Cheat Engine

Rectangle · Posted: Tue Mar 26, 2013 3:44 pm Post subject: Calling a function pointer?

Is it possible to find the starting offset of a function (i.e, using AOBScan)and then use that address as a function pointer?
How would you call that function?

Dark Byte · Posted: Tue Mar 26, 2013 3:52 pm Post subject:

Find an often called function in the thread that usually calls that function and do a code injection there. (preferably a injected dll)

In that injected code you can call the function one time(set the proper class object in ecx, stack parameters, etc...) and set a variable to 1 indicating it has been called, so it won't call it again. (set to 0 if you want to call it again)
Using a critical section is recommended in case the code you picked is called by multiple threads

Rectangle · Posted: Wed Mar 27, 2013 12:19 pm Post subject:

Sweet! Is there a way of programmatically finding the size (in bytes) of it's parameters? I'd hate to get the func pointer code right, but think it's wrong due to an access violation, page fault, etc.

Dark Byte · Posted: Wed Mar 27, 2013 12:37 pm Post subject:

make sure you have the calling method correct.

if it's a normal stdcall then the "ret xxx" will contain the bytesize of the parameters

if it's cdecl then you need to step through the function with a debugger and find the caller. That one will be responsible for popping off the variables of the stack

Rectangle · Posted: Wed Mar 27, 2013 5:41 pm Post subject:

Alternatively, I suppose an easy way of distinguishing between the two would be to switch the function declaration to each decl type and see which call gives that "the value of esp was not properly saved across a function call" error.
Thanks again, DB!