#Lesson 4 - Creating functions

**AeroMan** · 09-02-2014

As i explained before, GameHacking is simply modifying memory.
Now how do we modify the memory?
We first start with an unpacked version (what is unpacking? https://www.mpgh.net/forum/showthread.php?t=858325).
This unpacked file is opened in a debugger, i will open this in IDA Freeware 5.0 (because it's free for ever

).
The unpacked file will be posted below and can be downloaded after approval.

The beginning screen

We have just opened our unpacked WarRock file and we are now going to make a useable function out of it.
We are going to try to use the ingame message that shows when trying to buy premium weapons or winning an event.
WarRock provided us with plenty of stuff that we can start with.
For example: You got a XM8 (15 days) for the [Back to Bootcamp] event!
This opens up in a messagebox!

We want THIS messagebox, but with our text.
If we take a look in the unpacked version in IDA we can clearly see unencrypted text that's used in a MessageBox.

Now we go to that function

Only pay attention to the stuff inside the red boxes
You need to know a bit of assembly to understand this part.
We have all the stuff we need right here.
now what is what?

Code:

___:004E2D8B                 push    offset aTheServerIsFul ; "\nThe server is full right now. \n\nPlease"...

This code pushes our text, so we enter our text here, this will show our text in the messagebox

Code:

___:004E2D90                 call    sub_41AEC7

We call our function that displays the messagebox (adr: 0x41AEC7).

Code:

___:004E2D98                 pop     ecx

We pop the ecx register.

CALL SUB_41AEC7
This function is very important, it's the function we use to display our MessageBox!

As you can see it has some stuff in it, now how could this be a function?
We use the codes above to use this function.

As you see i have used the push, call and pop.
So now our function should work, let's try it!

WarRock Dumped 30-08-2014
Virustotal: https://www.virustotal.com/nl/file/1...is/1409670147/
Virscan: https://virusscan.jotti.org/nl/scanre...a44c19c0137962

I hope this makes any sence, if there are any questions feel free to ask them!
I'm not a pro at expressing myself..

**znoen** · 09-02-2014

Nice tutorial!

**Jhem** · 09-02-2014

What if you are trying to disable that message?

**AeroMan** · 09-02-2014

Originally Posted by Jhem

What if you are trying to disable that message?

You should nop the JNZ instruction, because just disabling the message wont work, it will but it's not optimal.
This will prevent the messagebox from showing.

**Jhem** · 09-02-2014

Originally Posted by Alex_Agnew

You should nop the JNZ instruction, because just disabling the message wont work, it will but it's not optimal.
This will prevent the messagebox from showing.

I don't know why but after I did that warrock crash emi, well nevermind.