View previous topic :: View next topic |
Author |
Message |
stanoja Cheater Reputation: 0
Joined: 08 Mar 2007 Posts: 33 Location: Mk.
|
Posted: Wed Dec 24, 2014 1:26 am Post subject: Need a help with DLL |
|
|
Guys, it's 6 AM and I've been stuck all night with this problem. I'm trying to write a dll in visual c++ with some simple functions like add 100, 1000 to a given value.
I've tried the guide on the wiki about auto assembly example 3 (http://wiki.cheatengine.org/index.php?title=Auto_Assembler_Example_3#Injecting_The_DLL) and I manage to load the example dll and use the fnDllTest2, but my function doesn't "work" or my assembly script is screwed up.
These are the 2 functions, one of them works, the other one brings back a constant value, and it's not an address to a value as I've tried.
Code: |
__declspec(dllexport) int __stdcall fnTestDll2(int a, int b)
{
nTestDll++;
return a * 2 + b;
}
__declspec(dllexport) int __stdcall fnIncSto(int br)
{
return br+1000;
}
|
part of my assembly script:
Code: |
...
alloc(_TMPVAR,4)
alloc(_TMPVAR2,4)
registersymbol(_TMPVAR)
registersymbol(_TMPVAR2)
_TMPVAR2:
db FF 00 00 00 //give it some starting value, 255
...
push eax
push 5
push 12
call fnTestDll2
mov [_TMPVAR],eax
push [_TMPVAR2]
call fnIncSto
mov [_TMPVAR2], eax
pop eax
|
For the first function (test fnTestDll2) it works, for my fn it gives unrecognizable (by me) results.
Any help or suggestions?
Thanks in advance!
EDIT: Is the global integer nTestDll only an example of a global variable or it has some function not know to part of the mankind?
_________________
Busy thinking... |
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Wed Dec 24, 2014 4:56 am Post subject: |
|
|
i'm not sure what you expect and what you get so i can't really help
you do know that those pushed values are in hexadecimal?
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
stanoja Cheater Reputation: 0
Joined: 08 Mar 2007 Posts: 33 Location: Mk.
|
|
Back to top |
|
|
stanoja Cheater Reputation: 0
Joined: 08 Mar 2007 Posts: 33 Location: Mk.
|
Posted: Wed Dec 24, 2014 5:58 pm Post subject: |
|
|
If I allocate 4 bytes for my "variable" and push it's value into the stack it doesn't bring up the desired result.
If I allocate 2 bytes and push it into the stack it works flawlessly!
So, widening up the argument from int to int64/long?
EDIT: Making the function and the argument from int to long doesn't work. I really have no idea what to do. Any suggestions?
_________________
Busy thinking... |
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Wed Dec 24, 2014 6:55 pm Post subject: |
|
|
It all depends on the variable types you're working with.
if you push _TMPVAR2 it will push the address of _tmpvar2
if you push [_tmpvar2] it will push the value of _tmpvar2
(You haven't posted the code you're working with so we can't really help with details like variable types and levels of indirection. A simple & or * can change a lot)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
stanoja Cheater Reputation: 0
Joined: 08 Mar 2007 Posts: 33 Location: Mk.
|
Posted: Wed Dec 24, 2014 7:54 pm Post subject: |
|
|
Dark Byte wrote: | It all depends on the variable types you're working with.
(You haven't posted the code you're working with so we can't really help with details like variable types and levels of indirection. A simple & or * can change a lot) |
You're right, I was too busy today and I completely misread the part of placing my code. So, here it is!
The assembly script:
Code: |
[ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
alloc(_PLAYER_ADDRESS,4)
alloc(_TMPVAR,4)
alloc(_TMPVAR2,4)
registersymbol(_PLAYER_ADDRESS)
registersymbol(_TMPVAR)
registersymbol(_TMPVAR2)
_TMPVAR2:
db 00 00 00 23
newmem:
mov [_PLAYER_ADDRESS], esi
loadlibrary(C:\Users\Stanoje\Documents\Visual Studio 2012\Projects\Staddon.dll\Debug\Staddon.dll)
push eax
push 5
push 12
call fnTestDll2
mov [_TMPVAR],eax
push _TMPVAR2
call fnIncSto
mov [_TMPVAR2], eax
pop eax
originalcode:
mov [esi+00000CEC],eax
exit:
jmp returnhere
"Game.dll"+1BE536:
jmp newmem
nop
returnhere:
[DISABLE]
//dealloc(_PLAYER_ADDRESS)
dealloc(newmem)
"Game.dll"+1BE536:
mov [esi+00000CEC],eax
|
Have in mind that it's not finished yet.
Explanation: Actually what I'm doing is replacing the code when you buy/sell an item in the game, it finds the address of the player class (of course only the "esi" value, without the offset 0x00000CEC) and it put it into a global "variable". So I use that variable into my cheat table for a well known purpose - with specific offsets I find the health, mana, GOLD, experience and stuff.
Here is the dll code:
Code: |
// Staddon.dll.cpp : Defines the exported functions for the DLL application.
//
#include "stdafx.h"
extern "C"
{
__declspec(dllexport) int nTestDll=9999;
//lua del
__declspec(dllexport) int fnTestDll(int a, int b)
{
nTestDll++;
return a * 2 + b;
}
//assembly del
__declspec(dllexport) int __stdcall fnTestDll2(int a, int b)
{
nTestDll++;
return a * 2 + b;
}
__declspec(dllexport) int __stdcall fnIncSto(int broj)
{
return broj+10000;
}
}
|
Explanation:
What I'm trying to do here is to use the DLL to, let's say, increment a experience/gold/maximum health/maximum mana/some-other-value by a given number, my case 1000. I don't want to interfere with lua, I find this way to be more suitable in my case; say I can use the dll later for another game with some major modifications.
The actual problem now is when I allocate 2 bytes it works. Push 4 bytes doesn't.
Thank you for your time DarkByte but If I manage to extend this thing to a bigger scale I'll write something about it
_________________
Busy thinking... |
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Wed Dec 24, 2014 8:14 pm Post subject: |
|
|
fnIncSto takes an integer, increases it with 10000 and returns it in eax
Code: |
push _TMPVAR2
call fnIncSto
mov [_TMPVAR2], eax
|
pushes passes the "address" of _TMPVAR2 to fnIncSto
so eax becomes the address of_TMPVAR2+10000
perhaps instead of passing the address, you might want to pass it the value, or change the function to dereference it to an integer *(int *)
you also don't seem to initialize TMPVAR2
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
stanoja Cheater Reputation: 0
Joined: 08 Mar 2007 Posts: 33 Location: Mk.
|
|
Back to top |
|
|
stanoja Cheater Reputation: 0
Joined: 08 Mar 2007 Posts: 33 Location: Mk.
|
Posted: Thu Dec 25, 2014 10:07 am Post subject: |
|
|
Solved!
The actual problem was all in changing the script, saving the script, and re-enabling it to apply the new changes. I was doing that unsynchronized. On top of that my Cheat Engine window and my game were up for 4 days, and I did restart everything, including my PC.
It all works now, Thanks a lot Dark Byte!
_________________
Busy thinking... |
|
Back to top |
|
|
|