| View previous topic :: View next topic |
| Author |
Message |
randombitter
How do I cheat?
![]() Reputation: 0
Joined: 02 Jan 2019
Posts: 2
|
 Posted: Wed Jan 02, 2019 1:16 pm Post subject: Which calling convention is this? |
 |
|
Caller:
| Code: |
Game.exe+10233D - 8B 4D 0C - mov ecx,[ebp+0C]
Game.exe+102340 - 8B 55 08 - mov edx,[ebp+08]
Game.exe+102343 - 53 - push ebx//un-center?
Game.exe+102344 - 51 - push ecx//color
Game.exe+102345 - 50 - push eax//?
Game.exe+102346 - 52 - push edx//y-pos
Game.exe+102347 - 8B C7 - mov eax,edi//x-pos
Game.exe+102349 - 8B CE - mov ecx,esi //Char*
Game.exe+10234B - E8 30F7FFFF - call Game.exe+101A80 //--4 arguments in stack and 2 registers(eax,ecx)?
Game.exe+102350 - 5F - pop edi
Game.exe+102351 - 5E - pop esi
Game.exe+102352 - 5B - pop ebx
Game.exe+102353 - 5D - pop ebp
Game.exe+102354 - C2 0C00 - ret 000C { 12 }
|
Game.exe+101A80 begin:
| Code: |
Game.exe+101A80 - 55 - push ebp
Game.exe+101A81 - 8B EC - mov ebp,esp
Game.exe+101A83 - 83 EC 5C - sub esp,5C { 92 }
Game.exe+101A86 - 53 - push ebx
Game.exe+101A87 - 56 - push esi
Game.exe+101A88 - 57 - push edi
Game.exe+101A89 - 8B F0 - mov esi,eax
Game.exe+101A8B - 8B F9 - mov edi,ecx
...
|
Game.exe+101A80 return:
| Code: |
...
Game.exe+101C23 - 5F - pop edi
Game.exe+101C24 - 5E - pop esi
Game.exe+101C25 - 5B - pop ebx
Game.exe+101C26 - 8B E5 - mov esp,ebp
Game.exe+101C28 - 5D - pop ebp
Game.exe+101C29 - C2 1000 - ret 0010 { 16 }
|
the value pushed from ecx didn't seem to modify anything.
the register ecx(copied from esi) though is used.
both registers prepared before the call are used. and atleast 3 of the ones pushed to stack.
If it was __fastcall the registers should be ecx and edx(?). Here those are eax and ecx.
So how would one call this(Game.exe+101A80) conveniently from c++ or would asm be the better way to go?
Still not sure if this is the function i'd need to write stuff. But atleast it's a part of some drawing-function.[/code]
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 471
Joined: 09 May 2003
Posts: 25830
Location: The netherlands
|
| Posted: Wed Jan 02, 2019 1:39 pm Post subject: |
|
|
https://en.m.wikipedia.org/wiki/X86_calling_conventions
looks like "borland register" though stack param1 (ebp+8) is passed twice (edx and stack)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
randombitter
How do I cheat?
![]() Reputation: 0
Joined: 02 Jan 2019
Posts: 2
|
| Posted: Wed Jan 02, 2019 3:37 pm Post subject: |
|
|
Well i indeed got the drawText function to work through an asm call. Though it's not wise to call it directly from another thread.
Borland register seems to use 3 registers prior to stack. I guess this is some blzrd convention.
|
|
| Back to top |
|
|
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Thu Jan 03, 2019 4:41 am Post subject: |
|
|
Looks like a __thiscall to me. Main object being loaded into ECX is common for a class called function.
_________________
- Retired. |
|
| Back to top |
|
|
OldCheatEngineUser
Whateven rank
 Reputation: 20
Joined: 01 Feb 2016
Posts: 1586
|
| Posted: Thu Jan 03, 2019 1:44 pm Post subject: |
|
|
hybrid, this is what it seemed to me.
look at other function calls, you might figure out.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
