Guide C# Game Hacking Guide - Start Here

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,382
78,998
2,414
How long you been coding/hacking?
5 years
What is C#?

I am going to quote wikipedia:

C# is a modern, general-purpose, object-oriented programming language developed by Microsoft that targets the .NET framework. It is managed code.

Managed code is computer program code that requires and will execute only under the management of a Common Language Runtime (CLR) virtual machine, e.g. .NET Core, .NET Framework, or Mono. The term was coined by Microsoft. Managed code is the compiler output of source code written in one of over twenty high-level programming languages, including C#, J# and Visual Basic .NET.

C# code is interpreted by the .NET virtual machine or interpreter. This means your compiled binary is compiled into bytecode. Because of this, you can easily decompile and get the source code of C# projects using something like 0xd4d/dnSpy

Why choose C# over C++?
Each language has it's advantages and disadvantages, low level tasks are done more easily in C++ and high level tasks are easier in C#.

.NET's goal has always been to make development easier, faster & safer. Because of that, C# allows you less freedom in terms of memory manipulation than C++. The freedom C++ provides is also the reason it's so dangerous. C# is a higher level language than C++, when it comes down to having direct access to memory and being able to manipulate it easily, C++ is better. Doing low level things in C# is still possible, it just takes more work. On the flip side, everyday run of the mill tasks in C# are drastically easier. For instance finding a process in C# by name is 1 line of code, in C++ it's 15.

In C# making a GUI is incredibly easy. If you plan to mostly make external trainers, C# is the best choice.

My personal opinion is do whichever language you like more. Just don't come complaining to me when you can't do something in C# :p Keep in mind there are 2x more C++ source codes for game hacking than there are for C#. But syntax of both languages are very similar, if you know one, you can read the other and easily port it over.

Learning the basics of C#
For this task, I present you two tutorials:
C# Tutorial - Tutorialspoint
C# Tutorials

Game Hacking C# Goodies

Best C# Hacking Videos to Get Started:


Just like with our C++ tutorial series the most important 2 functions you will need in the beginning are

Video Tutorial - How to make C# Hacks Tutorial - External Trainer
Getting the base address of a module: Source Code - C# Get Module Base Address - C# GetModuleBaseAddress Function
Calculating a multilevel pointer: Source Code - C# Multilevel Pointer Function - C# version of FindDMAAddy
Source Code - Simple C# Pattern Scan

C# Fleep Tutorials
I have to be honest here and say, these source codes are not very good. But if you like Fleep, prefer videos and want a peek at what C# cheat development looks like:
Outdated - C# - Assault Cube - How to Hack Any Game Aimbot Tutorial
Outdated - C# - Call of Duty Modern Warfare - Aimbot ESP COD4 Hack Tutorial
Outdated - C# - Direct3D 9 Overlay Custom Crosshair Cheat Tutorial

C# DLL Injection
Source Code - Bleak Version 2.0 - C# DLL Injection Library
Download - (Source included) DLL Injector

How to Inject C# Managed Assembly into Unmanaged Native Process
guibacellar/DNCI

Akaion's C# Threads
Besides his epic DLL Injection lib @Akaion has published a bunch of cool sources for us
Source Code - C# Memory Editing Library
Source Code - Juno - Manged Function Detouring Library
Source Code - Function Call Assembler
Tutorial - Using syscalls in C#

C# Unity Related
The Unity game engine uses C# for all the game logic and writing hacks for it in C# are the way to go, thanks to Mono injection.
Guide - Unity Game Hacking Guide & Tutorials
Tutorial - How to Hack Unity Games using Mono Injection Tutorial
Guided Hacking DLL Mono Injector
Source Code - [Generic] Unity Based CrossyRoads Mod Menu

Misc Source Codes
Tutorial - GDI Overlay
Source Code - Crappy memory class
C# Better Trainer Class
Source Code - C# Getting any exported function of any module
Source Code - Signature Scanning With C#
Download - D3D9 Menu Template
Source Code - IW5MP 1.4.382 - Multi hack - Aimbot ESP
Source Code - Call of Duty Ghosts SP - Trainer
 
Last edited:

TheChiken666

Newbie
Full Member
Jun 12, 2013
14
422
0
Hello, tell me whether you can write cheats C#??
and what functionality will be in these cheats?
Is it possible to write on it: Aim, Recoil Control System,Triggerbot,esp.
 

emistz

Jr.Coder
Dank Tier Donator
Nobleman
May 3, 2013
71
338
0
Hello, tell me whether you can write cheats C#??
and what functionality will be in these cheats?
Is it possible to write on it: Aim, Recoil Control System,Triggerbot,esp.
Pretty much anything you can do in other languages you can do with C# when it comes down to writing cheats and hacks. Some parts will be easier to write, some parts will be harder as compared to other languages. But then again, that's always the case.

cheers,

emist
 

TheChiken666

Newbie
Full Member
Jun 12, 2013
14
422
0
Pretty much anything you can do in other languages you can do with C# when it comes down to writing cheats and hacks. Some parts will be easier to write, some parts will be harder as compared to other languages. But then again, that's always the case.

cheers,

emist
Thanks guy:)
 

lampuiho

Newbie
Full Member
Feb 1, 2013
10
202
0
With Cheatengine, I can easily create a symbol and inject asm codes to store the pointer at that address.

