[teh ORiON]

Hi,

Is it possible to remove a function call inside an other function?

Basically like this, where the purpose is to stop Function B() from being called,
rest of the function will execute as normal:

PHP Code:

Function A()
{
   ...
   Function B()
   ...
} 


The function is impractical to recreate, so was wondering if it would be possible to do something like this.

[Arkshine]

Just NOP the related bytes.

[teh ORiON]

How would I go about doing it in more detail, have a signature for the function and then displace down to the bytes where the function is called or?

[klippy]

So, you only have .amxx file, and you can't edit the plugin?
If so, you have to decompress .amxx file, change the corresponding bytes (parameter pushes, function call) to NOP instruction, and compress it back.
I've written decompresser, but I couldn't manage to write a program to compress it back. Maybe I will give it another try in a few days.

EDIT:
I feel dumb here... Are you trying to "hack" a plugin or a module/game DLL?
Because all that I written before is to not a run-time hack, and only works for plugins.

[teh ORiON]

Quote:

Originally Posted by KliPPy So, you only have .amxx file, and you can't edit the plugin? If so, you have to decompress .amxx file, change the corresponding bytes (parameter pushes, function call) to NOP instruction, and compress it back. I've written decompresser, but I couldn't manage to write a program to compress it back. Maybe I will give it another try in a few days. EDIT: I feel dumb here... Are you trying to "hack" a plugin or a module/game DLL? Because all that I written before is to not a run-time hack, and only works for plugins.

Yeah, it's basically hacking the .dll, changing part of a function when it has been loaded into memory. I could patch the .dll directly but I dont have any experience in doing so, would also have to be the .so, since server is linux.

[Arkshine]

You answer yourself already. You can either use a signature which points to the related bytes start or getting a function address and adding n bytes to points where you want.

Once you get your address, just a matter to NOP all related bytes with 0x90.

I don't know the context and don't know much about assembly, so for a simple call in linux you will have E8 X X X X where X X X X is the function address. So you need to NOP these 5 bytes. There are probably tips to not necessary replace all to 90's but don't know. You may have to care about function with arguments, you will have some bytes before and you could corrupt the stack easily depending what you do/how is called the function.

[klippy]

Well, it is probably easier to modify a .so than a .dll.
But run-time patching with Orpheu is probably easier than doing so.
Do you have a source code of that module? If you do, I can try to recompile it, omitting that function call.

[z0mbiland]

Something like this i want to do, To crack the dll engine and change the value of ENTITY LIMIT TO UNLIMITED ENTITIES!!! Reverse engineering, assembly language, this need a cracker to be done!!!

[klippy]

Quote:

Originally Posted by z0mbiland Something like this i want to do, To crack the dll engine and change the value of ENTITY LIMIT TO UNLIMITED ENTITIES!!! Reverse engineering, assembly language, this need a cracker to be done!!!

It is useless, all those limitations are also enforced on the client.

[teh ORiON]

Yeah but now that I think about it, would probably be better to patch the library for what I need it for.
I'll give a bit of context now, so you know what it's about.

I want to change is PM_PlayerMove in tfc.so (Team fortress classic library).

PM_PlayerMove

PHP Code:

void PM_PlayerMove ( qboolean server )
{
    physent_t *pLadder = NULL;

    // Are we running server code?
    pmove->server = server;                

    // Adjust speeds etc.
    PM_CheckParamters();

    // Assume we don't touch anything
    pmove->numtouch = 0;                    

    // # of msec to apply movement
    pmove->frametime = pmove->cmd.msec * 0.001;    

    PM_ReduceTimers();

    // Convert view angles to vectors
    AngleVectors (pmove->angles, pmove->forward, pmove->right, pmove->up);

    // PM_ShowClipBox();

#ifdef CLIENT_DLL
    if ( pmove->runfuncs )
    {
        iIsSpectator = false;
        iHasNewViewAngles = false;
        iHasNewViewOrigin = false;
    }
#endif

    if ( pmove->iuser1 == 4 )
         return; 

    // Special handling for spectator and observers. (iuser1 is set if the player's in observer mode)
    if ( pmove->spectator || pmove->iuser1 > 0 )
    {
        PM_SpectatorMove();
        PM_CatagorizePosition();
        return;
    }

    // Always try and unstick us unless we are in NOCLIP mode
    if ( pmove->movetype != MOVETYPE_NOCLIP && pmove->movetype != MOVETYPE_NONE )
    {
        if ( PM_CheckStuck() )
        {
            return;  // Can't move, we're stuck
        }
    }

    // Now that we are "unstuck", see where we are ( waterlevel and type, pmove->onground ).
    PM_CatagorizePosition();

    // Store off the starting water level
    pmove->oldwaterlevel = pmove->waterlevel;

    // If we are not on ground, store off how fast we are moving down
    if ( pmove->onground == -1 )
    {
        pmove->flFallVelocity = -pmove->velocity[2];
    }

    g_onladder = 0;
    // Don't run ladder code if dead or on a train
    if ( !pmove->dead && !(pmove->flags & FL_ONTRAIN) )
    {
        pLadder = PM_Ladder();
        if ( pLadder )
        {
            g_onladder = 1;
        }
    }

    PM_UpdateStepSound();

    PM_Duck();
    
    // Don't run ladder code if dead or on a train
    if ( !pmove->dead && !(pmove->flags & FL_ONTRAIN) )
    {
        if ( pLadder )
        {
            PM_LadderMove( pLadder );
        }
        else if ( pmove->movetype != MOVETYPE_WALK &&
                  pmove->movetype != MOVETYPE_NOCLIP )
        {
            // Clear ladder stuff unless player is noclipping
            //  it will be set immediately again next frame if necessary
            pmove->movetype = MOVETYPE_WALK;
        }
    }

    // Slow down, I'm pulling it! (a box maybe) but only when I'm standing on ground
    if ( ( pmove->onground != -1 ) && ( pmove->cmd.buttons & IN_USE) )
    {
        VectorScale( pmove->velocity, 0.3, pmove->velocity );
    }

    // Handle movement
    switch ( pmove->movetype )
    {
    default:
        pmove->Con_DPrintf("Bogus pmove player movetype %i on (%i) 0=cl 1=sv\n", pmove->movetype, pmove->server);
        break;

    case MOVETYPE_NONE:
        break;

    case MOVETYPE_NOCLIP:
        PM_NoClip();
        break;

    case MOVETYPE_TOSS:
    case MOVETYPE_BOUNCE:
        PM_Physics_Toss();
        break;

    case MOVETYPE_FLY:
    
        PM_CheckWater();

        // Was jump button pressed?
        // If so, set velocity to 270 away from ladder.  This is currently wrong.
        // Also, set MOVE_TYPE to walk, too.
        if ( pmove->cmd.buttons & IN_JUMP )
        {
            if ( !pLadder )
            {
                PM_Jump ();
            }
        }
        else
        {
            pmove->oldbuttons &= ~IN_JUMP;
        }
        
        // Perform the move accounting for any base velocity.
        VectorAdd (pmove->velocity, pmove->basevelocity, pmove->velocity);
        PM_FlyMove ();
        VectorSubtract (pmove->velocity, pmove->basevelocity, pmove->velocity);
        break;

    case MOVETYPE_WALK:
        if ( !PM_InWater() )
        {
            PM_AddCorrectGravity();
        }

        // If we are leaping out of the water, just update the counters.
        if ( pmove->waterjumptime )
        {
            PM_WaterJump();
            PM_FlyMove();

            // Make sure waterlevel is set correctly
            PM_CheckWater();
            return;
        }

        // If we are swimming in the water, see if we are nudging against a place we can jump up out
        //  of, and, if so, start out jump.  Otherwise, if we are not moving up, then reset jump timer to 0
        if ( pmove->waterlevel >= 2 ) 
        {
            if ( pmove->waterlevel == 2 )
            {
                PM_CheckWaterJump();
            }

            // If we are falling again, then we must not trying to jump out of water any more.
            if ( pmove->velocity[2] < 0 && pmove->waterjumptime )
            {
                pmove->waterjumptime = 0;
            }

            // Was jump button pressed?
            if (pmove->cmd.buttons & IN_JUMP)
            {
                PM_Jump ();
            }
            else
            {
                pmove->oldbuttons &= ~IN_JUMP;
            }

            // Perform regular water movement
            PM_WaterMove();
            
            VectorSubtract (pmove->velocity, pmove->basevelocity, pmove->velocity);

            // Get a final position
            PM_CatagorizePosition();
        }
        else

        // Not underwater
        {
            // Was jump button pressed?
            if ( pmove->cmd.buttons & IN_JUMP )
            {
                if ( !pLadder )
                {
                    PM_Jump ();
                }
            }
            else
            {
                pmove->oldbuttons &= ~IN_JUMP;
            }

            // Fricion is handled before we add in any base velocity. That way, if we are on a conveyor, 
            //  we don't slow when standing still, relative to the conveyor.
            if ( pmove->onground != -1 )
            {
                pmove->velocity[2] = 0.0;
                PM_Friction();
            }

            // Make sure velocity is valid.
            PM_CheckVelocity();

            // Are we on ground now
            if ( pmove->onground != -1 )
            {
                PM_WalkMove();
            }
            else
            {
                PM_AirMove();  // Take into account movement when in air.
            }

            // Set final flags.
            PM_CatagorizePosition();

            // Now pull the base velocity back out.
            // Base velocity is set if you are on a moving object, like
            //  a conveyor (or maybe another monster?)
            VectorSubtract (pmove->velocity, pmove->basevelocity, pmove->velocity );
                
            // Make sure velocity is valid.
            PM_CheckVelocity();

            // Add any remaining gravitational component.
            if ( !PM_InWater() )
            {
                PM_FixupGravityVelocity();
            }

            // If we are on ground, no downward velocity.
            if ( pmove->onground != -1 )
            {
                pmove->velocity[2] = 0;
            }

            // See if we landed on the ground with enough force to play
            //  a landing sound.
            PM_CheckFalling();
        }

        // Did we enter or leave the water?
        PM_PlayWaterSounds();
        break;
    }
} 


What I want removed is the VectorScale call in this bit:

PHP Code:

// Slow down, I'm pulling it! (a box maybe) but only when I'm standing on ground
    if ( ( pmove->onground != -1 ) && ( pmove->cmd.buttons & IN_USE) )
    {
        VectorScale( pmove->velocity, 0.3, pmove->velocity );
    }