Cheat Engine

pkedpker · Last edited by pkedpker on Wed Aug 20, 2008 11:39 pm; edited 3 times in total

lock

OLD TOPIC..

rapion124 · Posted: Fri Aug 15, 2008 7:28 pm Post subject:

pkedpker · Posted: Fri Aug 15, 2008 8:41 pm Post subject:

oh yah..

but umm it goes into RecvFunction() the jmp to OriRecvFunction works.. and it never does the lines after that.. thats my real problem.

plus what u wrote on top.. is going to give me encrypted packet! I want it to call decrypt function in game.. then give me the packet out.. but it returns wrong place after it calls it. thats why jmp has to be first.. not after.. cuz it has to call decrypt function first.

rapion124 · Posted: Fri Aug 15, 2008 8:52 pm Post subject:

Of course it doesn't... You jump to OriRecvFunction and execution continues there.

pkedpker · Posted: Fri Aug 15, 2008 11:05 pm Post subject:

exactly so how do i fix it? for it to continuue and give me some extra space to hook the eax ecx edi whatever i forgot but yah.. before it gets pop'd out

sponge · Posted: Fri Aug 15, 2008 11:18 pm Post subject:

pkedpker · Posted: Fri Aug 15, 2008 11:24 pm Post subject:

yab but its all filled up.. i can't remove anything bad u know.

sponge · Posted: Fri Aug 15, 2008 11:27 pm Post subject:

pkedpker · Posted: Sat Aug 16, 2008 1:10 am Post subject:

I did you mean use a jmp?

what u see above is exactly what i used.. and your telling me what I already used..

the problem is that the RETN from the decrypt function goes back to the old position not inside my detoured function!..

if that happens how can i control it ehh.........

thing is.. if i dont call decrypt function I just call detour to mines.. I will just get a encrypted packet.. which is pointless to me.. but If i call the decrypt function.. It just ends up going back where it suppose to go???

HACK is my dll functions
game is the game functions.

sponge · Posted: Sat Aug 16, 2008 2:45 am Post subject:

look into the call for any ways out. anyways i was saying its such a waste to do call XXX and then in XXX you jump to another location. instead just call XXX as XXX is your function.

rapion124 · Posted: Sat Aug 16, 2008 10:23 am Post subject:

When hooking, you can't use "call" because it screws up the stack. It's pretty complicated.

This is how it should go.

Normal code -> jmp HookedFunction -> *do stuff* -> Trampoline (execute overwritten bytes) -> jmp NormalCode + ReEntryOffset.

The problem is that in his Hook, he jumps back to the original function before executing his code. His re-entry position is also off. He should jump to the normal code after his hook.

pkedpker · Posted: Sat Aug 16, 2008 1:45 pm Post subject:

so i gotta replace all call's related to my problem to jmps.

also how do I get the offset for re-enty jmps work by adding offsets.. and my dll gets dynmatic offsets my dl functions cuz they loaded different locations everytime..

mayb first one has to be a call..... then inside that call of em are jmps? well ill keep trying

sponge · Posted: Sat Aug 16, 2008 3:06 pm Post subject:

If done properly it doesn't really matter, you CAN use call.

pkedpker · Posted: Sat Aug 16, 2008 3:39 pm Post subject:

I used 2 calls in my own hack because Naked function has no assembly

putting a printf in it or something..
would screw up its assembly..

thats why i do assembly work in a empty function then after its done I re-route it a 3rd time to my normal function.

Thats how i think i see it..

so its like this... layout..

before HOOK:
GAME->GAME decrypt->pop size,pop packet

now after HOOK

GAME->Naked Function->GAME decrypt->back to Naked function->Now Back to my Hack function->now back to GAME->pop size,pop packet

but! it doesnt do that, it does this..

GAME->Naked Function->GAME decrypt->back to Naked function (Doesn't go here, just goes to game and pops size and packet!)->back to GAME->pop size,pop packet

sponge · Posted: Sat Aug 16, 2008 3:42 pm Post subject:

I advise you to learn what CALL/RETN really does.