Boonqueesha
How do I cheat?
![]() Reputation: 0
Joined: 30 Jun 2012
Posts: 2
|
 Posted: Sat Jun 30, 2012 4:46 pm Post subject: [HELP][Solved] ASM Function Hooking |
 |
|
I am trying to hack Grand Theft Auto: San Andreas offline to gain some learning experience. I'm in no way interested in attempting to hack online. I am trying to write a code such that when I get shot by AI, it automatically kills them. I have all the pointers I need.
| Code: | Player Pointer: 0x00B6F3B8
Pointer to AI that shot me is at offset 0x764 |
I have a function that is called constantly (thousands of times a minute) that I want to detour to check if I've been recently hit by AI.
| Code: |
0060DA14 - mov eax,[edx+esi+000005AC]
Replaced with:
jmp 00400500
|
And the sub-routine that I've written is as follows:
| Code: |
push edx
mov edx, [00B6F3B8] //Player pointer
mov edx, [edx+764] //Pointer to AI that shot me
test edx,edx //Check if edx is zero
je address_after_next_instruction
mov [edx+540], 0 //Edx+540 = AI Health
pop edx
jmp 0060DA19 //Jump back to the function I hooked from
|
Am I coding this correct? It disrupts my weapons (which I definitely don't want it to do) and didn't work at all when I was hit by the AI. I know the concept itself works perfectly, so the problem lies somewhere in my coding.
Thanks for any help you guys can give!
Edit:
I've got it. I found out why my weapons were being disrupted and got everything to work properly. It worked for a while before crashing, but now I'm positive I'll be able to get it up and running as I want it to. Thanks anyway, guys. Here is the code if anyone is interested:
| Code: |
00400500 - 55 - push ebp
00400501 - 52 - push edx
00400502 - 8B 15 B8F3B600 - mov edx,[00B6F3B8] : [0A91A920]
00400508 - 8B 92 64070000 - mov edx,[edx+00000764]
0040050E - 85 D2 - test edx,edx
00400510 - 74 0A - je 0040051C
00400512 - C7 82 40050000 00000000 - mov [edx+00000540],00000000
0040051C - 5A - pop edx
0040051D - 5D - pop ebp
0040051E - 8B 84 32 AC050000 - mov eax,[edx+esi+000005AC]
00400525 - E9 F1D42000 - jmp 0060DA1B
|
This seems to be working much better. It now checks to make sure it isn't the player's pointer before killing the target. 
| Code: |
0060D9C8 - E9 332BDFFF - jmp 00400500
00400500 - 55 - push ebp
00400501 - 52 - push edx
00400502 - 51 - push ecx
00400503 - 8B 15 B8F3B600 - mov edx,[00B6F3B8] : [0A90A920]
00400509 - 8B 8A 64070000 - mov ecx,[edx+00000764]
0040050F - 85 C9 - test ecx,ecx
00400511 - 74 0E - je 00400521
00400513 - 39 D1 - cmp ecx,edx
00400515 - 74 0A - je 00400521
00400517 - C7 81 40050000 00000000 - mov [ecx+00000540],00000000
00400521 - 59 - pop ecx
00400522 - 5A - pop edx
00400523 - 5D - pop ebp
00400524 - 8B 84 32 A0050000 - mov eax,[edx+esi+000005A0]
0040052B - E9 9FD42000 - jmp 0060D9CF
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
