| View previous topic :: View next topic |
| Author |
Message |
bhfff
Cheater
![]() Reputation: 0
Joined: 19 Jan 2017
Posts: 30
|
 Posted: Wed Oct 04, 2017 6:11 am Post subject: Call function makes the game crash |
 |
|
Code:
| Code: | [ENABLE]
globalalloc(JumpHack,100)
createthread(JumpHack)
label(endThread)
label(code)
registersymbol(endThread)
JumpHack:
code:
//code
add [esi+08],#10000
call "TE.exe"+C36EFB
add esp,4
//end code
cmp [endThread],#0
jne code
ret
jmp endThread
endThread:
dd 1
[DISABLE]
endThread:
dd 0
unregistersymbol(endThread)
|
Dunno what's causing the crash, I would love to know since I'm a newbie :)
The game is 32bit and the call is pointing to this: movss xmm0,[esi+08]
I even tried to replace the call with a jmp, but that doesn't change anything..
If you need more info just ask and I'll do my best to provide more accurate details!
|
|
| Back to top |
|
 |
OldCheatEngineUser
Whateven rank
 Reputation: 20
Joined: 01 Feb 2016
Posts: 1587
|
| Posted: Wed Oct 04, 2017 3:20 pm Post subject: |
|
|
- is there a ret inside that call?
- whats the point of the ret above "jmp endThread"?
- how would the thread know the current address of [esi+08]
- this is basically kinda looping, if it loops to fast and the game cant handle it then it will probably crash your game.
- question: what are you trying to do?
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
atom0s
Moderator
 Reputation: 198
Joined: 25 Jan 2006
Posts: 8517
Location: 127.0.0.1
|
| Posted: Wed Oct 04, 2017 6:52 pm Post subject: |
|
|
You are just randomly writing things like:
'add [esi+08],#10000'
at the start of your thread. You need to properly handle the registers for the new thread prior to trying to use them or call any functions.
Your 'jmp endThread' is also not needed and unreachable code anyway.
_________________
- Retired. |
|
| Back to top |
|
|
bhfff
Cheater
![]() Reputation: 0
Joined: 19 Jan 2017
Posts: 30
|
| Posted: Thu Oct 05, 2017 1:14 pm Post subject: |
|
|
| OldCheatEngineUser wrote: | - is there a ret inside that call?
- whats the point of the ret above "jmp endThread"?
- how would the thread know the current address of [esi+08]
- this is basically kinda looping, if it loops to fast and the game cant handle it then it will probably crash your game.
- question: what are you trying to do? |
- is there a ret inside that call?
Nope. And I can't add it because there's an integrity check.
- whats the point of the ret above "jmp endThread"?
I don't know.. I would have hoped it didn't crash.
- how would the thread know the current address of [esi+08]
I would love to know how to do that, like setting a breakpoint or something fast and accurate to get the address.
- this is basically kinda looping, if it loops to fast and the game cant handle it then it will probably crash your game.
I tried to add a sleep timer, but it still crashes.
- question: what are you trying to do?
Give a value to the [esi+08] I'm calling and hoping it affects all the addresses inside that. (u know what I'm trying to say, right?)
| atom0s wrote: | You are just randomly writing things like:
'add [esi+08],#10000'
at the start of your thread. You need to properly handle the registers for the new thread prior to trying to use them or call any functions.
Your 'jmp endThread' is also not needed and unreachable code anyway. |
You need to properly handle the registers for the new thread prior to trying to use them or call any functions.
I have no idea what that mean, could you give me an example? I'd love the idea of learning that!
Your 'jmp endThread' is also not needed and unreachable code anyway.
Thanks! Removed that code from another script.
|
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 198
Joined: 25 Jan 2006
Posts: 8517
Location: 127.0.0.1
|
| Posted: Thu Oct 05, 2017 1:25 pm Post subject: |
|
|
There is no universal way to do this for all functions. It depends on the function itself that is being called.
_________________
- Retired. |
|
| Back to top |
|
|
bhfff
Cheater
![]() Reputation: 0
Joined: 19 Jan 2017
Posts: 30
|
| Posted: Thu Oct 05, 2017 1:36 pm Post subject: |
|
|
| atom0s wrote: | | There is no universal way to do this for all functions. It depends on the function itself that is being called. |
To put it into a prospective, the full function is really big.
Once selected it goes from:
01036E10 to 010371B3
Here's an image with the opcode that I'm trying to "give" a specific value-
| Description: |
|
| Filesize: |
68.78 KB |
| Viewed: |
5136 Time(s) |
|
|
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 198
Joined: 25 Jan 2006
Posts: 8517
Location: 127.0.0.1
|
| Posted: Thu Oct 05, 2017 1:46 pm Post subject: |
|
|
Why not just cave that area and write to it that way?
_________________
- Retired. |
|
| Back to top |
|
|
bhfff
Cheater
![]() Reputation: 0
Joined: 19 Jan 2017
Posts: 30
|
| Posted: Thu Oct 05, 2017 4:08 pm Post subject: |
|
|
| atom0s wrote: | | Why not just cave that area and write to it that way? |
No. Now I feel an idiot.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
