| View previous topic :: View next topic |
| Author |
Message |
Sweetez
How do I cheat?
![]() Reputation: 0
Joined: 17 Jan 2010
Posts: 2
|
 Posted: Mon Aug 12, 2013 7:42 am Post subject: How to get all address who call certain function |
 |
|
Is it possible to get all list of address that call certain function/address?
if so then how?
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25806
Location: The netherlands
|
| Posted: Mon Aug 12, 2013 9:05 am Post subject: |
|
|
If it's a normal function (not a class method) then try the code dissect tool
Else you have to capture the calls to the function manually
e.g: This lua code will record all the callers of PeekMessageW
| Code: |
callers={}
function store(parameter)
if (callers[parameter]==nil) then
callers[parameter]=1
else
callers[parameter]=callers[parameter]+1
end
end
function getCallers()
for caller,count in pairs(callers) do
print(string.format("%x : %d", caller, count))
end
end
autoAssemble([[
loadlibrary(luaclient-i386.dll)
luacall(openLuaServer('CELUASERVER'))
globalalloc(luainit, 128)
globalalloc(LuaFunctionCall, 128)
label(luainit_exit)
globalalloc(luaserverinitialized, 4)
globalalloc(luaservername, 12)
luaservername:
db 'CELUASERVER',0
luainit:
cmp [luaserverinitialized],0
jne luainit_exit
push luaservername
call CELUA_Initialize //this function is defined in the luaclient dll
mov [luaserverinitialized],eax
luainit_exit:
ret
LuaFunctionCall:
push ebp
mov ebp,esp
call luainit
push [ebp+c]
push [ebp+8]
call CELUA_ExecuteFunction
pop ebp
ret 8
alloc(newmem,2048)
alloc(storecaller, 2048)
label(returnhere)
label(originalcode)
label(exit)
storecaller:
db 'store(parameter)',0
//------------Modify this part:--------------------
newmem:
mov eax,[esp]
push eax
push storecaller
call LuaFunctionCall
originalcode:
mov edi,edi
push ebp
mov ebp,esp
exit:
jmp returnhere
"USER32.dll"+205BA: //peekMessageW
jmp newmem
returnhere:
]])
|
Modify the last part of the script to your hook position
(you can also use breakpoints and an onBreakpoint function instead of the lua call)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Sweetez
How do I cheat?
![]() Reputation: 0
Joined: 17 Jan 2010
Posts: 2
|
| Posted: Mon Aug 12, 2013 10:30 am Post subject: |
|
|
Do i have to remove assemble code in newmem: that you write?
the game crash once the game call that function. this is so weird
thanks Dark Byte
EDIT: i have remove
| Code: | | call LuaFunctionCall |
and the game work perfectly. what should i do then?
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25806
Location: The netherlands
|
| Posted: Mon Aug 12, 2013 10:56 am Post subject: |
|
|
Store tbe registers and restore them after the call (pushad popad, note that esp will change, so use ebp+4 to find the caller, depending on where your hook is
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
