TransWikia.com

How to force run a method triggered with a series of keys in a game?

Reverse Engineering Asked by SplitHorizon on June 11, 2021

This is my first time asking something on SE and I’ll do the best I can to provide all of the required information, but I apologize in advance if I’m not clear enough.

I’m trying to reverse engineer a certain fighting game to be able to run the moves “manually”. What I mean by this is, say a certain power move is run by pressing S A J quickly on the keyboard, I want to be able to just jump to the method to use that move in the code without having to press the keys.

so far I’ve tried using CheatEngine and OllyDbg to search for strings that match the move names, and also looked at what values changed before, during, and after executing the move, but neither seems to have done anything.

I’m relatively new to the assembly language, but have quite a bit of experience in c++, c# and other languages.

I looked for questions similar to this one before posting it, but couldn’t seem to find anything that would help. If this has been posted before and I just missed it, sorry about that.

Thanks in advance for any answers.

functions

2 Answers

Considering that this is the RE forum, this is how I would find the function.

  1. Place a conditional break point on the input handling code. Depending on the game it might come from something like getchar() or be handled in a Windows message loop (assuming x86 Windows here since you mentioned OllyDbg).
  2. The condition for the breakpoint would be when the input data equals 'j'. You might get lucky and find a cmp/jmp (or similar) sequence for 'j' or 'J' in the disassembly, then you could just set a normal break point there.
  3. Run the game, and execute the combination on the keyboard.
  4. When the break point hits, you can then single step and keep track of the call statements that are hit, one of them is likely to be the function you care about.

Answered by josh poley on June 11, 2021

Assuming this game is a bit more complex than a 8bit console game I'm afraid hooking getchar() and the likes won't do you much good.

With Windows windowed/full screen games, input is received by handling window messages, usually in a message loop.

In such cases, each window has its own message processing loop, in witch it constantly calls GetMessage() to receive events it should react to, such as key presses. GetMessage()s first parameter is a pointer to MSG structure which it populates with the next message after removing it from the queue. Go here for a message loop example, here for GetMessage() documentation, and finally here for the MSG structure documentation.

In that case you should place breakpoints on:

  1. GetMessage
  2. PeekMessage

After you've got to the message loop, you'll probably encounter a medium sized switch-case handling the different message types. That switch-case should read the MSG structure's message member for message types that belong to the keyboard. most commonly those are:

  1. WM_KEYDOWN
  2. WM_KEYUP
  3. WM_CHAR.

Once you've found the case handling those types, you should be pretty close to the function you're looking for. That case will most-likely do a few lines for code worth of parameter preparations and then call the function you're looking for.

Answered by NirIzr on June 11, 2021

Add your own answers!

Ask a Question

Get help from others!

Recent Questions

Recent Answers

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP