 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
TraxMate
Master Cheater
![]() Reputation: 0
Joined: 01 Mar 2008
Posts: 363
|
 Posted: Sat Sep 27, 2008 5:04 am Post subject: [MSVC++] Dll injection problem |
 |
|
Hi again, I'm ahving problem to make a dll injector. The code compiles without errors but it doesn't inject the dll :/, it show the message box saying "Dll injection failed  ". This is a bit too advanced for me but I need it for my trainer.
Here's my source: | Code: | #include <windows.h>
#include <tchar.h>
#include <iostream>
using namespace std;
#define DLL "Test.dll"
DWORD GetPID()
{
HWND MapleWnd;
DWORD MapleID;
DWORD PID;
// Get maples window
MapleWnd = FindWindow(NULL, _T("MapleStory"));
if(!MapleWnd)
return 0;
// Get maple id
MapleID = GetWindowThreadProcessId(MapleWnd, &PID);
if(!PID)
return 0;
return PID;
}
BOOL InjectDll(char *Dll)
{
HANDLE hProcess;
LPVOID RemoteString, LoadLib;
if(!GetPID())
return 0;
hProcess = OpenProcess(PROCESS_ALL_ACCESS, 0, GetPID());
if(!hProcess)
{
MessageBox(NULL, _T("Dll injection failed :("), _T("Error!"), MB_OK);
return 0;
}
LoadLib = (LPVOID)GetProcAddress(GetModuleHandle(_T("kernel32.dll")), "LoadLibraryA");
RemoteString = (LPVOID)VirtualAllocEx(hProcess, NULL, strlen(DLL), MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
WriteProcessMemory(hProcess, (LPVOID)RemoteString, Dll, strlen(Dll), NULL);
CreateRemoteThread(hProcess, NULL, NULL, (LPTHREAD_START_ROUTINE)LoadLib, (LPVOID)RemoteString, NULL, NULL);
CloseHandle(hProcess);
return true;
}
int main()
{
// Title
SetConsoleTitle(_T("My Dll Injector"));
cout << "///////////////////////////////////////////////////////////////////////////////" << endl;
cout << "// TraxMate's Dll Injector //" << endl;
cout << "///////////////////////////////////////////////////////////////////////////////" << endl << endl;
cout << "Waiting for MapleStory...";
// While waiting for Maple it sends "."
while(!FindWindow(NULL, _T("MapleStory")))
{
cout << ".";
Sleep(85);
}
InjectDll("Test.dll");
cin.sync();
cin.ignore();
return 0;
} |
|
|
| Back to top |
|
 |
Noz3001
I'm a spammer
 Reputation: 26
Joined: 29 May 2006
Posts: 6220
Location: /dev/null
|
| Posted: Sat Sep 27, 2008 5:20 am Post subject: |
|
|
| You might not have the right privilages to use PROCESS_ALL_ACCESS or OpenProcess is hooked.
|
|
| Back to top |
|
|
TraxMate
Master Cheater
![]() Reputation: 0
Joined: 01 Mar 2008
Posts: 363
|
| Posted: Sat Sep 27, 2008 5:49 am Post subject: |
|
|
| noz3001 wrote: | | You might not have the right privilages to use PROCESS_ALL_ACCESS or OpenProcess is hooked. |
I don't think it can be hooked before GG is loaded.
I tried adding this: | Code: | | #define CREATE_THREAD_ACCESS (PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ) |
and wrote CREATE_THREAD_ACCESS instead of PROCESS_ALL_ACCESS and I didn't get that message box but nothing is still injected... Is there something in the code that's missing for this to work?
|
|
| Back to top |
|
|
kitterz
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 24 Dec 2007
Posts: 1268
|
| Posted: Sat Sep 27, 2008 6:51 am Post subject: |
|
|
| TraxMate wrote: | | noz3001 wrote: | | You might not have the right privilages to use PROCESS_ALL_ACCESS or OpenProcess is hooked. |
I don't think it can be hooked before GG is loaded.
