| View previous topic :: View next topic |
| Author |
Message |
niucha9
Newbie cheater
![]() Reputation: 0
Joined: 12 Jun 2022
Posts: 15
|
 Posted: Sun Jun 12, 2022 8:51 pm Post subject: i cant call the game function successfully everytime |
 |
|
here is the code of the chat function
| Code: |
mov ecx,[011CDDB0]
mov eax,[ecx]
push 00000087
push esi
push 000003FC
call dword ptr [eax]
|
and here is my script
| Code: |
[ENABLE]
alloc(m,100)
createThread(m)
m:
push 00000087
push 018c0000// the address of the chat content
push 000003FC
mov ecx,[011CDDB0]
mov eax,[ecx]
call dword ptr [eax]
retn
[DISABLE]
dealloc(m)
|
if i chat on the game first,and keep pressing the space key to toggle the activation of the script,it might work(just has the probability).
if i just activate the script,no matter how long i press the space key,it doesnt work!!!
it happens to the other function of this game such as using items of my bag.
i have to use the item first,and then activate the script. but it also just has the chance to success
Is there anybody who can help me?o(╥﹏╥)oo(╥﹏╥)oo(╥﹏╥)o
| Description: |
|
| Filesize: |
65.42 KB |
| Viewed: |
4328 Time(s) |
|
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 468
Joined: 09 May 2003
Posts: 25715
Location: The netherlands
|
| Posted: Mon Jun 13, 2022 1:17 am Post subject: |
|
|
perhaps the previous call is a function that prepares the chat system to receive content
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
niucha9
Newbie cheater
![]() Reputation: 0
Joined: 12 Jun 2022
Posts: 15
|
| Posted: Mon Jun 13, 2022 1:45 am Post subject: |
|
|
| Dark Byte wrote: | | perhaps the previous call is a function that prepares the chat system to receive content |
not really, i can chat by calling this function(i can receive the content i send).
the problem is i must to chat on the game first,and then activate the script.
i dont know how to fix that
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
 Reputation: 150
Joined: 06 Jul 2014
Posts: 4657
|
| Posted: Mon Jun 13, 2022 10:57 am Post subject: |
|
|
The biggest problem I see is that ecx gets conditionally set from [011CDDB0]. You're being presumptuous by using this branch path without considering the other one. Even then, I agree with Dark Byte: that previous call probably has relevant side effects (I/O, mutable global state, etc.).
What happens in the other branch path? Where does ecx come from then?
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
TsTg
Master Cheater
 Reputation: 5
Joined: 12 Dec 2012
Posts: 340
Location: Somewhere....
|
| Posted: Mon Jun 13, 2022 9:16 pm Post subject: |
 |
|
ecx is taking its value from [011CDDB0] but, are you sure whatever inside that pointer never gets edited somewhere else tho (so it would point to another function than the chat, etc)?, you can try directly calling the chat function's address, instead of using dword [eax] since you know where that function already is, no need to de-refrence it from a pointer by then
as for the previous call, why is it checking the first byte inside the chat content pointer tho ?, this could be something you need to call on your pointer as well.
or unless this area of code is not being executed at all (when you activate the script without chatting in game previously), this means there is some flag that must be set to allow/start chat, and you have to find that first.
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Tue Jun 14, 2022 1:38 am Post subject: |
|
|
| TsTg wrote: | | or unless this area of code is not being executed at all (when you activate the script without chatting in game previously), this means there is some flag that must be set to allow/start chat, and you have to find that first. |
-This is where I would look first, based on what you have described.
|
|
| Back to top |
|
|
niucha9
Newbie cheater
![]() Reputation: 0
Joined: 12 Jun 2022
Posts: 15
|
| Posted: Tue Jun 14, 2022 10:12 pm Post subject: |
|
|
hi guys,thanks for your replys !!
