Cheat Engine

[PsychicSymphony]

I am trying to inject this DLL into a program using a remote thread and I am just testing injecting it through my custom injector.

When I try to inject my DLL it fails to load. I used Dependency Walker to check the dll for any problems with the DLL I get these 2 errors.

Error: At least one module has an unresolved import due to a missing export function in an implicitly dependent module.
Error: Modules with different CPU types were found.

I dont exactly know what they mean but anyone know how to fix.

Oh yea the code.

Code for injector:
[code]
#include <windows.h>
#include <stdio.h>
#include <string>
#include <iostream>
#include <fstream>
using namespace std;

void Inject(HANDLE hProcess, const char* dllname, const char* funcname) {
HMODULE kernel32 = NULL;

FARPROC loadlibrary = NULL;
FARPROC getprocaddress = NULL;
FARPROC exitprocess = NULL;
FARPROC exitthread = NULL;
FARPROC freelibraryandexitthread = NULL;

LPBYTE workspace = NULL;
DWORD workspaceIndex = 0;

LPVOID codecaveAddress = NULL;
DWORD dwCodecaveAddress = 0;

char injectDllName[MAX_PATH + 1] = {0};
char injectFuncName[MAX_PATH + 1] = {0};
char injectError0[MAX_PATH + 1] = {0};
char injectError1[MAX_PATH + 1] = {0};
char injectError2[MAX_PATH + 1] = {0};
char user32Name[MAX_PATH + 1] = {0};
char msgboxName[MAX_PATH + 1] = {0};

DWORD user32NameAddr = 0;
DWORD user32Addr = 0;
DWORD msgboxNameAddr = 0;
DWORD msgboxAddr = 0;
DWORD dllAddr = 0;
DWORD dllNameAddr = 0;
DWORD funcNameAddr = 0;
DWORD error0Addr = 0;
DWORD error1Addr = 0;
DWORD error2Addr = 0;

DWORD codecaveExecAddr = 0;

HANDLE hThread = NULL;

DWORD dwTmpSize = 0;

DWORD oldProtect = 0;
DWORD bytesRet = 0;

kernel32 = LoadLibrary("kernel32.dll");

loadlibrary = GetProcAddress(kernel32, "LoadLibraryA");
getprocaddress = GetProcAddress(kernel32, "GetProcAddress");
exitprocess = GetProcAddress(kernel32, "ExitProcess");
exitthread = GetProcAddress(kernel32, "ExitThread");
freelibraryandexitthread = GetProcAddress(kernel32, "FreeLibraryAndExitThread");

_snprintf(injectDllName, MAX_PATH, "%s", dllname);
_snprintf(injectFuncName, MAX_PATH, "%s", funcname);
_snprintf(user32Name, MAX_PATH, "user32.dll");
_snprintf(msgboxName, MAX_PATH, "MessageBoxA");

_snprintf(injectError0, MAX_PATH, "Error");
_snprintf(injectError1, MAX_PATH, "Sorry it kinda failed to load :/ %s", injectDllName);
_snprintf(injectError2, MAX_PATH, "Couldnt start the thread idk %s", injectFuncName);

workspace = (LPBYTE)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, 1024);

codecaveAddress = VirtualAllocEx(hProcess, 0, 1024, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
dwCodecaveAddress = PtrToUlong(codecaveAddress);

user32Addr = workspaceIndex + dwCodecaveAddress;
dwTmpSize = 0;
memcpy(workspace + workspaceIndex, &dwTmpSize, 4);
workspaceIndex += 4;

msgboxAddr = workspaceIndex + dwCodecaveAddress;
dwTmpSize = 0;
memcpy(workspace + workspaceIndex, &dwTmpSize, 4);
workspaceIndex += 4;

dllAddr = workspaceIndex + dwCodecaveAddress;
dwTmpSize = 0;
memcpy(workspace + workspaceIndex, &dwTmpSize, 4);
workspaceIndex += 4;

user32NameAddr = workspaceIndex + dwCodecaveAddress;
dwTmpSize = (DWORD)strlen(user32Name) + 1;
memcpy(workspace + workspaceIndex, user32Name, dwTmpSize);
workspaceIndex += dwTmpSize;

msgboxNameAddr = workspaceIndex + dwCodecaveAddress;
dwTmpSize = (DWORD)strlen(msgboxName) + 1;
memcpy(workspace + workspaceIndex, msgboxName, dwTmpSize);
workspaceIndex += dwTmpSize;

dllNameAddr = workspaceIndex + dwCodecaveAddress;
dwTmpSize = (DWORD)strlen(injectDllName) + 1;
memcpy(workspace + workspaceIndex, injectDllName, dwTmpSize);
workspaceIndex += dwTmpSize;

funcNameAddr = workspaceIndex + dwCodecaveAddress;
dwTmpSize = (DWORD)strlen(injectFuncName) + 1;
memcpy(workspace + workspaceIndex, injectFuncName, dwTmpSize);
workspaceIndex += dwTmpSize;

error0Addr = workspaceIndex + dwCodecaveAddress;
dwTmpSize = (DWORD)strlen(injectError0) + 1;
memcpy(workspace + workspaceIndex, injectError0, dwTmpSize);
workspaceIndex += dwTmpSize;

error1Addr = workspaceIndex + dwCodecaveAddress;
dwTmpSize = (DWORD)strlen(injectError1) + 1;
memcpy(workspace + workspaceIndex, injectError1, dwTmpSize);
workspaceIndex += dwTmpSize;

error2Addr = workspaceIndex + dwCodecaveAddress;
dwTmpSize = (DWORD)strlen(injectError2) + 1;
memcpy(workspace + workspaceIndex, injectError2, dwTmpSize);
workspaceIndex += dwTmpSize;

workspace[workspaceIndex++] = 0xCC;
workspace[workspaceIndex++] = 0xCC;
workspace[workspaceIndex++] = 0xCC;

codecaveExecAddr = workspaceIndex + dwCodecaveAddress;

workspace[workspaceIndex++] = 0x68;
memcpy(workspace + workspaceIndex, &user32NameAddr, 4);
workspaceIndex += 4;

workspace[workspaceIndex++] = 0xB8;
memcpy(workspace + workspaceIndex, &loadlibrary, 4);
workspaceIndex += 4;

workspace[workspaceIndex++] = 0xFF;
workspace[workspaceIndex++] = 0xD0;

workspace[workspaceIndex++] = 0x68;
memcpy(workspace + workspaceIndex, &msgboxNameAddr, 4);
workspaceIndex += 4;

workspace[workspaceIndex++] = 0x50;

workspace[workspaceIndex++] = 0xB8;
memcpy(workspace + workspaceIndex, &getprocaddress, 4);
workspaceIndex += 4;

workspace[workspaceIndex++] = 0xFF;
workspace[workspaceIndex++] = 0xD0;

workspace[workspaceIndex++] = 0xA3;
memcpy(workspace + workspaceIndex, &msgboxAddr, 4);
workspaceIndex += 4;

workspace[workspaceIndex++] = 0x68;
memcpy(workspace + workspaceIndex, &dllNameAddr, 4);
workspaceIndex += 4;

workspace[workspaceIndex++] = 0xB8;
memcpy(workspace + workspaceIndex, &loadlibrary, 4);
workspaceIndex += 4;

workspace[workspaceIndex++] = 0xFF;
workspace[workspaceIndex++] = 0xD0;

workspace[workspaceIndex++] = 0x83;
workspace[workspaceIndex++] = 0xF8;
workspace[workspaceIndex++] = 0x00;

workspace[workspaceIndex++] = 0x75;
workspace[workspaceIndex++] = 0x1E;

workspace[workspaceIndex++] = 0x6A;
workspace[workspaceIndex++] = 0x10;

workspace[workspaceIndex++] = 0x68;
memcpy(workspace + workspaceIndex, &error0Addr, 4);
workspaceIndex += 4;

workspace[workspaceIndex++] = 0x68;
memcpy(workspace + workspaceIndex, &error1Addr, 4);
workspaceIndex += 4;

workspace[workspaceIndex++] = 0x6A;
workspace[workspaceIndex++] = 0x00;

workspace[workspaceIndex++] = 0xA1;
memcpy(workspace + workspaceIndex, &msgboxAddr, 4);
workspaceIndex += 4;

workspace[workspaceIndex++] = 0xFF;
workspace[workspaceIndex++] = 0xD0;

workspace[workspaceIndex++] = 0x6A;
workspace[workspaceIndex++] = 0x00;

workspace[workspaceIndex++] = 0xB8;
memcpy(workspace + workspaceIndex, &exitprocess, 4);
workspaceIndex += 4;

workspace[workspaceIndex++] = 0xFF;
workspace[workspaceIndex++] = 0xD0;

workspace[workspaceIndex++] = 0xA3;
memcpy(workspace + workspaceIndex, &dllAddr, 4);
workspaceIndex += 4;

workspace[workspaceIndex++] = 0x68;
memcpy(workspace + workspaceIndex, &funcNameAddr, 4);
workspaceIndex += 4;

workspace[workspaceIndex++] = 0x50;

workspace[workspaceIndex++] = 0xB8;
memcpy(workspace + workspaceIndex, &getprocaddress, 4);
workspaceIndex += 4;

workspace[workspaceIndex++] = 0xFF;
workspace[workspaceIndex++] = 0xD0;

workspace[workspaceIndex++] = 0x83;
workspace[workspaceIndex++] = 0xF8;
workspace[workspaceIndex++] = 0x00;

workspace[workspaceIndex++] = 0x75;
workspace[workspaceIndex++] = 0x1C;

workspace[workspaceIndex++] = 0x6A;
workspace[workspaceIndex++] = 0x10;

workspace[workspaceIndex++] = 0x68;
memcpy(workspace + workspaceIndex, &error0Addr, 4);
workspaceIndex += 4;

