API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 28th, 2017
75
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
ASM (NASM) 2.26 KB | None | 0 0
raw download clone embed print report
  1. {PatchCall, GetDllOffset("D2Client.dll", 0xC39E6), (DWORD)myGameDraw_STUB, 5}   ;Thought jmp might be the issue,  gary suggested giving call a try instead
  2. 6FB739E0  /$ 51             PUSH ECX
  3. 6FB739E1  |. A1 C8ADBA6F    MOV EAX,DWORD PTR DS:[6FBAADC8]
  4. 6FB739E6  |. E8 2DD74EF9    CALL DrawStub.69061118       ; call to a jmp, that leads to myGameDraw_STUB
  5. 6FB739EB  |. 0F85 C4030000  JNZ D2Client.6FB73DB5
  6.  
  7. 5D381118   E9 930A0000      JMP DrawStub.myGameDraw_STUB
  8.  
  9.  
  10.  
  11. VOID __declspec(naked) myGameDraw_STUB()  
  12. {
  13.     __asm
  14.     {
  15.         pushad  
  16.         call GameDraw
  17.         popad
  18.         push ebx;
  19.         xor ebx, ebx;
  20.         cmp eax, ebx;
  21.         push 0x6FB739EB;
  22.         ret;
  23.     }
  24. }
  25. 69061BB0 > 60               PUSHAD
  26. 69061BB1   E8 30F5FFFF      CALL DrawStub.690610E6  ;call GameDraw
  27.  
  28.  
  29.  
  30.  
  31. VOID GameDraw(VOID)
  32. {  
  33.     //To see if stub works
  34.     UnitAny *pUnit = D2CLIENT_GetPlayerUnit ();
  35.     TextHook(270,588,1,"Gold: %d", ((D2COMMON_GetUnitStat(pUnit, 15, 0))) + (D2COMMON_GetUnitStat(pUnit, 14, 0)));
  36. }
  37. 6EDD1BC0 > 55               PUSH EBP       
  38. 6EDD1BC1   8BEC             MOV EBP,ESP     ; Copy's the Stack pointer into EBP
  39. 6EDD1BC3   81EC CC000000    SUB ESP,0CC     ;Subtract OCC from ESP
  40. 6EDD1BC9   53               PUSH EBX        ;0
  41. 6EDD1BCA   56               PUSH ESI        ;0
  42. 6EDD1BCB   57               PUSH EDI
  43. 6EDD1BCC   8DBD 34FFFFFF    LEA EDI,DWORD PTR SS:[EBP-CC]   ;Store the stack pointer EBP - CC in EDI
  44. 6EDD1BD2   B9 33000000      MOV ECX,33              ;Move 33 into ECX
  45. 6EDD1BD7   B8 CCCCCCCC      MOV EAX,CCCCCCCC                ;Some sort of padding or allocation for string reading?.
  46. 6EDD1BDC   F3:AB            REP STOS DWORD PTR ES:[EDI]     ;EIP is set to 0 here, Crash.   This  -1 from EAX putting +1 into EDI in a loop like a string function
  47.  
  48. ;This line looks like it's reading a char* array[size] for the strings being used, like hp/hp,  mana/mana and so on.
  49. 6EDD1BDC   F3:AB            REP STOS DWORD PTR ES:[EDI]   ;Fill 48(dec) DWORD's of CCCCCCCC into stack area;   (even in release version)
  50.  
  51. ;I have no idea why EIP is getting set to zero,  causing the crash,  because this is exactly the same injection process as the previous working stub with the only ;difference being the offset of where it's patched (and the stub's instructions in accordance).  The Block above is also exactly the same when using the old working ;STUB.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!