using ASM

[open|Fire]

Code:

#include <windows.h>
#include "detours.h"
#pragma comment(lib, "detours.lib")

// use a naked function so that there is no prolog or epilog and you can right pure asm
DWORD back = 0x5BF94FD4;
__declspec (naked) void Hack()
{
            __asm
              {
                inc [esi]
                pop edi
                mov eax,esi
                jmp back
              }
} 

void thread()
{
    DetourFunction((BYTE*)(0x5BF94FCF), (BYTE*)Hack);  //This is to basically detour the function that makes your smg count go down.
}

BOOL WINAPI DllMain( HINSTANCE hinstDLL, DWORD dwReason, LPVOID lpReserved )
{
	if( dwReason == DLL_PROCESS_ATTACH )
	{
		CreateThread( NULL, NULL, (LPTHREAD_START_ROUTINE)thread, NULL, NULL, NULL);
	}
	return TRUE;
}

try that.

[258456]

Kibbles didn't I already tell you that you had to return? I told u to try it without return because I wanted u to see why we return to the game function. Well, at least we learned something new today, lol.

[kibbles18]

still not working. btw its a dynamic address. the real address of the instruction of mov [esi],edi is

Code:

	DWORD server_dll = (DWORD)(GetModuleHandle("server.dll"));
	DWORD address = server_dll + 0x2AF1F;

and what does pop edi do? why would i want to use that?

[kibbles18]

heres my updated code, still not working. added some comments to help u understand

Code:

#include <windows.h>
#include "detours.h"
#pragma comment(lib, "detours.lib")

DWORD address;
DWORD back;

// use a naked function so that there is no prolog or epilog and you can right pure asm

__declspec (naked) void main()
{
	__asm
	{
		nop
		mov eax,edi //im replacing the bytes lost because of the detour
		pop edi
		jmp back //return to the address after the detour jump
	}
}

void thread()
{
	DWORD server_dll = (DWORD)(GetModuleHandle("server.dll"));
	address = server_dll + 0x2AF1F;
	back = address + 5; //5 because the detour takes up 5 bytes
    DetourFunction((BYTE*)address, (BYTE*)main);  //This is to basically detour the function that makes your smg count go down.
}

BOOL WINAPI DllMain( HINSTANCE hDLL, DWORD dwReason, LPVOID lpReserved )
{
	if( dwReason == DLL_PROCESS_ATTACH )
	{
		CreateThread( NULL, NULL, (LPTHREAD_START_ROUTINE)thread, NULL, NULL, NULL);
	}
	return TRUE;
}

[open|Fire]

heres my updated code, still not working. added some comments to help u understand

Code:

#include <windows.h>
#include "detours.h"
#pragma comment(lib, "detours.lib")
DWORD back;

// use a naked function so that there is no prolog or epilog and you can right pure asm

__declspec (naked) void main()
{
	__asm
	{
		mov eax,edi //im replacing the bytes lost because of the detour
		pop edi      
		jmp back //return to the address after the detour jump
	}
}


BOOL WINAPI DllMain( HINSTANCE hDLL, DWORD dwReason, LPVOID lpReserved )
{
	if( dwReason == DLL_PROCESS_ATTACH )
	{
		DWORD server_dll = (DWORD)(GetModuleHandle("server.dll"));
	        server_dll += 0x2AF1F;
	        back = server_dll + 5; //5 because the detour takes up 5 bytes
                DetourFunction((BYTE*)server_dll, (BYTE*)main);  //This is to basically
	}
	return TRUE;
}

if you want nop these bytes mov [esi],edi just do this.

Code:

DWORD server_dll = (DWORD)(GetModuleHandle("server.dll"));
server_dll += 0x2AF1F;
memcpy((void*)server_dll, "\x90\x90");

[kibbles18]

@Void
@Hell_Demon

well i got it working!
here are the steps i took if anyone needs this:
i found the address of the instruction i wanted to edit
i detoured it with detours
i found that the jump takes up 5 bytes of memory, and since the address i put the jump (detour) in was only 2 bytes, i placed the other 3 bytes that were absorbed by the jump(detour) in my detoured function.
i then knew that i would need to go return to the place in memory i left off at after the jump(detour), and i knew the jump was 5 bytes, so i added 5 to the address that i found the instruction i wanted to detour at and added the jmp to that after i was done with the detour.
have fun and learn from my mistakes!