Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Using Auto Assemble to run a function?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
SadrienHatesU
Newbie cheater
Reputation: 0

Joined: 08 May 2017
Posts: 14
Location: I don't exist... Unfortunately

PostPosted: Fri Jan 05, 2018 8:16 pm    Post subject: Using Auto Assemble to run a function? Reply with quote

How do I run a function and then store what it should return using the auto assemble function of CE?

for example I need my AoB scan to find a specific function and run it then take the return which points to an array in order to write my pointers.

I have a AoB scan for the beginning of the function that I need to run, I just need to know how to run a function in an auto assemble script that I found by AoB and get the address that the function returns.

_________________
Um... Hello... Thanks for taking the time to read my pointless signature Smile
Back to top
View user's profile Send private message
FreeER
Grandmaster Cheater Supreme
Reputation: 53

Joined: 09 Aug 2013
Posts: 1091

PostPosted: Sat Jan 06, 2018 8:25 am    Post subject: Reply with quote

disclaimer: I just woke up...

Code:
[ENABLE]
// finds function you want to call
aobscan(functionname, unique aob to start of function)
// creates memory for your own function which calls the one you want
globalalloc(functionCaller, $1000) // allocs and registers, no dealloc
// your function to call the one you want
funtionCaller:
  // ... setup args (registers in x64, probably stack x86)
  sub RSP, 20 // x64 requires 0x20 shadowspace to save registers
  mov rax, functioname // can't call 8 byte addresses, if it's 32 bit can use "call functionname"
  call rax
  add RSP, 20
  // ... pop args if necessary x86 cdecl/thiscall etc.
  // result in RAX/EAX
  ret

// creates a thread and runs the function you want
createThread(functionCaller)
[DISABLE]


if the function you want to call doesn't take any arguments then you should be able to use createThread(functionname). Of course if you hook running code then you don't need createThread, you can call it in the hooked code, just be careful not to overwrite registers the code needs to keep (functions don't have to save all the registers see https://en.wikipedia.org/wiki/X86_calling_conventions).
Back to top
View user's profile Send private message
SadrienHatesU
Newbie cheater
Reputation: 0

Joined: 08 May 2017
Posts: 14
Location: I don't exist... Unfortunately

PostPosted: Sun Jan 07, 2018 6:59 am    Post subject: x86 vs 64 bit Reply with quote

so I don't have time to check it out a lot right now, but you are saying I would have to change your instructions in order to get it because it is in 64 bit memory so I can not call an 8 byte address or is it just that I can only call an 8 byte value from a register and not directly from the address on the stack?
_________________
Um... Hello... Thanks for taking the time to read my pointless signature Smile
Back to top
View user's profile Send private message
FreeER
Grandmaster Cheater Supreme
Reputation: 53

Joined: 09 Aug 2013
Posts: 1091

PostPosted: Sun Jan 07, 2018 9:30 am    Post subject: Reply with quote

Quote:
is it just that I can only call an 8 byte value from a register and not directly from the address
This. If you couldn't call a 8 byte address in x64 then it wouldn't have functions at all and that just wouldn't work Very Happy There are also ways to call an 8 byte address stored in memory, you can't however use a constant 8 byte address in the instruction eg. call 0x12345678DEADBEEF, but you can move 0x12345678DEADBEEF into a 64 bit register and then call that or call [RSP] when 0x12345678DEADBEEF is on top of the stack etc.
Back to top
View user's profile Send private message
SadrienHatesU
Newbie cheater
Reputation: 0

Joined: 08 May 2017
Posts: 14
Location: I don't exist... Unfortunately

PostPosted: Wed Jan 10, 2018 10:54 pm    Post subject: . Reply with quote

FreeER wrote:
disclaimer: I just woke up...

Code:
[ENABLE]
// finds function you want to call
aobscan(functionname, unique aob to start of function)
// creates memory for your own function which calls the one you want
globalalloc(functionCaller, $1000) // allocs and registers, no dealloc
// your function to call the one you want
funtionCaller:
  // ... setup args (registers in x64, probably stack x86)
  sub RSP, 20 // x64 requires 0x20 shadowspace to save registers
  mov rax, functioname // can't call 8 byte addresses, if it's 32 bit can use "call functionname"
  call rax
  add RSP, 20
  // ... pop args if necessary x86 cdecl/thiscall etc.
  // result in RAX/EAX
  ret

// creates a thread and runs the function you want
createThread(functionCaller)
[DISABLE]


if the function you want to call doesn't take any arguments then you should be able to use createThread(functionname). Of course if you hook running code then you don't need createThread, you can call it in the hooked code, just be careful not to overwrite registers the code needs to keep (functions don't have to save all the registers see).


When I do as you listed it simply does nothing. Like the script executes and I believe it returns to nowhere? Does anyone know the syntax off the top of their head for my to define a symbol with the returned value from the thread or can they explain to me what the problem with this persons code is?

_________________
Um... Hello... Thanks for taking the time to read my pointless signature Smile


Last edited by SadrienHatesU on Wed Jan 10, 2018 11:23 pm; edited 1 time in total
Back to top
View user's profile Send private message
Thiago
Newbie cheater
Reputation: 0

Joined: 30 Jan 2017
Posts: 18

PostPosted: Wed Jan 10, 2018 11:11 pm    Post subject: Re: . Reply with quote

SadrienHatesU wrote:
FreeER wrote:
disclaimer: I just woke up...

