Zoupi
How do I cheat?
![]() Reputation: 0
Joined: 23 Dec 2024
Posts: 1
|
 Posted: Mon Dec 23, 2024 6:48 pm Post subject: Calling a function using AA/Create Thread |
 |
|
Hey. I have been stuck in with matter for a couple of days now and I am resulting to the forums to seek for any advice concerning trying to call a function in a game. I have tried making sure the registers are exactly the same and the stack has the arguments pushed onto it.
I've set a break point on the function that I am trying to call and luckily found that the registers and stack look very similar to each others every time I call the function in the game. Because of that, I've tried pushing values onto the stack, and moving the same values onto the registers to not mess with the flow of code as much as I can, but even when I copy all the registers, copy the stack, the game still crashes once a thread is created.
I have attached a picture of the stack and the registers. There are 3 values pushed to the stack before the call.
This is the the insides of call Client.exe+4BA830:
| Code: |
mov [rsp+08],rbx
push rdi
sub rsp,30
mov rdi,rdx
mov [rsp+28],00000000
mov edx,00000006
mov [rsp+20],00000000
xor r9d,r9d
xor r8d,r8d
mov rbx,rcx
call Client.exe+4BB6C0
mov rax,[rbx+000003C8]
test byte ptr [rax+0C],08
je Client.exe+4BA877
movss xmm2,[Client.exe+8FE400]
jmp Client.exe+4BA87F
movss xmm2,[Client.exe+8EDD40]
mov edx,[rdi+00000340]
mov r9d,00000001
mov [rsp+28],00000001
mov rcx,rbx
mov [rsp+20],00000000
call Client.exe+4BB6F0
mov rbx,[rsp+40]
add rsp,30
pop rdi
ret
|
I have tried moving literally every single register and pushed the 3 values into the stack, but to no avail.
What I am doing wrong? Am I've tried reading about the stack and I am questioning myself if I should need to push all the values between the rsp and the rbp in the stack or if the 3 values that I am currently pushing are enough.
| Description: |
| Image of break point on call |
|
| Filesize: |
105.37 KB |
| Viewed: |
1602 Time(s) |
![NsoJylD[1].png](files/nsojyld_1__125.png)
|
|
|
ParkourPenguin
I post too much
 Reputation: 152
Joined: 06 Jul 2014
Posts: 4696
|
| Posted: Mon Dec 23, 2024 10:34 pm Post subject: |
|
|
| Zoupi wrote: | | I have tried moving literally every single register |
RSP and RBP shouldn't be included in that.
What about the xmm registers? It's weird how it modifies xmm2 but not xmm0 or xmm1 before `call Client.exe+4BB6F0` when that's suppose to be a volatile register. Maybe they're set by `call Client.exe+4BB6C0`.
You might be calling the function incorrectly. Post your AA script.
Worst case, there could be some global or thread-local state the call is accessing. e.g. the call does something only the main thread is allowed to do.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