| TsTg wrote: | ecx is taking its value from [011CDDB0] but, are you sure
whatever inside that pointer never gets edited somewhere else tho (so it would point to another function than the chat, etc)?, you can try directly calling the chat function's address, instead of using dword [eax] since you know where that function already is, no need to de-refrence it from a pointer by then |
i check the value from 011CDDB0,it never changes.
| TsTg wrote: | | as for the previous call, why is it checking the first byte inside the chat content pointer tho ?, this could be something you need to call on your pointer as well. |
the first byte of the chat content pointer is the chat channel(01 means you are talking to someone privately)
| TsTg wrote: | | or unless this area of code is not being executed at all (when you activate the script without chatting in game previously), this means there is some flag that must be set to allow/start chat, and you have to find that first. |
i think this is what i am looking for! where could i find the other code that effect this chat function,i check the context of the call,nothing useful._(:з」∠)_
| Description: |
| i try activate this call,but it also need to chat in the game first |
|
| Filesize: |
100.26 KB |
| Viewed: |
4170 Time(s) |
|
| Description: |
|
| Filesize: |
113.64 KB |
| Viewed: |
4170 Time(s) |
|
|
|
| Back to top |
|
|
TsTg
Master Cheater
Reputation: 5
Joined: 12 Dec 2012
Posts: 340
Location: Somewhere....
|
| Posted: Wed Jun 15, 2022 3:20 am Post subject: |
|
|
keep going back, look at the stack address/parameters as well
from your first picture, there is possibly a condtional jump to 0061A00C somewhere up, you can also use CE's 'dissect code' function in the 'tools' menu, this will get the refrences to that address (ie who calls/jumps to there)
|
|
| Back to top |
|
|
niucha9
Newbie cheater
![]() Reputation: 0
Joined: 12 Jun 2022
Posts: 15
|
|
| Back to top |
|
|
TsTg
Master Cheater
Reputation: 5
Joined: 12 Dec 2012
Posts: 340
Location: Somewhere....
|
| Posted: Wed Jun 15, 2022 4:49 pm Post subject: |
|
|
| niucha9 wrote: |
so it seems like the problem is the createThread method not working everytime! |
that is because you are doing it wrong, never create a thread on something that has not been created/written yet
| Code: |
[ENABLE]
alloc(m,$1000)
m:
mov dword [game.exe+123456],0x33323200 //your address and value goes there
retn
//now to put createthread right here
createthread(m)
[DISABLE]
dealloc(m) |
|
|
| Back to top |
|
|
niucha9
Newbie cheater
![]() Reputation: 0
Joined: 12 Jun 2022
Posts: 15
|
| Posted: Wed Jun 15, 2022 7:54 pm Post subject: |
|
|
| TsTg wrote: | | niucha9 wrote: |
so it seems like the problem is the createThread method not working everytime! |
that is because you are doing it wrong, never create a thread on something that has not been created/written yet
| Code: |
[ENABLE]
alloc(m,$1000)
m:
mov dword [game.exe+123456],0x33323200 //your address and value goes there
retn
//now to put createthread right here
createthread(m)
[DISABLE]
dealloc(m) |
|
i tried,but it still the same..still very hard to make the createThread working.
it seems like it didnt create a thread at all sometime. 
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Thu Jun 16, 2022 1:50 am Post subject: |
|
|
| You could try a dirty workaround by hooking a function that constantly gets executed and make the call there. Then, just set up a trigger for the call.
|
|
| Back to top |
|
|
niucha9
Newbie cheater
![]() Reputation: 0
Joined: 12 Jun 2022
Posts: 15
|
| Posted: Thu Jun 16, 2022 2:42 am Post subject: |
|
|
| ++METHOS wrote: | | You could try a dirty workaround by hooking a function that constantly gets executed and make the call there. Then, just set up a trigger for the call. |
thanks for the advice! i will give it a try!
but i still wanna figure out why the createThread method doesn't work
so if someone has some ideas ,please help me,thanks!!
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