Code:
[ENABLE]
// finds function you want to call
aobscan(functionname, unique aob to start of function)
// creates memory for your own function which calls the one you want
globalalloc(functionCaller, $1000) // allocs and registers, no dealloc
// your function to call the one you want
funtionCaller:
  // ... setup args (registers in x64, probably stack x86)
  sub RSP, 20 // x64 requires 0x20 shadowspace to save registers
  mov rax, functioname // can't call 8 byte addresses, if it's 32 bit can use "call functionname"
  call rax
  add RSP, 20
  // ... pop args if necessary x86 cdecl/thiscall etc.
  // result in RAX/EAX
  ret

// creates a thread and runs the function you want
createThread(functionCaller)
[DISABLE]


if the function you want to call doesn't take any arguments then you should be able to use createThread(functionname). Of course if you hook running code then you don't need createThread, you can call it in the hooked code, just be careful not to overwrite registers the code needs to keep (functions don't have to save all the registers see).


When I do as you listed it simply does nothing. Like the script executes and I believe it returns to nowhere? Does anyone know the syntax off the top of their head for my to define a symbol with the returned value from the thread?


It returns to RAX or EAX if you're in a 32 bit program.
If you store the RAX value in a new memory location and add that address in C.E, you'll see if it points to your array.

_________________
I'm newbie ...
Back to top
View user's profile Send private message
SadrienHatesU
Newbie cheater
Reputation: 0

Joined: 08 May 2017
Posts: 14
Location: I don't exist... Unfortunately

PostPosted: Wed Jan 10, 2018 11:25 pm    Post subject: Re: . Reply with quote

Thiago wrote:
SadrienHatesU wrote:
FreeER wrote:
disclaimer: I just woke up...

Code:
[ENABLE]
// finds function you want to call
aobscan(functionname, unique aob to start of function)
// creates memory for your own function which calls the one you want
globalalloc(functionCaller, $1000) // allocs and registers, no dealloc
// your function to call the one you want
funtionCaller:
  // ... setup args (registers in x64, probably stack x86)
  sub RSP, 20 // x64 requires 0x20 shadowspace to save registers
  mov rax, functioname // can't call 8 byte addresses, if it's 32 bit can use "call functionname"
  call rax
  add RSP, 20
  // ... pop args if necessary x86 cdecl/thiscall etc.
  // result in RAX/EAX
  ret

// creates a thread and runs the function you want
createThread(functionCaller)
[DISABLE]


if the function you want to call doesn't take any arguments then you should be able to use createThread(functionname). Of course if you hook running code then you don't need createThread, you can call it in the hooked code, just be careful not to overwrite registers the code needs to keep (functions don't have to save all the registers see).


When I do as you listed it simply does nothing. Like the script executes and I believe it returns to nowhere? Does anyone know the syntax off the top of their head for my to define a symbol with the returned value from the thread?


It returns to RAX or EAX if you're in a 32 bit program.
If you store the RAX value in a new memory location and add that address in C.E, you'll see if it points to your array.


its not 32 bit. where would it return?

_________________
Um... Hello... Thanks for taking the time to read my pointless signature Smile
Back to top
View user's profile Send private message
Thiago
Newbie cheater
Reputation: 0

Joined: 30 Jan 2017
Posts: 18

PostPosted: Wed Jan 10, 2018 11:49 pm    Post subject: Re: . Reply with quote

SadrienHatesU wrote:
Thiago wrote:
SadrienHatesU wrote:
FreeER wrote:
disclaimer: I just woke up...

Code:
[ENABLE]
// finds function you want to call
aobscan(functionname, unique aob to start of function)
// creates memory for your own function which calls the one you want
globalalloc(functionCaller, $1000) // allocs and registers, no dealloc
// your function to call the one you want
funtionCaller:
  // ... setup args (registers in x64, probably stack x86)
  sub RSP, 20 // x64 requires 0x20 shadowspace to save registers
  mov rax, functioname // can't call 8 byte addresses, if it's 32 bit can use "call functionname"
  call rax
  add RSP, 20
  // ... pop args if necessary x86 cdecl/thiscall etc.
  // result in RAX/EAX
  ret

// creates a thread and runs the function you want
createThread(functionCaller)
[DISABLE]


if the function you want to call doesn't take any arguments then you should be able to use createThread(functionname). Of course if you hook running code then you don't need createThread, you can call it in the hooked code, just be careful not to overwrite registers the code needs to keep (functions don't have to save all the registers see).


When I do as you listed it simply does nothing. Like the script executes and I believe it returns to nowhere? Does anyone know the syntax off the top of their head for my to define a symbol with the returned value from the thread?


It returns to RAX or EAX if you're in a 32 bit program.
If you store the RAX value in a new memory location and add that address in C.E, you'll see if it points to your array.


its not 32 bit. where would it return?


My bad, I wrote it in a confusing way.

Your function will return the value in the RAX register.
You could also be trying to call a void function and expecting a return value.

_________________
I'm newbie ...
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites