Video Tutorial Calling a function by address (function in another module)

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

c5

Kim Kong Trasher
Dank Tier VIP
Dank Tier Donator
Jul 19, 2012
1,187
12,638
76
Say there's a function in another module you'd like to call, in this example, this is how the function I want to call looks like in IDA:



As we can see, it's right in the beginning of the .text section at 0x1000, the address for your target function is obviously different :)

And that's what IDA has to say about its calling convention, return type and arguments, that's the information we will need later on (+ the address of course) :



It's just a simple function which takes an int as a parameter (which it doesn't even use), outputs number 6 by a messagebox and returns 30 to the caller.

It's time to write our injectable dll which will call the function, I've commented the code so it should be quite self explanatory:

Here's the part which you'll need when calling a function
C++:
/* THE CALLING PART */
//int __cdecl targetfunc(int arg1)  <--- the function we are going to call (at 0x1000), keeping it here just as a reference to look at :)
typedef int (__cdecl *pTargetFunction)(int); // using typdef just to keep it nice (declaring a function pointer), notice the calling convention (cdecl), arguments and return type!
pTargetFunction pFunction = (pTargetFunction)(functionAddress); // assigning a function to the address
int returnedValue = pFunction(27); // calling it with 27 and saving the return value to an int returnedValue
/* -------------- */
And here is the whole code of the thread I used to call it from
C++:
void mainThread() // my main thread
{
	DWORD functionAddress = 0x1000 + (DWORD)GetModuleHandleA("target.exe"); // get the function address

	while (true) // loop and wait for an input from user to call the target function
	{
		if (GetAsyncKeyState(VK_INSERT))
		{
			/* THE CALLING PART */
			//int __cdecl targetfunc(int arg1)  <--- the function we are going to call (at 0x1000)
			typedef int (__cdecl *pTargetFunction)(int); // using typdef just to keep it nice (declaring a function pointer), notice the calling convention (cdecl), arguments and return type
			pTargetFunction pFunction = (pTargetFunction)(functionAddress); // assigning a function to the address
			int returnedValue = pFunction(27); // calling it with 27 and saving the return value to an int returnedValue
			/* -------------- */


			char buf[128] = {};
			sprintf(buf, "Target function returned: %i ", returnedValue); // formatting the returned value 
			MessageBoxA(NULL, buf, NULL, NULL); // outputting the value it returned to us (in my case it should be 30 if everything goes well)
		}
		Sleep(50);
	}
}
And as we can see, it did return 30:



When writing your code, pay extra attention to having right argument types, calling convention and correct address. Having those wrong and you'll probably just find the target program crashing.

The target program I used here was a bad example to be honest (target function had just 1 parameter and it didn't even output it) but I hope you learned something from the tutorial nevertheless..
 

c5

Kim Kong Trasher
Dank Tier VIP
Dank Tier Donator
Jul 19, 2012
1,187
12,638
76
Or if you want to take another approach, call it with using inline asm, but in that case you will have to push the arguments to the stack on your own in the correct order.
 

till0sch

Respected Hacker
Dank Tier VIP
Dank Tier Donator
Oct 14, 2012
1,104
12,593
51
I think that is a bit easier.. But injecting a DLL will be compulsory...
 

forivin

Newbie
Full Member
Mar 24, 2013
10
182
0
I'm very new to C++ and I have... a lot of questions. But I will try my best!
I'm using Visual C++. How would I start?
New Project->Win32 Project->Next->DLL ?
But I would also need a little program that actually injects the DLL, right?
So I'd create another project (say an Win32 console application). Is that correct?
Or could I just use this: https://guidedhacking.com/attachment.php?attachmentid=1195&d=1346416739
It's from this post: https://guidedhacking.com/showthrea...njection-DIFFICULTY-2-10&p=3&viewfull=1#post3

And my last question for now is how exactly my DLL has to look like.
I just need a full examplecode, including the "includes" in the beginning.
 

