DLLS and Memory Modification.

chiefioso · 11/18/2009, 00:41

Well, web developer of 6 years here.
All PHP. I did two years of Java before realizing that was garbage.
I am fairly familiar with C#, and all of the syntax, and quite a few C++'isms'

I am just curious as to the technical aspects of DLL injection, and how it differs from memory mod.

PSide 2.5 seems to be just a DLL injected, and it hooks and modifies memory.

What is the difference between this and just using CheatEngine or Tsearch and modifying memory addresses, other than some convenience functions, directX interface etc?

Naturally, DLL injection is supposed to be more elegant. Are you hooking onto internal functions, variables, etc and modifying them natively? Or are you just adding a convenient interface for memory modification and tracing?

That's my big question. If it is the former (internal values/function hooking), what detection is implemented, and what interface are you actually using to do the modification from app-to-app?

I would just like to know a bit more about the aspects of this, so I can better help the community, and possibly release some cool stuff.

K.

joltting · 11/18/2009, 03:11

Quote:

Originally Posted by chiefioso

What is the difference between this and just using CheatEngine or Tsearch and modifying memory addresses, other than some convenience functions, directX interface etc?

In all honestly their is little difference between CheatEngine and Tseach in regards to memory modification. But, when using programs like CheatEngine, MHS or Tsearch their primary function is to search active bytes with in a program. The results you get back from these types of programs are no more then temporary address's and values stored in temporary memory. Using a memory searcher like CheatEngine, you can then debug these temporary values and then find the actual non-temp memory address. What my program does is to locate these non-temp address and modify them.

Using a memory searcher isn't vary piratical considering the amount of time it takes to find each function every time you re-open the program.

Quote:

Originally Posted by chiefioso

Naturally, DLL injection is supposed to be more elegant. Are you hooking onto internal functions, variables, etc and modifying them natively? Or are you just adding a convenient interface for memory modification and tracing? That's my big question.

Yes I hook into internal functions, found directly in the game. I then follow threw with detouring them to my dll, thus allowing me to modifying them to my will.

Quote:

Originally Posted by chiefioso

If it is the former (internal values/function hooking), what detection is implemented, and what interface are you actually using to do the modification from app-to-app?

If I'm no mistaken your asking how I find these address once my app executes? Take a look at the signature search in my program for that information.

-------
You seem very interested in, contributing to the community. I'm no longer developing anything as I'm going on to bigger and better things. So someone like you who seems interested in creating something wonderful will do this community a great honer.

Though if you really are considering creating another program for planetside, I very much consider programming in "C" (not c++), and not in C#. This allows for much less headache in the future for incompatibility error and read ability error. Plus the unneeded and personal opinion of a unnecessary run time library called .Net. But of course this is only my personal opinion. I could go into real detail about why it's critical you step away from C#, but that would take me a long time to go though a massive list why. So I'll just leave you to uncover why I say this.

-Jolt

chiefioso · 11/18/2009, 04:37

I should have mentioned; C# is used for a few easy Silverlight things in my work, other .NET powered stuff (trash). Fairly familiar.

C requires different memory handling techniques than C++, and C# even fewer 'things to do.' C is lower level etc etc.

.NET runtime is an extra POS in my opinion.

I think the other questions I had would be:

How did you debug, find or probe these internal game functions? (Not D3D hooks etc)

I saw the Sigsearch, I think more interesting was how you got the signatures (I looked at the credits to the program, saw the generator.)

Naturally, in an all web environment on a day-to-day basis, none of these things are necessary.

I am fairly comfortable with C++, having compiled, modified, and done quite ab it of it in *nix environments. But all of the things I have done don't involve memory mod, hooking, and all of these fun things. (And naturally app extensions are not DLLs.)

Just looking for a good place to start. These really aren't things that are answered in this forum. (Although the 'level 2' planetside forum has a few from what I hear

)

K

chiefioso · 11/18/2009, 04:45

Btw, I noticed you are using a lot of strange DX8 dependencies. I have managed to locate these, but it doesn't look like you have them PATHed?

joltting · 11/18/2009, 05:36

Quote:

Originally Posted by chiefioso

C requires different memory handling techniques than C++, and C# even fewer 'things to do.' C is lower level etc etc.

You have no idea how wrong you are. Contrary to popular belief that C++ is greater then C is a commend misconception. Since so many use C++ not to many can explan just why C++ is better. Most will point to object orated programming. But the fact is, is that OOP is nothing more then complete BS. That causes confusion when others attempt to read your code. It desperately inspires sloppy code habits.

Trust me, I switched from C++ to C and never looked back.

Quote:

Originally Posted by chiefioso

How did you debug, find or probe these internal game functions? (Not D3D hooks etc)

Trial and Error. And a good understanding of assembly.

Quote:

Originally Posted by chiefioso

I saw the Sigsearch, I think more interesting was how you got the signatures (I looked at the credits to the program, saw the generator.)

They are bytes surrounding the function I want to modify.

Quote:

Originally Posted by chiefioso

Btw, I noticed you are using a lot of strange DX8 dependencies. I have managed to locate these, but it doesn't look like you have them PATHed?

Code:

	while(handleD3D == NULL){
		handleD3D = (DWORD)GetModuleHandle(D3Ddllname);
		Sleep(10);
	}

chiefioso · 11/18/2009, 22:25

You are saying C++ is OOP and C is procedural? Definitely didn't know that. I just thought memory management was different. And naturally C# sits on top of the .NET runtime.

I mangaed to get the Summer 2004 DX8 dependencies and get them included; compiled like a charm.

I will be looking into debugging - You said I could do ASM debug with CheatEngine (I have done this with PSide before, not very well, but I have done it. No-oping, etc. Not a whole lot of study)

OllyDBG I hear is good too, never used it.

I am curious is to if you have any actual native function or variable calls in the program. I see you are rerouting variables to functions in your apps, that all makes sense, but I do not see any function calls by name.

joltting · 11/19/2009, 00:26

90% of my debugging was with ollyDBG and the other 10% was with another debugger/decompiler, IDA pro(not free).

If you or anyone else is interested in learning assembly I highly suggest reading IA-32 chipset from intel. It's very important to understand how the CPU handles the instructions surrounding the program's demand. Understanding this makes your job twenty times easier then you would be going head on, attempting to change a function of some sort. It allows you to get a complete over view of how programs handle several different types of functions, that in the end lets you pin point what exactly you are looking for. So take a moment and look over these two manuals I listed and try to understand what you want to accomplish.

Intel® 64 and IA-32 Architectures Software Developer's Manual
Volume 3A: System Programming Guide

and

Intel® 64 and IA-32 Architectures Software Developer's Manual
Volume 3B: System Programming Guide

chiefioso · 11/19/2009, 22:32

Might I ask what you were using IDA for?

joltting · 11/29/2009, 02:06

Thanks for the complement burnz. But yea, it was my first project I did so the performance decrease was to be expected. But since then, I have indeed improved my coding habits.

chiefioso · 12/22/2009, 11:17

Burnz, haven't seen you around in a while.

chiefioso · 12/24/2009, 08:36

Quote:

Originally Posted by Itburnz

I'm way too busy with DAMNCheaters - we need more coders but unfortunatly we fail to catch and lock them up...

Haha. I might be there some day. I am a web developer

But programming is programming. I have access to great designers (work for major firms), for UI polishing.