Sendcommandtoconsole crashes the game

**gruez** · 11-19-2010

lemee get this straight:
1. i make a jmp to my dll somewhere in a engine function
2. i do whatever i need to do in my dll
3. i return to the original function

is that the correct way to do it?

**cardoow** · 11-19-2010

Code:

typedef void ( * Function_ )();
pFunction_		pFunction;

void __declspec(naked) nFunction()
{
	__asm pushad

	do shit here

	__asm popad
	__asm jmp[pFunction]
}

Code:

pFunction = (Function_)DetourFunction( (PBYTE)0x123456,(PBYTE)nFunction);

**gruez** · 11-19-2010

what file(s) do i have to #include for the above code to work? i tried #include <detours.h> and <detoured.h> but pFunction isnt showing up as a proper identifier. also, i read about detourfunctionwithtrampoline and detourfunction. where can i find the header files for those functions?

**deoxyribonucleicacid** · 11-19-2010

MS Detours - Google it - Download it

**gruez** · 11-20-2010

Originally Posted by cardoow

Code:

typedef void ( * Function_ )();
pFunction_		pFunction;

void __declspec(naked) nFunction()
{
	__asm pushad

	do shit here

	__asm popad
	__asm jmp[pFunction]
}

Code:

pFunction = (Function_)DetourFunction( (PBYTE)0x123456,(PBYTE)nFunction);

do i use that with detours 1.5 or 2.1?

and where do i put the hook? the beginning of a engine function, or the end?

**cardoow** · 11-20-2010

Originally Posted by gruez

do i use that with detours 1.5 or 2.1?

and where do i put the hook? the beginning of a engine function, or the end?

i use 1.5, you can set them anywheren in the function you like but be
carefull that you dont fuckup the asm, then u will crash... i will recommend
setting it at the top of a engine function

**gruez** · 11-20-2010

oh silly me, the function type is __cdecl, not __stdcall

old post:
ok, using the signatures i found on this forum, i determined the offset of the engine function R_RenderScene is 0x006DF9D0. IDA tells me it accepts 2 args. (int, int)

so heres the code i have:

Code:

#include <windows.h>
#include <detours.h>

#define ADDRESS 0x006DF9D0
//0x006DF9D0
//int __stdcall R_RenderScene(int x)

//Original function
int (__stdcall *R_RenderScene_o)(int x, int y);

//My function
int __stdcall R_RenderScene(int x,int y)
{
	MessageBox(NULL, L"hooked", L"hooked", MB_OK);
	return R_RenderScene_o(x,y);
}


int WINAPI DllMain(HINSTANCE hInstance, DWORD dwReason, LPVOID lpReserved)
{
    switch(dwReason)
    {
    case DLL_PROCESS_ATTACH:
        R_RenderScene_o = (int (__stdcall *)(int,int))DetourFunction((PBYTE)ADDRESS,(PBYTE)R_RenderScene);
        break;
    case DLL_PROCESS_DETACH:
        DetourRemove((PBYTE)ADDRESS, (PBYTE)R_RenderScene);
        break;
    }
    return true;
}

after loading a map, a messagebox shows with the text "hooked", showing the hook is working. but after i click ok, i get this:

Code:

Debug Error!

Program: ...gram Files\Activision\Call of Duty - Black Ops\patchOpsMP.exe
Module: ...documents\visual studio 2010\projects\detour\debug\detour.dll
File: 

Run-Time Check Failure #0 - The value of ESP was not properly saved across a function call.  This is usually a result of calling a function declared with one calling convention with a function pointer declared with a different calling convention.

i tried the code without the messagebox, same problem

**tang77** · 11-20-2010

@gruez : x86 calling conventions - Wikipedia, the free encyclopedia ...

**Themonsterman** · 11-20-2010

if your using skidrow version there for no vac ?
use WPM would be alot easyier ?

i post full code in the mw2 code section of a old hack the source there could help you do what your doing.

i never gave much credit to cardoow with my hack but i came out to find what i did wanst much to do with supernova as much as cardoow so for a long due thanks, Thanks cardoow for the finds in mw2

**gruez** · 11-20-2010

thanks, all of you, for helping me with this. i finally got it working.

btw, whats WPM?

**WhiteLionATX** · 11-20-2010

I am searching a way to send and execute commands by calling function too. I am a bad C++ coder so I hope someone can post source in here. I still dont know what function is now the right one to call after putting the commands to stack !?
is it:
004EFA06 |. E8 95071000 CALL BlackOps.005F01A0
or
0044de80
???
I set BP on both and hoped it breakes when executing a command by typing in manual in consol. but it didnt!
thx for help guys!

**gruez** · 11-20-2010

you need to hook an engine function, and call sendcommandtoconsole from there. the entire thread probably has enough info to get you started.

**Themonsterman** · 11-21-2010

wpm is write process memory which is easyier to do ( my personal view ) than asm_
and working template is posted in mw2.

but its bannable as VAC Scans for changes in memory but if your playing without vac then no worries.

if you can do asm then do that

**WhiteLionATX** · 12-05-2010

can you give an example how to use with process memory ? I still dont know which offset I should fill (where put the string (offset)/which offset needs to be filled to set send trigger ?)! can you/someone help ?

**Blubb1337** · 12-05-2010

/closed due to bump

Stop hijacking threads.

Thread: Sendcommandtoconsole crashes the game

Thread Tools

Display

The Following User Says Thank You to cardoow For This Useful Post:

The Following User Says Thank You to cardoow For This Useful Post:

The Following 2 Users Say Thank You to Themonsterman For This Useful Post:

Similar Threads

[Help] Sprites are crashing the game

[Solved] Hacks Crash the game

[Help] My code keeps crashing the game

Crossfire Pub Hack Crashes the game.

pic of the game crashing!