1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

c++ asm, what am i doing wrong?

Discussion in 'Programming' started by DarkSpace, Aug 13, 2010.

  1. DarkSpace

    DarkSpace Well-Known Member Coder

    Problem salved thanks to D R T.
    Below is the fully working c++ script for others if they wish to use it.



    Code (Text):
    1.  
    2. [enable]
    3. alloc(delay1,512)
    4. label(Exit)
    5. label(Exit2)
    6. alloc(delay,4)
    7. alloc(nextGo,4)
    8.  
    9. 008BF5AB: //e8 ?? ?? ?? ff 85 c0 0f 85 ?? ?? ?? ?? 8b 83 ?? ?? 00 00 83 e0 fe 83 f8 12 0f 84 ?? ?? ?? ?? e8
    10. jmp delay1
    11.  
    12. //---------------------------
    13. delay:
    14. dd E290
    15.  
    16. nextGo:
    17. dd 0
    18.  
    19. //---------------------------
    20. delay1:
    21. call 008A6901 //55 8b ec 83 ec 10 8b 41 08 8a 50 04 53 56 57 89 4d f0
    22. mov eax,[00adaad4] //(opcode) ?? ?? ?? ?? 00 8b 40 ?? 56 8b f1 89 46 ?? c7 46 ?? 01 00 00 00
    23. mov eax,[eax+18] //(opcode one below)
    24. sub eax,[delay]
    25. cmp eax,[nextGo]
    26. jbe Exit
    27. mov eax,[00adaad4]
    28. mov eax,[eax+18]
    29. add eax,[delay]
    30. mov [nextGo],eax
    31. jmp Exit2
    32. //-----------------------------------
    33. Exit:
    34. jmp 008C0E68 //8b 4d f4 5f 5e 64 89 0d 00 00 00 00 5b c9 c2 28 00 8b 01
    35. //----------------------
    36. Exit2:
    37. test eax,eax
    38. je 008C0E68 //8b 4d f4 5f 5e 64 89 0d 00 00 00 00 5b c9 c2 28 00 8b 01
    39. jmp 008BF5BE //83 e0 fe 83 f8 12 0f 84 ?? ?? ?? ?? e8 ?? ?? ?? ?? 8b 8b ?? ?? 00 00
    40.  
    41. [disable]
    42. 008BF5AB:
    43. call 008A6901
    44.  
    45. dealloc(delay)
    46. dealloc(nextGo)
    47. dealloc(delay1)
    48.  
    this is my C++
    Code (Text):
    1.  
    2. DWORD timedGMPointer = 0x008BF5AB;
    3. DWORD timedGMReturn = timedGMPointer +  5;
    4. DWORD pointerCall = 0x008A6901;
    5. DWORD exitJmp = 0x008C0E68;
    6. DWORD exit2Jmp = 0x008BF5BE;
    7.  
    8. DWORD delay = 0xE290;
    9. DWORD goNext = 0;
    10.  
    11. __declspec(naked) void __stdcall timedGMhook()
    12. {
    13.    
    14.     __asm
    15.     {
    16.         call [pointerCall]
    17.         mov eax, dword ptr ds:[0x00adaad4]
    18.         mov eax,[eax + 0x18]
    19.         sub eax, dword ptr ds:[delay]
    20.         cmp eax, dword ptr ds:[goNext]
    21.         jbe Exit
    22.         mov eax, dword ptr ds:[0x00adaad4]
    23.         mov eax,[eax + 0x18]
    24.         add eax, dword ptr ds:[delay]
    25.         mov [goNext],eax
    26.         jmp Exit2
    27.  
    28. Exit:
    29.         jmp exitJmp
    30. Exit2:
    31.         test eax,eax
    32.         je 0x008C0E68
    33.         jmp exit2Jmp
    34.     }
    35. }
    36.  
    37. void enableTimedGM()
    38. {
    39.     *(BYTE*)timedGMPointer = 0xe9; //jump
    40.     *(DWORD*)(timedGMPointer + 1) = jmp(timedGMPointer, timedGMhook);
    41. }
    42.  
    Above is a working c++ script. copy and paste to your trainers if needed!
     
  2. DarkSpace

    DarkSpace Well-Known Member Coder

    there are no errors, it compiles like it should.
    but has no effect when activated.
     
  3. [D.R.T]

    [D.R.T] (҂ `з´ ).︻╦̵̵̿╤── Coder Donor

    ok copy and paste this
    Code (Text):
    1.  
    2. void __declspec(naked) BPGMAsm()
    3. {
    4.     __asm
    5.     {
    6.         call [ulCallBPGM]   //original op
    7.         mov eax,dword ptr ds:[0x00adaad4] //(opcode) ?? ?? ?? ?? 00 8b 40 ?? 56 8b f1 89 46 ?? c7 46 ?? 01 00 00 00
    8.         mov eax,[eax+0x18] //(opcode one below)
    9.         sub eax,dword ptr ds:[ulBPGMdelay]
    10.         cmp eax,dword ptr ds:[ulBPGMnextGo]
    11.         jbe Exit
    12.             mov eax,dword ptr ds:[0x00adaad4]
    13.         mov eax,[eax+0x18]
    14.         add eax,dword ptr ds:[ulBPGMdelay]
    15.         mov [ulBPGMnextGo],eax
    16.             jmp Exit2
    17.  
    18. Exit:
    19.         jmp ulJMPExit
    20.  
    21. Exit2:
    22.         test    eax,eax
    23.             je  0x008C0E68 //8b 4d f4 5f 5e 64 89 0d 00 00 00 00 5b c9 c2 28 00 8b 01
    24.             jmp ulJMPExit2
    25.     }
    26.  
    27. }
    28.  
     