workspace[workspaceIndex++] = 0x68;
memcpy(workspace + workspaceIndex, &error2Addr, 4);
workspaceIndex += 4;

workspace[workspaceIndex++] = 0x6A;
workspace[workspaceIndex++] = 0x00;

workspace[workspaceIndex++] = 0xA1;
memcpy(workspace + workspaceIndex, &msgboxAddr, 4);
workspaceIndex += 4;

workspace[workspaceIndex++] = 0xFF;
workspace[workspaceIndex++] = 0xD0;

workspace[workspaceIndex++] = 0x6A;
workspace[workspaceIndex++] = 0x00;

workspace[workspaceIndex++] = 0xB8;
memcpy(workspace + workspaceIndex, &exitprocess, 4);
workspaceIndex += 4;

workspace[workspaceIndex++] = 0xFF;
workspace[workspaceIndex++] = 0xD0;

#if 1
workspace[workspaceIndex++] = 0x6A;
workspace[workspaceIndex++] = 0x00;

workspace[workspaceIndex++] = 0xB8;
memcpy(workspace + workspaceIndex, &exitthread, 4);
workspaceIndex += 4;

workspace[workspaceIndex++] = 0xFF;
workspace[workspaceIndex++] = 0xD0;
#endif

#if 0
workspace[workspaceIndex++] = 0x6A;
workspace[workspaceIndex++] = 0x00;

workspace[workspaceIndex++] = 0xFF;
workspace[workspaceIndex++] = 0x35;
memcpy(workspace + workspaceIndex, &dllAddr, 4);
workspaceIndex += 4;

workspace[workspaceIndex++] = 0xB8;
memcpy(workspace + workspaceIndex, &freelibraryandexitthread, 4);
workspaceIndex += 4;

workspace[workspaceIndex++] = 0xFF;
workspace[workspaceIndex++] = 0xD0;
#endif

VirtualProtectEx(hProcess, codecaveAddress, workspaceIndex, PAGE_EXECUTE_READWRITE, &oldProtect);

WriteProcessMemory(hProcess, codecaveAddress, workspace, workspaceIndex, &bytesRet);

VirtualProtectEx(hProcess, codecaveAddress, workspaceIndex, oldProtect, &oldProtect);

FlushInstructionCache(hProcess, codecaveAddress, workspaceIndex);

HeapFree(GetProcessHeap(), 0, workspace);

hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)((void*)codecaveExecAddr), 0, 0, NULL);
WaitForSingleObject(hThread, INFINITE);

VirtualFreeEx(hProcess, codecaveAddress, 0, MEM_RELEASE);
}

int APIENTRY WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow) {
STARTUPINFO si = {0};
PROCESS_INFORMATION pi = {0};
BOOL result = FALSE;

char* workingDir = new char[255];
char* exeString = new char[255];

ifstream file("exe.txt");
file.getline(exeString, 255);
file.getline(workingDir, 255);
file.close();

cout << workingDir;
cout << exeString;

char dllPath[MAX_PATH + 1] = {0};

_snprintf(dllPath, MAX_PATH, "D2Dll.dll");

si.cb = sizeof(STARTUPINFO);

result = CreateProcess(NULL, exeString, NULL, NULL, FALSE, CREATE_SUSPENDED, NULL, workingDir, &si, &pi);

if(!result) {
MessageBox(0, "Process failed to load :/", "Damn....", MB_ICONERROR);
return -1;
}

Inject(pi.hProcess, dllPath, "Initialize");

ResumeThread(pi.hThread);

return 0;
}
[/code]



Code for Dll:
[code]
#include <windows.h>


// Define the DLL's main function

BOOL APIENTRY DllMain(HMODULE hModule, DWORD ulReason, LPVOID lpReserved)
{
// Get rid of compiler warnings since we do not use this parameter

UNREFERENCED_PARAMETER(lpReserved);

// If we are attaching to a process

if(ulReason == DLL_PROCESS_ATTACH)
{
// Do not need the thread based attach/detach messages in this DLL

DisableThreadLibraryCalls(hModule);
}

// Signal for Loading/Unloading

return (TRUE);
}

extern "C" __declspec(dllexport) void Initialize()
{
MessageBox(0, "Locked and Loaded.", "DLL Injection Successful!", 0);
}
[/code]

Please help im using Microsoft Visual C++ 2010 Express btw

[Innovation]

I don't like how the injector was written. Anyway, your DLL's project settings are most likely messed up. Create an "Empty Project", and change the "Configuration Type" to "Dynamic Library (.dll)".

[PsychicSymphony]

Yea that didnt work D:

[Innovation]

[PsychicSymphony]

Yea it still has the same 2 errors :/

[atom0s]

Make sure you include a .DEF file in your project to explain the exports to the linker.

[PsychicSymphony]

thanks I wish there was a thank button lol

[Krähne]

[Innovation]

[sponge]

__declspec(dllexport) decorates the exported symbol.

Also, http://opcode0x90.wordpress.com/2011/01/15/injecting-dll-into-process-on-load/

[Innovation]

[atom0s]