Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Calling a function from a dll with parameters

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
xaru
How do I cheat?
Reputation: 0

Joined: 07 Sep 2015
Posts: 2

PostPosted: Mon Sep 07, 2015 12:31 am    Post subject: Calling a function from a dll with parameters Reply with quote

Hello together,

I want to dump my current in game money value in XRebirth. My approach is to hook the write access to the money and add a call to my debug dll function.

The function in the dll looks like this:
Code:

__declspec(dllexport) void __stdcall fnTestDll(int money)
{
    FILE* file;
    fopen_s(&file, "C:\\Users\\xaru\\Desktop\\temp\\temp_rebirth.txt", "w+");
    fprintf(file, "%u", money);
    fclose(file);
    return;
}


The auto assemble script to call the dll function looks like this:
Code:

[ENABLE]
alloc(newmem,2048,XRebirth.xmlInitializeDict+A8093)
label(returnhere)
label(originalcode)
label(exit)

newmem:
mov [rdi+00000108],rbx // rbx contains my money
push eax
push 3737 // just a test value, it should be printed to the file - it is not.
call XRebirthWriteToFile.fnTestDll
pop eax // gives 3737, i am pretty sure that this is related to the problem

originalcode:


exit:
jmp returnhere

XRebirth.xmlInitializeDict+A8093:
jmp newmem
nop
nop
returnhere:

[DISABLE]
XRebirth.xmlInitializeDict+A8093:
mov [rdi+00000108],rbx



My observation: The game crashes. The file contains e.g. 2880518128 after this, while it should be 3737.
Have a look at the attachments: They are before and after the injected auto assemble operations. Notice that the register values seem to be completely changed after the JMP. Is this the root of the problem?

I am not completely on the wrong track!
If i remove the parameter in the dll (and write a hardcoded value to the file) and remove the push operations from the auto assemble script it works fine and does not crash:

Code:

[...]
newmem:
mov [rdi+00000108],rbx // rbx contains my money
call XRebirthWriteToFile.fnTestDll

originalcode:
[...]



Which leads me to my guess: I do not call the function correctly.
I would be happy about any advice.



3.JPG
 Description:
 Filesize:  311.85 KB
 Viewed:  7358 Time(s)

3.JPG



1.JPG
 Description:
 Filesize:  307.56 KB
 Viewed:  7358 Time(s)

1.JPG


Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Mon Sep 07, 2015 3:29 am    Post subject: Reply with quote

64 bit calling convention: https://msdn.microsoft.com/en-us/library/ms235286.aspx

the first parameter is rcx (so mov rcx,rbx )

the painful part comes with the stack : https://msdn.microsoft.com/en-us/library/ew5tede7.aspx

in short: allocate space for 4 parameters (32 bytes) and align it (keep in mind that call will misalign it, so 40 bytes in total)

sub rsp,28

but, depending on where you hook the stack may or may not be alligned at that spot. (e.g. right after a push) in which case it'd be sub rsp,20
so check the code and/or register state of rsp when that function is called (your screenshot shows it's alligned, so 28 )

don't forget to restore rsp after the call ( add rsp,28)


also, sometimes you'll have to save registers before calling a function and later restore them(push/pop, or manually using rsp). This can cause the stack to become misalligned, so keep track of the rsp value (before the call it has to end with 8)
in your case this isn't needed as you're hooking the end of the function


edit: in this case you may even discard the stack stuff, as the position of the function you're in already has setup the stack for function calling

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
xaru
How do I cheat?
Reputation: 0

Joined: 07 Sep 2015
Posts: 2

PostPosted: Mon Sep 07, 2015 2:15 pm    Post subject: Reply with quote

Hello Dark Byte,

thanks a lot!
I just had to mov rcx,rbx - the other registers do not seem to be relevant in this case.

I have learned a lot from this example. I never did x86-64 ASM before.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites