| View previous topic :: View next topic |
| Author |
Message |
Apache81
Advanced Cheater
![]() Reputation: 5
Joined: 19 Jun 2009
Posts: 69
Location: Somewhere in space !!!
|
 Posted: Tue Jun 09, 2020 5:18 pm Post subject: Injecting new functions in Mono |
 |
|
Hello people !! 
I'm trying to hack a game made with Unity... I have to say that the Dissect Mono feature is freaking awesome !!
Although, I'm definitely doing something wrong and I cannot figure out what I'm doing wrong.
Basically, the instruction of the function I want to change is registered to
| Code: | | GameManager:Damage+12 |
corresponding to HEX which is | Code: | | mov [r14+00000148],eax |
This thing is basically storing the new calculated value of the health in the current health variable.
What I wanted to achieve is basically put the max health (which is r14+00000148+4) in the current health. Easy !! But I also want to store a pointer to the current health address.
To achive this I wrote:
| Code: | {$STRICT}
define(bytes,41 89 86 48010000)
[ENABLE]
alloc(newmem,$1000)
label(return)
globalalloc(hpPointer,4)
hpPointer:
dd #0
{$lua}
if syntaxcheck then return end
if LaunchMonoDataCollector() ~= 0 then
local mId = mono_findMethod('Assembly-CSharp', 'GameManager', 'Damage')
--local mId = mono_findMethod('', 'PlayerStatsManager', 'TakeDamage') ---- This also works
mono_compile_method(mId)
end
{$asm}
assert(GameManager:Damage+120, bytes)
newmem:
// conservo il puntatore
mov [hpPointer],r14
// conservo max HP in EAX
mov eax,[r14+00000148+4]
mov [r14+00000148],eax
jmp return
GameManager:Damage+120:
jmp newmem
nop 2
return:
[DISABLE]
GameManager:Damage+120:
db bytes //mov [r14+00000148],eax
dealloc(newmem)
dealloc(hpPointer) |
which works amazingly and it does exactly what I wanted
The problem happens when I disable the script: in fact, the code from becomes that translates in | Code: | | mov [r14-6F991600],eax |
which is definitely not right.
Could you please point me out to what I'm doing wrong?
Thank you very much
_________________
If I helped you a +1 to my reputation has no costs !!! 
In case you didn't know, the reputation button is the thumb-up image near my username 
Thanks |
|
| Back to top |
|
 |
panraven
Grandmaster Cheater
![]() Reputation: 62
Joined: 01 Oct 2008
Posts: 961
|
| Posted: Tue Jun 09, 2020 6:37 pm Post subject: |
|
|
Try change 1st line to
| Code: |
define(bytes,41 89 86 48 01 00 00)
|
because on [DISABLE]
db 41 89 86 48010000 //(<- bytes)
db see 48010000 as 1 byte only which is 00 (little endian 1st byte of 48010000).
_________________
- Retarded. |
|
| Back to top |
|
|
ParkourPenguin
I post too much
 Reputation: 154
Joined: 06 Jul 2014
Posts: 4753
|
| Posted: Tue Jun 09, 2020 7:06 pm Post subject: |
|
|
- bytes should be formatted with spaces between them (i.e. 41 89 86 48 01 00 00)
- newmem & hpPointer allocs aren't guaranteed to be allocated anywhere near the injection point: the size of jmp newmem is indeterminate (add third argument "GameManager:Damage+120" to both)
- hpPointer should be 8 bytes and should be initialized with "dq 0"
- globalalloc memory can't be deallocated. Either make it a normal alloc and register the symbol (i.e. "registersymbol(hpPointer)") or remove the dealloc
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
Apache81
Advanced Cheater
![]() Reputation: 5
Joined: 19 Jun 2009
Posts: 69
Location: Somewhere in space !!!
|
| Posted: Wed Jun 10, 2020 1:38 am Post subject: |
|
|
| panraven wrote: | Try change 1st line to
| Code: |
define(bytes,41 89 86 48 01 00 00)
|
because on [DISABLE]
db 41 89 86 48010000 //(<- bytes)
db see 48010000 as 1 byte only which is 00 (little endian 1st byte of 48010000). |
many many thanks for your suggestion: that perfectly explains what was happening !! thanks again
| ParkourPenguin wrote: | - bytes should be formatted with spaces between them (i.e. 41 89 86 48 01 00 00)
- newmem & hpPointer allocs aren't guaranteed to be allocated anywhere near the injection point: the size of jmp newmem is indeterminate (add third argument "GameManager:Damage+120" to both)
- hpPointer should be 8 bytes and should be initialized with "dq 0"
- globalalloc memory can't be deallocated. Either make it a normal alloc and register the symbol (i.e. "registersymbol(hpPointer)") or remove the dealloc
|
WOW, thank you very much for all your hints !!!
The globalalloc is because I want to use the pointer in the table to create an entry under the cheats that show the current HP and the max HP values as separate entry (just, why not? ).
I will try if I'm mistaken but I think that using the simple alloc will not allow me to expose the variable in the table.
Thanks again !!! I should study a little bit more indeep the usage of scripting in order to make better programs !!!
_________________
If I helped you a +1 to my reputation has no costs !!!
In case you didn't know, the reputation button is the thumb-up image near my username
Thanks |
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 154
Joined: 06 Jul 2014
Posts: 4753
|
| Posted: Wed Jun 10, 2020 10:48 am Post subject: |
|
|
| Apache81 wrote: | | I will try if I'm mistaken but I think that using the simple alloc will not allow me to expose the variable in the table. |
That's what registersymbol is for.
| Code: | [ENABLE]
alloc(hpPointer,8)
registersymbol(hpPointer)
...
[DISABLE]
...
unregistersymbol(hpPointer)
dealloc(hpPointer) |
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
Apache81
Advanced Cheater
![]() Reputation: 5
Joined: 19 Jun 2009
Posts: 69
Location: Somewhere in space !!!
|
| Posted: Wed Jun 10, 2020 11:34 am Post subject: |
|
|
oh, I see.
Thank you very much again
_________________
If I helped you a +1 to my reputation has no costs !!!
In case you didn't know, the reputation button is the thumb-up image near my username
Thanks |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
