1. We have moved from vBulletin to XenForo and you are viewing the site in the middle of the move. Though the functional aspect of everything is working fine, we are still working on other changes including the new design on Xenforo.
    Dismiss Notice

Create a dll and its injector for inject into a process

Discussion in 'C' started by printer, Aug 23, 2007.

  1. printer

    printer New Member

    Joined:
    Aug 23, 2007
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    0
    hey I want to create a dll&loader for injecting into a process.. im just new at win32 programming, and I have several examples of injectors but I need something more basic.

    can anybody post the code of a simple dll that exports one or two functions and the code of the loader for inject code into a process too.. by that way I will be able to understand how works the injection..

    the process I would like to inject in is hl.exe (half-life), this is a known game of shooting.
    but I play the mods of that game, they're called counter strike and day of defeat..

    if you need some examples of dll and loader for make that injection in the hl.exe process, I can post the link of some source codes, but for now I need some basics examples.
     
  2. DaWei

    DaWei New Member

    Joined:
    Dec 6, 2006
    Messages:
    835
    Likes Received:
    5
    Trophy Points:
    0
    Occupation:
    Semi-retired EE
    Location:
    Texan now in Central NY
    Home Page:
    Why don't you post your own code? Just curious.
     
  3. printer

    printer New Member

    Joined:
    Aug 23, 2007
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    0
    are u talkin about something written by me ?.. I have examples but not mine, I said with this examples I just cant understand the basics.. I would like somebody to post a basic dll and its loader for inject code into a process.

    this is one example but, this is not the question of my thread.. I need a basic code about this injection... thanx for replying . :D

    link
     
  4. printer

    printer New Member

    Joined:
    Aug 23, 2007
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    0
    Code:
    #include <windows.h>
    #include <tlhelp32.h> 
    #include <stdio.h>
    using namespace std;
    
    int WINAPI InjectLib(DWORD pid, char *laDll){
    HANDLE proc;
    char buf[MAX_PATH]="";
    LPVOID RemoteString;
    LPVOID nLoadLibrary;
    proc = OpenProcess(PROCESS_ALL_ACCESS, false, pid);
    nLoadLibrary = (LPVOID)GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA");
    RemoteString = (LPVOID)VirtualAllocEx(proc,NULL,strlen(laDll),MEM_COMMIT|MEM_RESERVE,PAGE_READWRITE);
    WriteProcessMemory(proc,(LPVOID)RemoteString,laDll,strlen(laDll),NULL);
    CreateRemoteThread(proc,0,0,(LPTHREAD_START_ROUTINE)nLoadLibrary,(LPVOID)RemoteString,0,NULL);
    CloseHandle(proc);
    }
    
    int main(int argc, char *argv[]){
    printf("waiting the start of CS...");
    HWND hCS = FindWindow("Valve001",NULL);
    while(!hCS)hCS = FindWindow("Valve001",NULL);
    printf("\nInjecting...");
    (GetWindowThreadProcessId(hCS,"cheat.dll");
    printf("\nProcess finished");
    }
    well here is the code can anyone help me to do this work
     
    Last edited by a moderator: Aug 27, 2007
  5. DaWei

    DaWei New Member

    Joined:
    Dec 6, 2006
    Messages:
    835
    Likes Received:
    5
    Trophy Points:
    0
    Occupation:
    Semi-retired EE
    Location:
    Texan now in Central NY
    Home Page:
    You don't seem to understand how to get help. You seem to have some predilection for avoiding things asked of you by the community. I am not going to make a judgement whose outcome opts for stupidity versus recalcitrance. I'm just not going to help you until things change for the better.
     
  6. shabbir

    shabbir Administrator Staff Member

    Joined:
    Jul 12, 2004
    Messages:
    15,276
    Likes Received:
    364
    Trophy Points:
    83
    Use Code Blocks when you have code snippets in the post.
     
