 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
boris semashko
How do I cheat?
![]() Reputation: 0
Joined: 28 Aug 2009
Posts: 7
|
 Posted: Sun Dec 13, 2009 12:51 am Post subject: [C++] replacing a function in compiled game |
 |
|
Hello guys,
I want to make a wrapper for function that is inside compiled game...i willl know the adress soon because this game stores the pointers to functions in struct.. so thats not a problem, but I wonder how can I replace this function with another, eg:
| Code: |
void MyFunction()
{
//...my code
OriginalGameFunction();
}
|
Can anyone tell me how to do it, are there any examples, etc?
edit: I forget to mention,
I can use GetProcAdress to get adress to function that return struct with game's API... but I dont know how to 'wrap' those api functions into my programm
any help appreciated 
|
|
| Back to top |
|
 |
Guy
Expert Cheater
![]() Reputation: 0
Joined: 30 May 2009
Posts: 187
|
| Posted: Sun Dec 13, 2009 9:43 am Post subject: |
|
|
This is where "hooking" comes into play.
You can simply "hook" the function in question so that it calls your function instead; there are many libraries that automate this for you, so it's rather easy to do.
Once you get the address of a function, you'll have to use a function cast to use it.
This can be done defining it with a typedef special definition, or through any type of cast (C-Style cast being the preferred method).
For example, to call the following function:
| Code: |
int __cdecl SetHP(int hp, int ap)
{
MyHP = hp;
MyAP = ap;
return( MyHP - MyAP );
}
|
If this is found at address 0x00401000, you could do:
((int(__cdecl *)(int,int)) 0x00401000)(desired-hp-here, desired-ap-here);
The above basically is:
((return value(calling convention *)(parameter types)) function address)(value for parameters);
The calling convention is almost always going to be either __cdecl or __thiscall; good luck!
_________________
Has anyone seen Hitler around..? If so, PM me! |
|
| Back to top |
|
|
boris semashko
How do I cheat?
![]() Reputation: 0
Joined: 28 Aug 2009
Posts: 7
|
| Posted: Sun Dec 13, 2009 1:15 pm Post subject: |
|
|
Thanks for reply, but I still dont get it..
I already know how to replace and use pointers to functions.., but
I have a problem with 'getting my code into other game'
First I tried compiling dll's replacement for that app (with the same function names for "GetProcAdress", and calling original dll funcs inside them) but it didnt work corretly because game also tries to use class-function export from its dll, but it crash because there are no such things in my replacement...
so, do you know any other ways to get read/write acces to data that flows between game.exe and its dll? I can use "GetProcAdress" to get pointers to dll's function?
ps: please do not tell me about the 3rd party hacking applications, i want do everything myself.... c++ ofc
|
|
| Back to top |
|
|
Guy
Expert Cheater
![]() Reputation: 0
Joined: 30 May 2009
Posts: 187
|
| Posted: Sun Dec 13, 2009 1:50 pm Post subject: |
|
|
| boris semashko wrote: | Thanks for reply, but I still dont get it..
I already know how to replace and use pointers to functions.., but
I have a problem with 'getting my code into other game'
First I tried compiling dll's replacement for that app (with the same function names for "GetProcAdress", and calling original dll funcs inside them) but it didnt work corretly because game also tries to use class-function export from its dll, but it crash because there are no such things in my replacement...
so, do you know any other ways to get read/write acces to data that flows between game.exe and its dll? I can use "GetProcAdress" to get pointers to dll's function?
ps: please do not tell me about the 3rd party hacking applications, i want do everything myself.... c++ ofc |
Use a DLL and have it injected into the application (LoadLibraryA + CreateRemoteThread).
As I told you, hook any calls you want to be changed; for ones you want to call, use function casts.
_________________
Has anyone seen Hitler around..? If so, PM me! |
|
| Back to top |
|
|
boris semashko
How do I cheat?
![]() Reputation: 0
Joined: 28 Aug 2009
Posts: 7
|
| Posted: Sun Dec 13, 2009 2:09 pm Post subject: |
|
|
right, I was wrong,
thanks for help
Last edited by boris semashko on Sun Dec 13, 2009 4:28 pm; edited 1 time in total |
|
| Back to top |
|
|
Guy
Expert Cheater
![]() Reputation: 0
Joined: 30 May 2009
Posts: 187
|
| Posted: Sun Dec 13, 2009 2:49 pm Post subject: |
|
|
| boris semashko wrote: | hmm now that makes sense, thanks...
I got another question, it also fit to this thread:
how can I get the adress of LoadLibraryA and GetProcAdress functions (to replace it?)
I know that hooked exe call LoadLibraryA function... and I know the thats possible, I *compiled* myself in past hack that used hook to LoadLibraryA, but LoadLibraryA adress from it doesnt match with my game - it simple crash
I tried to search for exe imports from kernel32 but two adresses that I found doesnt work too... |
When you use LoadLibraryA in your module, it'll locate the IAT for the main executable and call the function for you. It shouldn't crash.
_________________
Has anyone seen Hitler around..? If so, PM me! |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
