| View previous topic :: View next topic |
| Author |
Message |
12103com
Newbie cheater
![]() Reputation: 0
Joined: 12 Jul 2014
Posts: 14
|
 Posted: Fri Feb 03, 2017 2:28 pm Post subject: Trying to call method of class but I crash |
 |
|
so this is my aa code, to push the xp I want to give myself and then push self
| Code: | alloc(myc, 512)
createthread(myc)
myc:
push 90000
push 5DAD3000
call 9DD58500
ret |
90000 is supposed to be the parameter exp
5DAD3000 is the class (or self, im not sure if i need this)
9DD58500 is the function i got from mono jit
the function returns void
this is what the function looks like inside reflector
| Code: |
public override void AddExp(int exp)
{
base.AddExp(exp);
base.bPlayerStatsChanged = true;
}
|
im probably doing everything ass backwards so i need help
Last edited by 12103com on Fri Feb 03, 2017 2:30 pm; edited 1 time in total |
|
| Back to top |
|
 |
SunBeam
I post too much
 Reputation: 65
Joined: 25 Feb 2005
Posts: 4023
Location: Romania
|
|
| Back to top |
|
|
12103com
Newbie cheater
![]() Reputation: 0
Joined: 12 Jul 2014
Posts: 14
|
| Posted: Fri Feb 03, 2017 2:49 pm Post subject: |
|
|
| SunBeam wrote: | | Read this: . |
this won't work. the gui in memory viewer doesn't work either.
is there any way to find out why i am crashing
|
|
| Back to top |
|
|
panraven
Grandmaster Cheater
![]() Reputation: 62
Joined: 01 Oct 2008
Posts: 958
|
| Posted: Fri Feb 03, 2017 3:06 pm Post subject: |
|
|
Try check the convention links, you may only need further identify what convention mono use, which can be check via ce disassembler view.
Anyway, mono 32bit is caller clean up, so it need to fix the stack after the method return.
Follow how mono managed call , may try
(32 bit)
| Code: |
sub esp,08
push <exp>
push <this pointer>
call AddExp
add esp,10
|
(64 bit)
| Code: |
sub rsp,20
mov rdx,<exp>
mov rcx,<this pointer>
mov rax,AddExp // or any free register
call rax
add rsp,20
|
bye~
_________________
- Retarded. |
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25807
Location: The netherlands
|
| Posted: Fri Feb 03, 2017 5:50 pm Post subject: |
|
|
To be able to call mono functions your thread must have called mono_thread_attach with the domain of the mono process, else it won't have the TLB properly setup
e.g:
| Code: |
alloc(self,4)
call mono.mono_get_root_domain
call mono.mono_thread_attach
mov [self],eax
...do your stuff...
push [self]
call mono.mono_thread_detach
ret 4
|
also, mono script function mono_invoke_method(domain, method, object, args) might be useful (though never tried to use it)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Hatschi
Master Cheater
![]() Reputation: 2
Joined: 28 Jan 2010
Posts: 327
|
| Posted: Sun Apr 09, 2017 4:55 am Post subject: |
|
|
@Dark Byte:
I have some trouble to get it working. I have a 64bit unity game with a mono method I would like to call.
The mono method looks like this:
| Code: |
Private Function AddEXP(ByVal args As String()) As String
Player.EXP += 50
Return Nothing
End Function |
I have the following script:
| Code: |
alloc(mythread, 512)
createthread(mythread)
mythread:
alloc(self,8)
call mono.mono_get_root_domain
call mono.mono_thread_attach
mov [self],rax
push 1AEC4C40 // address of the mono method
call mono.mono_runtime_invoke
sub rsp,8
push [self]
call mono.mono_thread_detach
ret 8 |
but it crashes my game. What am I doing wrong?
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25807
Location: The netherlands
|
| Posted: Sun Apr 09, 2017 5:37 am Post subject: |
|
|
my script is not copy pastable, you need to fix it (stack/param thingies)
check out the other topic asked recently, it contains a proper script
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Hatschi
Master Cheater
![]() Reputation: 2
Joined: 28 Jan 2010
Posts: 327
|
| Posted: Sun Apr 09, 2017 6:29 am Post subject: |
|
|
If you are referring to http://forum.cheatengine.org/viewtopic.php?t=604041 its for a 32bit game. I've tried to change it as I have a 64bit game but it still crashes and I cannot step through it to see what I am doing wrong.
| Code: |
define(expAddress, "Player:AddEXP")
alloc(mythread,512)
createthread(mythread)
alloc(self,8)
mythread:
mov rax,0
call mono.mono_get_root_domain
push rax
call mono.mono_thread_attach
sub rsp,8
mov [self],rax
push 0
call expAddress
push [self]
call mono.mono_thread_detach
sub rsp,8
ret 8
|
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
 Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Sun Apr 09, 2017 7:02 am Post subject: |
|
|
Not tested:
| Code: | define(expAddress, "Player:AddEXP")
alloc(mythread,512)
createthread(mythread)
alloc(self,8)
mythread:
sub rsp,28
call mono.mono_get_root_domain
mov rcx,rax
call mono.mono_thread_attach
mov [self],rax
mov rcx,0
call expAddress
mov rcx,[self]
call mono.mono_thread_detach
add rsp,28
ret |
_________________
|
|
| Back to top |
|
|
Hatschi
Master Cheater
![]() Reputation: 2
Joined: 28 Jan 2010
Posts: 327
|
| Posted: Sun Apr 09, 2017 7:20 am Post subject: |
|
|
Yours work perfectly. What I don't undrstand is why you subtract 28 from RSP.
When dealing with stack I thought that I only need to subtract the things I've added to it.
For example
push eax
adds 4 on the stack (where push rax adds 8 to it).
So after the call I have to pop alias subtract it.
But your method I dont understand.
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
