View previous topic :: View next topic |
Author |
Message |
scorni How do I cheat? Reputation: 0
Joined: 18 Nov 2015 Posts: 4
|
Posted: Mon Sep 11, 2017 9:10 am Post subject: Get called asm function that was not called before |
|
|
Hello guys,
i have got a problem that keeps me from finishing my online game "hack".
The dll ist written in c++ and already works.
The program reads from the pointer that points on the Object ID of the players target and then runs a few lines of asm-code that pushes the object id as the parameter and calls the "SendAttack" function... the typical procedure of creating a gamehack... :>
Nevertheless i get some random kicks in the game, which are not caused by flooding "SendAttack-functions". If i set the timer to 1 second, sometimes i get a kick after the first function call. Sometimes i can call the function hundrets of times without a kick. So this happens really random.
I really dont know why this happens and how i can prevent this phenomenon.
I guess, that there is a function that checks for irregular function calls from dlls or something like that!? But on the other hand, i can call every other function as often as i want and i will not receive a kick. Its only happens at this specific "sendattack" function.
So maybe you have an idea how i can find with cheatengine what is causing the kick? I tought of a function like:
1. Make a list of all called functions within a timeframe
2. Make a list of all called function in a timeframe where i receive a kick caused by my hack
3. Show all functions that are in list two but not in list one
Would that be a effective way to find a possible solution? And how can this be done?
I appreciate all of your ideas and thoughts
(Sorry for my moderate english, its my 3rd language )
So long,
Arthur aka scorni
|
|
Back to top |
|
|
atom0s Moderator Reputation: 199
Joined: 25 Jan 2006 Posts: 8518 Location: 127.0.0.1
|
Posted: Mon Sep 11, 2017 2:33 pm Post subject: |
|
|
Perhaps there is other bits in the 'SendAttack' function that need to be handled such as a param that is sent to the function has to have a sub-param set within its own data.
Think of it like:
Code: | class Entity
{
unsigned int m_Id;
char* m_Name;
float m_Health;
float m_Mana;
unsigned int m_TargetId;
}; |
In this case, lets say SendAttack is called by passing it an entity object as the owner:
Code: | SendAttack(playerEntity);
// Where playerEntity is an instance of Entity. |
That said, SendAttack checks and uses the playerEntity's class variable 'm_TargetId' to know which target to attack. If this is not set properly, the game may kick you for an invalid attack attempt.
Just one way that I have seen this in my experiences.
_________________
- Retired. |
|
Back to top |
|
|
scorni How do I cheat? Reputation: 0
Joined: 18 Nov 2015 Posts: 4
|
Posted: Tue Sep 12, 2017 1:10 am Post subject: |
|
|
Thank you for your fast answer!
I double checked the asm calls and can't find anything that needs more than just the ID of the target :/
If i attack the enemy ingame and check the asm code step by step i can see, that three parameters are pushed which are
1. 0x4EAC
2. ptr ds[ register ] which seems to alwys be 0.
3. Target ID
So i just push 4eax and 0 as constants and the target id which was read from the memory.
On every other server/client of this game this method just works really finde and i NEVER get a disconnect.
So there has to be a function that somehow checks for correct calls. Or maybe a function that checks if the character is sending attack calls without attacking the enemy!?
I am so cluesless... I wrote so many dlls and function calls for this game, but never for this one special server. It really freaks me out that i cant find the solution since serveral weeks :/
|
|
Back to top |
|
|
scorni How do I cheat? Reputation: 0
Joined: 18 Nov 2015 Posts: 4
|
Posted: Wed Sep 13, 2017 2:34 am Post subject: |
|
|
Soo i guess i found the solution... If i create a dll with constant asm parameters it already works. I just have to do some more reverse engineering to get all pointers.
I was trying to call a function that looks similar to this
Quote: | SendAttackPacket(uSkill, dwVIDVictim); |
It seems like that the function, that is calling the sendattackpacket has a check routine or something like this, so in future i will call the function that is one step over the sendattackpacket.
Its the simple function Code: | OnHit(UINT uSkill, CActorInstance& rkActorVictim, BOOL isSendPacket) |
which just needs a pointer to the object that i want to attack
|
|
Back to top |
|
|
|