|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
movss Cheater Reputation: 0
Joined: 10 Feb 2018 Posts: 38
|
Posted: Mon Feb 12, 2018 3:49 am Post subject: How to define a specific address of a symbol? |
|
|
Sometimes, before the hook api function, the first 5 bytes have been hooked,The first 5 bytes are often fixed:
mov edi ,edi
push ebp
mov ebp,esp
So, I think, can you hook the first 6 bytes of the function?don't care be hooked or not
But generateAPIHookScript () need to provide a symbol, how to define a symbol, it is equal to the function address +5?
_________________
A wild programmer |
|
Back to top |
|
|
FreeER Grandmaster Cheater Supreme Reputation: 53
Joined: 09 Aug 2013 Posts: 1091
|
Posted: Mon Feb 12, 2018 6:03 am Post subject: |
|
|
Quickest answer would be to simply try it... here's the result of putting 0054E930, 0057E930, and 436345 in the boxes.
Code: |
alloc(originalcall,2048)
label(returnhere)
436345:
dd originalcall
originalcall:
mov byte ptr [0054F500],00
jmp returnhere
0054E930:
jmp 0057E930
nop
nop
returnhere:
|
in fact if you put in a,b,c then you get Code: |
alloc(originalcall,2048)
label(returnhere)
c:
dd originalcall
originalcall:
??
??
??
??
??
jmp returnhere
a:
jmp b
returnhere:
| presumably if they were registered symbols it could have copied the actual instruction but they weren't.
|
|
Back to top |
|
|
movss Cheater Reputation: 0
Joined: 10 Feb 2018 Posts: 38
|
Posted: Mon Feb 12, 2018 7:56 am Post subject: |
|
|
i know this ,
but how write use generateAPIHookScript ()?
generateAPIHookScript () looks likes detours,,also has a bridge function
_________________
A wild programmer |
|
Back to top |
|
|
FreeER Grandmaster Cheater Supreme Reputation: 53
Joined: 09 Aug 2013 Posts: 1091
|
Posted: Mon Feb 12, 2018 8:11 am Post subject: |
|
|
Well if you look at the code generated it's pretty clear that it takes an address to write a jmp at, the address to jmp to, and (optionally) an address to write the address of the allocated memory (originalcall label) to.
If you don't already have an address you want it to jump to then you're probably better off just using either the full injection or aobscan template which do allocate memory for it to jump to.
Personally I don't believe I've ever wanted to hook the start of a function to do anything more than ret, or move a constant value in rax and then ret, which rarely needs to jump to new memory since just the prologue is usually large enough for that (and it returns so what the rest of the code looks like doesn't matter). But then I'm not usually trying to "mod" the game, just hack a few things to eliminate grinding or max stats for some quick power-fantasy fun.
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|