  4. Siobhan

    Siobhan New Member

    You are jumping to your variable "jmp ulJMPExit2" not the address that is in it. Try "jmp [ulJMPExit2]"
     
  5. [D.R.T]

    [D.R.T] (҂ `з´ ).︻╦̵̵̿╤── Coder Donor

    actually that is not the problem, review the code I wrote above and you'll realize what the problem really
     
  6. Siobhan

    Siobhan New Member

    Having to qualify pointers with "dword ptr ds:" is dependent on what compiler you use, I think it is redundant in vs2010. (Though it won't hurt and it is better to do so)
     
  7. [D.R.T]

    [D.R.T] (҂ `з´ ).︻╦̵̵̿╤── Coder Donor

    you are right, the code is OK, the only mistake I think it would be this serious

    PD : confirm if this has served
     
  8. DarkSpace

    DarkSpace Well-Known Member Coder

    oh so dword ptr ds:[] is important in vs08 but not needed in vs10?

    i'll try the code now and see how it works. thanks for help D R T.
     
  9. Ation

    Ation s. mod Moderator Donor

    Code (Text):
    1. DWORD timedGMPointer = 0x008BF8C3;
    2. DWORD timedGMReturn = timedGMPointer +  5;
    3. DWORD pointerCall = 0x004DBCC7;
    4. DWORD exitJmp = 0x008C1180;
    5. DWORD exit2Jmp = 0x008BF8D6;
    6.  
    7. DWORD delay = 0xC350;
    8. DWORD goNext = 0;
    9.  
    10. __declspec(naked) void __stdcall timedGMhook() [COLOR="Red"]//error C2488: 'timedGMhook' : 'naked' can only be applied to non-member function definitions[/COLOR]
    11. { [COLOR="Red"]//error C2447: '{' : missing function header (old-style formal list?)[/COLOR]
    12.    
    13.     __asm
    14.     {
    15.         call [pointerCall]
    16.         mov eax, dword ptr ds:[0x00adaad4]
    17.         mov eax,[eax + 0x18]
    18.         sub eax, dword ptr ds:[delay]
    19.         cmp eax, dword ptr ds:[goNext]
    20.         jbe Exit
    21.         mov eax, dword ptr ds:[0x00adaad4]
    22.         mov eax,[eax + 0x18]
    23.         add eax, dword ptr ds:[delay]
    24.         mov [goNext],eax
    25.         jmp Exit2
    26.  
    27. Exit:
    28.         jmp exitJmp
    29. Exit2:
    30.         test eax,eax
    31.         je 0x008C1180
    32.         jmp exit2Jmp
    33.     }
    34. }
    35.  
    36. void enableTimedGM()
    37. {
    38.     *(BYTE*)timedGMPointer = 0xE9; //jump
    39.     *(DWORD*)(timedGMPointer + 1) = jmp(timedGMPointer, timedGMhook);
    40. }
    I copied your C++ script and changed the addresses to v64 ones, but I'm getting 2 errors when trying to build my DLL.
    How I can fix this?

    *Bump* >,<
     
  10. Twister

    Twister Well-Known Member

    How would this work if the bytes are equal to eachother? o-o
    Sorry if my question is nubish.
    Code (Text):
    1.  
    2. void __fastcall TForm1::CheckBox27Click(TObject *Sender)
    3. {
    4.     if(CheckBox27->Checked)
    5.     {
    6.         *(BYTE*)BPGMAddy = 0xE9;
    7.         *(DWORD*)(BPGMAddy + 1) = jmp(BPGMAddy, BPGMAsm);
    8.     }
    9.     else
    10.     {
    11.         *(BYTE*)BPGMAddy = 0xE9;
    12.         *(DWORD*)(BPGMAddy + 1) = jmp(BPGMAddy, disableBPGMAsm);
    13.     }
    14. }
     
  11. Ation

    Ation s. mod Moderator Donor

    @tezjin, thx! :D
    Now my little project is like 3% done. :3
    Actually, I'm just trying to practise a bit.
     
  12. [D.R.T]

    [D.R.T] (҂ `з´ ).︻╦̵̵̿╤── Coder Donor

    u can use byte for disable part
    Code (Text):
    1. 0xe8, 0x51, 0x73, 0xfe, 0xff
     
  13. Twister

    Twister Well-Known Member

    Yeah, but shouldnt it be like this
    Code (Text):
    1. void __fastcall TForm1::CheckBox27Click(TObject *Sender)
    2. {
    3.     if(CheckBox27->Checked)
    4.     {
    5.         *(BYTE*)BPGMAddy = 0xE9;
    6.         *(DWORD*)(BPGMAddy + 1) = jmp(BPGMAddy, BPGMAsm);
    7.     }
    8.     else
    9.     {
    10.         *(BYTE*)BPGMAddy = 0x[COLOR="green"]E8[/COLOR];
    11.         *(DWORD*)(BPGMAddy + 1) = jmp(BPGMAddy, disableBPGMAsm);
    12.     }
    13. }
    Instead of
    Code (Text):
    1. void __fastcall TForm1::CheckBox27Click(TObject *Sender)
    2. {
    3.     if(CheckBox27->Checked)
    4.     {
    5.         *(BYTE*)BPGMAddy = 0xE9;
    6.         *(DWORD*)(BPGMAddy + 1) = jmp(BPGMAddy, BPGMAsm);
    7.     }
    8.     else
    9.     {
    10.         *(BYTE*)BPGMAddy = 0xE9;
    11.         *(DWORD*)(BPGMAddy + 1) = jmp(BPGMAddy, disableBPGMAsm);
    12.     }
    13. }
    14.  
     

Share This Page