 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
661089799107
Expert Cheater
![]() Reputation: 3
Joined: 25 Jan 2009
Posts: 186
|
 Posted: Thu Jun 03, 2010 12:20 am Post subject: [Help, C++] Injecting DLL |
 |
|
I'm trying to inject the following dll (hook.dll) into the Minesweeper process.
| Code: |
#include <windows.h>
BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
MessageBoxA(0, "", "", MB_OK);
return TRUE;
}
|
And using the below code to inject the dll.
| Code: |
#include <iostream>
#include <windows.h>
using namespace std;
int main(int argc, char* argv[]) {
HWND hWnd = FindWindow(0, "Minesweeper");
if(!hWnd) {
cout << "Unable to find window: Minesweeper" << endl;
system("pause");
exit(1);
}
DWORD pid;
GetWindowThreadProcessId(hWnd, &pid);
cout << pid << endl;
HANDLE hProc = OpenProcess(
PROCESS_ALL_ACCESS,
false,
pid);
PVOID addr = VirtualAllocEx(
hProc,
NULL,
9,
MEM_COMMIT | MEM_RESERVE,
PAGE_EXECUTE_READWRITE);
cout << addr << endl;
WriteProcessMemory(
hProc,
addr,
"hook.dll",
9,
NULL);
HANDLE hThread = CreateRemoteThread(
hProc,
NULL,
0,
(LPTHREAD_START_ROUTINE)
GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA"),
addr,
0,
NULL);
CloseHandle(hThread);
CloseHandle(hProc);
system("pause");
return EXIT_SUCCESS;
}
|
I'm not sure what the problem is.
After running the dll injector, the MessageBox in dllmain is never shown.
Also when I open up olly debugger after running the injector, the dll is not in the executable module list. (Alt + e)
So for some reason the dll isn't getting injected.
|
|
| Back to top |
|
 |
Stylo
Grandmaster Cheater Supreme
![]() Reputation: 3
Joined: 16 May 2007
Posts: 1073
Location: Israel
|
| Posted: Thu Jun 03, 2010 1:00 am Post subject: |
|
|
Try specifying exactly what process access you need
| Code: |
PROCESS_VM_READ
PROCESS_VM_WRITE
PROCESS_VM_OPERATION
PROCESS_CREATE_THREAD
PROCESS_QUERY_INFORMATION
|
idk it might work :s
_________________
Stylo |
|
| Back to top |
|
|
661089799107
Expert Cheater
![]() Reputation: 3
Joined: 25 Jan 2009
Posts: 186
|
| Posted: Thu Jun 03, 2010 1:13 am Post subject: |
|
|
| Stylo wrote: | Try specifying exactly what process access you need
| Code: |
PROCESS_VM_READ
PROCESS_VM_WRITE
PROCESS_VM_OPERATION
PROCESS_CREATE_THREAD
PROCESS_QUERY_INFORMATION
|
idk it might work :s |
Nope, didn't work 
|
|
| Back to top |
|
|
zile
Advanced Cheater
![]() Reputation: 0
Joined: 11 Jul 2009
Posts: 75
|
| Posted: Thu Jun 03, 2010 1:25 am Post subject: |
|
|
| try using the full dllmain code, the one with switch and case of dll attach and dettach
|
|
| Back to top |
|
|
Flyte
Peanuts!!!!
 Reputation: 6
Joined: 19 Apr 2006
Posts: 1887
Location: Canada
|
| Posted: Thu Jun 03, 2010 1:38 am Post subject: |
|
|
Maybe if you used more error handling, you would know exactly where the problem lies. 
|
|
| Back to top |
|
|
661089799107
Expert Cheater
![]() Reputation: 3
Joined: 25 Jan 2009
Posts: 186
|
| Posted: Thu Jun 03, 2010 1:47 am Post subject: |
|
|
| Flyte wrote: | | Maybe if you used more error handling, you would know exactly where the problem lies. |
None of the function calls seem to be returning any errors.
| zile wrote: | | try using the full dllmain code, the one with switch and case of dll attach and dettach |
Thanks, but It didn't work. I don't see how that should make a difference though.
But anyways I tried changing:
| Code: |
#include <windows.h>
BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
MessageBoxA(0, "", "", MB_OK);
return TRUE;
}
|
to
| Code: |
#include <windows.h>
bool WINAPI DllMain(HINSTANCE hInstance, DWORD reason, LPVOID lpReserved) {
switch (reason) {
case DLL_PROCESS_ATTACH:
MessageBoxA(NULL, "DLL_PROCESS_ATTACH", "DLL_PROCESS_ATTACH", MB_OK);
break;
case DLL_PROCESS_DETACH:
MessageBoxA(NULL, "DLL_PROCESS_DETACH", "DLL_PROCESS_DETACH", MB_OK);
break;
case DLL_THREAD_ATTACH:
MessageBoxA(NULL, "DLL_THREAD_ATTACH", "DLL_THREAD_ATTACH", MB_OK);
break;
case DLL_THREAD_DETACH:
MessageBoxA(NULL, "DLL_THREAD_DETACH", "DLL_THREAD_DETACH", MB_OK);
break;
}
return true;
}
|
|
|
| Back to top |
|
|
zile
Advanced Cheater
![]() Reputation: 0
Joined: 11 Jul 2009
Posts: 75
|
| Posted: Thu Jun 03, 2010 2:13 am Post subject: |
|
|
I dunno, u didnt say that your dll injects successfullly with other injectors, i thought it might be the dll's problem?
im not really good anyway, try checking out kitters's injector source, maybe u can see whats different from yours ( other than searching for process name )
|
|
| Back to top |
|
|
Stylo
Grandmaster Cheater Supreme
![]() Reputation: 3
Joined: 16 May 2007
Posts: 1073
Location: Israel
|
| Posted: Thu Jun 03, 2010 2:25 am Post subject: |
|
|
Perhaps you should specifying the full dll path in case the dll isn't at the same folder as the injector?
but give it a try anywayz
_________________
Stylo |
|
| Back to top |
|
|
661089799107
Expert Cheater
![]() Reputation: 3
Joined: 25 Jan 2009
Posts: 186
|
| Posted: Thu Jun 03, 2010 2:32 am Post subject: |
|
|
Thanks everyone for the help 
| Stylo wrote: | Perhaps you should specifying the full dll path in case the dll isn't at the same folder as the injector?
but give it a try anywayz |
Specifying the full path to the dll worked, but both the exe/dll were on the desktop. :S
|
|
| Back to top |
|
|
Anden100
Grandmaster Cheater
![]() Reputation: 0
Joined: 20 Apr 2007
Posts: 668
|
| Posted: Thu Jun 03, 2010 6:21 am Post subject: |
|
|
| Bill87 wrote: | Thanks everyone for the help
| Stylo wrote: | Perhaps you should specifying the full dll path in case the dll isn't at the same folder as the injector?
but give it a try anywayz |
Specifying the full path to the dll worked, but both the exe/dll were on the desktop. :S |
It has to be in the same folder as the application, in which you wish to inject it. Otherwise you will need a full path
|
|
| Back to top |
|
|
tombana
Master Cheater
![]() Reputation: 2
Joined: 14 Jun 2007
Posts: 456
Location: The Netherlands
|
| Posted: Thu Jun 03, 2010 7:24 am Post subject: |
|
|
| Anden100 wrote: | | Bill87 wrote: | Thanks everyone for the help
| Stylo wrote: | Perhaps you should specifying the full dll path in case the dll isn't at the same folder as the injector?
but give it a try anywayz |
Specifying the full path to the dll worked, but both the exe/dll were on the desktop. :S |
It has to be in the same folder as the application, in which you wish to inject it. Otherwise you will need a full path |
The 'current working directory' or something like that would also work I think.
|
|
| Back to top |
|
|
Slugsnack
Grandmaster Cheater Supreme
![]() Reputation: 71
Joined: 24 Jan 2007
Posts: 1857
|
| Posted: Thu Jun 03, 2010 7:29 am Post subject: |
|
|
| no, OP is right. i've had this problem too. it used to be that just specifying file name worked if the dll was in the same directory. for some reason that doesn't happen anymore, you have to specify full path. using windows 7 ultimate x86
|
|
| Back to top |
|
|
MatrixKiDD
Expert Cheater
 Reputation: 0
Joined: 29 May 2007
Posts: 151
Location: Torontooooo
|
| Posted: Thu Jun 03, 2010 10:01 pm Post subject: |
|
|
| Code: | #include <windows.h>
#include <crtdbg.h>
#include <tchar.h>
#include <errno.h>
static const TCHAR s_cszUsage[] = _T("[-] USAGE: \"%s\" <process id> <module path>");
HMODULE InjectModule(__in HANDLE hProcess, __in LPCTSTR lpcszFileName)
{
HMODULE hModule;
LPVOID lpBuffer;
HANDLE hThread;
INT nLength;
nLength = (lstrlen(lpcszFileName) + 1) * sizeof(TCHAR);
if (nLength == sizeof(TCHAR))
{
SetLastError(ERROR_INVALID_PARAMETER);
return NULL;
}
lpBuffer = VirtualAllocEx(hProcess, NULL, nLength, MEM_COMMIT, PAGE_READWRITE);
if (lpBuffer == NULL)
return NULL;
hModule = NULL;
if (WriteProcessMemory(hProcess, lpBuffer, (LPCVOID)lpcszFileName, nLength, NULL))
{
hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)LoadLibrary, lpBuffer, 0, NULL);
if (hThread != NULL)
{
if (WaitForSingleObject(hThread, INFINITE) == WAIT_OBJECT_0)
GetExitCodeThread(hThread, (LPDWORD)&hModule);
CloseHandle(hThread);
}
}
_ASSERT(VirtualFreeEx(hProcess, lpBuffer, nLength, MEM_DECOMMIT));
return hModule;
}
int __cdecl _tmain(__in int argc, __in_ecount_z_opt(argc) _TCHAR* __targv[], __in_z_opt _TCHAR* _tenviron[])
{
HMODULE hModule;
HANDLE hProcess;
LONG lProcessId;
UNREFERENCED_PARAMETER(_tenviron);
_tprintf_s(_T("process module injector example for Bill87 @ cheatengine.org\r\n---\r\n"));
if (argc != 3)
{
_ftprintf_s(stderr, s_cszUsage, __targv[0]);
return EXIT_FAILURE;
}
lProcessId = _tcstol(__targv[1], NULL, 0);
if (lProcessId == 0 || lProcessId == LONG_MIN || lProcessId == LONG_MAX || errno == ERANGE || errno == EINVAL)
{
_ftprintf_s(stderr, s_cszUsage, __targv[0]);
return EXIT_FAILURE;
}
hProcess = OpenProcess(PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ | PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION, FALSE, lProcessId);
if (hProcess == NULL)
{
_ftprintf_s(stderr, _T("[-] Could not gain access to process, aborting! [ERROR=0x%08X]"), GetLastError());
return EXIT_FAILURE;
}
hModule = InjectModule(hProcess, __targv[2]);
CloseHandle(hProcess);
if (hModule != NULL)
{
_tprintf_s(_T("[x] \"%s\" injected into PID %l. [HMODULE=0x%p]"), __targv[2], __targv[1], hModule);
return EXIT_SUCCESS;
}
else
{
_ftprintf_s(stderr, _T("[-] Could not inject module into process, aborting! [ERROR=0x%08X]"), GetLastError());
return EXIT_FAILURE;
}
}
|
_________________
[Bera]
Spearman - Lv 60 - Perm Banned =(
Warrior - Lv 17 - Possibly Botting
[Mardia]
Crusader - Lv 100 - Somewhat active
Brawler - Lv 33 - Somewhat active
Archer - Lv 27 - ACTIVE |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
