Cheat Engine

horsedeg · Cheater Reputation: 0 Joined: 26 Jun 2017 Posts: 27

The only upside to DLL injecting I can imagine is not having to use ReadProcessMemory or WriteProcessMemory, as opposed to having direct access to memory. I can see that being annoying to write but not a very big factor, considering from my experience I've seen DLL injecting being way more common.

STN · Posted: Wed Jul 05, 2017 6:27 am Post subject:

Both have their pros and cons and which one you use is up to your personal preference or your situation.

I have always used dll injection but gotten sick of antiviruses claiming i was developing viruses and destroying people's PCs (as well as other reasons) and switched to using WPM.

One of the biggest disadvantage you have with dll injection (at least for me) is the false positives, some AVs even block it without giving the user any notification that they did this. It was a nightmare. Ironically, some of these antiviruses are fine with WPM even if you really are spreading malware.

OldCheatEngineUser · Jul 26, 2020

ehm, seems our buddy STN was a tough guy lol.

but anyway, "I have always used dll injection but gotten sick of antiviruses"
what about these games that when you inject a dll into it.
i mean did you found a way to bypass this type of security.

here is a wish:

if these anti-hacks (or whatever the system they put into their games)
is able to know theres a virus affected this game and its not a dll injection.

then this is the happy day, we code a dll, to act as a virus and inject it to that game.
and the game security will think its just a virus.

but the technical way they built these security system is different than AV's.

however, if you know which function is used to inject this file, then it should be a lil' bit easy to find which function preventing the injection.

I SHOULD NOT TALK ABOUT THIS HERE,
like debuggers, anti-debugger use(not every anti-debug) isDebuggerPresent

there must be a similar function that preventing the injection.
but i dont know that function or how to find it.

theres something else thats cause a problem to me, some games you can finely attach the debugger, but when you try to see whats writing to an address or whats accessing that address, they call system"exit".
the problem isnt on finding system exit.
the problem here, which function is responsible for this kind of thing.

i just wish to expand game hacking community and skills.

nowadays hacking games became more difficult than past 5-7 years.
more companies developing anti-hacks and related.

more games went to server-sided.

just everything became a little bit more tricky than past.

thanks god we have cheat engine that provide lot of function and things that helps you.

but again, these security system getting better and better, a check function constantly monitoring your health address, and there a another security function monitoring that security function.
another security function checking if a "CALL" made and reached the other security functions.

its just getting worse and worse.
im quit for now.
sorry for long post and kinda useless.
but i needed to say these words.
i feel more comfort now.

EDIT:

atom0s · Posted: Thu Jul 06, 2017 3:05 am Post subject:

Some pros of using injection:
- Much faster access to everything, no overhead reading/writing to memory.
- Direct memory access to literally everything of that process.
- Direct function access making it easy to do injected function calls.
- Easy hooking of functions/vtables/etc. as you are in the same address space.
- Bypass common detection methods of external tools.
- Mimic/fake your injected DLL to bypass other detection methods. (Such as proxying another DLL commonly used like d3d8/9.dll, dinput.dll etc.)
- Avoid most anti-virus' easily depending on how you are injecting.
- Safer code alterations from rippers that just use tools that steal RPM/WPM call information.

And so on. Injection has many benefits over just doing external reads/writes. When you get into more serious targets that have anti-cheats and so on, injection becomes almost required as typical trainers will always be detected or prevented in some manner. On more serious targets, you may even need to get into kernel level things such as hooks and even injecting from a driver etc.

Overall it depends on what you are targeting and how in depth your trainer / application is going to be. A simple edit here and there may just be easier to code a simple and small trainer, were a fully involved alteration of a target may be better suited in an injected DLL.