0

I am hacking a game. There are a lot of functions that need to be rewritten. I want to rewrite them in C++, and then extract the machine codes from compiled file, and then inject them to the game. Anyone knows how to extracts machine codes from functions that are complied by C++ VS 2019? Easy way please!!

example:

int test (int arg){
   return arg++;
}

Output assembly:

push rbp                  //55
mov rbp,rsp               //48 8B EC
mov  rax,[rbp+08]         //48 8B 45 08
inc rax                   //48 FF C0
pop rbp                   //5D

I want to get these: 55 48 8B EC 48 8B 45 08 48 FF C0 5D

phuclv
  • 37,963
  • 15
  • 156
  • 475
Chris
  • 1
  • 3
  • Add the /FA switch. Lemme see if I can find a duplicate. – user4581301 Apr 17 '21 at 04:07
  • 1
    It just occurred to me that you probably aren't building from the command line. My above comment probably isn't that useful. [Found a dupe though](https://stackoverflow.com/questions/4499199/how-to-generate-assembly-code-from-c-source-in-visual-studio-2010). Looks like I was wrong: /FAc – user4581301 Apr 17 '21 at 04:10
  • 3
    Side note: https://godbolt.org/ is a really, really handy tool. Example: https://godbolt.org/z/q8eef449h Shame about the missing `return` statement. – user4581301 Apr 17 '21 at 04:11
  • @user4581301 Thanks you. is possible that show machine code only and each function is serialized – Chris Apr 17 '21 at 05:17
  • [How to generate godbolt like clean assembly locally?](https://stackoverflow.com/q/63015986). But must you use MSVC? Other compilers' outputs are usually easier to strip down [How to remove “noise” from GCC/clang assembly output?](https://stackoverflow.com/q/38552116). Besides your function is useless and isn't optimized at all – phuclv Apr 17 '21 at 07:00
  • `mov rax,[rbp+08]` looks highly unlikely for that source. You're loading the 64-bit return address from the stack (above the saved RBP), instead of taking the 32-bit `int` arg from ECX. I suspect you took 32-bit assembly that loaded EAX from `[ebp+8]` and manually changed the registers to 64-bit, instead of correctly porting it to account for 8-byte push and the different calling convention. But then took the trouble to assemble that asm source, instead of actually looking at disassembly from real compiler output? – Peter Cordes Apr 19 '21 at 04:59

0 Answers0