Over the years, I've received a few questions about how some of my projects, which are usually distributed as standalone DLL files, are able to update themselves while already loaded inside a process. The underlying technique is nothing new and is typically used for malware and other offensive purposes, but there are a lot of innocent practical things you can do with it too.
I recently needed to patch a few instructions in a dynamic library I was loading in. Up until now, I’ve been getting by with applying the changes after loading the library, as none of the exported methods had been called yet, but that wasn’t going to work this time.
I’ve shown off a load of inline hooks in previous posts but I don’t think I’ve ever done any mid-function hooking on this blog before. Shocking, because there’s a ton of cool stuff you can do with it and, as luck would have it, I recently came across a library that makes both inline and mid-function hooking easier and safer than anything I’ve been using in the past.
Now that we know what requests look like, let’s try creating and posting some of our own. We’ve already captured one that gives us versions, checksums, and links to various game files. Now it’s just a matter of periodically re-issuing it and checking for changes.
This is the second in a series of posts on streamlining score sharing in beatmania IIDX. Using the data we found last time, we'll build an internal library to read score data from memory, find and hook a function to run our code on the result screen, and finally, hijack an import to get our library loaded automatically.
Sharing scores is a big part of the rhythm game community. For me, it's been a great way to keep track of my progress and meet similarly skilled players to compete with. On the other hand, taking pictures of the screen with my phone each time got old fast. The process needed some streamlining and I had a plan.
Somehow, despite the eternal procrastination that re-writing one of my larger internal projects has become, I’ve finally managed to make some progress and replace my extremely inefficient method for achieving ‘stream-proof’ visuals with something a lot easier to implement.
If a tree falls in a forest and no one is around to hear it, does it make a sound? Similarly, if we patch the memory of Counter-Strike: Global Offensive from kernel space, would that be considered an internal or external hack? Not sure. I know how to do it, though. Do you want to know?
This time we’re diving into the world of tool assisted speedrunning – also known as ‘TASing’. Simply put, the process of creating a speedrun using third-party tools. In this post, we’ll build the core recording & playback logic, add the ability to re-record and finally, replay the recording on a live server.
Welcome back to another instalment of the ‘alternative approaches’ series! This time we’re revisiting one of the fundamentals of internal game hacking on the Source Engine: the CreateInterface function, or more specifically, the underlying list of version strings and pointers that you should be using instead.