View previous topic :: View next topic |
Author |
Message |
Frouk Master Cheater Reputation: 5
Joined: 22 Jun 2021 Posts: 489 Location: mov dword ptr [Ukraine]
|
Posted: Sat Feb 24, 2024 1:43 pm Post subject: executeCodeEx can't return float value |
|
|
So I was writing a simple code to get the ground level which returns float, the main thing that executeCodeEx returns the value that was in eax register, which may or may not be a return value for float or double types, usually functions that return float use fld instruction, fstp instruction gets the actual value that is stored in there _________________
void(__cdecl *Haxing)(HWND hGameWindow) |
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25300 Location: The netherlands
|
Posted: Sat Feb 24, 2024 3:40 pm Post subject: |
|
|
Write a stub that converts the float into EAX/RAX and use executeCodeEx on that stub function _________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
Frouk Master Cheater Reputation: 5
Joined: 22 Jun 2021 Posts: 489 Location: mov dword ptr [Ukraine]
|
Posted: Mon Feb 26, 2024 1:37 pm Post subject: |
|
|
what do I need to create a stub function? _________________
void(__cdecl *Haxing)(HWND hGameWindow) |
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4307
|
Posted: Mon Feb 26, 2024 2:24 pm Post subject: |
|
|
Allocate some memory and write some assembly that calls the function in that memory. After the function returns, use `movd eax,xmm0` to return the float in eax.
Follow correct calling conventions when calling the function. For 64-bit code, the stack must be aligned to 16 bytes and there must be at least 32 bytes of free space on the stack for the callee to use. executeCodeEx should deal with the parameters, as long as you don't mess with those registers.
For 32-bit code, figure out the calling convention yourself. Probably cdecl or stdcall, maybe something weirder. Depending on the calling convention, you might have to modify executeCodeEx too- that's now calling your stub and not the game's function. _________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
Frouk Master Cheater Reputation: 5
Joined: 22 Jun 2021 Posts: 489 Location: mov dword ptr [Ukraine]
|
Posted: Mon Feb 26, 2024 2:34 pm Post subject: |
|
|
ParkourPenguin wrote: | Allocate some memory and write some assembly that calls the function in that memory. After the function returns, use `movd eax,xmm0` to return the float in eax.
Follow correct calling conventions when calling the function. For 64-bit code, the stack must be aligned to 16 bytes and there must be at least 32 bytes of free space on the stack for the callee to use. executeCodeEx should deal with the parameters, as long as you don't mess with those registers.
For 32-bit code, figure out the calling convention yourself. Probably cdecl or stdcall, maybe something weirder. Depending on the calling convention, you might have to modify executeCodeEx too- that's now calling your stub and not the game's function. |
its __cdecl convention, and I made the stub, not sure about `movd eax, xmm0`, since it stores the result in FPU stack
Code: |
mov eax, [esp+4]
mov ecx, [esp+8]
push ecx
push eax
call 0x569660
fstp dword ptr [eax]
add esp, 08
ret 8
|
crashes the target, and there's might be some mistakes(i've tried other combinations to store the FPU value into the eax register, but all they seem to crash) _________________
void(__cdecl *Haxing)(HWND hGameWindow) |
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4307
|
Posted: Mon Feb 26, 2024 3:23 pm Post subject: |
|
|
Frouk wrote: | Code: | fstp dword ptr [eax] |
| This stores the float to the memory address pointed to by eax. Store it to the stack and move it from the stack to eax.
Code: | call ...
fstp dword ptr[esp]
mov eax,[esp]
add esp,8
... |
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
Frouk Master Cheater Reputation: 5
Joined: 22 Jun 2021 Posts: 489 Location: mov dword ptr [Ukraine]
|
Posted: Tue Feb 27, 2024 12:23 pm Post subject: |
|
|
doesn't crash, but it makes target laggy
EDIT:
function result is returned as int, needs only conversion _________________
void(__cdecl *Haxing)(HWND hGameWindow) |
|
Back to top |
|
|
|