[WoW] [C++] Hack Loader (DLL Injection Example)
This is just a simple injected hack loader for WoW. Includes support for pulling the install path from the registry, as well as a manual override by checking the path the loader resides in first (so you can use multiple install paths if you wish).
Posting because people always seem to ask me on MSN or on the forums how to inject a DLL.
Console application, written in C++. Only external dependency is the Windows SDK.
Code is fully documented and should be easy to modify to your liking.
Should support XP and up.
Not Unicode compatible, compile with MBCS. I got lazy, if you really need Unicode it's on you to fix (its only a 5 minute job, wrapping a handful of strings, and adding pre-processor code for a few STL objects and function prototypes).
By default it will compile with the CRT dynamically linked. If you need static linking just change that in the compiler settings. I suggest you do this if you want to use the loader for a public release as certain OS variations won't come with the CRT included.
Project and solution files are for VS2008 only. If you don't have VS2008 you can download VC++ Express 2008 for free from Microsoft, that will work just fine. Otherwise, if you wish to use 2005 or 2003 the onus is on you to fix the project files.
You can modify the module name in 'Main.cpp', was too lazy to write a build tool to pull it from an external source or something, but its an easy change to make.
Comments welcome. But intelligent questions/comments/etc only please.
Programming Windows via C/C++ - Code
Kynox - Being awesome
Greyman - Being awesome
Wiccaan - Patchlib. Can't remember if I used anything from it but its still a cool project.
All of GD - Being awesome
Probably stuff I forgot but w/e. Wrote it ages ago.
Thanks for sharing this I am using it to learn a bit and won’t dare ask a question yet but just had to make this observation:
“Comments welcome. But intelligent questions/comments/etc only please.”
3 days no comments…. Sais a lot.
Originally Posted by Dalord Urgod
What? About the collective IQ of all but a handful of the people who use this section being under 60?
Those who aren't in that group made that observation a long time ago.
Honestly I was expecting a lot of complaints, the code is pretty awful. Might release the loader from my new project once I add spawn-based injection. Its much nicer and easier to work with.
I have been trying to understand this injection business. I have compiled your application, and compared it to my own. They seem to be more or less the same only I don't use the error catching that yours does.
For both your application and mine, if I try to inject by a pid into WoW.exe (I'm working with 126.96.36.19901), the exit code from the thread I create to call LoadLibraryW is always 0. Is there some way to get some more useful information as to what caused the problem? I was thinking I would try and inject GetLastError() or something, but that whatever my problem with LoadLibraryW would very likely be present in this call as well.
This fails even when I inject a library whose DllMain simply returns true. The only specific example cited on the MSDN page for LoadLibraryW for what causes a null return is if this function DllMain returns false.
Not sure where to go from here?
I don't recommend using this one. Please use my other loader, the generic one. It will give you information which should help track down the problem.
Sorry I neglected to mention, but I believe I am using the other one. I got it from your site -- 'Injector v20090421b'. It tells me that the LoadLibraryW call failed (because the exit code was null).
Edit: While I'm adding information, I should also say that I am on Vista Ultimate 64 with DEP disabled. All of my code is compiled as 32 bit.
Last edited by namreeb; 05-20-2009 at 11:44 AM.
If the call to LoadLibraryW failed yet the call to CreateRemoteThread succeeded it means you likely have a problem with you DLL. Try injecting a stub DLL that just does nothing in DLLMain except return TRUE.
I've tried that already. Same result.
Thats really quite bizarre. I'm on Server 2008 x64 and Kynox from memory is on Vista x64 so I know my code works on those platforms. Heck, it even works compiled as native x64.
Would you mind sending me that stub DLL (just the binary) so I can try it on my PC? All it needs to do is just 'return TRUE' in DLLMain. Don't do ANYTHING else. Anything else you do could potentially screw shit or create a loader lock.
It injected fine for me. :s
I can attest to the fact that Vista 64 injects 32 bit DLL's (into 32 bit processes, obviously) just fine. Something is geborked on your system...
Indeed. I can't see any obvious problems with my code and its been tested on everything from XP -> 7, both x86 and x64 builds.
Originally Posted by amadmonk
I thought it might be my anti-virus, but the injector that comes with WoWX successfully injects (after updating the patterns Cypher was kind enough to post on gd). At least I assume it does because it detects "wowme" and quits.
Edit: I noticed that for some reason yours now works for me, and after I inject with yours, mine is successful... I guess I'm back to looking at mine, but I'm sure I tried yours with my DLL and also had it fail.
Edit2: Working now! Thanks Cypher!
Last edited by namreeb; 05-21-2009 at 03:10 AM.
Glad to hear it.
Would you mind explaining what was wrong though please? For the sake of others. And to satisfy my curiosity.