Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


How to scan from c# for mono function signature?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
Beta
How do I cheat?
Reputation: 0

Joined: 29 Jan 2018
Posts: 4

PostPosted: Mon Jan 29, 2018 10:45 pm    Post subject: How to scan from c# for mono function signature? Reply with quote

Hello,

I can find signature and mask it, so that I can use it everytime the game starts up, to find my stuff. However, address found is way below mono.dll baseaddress, so I have no region in memory to scan, unless I read everything?

Its a 64bit process, unity game. I can make this work in CE lua, but how can I find that address with just c# and native functions?

I can read variables just fine, its the functions that I can't find.

Edit: its not mono function really, but its the games c# function
Back to top
View user's profile Send private message
sbryzl
Master Cheater
Reputation: 6

Joined: 25 Jul 2016
Posts: 252

PostPosted: Tue Jan 30, 2018 11:10 pm    Post subject: Reply with quote

You want to scan for aob?
Back to top
View user's profile Send private message
Beta
How do I cheat?
Reputation: 0

Joined: 29 Jan 2018
Posts: 4

PostPosted: Wed Jan 31, 2018 1:51 am    Post subject: Reply with quote

Yeah, byte array that matches the signature of a function. I have the signature and with CE, the stardard serach and with lua aobscan, I can find it, but not from C#, my own code.
CE does something fancy with the mono stuff and Im trying to find a way to find the function from C#.
Back to top
View user's profile Send private message
sbryzl
Master Cheater
Reputation: 6

Joined: 25 Jul 2016
Posts: 252

PostPosted: Wed Jan 31, 2018 3:17 am    Post subject: Reply with quote

I had a similar problem before and used an initialization function to record a pointer to the distant location then did the aobscan using that pointed address as a base.
Back to top
View user's profile Send private message
panraven
Grandmaster Cheater
Reputation: 54

Joined: 01 Oct 2008
Posts: 941

PostPosted: Thu Feb 01, 2018 1:33 am    Post subject: Reply with quote

Not sure it work as I've not tested.

Probably you can just inject CE's MonoDataCollector dll into the game process, then communicate with dll's Named Pipe Server.

The CE MonoDataCollector page:
Code:

...
CPipeServer::CPipeServer(void)
{
   attached = FALSE;
   swprintf(datapipename, 256, L"\\\\.\\pipe\\cemonodc_pid%d", GetCurrentProcessId());
   //swprintf(eventpipename, 256,L"\\\\.\\pipe\\cemonodc_pid%d_events", GetCurrentProcessId());
...

the pipe name should be something \\.\pipe\cemonodc_pid<PID>,<PID> being the game process pid number in decimal.

In C# side, may google how to make the client server, eg. https://stackoverflow.com/questions/13806153/example-of-named-pipes
With the above same pipe name, your C# program should able to communicated the CE mono dll.

The detail of communication may check CE dir autorun/monoscript.lua , those monopipe.readQword/readString etc. are what to be send and receive .

Another approach may try google CECIL mono library, I not know detail, but it is often mentioned in some mono hack forum post.

------------

Let try a possible example for monodatacollector.

mono has the api to compile a byte-code function into native code BEFORE it executed normally.

That why some mono cheat need to do something (eg. being hit for god mode) before activating, and some don't need (the cheat refer the function name and ce compile the function if not already). And this probably the situation you saiid "I have the signature and with CE, the stardard serach and with lua aobscan, I can find it, but not from C#, my own code"

In monoscript.lua, such work is done by mono_compile_method, the code is:
Code:

function mono_compile_method(method) --Jit a method if it wasn't jitted yet
  --if debug_canBreak() then return nil end

  monopipe.lock()

  monopipe.writeByte(MONOCMD_COMPILEMETHOD)
  monopipe.writeQword(method)
  local result=monopipe.readQword()
  monopipe.unlock()
  return result
end


So the lua function send 2 value to server, and receive 1 result value.

The communication should be simple if follow the monoscript.lua, the hard work is all done by the injected pipe server on monodatacollector dll.
I have little experience on c#, but I guess it should be doable by it.

_________________
- Retarded.
Back to top
View user's profile Send private message
Beta
How do I cheat?
Reputation: 0

Joined: 29 Jan 2018
Posts: 4

PostPosted: Thu Feb 01, 2018 3:20 am    Post subject: Reply with quote

Whoa!
Thanks for that. Certainly gave me something to test. I had a thought that i have to inject monodatacollector and that seems to be the only way.

Thanks
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites