|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
Beta How do I cheat? Reputation: 0
Joined: 29 Jan 2018 Posts: 4
|
Posted: Mon Jan 29, 2018 10:45 pm Post subject: How to scan from c# for mono function signature? |
|
|
Hello,
I can find signature and mask it, so that I can use it everytime the game starts up, to find my stuff. However, address found is way below mono.dll baseaddress, so I have no region in memory to scan, unless I read everything?
Its a 64bit process, unity game. I can make this work in CE lua, but how can I find that address with just c# and native functions?
I can read variables just fine, its the functions that I can't find.
Edit: its not mono function really, but its the games c# function |
|
Back to top |
|
|
sbryzl Master Cheater Reputation: 6
Joined: 25 Jul 2016 Posts: 252
|
Posted: Tue Jan 30, 2018 11:10 pm Post subject: |
|
|
You want to scan for aob? |
|
Back to top |
|
|
Beta How do I cheat? Reputation: 0
Joined: 29 Jan 2018 Posts: 4
|
Posted: Wed Jan 31, 2018 1:51 am Post subject: |
|
|
Yeah, byte array that matches the signature of a function. I have the signature and with CE, the stardard serach and with lua aobscan, I can find it, but not from C#, my own code.
CE does something fancy with the mono stuff and Im trying to find a way to find the function from C#. |
|
Back to top |
|
|
sbryzl Master Cheater Reputation: 6
Joined: 25 Jul 2016 Posts: 252
|
Posted: Wed Jan 31, 2018 3:17 am Post subject: |
|
|
I had a similar problem before and used an initialization function to record a pointer to the distant location then did the aobscan using that pointed address as a base. |
|
Back to top |
|
|
panraven Grandmaster Cheater Reputation: 55
Joined: 01 Oct 2008 Posts: 942
|
Posted: Thu Feb 01, 2018 1:33 am Post subject: |
|
|
Not sure it work as I've not tested.
Probably you can just inject CE's MonoDataCollector dll into the game process, then communicate with dll's Named Pipe Server.
The CE MonoDataCollector page:
Code: |
...
CPipeServer::CPipeServer(void)
{
attached = FALSE;
swprintf(datapipename, 256, L"\\\\.\\pipe\\cemonodc_pid%d", GetCurrentProcessId());
//swprintf(eventpipename, 256,L"\\\\.\\pipe\\cemonodc_pid%d_events", GetCurrentProcessId());
...
|
the pipe name should be something \\.\pipe\cemonodc_pid<PID>,<PID> being the game process pid number in decimal.
In C# side, may google how to make the client server, eg. https://stackoverflow.com/questions/13806153/example-of-named-pipes
With the above same pipe name, your C# program should able to communicated the CE mono dll.
The detail of communication may check CE dir autorun/monoscript.lua , those monopipe.readQword/readString etc. are what to be send and receive .
Another approach may try google CECIL mono library, I not know detail, but it is often mentioned in some mono hack forum post.
------------
Let try a possible example for monodatacollector.
mono has the api to compile a byte-code function into native code BEFORE it executed normally.
That why some mono cheat need to do something (eg. being hit for god mode) before activating, and some don't need (the cheat refer the function name and ce compile the function if not already). And this probably the situation you saiid "I have the signature and with CE, the stardard serach and with lua aobscan, I can find it, but not from C#, my own code"
In monoscript.lua, such work is done by mono_compile_method, the code is:
Code: |
function mono_compile_method(method) --Jit a method if it wasn't jitted yet
--if debug_canBreak() then return nil end
monopipe.lock()
monopipe.writeByte(MONOCMD_COMPILEMETHOD)
monopipe.writeQword(method)
local result=monopipe.readQword()
monopipe.unlock()
return result
end
|
So the lua function send 2 value to server, and receive 1 result value.
The communication should be simple if follow the monoscript.lua, the hard work is all done by the injected pipe server on monodatacollector dll.
I have little experience on c#, but I guess it should be doable by it. _________________
- Retarded. |
|
Back to top |
|
|
Beta How do I cheat? Reputation: 0
Joined: 29 Jan 2018 Posts: 4
|
Posted: Thu Feb 01, 2018 3:20 am Post subject: |
|
|
Whoa!
Thanks for that. Certainly gave me something to test. I had a thought that i have to inject monodatacollector and that seems to be the only way.
Thanks |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|