 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
oib111
I post too much
 Reputation: 0
Joined: 02 Apr 2007
Posts: 2947
Location: you wanna know why?
|
 Posted: Wed May 21, 2008 8:08 am Post subject: dll injector |
 |
|
I'm trying to make a dll injector, and my code is done. But I just think there is something wrong with it. Here's my code.
| Code: |
#include <windows.h>
#include <Tlhelp32.h>
#define MAXWAIT 10000
BOOL InjectDLL(char *ExeFile, char *dllname) {
LPVOID RemoteAddress;
HANDLE hProcess, hKernel32, hThread;
DWORD size, ByteSizeRet;
bool Inject;
size = strlen(dllname);
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL);
PROCESSENTRY32 pe32;
pe32.dwSize = sizeof(PROCESSENTRY32);
ProcessEntry32First(hSnapshot, &pe32);
do {
if(strcmp(pe32.szExeFile, ExeFile) == 0) {
hProcess = OpenProcess(PROCESS_ALL_ACCESS, NULL, pe32.th32ProcessID);
CloseHandle(hSnapshot);
}
} while(ProcessEntry32Next(hSnapshot, &pe32);
RemoteAddress = VirtualAllocEx(hProcess, NULL, size, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
Inject = WriteProcessMemory(hProcess, RemoteAddress, (LPVOID)dllname, size, ByteSizeRet);
if(Inject) {
if(hKernel32 = GetModuleHandle("KERNEL32.DLL")) {
if(CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)GetProcAddress(hKernel32, "LoadLibraryA"), RemoteAddress, 0, hThread)) {
if(WaitForSingleObject(hThread, MAXWAIT) != WAIT_TIMEOUT) {
VirtualFreeEx(hProcess, RemoteAddress, size, MEM_RELEASE);
CloseHandle(hProcess);
CloseHandle(hThread);
}
}
}
}
return Inject;
}
|
_________________
| 8D wrote: |
cigs dont make people high, which weed does, which causes them to do bad stuff. like killing |
|
|
| Back to top |
|
 |
DoomsDay
Grandmaster Cheater
 Reputation: 0
Joined: 06 Jan 2007
Posts: 768
Location: %HomePath%
|
| Posted: Wed May 21, 2008 10:42 am Post subject: |
|
|
1) Process32First\Process32Next
2) PROCESSENTRY32.szExeFile -> Full path
3) MEM_COMMIT only
4) VirtualFreeEx(hProcess, RemoteAddress, 0, MEM_RELEASE);
EDIT:
It would probably won't work, as I'm not a C++ expert, still: | Code: |
BOOL InjectDLL(char *ExeFile, char *dllname)
{
LPVOID RemoteAddress;
HANDLE hProcess, hThread;
DWORD ByteSizeRet,size = strlen(dllname);
MODULEENTRY32 me32;
PROCESSENTRY32 pe32;
me32.dwSize = sizeof(MODULEENTRY32);
pe32.dwSize = sizeof(PROCESSENTRY32);
HANDLE hModuleSnapshot;
HANDLE hProcessSnapshot;
hProcessSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,NULL);
if (Process32First(hProcessSnapshot,&pe32))
{
do{
hModuleSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,pe32.th32ProcessID);
Module32First(hModuleSnapshot,&me32);
CloseHandle(hModuleSnapshot);
if (!strcmp(me32.szModule,ExeFile))
{
hProcess = OpenProcess(PROCESS_ALL_ACCESS, NULL, pe32.th32ProcessID);
break;
}
} while(Process32Next(hProcessSnapshot,&pe32));
CloseHandle(hProcessSnapshot);
}
RemoteAddress = VirtualAllocEx(hProcess,NULL,size,MEM_COMMIT,PAGE_READWRITE);
WriteProcessMemory(hProcess, RemoteAddress, (LPVOID)dllname, size, &ByteSizeRet);
BOOL injected = CreateRemoteThread(hProcess,NULL,0,(LPTHREAD_START_ROUTINE)GetProcAddress,(GetModuleHandle("KERNEL32.DLL"),"LoadLibraryA"),RemoteAddress,0,&hTHread)
if (injected)
{
WaitForSingleObject(hThread,-1)
VirtualFreeEx(hProcess,RemoteAddress,0,MEM_RELEASE);
CloseHandle(hTHread);
}
CloseHandle(hProcess);
} |
|
|
| Back to top |
|
|
oib111
I post too much
Reputation: 0
Joined: 02 Apr 2007
Posts: 2947
Location: you wanna know why?
|
| Posted: Wed May 21, 2008 4:54 pm Post subject: |
|
|
| DoomsDay wrote: | 1) Process32First\Process32Next
2) PROCESSENTRY32.szExeFile -> Full path
3) MEM_COMMIT only
4) VirtualFreeEx(hProcess, RemoteAddress, 0, MEM_RELEASE);
EDIT:
It would probably won't work, as I'm not a C++ expert, still |
Thanks. The ProcessEntry32First/Next was because I was doing it in notepad++ and it just seemed like processentry32first/next was the name. Usually I use vc++ and it will just give me the params and I know it is the right API. And, I don't need to do all the useless moduleentry32 things because I don't need the full path. I plan on listing out the processes, so I just need the process to inject to. I don't see the point of the full path. But thanks, making changes now.
Edit:
Just realized. You need Inject for WPM because it returns a nonzero value for success, so you need to check that. If you try doing Inject = CreateRemoteThread than it will return the handle to the thread on success, and you can't return a handle to a bool.
_________________
| 8D wrote: |
cigs dont make people high, which weed does, which causes them to do bad stuff. like killing |
|
|
| Back to top |
|
|
oib111
I post too much
Reputation: 0
Joined: 02 Apr 2007
Posts: 2947
Location: you wanna know why?
|
| Posted: Wed May 21, 2008 6:42 pm Post subject: |
|
|
Sorry I forgot to say thank you. And my initial statement was based off my personal assumptions as well as feeling and not off facts. If I had realized that had meant the GetExitCodeThread API I wouldn't have said that.
_________________
| 8D wrote: |
cigs dont make people high, which weed does, which causes them to do bad stuff. like killing |
|
|
| Back to top |
|
|
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8586
Location: 127.0.0.1
|
| Posted: Wed May 21, 2008 8:36 pm Post subject: |
|
|
Useless flaming posts removed. Seriously.. I enjoy how people follow the rules.
_________________
- Retired. |
|
| Back to top |
|
|
oib111
I post too much
Reputation: 0
Joined: 02 Apr 2007
Posts: 2947
Location: you wanna know why?
|
| Posted: Fri May 23, 2008 7:38 am Post subject: |
|
|
What if I want them to be able to choose their dll. Like have an open dialog and they can find their dll.
_________________
| 8D wrote: |
cigs dont make people high, which weed does, which causes them to do bad stuff. like killing |
|
|
| Back to top |
|
|
lurc
Grandmaster Cheater Supreme
 Reputation: 2
Joined: 13 Nov 2006
Posts: 1900
|
|
| Back to top |
|
|
oib111
I post too much
Reputation: 0
Joined: 02 Apr 2007
Posts: 2947
Location: you wanna know why?
|
| Posted: Fri May 23, 2008 8:22 am Post subject: |
|
|
I understand how to do that. But then what? I mean, do I just pass the path to my dllname param. Or do I extract the dllname from the path and then pass it? Or what?
| Code: |
OPENFILENAME ofn;
char szFileName[MAX_PATH] = "";
ZeroMemory(&ofn, sizeof(ofn));
ofn.lStructSize = sizeof(ofn); // SEE NOTE BELOW
ofn.hwndOwner = hwnd;
ofn.lpstrFilter = "Dll Files (*.dll)\0*.dll";
ofn.lpstrFile = szFileName;
ofn.nMaxFile = MAX_PATH;
ofn.Flags = OFN_EXPLORER | OFN_FILEMUSTEXIST | OFN_HIDEREADONLY;
ofn.lpstrDefExt = "dll";
if(GetOpenFileName(&ofn))
{
// Do something usefull with the filename stored in szFileName
}
|
_________________
| 8D wrote: |
cigs dont make people high, which weed does, which causes them to do bad stuff. like killing |
|
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 205
Joined: 25 Jan 2006
Posts: 8586
Location: 127.0.0.1
|
| Posted: Fri May 23, 2008 10:41 am Post subject: |
|
|
oib111, you need to slow down and use some common sense. Reread what you just asked and look at the code pieces you have posted. I'm pretty sure you can figure out what needs to be done if you stop asking questions and take a minute to think for yourself. (Not trying to be an ass but you are really asking kinda.. common sense questions that can be figured out very easily.)
_________________
- Retired. |
|
| Back to top |
|
|
oib111
I post too much
Reputation: 0
Joined: 02 Apr 2007
Posts: 2947
Location: you wanna know why?
|
| Posted: Fri May 23, 2008 5:43 pm Post subject: |
|
|
Well, seeing as I'm passing the dll name I guess I only need the dll name from the path? But then again, what if there is more than one dll on the hard drive with that name. If I just extracted the dll name it wouldn't be able to specify. But then again, if I only need the name, I guess there is no real point of having the open dialog seeing as that would give me the path.
_________________
| 8D wrote: |
cigs dont make people high, which weed does, which causes them to do bad stuff. like killing |
|
|
| Back to top |
|
|
lurc
Grandmaster Cheater Supreme
Reputation: 2
Joined: 13 Nov 2006
Posts: 1900
|
| Posted: Fri May 23, 2008 5:49 pm Post subject: |
|
|
| oib111 wrote: | | Well, seeing as I'm passing the dll name I guess I only need the dll name from the path? But then again, what if there is more than one dll on the hard drive with that name. If I just extracted the dll name it wouldn't be able to specify. But then again, if I only need the name, I guess there is no real point of having the open dialog seeing as that would give me the path. |
-_- Path's are passed as File names. They point to the file name so it doesn't matter if theres a dll with the same name, because the path is unique.
When you load a dll, pass the Path as the Dll Name.
_________________
|
|
| Back to top |
|
|
oib111
I post too much
Reputation: 0
Joined: 02 Apr 2007
Posts: 2947
Location: you wanna know why?
|
| Posted: Fri May 23, 2008 5:59 pm Post subject: |
|
|
Lol. Now I feel stupid, but thanks guys.
_________________
| 8D wrote: |
cigs dont make people high, which weed does, which causes them to do bad stuff. like killing |
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
