In this tutorial, we are going to create a PlayStation 4 bot in C# using EasyHook. By the end of this tutorial, you will be able to automate controls in any PS4 game through PS4 Remote Play.
EDIT - Check out PS4RemotePlayInterceptor, a library that allows you to achieve the result of this tutorial with only a few lines of code.
The reason I created this tutorial is because I could not find any libraries or tutorials on this topic. PS4 Remote Play doesn’t accept third-party inputs except for their DualShock 4 controller and a few keys to emulate the D-Pad from the keyboard. As far as I know the PS4 is still not easily hackable at this time, so this is probably a feasible way to automate tedious tasks such as grinding in GTA Online without writing a lot of code or hardware hacking. However, a small disadvantage of this method is that the controller must be plugged in via USB at all times.
EasyHook is a very useful library that allows us to hook Windows APIs within C# with only a few lines of code. Even though PS4 Remote Play were built on .NET WinForms, but most of the core functionalities are delegated to RpCtrlWrapper.dll which is a native DLL. However, the controller were treated like any other USB HID devices that uses Windows kernel32.dll. So instead of trying to go through obfuscated code or decompiled native assembly, we can instead attack from a low-level API. This is where EasyHook becomes the most important part of this project.
They also provided a tutorial project called RemoteFileMonitor which will log any usages of CreateFileW, ReadFile, and WriteFile. Which we will use it to intercept and manipulate any data sent from the DualShock controller. We will be using only ReadFile function for this tutorial. This diagram shows how we will intercept Remote Play.
Download or clone EasyHook’s tutorial projects from this repository, and open
EasyHook-Tutorials-master/Unmanged/RemoteFileMonitor.sln in Visual Studio.
You can compile and run the project after you restore the NuGet packages. The program will ask for the PID for running processes, and this case PS4 Remote Play is our target.
To find the PID open task manager and locate PS4 Remote Play process. Right click on the process and select
Go to details. You will be taken to the process details that shows the PID.
The console will be flooded with mostly ReadFile function usages log with a few of CreateFile. Notice that the data is 64 bytes and has an empty filename, this will become important later on.
At this point, we now have the data in our hands, but we don’t know what it means yet. Luckily, there is this wiki page from PSDevWiki that combined most the information about the USB protocol of DualShock 4 controllers from other sources. You can find an example of the data in Report Structure section of the wiki page.
As you can see that the size of the report is 64 bytes like we intercepted previously. Also the header of the report will always be
0x01 which will be the Report ID.
We can programmatically press any combinations of controls with this information, but for this tutorial, we are going to keep the objective simple and make the bot move forwards. So according to the data format we have to set the byte index  to 0 for the analog stick to move upwards.
There are two files that we have to focus on. These are
InjectionEntryPoint.cs in FileMonitorHook project.
We have to remove console logs from this class because they can compete with the injection as they both gets called rapidly. The exceptions are
ReportException because they are rarely called, plus they are useful for us.
We will ignore other hook implementations except for ReadFile, so scroll down until you find
ReadFile Hook region. We will modify only
ReadFile_Hook() method to manipulate the data instead of logging information about it. All this block of code does is verify if the data we intercepted is “likely” to be the data we are looking for, then we proceed to modifying that data. However, to modify the data we have to use unsafe code, which will allow us to convert
byte* type. From there, the
byte* variable can be accessed by index like
To get rid of the warning for using unsafe code, open project properties (Alt+Enter). On Build tab, check the
Allow unsafe code box for both Debug and Release builds.
Compile the solution and test the program again to see the bot in action. To stop the injection, simply stop the program.
You can see the full video on YouTube here
This is the first part of a tutorial series, and it is about introducing the concept of hooking into PS4 Remote Play rather than making a functional bot. We will go into greater details in Part 2 and create our own application with UI. I hope that this tutorial helps anyone who wanted to make a bot for PS4 but could not find resources online. A better way I have in mind is to disassemble PS4 Remote Play’s protocol and build on top of that, but that is a little bit overkill for now.
The source code for this tutorial can be found on GitHub.