 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Nigtronix
Cheater
![]() Reputation: 0
Joined: 18 May 2007
Posts: 45
|
 Posted: Fri May 18, 2007 8:38 pm Post subject: Host process access |
 |
|
Hello board, I wrote a DLL injector and so far I injected custom DLL with threads that just display messageboxes. I was wondering how I can access the address space and functions of the host process that my DLL is injected into.
Any help will greatly be appreciated
Also, how does the CE "Find out what code writes to this address" work? How would you do that without CE manually?
|
|
| Back to top |
|
 |
stimmedcow
How do I cheat?
![]() Reputation: 0
Joined: 21 May 2007
Posts: 5
|
| Posted: Mon May 21, 2007 10:07 pm Post subject: Re: Host process access |
|
|
| Nigtronix wrote: | | Hello board, I wrote a DLL injector and so far I injected custom DLL with threads that just display messageboxes. I was wondering how I can access the address space and functions of the host process that my DLL is injected into. |
Well, you've done the hard part already, and that is getting your DLL into your target. Once you are injected into the target, you are essentially part of the process now. That means you hvae direct access to memory and functions. As for how you work with it, here are some quick examples off the top of my head that should be along the lines of what you want to do:
Let's say you have it so a function of yours is called on some event, you want to do something, then call the original function.
| Code: |
void MyFunction1()
{
__asm
{
...
mov eax, 0x11000 // Let's say our function is at this address
push 0 // And it takes 1 param, some int
call eax // Call function
add esp, 4 // Restore the stack!
...
}
|
Now, when your function is executed in the client, it will do your stuff, then go though and call the function and then continue on after the function returns.
Now, you may be asking, how do you get the client to call your function?
For that you will have to modify the client itself via assembly code to do that. You will either make the client call your function or jmp into it and back out like a code cave.
So in short, you will:
Make a DLL that contains the code you want to use in some process
Inject the DLL into that process
Patch the process to call your code and functions in your DLL
That all works because the DLL is in the process itself, you can directly access memory of the process and use functions assuming you know how to call them and what registers need to be filled with what data before so.
If you want to PM me later, I can show you how I do everything with my current toolset, I don't have it on the net because I'm redesigning it after an initial test didn't turn out quite that well (Aimed to make it generic but the users didn't quiet understand that concept).
| Quote: | | Also, how does the CE "Find out what code writes to this address" work? How would you do that without CE manually? |
Not sure but it looks like there's a forum of source code here  I think they have a hardware driver that's used to tell that, can't say for sure though, didn't look at source and haven't used CE.
|
|
| Back to top |
|
|
Nigtronix
Cheater
![]() Reputation: 0
Joined: 18 May 2007
Posts: 45
|
| Posted: Wed May 23, 2007 2:28 am Post subject: |
|
|
Wow Thank you so much  , if you can PM me later about that I'd greatly appreciate it.
Another question? How do I get the bounds of the host process memory space. I want to use ReadProcessMemory() to scan the entire process address space.
Thanks
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