emistz

Jr.Coder
Dank Tier Donator
Nobleman
May 3, 2013
71
338
0
I'm very new to C++ and I have... a lot of questions. But I will try my best!
I'm using Visual C++. How would I start?
New Project->Win32 Project->Next->DLL ?
But I would also need a little program that actually injects the DLL, right?
So I'd create another project (say an Win32 console application). Is that correct?
Or could I just use this: https://guidedhacking.com/attachment.php?attachmentid=1195&d=1346416739
It's from this post: https://guidedhacking.com/showthrea...njection-DIFFICULTY-2-10&p=3&viewfull=1#post3

And my last question for now is how exactly my DLL has to look like.
I just need a full examplecode, including the "includes" in the beginning.
How to build the DLL project you have right.
The entire DLL code he already gave you.
To inject the DLL you can roll your own injector or use one of the hundreds out there people have already coded.

If you can't figure out how to get the proper includes in I would suggest you get more familiar with programming before trying to guess your way into this, since you won't learn much with your current approach.
 
Last edited:

till0sch

Respected Hacker
Dank Tier VIP
Dank Tier Donator
Oct 14, 2012
1,104
12,593
51
I'm very new to C++ and I have... a lot of questions. But I will try my best!
I'm using Visual C++. How would I start?
New Project->Win32 Project->Next->DLL ?
But I would also need a little program that actually injects the DLL, right?
So I'd create another project (say an Win32 console application). Is that correct?
Or could I just use this: https://guidedhacking.com/attachment.php?attachmentid=1195&d=1346416739
It's from this post: https://guidedhacking.com/showthrea...njection-DIFFICULTY-2-10&p=3&viewfull=1#post3

And my last question for now is how exactly my DLL has to look like.
I just need a full examplecode, including the "includes" in the beginning.
You don't need to code an injector. There are plenty. Download Winject or Cheat Engine..
 

forivin

Newbie
Full Member
Mar 24, 2013
10
182
0
So c5 expects the users of this tutoprial to know what includes are needed for this code:
C++:
void mainThread() // my main thread
{
    DWORD functionAddress = 0x1000 + (DWORD)GetModuleHandleA("target.exe"); // get the function address

    while (true) // loop and wait for an input from user to call the target function
    {
        if (GetAsyncKeyState(VK_INSERT))
        {
            /* THE CALLING PART */
            //int __cdecl targetfunc(int arg1)  <--- the function we are going to call (at 0x1000)
            typedef int (__cdecl *pTargetFunction)(int); // using typdef just to keep it nice (declaring a function pointer), notice the calling convention (cdecl), arguments and return type
            pTargetFunction pFunction = (pTargetFunction)(functionAddress); // assigning a function to the address
            int returnedValue = pFunction(27); // calling it with 27 and saving the return value to an int returnedValue
            /* -------------- */


            char buf[128] = {};
            sprintf(buf, "Target function returned: %i ", returnedValue); // formatting the returned value 
            MessageBoxA(NULL, buf, NULL, NULL); // outputting the value it returned to us (in my case it should be 30 if everything goes well)
        }
        Sleep(50);
    }
}
Am I correct?
Well, I'm not planning to seriously learn C++ (especially not by heart), but I could of course google every single function and see what includes are needed.
It would be nice if you just quickly tell me, tho. :)

I guess I would also need to call the function once in the beginning like this:
CreateThread(0, 0x1000, &mainThread, 0, 0, NULL);
yeah?
 
Last edited:

Drew

Newbie
Full Member
Aug 21, 2013
9
172
0
how would you learn about the types that are passed as parameters in olly ?
 

c5

Kim Kong Trasher
Dank Tier VIP
Dank Tier Donator
Jul 19, 2012
1,187
12,638
76
how would you learn about the types that are passed as parameters in olly ?
Common sense. Have a look at the stack window mate.
 

TastyHorror

Coder
Dank Tier Donator
Nobleman
Oct 11, 2012
179
2,268
8
Not too many people realize the potential for this, but I do. Thanks for sharing.
 
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods