• Amused
  • Angry
  • Annoyed
  • Awesome
  • Bemused
  • Cocky
  • Cool
  • Crazy
  • Crying
  • Down
  • Drunk
  • Embarrased
  • Enraged
  • Friendly
  • Geeky
  • Godly
  • Happy
  • Hateful
  • Hungry
  • Innocent
  • Meh
  • Piratey
  • Poorly
  • Sad
  • Secret
  • Shy
  • Sneaky
  • Tired
  • Wtf
  • At Work
  • CodenzHub
  • Coding
  • Deejaying
  • Donating
  • Drinking
  • Eating
  • Editing
  • Hacking
  • Hate Mailing
  • Jamin'
  • Lagging
  • Live Streaming
  • Lurking
  • No Status
  • Pawning
  • PC Gaming
  • PS Gaming
  • Raging
  • Reversing
  • Sleeping
  • Steam Gaming
  • Trolling
  • TwitchStreamer
  • Vodka!
  • Watching TV/Movie
  • Xbox Gaming
  • Youtuber
  • Zombies
  • Results 1 to 10 of 10
    1. #1
      Kim Kong Trasher
      I don't have status.
       
      Raging
       
      c5's Avatar
      Join Date
      Jul 2012
      Location
      Mankei Iland
      Posts
      1,221
      Thanks (-->)
      97
      Thanks (<--)
      491

      Post Calling a function by address (function in another module)

      John Kittz
      Say there's a function in another module you'd like to call, in this example, this is how the function I want to call looks like in IDA:

      Calling a function by address (function in another module)

      As we can see, it's right in the beginning of the .text section at 0x1000, the address for your target function is obviously different

      And that's what IDA has to say about its calling convention, return type and arguments, that's the information we will need later on (+ the address of course) :

      Calling a function by address (function in another module)

      It's just a simple function which takes an int as a parameter (which it doesn't even use), outputs number 6 by a messagebox and returns 30 to the caller.

      It's time to write our injectable dll which will call the function, I've commented the code so it should be quite self explanatory:

      Here's the part which you'll need when calling a function
      Code:
      /* THE CALLING PART */
      //int __cdecl targetfunc(int arg1)  <--- the function we are going to call (at 0x1000), keeping it here just as a reference to look at :)
      typedef int (__cdecl *pTargetFunction)(int); // using typdef just to keep it nice (declaring a function pointer), notice the calling convention (cdecl), arguments and return type!
      pTargetFunction pFunction = (pTargetFunction)(functionAddress); // assigning a function to the address
      int returnedValue = pFunction(27); // calling it with 27 and saving the return value to an int returnedValue
      /* -------------- */
      And here is the whole code of the thread I used to call it from
      Code:
      void mainThread() // my main thread
      {
      	DWORD functionAddress = 0x1000 + (DWORD)GetModuleHandleA("target.exe"); // get the function address
      
      	while (true) // loop and wait for an input from user to call the target function
      	{
      		if (GetAsyncKeyState(VK_INSERT))
      		{
      			/* THE CALLING PART */
      			//int __cdecl targetfunc(int arg1)  <--- the function we are going to call (at 0x1000)
      			typedef int (__cdecl *pTargetFunction)(int); // using typdef just to keep it nice (declaring a function pointer), notice the calling convention (cdecl), arguments and return type
      			pTargetFunction pFunction = (pTargetFunction)(functionAddress); // assigning a function to the address
      			int returnedValue = pFunction(27); // calling it with 27 and saving the return value to an int returnedValue
      			/* -------------- */
      
      
      			char buf[128] = {};
      			sprintf(buf, "Target function returned: %i ", returnedValue); // formatting the returned value 
      			MessageBoxA(NULL, buf, NULL, NULL); // outputting the value it returned to us (in my case it should be 30 if everything goes well)
      		}
      		Sleep(50);
      	}
      }
      And as we can see, it did return 30:

      Calling a function by address (function in another module)

      When writing your code, pay extra attention to having right argument types, calling convention and correct address. Having those wrong and you'll probably just find the target program crashing.

      The target program I used here was a bad example to be honest (target function had just 1 parameter and it didn't even output it) but I hope you learned something from the tutorial nevertheless..
      Calling a function by address (function in another module)

    2. Thanks Syperus, N/A, emistz, squeenie, [GH]Rake, Liduen, Solaire thanked for this post
    3. #2
      Kim Kong Trasher
      I don't have status.
       
      Raging
       
      c5's Avatar
      Join Date
      Jul 2012
      Location
      Mankei Iland
      Posts
      1,221
      Thanks (-->)
      97
      Thanks (<--)
      491
      Or if you want to take another approach, call it with using inline asm, but in that case you will have to push the arguments to the stack on your own in the correct order.
      Calling a function by address (function in another module)

    4. #3
      Global Moderator
      give me my colorz back
      FeelsBadMan
       
      Coding
       
      till0sch's Avatar
      Join Date
      Oct 2012
      Location
      Germany.
      Posts
      1,168
      Thanks (-->)
      179
      Thanks (<--)
      340
      I think that is a bit easier.. But injecting a DLL will be compulsory...

    5. #4
      Newbie
      Learning to hack games!
       
      Feeling Normal
       
      forivin's Avatar
      Join Date
      Mar 2013
      Posts
      10
      Thanks (-->)
      1
      Thanks (<--)
      0
      I'm very new to C++ and I have... a lot of questions. But I will try my best!
      I'm using Visual C++. How would I start?
      New Project->Win32 Project->Next->DLL ?
      But I would also need a little program that actually injects the DLL, right?
      So I'd create another project (say an Win32 console application). Is that correct?
      Or could I just use this: https://guidedhacking.com/attachment...5&d=1346416739
      It's from this post: https://guidedhacking.com/showthread...ewfull=1#post3

      And my last question for now is how exactly my DLL has to look like.
      I just need a full examplecode, including the "includes" in the beginning.

    6. #5
      Jr.Coder
      Learning to hack games!
       
      Feeling Normal
       
      emistz's Avatar
      Join Date
      May 2013
      Posts
      71
      Thanks (-->)
      2
      Thanks (<--)
      9
      Quote Originally Posted by forivin View Post
      I'm very new to C++ and I have... a lot of questions. But I will try my best!
      I'm using Visual C++. How would I start?
      New Project->Win32 Project->Next->DLL ?
      But I would also need a little program that actually injects the DLL, right?
      So I'd create another project (say an Win32 console application). Is that correct?
      Or could I just use this: https://guidedhacking.com/attachment...5&d=1346416739
      It's from this post: https://guidedhacking.com/showthread...ewfull=1#post3

      And my last question for now is how exactly my DLL has to look like.
      I just need a full examplecode, including the "includes" in the beginning.
      How to build the DLL project you have right.
      The entire DLL code he already gave you.
      To inject the DLL you can roll your own injector or use one of the hundreds out there people have already coded.

      If you can't figure out how to get the proper includes in I would suggest you get more familiar with programming before trying to guess your way into this, since you won't learn much with your current approach.
      Last edited by emistz; 06-08-2013 at 03:44 PM.

    7. #6
      Global Moderator
      give me my colorz back
      FeelsBadMan
       
      Coding
       
      till0sch's Avatar
      Join Date
      Oct 2012
      Location
      Germany.
      Posts
      1,168
      Thanks (-->)
      179
      Thanks (<--)
      340
      Quote Originally Posted by forivin View Post
      I'm very new to C++ and I have... a lot of questions. But I will try my best!
      I'm using Visual C++. How would I start?
      New Project->Win32 Project->Next->DLL ?
      But I would also need a little program that actually injects the DLL, right?
      So I'd create another project (say an Win32 console application). Is that correct?
      Or could I just use this: https://guidedhacking.com/attachment...5&d=1346416739
      It's from this post: https://guidedhacking.com/showthread...ewfull=1#post3

      And my last question for now is how exactly my DLL has to look like.
      I just need a full examplecode, including the "includes" in the beginning.
      You don't need to code an injector. There are plenty. Download Winject or Cheat Engine..

    8. #7
      Newbie
      Learning to hack games!
       
      Feeling Normal
       
      forivin's Avatar
      Join Date
      Mar 2013
      Posts
      10
      Thanks (-->)
      1
      Thanks (<--)
      0
      So c5 expects the users of this tutoprial to know what includes are needed for this code:
      void mainThread() // my main thread
      {
      DWORD functionAddress = 0x1000 + (DWORD)GetModuleHandleA("target.exe"); // get the function address

      while (true) // loop and wait for an input from user to call the target function
      {
      if (GetAsyncKeyState(VK_INSERT))
      {
      /* THE CALLING PART */
      //int __cdecl targetfunc(int arg1) <--- the function we are going to call (at 0x1000)
      typedef int (__cdecl *pTargetFunction)(int); // using typdef just to keep it nice (declaring a function pointer), notice the calling convention (cdecl), arguments and return type
      pTargetFunction pFunction = (pTargetFunction)(functionAddress); // assigning a function to the address
      int returnedValue = pFunction(27); // calling it with 27 and saving the return value to an int returnedValue
      /* -------------- */


      char buf[128] = {};
      sprintf(buf, "Target function returned: %i ", returnedValue); // formatting the returned value
      MessageBoxA(NULL, buf, NULL, NULL); // outputting the value it returned to us (in my case it should be 30 if everything goes well)
      }
      Sleep(50);
      }
      }


      Am I correct?
      Well, I'm not planning to seriously learn C++ (especially not by heart), but I could of course google every single function and see what includes are needed.
      It would be nice if you just quickly tell me, tho.

      I guess I would also need to call the function once in the beginning like this:
      CreateThread(0, 0x1000, &mainThread, 0, 0, NULL);
      yeah?
      Last edited by forivin; 06-08-2013 at 04:38 PM.

    9. #8
      Newbie
      Learning to hack games!
       
      Feeling Normal
       
      Drew's Avatar
      Join Date
      Aug 2013
      Posts
      9
      Thanks (-->)
      0
      Thanks (<--)
      0
      how would you learn about the types that are passed as parameters in olly ?

    10. #9
      Kim Kong Trasher
      I don't have status.
       
      Raging
       
      c5's Avatar
      Join Date
      Jul 2012
      Location
      Mankei Iland
      Posts
      1,221
      Thanks (-->)
      97
      Thanks (<--)
      491
      Quote Originally Posted by Drew View Post
      how would you learn about the types that are passed as parameters in olly ?
      Common sense. Have a look at the stack window mate.
      Calling a function by address (function in another module)

    11. #10
      Coder
      Creating UE3 x86/x64 tut
       
      Coding
       
      TastyHorror's Avatar
      Join Date
      Oct 2012
      Location
      Canada
      Posts
      184
      Thanks (-->)
      54
      Thanks (<--)
      81
      Cheats'n'Trainers
      Not too many people realize the potential for this, but I do. Thanks for sharing.

    Similar Game Hacker Threads

    1. Replies: 6
      Last Post: 01-25-2016, 03:23 PM
    2. Replies: 6
      Last Post: 01-21-2016, 01:59 PM
    3. Replies: 5
      Last Post: 06-22-2015, 06:27 AM
    4. [Help] DLL - How to get address of module?
      By zepixx in forum Hacking Help
      Replies: 1
      Last Post: 10-29-2014, 04:56 AM

    Tags for this Thread