Let's talk about how call works)

I have written a few secrets before, but they are all packed and understand some reverse engineering, but I have not written such plug-ins that rely on calling game functions. Here, we all like this. Let me talk about my thoughts.
After reading this, we can find the call that calls send, find this call, and find the last call. In this way, we can find the key call. However, some games cannot be found like this, so if some games cannot be retrieved like this, what should we do first.
To talk about the call principle, we should think about the running mechanism of the game. That is to say, what is the control mode of the game.
In fact, most games are like this. Here is an example of Drug Buying:
Click to buy medicine:
1. The client generates a shopping behavior and calls the process of buying an item, for example, buygoods (S: String, N: integer); // The parameter S is the number of item types N
2. This action will generate a data message makeinfostring sent to the server;
For example: 36 00 01 .........
3. data must be encrypted once or N times.
4. After encryption, send the information to the server through the send or wsasend function.
5. Wait for the response from the server.
6. The server returns the successful purchase information.
7. The client responds to this information and calls local actions.
In this way, the general control mode of the game is basically formed.
Write Program Probably:
Main Program
....
....
Buygoods (lifemedicine, 10); // call the item buying process after the behavior is generated
....
....
Main Program

Procedure buygoods (S: String, N: integer); // the process of buying an item
Begin
Send (encrypt (makeinfostring (S, N )));
End;
Of course, the statement can also be:
Makeinfostring;
Encrypt;
Send;

The methods are similar in any case.
After learning about the major program writing method, we have a thought in reverse order:
BP send
Return to the lookback, first find encrypt, then look back, you can find makeinfostring (that is, find the plaintext part), and then look up, that is, the buygoods (S: string, n: integer.

Let me look at a game to explain, for example, what kind of game is there.
This game has an out-of-the-box and out-of-the-box function, that is, releasing and resting babies. Let's talk about this call.
In this game, I used a general idea to go back and find out the call for this issue. I did not try other calls, but I mainly used it to give an example. Then I will use another method:
1. Let me first go back to BP send and return to see here, not to mention the send function.
0069 ffbf |. E8 82a11000 call <JMP. & ws2_32. #19>
, 2. Place a hard key in the Buf area of send to access the breakpoint. Here, we can see that data is stored in the Buf area of the send function.
0069fb43 |. F3: A5 rep movs dword ptr es: [EDI], dword ptr [E>; |
3. Analyze the ESI disconnections and find the encryption function.
0069fb64 |. E8 67060000 call 006a01d0; \ encapsulation encryption function
4. Well, we will break down this encryption function. Click "exit", and then run the command to return. You can see the call that calls it.
0069dd14. E8 471d0000 call 0069fa60
5. Break down and search back to see the call at the upper level.
0069 defc |. E8 bffdffff call 0069dcc0
6. Disconnect the instance and try again.
006 dbdfb |. ff50 0C call [eax + C]
7. Disconnect the instance and try again.
0065cb89 |. 8b4d 08 mov ECx, [EBP + 8]
0065cb8c |. 33c0 XOR eax, eax
0065cb8e |. 66: 8b46 21 mov ax, [ESI + 21]
0065cb92 |. 6a 32 push 32;/arg3 = 00000032
0065cb94 |. 50 push eax; | arg2
0065cb95 |. 51 push ECx; | arg1
0065cb96 |. 8d8d e4fbffff Lea ECx, [ebp-41C]; |
0065cb9c |. c745 FC 00000> mov dword ptr [ebp-4], 0; |
0065cba3 |. E8 88f10700 call 006dbd30; \ thewarlo.006dbd30
8. Put it on again. Here is it. Do you see the call in red? It is the call in the form of a forward sign.

001_1b2 |. 83f8 14 CMP eax, 14
0020.1b5 |. 8b45 08 mov eax, [EBP + 8]
003471b8 |. 73 06 JNB short 0000001c0
0000001ba |. 83f8 01 CMP eax, 1
0020.1bd |. 7E 01 jle short 001_1c0
001_1bf |. 48 dec eax
003471c0 |> 8b410404 mov eax, [ESI + eax * 4 + 4]
001271c4 |. b9 58e88000 mov ECx, 0080e858
001_1c9 |. 50 push eax;/arg1
0020.1ca |. e8 81c000000 call 0065ca50; \ thew Arlo.0065ca50
0020.1cf |. 5E pop ESI
001_1d0 |. 5D pop EBP
0020.1d1 \. c2 0400 retn 4
9, and then the guidll's airspace.
both of them are acceptable.
in this example, I want to tell you the principle of calling, I mean, if you don't know how a game or program runs, you can't find it in any way. Of course, some examples of actual operations provided by others are excluded.
Well, it cannot be much worse. I don't know whether these are useful to everyone. You are welcome to criticize and correct them.