DirectX/CEGUI hooking? menu

Shout-Out

User Tag List

Page 3 of 5 FirstFirst 12345 LastLast
Results 31 to 45 of 75
  1. #31
    Cypher's Avatar Kynox's Sister's Pimp
    Reputation
    1358
    Join Date
    Apr 2006
    Posts
    5,368
    Thanks G/R
    0/6
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I use that method because it allows me to hook the functions I need to before WoW launches. (Which is needed to pull off certain functionality, namely hooking certain LUA functions that are registered when WoW first launches)

    Heres a code snippet for ya.
    Code:
    // Launch button handler
    std::string DoLaunch(const char*, CButton*)
    {
        SetStatus(RGB(0,0,255), "Attempting injection.");
    
        // Make sure the DLL exists
        TCHAR tszHookPath[MAX_PATH] = {0};
        if(GetFileAttributes(_tfullpath(tszHookPath, DllName.c_str(), MAX_PATH)) == 0xFFFFFFFF)
        {
            SetStatus(RGB(255,0,0), "Couldn't find DLL!");
            return std::string();
        }
    
        STARTUPINFO WoWSi;
        PROCESS_INFORMATION WoWPi;
        ZeroMemory(&WoWSi, sizeof(WoWSi));
        WoWSi.cb = sizeof(WoWSi);
        ZeroMemory(&WoWPi, sizeof(WoWPi));
    
        TCHAR Path[MAX_PATH] = {0};
        DWORD BuffSize = MAX_PATH;
        HKEY WoWKey;
        RegOpenKeyEx(HKEY_LOCAL_MACHINE,"SOFTWARE\Blizzard Entertainment\World of Warcraft\",0,KEY_READ,&WoWKey);
        RegQueryValueEx(WoWKey,"InstallPath",NULL,NULL,(LPBYTE)Path,&BuffSize);
    
        std::string WoWPath = Path;
        WoWPath.append("WoW.exe -console");
    
        std::string WoWCurrentDir = "WoW.exe -console";
    
        if (!CreateProcess(NULL,(LPSTR)WoWCurrentDir.c_str(),NULL,NULL,FALSE,CREATE_SUSPENDED,NULL,NULL,&WoWSi,&WoWPi))
        {
            if (!CreateProcess(NULL,(LPSTR)WoWPath.c_str(),NULL,NULL,FALSE,CREATE_SUSPENDED,NULL,NULL,&WoWSi,&WoWPi))
            {
                SetStatus(RGB(255,0,0), "Process creation failed!");
                return std::string();
            }
        }
    
        // Inject the dll
        DWORD ForceLibrary(CHAR* szLibraryPath,PROCESS_INFORMATION* pProcInfo);
        DWORD ForceLibRet = ForceLibrary(_tfullpath(NULL, DllName.c_str(), MAX_PATH),&WoWPi);
        if (!ForceLibRet)
        {
            SetStatus(RGB(255,0,0), "Injection failed!");
            TerminateProcess(WoWPi.hProcess,0);
            return std::string();
        }
        else
        {
            ResumeThread(WoWPi.hThread);
        }
        
        // Injection succeeded (hopefully) if we get here
        SetStatus(RGB(0,255,0),"Injection succeeded!");
        return std::string();
    }
    Code is pretty disgusting at the moment. My apologies. Only because its something I hacked together quickly without care because I'm rewriting the loader from scratch in a few days.

    Its a good starting point though and works perfectly for me.

    DirectX/CEGUI hooking?
  2. #32
    lanman92's Avatar Active Member
    Reputation
    50
    Join Date
    Mar 2007
    Posts
    1,033
    Thanks G/R
    0/1
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hm, is forcelib good? ive never tried it.

    P.S.: i broke my thumb at football and typing is quite difficult...

    ARGH! Where can i get forcelib??? I can't download from y0da's site, he stopped paying for his domain... Mind linking it?
    Last edited by lanman92; 09-08-2008 at 06:48 PM.

