Can I Manually Update Script Hook V

How to patch your own Script Hook V.

Difficulty: Baby's beginning patch.

Tools yous'll need

-A hex editor.
-IDA pro.
-http://ref.x86asm.net/coder64.html
-a smidgeon of a brain or a modicum of sense either works really.

Steps

Permit's start by downloading http://world wide web.dev-c.com/gtav/scripthookv/ and throwing ScriptHookV.dll into idaq64.exe since it'south compiled for x86-64/AMD64.
Yous can leave the options as they are.

We are lucky because we know what happens if yous accept mods installed while going into mp the scripthook volition give you an mistake and end process.
And so we tin head over to the imports tab and wait for a call that could help united states, in this case we tin type ExitProcess to observe it.

You lot tin can then double click it and head back to the IDA view tab, here we tin can apply another extremely useful feature of IDA while highlighting the call in IDA view you can press x to get all the refrences to that specific import.

There are four calls to it, so let's go to the start one.
We tin can now roll up or downwardly to understand what's happening better.

But we hitting the call that interests us since aCoreTerminatin contains the string "Core: Terminating the game, disable mods in order to become Online"

Now to sympathize what'due south going on:
There's a routine in the game that compares the rax register to 0, if their difference is 0, every bit in if they are equal, the jz spring if zilch volition trigger and the program will go downwardly the aCoreTerminatin path, so nosotros want to brand sure information technology actually goes to loc_1800027E1 (generated proper name, might be something else for you) in this example

The easiest mode to patch this, is to make that jz a jmp and forcefulness it downwardly the execution path nosotros want (the one that doesn't beep and tell the states to disable mods).
Now we can switch ida to Hex View past first highlighting the jz and rightclicking and choosing to synchronize the views.

At present we can pull out our trusty x86_64 opcode sheet and look for jz.

Turns out information technology's 74, and that'southward confirmed by our hex view too.

At present, go dorsum to the x86_64 opcode sheet and look for the JMP op lawmaking, we want the re18 one.

At present it'due south time to crack open your favourite hex editor and get await for that sequence of bytes (74 3A 48 8D 0D 12 84 04 00 E8 6D 36 00 if you are doing this today but this will modify, you tin can just re-create out a chunk afterwards the 74 in hex view though)
You can now close IDA. (Don't salve the database y'all won't demand it)
With your favorite hex editor open you tin now edit the 74 in your sequence to a EB for JMP (which is an unconditional jump to the loc)

should at present look similar:

So after saving changes, congrats you just patched yourself the scripthook.
For the sake of learning however you should re open the scripthook in IDA.
This time we know the text that is thrown at us if nosotros have mods installed contains "disable" so we can search for that.

You tin can click on the get-go occurrence in the .text section, you should now see that nothing calls the whole get out process/beep/tell you to disable mods part.

And if you scroll downwards you can also discover the

Code:

loc_18000279B: mov     rax, cs:qword_180056A70 cmp     dword ptr [rax], 0

That has been neutered by our unconditional jmp.

With that, you have accomplished an easy bytepatch on a 64bit dll, past using ida to detect what you lot needed to patch and hopefully understanding why you patched the jz to jmp.
Hope you learned something.

Fin.

Edit: Heh i didn't realize there already was a tut on this, granted I had posted all this info quite a while agone just thought i'd explain the thought process http://www.unknowncheats.me/forum/1227878-post50.html too.

__________________

You could say I practice Big Information.

Source: https://www.unknowncheats.me/forum/grand-theft-auto-v/149574-patch-own-script-hook.html

Posted by: gallegossating.blogspot.com

Share this post