Question Communication between injected DLL (C++) and Bot (C#)

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

ranseier

Jr.Coder
Full Member
Nobleman
Sep 26, 2015
53
303
3
Hi guys,

I have established a communication between my injected dll (c++) and my bot (c#) via named pipes. I have hooked into a game function that gets all player base addresses. These addresses get send to my bot through a named pipe.

Some code:
C++:
DWORD PlayerBaseJmpBack = 0;
DWORD PlayerBase = 0;
__declspec(naked) void GetPlayerBase()
{
	__asm mov edx, [esi + 0x3C]
	__asm mov[esi + 0x04], eax
	__asm MOV PlayerBase, ESI
	IPCSendAsync(PlayerBase);

	//Jump back to our original code
	__asm jmp[PlayerBaseJmpBack]
}
Problem: This hooked game function gets called extremly often and fast. As you can see, everytime the function gets called, the playerBase gets send through the named pipe with IPCSendAsync(). Very inefficient and slow. My first attempt wasn't even async, this made parts of the game slow/flickering.

I have to admit, that I don't need this data in real time. I am retrieving player addresses and these change only when players enter or leave the game.

What would be a good approach to make this more efficient?

One idea:
Instead of calling IPCSendAsync directly, write the current playerBase address into a list (without duplicates). A timer calls IPCSendAsync(listOfPlayerAddresses) every 50ms and clears listOfPlayerAddresses. Now the hooked function only fills the address list. This should be significantly faster. In a different thread, a timer sends the address list into the named pipe and clears it afterwards.

Thanks!
 

mambda

headass
Escobar Tier VIP
Trump Tier Donator
Jun 25, 2014
2,298
37,938
269
Yeah threading is good. I've never used that function so I can't speak for any other optimization, but in my experience packets are always really quick if you do it properly (again though, you dont want to be calling things like that in the game function)
 

ranseier

Jr.Coder
Full Member
Nobleman
Sep 26, 2015
53
303
3
IPCSendAsync is a function I wrote that handles all the named pipe stuff.

I am gonna check out if my idea works.

But I am still curious how other people handle this problem. Forwarding messages from a hooked function thats getting called extremly fast.
 

ranseier

Jr.Coder
Full Member
Nobleman
Sep 26, 2015
53
303
3
yeah, i know this library. too bad its LGPLv3 which means you have to dynamically link it. don't know if you can use it in an injected dll then...
 

Solaire

Respected Hacker
Dank Tier VIP
Dec 15, 2013
1,051
16,353
62
yeah, i know this library. too bad its LGPLv3 which means you have to dynamically link it. don't know if you can use it in an injected dll then...
You can use libraries in your internal hacks :p. Afaik just have the library DLL in the game directory.
 

ranseier

Jr.Coder
Full Member
Nobleman
Sep 26, 2015
53
303
3
Just tried to save the addresses in a std::vector which seems to be the fastest type of list in c++.

C++:
DWORD PlayerBaseJmpBack = 0;
DWORD PlayerBase = 0;
std::vector<DWORD> PlayerBaseAddresses;

__declspec(naked) void GetPlayerBase()
{
	__asm mov edx, [esi + 0x3C]
	__asm mov[esi + 0x04], eax
	__asm MOV PlayerBase, ESI
	PlayerBaseAddresses.push_back(PlayerBase);

	//Jump back to our original code
	__asm jmp[PlayerBaseJmpBack]
}
The other players in Assault Cube are still flickering after injection...
When I remove "PlayerBaseAddresses.push_back(PlayerBase);", everything is fine.

I guess I have to hook a function that doesn't get called a billion times per nanosecond.
 

mambda

headass
Escobar Tier VIP
Trump Tier Donator
Jun 25, 2014
2,298
37,938
269
std::array may be what you want. Never used it myself to ymmv
 

ranseier

Jr.Coder
Full Member
Nobleman
Sep 26, 2015
53
303
3
Hey,

after using my IPCSendAsync function between pushad, pushfd, popfd, popad everything runs super fast.

C++:
DWORD PlayerBaseJmpBack = 0;
DWORD PlayerBase = 0;
std::vector<DWORD> PlayerBaseAddresses;
 
__declspec(naked) void GetPlayerBase()
{
    __asm mov edx, [esi + 0x3C]
    __asm mov[esi + 0x04], eax
    __asm MOV PlayerBase, ESI

    __asm pushad // push all general registers
    __asm pushfd // push all flags 

    IPCSendAsync(PlayerBase);

    //restore stack/registers, so we don't corrupt any data and program flow continues as it should
    __asm popfd
    __asm popad 


    //Jump back to our original code
    __asm jmp[PlayerBaseJmpBack]
}
I have read the example in c5's thread https://guidedhacking.com/showthread.php?3233-Mid-function-hooking

Why is it flickering without these instructions and why not WITH these instructions?
 

mambda

headass
Escobar Tier VIP
Trump Tier Donator
Jun 25, 2014
2,298
37,938
269
Oh, completely missed that, it's a wonder that it was running without it, most of the time it would crash without you saving the registers before a function call.

By the way, you can do this "__asm{ asm code here }" instead of __asm each line, makes for neater and (imo) cooler looking asm

But yeah, most functions modify registers so without calling push/popa then there's a chance that one of the registers you were using / the function that you'd return to was using would get xxxxed up, therefore usually causing a crash, but i guess in your case causing an extremely slow program
 
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods