Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Injecting DLL into EXE.

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
Joopx
How do I cheat?
Reputation: 0

Joined: 07 Jul 2017
Posts: 4

PostPosted: Sat Jul 08, 2017 12:45 pm    Post subject: Injecting DLL into EXE. Reply with quote

I wasn't sure how to make the subject so i had to somewhat make it misleading in order to actually make it a subject and not a paragraph.

Basically, i have a target EXE, and i have a dll i want to inject into it, i will do this via:

Attaching my program to the target process.
Make new memory space.
write the dll to that memory space.

If there is a better way in my case that you can identify from my requirements, please let me know.

So i have target exe to inject dll into, i then want to be able to communicate with the exe through the dll so that i can access the functions contained within the exe.


The actual plan is to inject the dll, somehow load all of the functions the exe can perform into the dll, then reference the dll / export the functions into my exe so that the functions, variables etc can be modified.

But i highly doubt creating new memory space, and injecting the dll into the exe will just automatically allow me to access the exe's functions, so i was wondering if possible, how would this be done?


thank you in advance Smile.
Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 198

Joined: 25 Jan 2006
Posts: 8516
Location: 127.0.0.1

PostPosted: Sat Jul 08, 2017 1:07 pm    Post subject: Reply with quote

If you are injected into the exe, then you already have full access to its memory and its functions. You can directly call functions in this case as well by casting to the correct prototype of the function and using the correct pointer to it. Keep in mind though in some cases this can cause crashes if the function is not expected to be called out of order, from a separate thread, or similar.

There is no need to export anything or any extra steps on that manner. Once you are injected, you're good to go.

_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
Joopx
How do I cheat?
Reputation: 0

Joined: 07 Jul 2017
Posts: 4

PostPosted: Sat Jul 08, 2017 1:15 pm    Post subject: Reply with quote

atom0s wrote:
If you are injected into the exe, then you already have full access to its memory and its functions. You can directly call functions in this case as well by casting to the correct prototype of the function and using the correct pointer to it. Keep in mind though in some cases this can cause crashes if the function is not expected to be called out of order, from a separate thread, or similar.

There is no need to export anything or any extra steps on that manner. Once you are injected, you're good to go.


Wow, really? I didn't know it would just work like that but there's always a second part, you said that I can directly call functions by casting to the correct prototype of the function and using the correct pointer, how would I generally obtain each functions pointer?

I'm sorry for the lack of knowledge, but this is the reason I do what I am doing
Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 198

Joined: 25 Jan 2006
Posts: 8516
Location: 127.0.0.1

PostPosted: Sat Jul 08, 2017 1:19 pm    Post subject: Reply with quote

There are multiple ways depending on the target. In some cases the symbols may be available which you can just use a symbol resolving method to get the start address by its name. Other ways would be to use a hard-offset, not really recommended if your target updates often. Another way would be to use pattern scanning to locate functions which is generally a better method as it will survive updates more often.

Hard offsets would be the case of something like "ExeName.exe"+0x1234 and so on. You would find the address of what you want, then subtract the base address of the exe from it, as long as it is in the exe's memory space.

_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
Joopx
How do I cheat?
Reputation: 0

Joined: 07 Jul 2017
Posts: 4

PostPosted: Sat Jul 08, 2017 1:47 pm    Post subject: Reply with quote

atom0s wrote:
There are multiple ways depending on the target. In some cases the symbols may be available which you can just use a symbol resolving method to get the start address by its name. Other ways would be to use a hard-offset, not really recommended if your target updates often. Another way would be to use pattern scanning to locate functions which is generally a better method as it will survive updates more often.

Hard offsets would be the case of something like "ExeName.exe"+0x1234 and so on. You would find the address of what you want, then subtract the base address of the exe from it, as long as it is in the exe's memory space.


Hard-offsets and the other methods sound interesting, but i am particularly interested in the method of which you state that it "survives updates more often" and would like to discuss this primarily with you, and, if you have the time, if you'd be able to go into fairly long detail about how it works and how i can do it, this is to do with GTA V, by the way, and i would like just to remind you that what i want to create will in no way affect in any way Rockstars online services.

Now that you have this information, this would be greatly appreciated, if you could find a function within GTA V, and then obtain its "unique pattern" as an example to me, explaining how you found it, what it allows for, and anything else? This would mean an incredible amount, and would ask that if this is something you wouldn't be able to do, would you be able to try and find some sources that explain what you are implying well please?

Thanks for getting back to me so quickly, this problem has been quite the frustration.

Thank you yet again in advance.
Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 198

Joined: 25 Jan 2006
Posts: 8516
Location: 127.0.0.1

PostPosted: Sat Jul 08, 2017 4:07 pm    Post subject: Reply with quote

Check the forums for tutorials on how to use array of bytes / patterns / signatures etc. There are a lot of posts already made discussing how they work and how to use them here.
_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
STN
I post too much
Reputation: 42

Joined: 09 Nov 2005
Posts: 2672

PostPosted: Sun Jul 09, 2017 3:08 am    Post subject: Reply with quote

It is pretty simple. Suppose you have a function

function owngtav
Bytes Instruction
55 - push ebp
8B EC - mov ebp,esp
FF 75 08 - push [ebp+08]
33 45 08 - xor eax,[ebp+08]
59 - pop ecx
5D - pop ebp
C3 - ret

It's a matter of using those bytes to find this function (you choose enough of them so they're unique and point to this function only) then write your own sigscanner to find the address of the function and use it.

You can do this with CE with just click of buttons. Just select the address, go to autoassemble and aob injection and CE will generate a template with a signature unique enough.

_________________
Cheat Requests/Tables- Fearless Cheat Engine
https://fearlessrevolution.com
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites