Game plug-in programming 2 C/C ++ inline assembly code and DLL

Hefei Program Group members: 49313181. Hefei real-name programmer group: 128131462 (those who do not want to disclose their names and information should not join)
Q: 408365330 E-mail: egojit@qq.com

In the previous section, I explained the use of Ce. In this section, I will explain the knowledge of C/C ++ used in Plug-in programming in windows, inline assembly and C ++ mfc dll compiling. These two basic knowledge will be used in later plug-ins, but it is not necessarily the knowledge of the current high-level language writers. Although I was C in the first language, I still started my career as C # (after graduation, I still focused on C # development on the. NET platform ).

1. inline assembly in C/C ++Code:The code for creating a Windows console project is as follows:

# Include "  Stdafx. h  "  Extern   Int Add ( Int A, Int B ); //  Method Declaration  Int Main ( Int Argc, _ tchar * Argv []) {  Int  Re; Re = Add ( 1 , 3 ); //  Call the Add Method Printf ( "  % D  "  , RE); scanf_s ( "  % D  " , & Re ); //  View the output result of the console purely for pause      Return   0  ;}  Int Add ( Int A, Int  B) {_ ASM {  //  Assembly code block  MoV eax, a add eax, B mov B, eax}  Return B ;} 

It is easy to see that assembly code is embedded in the called add method. The running result is 4. The following figure shows the truth.

Through this simple inline assembly, I believe everyone is familiar with the method of embedding assembly code in C/C ++, mainly in _ ASM. Of course, the code here is a little different from the real assembly. Let's take a look at the code after disassembly:

Extern Int   Add ( Int A, Int B) ;  // Method declaration  Int Main ( Int  Argc, _ tchar * argv []) {  00143a30    Push EBP  00143a31    MoV  EBP, ESP  00143a33    Sub  ESP, 0d0h  00143a39    Push  EBX  00143a3a    Push  ESI  00143a3b    Push  EDI 00143a3c    Lea  EDI, [ebp-0D0h]  00143a42    MoV  ECX, 34 h  00143a47    MoV  Eax, 0 cccccccch  00143a4c    Rep STOs DWORD PTR ES:  [EDI]  00143a4e    MoV Eax, DWORD PTRDS:  [0014800ch]  00143a53    XOR  Eax, EBP  00143a55    MoV Dword ptr [EBP- 4  ], Eax  Int Re ; Re = Add ( 1 , 3 ) ; // Call the Add Method  00143a58    Push          3    00143a5a    Push          1    00143a5c    Call          Add  (01411d6h)  00143a61    Add ESP, 8    00143a64    MoV Dword ptr [re], eax printf (  "  % D  " , RE) ;  00143a67    MoV  ESI, ESP  00143a69    MoV  Eax, dword ptr [re]  00143a6c    Push  Eax  00143a6d    Push 1458a8h  00143a72    Call DWORD PTR DS:  [1492bch]  00143a78    Add ESP, 8    00143a7b    CMP  ESI, ESP  00143a7d    Call  _ Rtc_checkesp (01411e0h) scanf_s (  " % D  " , & Re) ;  // View the output result of the console purely for pause  00143a82    MoV  ESI, ESP  00143a84    Lea  Eax, [re]  00143a87    Push  Eax  00143a88    Push  1458a8h 00143a8d    Call DWORD PTR DS:  [1492b8h]  00143a93    Add ESP, 8    00143a96    CMP  ESI, ESP  00143a98    Call  _ Rtc_checkesp (01411e0h) Return  0  ; 00143a9d    XOR  Eax, eax} 

This is the disassembly of the main function. Next let's look at the disassembly code of the add function:

 Int   Add ( Int A, Int  B ){  001417a0    Push  EBP  001417a1    MoV  EBP, ESP  001417a3   Sub  ESP, 0c0h  001417a9    Push  EBX  001417aa    Push  ESI  001417ab    Push  EDI  001417ac    Lea  EDI, [ebp-0C0h]  001417b2    MoV ECX, 30 h  001417b7    MoV  Eax, 0 cccccccch  001417bc    Rep STOs DWORD PTR ES:  [EDI] _ ASM {// assembly code block  MoV  Eax,  001417be    MoV  Eax, dword ptr [A]  Add  Eax, B 001417c1    Add  Eax, dword ptr [B]  MoV  B, eax  001417c4    MoV  Dword ptr [B], eax} return B  ;  001417c7    MoV  Eax, dword ptr [B]} 

it can be seen that the inline assembly and Assembly commands in c are a little different. In the main function, call Add. This is to call the Add function. See before call add, you can see that the called add parameter is put in the stack from right to left (basic assembly knowledge ). The return values of the add function are placed in the General Register eax. In assembly, the function puts back the values in eax. The add function has such a line of Assembly mov eax, dword ptr [B] . Add ESP, 8 . This is something we don't need to pay attention to in advanced languages. Let's learn more about assembly by ourselves. After all, there is a wealth of compilation knowledge, and we can't tell you a few words. Here I just want you to understand the general context. In plug-in programming, we often call a method in the game thread through inline assembly. For example, we call the process of repairing jade or magic medicine to automatically drink medicine. This is a basic plug-in process.

2. Write c ++ mfc dll:From other languages, you may not know how to write a DLL in C ++. C ++ dll can be written in many ways. Here I will introduce the MFC DLL. It is the easiest way to get started. What is the use of DLL ?? I will not talk about other functions, but what is the function of plug-ins. In the plug-in, we need process injection. As mentioned above, each program has its own private 4G process space (32-bit system, 0x00000000 ~ 0x7fffffff space belongs to the application space, and the high address space belongs to the operating system), to protect the process. How can we control another program ?? At this time, we need to think of putting our code in the controlled process space, but under normal circumstances, under normal circumstances, one program normally cannot access another program process space. At this time, we can use process injection to inject our DLL into the game process space. I usually use two methods: writeprocessmemory and injection by hook. The two injection methods are described in the following sections. Start to write a DLL and add the project on the project solution (vs2012 is used ). select C ++, select MFC, and select mfc dll. add an add method after the source file;

 
IntAdd (IntA,IntB ){ReturnA +B ;}
 

The next step is very important and needs to be exposed. Put this function name in the def File

The code in def is:

; Mfclibrary1.def: Declares the module parameters of the DLL. Libraryexports; you can explicitly export the add
 

In this way, the Add function is exposed outside the DLL. In this way, it can be called in the EXE;

The calling code in the EXE program is as follows:

 //  Asmtest. cpp: defines the entry point of the console application.  //  # Include  "  Stdafx. h  "  # Pragma Comment (Lib, "mfclibrary1.lib ") Extern   Int Add ( Int A, Int B );  Int Main ( Int Argc, _ tchar * Argv []) {  Int Re = 3  ; Re = Add ( 1 , 3 ); //  Call the Add Method Printf ( "  % D  "  , RE); scanf_s ( "  % D  " , & Re ); //  View the output result of the console purely for pause      Return   0  ;}  //  Int add (int A, int B ){  //  //  _ ASM {  //  Assembly code block  //  MoV eax, //  Add eax, B  //  MoV B, eax  //      //  }  //  Return B;  //  } 

 
# PragmaComment (Lib, "mfclibrary1.lib") is one of the call methods. Do not forget to declareExtern IntAdd (IntA,IntB );Otherwise, the add method cannot be found.
In this way, a DLL and a call to the DLL are implemented. Pave the way for subsequent DLL injection.

 

Copyright: it belongs to the blog and egojit websites. For details, refer to the source.