 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Pantaleon
Newbie cheater
![]() Reputation: 0
Joined: 08 Mar 2009
Posts: 17
Location: New York
|
 Posted: Sat Mar 28, 2009 10:39 pm Post subject: How to create an injector in Delphi 7? |
 |
|
Hello, I am looking for a code for an injector that can inject this DLL, the DLL has the following code:
| Code: | Var
x: Cardinal;
j: Integer;
Const
Address: DWORD = $00936978;
ByteValue: Array [1..16] of Byte = ($0,$0,$0,$0,$0,$0,$0,$0,$0,$0,$0,$0,$0,$0,$0,$0);
Procedure WriteMemory;
Begin
VirtualProtectEx(GetCurrentProcess,ptr(Address),16,PAGE_EXECUTE_READWRITE,nil);
for j := 0 To Length(ByteValue) do
PByte(Address + j)^:=ByteValue[j];
end;
Begin
CreateThread(nil,0,@WriteMemory,nil,0,x);
end. |
Well, I think seeing the code of the dll could guide me to go help to create the code of the injector, I hope I can help. sorry, thanks for your patience and time, you soon.
Pd: The code can be in Visual C++ 2008, and Delphi 7 can be in any of the 2 would serve me a lot, thanks bye.
|
|
| Back to top |
|
 |
slippppppppp
Grandmaster Cheater
 Reputation: 0
Joined: 08 Aug 2006
Posts: 929
|
| Posted: Sat Mar 28, 2009 11:00 pm Post subject: |
|
|
| Code: | 0. Get LoadLibraryA Addr.
1. Get debugging priviledges.
2. Get handle to a Process' PID
3. Allocate the length of the dlls' directory, save return val
4. Unprotect return value
5. Write the directory of the dll to the process at the return value
6. Create a remote thread with LoadLibraryAs' addr and return value of step 3. |
|
|
| Back to top |
|
|
Stylo
Grandmaster Cheater Supreme
![]() Reputation: 3
Joined: 16 May 2007
Posts: 1073
Location: Israel
|
| Posted: Sat Mar 28, 2009 11:40 pm Post subject: |
|
|
| slippppppppp wrote: | | Code: | 0. Get LoadLibraryA Addr.
1. Get debugging priviledges.
2. Get handle to a Process' PID
3. Allocate the length of the dlls' directory, save return val
4. Unprotect return value
5. Write the directory of the dll to the process at the return value
6. Create a remote thread with LoadLibraryAs' addr and return value of step 3. |
|
when allocating memory you set your own page's protection so step 4 is pretty much useless
but yea that's the way pretty much
|
|
| Back to top |
|
|
Pantaleon
Newbie cheater
![]() Reputation: 0
Joined: 08 Mar 2009
Posts: 17
Location: New York
|
| Posted: Sat Mar 28, 2009 11:40 pm Post subject: |
|
|
| slippppppppp wrote: | | Code: | 0. Get LoadLibraryA Addr.
1. Get debugging priviledges.
2. Get handle to a Process' PID
3. Allocate the length of the dlls' directory, save return val
4. Unprotect return value
5. Write the directory of the dll to the process at the return value
6. Create a remote thread with LoadLibraryAs' addr and return value of step 3. |
|
Well, thanks for answering, now my question is:
APIs that are used for this?
I have the functions, but not using them, walking in initiating this "Cheats" "Editors" and more ... but I need help.
You can tell which apis are used in this?, So understood, is used as follows:
LoadLibraryA?
OpenProcessToken and AdjustTokenPrivileges?
GetProcessID?
VirtualProtectEx?
but I could not understand, can you tell which APIs are used?.