  7. printer

    printer New Member

    Joined:
    Aug 23, 2007
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    0
    alright, I know when I am not accepted, so, I will go to other community, for beginners, like me where I can do this kind of questions. But I want to know if the problem was because of talking about game hacking, or why..
     
  8. shabbir

    shabbir Administrator Staff Member

    Joined:
    Jul 12, 2004
    Messages:
    15,276
    Likes Received:
    364
    Trophy Points:
    83
    I don't see any thing like you have not be accepted and welcomed but its just you are not helping us to help you.
     
  9. printer

    printer New Member

    Joined:
    Aug 23, 2007
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    0
    I am the one who needed help, anyway I have this 3 codes, they just compile ok, but don't work I dont know why, can you take a look and help me in what is wrong over this.

    injector1.cpp

    Code:
    #include <windows.h>
    #include "iostream.h"
    #include "stdio.h"
    
    
    int WINAPI InjectLib(DWORD pid, char *laDll)
    {
    
    HANDLE proc;
    char buf[MAX_PATH]="";
    LPVOID RemoteString;
    LPVOID nLoadLibrary;
    
    proc = OpenProcess(PROCESS_ALL_ACCESS, false, pid);
    nLoadLibrary = (LPVOID)GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA");
    
    RemoteString = (LPVOID)VirtualAllocEx(proc,NULL,strlen(laDll),MEM_COMMIT|MEM_RESERVE,PAGE_READWRITE);
    
    WriteProcessMemory(proc,(LPVOID)RemoteString,laDll,strlen(laDll),NULL);
    
    CreateRemoteThread(proc,NULL,NULL,(LPTHREAD_START_ROUTINE)nLoadLibrary,(LPVOID)RemoteString,NULL,NULL);
    
    CloseHandle(proc);
    return 1;
    }
    
    
    int main(int argc, char *argv[])
    {
    DWORD pid;
    HWND hCS;
    
    printf("waiting Half Life...\n");
    while(1)
    {
    hCS = FindWindow("Valve001",NULL);
    Sleep(300);
      
    if(hCS!=NULL)break;
    }
    printf("Injecting...\n");
    GetWindowThreadProcessId(hCS,&pid);
    InjectLib(pid,"hack.dll");
    return 1;
    }
    
    ---------------------

    injector2.cpp

    Code:
    #include <windows.h>
    #include <stdio.h>
    #include <iostream>
    #include <fstream> 
    #define GAME "Counter-Strike"
    #define DLL "hack.dll"
    
    using namespace std;
    
    HWND hWnd;
    DWORD pId;
    
    
    
    void Inject(HWND hWnd, char* strDll ) 
    {
      GetWindowThreadProcessId(hWnd, &pId);
      HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pId);
      LPVOID lpRemoteAddress = VirtualAllocEx(hProcess, NULL, strlen(strDll), MEM_RESERVE|MEM_COMMIT, PAGE_READWRITE);
      WriteProcessMemory(hProcess, lpRemoteAddress, (LPVOID)strDll, strlen(strDll), NULL);
      CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA"), lpRemoteAddress, 0, NULL);
    }
    
    int main() 
    {
      cout<<"waiting window to appear ";
      while(!(hWnd = FindWindow(0,GAME))) Sleep(100);
      cout<<"window found!"<<endl;
      ofstream filecheck;
      filecheck.open(DLL,ios::in);
      if(!filecheck.is_open()) printf("Error: cant find %s.n",DLL);
      else { Inject(hWnd,DLL); cout<<"Injected "<<DLL<<" into process!"<<endl;}
      filecheck.close();
      system("PAUSE");
      return 0;
    }
    
    

    ---------------------------------------

    injector3.cpp



    Code:
    #include "injector3.h"
     
    int Inyect(HANDLE Hand,char dll[])
    {
        if (Hand==NULL || dll == NULL) return 0;
    
