Create a dll and its injector for inject into a process

printer's Avatar
Go4Expert Member
hey I want to create a dll&loader for injecting into a process.. im just new at win32 programming, and I have several examples of injectors but I need something more basic.

can anybody post the code of a simple dll that exports one or two functions and the code of the loader for inject code into a process too.. by that way I will be able to understand how works the injection..

the process I would like to inject in is hl.exe (half-life), this is a known game of shooting.
but I play the mods of that game, they're called counter strike and day of defeat..

if you need some examples of dll and loader for make that injection in the hl.exe process, I can post the link of some source codes, but for now I need some basics examples.
0
DaWei's Avatar, Join Date: Dec 2006
Team Leader
Why don't you post your own code? Just curious.
0
printer's Avatar
Go4Expert Member
are u talkin about something written by me ?.. I have examples but not mine, I said with this examples I just cant understand the basics.. I would like somebody to post a basic dll and its loader for inject code into a process.

this is one example but, this is not the question of my thread.. I need a basic code about this injection... thanx for replying .

link
0
printer's Avatar
Go4Expert Member
Code:
#include <windows.h>
#include <tlhelp32.h> 
#include <stdio.h>
using namespace std;

int WINAPI InjectLib(DWORD pid, char *laDll){
HANDLE proc;
char buf[MAX_PATH]="";
LPVOID RemoteString;
LPVOID nLoadLibrary;
proc = OpenProcess(PROCESS_ALL_ACCESS, false, pid);
nLoadLibrary = (LPVOID)GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA");
RemoteString = (LPVOID)VirtualAllocEx(proc,NULL,strlen(laDll),MEM_COMMIT|MEM_RESERVE,PAGE_READWRITE);
WriteProcessMemory(proc,(LPVOID)RemoteString,laDll,strlen(laDll),NULL);
CreateRemoteThread(proc,0,0,(LPTHREAD_START_ROUTINE)nLoadLibrary,(LPVOID)RemoteString,0,NULL);
CloseHandle(proc);
}

int main(int argc, char *argv[]){
printf("waiting the start of CS...");
HWND hCS = FindWindow("Valve001",NULL);
while(!hCS)hCS = FindWindow("Valve001",NULL);
printf("\nInjecting...");
(GetWindowThreadProcessId(hCS,"cheat.dll");
printf("\nProcess finished");
}
well here is the code can anyone help me to do this work

Last edited by shabbir; 27Aug2007 at 08:11.. Reason: Code block
0
DaWei's Avatar, Join Date: Dec 2006
Team Leader
You don't seem to understand how to get help. You seem to have some predilection for avoiding things asked of you by the community. I am not going to make a judgement whose outcome opts for stupidity versus recalcitrance. I'm just not going to help you until things change for the better.
0
shabbir's Avatar, Join Date: Jul 2004
Go4Expert Founder
Use Code Blocks when you have code snippets in the post.
0
printer's Avatar
Go4Expert Member
alright, I know when I am not accepted, so, I will go to other community, for beginners, like me where I can do this kind of questions. But I want to know if the problem was because of talking about game hacking, or why..
0
shabbir's Avatar, Join Date: Jul 2004
Go4Expert Founder
Quote:
Originally Posted by printer
alright, I know when I am not accepted, so, I will go to other community, for beginners, like me where I can do this kind of questions. But I want to know if the problem was because of talking about game hacking, or why..
I don't see any thing like you have not be accepted and welcomed but its just you are not helping us to help you.
0
printer's Avatar
Go4Expert Member
I am the one who needed help, anyway I have this 3 codes, they just compile ok, but don't work I dont know why, can you take a look and help me in what is wrong over this.

injector1.cpp

Code:
#include <windows.h>
#include "iostream.h"
#include "stdio.h"


int WINAPI InjectLib(DWORD pid, char *laDll)
{

HANDLE proc;
char buf[MAX_PATH]="";
LPVOID RemoteString;
LPVOID nLoadLibrary;

proc = OpenProcess(PROCESS_ALL_ACCESS, false, pid);
nLoadLibrary = (LPVOID)GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA");

RemoteString = (LPVOID)VirtualAllocEx(proc,NULL,strlen(laDll),MEM_COMMIT|MEM_RESERVE,PAGE_READWRITE);

WriteProcessMemory(proc,(LPVOID)RemoteString,laDll,strlen(laDll),NULL);

CreateRemoteThread(proc,NULL,NULL,(LPTHREAD_START_ROUTINE)nLoadLibrary,(LPVOID)RemoteString,NULL,NULL);

CloseHandle(proc);
return 1;
}


int main(int argc, char *argv[])
{
DWORD pid;
HWND hCS;

printf("waiting Half Life...\n");
while(1)
{
hCS = FindWindow("Valve001",NULL);
Sleep(300);
  
if(hCS!=NULL)break;
}
printf("Injecting...\n");
GetWindowThreadProcessId(hCS,&pid);
InjectLib(pid,"hack.dll");
return 1;
}
---------------------

injector2.cpp

Code:
#include <windows.h>
#include <stdio.h>
#include <iostream>
#include <fstream> 
#define GAME "Counter-Strike"
#define DLL "hack.dll"

using namespace std;

HWND hWnd;
DWORD pId;



void Inject(HWND hWnd, char* strDll ) 
{
  GetWindowThreadProcessId(hWnd, &pId);
  HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pId);
  LPVOID lpRemoteAddress = VirtualAllocEx(hProcess, NULL, strlen(strDll), MEM_RESERVE|MEM_COMMIT, PAGE_READWRITE);
  WriteProcessMemory(hProcess, lpRemoteAddress, (LPVOID)strDll, strlen(strDll), NULL);
  CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA"), lpRemoteAddress, 0, NULL);
}

int main() 
{
  cout<<"waiting window to appear ";
  while(!(hWnd = FindWindow(0,GAME))) Sleep(100);
  cout<<"window found!"<<endl;
  ofstream filecheck;
  filecheck.open(DLL,ios::in);
  if(!filecheck.is_open()) printf("Error: cant find %s.n",DLL);
  else { Inject(hWnd,DLL); cout<<"Injected "<<DLL<<" into process!"<<endl;}
  filecheck.close();
  system("PAUSE");
  return 0;
}

---------------------------------------

injector3.cpp



Code:
#include "injector3.h"
 
int Inyect(HANDLE Hand,char dll[])
{
    if (Hand==NULL || dll == NULL) return 0;

    HANDLE hThread;
    HMODULE hKernel;
    LPVOID loadl;
    PVOID amem;
    int dll2 = strlen(dll) + 1;

    hKernel = GetModuleHandle("kernel32.dll");
    loadl = (LPVOID)GetProcAddress(hKernel, "LoadLibraryA");
    amem = (LPVOID)VirtualAllocEx(Hand,NULL, dll2, MEM_COMMIT,PAGE_READWRITE);

    WriteProcessMemory(Hand,(LPVOID)amem,dll,dll2,NULL);
    hThread = CreateRemoteThread(Hand,NULL,0,(LPTHREAD_START_ROUTINE)loadl,(LPVOID) amem,0,NULL);
    CloseHandle(Hand);
	return 1;
}

int main(int argc,char* argv[])
{
if (!Detect("hl.exe"))
{
Msg(" hl.exe not found cannot inject !","Error !");
}
if (Detect("hl.exe"))
{
Msg("App detectada !","Detectado !"); // hl is part of  the fullname, because of the strstr, so it is hl.exe
    Sleep(0x7d0);
Inyect(Detect("hl.exe"),"hack.dll");
}
return 0;
}

injector3.h

Code:
#include <windows.h>
#include "psapi.h"
#pragma comment (lib, "psapi")

 
// the lib in dev-cpp is libpsapi.a
 
#ifndef MAX_PID
#define MAX_PID 0x64
#endif

typedef struct iDetect{
DWORD PIDs[MAX_PID];
DWORD BytesReturned;
DWORD BytesRequired;
HANDLE hProcess;
HMODULE hMod;
char* FileName;
int TotalPIDs;
int aux;
} iDetect;

// =================================== DETECT ================================

HANDLE Detect(char* proc)
{
    iDetect* Data = (iDetect*) malloc(sizeof(iDetect));
    HANDLE ret = NULL;
Data->FileName = (char*) malloc(MAX_PATH);
char* pProc = (char*) malloc(lstrlen(proc));
 
      if (!EnumProcesses(Data->PIDs,sizeof(DWORD)*MAX_PID,&Data->BytesReturned))
{

            free(Data->FileName);
            free(Data->PIDs);
            free(Data);
             return NULL;
            }
      Data->TotalPIDs = (Data->BytesReturned) / (sizeof(DWORD));
      for(Data->aux=Data->TotalPIDs;Data->aux>0;Data->aux--)
{ 
                  Data->hProcess = OpenProcess(
                  PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,
                  FALSE, Data->PIDs[Data->aux]); 
 
     if (Data->hProcess!=NULL)
{ 
               if (EnumProcessModules(Data->hProcess, &Data->hMod,
                     sizeof(Data->hMod), &Data->BytesRequired)) 
{ 
                   if (GetModuleBaseName(Data->hProcess,Data-> hMod, 
                        Data->FileName,MAX_PATH) == 0x0) Data->FileName[0] = 0x0; 
                     }
                        CharLower(Data->FileName); 
                        CharLower(pProc); 
 
                        if (strstr(Data->FileName,pProc))
{
                            ret = OpenProcess(PROCESS_ALL_ACCESS,false,Data->PIDs[Data->aux]);
                            break;
                            }
           CloseHandle(Data->hProcess);
             }
               }
      CloseHandle(Data->hProcess); 
      free(Data->FileName);
      FreeLibrary(Data->hMod);
      free(Data->hProcess);
      free(Data->PIDs);
      free(pProc);
      free(Data);
      return ret; 
}


// ======================================================================


int Msg(char* Err,char* ErrTitle){
return MessageBoxEx(GetDesktopWindow(),Err,ErrTitle, MB_OK ,0x2c0a	);
}
 

// ======================================================================