Thanks for your help, I hope you are not bothering to help me until then. 
|
|
| Back to top |
|
|
Stylo
Grandmaster Cheater Supreme
![]() Reputation: 3
Joined: 16 May 2007
Posts: 1073
Location: Israel
|
| Posted: Sat Mar 28, 2009 11:47 pm Post subject: |
|
|
you need to get LoadLibraryA's address to use it load your dll to the process's memory
GetProcessId is useless since you need as a parameter the handle to the process, and when you have it the process id is useless too
OpenProcess is what you're looking for so to get the process id
use PROCESSENTRY32 structure & CreateToolhelp32Snapshot api to view all running processes on your computer and compare the process's name you wish to get his id with PROCESSENTRY32.szExeFile
when it's done return the current process id
it's complicated to explain that in words so i hope you'll get the code i'm writing
| Code: |
DWORD GetProcId (TCHAR *szProcessName)
{
PROCESSENTRY32 ProcessEntry32;
HANDLE hSnap;
hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
ProcessEntry32.dwSize = sizeof(PROCESSENTRY32);
Process32First(hSnap,&ProcessEntry32);
do {
if (!strcmp(szProcessName,ProcessEntry32.szExeFile))
break;
} while (Process32Next(hSnap,&ProcessEntry32));
CloseHandle(hSnap);
return ProcessEntry32.th32ProcessID;
}
|
this returns the process id according to entered process name
|
|
| Back to top |
|
|
Pantaleon
Newbie cheater
![]() Reputation: 0
Joined: 08 Mar 2009
Posts: 17
Location: New York
|
| Posted: Sun Mar 29, 2009 1:03 am Post subject: |
|
|
| 1qaz wrote: | you need to get LoadLibraryA's address to use it load your dll to the process's memory
GetProcessId is useless since you need as a parameter the handle to the process, and when you have it the process id is useless too
OpenProcess is what you're looking for so to get the process id
use PROCESSENTRY32 structure & CreateToolhelp32Snapshot api to view all running processes on your computer and compare the process's name you wish to get his id with PROCESSENTRY32.szExeFile
when it's done return the current process id
it's complicated to explain that in words so i hope you'll get the code i'm writing
| Code: |
DWORD GetProcId (TCHAR *szProcessName)
{
PROCESSENTRY32 ProcessEntry32;
HANDLE hSnap;
hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
ProcessEntry32.dwSize = sizeof(PROCESSENTRY32);
Process32First(hSnap,&ProcessEntry32);
do {
if (!strcmp(szProcessName,ProcessEntry32.szExeFile))
break;
} while (Process32Next(hSnap,&ProcessEntry32));
CloseHandle(hSnap);
return ProcessEntry32.th32ProcessID;
}
|
this returns the process id according to entered process name |
hi. the code does not work in Visual C++ 2008, you can go to delphi?, thanks for responding.
Well, thanks for your help and clarification, but even still with the question, how do you say anything? I could give the "APIs" I needed to investigate and try to create an injector? hope is not much hassle, thanks bye.
|
|
| Back to top |
|
|
BanMe
Master Cheater
![]() Reputation: 0
Joined: 29 Nov 2005
Posts: 375
Location: Farmington NH, USA
|
| Posted: Sun Mar 29, 2009 11:34 am Post subject: |
|
|
most code wont work if you just copy/paste it.. unless the developer was nice enough to also include pragma's for libs and the header includes in the source...but i think this is a good thing in that it requires the user of the code to go in and try to compile only and see that it errors, then most just give up on it..thinking they cant handle errors in the code..and i guess that is what separates newbies from a hobbyist or programmer.sadly these error are so trivial to deal with that the time spent on creating a tutorial to cope with these errors in a general fashion would ruin the expierence of them learning for themselves how to deal with them. but ill give all you copy/pasters out there a hint "google the error" msdn provides a host of information about it and what causes it.
_________________
don't +rep me..i do not wish to have "status" or "recognition" from you or anyone.. thank you. |
|
| Back to top |
|
|
Michel
Expert Cheater
 Reputation: 0
Joined: 16 May 2007
Posts: 214
Location: The Netherlands
|
| Posted: Tue Mar 31, 2009 7:53 am Post subject: |
|
|
By Doomsday.
