| View previous topic :: View next topic |
| Author |
Message |
Roogue
Newbie cheater
![]() Reputation: 0
Joined: 31 May 2019
Posts: 14
|
 Posted: Tue Jun 04, 2019 5:36 am Post subject: CreateThread crashes |
 |
|
Hello guys, I got inside of my game a function called DoAttackMelee() who takes 3 parameters, so I use the following code :
alloc(create, 2000)
CREATETHREAD(create)
create:
push 0 (param 1)
push 1C (param 2)
push 008CD243 (pointer parameter 3)
call 04002345 (call func)
ret
i'm not doing ret 0C because it's already done in the function (at the end)
anyone have an idea ?
thanks
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25796
Location: The netherlands
|
| Posted: Tue Jun 04, 2019 8:07 am Post subject: |
|
|
How do you know that the functionname is DoAttackMelee? Is it a mono target?
If so, you need to attach the thread to the mono system first so that it's thread local storage can be configured properly
If not, and you got it from a pdb or something, then make sure the parameters are correct.
First thing I see is that you name the parameters wrong. You've got them in the wrong order(last parameter pushed is the first parameter). But assuming that's just a typo, then make sure that 008CD243 is the correct address.
Usually it'd be a class instance address that you have to scan for or get from a code injection somewhere else.
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Roogue
Newbie cheater
![]() Reputation: 0
Joined: 31 May 2019
Posts: 14
|
| Posted: Tue Jun 04, 2019 3:00 pm Post subject: |
|
|
| Dark Byte wrote: | How do you know that the functionname is DoAttackMelee? Is it a mono target?
If so, you need to attach the thread to the mono system first so that it's thread local storage can be configured properly
If not, and you got it from a pdb or something, then make sure the parameters are correct.
First thing I see is that you name the parameters wrong. You've got them in the wrong order(last parameter pushed is the first parameter). But assuming that's just a typo, then make sure that 008CD243 is the correct address.
Usually it'd be a class instance address that you have to scan for or get from a code injection somewhere else. |
Hello,
I know the function is DoAttackMelee because i traced it from the source code of the game.
I made an error in my original post, i pushed the parameters in the right order. I searched in memory view a function calling the DoAttackMelee function, and i looked the parameters pushed onto the stack before the function call and did exactly the same..
I think the program is crashing because in the AA code i posted in the original post there is a retn leading to nowhere...
Thanks for the help and hope someone will find the problem for me
|
|
| Back to top |
|
|
sbryzl
Master Cheater
![]() Reputation: 6
Joined: 25 Jul 2016
Posts: 252
|
| Posted: Wed Jun 05, 2019 7:47 am Post subject: |
|
|
| A return leads somewhere unless your stack is not aligned. It usually leads back to the beginning of the thread. If that's what you want then just ignore the stack and use a jmp create. Then you can trace it to see what the stack is doing. You should probably include a sleep too so it's not overbearing the processor.
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
 Reputation: 152
Joined: 06 Jul 2014
Posts: 4702
|
| Posted: Wed Jun 05, 2019 9:09 am Post subject: |
|
|
64-bit and 32-bit code have completely different calling conventions. Which is this?
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
