|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
Dr.Disrespect Grandmaster Cheater Reputation: 3
Joined: 17 Feb 2016 Posts: 526
|
Posted: Thu Nov 10, 2016 8:33 am Post subject: Making a trainer in C# or C++/CLI? |
|
|
I know how to read and write the memory of a game using C# or C++/CLI. However, for the more advanced stuff, I don't know how to do it with C# or C++/CLI.
For example, in the "Memory Viewer" in CE, I can select "Auto Assembly" under the "Tools" menu, then select "Create Table framework code", and select "Code Injection". This way, I can modify a piece of code of the game to achieve the result I want.
My question is, how to do that in C# or C++/CLI? How to direct the game process to use my code when a certain event is triggered, and goes back to the game process after the execution of my code?
Thanks a lot.
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4300
|
|
Back to top |
|
|
Dr.Disrespect Grandmaster Cheater Reputation: 3
Joined: 17 Feb 2016 Posts: 526
|
Posted: Thu Nov 10, 2016 8:59 am Post subject: |
|
|
ParkourPenguin wrote: | https://www.youtube.com/watch?v=2CY_NBSwcWg |
Thank you for the quick reply, Penguin. I will definitely check out that tutorial.
One quick question: what is the research keywords that I should look for on google : DLL injections with C++ or C#? I have no idea where to start with.
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4300
|
Posted: Thu Nov 10, 2016 9:25 am Post subject: |
|
|
- C++ / C# Tutorial
- Windows API Documentation
- x86 Documentation
I honestly wouldn't recommend any specific tutorials on anything. The one I posted previously is if you're completely lost, new to programming, and/or don't have the time to learn anything. As long as you have a decent comprehension of the language you're using (C++/C#), knowledge of x86 architecture, and the ability to look at documentation (Windows API Index, Intel Software Developer Manuals), it shouldn't be hard to figure out how to make a hook: find the injection point, allocate memory, and write memory. The specifics beyond those 3 points depend on what you're doing. For example, if the injection point is located in a module, if you're doing this from within the process (i.e. dll injection) or externally, etc.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
Dr.Disrespect Grandmaster Cheater Reputation: 3
Joined: 17 Feb 2016 Posts: 526
|
Posted: Thu Nov 10, 2016 9:37 am Post subject: |
|
|
ParkourPenguin wrote: | - C++ / C# Tutorial
- Windows API Documentation
- x86 Documentation
I honestly wouldn't recommend any specific tutorials on anything. The one I posted previously is if you're completely lost, new to programming, and/or don't have the time to learn anything. As long as you have a decent comprehension of the language you're using (C++/C#), knowledge of x86 architecture, and the ability to look at documentation (Windows API Index, Intel Software Developer Manuals), it shouldn't be hard to figure out how to make a hook: find the injection point, allocate memory, and write memory. The specifics beyond those 3 points depend on what you're doing. For example, if the injection point is located in a module, if you're doing this from within the process (i.e. dll injection) or externally, etc. |
Thanks for your time, Penguin. I know C++, but not an expert, I know x86 architecture, but also not an expert. It's like I know how to cook in general, I can make a decent meal, but just don't know how to make a turkey for Thanks-giving (the more specific stuff).
But I am sure the video link will be very helpful.
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4300
|
Posted: Thu Nov 10, 2016 10:14 am Post subject: |
|
|
What I'm trying to hint at is that not every situation is the same, and there isn't always going to be something that perfectly explains a specific situation. The authors of documentation expect readers to apply that information to their specific situation.
In your case, start by working on the three points I mentioned:
ParkourPenguin wrote: | find the injection point, allocate memory, and write memory |
How you would find the injection point depends on your situation. If you're injecting a dll into the process, then you can use GetModuleHandle. If not, windows has documentation on that as well (link). If the code is not in a module and you want to scan for it, there should already be topics covering scanning for memory IIRC.
Allocating memory is done with VirtualAlloc(Ex). Having knowledge of what memory is and how it works will help (link).
Writing memory, yet again, depends on whether you're doing it from another process or not. Regardless, you should already know that assembly is really just a set of mnemonics for machine code. Write the bytes that comprise an instruction and you'll effectively write the instruction itself. All encodings are covered in Intel Software Developer's Manual V2, but it's fine to use an assembler (i.e. the one used by CE) to figure out the encodings if you don't have the time to learn that.
