Guide Guide on How to Call Game Functions

[Rake]

Game Name

N/A

Anticheat

N/A

Coding Language

C++

Guide to Calling Game Functions
​

This is another GUIDE in a series of topic based guides in which the general information regarding a topic is given and all the tutorials scattered across the forum are organized into one place.

Do this guide first:
Guide - GHB2 - Beginners Guide To Reverse Engineering

Calling game functions is typically done in internal hacks, which are hacks in which you inject a DLL with your hack code in it. Essentially what you're doing is calling a function by address, the same way the game would. Calling a function by address via a function pointer is a common thing to do in a C++ program, we're just doing it after the game has been compiled, at runtime

What functions would you want to call? Any functionality that the game provides that is too difficult or time consuming to implement yourself can be called by you. Common functions you would call are RayTrace, TraceLine, chat send message or prediction functions as these are too complex to implement yourself. Traceline/RayTrace is used in aimbots, it draws a line between your player and another player and checks if there are objects in the way, if there are no collisions between you and your target, your aimbot should aim and shoot at that target.

Sometimes just changing a variable isn't gonna work, and calling a game function can easily solve your problem.

If you're a noob go to Guide - START HERE Beginners Guide to Learning Game Hacking and learn the basics first

What do are the per-requisites to calling a game function?

• Intermediate Knowledge of internal hacks
• Intermediate experience with C++
• Intermediate assembly reversing
• Knowledge of calling conventions

What do you need to know about the function you want to call?

• calling convention
• return type
• arguments
• address of the function

How to call a game function:

Reverse engineer the function, IDA is the best for this, then do like this example:

//typedef the function prototype
typedef cvar_t*(__cdecl * _Cvar_Get)(const char *var_name, const char *var_value, int flags);

//Create an instance of the function and assign it to an address
_Cvar_Get Cvar_Get = (_Cvar_Get)0x043F688;

//Call it like this
Cvar_Get("cl_gamepath", "OpenArena", 0);

//typedef the function prototype
typedef clipHandle_t(__cdecl *_CM_InlineModel)(int index);

//Create an instance of the function and assign it to an address
_CM_InlineModel CM_InlineModel = (_CM_InlineModel)0x00426a5c;

//Call it like this
CM_InlineModel(5);

Most important tutorials on calling game functions:
Tutorial - How to Call a Game Function
Tutorial - Calling Functions Externally - The Definitive Guide

Video Tutorial - CSGO CreateInterface Tutorial - How to get Interfaces
Video Tutorial - How to Find dwGetAllClasses & Netvar Manager
Video Tutorial - CSGO How to Find TraceRay - Call Traceline Tutorial


Best Related Threads:
x86 Calling Conventions · destructure.io
Tutorial - How to Call a Game Function
Tutorial - Output to Assault Cube in game console
Tutorial - Calling Conventions, and why you need to know them!
Source Code - Calling traceline with inline ASM
Tutorial - Gathering Function Parameters [Part 1]
Solved - Game chat function
Tutorial - Call functions of another process with DLL

Other Resources:
7.8 — Function Pointers
Calling Conventions
Reverse Engineering and Function Calling by Address - CodeProject
Calling Conventions Demystified - CodeProject
x86 Disassembly/Functions and Stack Frames - Wikibooks, open books for an open world
Call stack - Wikipedia
https://www.cs.cornell.edu/courses/cs412/2008sp/lectures/lec20.pdf
Inside Calling Conventions - CodeProject

Anything we need to add to this guide?

 

[SDK24]

I don't know if I'm allowed to reply to this, but for extreme beginners I would recommend to understand this:

int foo(void) //Somewhere in the game, there is a function with address: 0xDEADBEEF
{
    // Bullshit
    return 5;
}

int main() {
    typedef int func(void); // Creating an int function alias, replace (void) with your parameters
    func* f = (func*)reinterpret_cast<void*>(0xDEADBEEF); // f will be pointing to 0xDEADBEEF function address
    std::cout << f() << std::endl; // This will print 5. Note: if you have any parameters, put them... duhh
    std::getchar();
    return EXIT_SUCCESS;
}

 

[Thiago]

Update video links!

 

[Rake]

videos reupped ^

 

[kennevic]

videos reupped ^

How to call Function in CrossfirePH?

 

[Hype]

How to call Function in CrossfirePH?

https://guidedhacking.com/threads/start-here-beginners-guide-to-learning-game-hacking.5911/

 

[Rake]

How to call Function in CrossfirePH?

you are literally posting on a guide on how to call game function

 

[MegaByte]

I would also like to add that you may want to ensure functions you call are called from the games own thread (hooks is fine to call from).
Don't call it from your own thread to avoid race condition or other potential problems.

