top | item 44543236

(no title)

Very cool post! I enjoy anything that has to do with game hacking, and it's nice to see D, a language I don't have a ton of experience with. Just one note you/the author may be curious about:

> Notably a process_vm_writev syscall also exists, however it adhears to memory page protections - so if I wanted to inject data into a write-protected memory page, it’d fail.

You can work around this by convincing the process to re-mmap() the read-only section with PROT_WRITE. One way I've done this is by building a shared library with __attribute__((constructor)) that gets LD_PRELOADed into the game binary, though you have to be careful with the timing (e.g. your library may start running before the game has allocated the mapping you're looking for). That said, if you've done this, you are also free to just allocate your own memory rather than having to look for unused portions of it.

discuss

BradleyChatha|7 months ago

Ah nice - I had considered using LD_PRELOAD to do something similar (seeing if I could use mprotect on the mapping), but it felt like too much of an extra complication at the time.

I'd definitely consider giving it a try though if I the code injection becomes too annoying to keep track of doing it the ptrace 8-bytes-at-a-time way.