I'll be happy to help with problems you have as long as you try beforehand and provide relevant information for me to help.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
Dr.Disrespect Grandmaster Cheater Reputation: 3
Joined: 17 Feb 2016 Posts: 526
|
Posted: Thu Nov 10, 2016 8:14 pm Post subject: |
|
|
ParkourPenguin wrote: | What I'm trying to hint at is that not every situation is the same, and there isn't always going to be something that perfectly explains a specific situation. The authors of documentation expect readers to apply that information to their specific situation.
In your case, start by working on the three points I mentioned:
ParkourPenguin wrote: | find the injection point, allocate memory, and write memory |
How you would find the injection point depends on your situation. If you're injecting a dll into the process, then you can use GetModuleHandle. If not, windows has documentation on that as well (link). If the code is not in a module and you want to scan for it, there should already be topics covering scanning for memory IIRC.
Allocating memory is done with VirtualAlloc(Ex). Having knowledge of what memory is and how it works will help (link).
Writing memory, yet again, depends on whether you're doing it from another process or not. Regardless, you should already know that assembly is really just a set of mnemonics for machine code. Write the bytes that comprise an instruction and you'll effectively write the instruction itself. All encodings are covered in Intel Software Developer's Manual V2, but it's fine to use an assembler (i.e. the one used by CE) to figure out the encodings if you don't have the time to learn that.
I'll be happy to help with problems you have as long as you try beforehand and provide relevant information for me to help. |
I apologize for the late reply.
I will definitely do more research based on your advice, and come back with more specific questions (I think it will be injection related). It's good to have you around, Penguin. You have helped me a lot.
|
|
Back to top |
|
|
atom0s Moderator Reputation: 199
Joined: 25 Jan 2006 Posts: 8518 Location: 127.0.0.1
|
Posted: Thu Nov 10, 2016 9:43 pm Post subject: |
|
|
If you are looking into DLL injection, look into the following API:
To obtain the target process information:
- CreateToolhelp32Snapshot
- Process32First / Process32Next
- Module32First / Module32Next
To manipulate the remote process:
- OpenProcess
- OpenThread
- CloseHandle
To manipulate tokens (needed in some cases to enable debug privileges):
- OpenProcessToken
- LookupPrivilegeValue
- AdjustTokenPrivileges
For injecting a DLL into a target process, there are a number of ways to do it. The typical method is via the WriteProcessMemory/CreateRemoteThread method. That would involve using:
- CreateProcess
- VirtualAllocEx
- WriteProcessMemory
- CreateRemoteThread
- WaitForSingleObject
- GetExitCodeThread
There are a lot of other methods to take though depending on the target and if there is detections to worry about. Manual mapping is the more common method of doing injections to avoid being detected. As well as other methods such as using a driver from the kernel level and such. There are a ton of injectors open source around the web that can assist you with learning those other techniques.
If you are looking to inject code caves and such, you will mainly need:
- OpenProcess
- VirtualAllocEx
- WriteProcessMemory
Just be sure to read up on x86 jumps and calls to understand how they are calculated to ensure that your caves jump to and from things properly and make calls correctly.
_________________
- Retired. |
|
Back to top |
|
|
Dr.Disrespect Grandmaster Cheater Reputation: 3
Joined: 17 Feb 2016 Posts: 526
|
Posted: Fri Nov 11, 2016 10:03 am Post subject: |
|
|
atom0s wrote: | If you are looking into DLL injection, look into the following API:
To obtain the target process information:
- CreateToolhelp32Snapshot
- Process32First / Process32Next
- Module32First / Module32Next
To manipulate the remote process:
- OpenProcess
- OpenThread
- CloseHandle
To manipulate tokens (needed in some cases to enable debug privileges):
- OpenProcessToken
- LookupPrivilegeValue
- AdjustTokenPrivileges
For injecting a DLL into a target process, there are a number of ways to do it. The typical method is via the WriteProcessMemory/CreateRemoteThread method. That would involve using:
- CreateProcess
- VirtualAllocEx
- WriteProcessMemory
- CreateRemoteThread
- WaitForSingleObject
- GetExitCodeThread
There are a lot of other methods to take though depending on the target and if there is detections to worry about. Manual mapping is the more common method of doing injections to avoid being detected. As well as other methods such as using a driver from the kernel level and such. There are a ton of injectors open source around the web that can assist you with learning those other techniques.
If you are looking to inject code caves and such, you will mainly need:
- OpenProcess
- VirtualAllocEx
- WriteProcessMemory
Just be sure to read up on x86 jumps and calls to understand how they are calculated to ensure that your caves jump to and from things properly and make calls correctly. |
OMG, this is exactly what I was looking for. Thank you so much for providing such an comprehensive explanation, atm0s!
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|