I tried adding this: | Code: | | #define CREATE_THREAD_ACCESS (PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ) |
and wrote CREATE_THREAD_ACCESS instead of PROCESS_ALL_ACCESS and I didn't get that message box but nothing is still injected... Is there something in the code that's missing for this to work? |
This is what you need
| Code: | | hProc = OpenProcess(PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_CREATE_THREAD, FALSE, dwPid); |
_________________
|
|
| Back to top |
|
|
Innovation
Grandmaster Cheater
![]() Reputation: 12
Joined: 14 Aug 2008
Posts: 617
|
| Posted: Sat Sep 27, 2008 8:02 am Post subject: |
|
|
| It might be easier coding a DLL injector in Delphi (it is easier for me >.<).
|
|
| Back to top |
|
|
kitterz
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 24 Dec 2007
Posts: 1268
|
| Posted: Sat Sep 27, 2008 8:26 am Post subject: |
|
|
| inoobzx wrote: | | It might be easier coding a DLL injector in Delphi (it is easier for me >.<). |
Nah. Mine works fine =p and its in msvc++
_________________
|
|
| Back to top |
|
|
TraxMate
Master Cheater
![]() Reputation: 0
Joined: 01 Mar 2008
Posts: 363
|
| Posted: Sat Sep 27, 2008 8:28 am Post subject: |
|
|
| inoobzx wrote: | | It might be easier coding a DLL injector in Delphi (it is easier for me >.<). |
There are several complete working sources for dll injection to Delphi but I don't want to learn Delphi. I like C++ more.
| kitterz wrote: |
| TraxMate wrote: |
| nox3001 wrote: | | You might not have the right privilages to use PROCESS_ALL_ACCESS or OpenProcess is hooked. |
I don't think it can be hooked before GG is loaded.
I tried adding this: | Code: | | #define CREATE_THREAD_ACCESS (PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ) |
and wrote CREATE_THREAD_ACCESS instead of PROCESS_ALL_ACCESS and I didn't get that message box but nothing is still injected... Is there something in the code that's missing for this to work? |
This is what you need
| Code: | | hProc = OpenProcess(PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_CREATE_THREAD, FALSE, dwPid); |
|
That didn't help doesn't inject anyway. But I have made some changes but still won't work. But I'm getting closer =P
|
|
| Back to top |
|
|
kitterz
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 24 Dec 2007
Posts: 1268
|
| Posted: Sat Sep 27, 2008 8:43 am Post subject: |
|
|
| TraxMate wrote: | | inoobzx wrote: | | It might be easier coding a DLL injector in Delphi (it is easier for me >.<). |
There are several complete working sources for dll injection to Delphi but I don't want to learn Delphi. I like C++ more.
| kitterz wrote: |
| TraxMate wrote: |
| nox3001 wrote: | | You might not have the right privilages to use PROCESS_ALL_ACCESS or OpenProcess is hooked. |
I don't think it can be hooked before GG is loaded.
I tried adding this: | Code: | | #define CREATE_THREAD_ACCESS (PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ) |
and wrote CREATE_THREAD_ACCESS instead of PROCESS_ALL_ACCESS and I didn't get that message box but nothing is still injected... Is there something in the code that's missing for this to work? |
This is what you need
| Code: | | hProc = OpenProcess(PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_CREATE_THREAD, FALSE, dwPid); |
|
That didn't help doesn't inject anyway. But I have made some changes but still won't work. But I'm getting closer =P |
Uhh....make sure the dll has a gui to make sure it actually injects/does not inject.
Also, I did not notice, but the check ofr "dll not injected" must be AFTER you try to inject it. (after the CreateRemoteThread).
Here, you are checking to see if it is injected before you even inject it  , and so it exits. In this case, the OpenProcess failed. I think.
