Video Tutorial How To Call Game Functions C++ x64dbg Hacking Tutorial #1

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

Traxin

Escobar Tier VIP
Dank Tier Donator
Aug 3, 2015
1,041
25,378
154
Welcome to another installment of Guided Hacking's renowned video tutorials! In this tutorial you will learn how to call game functions and reverse engineer functions using x64dbg. Once learning how to do this, it becomes very easy to call any game function you want it only takes a few minutes.

In this episode we'll be covering calling a game's function from our game hack. This lesson will be split into two parts with part one covering a very basic introduction into the topic through the use of a test console application we write ourselves. We will reverse engineer the function prototypes using x64dbg disassembler and write a internal DLL hack that will call the functions by address when a key is pressed using a DLL injector.


You must compile as debug, you must use platform toolset 2015 v140

If you can't get it to work, the executable file in the download works perfectly and was tested to work as necessary




Attached is the dummy test application funkyVictim with source code and .exe

Download x64DBG Debugger

Download the GuidedHacking Injector made by Broihon

Attachment Virus Scan [funkyVictim]
Attachment Virus Scan [Function Caller]

[Footnote]
If you're using Visual Studio 2017 and can't find the function using x64dbg, switching the platform toolset in the project settings to v140 may fix the issue.

here's what the source int main looks like:
C++:
#include "Memory.h"

typedef void(__cdecl * _FuncA)();
_FuncA FuncA;

typedef void(__cdecl * _FuncB)(char * string);
_FuncB FuncB;

DWORD WINAPI MainThread(LPVOID param)
{
    uintptr_t modBase = (uintptr_t)GetModuleHandle(NULL);
    FuncA = (_FuncA)(modBase + 0x122C0);
    FuncB = (_FuncB)(modBase + 0x12340);
    //Set up
 
    while (!GetAsyncKeyState(VK_END))
    {
        if (GetAsyncKeyState(VK_NUMPAD2) & 1)
        {
            FuncA();
        }
        if (GetAsyncKeyState(VK_NUMPAD3) & 1)
        {
            FuncB("HELLUUURRR");
        }
    }
    FreeLibraryAndExitThread((HMODULE)param, 0);
    return 0;
}

BOOL WINAPI DllMain(HINSTANCE hModule, DWORD dwReason, LPVOID lpReserved)
{
    switch (dwReason)
    {
    case DLL_PROCESS_ATTACH:
        CreateThread(0, 0, MainThread, hModule, 0, 0);
        break;
    default:
        break;
    }
    return TRUE;
}
 

Attachments

Last edited by a moderator:

Traxin

Escobar Tier VIP
Dank Tier Donator
Aug 3, 2015
1,041
25,378
154
Hello,

Awesome tutorial!
I do have one question.
I cant find the FuncA and FunB functions.

This the only thing i get:

http://imgur.com/a/BXICG

Did i maybe forget some setting?
Welcome and yes, make sure your project for funkyVictim is set to DEBUG mode. Release mode will optimize those functions right the fuck away.
 

lukaluka

Coder
Meme Tier VIP
Jul 6, 2015
285
1,213
3
C++:
void NewCALLER(char* A, char* B)
{
DWORD Module = (DWORD)GetModuleHandleA("funkyVictim.exe");
DWORD ECX1 = Module + 0x2058;
DWORD PUSH1 = Module + 0x1290;
DWORD CALLER1 = Module + 0x1050;
DWORD CALLER2 = Module + 0x2034;
__asm
{
mov ecx, [ECX1]
mov edx, [A]
push PUSH1
call [CALLER1]
mov ecx,eax
call [CALLER2]
mov ecx,[ECX1]
mov edx,[B]
push PUSH1
call [CALLER1]
mov ecx,eax
call [CALLER2]
}
}
 

RexDaGod

Newbie
Jul 30, 2017
4
32
0
Welcome and yes, make sure your project for funkyVictim is set to DEBUG mode. Release mode will optimize those functions right the fuck away.


It's in debug mode but still can't find function.
 
Last edited:

SunBeam

Full Member
Nobleman
Jun 7, 2018
63
1,273
2
@Traxin: Your attached build doesn't have any exports or a pdb for that matter. That's why everyone is complaining they can't find this and that according to your video:



Although for some it's strange not to see anything exported (or a pdb). Maybe it's an issue with what @Rake is explaining above...

Several things I noticed when attempting to (re)compile the source:
  • make sure to recompile the default Debug build in x86 (not x64)

  • once done and opening it in x32dbg you will find your Exports as in the video (click on funkyvictim.exe once, click on some other dll, then again on it for refresh)


BR,
Sun
 
Last edited:
  • Like
Reactions: Rake and Traxin
May 23, 2018
2
34
0
He updated the attachment, check it out let us know how it goes and checkout sunbeam's post as well :)
I made sure I was debugging in x86 and not x64 and I switched the toolset to Visual Studio 2015 v140, though for some reason I still cant seem to find the functions :/
 

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,074
78,998
2,371
VIDEO REUPPED
 
Last edited:
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods