Cheat Engine

[remedy1]

I wrote a CE plugin with Lazarus and the plugin system (fantastic system btw). It's called "myPlugin".

Everything is working great.

I now want to extend myPlugin and inject a DLL into a target process.

LoadLibrary would be the way to go.

However i don't want to distribute too many DLLs so i included them in the Resource of myPlugin.

Is there a way to inject the DLLs into a target process without writing them to the file system first?

Thanks for your time.

[Dark Byte]

well, you could emulate what windows does when it loads a dll.
parse the PE header, allocate sections, copy contents of the file to the apropriate sections and fill in the relocation addresses
when done find tbe entrypoint and execute it telling it it's base address (dll init)
if it's 64 bit you'll have to make sure your dll uses vectored exceptions instead of structured exceptions (lazarus dlls use vectored exceptions so that's fine)

it's usually easier to just write the dll to the filesystem, or come with it from the start (so no need to delete when done, which won't happen when ce is force closed)

[remedy1]

Ah i thought that maybe CE already had such a injection technique.
But that sounds like fun!

I am planning on distributing >5 DLLs and giving we have x86 and x64 that would sum up to 10 DLLs.

That's the reason i don't want to place them on the filesystem. Also as you mentioned if someone force closes CE the DLLs would still be tho you wouldn't need them anymore.

I just had an intresting read over at:
joachim-bauch.(de)/tutorials/loading-a-dll-from-memory/

Which sounds exactly like you described.


I'll get onto it later today.

Maybe we can see something similar in a future release of CE?
Sounds like a great addition in functionality.

[Dark Byte]

the forcedinjection plugin has something like that, but it's not 100% functional (probably the symbolhandler having issues with redirection exportnames)

https://github.com/cheat-engine/cheat-engine/tree/eb1428bb5218250e033aae95c5bb0d747be923dc/Cheat%20Engine/plugin/forcedinjection


Also, it's really not a big issue to have multiple dll's in it. E.g stealthedit has a dll it injects(for 32 and 64-bit), and it puts them in their own folder.

[remedy1]

Nice example. I'll build upon that!

You are probably right about extracting the DLLs in seperate folders.

But the idea has now grown on me so i'll implement the memory injecting through resources.

Thanks again for your input!

[atom0s]

The thing you are trying to accomplish is called manual mapping in the game hacking world. There are a handful of examples on a few other cheating sites you should be able to find easily via Google.

[remedy1]

Thanks atom0s i will look that up as well!