Carl On Duty: Ghostbusters and x64 Calling Conventions

Well its that time, Carl on Duty: Ghostbusters has released! Long story short, still looks like poop, what they showed in the trailers is “meh” by any means. Not to say that Battlefield 4 was any better (the campaign was horrible, but who gets the Fish or Battlefield for SP?). I got a copy of the game to take a look at the security inside, well its the same lax-bro security that they have used in every other game that can be easily bypassed. But whats this? x64 (or 64-bit) processor is required with DirectX 11? First off, I noticed this during Blops 2. Why in the hell does the IW engine need any of that? It still runs like crap and rant, rant, rant. Moving on from that, I have taken closer look at x64 calling conventions for IceEditor (Battlefield 4 x64) and a possible new version of kiwicon for Ghostbusters singleplayer.

Based off of this link that Microsoft has posted, it explains how most games are compiled (using VC++ Compiler) and this makes it handy for reverse engineering in IDA. Here are some highlights just in case Microsoft decides to do another movement of their MSDN documentation.

Two important modifications from x86 to x64 are the 64-bit addressing capability and a flat set of 16 64-bit registers for general use. Given the expanded register set, x64 just uses the __fastcall calling convention and a RISC-based exception-handling model. The __fastcall model uses registers for the first four arguments and the stack frame to pass the other parameters.

And, boom goes the dynamite. That single sentence made it so easy just to reverse some stuff that was part of Ghostbusters. (Along with the compiler error of __cdecl missing in x64…)

Applying what I found out before from my tutorial on Unlocking the Call of Duty Console on All Platforms, the function has changed a bit (untested because I refuse to download ~30GB for a game that I don’t want to play)

So far the untested function is provided below.

#pragma region Prototypes
typedef PVOID (__fastcall* tSendCommandToConsole)(INT p_localClientNumber, PCHAR p_command);
tSendCommandToConsole oSendCommandToConsole = (tSendCommandToConsole)NULL;
#pragma endregion

// 64-bit alignment son!
DWORD64 s_BaseAddress = (DWORD64)GetModuleHandle(NULL);
oSendCommandToConsole = (tSendCommandToConsole)(s_BaseAddress + 0x003AEADC);

for (;;)
if (GetAsyncKeyState(VK_F3) & 0x8000)
oSendCommandToConsole(0, “connect\n”);

return 0; // Return successfully


6 thoughts on “Carl On Duty: Ghostbusters and x64 Calling Conventions”

Leave a Reply