Difference between revisions of "Code injection"
(12 intermediate revisions by 8 users not shown) | |||
Line 1: | Line 1: | ||
− | Code injection is the act of injecting code and causing it to be executed | + | [[Category:Help]] |
+ | '''Code injection''' is the act of injecting code and causing it to be executed, either automatically (with the [http://resources.infosecinstitute.com/using-createremotethread-for-dll-injection-on-windows/ CreateRemoteThread Windows function]) or by jumping to there from the target process after modifying the code. | ||
− | There are multiple ways of injecting code into a target process. The most common | + | There are multiple ways of injecting code into a target process. The most common methods are DLL injection and assembly injection. |
− | One use of code injection is for finding dynamic addresses that tend to change each time the game is run. By placing a code injection on a routine that accesses that address, like a | + | One use of code injection is for finding dynamic addresses that tend to change each time the game is run. By placing a code injection on a routine that accesses that address, like a user interface update routine, you can find the address of that specific variable. This technique is called '''Injection Copies'''. |
− | + | ||
+ | CE supports [[AOB Injection]] and [[Code Injection]] in AA (auto-assemble) scripts. [[AOB Injection]] and [[Code Injection]] are really the same thing except in case of [[AOB Injection]], the injection point is scanned and found in the code using a specific signature (AOB = array of byte) while Code Injection uses hard-coded addresses. Since [[AOB Injection]] performs a scan, it often takes some time to enable a script containing an [[AOB Injection]]. In contrast, [[Code Injection]]-based scripts can always be enabled instantly because the injection address is known. | ||
+ | |||
+ | [[AOB Injection]] has a few benefits over [[Code Injection]] however: | ||
+ | * The signature can be found in never builds of executables, too, making scripts more tolerant to software updates. | ||
+ | * If the signature is not found during an [[AOB Injection]] (for example, because software was updated), then the script terminates (as opposed to [[Code Injection]] which would write the specified code to the wrong addresses anyway). | ||
+ | |||
+ | CE also supports building custom injection templates using [[LUA]] extensions. [[mgr.inz.Player]] came up with a great set of such extensions and even added user-defined templates; the instructions and the LUA extensions are available at this location: [https://forum.cheatengine.org/viewtopic.php?t=588038 Custom 'AOB Injection' Templates]. Make use of them, these will save you a lot of time and headache. |
Latest revision as of 13:28, 5 May 2024
Code injection is the act of injecting code and causing it to be executed, either automatically (with the CreateRemoteThread Windows function) or by jumping to there from the target process after modifying the code.
There are multiple ways of injecting code into a target process. The most common methods are DLL injection and assembly injection.
One use of code injection is for finding dynamic addresses that tend to change each time the game is run. By placing a code injection on a routine that accesses that address, like a user interface update routine, you can find the address of that specific variable. This technique is called Injection Copies.
CE supports AOB Injection and Code Injection in AA (auto-assemble) scripts. AOB Injection and Code Injection are really the same thing except in case of AOB Injection, the injection point is scanned and found in the code using a specific signature (AOB = array of byte) while Code Injection uses hard-coded addresses. Since AOB Injection performs a scan, it often takes some time to enable a script containing an AOB Injection. In contrast, Code Injection-based scripts can always be enabled instantly because the injection address is known.
AOB Injection has a few benefits over Code Injection however:
- The signature can be found in never builds of executables, too, making scripts more tolerant to software updates.
- If the signature is not found during an AOB Injection (for example, because software was updated), then the script terminates (as opposed to Code Injection which would write the specified code to the wrong addresses anyway).
CE also supports building custom injection templates using LUA extensions. mgr.inz.Player came up with a great set of such extensions and even added user-defined templates; the instructions and the LUA extensions are available at this location: Custom 'AOB Injection' Templates. Make use of them, these will save you a lot of time and headache.