  3. #33
    Cypher's Avatar Kynox's Sister's Pimp
    Reputation
    1358
    Join Date
    Apr 2006
    Posts
    5,368
    Thanks G/R
    0/6
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

  4. #34
    lanman92's Avatar Active Member
    Reputation
    50
    Join Date
    Mar 2007
    Posts
    1,033
    Thanks G/R
    0/1
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks, although I'm thinking about using SetWindowsHookEx(). It looks quite easy and safe to implement.

  5. #35
    Cypher's Avatar Kynox's Sister's Pimp
    Reputation
    1358
    Join Date
    Apr 2006
    Posts
    5,368
    Thanks G/R
    0/6
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thats unnecessary, caus you're gonna inject yourself into all running processes which is silly. Warden doesn't check for 'extranous' DLL's in the module list, namely because there are many legitimate reasons to inject a DLL into a 3rd party program. IM clients do it for example to monitor the users 'idle' status.

    SetWindowsHookEx won't stop Warden from enumerating the module list anyway so its pointless (and besides, its not looking for you in this list so its not a concern to begin with).

  6. #36
    Shynd's Avatar Contributor
    Reputation
    97
    Join Date
    May 2008
    Posts
    393
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    For the record, setting the privilege token necessary to access the WoW process is far easier than creating the process. Copy+paste a function from Kynox's object dumper named GrantAccess() or GrantPermission() or something like that, then call that function. Requires no trouble-shooting or debugging or anything.

    But, I certainly agree that creating the process is the better way of doing it. It's how I've been doing it, lately, so I can unload my module before WoW.exe has any time to do anything at all--whereas I know they're not hooking LoadLibrary and keeping track of what modules are loaded now, they may in the future, so why not just get it over and done with and play it safe to begin with.

  7. #37
    lanman92's Avatar Active Member
    Reputation
    50
    Join Date
    Mar 2007
    Posts
    1,033
    Thanks G/R
    0/1
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    What is wrong with this code? My program hangs whenever it gets to this line, I don't even get the message on cout.

    Code:
     
    if(!CreateProcess(NULL,(LPWSTR)"C:\Users\Public\Documents\World of Warcraft\Wow.exe",NULL,NULL,FALSE,CREATE_SUSPENDED,NULL,NULL,&WoWSi,&WoWPi))

  8. #38
    Cypher's Avatar Kynox's Sister's Pimp
    Reputation
    1358
    Join Date
    Apr 2006
    Posts
    5,368
    Thanks G/R
    0/6
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Shynd View Post
    For the record, setting the privilege token necessary to access the WoW process is far easier than creating the process. Copy+paste a function from Kynox's object dumper named GrantAccess() or GrantPermission() or something like that, then call that function. Requires no trouble-shooting or debugging or anything.

    But, I certainly agree that creating the process is the better way of doing it. It's how I've been doing it, lately, so I can unload my module before WoW.exe has any time to do anything at all--whereas I know they're not hooking LoadLibrary and keeping track of what modules are loaded now, they may in the future, so why not just get it over and done with and play it safe to begin with.

    I have to create the process so I can hook the LUA functions and apply a model edit fix. Also, the worse that would happen in the future if they wanted to stop arbitrary DLL injection is they'd stop the CreateRemoteThread call, theres no way they could ban for it, if they did all the XFire users would be banned because I'm sure it would use injection for its ingame UI.

  9. #39
    Cypher's Avatar Kynox's Sister's Pimp
    Reputation
    1358
    Join Date
    Apr 2006
    Posts
    5,368
    Thanks G/R
    0/6
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by lanman92 View Post
    What is wrong with this code? My program hangs whenever it gets to this line, I don't even get the message on cout.

    Code:
     
    if(!CreateProcess(NULL,(LPWSTR)"C:UsersPublicDocumentsWorld of WarcraftWow.exe",NULL,NULL,FALSE,CREATE_SUSPENDED,NULL,NULL,&WoWSi,&WoWPi))
    Maybe you've got your program set to ANSI? You're casting a string to a wide string. If you've messed up the encoding that could be the problem. I use Multi-byte encoding for all my code which isn't the default for 99% of compilers.

    PS. I'm using the word 'string' to refer to a char/wchar_t array, not the STL string class.

  10. #40
    arigity's Avatar Banned
    Reputation
    49
    Join Date
    Dec 2007
    Posts
    548
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    BOOL WINAPI CreateProcess(
    __in_opt LPCTSTR lpApplicationName,
    __inout_opt LPTSTR lpCommandLine,
    __in_opt LPSECURITY_ATTRIBUTES lpProcessAttributes,
    __in_opt LPSECURITY_ATTRIBUTES lpThreadAttributes,
    __in BOOL bInheritHandles,
    __in DWORD dwCreationFlags,
    __in_opt LPVOID lpEnvironment,
    __in_opt LPCTSTR lpCurrentDirectory,
    __in LPSTARTUPINFO lpStartupInfo,
    __out LPPROCESS_INFORMATION lpProcessInformation
    );

    there is no need to not use lpApplicationName if your not going to add -console

  11. #41
    lanman92's Avatar Active Member
    Reputation
    50
    Join Date
    Mar 2007
    Posts
    1,033
    Thanks G/R
    0/1
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Okay, I tried both CreateProcessA() and CreateProcessW(), both to no avail. I don't see the issue, I'm casting with the proper type, LPSTR and LPWSTR.

    EDIT: If it helps, my GetLastError() returns 87, invalidparam.
    EDIT2: Nvm, I got it right now. Now all I need to do is work on my DLL and hiding from warden/bypassing warden...
    Last edited by lanman92; 09-09-2008 at 10:18 PM.

  12. #42
    Xarg0's Avatar Member
    Reputation
    61
    Join Date
    Jan 2008
    Posts
    389
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You don't need to bypass warden unless you want to edit stuff that warden is watching ^^
    I hacked 127.0.0.1

  13. #43
    kynox's Avatar Member
    Reputation
    830
    Join Date
    Dec 2006
    Posts
    888
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Xarg0 View Post
    You don't need to bypass warden unless you want to edit stuff that warden is watching ^^
    Well, if you release something public you have another story. But yes, you're exactly right.

  14. #44
    lanman92's Avatar Active Member
    Reputation
    50
    Join Date
    Mar 2007
    Posts
    1,033
    Thanks G/R
    0/1
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Xarg0 View Post
    You don't need to bypass warden unless you want to edit stuff that warden is watching ^^
    lol, what DOESNT warden watch? I'm gonna do a basic wallhack and maybe movementstate hack... kynox posted some very friendly info about it so this shouldnt be too difficult.

  15. #45
    arigity's Avatar Banned
    Reputation
    49
    Join Date
    Dec 2007
    Posts
    548
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    two things.

    1. your injecting a DLL just for a basic wallhack/movement state hack?

    2. warden watches read only memory (mostly) as stated in the wiki which means it's rather useless for very basic memory editing, (*note: wallhack = watched, but their are other ways then the static address) and shouldn't bother you with movement state (now the server, on the other hand. will depending on what you do )

Page 3 of 5 FirstFirst 12345 LastLast

Similar Threads

  1. Problem with DirectX CreateDevice Hooking
    By rik.chong in forum WoW Memory Editing
    Replies: 4
    Last Post: 11-30-2012, 04:50 AM
  2. Diablo III Directx 9 ES, DIP, SSS Hook -- By Bit_Hacker
    By BitHacker in forum Diablo 3 Memory Editing
    Replies: 30
    Last Post: 06-19-2012, 09:30 AM
  3. CEGUI - EndScene Hook - DLL Function Call
    By Orix in forum WoW Memory Editing
    Replies: 5
    Last Post: 02-12-2011, 03:51 PM
  4. Hooking DirectX CreateDevice
    By nitrogrlie in forum WoW Memory Editing
    Replies: 13
    Last Post: 01-22-2010, 02:46 PM
  5. Hook a brother up..
    By HaSh in forum World of Warcraft General
    Replies: 0
    Last Post: 01-21-2007, 03:36 PM
All times are GMT -5. The time now is 06:03 PM. Powered by vBulletin® Version 4.2.3
Copyright © 2025 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2025 DragonByte Technologies Ltd.
Google Authenticator verification provided by Two-Factor Authentication (Free) - vBulletin Mods & Addons Copyright © 2025 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search