lately I've been learning how to work with injections and cheat engine to disassemble potential malware and locked programs. I am making fast progress but am stuck on one thing now.
Cheat engine itself has a feature named "AOB Injection" which allows replacing code with a jmp which jumps to new allocated memory, there you can write new opcode and return after executing it. That's called "AOB Injection" or "Code cave".
Now I am struggling to create a code cave for my process. Using a Memory.dll NuGet creating a code cave shouldn't be that hard as it already has that feature implemented, but it looks like it doesn't work for me as I am probably doing something wrong?
My Code:
m.OpenProcess("Process"); //allocating Process.exe to the Memory NuGet
byte[] freezebytesX = { 0xF3, 0x0F }; //Bytes to add to the code cave
//creating a codecave at "UserAssembly+36652EE2" with the size of 2 Bytes
UIntPtr codecavebase = m.CreateCodeCave("UserAssembly+36652EE", freezebytesX, 2);
UIntPtr codecaveAllocAddress = UIntPtr.Add(codecavebase, freezebytesX.Length);
int newint = (int)codecaveAllocAddress - 6;
Console.WriteLine("Read Allocated Memory: 0x" + newint.ToString("X") + "\r\n" + codecaveAllocAddress);
So it says that it allocated the opcode in console but if i check the opcode it is still the same and didn't change at all. Shouldn't it change it to a jmp which jumps to the code cave created?
Thanks for any help :)