Page 1 of 2 12 LastLast
Results 1 to 15 of 29
  1. #1
    Kynox's Sister's Pimp Cypher's Avatar
    Reputation
    1352
    Join Date
    Apr 2006
    Location
    ntdll.dll
    Posts
    5,352
    CoreCoins
    186

    Trade Feedbacks

    Status
    n/a
    Positive
    0 (0%)
    Negative
    0 (0%)

    [WoW] [C++] Hack Loader (DLL Injection Example)



    Donate to Remove Ads, Get ShoutBawx - Elite Forum Access
    This is just a simple injected hack loader for WoW. Includes support for pulling the install path from the registry, as well as a manual override by checking the path the loader resides in first (so you can use multiple install paths if you wish).

    Posting because people always seem to ask me on MSN or on the forums how to inject a DLL.

    Console application, written in C++. Only external dependency is the Windows SDK.

    Code is fully documented and should be easy to modify to your liking.

    Should support XP and up.

    Caveats:
    Not Unicode compatible, compile with MBCS. I got lazy, if you really need Unicode it's on you to fix (its only a 5 minute job, wrapping a handful of strings, and adding pre-processor code for a few STL objects and function prototypes).

    Notes:
    By default it will compile with the CRT dynamically linked. If you need static linking just change that in the compiler settings. I suggest you do this if you want to use the loader for a public release as certain OS variations won't come with the CRT included.

    Project and solution files are for VS2008 only. If you don't have VS2008 you can download VC++ Express 2008 for free from Microsoft, that will work just fine. Otherwise, if you wish to use 2005 or 2003 the onus is on you to fix the project files.

    You can modify the module name in 'Main.cpp', was too lazy to write a build tool to pull it from an external source or something, but its an easy change to make.

    Comments welcome. But intelligent questions/comments/etc only please.

    Credits:
    Programming Windows via C/C++ - Code
    Kynox - Being awesome
    Greyman - Being awesome
    Wiccaan - Patchlib. Can't remember if I used anything from it but its still a cool project.
    All of GD - Being awesome

    Probably stuff I forgot but w/e. Wrote it ages ago.

    Download:
    http://dl.getdropbox.com/u/74751/Loader-20090416a.7z

  2. #2
    New User

    Reputation
    1
    Join Date
    Feb 2009
    Posts
    18
    CoreCoins
    0

    Trade Feedbacks

    Status
    n/a
    Positive
    0 (0%)
    Negative
    0 (0%)
    Thanks for sharing this I am using it to learn a bit and won’t dare ask a question yet but just had to make this observation:
    “Comments welcome. But intelligent questions/comments/etc only please.”
    3 days no comments…. Sais a lot.

  3. #3
    Kynox's Sister's Pimp Cypher's Avatar
    Reputation
    1352
    Join Date
    Apr 2006
    Location
    ntdll.dll
    Posts
    5,352
    CoreCoins
    186

    Trade Feedbacks

    Status
    n/a
    Positive
    0 (0%)
    Negative
    0 (0%)
    Quote Originally Posted by Dalord Urgod View Post
    Thanks for sharing this I am using it to learn a bit and won’t dare ask a question yet but just had to make this observation:
    “Comments welcome. But intelligent questions/comments/etc only please.”
    3 days no comments…. Sais a lot.

    What? About the collective IQ of all but a handful of the people who use this section being under 60?

    Those who aren't in that group made that observation a long time ago.

    Honestly I was expecting a lot of complaints, the code is pretty awful. Might release the loader from my new project once I add spawn-based injection. Its much nicer and easier to work with.

  4. #4
    Contributor

    CoreCoins User


    Reputation
    216
    Join Date
    Sep 2008
    Location
    Hawaii
    Posts
    708
    CoreCoins
    252

    Trade Feedbacks

    Status
    n/a
    Positive
    0 (0%)
    Negative
    0 (0%)
    Cypher,

    I have been trying to understand this injection business. I have compiled your application, and compared it to my own. They seem to be more or less the same only I don't use the error catching that yours does.

    For both your application and mine, if I try to inject by a pid into WoW.exe (I'm working with 3.1.2.9901), the exit code from the thread I create to call LoadLibraryW is always 0. Is there some way to get some more useful information as to what caused the problem? I was thinking I would try and inject GetLastError() or something, but that whatever my problem with LoadLibraryW would very likely be present in this call as well.

    This fails even when I inject a library whose DllMain simply returns true. The only specific example cited on the MSDN page for LoadLibraryW for what causes a null return is if this function DllMain returns false.

    Not sure where to go from here?

  5. #5
    Kynox's Sister's Pimp Cypher's Avatar
    Reputation
    1352
    Join Date
    Apr 2006
    Location
    ntdll.dll
    Posts
    5,352
    CoreCoins
    186

    Trade Feedbacks

    Status
    n/a
    Positive
    0 (0%)
    Negative
    0 (0%)
    I don't recommend using this one. Please use my other loader, the generic one. It will give you information which should help track down the problem.

  6. #6
    Contributor

    CoreCoins User


    Reputation
    216
    Join Date
    Sep 2008
    Location
    Hawaii
    Posts
    708
    CoreCoins
    252

    Trade Feedbacks

    Status
    n/a
    Positive
    0 (0%)
    Negative
    0 (0%)
    Sorry I neglected to mention, but I believe I am using the other one. I got it from your site -- 'Injector v20090421b'. It tells me that the LoadLibraryW call failed (because the exit code was null).

    Edit: While I'm adding information, I should also say that I am on Vista Ultimate 64 with DEP disabled. All of my code is compiled as 32 bit.
    Last edited by namreeb; 05-20-2009 at 11:44 AM.

  7. #7
    Kynox's Sister's Pimp Cypher's Avatar
    Reputation
    1352
    Join Date
    Apr 2006
    Location
    ntdll.dll
    Posts
    5,352
    CoreCoins
    186

    Trade Feedbacks

    Status
    n/a
    Positive
    0 (0%)
    Negative
    0 (0%)
    If the call to LoadLibraryW failed yet the call to CreateRemoteThread succeeded it means you likely have a problem with you DLL. Try injecting a stub DLL that just does nothing in DLLMain except return TRUE.

  8. #8
    Contributor

    CoreCoins User


    Reputation
    216
    Join Date
    Sep 2008
    Location
    Hawaii
    Posts
    708
    CoreCoins
    252

    Trade Feedbacks

    Status
    n/a
    Positive
    0 (0%)
    Negative
    0 (0%)
    I've tried that already. Same result.

  9. #9
    Kynox's Sister's Pimp Cypher's Avatar
    Reputation
    1352
    Join Date
    Apr 2006
    Location
    ntdll.dll
    Posts
    5,352
    CoreCoins
    186

    Trade Feedbacks

    Status
    n/a
    Positive
    0 (0%)
    Negative
    0 (0%)
    Thats really quite bizarre. I'm on Server 2008 x64 and Kynox from memory is on Vista x64 so I know my code works on those platforms. Heck, it even works compiled as native x64.

    Would you mind sending me that stub DLL (just the binary) so I can try it on my PC? All it needs to do is just 'return TRUE' in DLLMain. Don't do ANYTHING else. Anything else you do could potentially screw shit or create a loader lock.

  10. #10
    Contributor

    CoreCoins User


    Reputation
    216
    Join Date
    Sep 2008
    Location
    Hawaii
    Posts
    708
    CoreCoins
    252

    Trade Feedbacks

    Status
    n/a
    Positive
    0 (0%)
    Negative
    0 (0%)
    Sent. Check your inbox.

  11. #11
    Kynox's Sister's Pimp Cypher's Avatar
    Reputation
    1352
    Join Date
    Apr 2006
    Location
    ntdll.dll
    Posts
    5,352
    CoreCoins
    186

    Trade Feedbacks

    Status
    n/a
    Positive
    0 (0%)
    Negative
    0 (0%)
    It injected fine for me. :s

  12. #12
    Contributor amadmonk's Avatar
    Reputation
    124
    Join Date
    Apr 2008
    Posts
    773
    CoreCoins
    0

    Trade Feedbacks

    Status
    n/a
    Positive
    0 (0%)
    Negative
    0 (0%)
    I can attest to the fact that Vista 64 injects 32 bit DLL's (into 32 bit processes, obviously) just fine. Something is geborked on your system...

  13. #13
    Kynox's Sister's Pimp Cypher's Avatar
    Reputation
    1352
    Join Date
    Apr 2006
    Location
    ntdll.dll
    Posts
    5,352
    CoreCoins
    186

    Trade Feedbacks

    Status
    n/a
    Positive
    0 (0%)
    Negative
    0 (0%)
    Quote Originally Posted by amadmonk View Post
    I can attest to the fact that Vista 64 injects 32 bit DLL's (into 32 bit processes, obviously) just fine. Something is geborked on your system...
    Indeed. I can't see any obvious problems with my code and its been tested on everything from XP -> 7, both x86 and x64 builds.

  14. #14
    Contributor

    CoreCoins User


    Reputation
    216
    Join Date
    Sep 2008
    Location
    Hawaii
    Posts
    708
    CoreCoins
    252

    Trade Feedbacks

    Status
    n/a
    Positive
    0 (0%)
    Negative
    0 (0%)
    I thought it might be my anti-virus, but the injector that comes with WoWX successfully injects (after updating the patterns Cypher was kind enough to post on gd). At least I assume it does because it detects "wowme" and quits.

    Edit: I noticed that for some reason yours now works for me, and after I inject with yours, mine is successful... I guess I'm back to looking at mine, but I'm sure I tried yours with my DLL and also had it fail.

    Edit2: Working now! Thanks Cypher!
    Last edited by namreeb; 05-21-2009 at 03:10 AM.

  15. #15
    Kynox's Sister's Pimp Cypher's Avatar
    Reputation
    1352
    Join Date
    Apr 2006
    Location
    ntdll.dll
    Posts
    5,352
    CoreCoins
    186

    Trade Feedbacks

    Status
    n/a
    Positive
    0 (0%)
    Negative
    0 (0%)
    Glad to hear it.

    Would you mind explaining what was wrong though please? For the sake of others. And to satisfy my curiosity.

 

 
Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT -4. The time now is 04:30 AM. Powered by vBulletin® Version 4.2.0
Copyright © 2014 vBulletin Solutions, Inc. All rights reserved. Resources saved on this page: MySQL 5.88%
vBulletin Optimisation provided by vB Optimise (Pro) - vBulletin Mods & Addons Copyright © 2014 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search