_________________
|
|
| Back to top |
|
|
TraxMate
Master Cheater
![]() Reputation: 0
Joined: 01 Mar 2008
Posts: 363
|
| Posted: Sat Sep 27, 2008 8:58 am Post subject: |
|
|
| kitterz wrote: | | TraxMate wrote: | | inoobzx wrote: | | It might be easier coding a DLL injector in Delphi (it is easier for me >.<). |
There are several complete working sources for dll injection to Delphi but I don't want to learn Delphi. I like C++ more.
| kitterz wrote: |
| TraxMate wrote: |
| nox3001 wrote: | | You might not have the right privilages to use PROCESS_ALL_ACCESS or OpenProcess is hooked. |
I don't think it can be hooked before GG is loaded.
I tried adding this: | Code: | | #define CREATE_THREAD_ACCESS (PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ) |
and wrote CREATE_THREAD_ACCESS instead of PROCESS_ALL_ACCESS and I didn't get that message box but nothing is still injected... Is there something in the code that's missing for this to work? |
This is what you need
| Code: | | hProc = OpenProcess(PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_CREATE_THREAD, FALSE, dwPid); |
|
That didn't help doesn't inject anyway. But I have made some changes but still won't work. But I'm getting closer =P |
Uhh....make sure the dll has a gui to make sure it actually injects/does not inject.
Also, I did not notice, but the check ofr "dll not injected" must be AFTER you try to inject it. (after the CreateRemoteThread).
Here, you are checking to see if it is injected before you even inject it , and so it exits. In this case, the OpenProcess failed. I think. |
The dll has a gui it's a message box. And do you mean I should do this? | Code: | BOOL InjectDll(char *Dll)
{
HANDLE hProcess;
LPVOID RemoteString, LoadLib;
if(!GetPID())
return 0;
hProcess = OpenProcess(CREATE_THREAD_ACCESS, FALSE, GetPID());
LoadLib = (LPVOID)GetProcAddress(GetModuleHandle(_T("kernel32.dll")), "LoadLibraryA");
RemoteString = (LPVOID)VirtualAllocEx(hProcess, NULL, strlen(DLL), MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
WriteProcessMemory(hProcess, (LPVOID)RemoteString, Dll, strlen(Dll), NULL);
CreateRemoteThread(hProcess, NULL, NULL, (LPTHREAD_START_ROUTINE)LoadLib, (LPVOID)RemoteString, NULL, NULL);
if(!hProcess)
{
MessageBox(NULL, _T("Dll injection failed :("), _T("Error!"), MB_OK);
return 0;
}
CloseHandle(hProcess);
return true;
} |
Because that didn't work either.
|
|
| Back to top |
|
|
kitterz
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 24 Dec 2007
Posts: 1268
|
| Posted: Sat Sep 27, 2008 9:02 am Post subject: |
|
|
Im not gonna make a quote chain =p
But ya, that is better, and the right way to go. Though, im 70% sure that PROCESS_ALL_ACCESS does not work in MSVC++ for some reason.
Here is mine, that I modified.
