NachtPiloten, yes, this is exactly how it is done - find the code in the original exe/dll, then replace it as needed (all modifications are made in memory while the game is running, instead of patching files on the disk).
But again, the problem is that the game code is not human-readable. C++ is compiled into machine code which has almost no hints about its sources.
Here is a nice example from my unfinished DX11 renderer that modifies an existing cfs3 function to enhance object visibility checks:
Code:
const BYTE proc[] = {
// ... test eax, eax ...
// can safely use eax
0x75, 0x04, // jnz +0x04
// didn't take the jump, thus eax is zero, cmp will NE => setne al will set 1
0x83, 0x65, 0x00, 0xFD, // and dword ptr[ebp + 0], 0FFFFFFFDh
0xE8, 0x00, 0x00, 0x00, 0x00, // call ...
0xEB, 0x04, // jmp +4
0x90, 0x90, 0x90, 0x90 // nop
// then eax is immediately overwritten
// ... mov eax, ...
};
memcpy(addrProc, proc, sizeof(proc));
*(DWORD*)(addrProc + 7) = callOffset;
// also replace jump from 0x564a76+2 to 0x00564A8B+6 = 91h-78h = 0x19
// test eax,eax and then doing JZ to cmp eax, 0FFFF...
// thus if eax is zero, cmp will NE, so setne al will set 1
addrJump[1] = 0x19;
Bookmarks