View previous topic :: View next topic |
Author |
Message |
Silvershaft How do I cheat? Reputation: 0
Joined: 04 Apr 2013 Posts: 3
|
Posted: Thu Apr 04, 2013 9:36 am Post subject: DLL injection: How to hook to certain actions |
|
|
So I've made a simple DLL and successfully injected it to the game process. What I basically want to do is run my own code when the player shoots in the game for example. I have tried to look around how to do this but the problem is that I don't really know what it is called. Any help would be appreciated.
The game I am trying to do this with currently is bioshock 3(unreal engine 3) if it helps.
|
|
Back to top |
|
|
STN I post too much Reputation: 42
Joined: 09 Nov 2005 Posts: 2672
|
Posted: Thu Apr 04, 2013 11:59 am Post subject: |
|
|
you mean bioshock infinite ?.
And detouring/hooking isn't the hard part, the hard part is finding the function that shoots, emulating it partially or fully perhaps with your desired tweaks to it and then resuming the control back to game functions.
I will explain what you asked, how to hook. Suppose you found the game shooting function, lets say its at 0x9ace. Simply make a jump to your dll, copy the whole function making sure you balance out the stack and registers etc. and then just jump back to the game at the point where the shooting function ends.
I don't understand why you want to hook the shooting function in game though.
_________________
|
|
Back to top |
|
|
Silvershaft How do I cheat? Reputation: 0
Joined: 04 Apr 2013 Posts: 3
|
Posted: Thu Apr 04, 2013 1:20 pm Post subject: |
|
|
I just used the shooting function as an example, I don't really want to edit that. And yes I meant bioshock infinite.
Okay so I think I got it now and I got another question. If I wanted to spawn an npc and control it's movement somehow, what would be the best way to proceed? How should I search for the possible function that spawn the npc? I don't really have any idea where to start looking. Thanks for the help!
|
|
Back to top |
|
|
STN I post too much Reputation: 42
Joined: 09 Nov 2005 Posts: 2672
|
Posted: Thu Apr 04, 2013 1:57 pm Post subject: |
|
|
Debug for hours.
Its actually pretty easy with some game engines, i have found this to be relatively piss easy with COD game engines. In other games, you have to make use of IDA and figure out a spot where the game handles spawning of npc. There's not a one well-defined way to do it. But to start, take a look at the string references...sometimes you can be lucky with them and easily find a function which deals with spawning. If this doesn't help, i would IDA the game and try to find some sort of function from there. You basically have to study the engine and find out the spawn function.
An example i can give is cod game engine, they are pretty infamous for string references and you have a good chance of finding something useful through string refs in these games. On the other hand, in bf3 i was able to find a spawn function of enemies by debugging their health function and backtracing a lot. It wasn't exactly a spawn function but rather controlling if they would appear or not. In Unreal3 engines which is what bioshock infinite is using, i haven't really bothered with them so i have no idea but u3 engine is pretty easy to dissect its classes for weapons/health so if you study the engine even an opensource older one perhaps, you can figure out where the spawn function will be handled in the game in new engine.
By movement control, i suppose you mean their co-ordinates ?. Its relatively easy in most games. Find your co-ordinates and put a breakpoint on them, if it is shared between you and enemy which it is in most games, you can modify those co-ords and move the NPCs where you want them. You can also find their movement speed by looking in the cordinates structure.
_________________
|
|
Back to top |
|
|
Silvershaft How do I cheat? Reputation: 0
Joined: 04 Apr 2013 Posts: 3
|
Posted: Thu Apr 04, 2013 3:58 pm Post subject: |
|
|
So I basically disassemble with IDA and look for string references like "spawn" etc? And what do you mean by co-ordinates being shared between me and enemy? I have found my Z co-ordinate now and I just need to find the rest.
|
|
Back to top |
|
|
|