| Code: | #include <windows.h>
#include <iostream>
#include <tlhelp32.h>
//Get Pid of running process
DWORD GetPid (char* Process)
{
HANDLE hProc;
PROCESSENTRY32 peProcess;
hProc = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
peProcess.dwSize = sizeof( PROCESSENTRY32 );
while(Process32Next(hProc, &peProcess)){
if(!strcmp(peProcess.szExeFile, Process)){
CloseHandle (hProc);
return peProcess.th32ProcessID;
}
}
CloseHandle (hProc);
return -1;
}
//Inject a Dll into process
int InjectDll(DWORD dwPid, char *Name)
{
HANDLE hProc;
DWORD dwMemSize, dwWritten, dwThreadId;
FARPROC hLoadLibrary;
LPVOID hRemoteMem;
char cDllPath [260];
GetCurrentDirectory(260, cDllPath);
strcat(cDllPath, "\\");
strcat(cDllPath, Name);
hProc = OpenProcess(PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_CREATE_THREAD, FALSE, dwPid);
if(hProc != NULL){
dwMemSize = strlen(cDllPath);
hLoadLibrary = GetProcAddress(GetModuleHandleA("kernel32.dll"), "LoadLibraryA");
if(hLoadLibrary != NULL){
hRemoteMem = VirtualAllocEx(hProc, NULL, dwMemSize, MEM_COMMIT, PAGE_READWRITE);
if(hRemoteMem != NULL){
if(WriteProcessMemory(hProc, hRemoteMem, (LPVOID)cDllPath, dwMemSize, &dwWritten)){
if(CreateRemoteThread(hProc, NULL, 0, (LPTHREAD_START_ROUTINE)hLoadLibrary, hRemoteMem, 0, &dwThreadId) != NULL){
CloseHandle (hProc);
return 0;
}
}
}
}
}
CloseHandle (hProc);
return 1;
} |
Be sure to include checks in your program, so you can tell where it messes up...
Also, have to tried to debug it? Set some breakpoints and step through it and find out exactly where it goes wrong.
_________________
|
|
| Back to top |
|
|
TraxMate
Master Cheater
![]() Reputation: 0
Joined: 01 Mar 2008
Posts: 363
|
| Posted: Sat Sep 27, 2008 9:05 am Post subject: |
|
|
That's way more advanced tham mine ^^. But I'm getting an error when trying to compile yours... | Code: | d:\documents and settings\****.****-vv2qojz6b9\skrivbord\dll injector\main.cpp(14) : error C2664: 'strcmp' : cannot convert parameter 1 from 'WCHAR [260]' to 'const char *'
Types pointed to are unrelated; conversion requires reinterpret_cast, C-style cast or function-style cast |
I always get that error and I don't know how to fix it :s.
Never thought of debuging it :S  .
|
|
| Back to top |
|
|
kitterz
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 24 Dec 2007
Posts: 1268
|
| Posted: Sat Sep 27, 2008 9:07 am Post subject: |
|
|
| TraxMate wrote: | That's way more advanced tham mine ^^. But I'm getting an error when trying to compile yours... | Code: | d:\documents and settings\****.****-vv2qojz6b9\skrivbord\dll injector\main.cpp(14) : error C2664: 'strcmp' : cannot convert parameter 1 from 'WCHAR [260]' to 'const char *'
Types pointed to are unrelated; conversion requires reinterpret_cast, C-style cast or function-style cast |
I always get that error and I don't know how to fix it :s.
Never thought of debuging it :S . |
I believe you need
#include <string>
wait....its a bad conversion. I dunno what to do, as i never had this error.
Try putting the project as multi-byte?
_________________
Last edited by kitterz on Sat Sep 27, 2008 9:10 am; edited 1 time in total |
|
| Back to top |
|
|
TraxMate
Master Cheater
![]() Reputation: 0
Joined: 01 Mar 2008
Posts: 363
|
| Posted: Sat Sep 27, 2008 9:09 am Post subject: |
|
|
Nope that didn't fix it :/.
EDIT: What compiler did you use when you created it?
|
|
| Back to top |
|
|
kitterz
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 24 Dec 2007
Posts: 1268
|
| Posted: Sat Sep 27, 2008 9:18 am Post subject: |
|
|
| TraxMate wrote: | Nope that didn't fix it :/.
EDIT: What compiler did you use when you created it? |
I use msvc++ compiler 
_________________
|
|
| Back to top |
|
|
TraxMate
Master Cheater
![]() Reputation: 0
Joined: 01 Mar 2008
Posts: 363
|
| Posted: Sat Sep 27, 2008 9:19 am Post subject: |
|
|
| Hmm.. I use the express edition do you think that's why I'm getting the error? :O
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
