015
Posts: 324
Location: Paris

PostPosted: Wed Feb 15, 2017 3:13 am    Post subject: Reply with quote

Code:


push VID // i set my VID value in parameters for send in function to call
mov ecx, eax
call 0061D1A0 //function to call
mov [address], eax // i give return value from call
ret





If you modify the stack with push VID you need to to pop this value out of the stack afterwards, try this
push VID // i set my VID value in parameters for send in function to call
mov ecx, eax
call 0061D1A0 //function to call
mov [address], eax // i give return value from call
add esp,4
ret
Back to top
View user's profile Send private message
SunBeam
I post too much
Reputation: 65

Joined: 25 Feb 2005
Posts: 4022
Location: Romania

PostPosted: Wed Feb 15, 2017 3:37 am    Post subject: Reply with quote

In short, check if "61D1A0" is stdcall or cdecl.

stdcall

push a
push b
call 61D1A0

61D1A0:
push ebp
mov ebp,esp
..
pop ebp
ret 8 <- the number of params you pushed are resolved by the callee

cdecl

push a
push b
call 61D1A0
add esp,8 <- fix stack here

61D1A0:
push ebp
mov ebp,esp
..
pop ebp
ret <- there's a simple ret here, hence the stack needs to be resolved by the caller

BR,
Sun
Back to top
View user's profile Send private message
cioace9
How do I cheat?
Reputation: 0

Joined: 26 Jan 2016
Posts: 3

PostPosted: Fri Feb 17, 2017 9:53 am    Post subject: Resolve Reply with quote

Thank you guys, but i fix this function. The problem not was in "push vid" or "call function". The problem was in last call because i must to add push vid in "call dword ptr [ecx+08]" because this function give a parameter which change my vid in a new value for "call function". Is complicated but i fix that. Thanks again for help and replies guys!
_________________
Hacker
Back to top
View user's profile Send private message Yahoo Messenger
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites