Carl On Duty: Ghostbusters and x64 Calling Conventions

Well its that time, Carl on Duty: Ghostbusters has released! Long story short, still looks like poop, what they showed in the trailers is “meh” by any means. Not to say that Battlefield 4 was any better (the campaign was horrible, but who gets the Fish or Battlefield for SP?). I got a copy of the game to take a look at the security inside, well its the same lax-bro security that they have used in every other game that can be easily bypassed. But whats this? x64 (or 64-bit) processor is required with DirectX 11? First off, I noticed this during Blops 2. Why in the hell does the IW engine need any of that? It still runs like crap and rant, rant, rant. Moving on from that, I have taken closer look at x64 calling conventions for IceEditor (Battlefield 4 x64) and a possible new version of kiwicon for Ghostbusters singleplayer.

Based off of this link that Microsoft has posted, it explains how most games are compiled (using VC++ Compiler) and this makes it handy for reverse engineering in IDA. Here are some highlights just in case Microsoft decides to do another movement of their MSDN documentation.

Two important modifications from x86 to x64 are the 64-bit addressing capability and a flat set of 16 64-bit registers for general use. Given the expanded register set, x64 just uses the __fastcall calling convention and a RISC-based exception-handling model. The __fastcall model uses registers for the first four arguments and the stack frame to pass the other parameters.

And, boom goes the dynamite. That single sentence made it so easy just to reverse some stuff that was part of Ghostbusters. (Along with the compiler error of __cdecl missing in x64…)

Applying what I found out before from my tutorial on Unlocking the Call of Duty Console on All Platforms, the function has changed a bit (untested because I refuse to download ~30GB for a game that I don’t want to play)

So far the untested function is provided below.

#pragma region Prototypes
typedef PVOID (__fastcall* tSendCommandToConsole)(INT p_localClientNumber, PCHAR p_command);
tSendCommandToConsole oSendCommandToConsole = (tSendCommandToConsole)NULL;
#pragma endregion

DWORD WINAPI kiwicon_init(LPVOID)
{
// 64-bit alignment son!
DWORD64 s_BaseAddress = (DWORD64)GetModuleHandle(NULL);
oSendCommandToConsole = (tSendCommandToConsole)(s_BaseAddress + 0x003AEADC);

for (;;)
{
if (GetAsyncKeyState(VK_F3) & 0x8000)
oSendCommandToConsole(0, “connect 127.0.0.1\n”);

Sleep(150);
}
return 0; // Return successfully
};

6 comments on “Carl On Duty: Ghostbusters and x64 Calling Conventions”

cra0 On November 11, 2013 at 3:49 am

Yo do you have steam? or any instant msging service would like to talk to you about this

Log in to Reply
- kiwidog On November 11, 2013 at 7:51 am
  
  I do, kiwidoggie is my steam. kiwipuppy is my display name.
  
  Log in to Reply
  - cra0 On November 11, 2013 at 7:20 pm
    
    added mines cra0kalo
    
    Log in to Reply
Collision_TN On November 11, 2013 at 10:48 am

Still waiting for your free cam mod to use the zooming on invisible weapons on BF4 🙁 (Option is unavailable on Spectator mode)

Log in to Reply
- kiwidog On November 11, 2013 at 11:40 am
  
  There is work in progress for the BF4 camera mod. We are still reversing engine functions to make it the cleanest way possible.
  
  Log in to Reply
  - Collision_TN On November 11, 2013 at 12:30 pm
    
    Thank you.
    http://battlelog.battlefield.com/bf4/forum/threadview/2955064767913903646/
    
    Log in to Reply

6 comments on “Carl On Duty: Ghostbusters and x64 Calling Conventions”

Leave a Reply Cancel reply