[Delta Hackers - Cheats, Hacks and Trainers] Assembly

Kirsch · #1 05-27-2010

So I am slowly trying to get my head back into programming, simply to keep it open for a career choice. Gotta widen my choices, and being as I used to be pretty good, I figured why not. Therefore, I've been making miniscule programs then hacking them.

Anyway, to the point. In olly I have found the function I want to call in my .DLL, which goes as follows in olly:

Code:

004119A7   99               CDQ
004119A8   B9 0A000000      MOV ECX,0A
004119AD   F7F9             IDIV ECX
004119AF   83C2 01          ADD EDX,1
004119B2   8915 C4F14100    MOV DWORD PTR DS:[41F1C4],EDX
004119B8   A1 C0F14100      MOV EAX,DWORD PTR DS:[41F1C0]
004119BD   3B05 C4F14100    CMP EAX,DWORD PTR DS:[41F1C4]
004119C3   EB 3B            JMP SHORT Grades3.00411A00
004119C5   68 78CA4100      PUSH Grades3.0041CA78                    ; ASCII "Wrong number. DUMBASS! 
"
004119CA   A1 2C044200      MOV EAX,DWORD PTR DS:[<&MSVCP100D.?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A>]
004119CF   50               PUSH EAX
004119D0   E8 E2F8FFFF      CALL Grades3.004112B7

Followed by

Code:

ADD ESP,8

Now, I have put this into C++ inline as:

Code:

	void *vFunction = (void*)0x004112B7

	if(GetASyncKeyState(VK_LSHIFT))
	{
		__asm
		{
			CDQ
			MOV ECX,0x0A
			IDIV ECX
			ADD EDX,0x1
			MOV DWORD PTR DS:[0x0041F1C4],EDX
			MOV EAX,DWORD PTR DS:[0x0041F1C0]
			CMP EAX,DWORD PTR DS:[0x0041F1C4]
			JMP SHORT 0x00411A00
			PUSH 0x0041CA78                    
			MOV EAX,DWORD PTR DS:[<&MSVCP100D.?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A>] //no idea what this part is
			PUSH EAX
			CALL [vFunction]
			ADD ESP, 0x08
		}

However, I know I am missing something, just can't put my finger on it. One problem may be, in olly, ADD ESP,8 followed the call function. Therefore, in C++, wouldn't that translate to simply ADD ESP,0x08? Or am I forgetting something?

Kirsch · #2 05-27-2010

Seem to have fixed it after some messing around with it, figured i wouldnt delete the post because someone somewhere may learn from it.

Ended up being this:

Code:

	void *vFunction = (void*)0x004112B7;
	void *vJump = (void*)0x00411A00;
	Sleep(3000);
		__asm
		{
			CDQ
			MOV ECX,0x0A
			IDIV ECX
			ADD EDX,1
			MOV DWORD PTR DS:[0x0041F1C4],EDX
			MOV EAX,DWORD PTR DS:[0x0041F1C0]
			CMP EAX,DWORD PTR DS:[0x0041F1C4]
			JMP [vJump]
			PUSH 0x0041CA78                    
			PUSH EAX
			CALL [vFunction]
			ADD ESP,0x08
		}