How excatly do I do this with C#? Let's say I have injected the unmanaged program with EasyHook and hooked on to that part of the code.

But the only access I have is the variables passed to that function. So what if that variable is only ever accessed as a global var?
 

emistz

Jr.Coder
Dank Tier Donator
Nobleman
May 3, 2013
71
338
0
With Cheatengine, I can easily create a symbol and inject asm codes to store the pointer at that address.

How excatly do I do this with C#? Let's say I have injected the unmanaged program with EasyHook and hooked on to that part of the code.

But the only access I have is the variables passed to that function. So what if that variable is only ever accessed as a global var?
With cheatengine you're doing runtime memory modification in that example. You don't need to be hooked into a process to do that. Just figure out how to write/read memory in C#.
 

lampuiho

Newbie
Full Member
Feb 1, 2013
10
202
0
I know how to write / read memory.

But I have no idea how to read/parse x86 asm code or create code caves with C#.

If I hook the process instead I can write codes in C# / C++.

I can't find any library to translate machine codes just yet.
 
Last edited:

emistz

Jr.Coder
Dank Tier Donator
Nobleman
May 3, 2013
71
338
0
I know how to write / read memory.
But I have no idea how to read/parse x86 asm code or create code caves with C#.
To read/parse x86 asm all you need to do is push in the corresponding bytes that match the x86 instructions at a given memory address.

Look at this . The exact same thing can be done in C# with pinvoke.
 

TheChiken666

Newbie
Full Member
Jun 12, 2013
14
422
0
and another supplementary question, and what better to create cheats, (delphi or C#)?..
like on C# can only do External cheats, then there will have to play with the included Windows Aero..?
 

emistz

Jr.Coder
Dank Tier Donator
Nobleman
May 3, 2013
71
338
0
and another supplementary question, and what better to create cheats, (delphi or C#)?..
like on C# can only do External cheats, then there will have to play with the included Windows Aero..?
You should become more familiar with programing in general. You can do just about anything with just about any language. Not sure what you mean by on C# you can do only external cheats.
 

somethingsomethingdarksid

Newbie
Full Member
Apr 25, 2013
17
209
2
Regarding asm, I'm not sure what ermistz wrote (it didn't make sense to me). But really the thing about opcode and assembly is that you 'have' to start from the beginning. If you have a block of bytes then there is no good way to differentiate between data and instruction. This is often a problem that is found reverse engineering binaries. It is possible to estimate by noticing something like E8 00 00 00 05 as a execution path altering bit of assembly but it's not guaranteed. This is because lengths of assembly instructions are optimised to be as small as possible - you get single byte instructions, for instance (you're all familiar, no doubt, with 0x90).


For converting bytes to assembly instructions you can use a library such as libdisasm. You simply pass it the appropriate bytes and have it translate them.
To get a disassembly of a binary: "objdump -D -M=intel <binaryname>" will work.


Languages: Well, while you can do lots of similar things in different languages, not all languages are the same and not all of them are able to do things. For example, smalltalk really fails when it comes to process manipulation. Personally I prefer to use the best language for the task and there are rarely any tasks that require something that C++ cannot provide.
 

lampuiho

Newbie
Full Member
Feb 1, 2013
10
202
0
Regarding asm, I'm not sure what ermistz wrote (it didn't make sense to me). But really the thing about opcode and assembly is that you 'have' to start from the beginning. If you have a block of bytes then there is no good way to differentiate between data and instruction. This is often a problem that is found reverse engineering binaries. It is possible to estimate by noticing something like E8 00 00 00 05 as a execution path altering bit of assembly but it's not guaranteed. This is because lengths of assembly instructions are optimised to be as small as possible - you get single byte instructions, for instance (you're all familiar, no doubt, with 0x90).


For converting bytes to assembly instructions you can use a library such as libdisasm. You simply pass it the appropriate bytes and have it translate them.
To get a disassembly of a binary: "objdump -D -M=intel <binaryname>" will work.


Languages: Well, while you can do lots of similar things in different languages, not all languages are the same and not all of them are able to do things. For example, smalltalk really fails when it comes to process manipulation. Personally I prefer to use the best language for the task and there are rarely any tasks that require something that C++ cannot provide.
Didn't make sense to me either.
The only way to inject codes (if not injecting dlls) would be to find code caves and change the original code to jump to that code cave with the code that you injected to.

