 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
lawrenc3
Newbie cheater
![]() Reputation: 0
Joined: 22 Mar 2020
Posts: 10
|
 Posted: Sun Mar 22, 2020 10:40 pm Post subject: calling function doesn't work |
 |
|
hello, I'm trying to recall that function:
(the green one on the attached image) inside the CE tutorial-x86_64 (on step 2).
What I'm trying to do is now code injection:
| Code: | alloc(newmem,2048,"Tutorial-x86_64.exe"+A60F1)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
originalcode:
push rax
push rbx
push rcx
push rdx
call qword ptr [rax+000001F0]
retn
exit:
jmp returnhere
"Tutorial-x86_64.exe"+A60F1:
jmp newmem
nop
returnhere: |
on an allocated memory and then I create a thread on those instruction manually on the memory viewer, but it crashes. Why? How can i fix that?
thank you
| Description: |
|
| Filesize: |
80.91 KB |
| Viewed: |
1127 Time(s) |
|
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 458
Joined: 09 May 2003
Posts: 25288
Location: The netherlands
|
| Posted: Mon Mar 23, 2020 3:36 am Post subject: |
|
|
you need to use the correct calling convention , parametercount and stack preparation
in 64 bit you must align the stack so it's dividable by 16 (rsp ends with 0) before you can call a function (after function entries it's usually unaligned so subtract rsp with 8 in that case)
also parameters are entered using rcx,rdx,r8 and r9 and storage space for those is also allocated in the stack (so subtract rsp by 0x20 more)
after the call add to the rsp till it's back to original and then you can leave the function
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
lawrenc3
Newbie cheater
![]() Reputation: 0
Joined: 22 Mar 2020
Posts: 10
|
| Posted: Mon Mar 23, 2020 11:41 am Post subject: |
|
|
| Dark Byte wrote: | you need to use the correct calling convention , parametercount and stack preparation
in 64 bit you must align the stack so it's dividable by 16 (rsp ends with 0) before you can call a function (after function entries it's usually unaligned so subtract rsp with 8 in that case)
also parameters are entered using rcx,rdx,r8 and r9 and storage space for those is also allocated in the stack (so subtract rsp by 0x20 more)
after the call add to the rsp till it's back to original and then you can leave the function |
hi, first of all I'm very grateful you replied me. Excuse my ignorance, this is the result of the code I'm trying up, where "deadbeef" is an address of allocated memory:
| Code: | deadbeef:
{ preparing stack }
push rbp
mov rbp,rsp
{ incomplete code}
and rbp, -16
call qword ptr [rax+1f0] { call 'hit me' function }
{ incomplete code }
|
these are my questions:
1. how can I know the correct calling convention?
2. how can I know the correct parameter count?
| Quote: | | also parameters are entered using rcx,rdx,r8 and r9 and storage space for those is also allocated in the stack |
3. how do you know that parameters are entered using rcx,rdx,r8 and r9?
how can I know those values?
since I'm a very newbie-beginner in ASM compared to your skills, can I ask you to treat me like that?
|
|
| Back to top |
|
|
lawrenc3
Newbie cheater
![]() Reputation: 0
Joined: 22 Mar 2020
Posts: 10
|
| Posted: Tue Mar 24, 2020 8:00 pm Post subject: |
|
|
| Anyone can help?
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
 Reputation: 140
Joined: 06 Jul 2014
Posts: 4289
|
| Posted: Tue Mar 24, 2020 9:17 pm Post subject: |
|
|
The answer to both 1 and 2 is that you read the code and figure it out.
As for 3, it's because people have agreed to define it that way. That's why it's called a calling convention.
Learn stuff by searching for it. e.g. x86/x64 calling conventions, x86/x64 instruction set references, maybe practice using crackmes or reading output from compiled languages, etc.
In this case, find out where rax is coming from (e.g. pointer / code injection) or go further up the callstack to get to a non-dynamic call. Figure out what the parameters are, how they're used, and how to either get them or generate them yourself.
Based on how much it looks like you know now, this will take you a long time to do, and you shouldn't expect anyone to hold your hand through any of it.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
