View previous topic :: View next topic |
Author |
Message |
Solace How do I cheat? Reputation: 0
Joined: 10 Jun 2018 Posts: 2
|
Posted: Sun Jun 10, 2018 3:11 am Post subject: Trying to call the about window of Notepad (AA, Ultimap) |
|
|
I am trying to follow through this video (YouTube):
watch?v=T5sXoEEPFBQ
I get to the point as seen in the attached images. The pinball screenshot is from the video above, and the Windows notepad screenshot is my attempt.
None of the instructions look like in the video, I can not find any pushes. I have tried mimicking some of the code but it just ends up crashing Notepad.
Would it be possible for somebody to help me figure out what code I need to put in auto assembler that I can then allocate and call via a thread, to make the about window come up?
Description: |
Windows Pinball about window calling code. |
|
Filesize: |
1.05 MB |
Viewed: |
3398 Time(s) |
|
Description: |
Windows Notepad about window calling code. |
|
Filesize: |
108.17 KB |
Viewed: |
3400 Time(s) |
|
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25296 Location: The netherlands
|
Posted: Sun Jun 10, 2018 5:49 am Post subject: |
|
|
before you can use ultimap go to settings-debug settings and check if there is a button right of kernelmode.
if it says "make possible" click it, say yes, and reboot
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
Solace How do I cheat? Reputation: 0
Joined: 10 Jun 2018 Posts: 2
|
Posted: Sun Jun 10, 2018 6:33 am Post subject: |
|
|
Dark Byte wrote: | before you can use ultimap go to settings-debug settings and check if there is a button right of kernelmode.
if it says "make possible" click it, say yes, and reboot |
I can use it just fine. I just am not able to figure out what I need to write in the auto assembler to successfully call the Windows Notepad about window.
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25296 Location: The netherlands
|
Posted: Tue Jun 12, 2018 6:19 am Post subject: |
|
|
look into windows 64-bit api calling
rcx is param1
rdx is param2
r8 is param3
r9 is param4
and the rest is on the stack
also add to that that you must always reserve 4 parameters on the stack (even if less parameters)
and the stack needs to be aligned on a 16 byte boundary at the time of calling the function
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
Solace How do I cheat? Reputation: 0
Joined: 10 Jun 2018 Posts: 2
|
Posted: Tue Jun 12, 2018 6:36 am Post subject: |
|
|
I am a beginner so I apologise for any newbie things.
This is what I filled in the auto assembler:
Code: | 7FF6876031A1:
mov rdx,[7FF687622450]
lea r8,[7FF68761B380]
mov rcx,[7FF687623698]
mov r9,0
call qword ptr [7FF68761AA18]
retn |
Then tried to create a thread to 7FF6876031A1, but Notepad just crashes.
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25296 Location: The netherlands
|
Posted: Tue Jun 12, 2018 8:14 am Post subject: |
|
|
the code running by createthread is a new function called, so it's stack is unaligned at start (a call decreases rsp by 8, but the code needs it to be at 0x10)
so first decrease the rsp by 8 by pushing anything, or
then, you also need to allocate space for the first 4 parameters on the stack
you can do
Code: |
push r9
push r8
push rdx
push rcx
|
or just
as the first 4 parameters in the stack are duplicated in the register state anyhow
(you can also immediately do sub rsp,28)
only then you can call the function and when it returns restore rsp to the original value (the called function does not do that for you)
Code: |
add rsp,20 //undo the phantom parameter pushes
add rsp,8 //undo the alignment fix
ret
|
(you can of course just do add rsp,28)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
|