I know code caves are regions in between those functions with the same byte. Don't quite remember what it is lol but pretty sure it's not nop usually.
But I don't know how to find and be certain it's a code cave.

about libdisasm, not sure how to use it with C#.
The website emistz provided suggests using ollydbg to translate them, though
 

till0sch

Respected Hacker
Dank Tier VIP
Dank Tier Donator
Oct 14, 2012
1,104
12,593
51
I know code caves are regions in between those functions with the same byte. Don't quite remember what it is lol but pretty sure it's not nop usually.
But I don't know how to find and be certain it's a code cave.
In cheat engine - Ctrl + Alt + C..

Write to those codecaves, also restore the original code there (which was damaged), then jump back..
 

somethingsomethingdarksid

Newbie
Full Member
Apr 25, 2013
17
209
2
Didn't make sense to me either.
The only way to inject codes (if not injecting dlls) would be to find code caves and change the original code to jump to that code cave with the code that you injected to.
It's not the only way to inject code.

I know code caves are regions in between those functions with the same byte. Don't quite remember what it is lol but pretty sure it's not nop usually.
But I don't know how to find and be certain it's a code cave.
Not sure what you're saying here. With the same byte? (I also wasn't implying that it was a NOP, the 0x90 byte was an example of a single byte instruction).
It's just a way of introducing extra code into a function by redirecting the path of execution by writing over the function's first bytes (this is the easiest, rather than required to be at the beginning)
to jmp to another place.


about libdisasm, not sure how to use it with C#.
The website emistz provided suggests using ollydbg to translate them, though
libdasm isn't a c# library.


using olly to translate code is a really slow and inefficient way of doing things :p
 

till0sch

Respected Hacker
Dank Tier VIP
Dank Tier Donator
Oct 14, 2012
1,104
12,593
51
Not sure what you're saying here. With the same byte? (I also wasn't implying that it was a NOP, the 0x90 byte was an example of a single byte instruction).
It's just a way of introducing extra code into a function by redirecting the path of execution by writing over the function's first bytes (this is the easiest, rather than required to be at the beginning)
to jmp to another place.
He's correct. Most codecaves are just like 20 bytes all '00' which can be overwritten.
 

emistz

Jr.Coder
Dank Tier Donator
Nobleman
May 3, 2013
71
338
0
I'm not sure what's so confusing. But maybe this will help:

1. You use olly or ida pro to disasm the code of the program you want to mess with.
2. You find the offsets for the instructions you want to change
3. You Writemem to the addresses that need changing and stick the byte represenation of the asm instructions you want.

That's pretty much all there is to it. Of course if you replace a 5 byte instruction with 3 bytes without padding the last two with nops you're gonna fuck something up. Similarly, if you replace a 3 byte instruction with 5 bytes you're gonna fuck something up most likely. If you need extra space you can wipe out multiple instructions, stick a jmp to a codecave and rebuild the instructions you wiped out + add whatever instructions you need if the code cave allows for enough space.

As far as using olly to translate being inefficient, well that's a matter of opinion I guess. You either do static reversing or dynamic reversing, or both. I'm not aware of how you do dynamic reversing without using a debugger, but maybe you can shine some light on that.

cheers,

emist
 

till0sch

Respected Hacker
Dank Tier VIP
Dank Tier Donator
Oct 14, 2012
1,104
12,593
51
I'm not sure what's so confusing. But maybe this will help:

1. You use olly or ida pro to disasm the code of the program you want to mess with.
2. You find the offsets for the instructions you want to change
3. You Writemem to the addresses that need changing and stick the byte represenation of the asm instructions you want.

That's pretty much all there is to it. Of course if you replace a 5 byte instruction with 3 bytes without padding the last two with nops you're gonna fuck something up. Similarly, if you replace a 3 byte instruction with 5 bytes you're gonna fuck something up most likely. If you need extra space you can wipe out multiple instructions, stick a jmp to a codecave and rebuild the instructions you wiped out + add whatever instructions you need if the code cave allows for enough space.

As far as using olly to translate being inefficient, well that's a matter of opinion I guess. You either do static reversing or dynamic reversing, or both. I'm not aware of how you do dynamic reversing without using a debugger, but maybe you can shine some light on that.

cheers,

emist
It doesnt matter if you replace 10 bytes with 5. You only have to jump back correctly for the trash code to be skipped.
 

lampuiho

Newbie
Full Member
Feb 1, 2013
10
202
0
Did you not read what I said, I don't exactly know how to find legit code caves without going into a debugger and find one myself.

It can be done automatically with codes. I just don't know how. And I would have to test things out if no one is providing a solution which is already available somewhere because cheat engine does it.

But I don't know where to look for in its source code.
 

till0sch

Respected Hacker
Dank Tier VIP
Dank Tier Donator
Oct 14, 2012
1,104
12,593
51
Did you not read what I said, I don't exactly know how to find legit code caves without going into a debugger and find one myself.

It can be done automatically with codes. I just don't know how. And I would have to test things out if no one is providing a solution which is already available somewhere because cheat engine does it.

But I don't know where to look for in its source code.
Why not finding static codecaves in your main module (with cheat engine) and then writing to them with your program? Why are you trying to AOB?
 
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods