Use of remote game code injection and dynamic Connection Library
Original article address:
Http://software.intel.com/zh-cn/blogs/2011/05/31/400007635? Cid = Sw: prccsdn1705
The premise is that the remote base address has been successfully captured using the assembly language.
In VC, there are several common methods to read remote base addresses: hook functions can be used, or Windows API remote process functions can be used to read memory, then obtain the data of the Remote Process on the local machine and inject the relevant code to achieve higher execution efficiency.
Common API functions:
Findwindow (); // find the current game running window,
Getwindowthreadprocessid (); // get the game handle
OpenProcess (); // obtain the access permission of the game process
Readprocessmemory (); // read/write memory space, which contains the base address for the game to change the value and the name of the function injected
Createremotethread (); // create a remote thread and inject code
Create and call a Dynamic Linked Library
1. Create a dynamic link library; 2. Add function code; 3. implement a set of outputs in the def file; 4. Run the release version, Win32 release; 5. Create an MFC program, add the dynamic link library and function library files to the MFC Program folder, and set the file search path to link and write the file name. 6 call declspec (dllimport) int function name (parameter) first ), or # pragma comment (Lib, "mydll. lib ")
2 injection into the game: Take the keyboard as an example:
1. the keyboard callback function keyboarproc; setwindowshook (create a keyboard hook function. When using this function, automatically call the callback function by monitoring the keyboard action. Inject game code into the game to complete the required operations.
// Installation thread hook
Hhook setwindowshookex (
Int idhook, // callback function type
Hookproc lpfn, // hook callback function, keyboard callback function
Hinstance hmod,
DWORD dwthreadid // game thread ID
);
The corresponding callback functions are also different, for example: CALLWNDPROC cbtproc, keyboardproc mouseproc has buttons to press the callback function, keyboard callback function, and mouse callback function.
As can be seen from the above, to inject code, you need to install the hook function to generate the corresponding hook function, generate a callback function through the hook function, and write the injection code in the callback function. Meanwhile, the callback function can be considered to be written into the dynamic Connection Library.
Lresult callnexthookex (
Hhook HHK,
Int ncode,
Wparam,
Lparam
);
Lresult callback keyboardproc (
Int code,
Wparam,
Lparam
);
Install game functions:
Create a game program: add the above dynamic link library. When you press the keyboard on the game interface, open the task manager. In the process, we can find that the game has injected our own dynamic link library.
The premise is that the remote base address has been successfully captured using the assembly language.
In VC, there are several common methods to read remote base addresses: hook functions can be used, or Windows API remote process functions can be used to read memory, then obtain the data of the Remote Process on the local machine and inject the relevant code to achieve higher execution efficiency.
Common API functions:
Findwindow (); // find the current game running window,
Getwindowthreadprocessid (); // get the game handle
OpenProcess (); // obtain the access permission of the game process
Readprocessmemory (); // read/write memory space, which contains the base address for the game to change the value and the name of the function injected
Createremotethread (); // create a remote thread and inject code
Create and call a Dynamic Linked Library
1. Create a dynamic link library; 2. Add function code; 3. implement a set of outputs in the def file; 4. Run the release version, Win32 release; 5. Create an MFC program, add the dynamic link library and function library files to the MFC Program folder, and set the file search path to link and write the file name. 6 call declspec (dllimport) int function name (parameter) first ), or # pragma comment (Lib, "mydll. lib ")
2 injection into the game: Take the keyboard as an example:
1. the keyboard callback function keyboarproc; setwindowshook (create a keyboard hook function. When using this function, automatically call the callback function by monitoring the keyboard action. Inject game code into the game to complete the required operations.
// Installation thread hook
Hhook setwindowshookex (
Int idhook, // callback function type
Hookproc lpfn, // hook callback function, keyboard callback function
Hinstance hmod,
DWORD dwthreadid // game thread ID
);
The corresponding callback functions are also different, for example: CALLWNDPROC cbtproc, keyboardproc mouseproc has buttons to press the callback function, keyboard callback function, and mouse callback function.
As can be seen from the above, to inject code, you need to install the hook function to generate the corresponding hook function, generate a callback function through the hook function, and write the injection code in the callback function. Meanwhile, the callback function can be considered to be written into the dynamic Connection Library.
Lresult callnexthookex (
Hhook HHK,
Int ncode,
Wparam,
Lparam
);
Lresult callback keyboardproc (
Int code,
Wparam,
Lparam
);
Install game functions:
Create a game program: add the above dynamic link library. When you press the keyboard on the game interface, open the task manager. In the process, we can find that the game has injected our own dynamic link library.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