original thread: http://forum.cheatengine.org/viewtopic.php?t=145682
| Code: | program Injector;
{$APPTYPE CONSOLE}
uses
SysUtils, windows, psapi, tlhelp32, inifiles;
var
WName,PName,DName:string;
DLLLocation:string;
ProcessId:DWORD;
procedure PhraseINI();
var
IniFile:TIniFile;
begin
if FileExists(GetCurrentDir + '\Injector.ini') then
begin
IniFile:=TIniFile.Create(GetCurrentDir + '\Injector.ini');
WName:=IniFile.ReadString('DLL Injector','Window','');
PName:=IniFile.ReadString('DLL Injector','Target','notepad.exe');
DName:=IniFile.ReadString('DLL Injector','DLL','MessageBox.dll');
end
else
begin
IniFile:=TIniFile.Create(GetCurrentDir + '\Injector.ini');
IniFile.WriteString('Injector','Window','Untitled - Notepad');
IniFile.WriteString('Injector','Target','notepad.exe');
IniFile.WriteString('Injector','DLL','MessageBox.dll');
PhraseINI();
end;
end;
procedure GetPID();
var
TempSnapshot:THandle;
Process32:TProcessEntry32;
begin
while (ProcessId=0) do
begin
TempSnapshot:=CreateToolhelp32Snapshot(TH32CS_SNAPALL,0);
Process32First(TempSnapshot,Process32);
while Process32Next(TempSnapshot,Process32) do
begin
if Process32.szExeFile = PName then
ProcessId:=Process32.th32ProcessID;
end;
CloseHandle(TempSnapshot);
end;
end;
procedure InjectDLL();
var
Process:THandle;
TempHandle:THandle;
AllocatedRegion:pointer;
Empty:DWORD;
NumberOfBytesWritten:Cardinal;
begin
Process:=OpenProcess(PROCESS_ALL_ACCESS,False,ProcessId);
AllocatedRegion:=VirtualAllocEx(Process,NIL,length(DLLLocation),MEM_COMMIT,PAGE_EXECUTE_READWRITE);
WriteProcessMemory(Process,AllocatedRegion,pchar(DLLLocation),length(DLLLocation),NumberOfBytesWritten);
if WName='' then
sleep(750)
else
while FindWindow(nil,pchar(WName))=0 do
sleep(10);
TempHandle:=CreateRemoteThread(Process,nil,0,GetProcAddress(GetModuleHandle('kernel32.dll'),'LoadLibraryA'),AllocatedRegion,0,Empty);
WaitForSingleObject(TempHandle,INFINITE);
CloseHandle(TempHandle);
end;
begin
PhraseINI();
Writeln('- DLL Injector -'+#$0A+#$0D+'----------------');
DLLLocation:=GetCurrentDir()+'\'+DName;
if not FileExists(DLLLocation) then
begin
Writeln('Unable to locate the DLL');
sleep(7000);
exitprocess(0);
end;
Writeln('Waiting for process: '+PName);
GetPID();
Writeln(' - Process found'+#$0A+#$0D);
Writeln('Injecting '+DName+' into '+PName);
InjectDLL();
Writeln(' - DLL injected');
sleep(7000);
end. |
|
|
| Back to top |
|
|
hcavolsdsadgadsg
I'm a spammer
![]() Reputation: 26
Joined: 11 Jun 2007
Posts: 5801
|
| Posted: Tue Mar 31, 2009 1:23 pm Post subject: |
|
|
| SetWindowsHookEx is a ridiculously simple way of injecting DLL's also
|
|
| Back to top |
|
|
Pantaleon
Newbie cheater
![]() Reputation: 0
Joined: 08 Mar 2009
Posts: 17
Location: New York
|
| Posted: Tue Mar 31, 2009 8:49 pm Post subject: |
|
|
| BanMe wrote: | | most code wont work if you just copy/paste it.. unless the developer was nice enough to also include pragma's for libs and the header includes in the source...but i think this is a good thing in that it requires the user of the code to go in and try to compile only and see that it errors, then most just give up on it..thinking they cant handle errors in the code..and i guess that is what separates newbies from a hobbyist or programmer.sadly these error are so trivial to deal with that the time spent on creating a tutorial to cope with these errors in a general fashion would ruin the expierence of them learning for themselves how to deal with them. but ill give all you copy/pasters out there a hint "google the error" msdn provides a host of information about it and what causes it. |
the first thing I said and the first thing they say  ... in the end I MDSN useless! since it only gave me the declaration of the API, I used this? if you need to do as I say but not a hard and pure API without some or more ... in order as thanks for the comment see you soon.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
