Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Confused about calling functions

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
SorryForTheInconvenience
How do I cheat?
Reputation: 0

Joined: 12 Sep 2017
Posts: 2

PostPosted: Tue Sep 12, 2017 9:13 am    Post subject: Confused about calling functions Reply with quote

I've been trying to call the 'open shortcut key page' function in Fallout 1 as an exercise. It doesn't appear to take any parameters since, at the function call, ebp = esp + AVeryLargeValue. I've injected some code such that when I right click in game, this shortcut page pops up. Most of the time it seems to work.

However, if I try to call the function without setting the registers (eax,ebx, etc) to the correct values beforehand, the game crashes. Even with the correct registers, the game will crash after a while.

From what I've read about function calling, apparently pushing the parameters is sufficient for the call to execute properly which confuses me. What about all the registers before it gets called? Surely these also contain vital information for the function to call successfully?

I believe the function in my case must be cdecl (although I'm probably wrong) and so none of the registers should be parameters. There's also a thing on Wikipedia about register preservation but I'm not really sure what that means.

I 'spose TL;DR: What is important about the registers when calling a function and why do the register values act as 'parameters'?

edit: I was able to call the function successfully without changing the registers. I now have a problem where calling using createthread doesn't work. Here's my code:

Code:

[ENABLE]
alloc(newmem,2048)
createthread(newmem)

newmem:
call falloutw.exe+3D130
ret

[DISABLE]
dealloc(newmem)


Seems as though it calls the function but any subsequent input into the game gives graphical glitches then a crash. Any thoughts?
Back to top
View user's profile Send private message
FreeER
Grandmaster Cheater Supreme
Reputation: 53

Joined: 09 Aug 2013
Posts: 1091

PostPosted: Tue Sep 12, 2017 11:53 am    Post subject: Reply with quote

Some general information:

Quote:
From what I've read about function calling, apparently pushing the parameters is sufficient for the call to execute properly
This depends on the calling convention, in x86 code cdecl and stdcall pass their arguments on the stack but there's also a fastcall conventions which tries to use 2 or
3 registers first, and I believe thiscall uses the stack except for the object pointer which goes in ECX. x64 only has 1 convention and does use registers (with RCX being the first), since there are so many you can often avoid pushing any arguments.

Quote:
What about all the registers before it gets called? Surely these also contain vital information for the function to call successfully
That depends on if they are used, and how. If the function simply overwrites the values then obviously it doesn't care about what they were set to before.

Quote:
There's also a thing on Wikipedia about register preservation but I'm not really sure what that means.
Some times a called function may not care about a value in the register but the function that called it does so the value needs to be saved if the called function is going to overwrite it. Certain registers are expected to be used/changed by all functions to do their work and so are "caller-saved" (meaning the calling function must save those values if it needs them after the call) while others are not so are "callee-saved" (the function being called is expected to save and restore, aka preserve, the values if it wants to use the registers).

If the function really doesn't use any registers then from my understanding you might be able to use just createthread(falloutw.exe+3D130) though since createThread allows you to pass 1 parameter which it expects the calling function to handle popping (stdcall) it's possible that your code should using ret 4 instead of just ret and that's causing the eventual crash...
Back to top
View user's profile Send private message
SorryForTheInconvenience
How do I cheat?
Reputation: 0

Joined: 12 Sep 2017
Posts: 2

PostPosted: Tue Sep 12, 2017 4:41 pm    Post subject: Reply with quote

Thanks for the explanation about conventions and registers, it really clears things up.

I tried ret 4 which didn't seem to work either. I had a look at the stack for my createthread script and it doesn't look like anything gets added to it which I need to remove. Once I call ret, the memory viewer goes to some kernel32 stuff which I assume is the terminate thread sequence. In contrast, ret 4 goes to some incorrect address.

I noticed also that the fallout 1 process pauses when the window is not focused. I then assigned a hotkey to my createthread script and after I executed it, everything worked.

edit: Turns out it didn't work. However, I decided to try and retain the registers before the call by pushing and popping. I also did sub esp,100 before the call and add esp,100 after to ensure the function I was calling didn't mess with any of the already existing stack (I don't know if there's a technical term for this method).
So yeah, after doing the above, my code is now:

Code:

[ENABLE]
globalalloc(newmem,2048)
createthread(newmem)
label(dbg)
registersymbol(dbg)

newmem:
push #1000
call sleep

push eax //push registers to be saved
push ebx
push ecx
push edx
push esi
push edi

sub esp,100
call falloutw.exe+3D130
add esp,100

pop edi //recover saved registers
pop esi
pop edx
pop ecx
pop ebx
pop eax

ret

dbg:
dd 1

[DISABLE]
dealloc(newmem)


edit 2: Okay so after some more testing it only works some of the time. I believe the function I'm calling waits for an input such as a mouse click. I don't know if this might be contributing to the issue.
However, the function itself calls with no issue and completes on the mouseclick. It's only when the createthread rets that it sometimes crashes. I really don't know what's going on here.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites