Page 1 of 2 12 LastLast
Results 1 to 15 of 30
  1. #1
    gruez's Avatar
    Join Date
    May 2010
    Gender
    male
    Posts
    34
    Reputation
    10
    Thanks
    1

    Sendcommandtoconsole crashes the game

    i've made a dll to inject into black ops. heres what i got:
    Code:
    #include <windows.h>
    
    void SendCommandToConsole(char * dCmd)
    {
    	DWORD dwCall = 0x0044de80;//address for sendcommandtoconsole function
    	__asm
    	{
    		PUSH	 dCmd;
    		PUSH	 0;
    		PUSH	 0;
    		CALL	 dwCall;
    		ADD ESP, 0x0C;
    	}
    }
    
    DWORD WINAPI LoopFunction(LPVOID lpvoid) {
    	while (true) {
    		if (GetAsyncKeyState(VK_F5) & 1) {
    			SendCommandToConsole("test command?");
    		}
    	}
    	Sleep(100);
    
    	return 0;
    }
    
    BOOL WINAPI DllMain(HMODULE hmodule, DWORD reason, LPVOID lpvoid) {
    	if (reason == DLL_PROCESS_ATTACH) {
    		DisableThreadLibraryCalls(hmodule);
    		CreateThread(0, 0, LoopFunction, 0, 0, 0);
    	}
    	return TRUE;
    }
    as you can see, im trying to get the dll to send an arbitrary command to the console, when i press f5. However, after injecting the dll, pressing f5 will crash the game. any ideas on how to fix this?

    im not sure if this matters, but im using patch 1, SKIDROW version.

    edit:
    the offset is wrong, updated the offset using the signatures provided by another forum member. but its still broken

    edit2:
    i tried another way of sending command to console:
    Code:
    void (*CG_SendConsoleCommand)(int a1,int a2,char *cvar) = (void (__cdecl *)(int,int,char *))0x5F01A0;//current offset
    and i called the function like this:
    Code:
    CG_SendConsoleCommand(0,0,"test command");
    still crashes
    Last edited by gruez; 11-17-2010 at 03:30 PM.

  2. #2
    shaunm2's Avatar
    Join Date
    Nov 2010
    Gender
    male
    Posts
    7
    Reputation
    10
    Thanks
    4
    My Mood
    Amazed
    nice to know u fixed it but this is how i and many ppl do it:

    Code:
    void (*CG_SendConsoleCommand)(int a1,int a2,char *cvar) = (void (__cdecl *)(int,int,char *))0x5F01A0;//current offset
    hf

  3. #3
    gruez's Avatar
    Join Date
    May 2010
    Gender
    male
    Posts
    34
    Reputation
    10
    Thanks
    1
    it hasn't been fixed, i just found out the offset was wrong. but after updating the offset, it's still broken

  4. #4
    shaunm2's Avatar
    Join Date
    Nov 2010
    Gender
    male
    Posts
    7
    Reputation
    10
    Thanks
    4
    My Mood
    Amazed
    CG_SendConsoleCommand(1,1,"cg_drawFPS 1"); just an example

    edit1:

    u can find SendConsoleCommand by searching for the "quit" string:


    004EF9F6 |. 68 70FAA500 PUSH BlackOps.00A5FA70 ; ASCII "quit"
    004EF9FB |. 56 PUSH ESI
    004EF9FC |. E8 4F68FEFF CALL BlackOps.004D6250
    004EFA01 |. 83C4 04 ADD ESP,4
    004EFA04 |. 50 PUSH EAX
    004EFA05 |. 56 PUSH ESI
    004EFA06 |. E8 95071000 CALL BlackOps.005F01A0 <- SendConsoleCommand here
    004EFA0B |. 83C4 0C ADD ESP,0C

    u can either use the way i posted or just fix the function u posted hope this helps
    Last edited by shaunm2; 11-17-2010 at 04:34 AM.

  5. #5
    cardoow's Avatar
    Join Date
    Jan 2008
    Gender
    male
    Posts
    214
    Reputation
    28
    Thanks
    747
    My Mood
    Amazed
    Code:
    typedef void (*SendConsoleCommand_)(int a1, char *command);
    SendConsoleCommand_ SendConsoleCommand = (SendConsoleCommand_)0x44DE80;
    your offset wasnt wrong it was just the offset of another function

  6. The Following User Says Thank You to cardoow For This Useful Post:

    [MPGH]Hell_Demon (11-17-2010)

  7. #6
    gruez's Avatar
    Join Date
    May 2010
    Gender
    male
    Posts
    34
    Reputation
    10
    Thanks
    1
    i tried both of the offsets you provided me, still doesnt work. maybe someone can get it to work? here is my entire solution folder:
    Last edited by gruez; 11-17-2010 at 03:54 PM.

  8. #7
    bomb21's Avatar
    Join Date
    Jul 2009
    Gender
    male
    Location
    Unknown
    Posts
    57
    Reputation
    10
    Thanks
    22
    you need to call this is a game engine function (EndFrame/RenderScene) if it works the same way in cod4/mw2

  9. The Following User Says Thank You to bomb21 For This Useful Post:

    gruez (11-20-2010)

  10. #8
    gruez's Avatar
    Join Date
    May 2010
    Gender
    male
    Posts
    34
    Reputation
    10
    Thanks
    1
    so any idea on how to do that? im pretty experienced as a programmer, but i completely new to reverse engineering/hacking.

  11. #9
    Hell_Demon's Avatar
    Join Date
    Mar 2008
    Gender
    male
    Location
    I love causing havoc
    Posts
    3,660
    Reputation
    236
    Thanks
    4,132
    My Mood
    Cheeky
    Quote Originally Posted by gruez View Post
    so any idea on how to do that? im pretty experienced as a programmer, but i completely new to reverse engineering/hacking.
    find clientframe and use MS Detours to hook it. It'll be detected by VAC though
    Ah we-a blaze the fyah, make it bun dem!

  12. #10
    Skyline.'s Avatar
    Join Date
    Dec 2009
    Gender
    male
    Posts
    10,160
    Reputation
    403
    Thanks
    1,613
    Quote Originally Posted by gruez View Post
    i tried both of the offsets you provided me, still doesnt work. maybe someone can get it to work? here is my entire solution folder:
    do you have a virus scan of those?..


  13. #11
    cardoow's Avatar
    Join Date
    Jan 2008
    Gender
    male
    Posts
    214
    Reputation
    28
    Thanks
    747
    My Mood
    Amazed
    Quote Originally Posted by bomb21 View Post
    you need to call this is a game engine function (EndFrame/RenderScene) if it works the same way in cod4/mw2
    not true, you can also call this on hooked api's or other engine functions

    Quote Originally Posted by gruez View Post
    i tried both of the offsets you provided me, still doesnt work. maybe someone can get it to work? here is my entire solution folder:
    you still fucked it up in that base dude!

    Code:
    void (*CG_SendConsoleCommand)(int a1,int a2,char *cvar) = (void (__cdecl *)(int,int,char *))0x0044de80;//current offset
    
    void SendCommandToConsole(char * dCmd)
    {
    	DWORD dwCall = 0x0044de80;//address for sendcommandtoconsole function
    	__asm
    	{
    		PUSH	 dCmd;
    		PUSH	 0;
    		CALL	 dwCall;
    		ADD ESP, 0x0C;
    	}
    }
    check what i posted, its not the same function!!
    and your asm is wrong, your stack cleaning isnt the right size
    also i think you need to push 1 instead of 0
    Last edited by cardoow; 11-18-2010 at 08:17 AM.

  14. #12
    gruez's Avatar
    Join Date
    May 2010
    Gender
    male
    Posts
    34
    Reputation
    10
    Thanks
    1
    Quote Originally Posted by cardoow View Post
    not true, you can also call this on hooked api's or other engine functions
    so how do i hook the engine function?

  15. #13
    Hell_Demon's Avatar
    Join Date
    Mar 2008
    Gender
    male
    Location
    I love causing havoc
    Posts
    3,660
    Reputation
    236
    Thanks
    4,132
    My Mood
    Cheeky
    Quote Originally Posted by gruez View Post
    so how do i hook the engine function?
    Stop trying...
    Ah we-a blaze the fyah, make it bun dem!

  16. #14
    gruez's Avatar
    Join Date
    May 2010
    Gender
    male
    Posts
    34
    Reputation
    10
    Thanks
    1
    Quote Originally Posted by Hell_Demon View Post
    Stop trying...
    i dont understand how im supposed to hook the function. im assuming you put a jmp to my dll at the beginning of a engine function?

    i found this on another site, but im still puzzled how to "hook" it
    Code:
    void _cdecl cEngine_t::RegisterTags( )
    {
    
    //Register your tags hire    
    
        #ifdef COD5BOT_DEBUG
        LOG.Log ( "[DEBUG_LOG]  cEngine_t::RegisterTags( )","Hooked");
        #endif
    
        ENGINE.orig_RegisterTags( );
    }    
    void _cdecl cEngine_t::ClientFrame(  )
    {    
    
    //Draw your rendering Functions
        
        #ifdef COD5BOT_DEBUG
        LOG.Log ( "[DEBUG_LOG] cEngine_t::ClientFrame( )","Hooked");
        #endif
    
    
        ENGINE.orig_ClientFrame( );
    }
    
    
    void _cdecl cEngine_t::ShoutDown( )
    {
        void *    clDo            = NULL;
        __asm mov clDo, eax
    
    //Do detourRemoves hire or save your lates configs
        
        #ifdef COD5BOT_DEBUG
        LOG.Log ( "[DEBUG_LOG]  cEngine_t::ShoutDown( )","Hooked");
        #endif
    
        __asm mov eax, clDo 
        ENGINE.orig_ShoutDown( );
    }    
    void _cdecl cEngine_t::CG_Init( int serverMessageNum, int serverCommandSequence, int clientNum, int unk )
    {
        //Register your shaders hire
        #ifdef COD5BOT_DEBUG
        LOG.Log ( "[DEBUG_LOG]  cEngine_t::CG_Init( int serverMessageNum, int serverCommandSequence, int clientNum, int unk)","Hooked");
        #endif
    
        ENGINE.orig_CG_Init( serverMessageNum, serverCommandSequence, clientNum, unk  );
    }    
    void _cdecl cEngine_t::CL_Init(  )
    {
        
    //Register your fonts hire
    
    #ifdef COD5BOT_DEBUG
        LOG.Log ( "[DEBUG_LOG]  cEngine_t::CL_Init(  ), "Hooked";
        #endif
    
        ENGINE.orig_CL_Init(  );
    }    
    void _cdecl cEngine_t::CG_FireWeaponRecoil( int a1, int a2, signed int a3, __int16 a4, unsigned int a5, int a6 )
    {    
        
    //do a sound or what ever
    #ifdef COD5BOT_DEBUG
        LOG.Log ( "[DEBUG_LOG] cEngine_t::CG_FireWeaponRecoil( int a1, int a2, signed int a3, __int16 a4, unsigned int a5, int a6 )","Hooked");
        #endif
    }
    
    DWORD WINAPI cEngine_t::HooK( LPVOID )
    {    
        aERROR.EnableHandler( );
    
        if( ENGINE.isOn == 1 )
        {
            DetourFunction( ( PBYTE )0x592140, ( PBYTE )&ENGINE.CL_Init );
            __asm MOV [ ENGINE.orig_CL_Init ], EAX;
            
            DetourFunction( ( PBYTE )0x457A30, ( PBYTE )&ENGINE.CG_Init );
            __asm MOV [ ENGINE.orig_CG_Init ], EAX;
    
            DetourFunction( ( PBYTE )0x548D30, ( PBYTE )&ENGINE.RegisterTags );
            __asm MOV [ ENGINE.orig_RegisterTags ], EAX;
    
            DetourFunction( ( PBYTE )0x43A550, ( PBYTE )&ENGINE.ClientFrame );
            __asm MOV [ ENGINE.orig_ClientFrame ], EAX;
        
            DetourFunction( ( PBYTE )0x4807A0, ( PBYTE )&ENGINE.CG_FireWeaponRecoil );
    
            DetourFunction( ( PBYTE )0x44B390, ( PBYTE )&Obituary.CG_Obituary );
            __asm MOV [ Obituary.orig_CG_Obituary ], EAX;
            
            DetourFunction( ( PBYTE )0x49D150, ( PBYTE )&ENGINE.ShoutDown );
            __asm MOV [ ENGINE.orig_ShoutDown ], EAX;
    
            LOG.Log ( "HooK","is: Enable" );
        }
        else
        {   
            LOG.Log ( "HooK","is: Disable" );
        }
    
    
        return 0;
    }
    Last edited by gruez; 11-18-2010 at 04:28 PM.

  17. #15
    cardoow's Avatar
    Join Date
    Jan 2008
    Gender
    male
    Posts
    214
    Reputation
    28
    Thanks
    747
    My Mood
    Amazed
    jep that is how you do it, with detours

Page 1 of 2 12 LastLast

Similar Threads

  1. [Help] Sprites are crashing the game
    By joered in forum CrossFire Hack Coding / Programming / Source Code
    Replies: 7
    Last Post: 08-16-2011, 08:10 PM
  2. [Solved] Hacks Crash the game
    By F1r3h4VVk in forum Combat Arms Help
    Replies: 17
    Last Post: 07-28-2011, 01:50 PM
  3. [Help] My code keeps crashing the game
    By johnnydicamillo in forum WarRock Hack Source Code
    Replies: 5
    Last Post: 12-17-2010, 10:53 PM
  4. Crossfire Pub Hack Crashes the game.
    By Kalo2502 in forum CrossFire Hacks & Cheats
    Replies: 3
    Last Post: 08-29-2009, 12:58 PM
  5. pic of the game crashing!
    By Spitfire133 in forum Combat Arms Hacks & Cheats
    Replies: 28
    Last Post: 10-29-2008, 08:17 PM