 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
DepressedCE
How do I cheat?
![]() Reputation: 0
Joined: 10 Jun 2020
Posts: 3
|
 Posted: Sun Nov 15, 2020 2:14 pm Post subject: Converting CT to C++, calling a function in Dark Souls 3 |
 |
|
Hello,
I'm trying to create a little c++ that would replicate something in the DS3 Cheat engine table.
I have code that allows me to grab the process id and the modules (similar to what is done in the DS3 table) but what I'm confused about is how the program would invoke a function in the DS3 program.
I have the process id and modules address etc, I can use things to write to memory but it seems I can't find a tutorial I understand that kinda explains a way to invoke the function that is being invoked by Cheat Engine.
Here is the ASM of the cheat:
| Code: |
alloc(ItemGib,$94,DarkSoulsIII.exe)
registersymbol(ItemGib)
define(ItemGibData,ItemGib+81)
registerSymbol(ItemGibData)
ItemGibData:
dd 1
dd 400001F4
dd FFFFFFFF
dd 0
dd 0
ItemGib:
sub rsp,48
lea r8d,[rsp+20]
lea rdx,[rsp+30]
mov eax,[ItemGibData]
mov ebx,[ItemGibData+04]
mov esi,[ItemGibData+08]
cmp ebx,00062C78
jle ItemGib+4B
cmp ebx,40000000
jge ItemGib+4B
xor eax,eax
inc eax
cmp ebx,10000000
jge ItemGib+4B
add ebx,[ItemGibData+0C]
add ebx,[ItemGibData+10]
mov [rdx],01
mov [rdx+0C],esi
mov [r8+14],ebx
mov [r8+18],eax
mov rax,[BaseB]
mov rbp,[rax+80]
mov rbx,[DarkSoulsIII.exe+4752300]
mov rcx,rbx
call 1407BBA70
add rsp,48
ret
|
At the moment I don't fully understand what is going on here but I do see that is calls code at location 0x1407BBA70.
I've seen some tutorials that require you to create a dll then use a tool to inject the dll. I was hoping to be able to just use the exe to call the DS3 function.
Of course I still have to fully understand the asm that I'm seeing but I was just want to know what I'm trying to do is possible.
Thanks[/code]
|
|
| Back to top |
|
 |
OldCheatEngineUser
Whateven rank
 Reputation: 20
Joined: 01 Feb 2016
Posts: 1586
|
| Posted: Sun Nov 15, 2020 10:23 pm Post subject: Re: Converting CT to C++, calling a function in Dark Souls 3 |
|
|
| DepressedCE wrote: | | just want to know what I'm trying to do is possible. |
its possible to call a function externally, but dll injection is better.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
DepressedCE
How do I cheat?
![]() Reputation: 0
Joined: 10 Jun 2020
Posts: 3
|
| Posted: Mon Nov 16, 2020 9:39 am Post subject: |
|
|
Is there anything describing the pros and cons of the two approaches?
Isn't it what Cheat engine does?
Can you provide some links to some materials I would need to review to try any of the two ways?
Thank you
|
|
| Back to top |
|
|
OldCheatEngineUser
Whateven rank
Reputation: 20
Joined: 01 Feb 2016
Posts: 1586
|
| Posted: Mon Nov 16, 2020 3:13 pm Post subject: |
|
|
i never called a function externally, the code setup required to call a function externally have lot of overhead.
and lets be clear its not a real call, its made by creating a remote thread in your target process.
you will have to change thread context to setup some registers used by the function, you also need to edit thread's stack to pass arguments to that function as well as the return address so the thread returns to the system and get destroyed.
you cant get a return value, its waste of resources; creating 100 threads isnt anywhere near good or OK.
as for dll injection, its much simpler all you need to do is to pass arguments and determine whether its cdecl or stdcall.
you can get the returned value when you call it internally, its much faster and safer.
you can also hook that function and alter it behavior.
an example on how to call a function from C code (internally):
typedef void(__cdecl *_MyFuncCall)(int arg1, int arg2); /* prototype */
_MyFuncCall MyFuncCall = (_MyFuncCall)0x12345678; /* instance of the function plus assigning the instance to an address */
MyFuncCall(1, 2); /* call it */
or if you wish you may use:
void MyFuncCall(int arg1, int arg2)
{
__asm{
push arg2 // valid in 32-bit process, invalid in 64-bit
push arg1 // as calling conventions are different
call 0x12345678
add esp, 8 // you dont need this line if its stdcall
}
}
side note:
visual studio no longer support inline assembly for 64-bit processes.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
