The game plug-in has deeply influenced many online game players. Today, I saw some technologies about the game plug-in, so they reprinted for your reference.
1, the principle of game plug
Putting is now divided into a variety, such as analog keyboard, mouse, modifying the packet, and modifying local memory, but it seems that there is no modification of the server memory, huh, huh. In fact, modifying the server is also a way, but the technology is too high, there is no way to start. (For example, please gift to night club, gift, black money, etc. can modify server data, haha)
Modifying the game is nothing more than modifying the data of the local memory, or intercepting the API function, and more. Here I will introduce the methods you can think of, I hope everyone can make good plug-in to make game manufacturers better improve their own technology. I have seen an article is the theoretical analysis of magic baby, write a lot, probably that look. I will explain the technical things in order to make the use of jade.
2 Technical Analysis Part
2.1 A simulating keyboard or mouse response
We are generally used:
Uint sendInput (uint ninputs, // count of infut events);
API function. The first parameter is the dimension of the matrix of the second parameter. The second parameter contains a response event. This is the first to fill, and finally this structure is very simple, this is the simplest method to simulate the keyboard. Mouse, huh, huh. Note that this function has an alternative function:
Void keybd_event (byte BVK, // Virtual key code BYTE BSCAN, / / Scan code DWORD DWFLAGS, ULONG_PTR DWEXTRAINFO // Additional key status);
versus
VOID mouse_event (DWORD dwFlags, // motion and click options DWORD dx, // horizontal position or change DWORD dy, // vertical position or change DWORD dwData, // wheel movement ULONG_PTR dwExtraInfo // application-defined information);
These two functions are very simple, I think the button elves are using this. The above is an analog keyboard, the following is an analog mouse. This is just an analog part, you have to contact the game we need to find the game's window, or contain shortcuts, just like the activation key of the button, we can use the getWindow function to enumerate the window, or use FindWindow Function to find a developed window (note, there is a findwindowex), FindWindowEx can find the child window of the window, such as buttons, what to wait. When the game switches the scene, we can use FindWindowEx to determine some of the characteristics of the current window, thus judge whether it is still in this scenario, such as getwindowInfo to determine something, such as when you find a button, you will explain The game scene has been switched, and so on. Some games have no controls inside, which is to change the image to the image, this method is limited. This requires us to use other ways to assist in analyzing.
As for the shortcut, we have to be implemented with a dynamic connection library, and it is also very simple to use the Hook technology. Everyone maybe, it is actually a global HOOK object and then setwindowhook is OK, and the callback function is ready, and now the online example is more like a humm. This implementation is already very common in plug-in. If anyone else doesn't understand, let's take a look at MSDN Find SetWindowHook. Don't underestimate the role of this dynamic connection library, it can be cut into all process space, that is, you can load it into all games, as long as you use it, you will find it very use. This requires you to review the basics of Win32 programming. Oh, hurry to read the book.
2.2 Intercept Message
Some game response mechanisms are relatively simple, based on messages, or what timer is used. At this time you can use intercept messages to implement some interesting features.
We intercept messaging is also hook technology, including keyboard messages, mouse messages, system messages, logs, etc., other things have nothing to do, we only use the callback function of intercepting messages, this will not let I wrote an example. In fact, this is the same as the above, it is written in SETWINDOWHOOK, and you will understand very simple.
As for what to intercept, you are your business, such as handling some of our data judgment in each timer message, or in the timer to simulate a timer, then some data will handle twice, huh, huh. The consequences, not necessarily a good thing, huh, huh, but if the data calculation is placed on the client, you can really change the data, huh, try it. There are still a lot of use, you can think of it, huh, huh.
2.3 Intercept Socket Package
This technical difficulty is much higher than the original.
First we have to replace WINSOCK.DLL or WINSOCK32.DLL, we write the replacement function to be consistent with the original function, that is, what is its function output, and we also have to output what is like a function, but also parameters, parameter sequence All must be just the same, then call the function in the true Winsock32.dll in our function.
First of all: We can replace dynamic libraries to system paths.
Second: When our application starts, the original dynamic library can be loaded, and then use this function loadLibary and locate the entry to get the entry address of each real socket function with the getProcAddress function.
When the game is going, it will call our dynamic library, then jump to the true dynamic library after processing from our dynamic library, so we can handle your own data in it, it should be all data . Oh, excitement, intercept the packet, we have to analyze the correct response, don't think that this work is completed, it is early. After the analysis is completed, we also want to simulate the answer mechanism to communicate with the server, one accidental will be sealed.
The analysis data is the source of workload. The game will have a change in the way. Therefore, we should write out the people who are desperate, and they are fooled.
2.4 Intercept API
The above technology If we can use it flexibly, we don't have to intercept the API function, in fact, this technology is a supplementary technology. For example, we need to intercept socket as our use, we must use this technology, in fact, we can also use it directly to directly intercept the function in the socket, which is more direct.