Just a word of caution, but it might not matter in other cases if its not reading/writing memory that can change often from game thread.

 

[Rake]

I would also like to add that you may want to ensure functions you call are called from the games own thread (hooks is fine to call from).
Don't call it from your own thread to avoid race condition or other potential problems.

I never considered this, I will keep that in mind

 

[omarbgm]

#include <iostream>
#include "FindMatch.h"

using namespace std;

int main()
{
_sub_794AB100 sub_794AB100 = (_sub_794AB100)0x79489ABC;
sub_794AB100();
    return 0;
}

#ifndef FindMatch_h
#define FindMatch_h

typedef void(__stdcall *_sub_794AB100)();

#endif

I have a question ... after debugging a game i found that the function i want to call is named " rcp-be-lol-lobby.sub_794AB100 " i tried to write it like this in my code but it kept giving me an error about the " - " so i tried to use only the "sub_794AB100" but it didnt worked so i would like to ask how will i do to call it also in this game there is a dll named rcp-be-lol-lobby.dll thats mean its a function called from a dll so id like to ask how can i do to call it ?

 

[Teuvin]

#include <iostream>
#include "FindMatch.h"

using namespace std;

int main()
{
_sub_794AB100 sub_794AB100 = (_sub_794AB100)0x79489ABC;
sub_794AB100();
    return 0;
}

#ifndef FindMatch_h
#define FindMatch_h

typedef void(__stdcall *_sub_794AB100)();

#endif

I have a question ... after debugging a game i found that the function i want to call is named " rcp-be-lol-lobby.sub_794AB100 " i tried to write it like this in my code but it kept giving me an error about the " - " so i tried to use only the "sub_794AB100" but it didnt worked so i would like to ask how will i do to call it also in this game there is a dll named rcp-be-lol-lobby.dll thats mean its a function called from a dll so id like to ask how can i do to call it ?

Dude look at your address, LOOK CLOSELY TO YOUR ADDRESS and then to the function name

 

[omarbgm]

Dude look at your address, LOOK CLOSELY TO YOUR ADDRESS and then to the function name

well whats wrong with it took it from the debugger directly...

 

[Rake]

well whats wrong with it took it from the debugger directly...

you want to call sub_794AB100

but you are calling 0x79489ABC

if you can't understand the problem with that, idk what to tell you

 

[Hype]

well whats wrong with it took it from the debugger directly...

hey you call different function that you want to call, calling function means "calling address" and they are different. You call: 0x1 when you want call 0x2.
Okay?

 

[omarbgm]

you want to call sub_794AB100

but you are calling 0x79489ABC

if you can't understand the problem with that, idk what to tell you

ya ya i got it sorry for my stupidity i see now why he told me look carefully but still not working

#include <iostream>
#include "FindMatch.h"



using namespace std;

int main()
{
_sub_8A79F80 sub_8A79F80 = (_sub_8A79F80)0x8A79F80;
sub_8A79F80();
    return 0;
}

#ifndef FindMatch_h
#define FindMatch_h

typedef void(__stdcall *_sub_8A79F80)();

#endif

 

[Hype]

ya ya i got it sorry for my stupidity i see now why he told me look carefully but still not working

#include <iostream>
#include "FindMatch.h"



using namespace std;

int main()
{
_sub_8A79F80 sub_8A79F80 = (_sub_8A79F80)0x8A79F80;
sub_8A79F80();
    return 0;
}

#ifndef FindMatch_h
#define FindMatch_h

typedef void(__stdcall *_sub_8A79F80)();

#endif

are you sure this is the correct address?

 

[omarbgm]

this is how it is called in the assembly

 

[Hype]

this is how it is called in the assembly

what about jumping to this instruction that calls it? Check if it works.

 

[omarbgm]

what about jumping to this instruction that calls it? Check if it works.

yea she got a jump instruction shall i try to put the jmp instruction adress instead ?

 

[Teuvin]

Alright dude, I thought you were going to solve this by now, but apparently you can't, so...
We can see that you haven't followed the tutorial at all, because you couldn't even make the right project type on visual studio, what you are doing is an external C++ program that's outside the target process address space, a.k.a you are calling your own program memory at 0x8A79F80, where as you should be creating a DLL and inject it in the target process.
Please refer to the beginners guide as it looks like you don't know jack shit about C++ and game hacking.
I'm sorry but you are gonna make it to my sig.