| View previous topic :: View next topic |
| Author |
Message |
ulysse31
Master Cheater
![]() Reputation: 2
Joined: 19 Mar 2015
Posts: 324
Location: Paris
|
 Posted: Thu Dec 03, 2015 9:32 am Post subject: hook game function through dll injected inline assembly |
 |
|
Hi,
There's this game I am hacking for some time, everytime there s a new patch I rewrite the offset but I'd like to avoid doing that anymore.
I wrote a DLL that scans pattern signature and retrieves addresses, it contains function which contains my hacks.
Say function_1 is a native game function.
say I want to hook function_1 at DWORD HookAddress_1 and bring it to DllFunction_1.
In CE I do
HookAddress_1:
jmp DllFunction_1
For as long as I ve been doing that in c++ i rewrote the game memory with arrays of byte using writeprocessmemory API.
Is there a way to do this using only inline assembly (in my c++ program)?
Thanks ! |
|
| Back to top |
|
 |
STN
I post too much
 Reputation: 43
Joined: 09 Nov 2005
Posts: 2676
|
| Posted: Thu Dec 03, 2015 10:15 am Post subject: |
|
|
VS doesn't support inline-asm in 64-bit anymore but if this is for 32 bit, you can still inline asm and then do the redirect to your dll(cave). Directly access your desired memory since you are in the game's memory (mov [mem], bytestowrite etc or write your injection in the dll and redirect the game code to it )
Otherwise, you can use MinHook if you work with 64 bit as well.
Or you can grab Embercardo's C++, it supports inline-asm i think for 64-bit as well at least the delphi ide/compiler does.
_________________
|
|
| Back to top |
|
|
ulysse31
Master Cheater
![]() Reputation: 2
Joined: 19 Mar 2015
Posts: 324
Location: Paris
|
| Posted: Thu Dec 03, 2015 2:45 pm Post subject: |
|
|
Thanks, yes it's a 32 bit console program.
What i ended up doing is create a function pointer to my dll function, calculate difference between address pointed by function pointer and the address returned by pattern scan and patched a jump over the original code line to my dll function using the difference calculated as hexa bytes (\xe9\x??\x??\x??\x??) |
|
| Back to top |
|
|
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Thu Dec 03, 2015 8:23 pm Post subject: |
|
|
You can make use of 64bit ASM in Visual Studio with work-arounds like this:
https://deviorel.wordpress.com/2015/01/19/compiling-64-bit-assembler-code-in-visual-studio-2014/
You wont be able to do inline asm, but you will be able to compile directly within VS at that point.
As for the question about hooking, you can do the 'codecave' with inline assembly. The patching to jump to your cave can be done easily in C/C++ with some basic math and writing to memory.
Firstly, you need to place a jump to your code cave, which you can do like this:
| Code: | #define MakeJump(f, t) (int)(((int)t - (int)f) - 5)
DWORD dwJumpBack = 0;
/**
* @brief Code cave.
*/
void __declspec(naked) __stdcall YourCodeCaveName(void)
{
__asm
{
// Do your inline asm here..
// Jump back to the original location..
JMP dwJumpBack
}
}
/**
* @brief Example function to apply hooks.
*/
void DoHooks(void)
{
// Do your signature scanning here..
BYTE* btCodeAddr = SomeAoBScanner(...);
// Unprotect the memory to write your jump..
DWORD dwOldProtect = NULL;
::VirtualProtect(btCodeAddr, 1000, PAGE_EXECUTE_READWRITE, &dwOldProtect);
// Store the original data from the memory here if you want to restore it later etc..
// Write the jump to the code cave..
BYTE* btJmpCave = (BYTE*)btCodeAddr;
*(BYTE*)btJmpCave = 0xE9;
*(int*)(btJmpCave + 1) = MakeJump(btJmpCave, YourCodeCaveName);
// Nop any extra data needed here..
memset((BYTE*)(btJmpCave + 5), 0x90, 5);
// Calculate the return jump..
dwJumpBack = (DWORD)(btJmpCave + 10);
// If you wish; restore the memory protection here..
} |
_________________
- Retired. |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