        HANDLE hThread;
        HMODULE hKernel;
        LPVOID loadl;
        PVOID amem;
        int dll2 = strlen(dll) + 1;
    
        hKernel = GetModuleHandle("kernel32.dll");
        loadl = (LPVOID)GetProcAddress(hKernel, "LoadLibraryA");
        amem = (LPVOID)VirtualAllocEx(Hand,NULL, dll2, MEM_COMMIT,PAGE_READWRITE);
    
        WriteProcessMemory(Hand,(LPVOID)amem,dll,dll2,NULL);
        hThread = CreateRemoteThread(Hand,NULL,0,(LPTHREAD_START_ROUTINE)loadl,(LPVOID) amem,0,NULL);
        CloseHandle(Hand);
    	return 1;
    }
    
    int main(int argc,char* argv[])
    {
    if (!Detect("hl.exe"))
    {
    Msg(" hl.exe not found cannot inject !","Error !");
    }
    if (Detect("hl.exe"))
    {
    Msg("App detectada !","Detectado !"); // hl is part of  the fullname, because of the strstr, so it is hl.exe
        Sleep(0x7d0);
    Inyect(Detect("hl.exe"),"hack.dll");
    }
    return 0;
    }
    
    
    

    injector3.h

    Code:
    #include <windows.h>
    #include "psapi.h"
    #pragma comment (lib, "psapi")
    
     
    // the lib in dev-cpp is libpsapi.a
     
    #ifndef MAX_PID
    #define MAX_PID 0x64
    #endif
    
    typedef struct iDetect{
    DWORD PIDs[MAX_PID];
    DWORD BytesReturned;
    DWORD BytesRequired;
    HANDLE hProcess;
    HMODULE hMod;
    char* FileName;
    int TotalPIDs;
    int aux;
    } iDetect;
    
    // =================================== DETECT ================================
    
    HANDLE Detect(char* proc)
    {
        iDetect* Data = (iDetect*) malloc(sizeof(iDetect));
        HANDLE ret = NULL;
    Data->FileName = (char*) malloc(MAX_PATH);
    char* pProc = (char*) malloc(lstrlen(proc));
     
          if (!EnumProcesses(Data->PIDs,sizeof(DWORD)*MAX_PID,&Data->BytesReturned))
    {
    
                free(Data->FileName);
                free(Data->PIDs);
                free(Data);
                 return NULL;
                }
          Data->TotalPIDs = (Data->BytesReturned) / (sizeof(DWORD));
          for(Data->aux=Data->TotalPIDs;Data->aux>0;Data->aux--)
    { 
                      Data->hProcess = OpenProcess(
                      PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,
                      FALSE, Data->PIDs[Data->aux]); 
     
         if (Data->hProcess!=NULL)
    { 
                   if (EnumProcessModules(Data->hProcess, &Data->hMod,
                         sizeof(Data->hMod), &Data->BytesRequired)) 
    { 
                       if (GetModuleBaseName(Data->hProcess,Data-> hMod, 
                            Data->FileName,MAX_PATH) == 0x0) Data->FileName[0] = 0x0; 
                         }
                            CharLower(Data->FileName); 
                            CharLower(pProc); 
     
                            if (strstr(Data->FileName,pProc))
    {
                                ret = OpenProcess(PROCESS_ALL_ACCESS,false,Data->PIDs[Data->aux]);
                                break;
                                }
               CloseHandle(Data->hProcess);
                 }
                   }
          CloseHandle(Data->hProcess); 
          free(Data->FileName);
          FreeLibrary(Data->hMod);
          free(Data->hProcess);
          free(Data->PIDs);
          free(pProc);
          free(Data);
          return ret; 
    }
    
    
    // ======================================================================
    
    
    int Msg(char* Err,char* ErrTitle){
    return MessageBoxEx(GetDesktopWindow(),Err,ErrTitle, MB_OK ,0x2c0a	);
    }
     
    
    // ======================================================================
    
    
     

Share This Page