Solved Jumping to address trouble...

[GAMELASTERdotNET]

Hi, im trying to Reverse a bus simulator "OMSI". He written in Delphi.. I have a address of Mouse Event click of "Start" button..But when i trying with DLL jump to address, its good, but the CALL's address has been calculated from EPX etc... I tryed this code:

_asm {
MOV EBP, 0x0050F634 
JMP EBP
}

Here is screen:

Spoiler: IMAGE

 

[till0sch]

Why not getting the position of the button on the screen and simulating a mouse click through the mouse_event API? No calls to functions you don't know then

 

[till0sch]

Hi, im trying to Reverse a bus simulator "OMSI". He written in Delphi.. I have a address of Mouse Event click of "Start" button..But when i trying with DLL jump to address, its good, but the CALL's address has been calculated from EPX etc... I tryed this code:

_asm {
MOV EBP, 0x0050F634 
JMP EBP
}

Here is screen:

Spoiler: IMAGE

View attachment 2320

Take a look with IDA after using the pseudocode thing and see the arguments the function takes

 

[GAMELASTERdotNET]

Sorry, but i dont understand what i look.. Im newbie in this...
EDIT: The Function probably dont have arguments, just only the MouseEvent arguments... The loading map is getting from Combobox in form.. And what is IDA?

 

[c5]

The Function probably dont have arguments, just only the MouseEvent arguments

There is the problem

 

[GAMELASTERdotNET]

EAX,etc.. Are arguments probably, yes? If yes, how push the arguments to JUMP?

 

[c5]

EAX,etc.. Are arguments probably, yes? If yes, how push the arguments to JUMP?

You want to push the arguments and call not jump, or I am completely not following what are you trying to do

 

[GAMELASTERdotNET]

You want to push the arguments and call not jump, or I am completely not following what are you trying to do

Im trying to simulate click a Start button .. With DeDe i get the address of Button Event Click: 0050F634 .. But JMP with jump hes in CALL writing a error..

EDIT: Is anything to help my with TeamViewer & Skype? If yes, pls send me PM

 

[GAMELASTERdotNET]

Why not getting the position of the button on the screen and simulating a mouse click through the mouse_event API? No calls to functions you don't know then

Can you send my a tutorial how to do it? thanx..

EDIT:

Its possible to skip a Address? But, i know the address of the Show menu, but how to skip it?

 

[Nether]

to change the opcode of your address to JMP you need to write one byte (0xEB) to the address.

 

[till0sch]

For hooks you still use 0xE9 jumps and you could try making the first opcode of the event handler return (ret X), that way the function will return immediatley. Just see how the function would return normally (ret / ret 4 / ret 8 .. ) and place that instruction in the beginning.....

Let cheat engine do this and copy the modified bytes, just placing an 0xEB will just make it crash..

 

[GAMELASTERdotNET]

He writes "Access violation in executing [EB50F634]".. :/

EDIT: :/ for me is hard to understand, can send a video, tutorial or anything, to help me how to doit? :/

 

[Nether]

He writes "Access violation in executing [EB50F634]".. :/

EDIT: :/ for me is hard to understand, can send a video, tutorial or anything, to help me how to doit? :/

I think this would be of great help to you as it covers what your trying to do.

https://guidedhacking.com/showthrea...ooking-Codecaving-Tutorial-DIFFICULTY-6-10-10

 

[c5]

He writes "Access violation in executing [EB50F634]".. :/

JMP takes a relative address not absoloute you are not jumping where you want to actually go.

 

[Szaka]

do you know what do asm jmp do? Do you know how functions are called? How params are passed? You need to know basics which you obviously dont know

 

[GAMELASTERdotNET]

hmm... But i see the full tutorial of codecaving, but is possible to apply signature jump method to event? [P.S. Im not absolutly newbie, i know PHP, C# etc....]...